From c86d64cfba0e58217536548f8aad433fae19ca77 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 28 Apr 2016 16:15:01 -0700
Subject: [PATCH 01/92] initial migration of Windows Firewall content

---
 windows/keep-secure/TOC.md                    | 113 +++
 ...ters-to-the-membership-group-for-a-zone.md |  84 ++
 ...ters-to-the-membership-group-for-a-zone.md |  79 ++
 .../additional-resources-wfasdesign.md        |  67 ++
 .../additional-resourceswfas-deploy.md        |  64 ++
 ...e-files-for-settings-used-in-this-guide.md |  98 +++
 ...ssign-security-group-filters-to-the-gpo.md |  84 ++
 .../basic-firewall-policy-design.md           |  74 ++
 windows/keep-secure/boundary-zone-gpos.md     |  33 +
 windows/keep-secure/boundary-zone.md          |  68 ++
 ...e-based-isolation-policy-design-example.md |  56 ++
 ...rtificate-based-isolation-policy-design.md |  42 +
 ...ange-rules-from-request-to-require-mode.md |  68 ++
 ...ist-configuring-basic-firewall-settings.md |  59 ++
 ...uring-rules-for-an-isolated-server-zone.md | 125 +++
 ...rs-in-a-standalone-isolated-server-zone.md | 126 +++
 ...configuring-rules-for-the-boundary-zone.md |  73 ++
 ...nfiguring-rules-for-the-encryption-zone.md |  75 ++
 ...nfiguring-rules-for-the-isolated-domain.md | 107 +++
 ...checklist-creating-group-policy-objects.md |  97 +++
 ...ecklist-creating-inbound-firewall-rules.md |  69 ++
 ...cklist-creating-outbound-firewall-rules.md |  61 ++
 ...ts-of-a-standalone-isolated-server-zone.md | 100 +++
 ...ementing-a-basic-firewall-policy-design.md |  97 +++
 ...rtificate-based-isolation-policy-design.md |  76 ++
 ...enting-a-domain-isolation-policy-design.md |  88 +++
 ...andalone-server-isolation-policy-design.md |  83 ++
 ...-server-2008-and-windows-server-2008-r2.md |  84 ++
 ...-server-2008-and-windows-server-2008-r2.md |  66 ++
 ...y-to-autoenroll-and-deploy-certificates.md |  42 +
 ...-server-2008-and-windows-server-2008-r2.md |  79 ++
 ...-server-2008-and-windows-server-2008-r2.md |  61 ++
 .../configure-the-windows-firewall-log.md     |  60 ++
 ...entication-certificate-templatewfas-dep.md |  53 ++
 ...notifications-when-a-program-is-blocked.md |  58 ++
 ...hat-certificates-are-deployed-correctly.md |  56 ++
 .../copy-a-gpo-to-create-a-new-gpo.md         |  54 ++
 ...ate-a-group-account-in-active-directory.md |  47 ++
 .../create-a-group-policy-object.md           |  51 ++
 ...-server-2008-and-windows-server-2008-r2.md |  73 ++
 ...-server-2008-and-windows-server-2008-r2.md |  94 +++
 ...s-server-2008-or-windows-server-2008-r2.md |  71 ++
 ...s-server-2008-or-windows-server-2008-r2.md |  75 ++
 ...s-server-2008-or-windows-server-2008-r2.md |  88 +++
 ...s-server-2008-or-windows-server-2008-r2.md |  64 ++
 ...s-server-2008-or-windows-server-2008-r2.md |  68 ++
 ...s-server-2008-or-windows-server-2008-r2.md | 108 +++
 .../create-wmi-filters-for-the-gpo.md         | 105 +++
 ...irewall-with-advanced-security-strategy.md |  60 ++
 ...ing-the-trusted-state-of-your-computers.md | 184 +++++
 windows/keep-secure/documenting-the-zones.md  |  85 ++
 .../domain-isolation-policy-design-example.md |  65 ++
 .../domain-isolation-policy-design.md         |  69 ++
 ...s-server-2008-or-windows-server-2008-r2.md |  47 ++
 ...s-server-2008-or-windows-server-2008-r2.md |  47 ++
 windows/keep-secure/encryption-zone-gpos.md   |  24 +
 windows/keep-secure/encryption-zone.md        |  67 ++
 ...-with-advanced-security-design-examples.md |  28 +
 ...-server-2008-and-windows-server-2008-r2.md |  39 +
 windows/keep-secure/exemption-list.md         |  54 ++
 windows/keep-secure/firewall-gpos.md          |  24 +
 .../firewall-policy-design-example.md         | 108 +++
 ...-about-your-active-directory-deployment.md |  34 +
 ...hering-information-about-your-computers.md |  58 ++
 ...out-your-current-network-infrastructure.md | 128 +++
 .../gathering-other-relevant-information.md   |  91 +++
 .../gathering-the-information-you-need.md     |  30 +
 .../keep-secure/gpo-domiso-boundary-ws2008.md |  46 ++
 .../gpo-domiso-encryption-ws2008.md           |  50 ++
 windows/keep-secure/gpo-domiso-firewall.md    |  71 ++
 .../gpo-domiso-isolateddomain-clients.md      | 181 +++++
 .../gpo-domiso-isolateddomain-servers.md      |  31 +
 ...with-advanced-security-deployment-goals.md |  64 ++
 .../15dd35b6-6cc6-421f-93f8-7109920e7144.gif  | Bin 0 -> 345 bytes
 .../2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif  | Bin 0 -> 519 bytes
 .../bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif  | Bin 0 -> 615 bytes
 windows/keep-secure/images/corpnet.gif        | Bin 0 -> 7184 bytes
 .../keep-secure/images/createipsecrule.gif    | Bin 0 -> 7017 bytes
 .../faa393df-4856-4431-9eda-4f4e5be72a90.gif  | Bin 0 -> 595 bytes
 .../images/powershelllogosmall.gif            | Bin 0 -> 1415 bytes
 windows/keep-secure/images/qmcryptoset.gif    | Bin 0 -> 6297 bytes
 .../images/wfas-design2example1.gif           | Bin 0 -> 29827 bytes
 .../images/wfas-design3example1.gif           | Bin 0 -> 22393 bytes
 .../images/wfas-designexample1.gif            | Bin 0 -> 30091 bytes
 .../images/wfas-designflowchart1.gif          | Bin 0 -> 17357 bytes
 windows/keep-secure/images/wfas-domainiso.gif | Bin 0 -> 18347 bytes
 .../images/wfas-domainisoencrypt.gif          | Bin 0 -> 21039 bytes
 .../images/wfas-domainisohighsec.gif          | Bin 0 -> 21301 bytes
 windows/keep-secure/images/wfas-domainnag.gif | Bin 0 -> 17902 bytes
 .../keep-secure/images/wfas-icon-checkbox.gif | Bin 0 -> 70 bytes
 windows/keep-secure/images/wfas-implement.gif | Bin 0 -> 37159 bytes
 .../images/wfasdomainisoboundary.gif          | Bin 0 -> 30054 bytes
 ...wall-with-advanced-security-design-plan.md |  49 ++
 ...l-active-directory-certificate-services.md |  77 ++
 windows/keep-secure/isolated-domain-gpos.md   |  28 +
 windows/keep-secure/isolated-domain.md        |  67 ++
 ...ting-windows-store-apps-on-your-network.md | 343 ++++++++
 .../keep-secure/link-the-gpo-to-the-domain.md |  40 +
 ...-firewall-with-advanced-security-design.md |  82 ++
 ...-a-different-zone-or-version-of-windows.md |  91 +++
 ...agement-console-to-ip-security-policies.md |  28 +
 ...windows-firewall-with-advanced-security.md |  28 +
 ...-management-console-to-windows-firewall.md |  28 +
 ...windows-firewall-with-advanced-security.md |  55 ++
 ...anning-certificate-based-authentication.md |  58 ++
 .../planning-domain-isolation-zones.md        |  32 +
 .../keep-secure/planning-gpo-deployment.md    | 134 ++++
 ...icy-deployment-for-your-isolation-zones.md |  30 +
 ...planning-isolation-groups-for-the-zones.md |  79 ++
 .../planning-network-access-groups.md         |  68 ++
 .../planning-server-isolation-zones.md        |  88 +++
 ...ng-settings-for-a-basic-firewall-policy.md |  58 ++
 windows/keep-secure/planning-the-gpos.md      |  64 ++
 ...windows-firewall-with-advanced-security.md |  51 ++
 ...-firewall-with-advanced-security-design.md |  96 +++
 .../procedures-used-in-this-guide.md          |  98 +++
 ...computers-from-unwanted-network-traffic.md |  44 ++
 ...n-accessing-sensitive-network-resources.md |  42 +
 ...ss-to-only-specified-users-or-computers.md |  46 ++
 ...strict-access-to-only-trusted-computers.md |  59 ++
 ...erver-access-to-members-of-a-group-only.md |  58 ++
 ...s-by-using-ikev2-in-windows-server-2012.md | 203 +++++
 windows/keep-secure/server-isolation-gpos.md  |  36 +
 .../server-isolation-policy-design-example.md |  87 +++
 .../server-isolation-policy-design.md         |  59 ++
 ...rt-a-command-prompt-as-an-administrator.md |  34 +
 ...firewall-and-configure-default-behavior.md |  48 ++
 ...l-with-advanced-security-design-process.md |  34 +
 ...y-that-network-traffic-is-authenticated.md |  77 ++
 ...-administration-with-windows-powershell.md | 734 ++++++++++++++++++
 ...with-advanced-security-deployment-guide.md |  76 ++
 ...all-with-advanced-security-design-guide.md | 144 ++++
 ...windows-firewall-with-advanced-security.md | 147 ++++
 133 files changed, 9008 insertions(+)
 create mode 100644 windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md
 create mode 100644 windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md
 create mode 100644 windows/keep-secure/additional-resources-wfasdesign.md
 create mode 100644 windows/keep-secure/additional-resourceswfas-deploy.md
 create mode 100644 windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
 create mode 100644 windows/keep-secure/assign-security-group-filters-to-the-gpo.md
 create mode 100644 windows/keep-secure/basic-firewall-policy-design.md
 create mode 100644 windows/keep-secure/boundary-zone-gpos.md
 create mode 100644 windows/keep-secure/boundary-zone.md
 create mode 100644 windows/keep-secure/certificate-based-isolation-policy-design-example.md
 create mode 100644 windows/keep-secure/certificate-based-isolation-policy-design.md
 create mode 100644 windows/keep-secure/change-rules-from-request-to-require-mode.md
 create mode 100644 windows/keep-secure/checklist-configuring-basic-firewall-settings.md
 create mode 100644 windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
 create mode 100644 windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
 create mode 100644 windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
 create mode 100644 windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
 create mode 100644 windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
 create mode 100644 windows/keep-secure/checklist-creating-group-policy-objects.md
 create mode 100644 windows/keep-secure/checklist-creating-inbound-firewall-rules.md
 create mode 100644 windows/keep-secure/checklist-creating-outbound-firewall-rules.md
 create mode 100644 windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
 create mode 100644 windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
 create mode 100644 windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
 create mode 100644 windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
 create mode 100644 windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
 create mode 100644 windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md
 create mode 100644 windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/configure-the-windows-firewall-log.md
 create mode 100644 windows/keep-secure/configure-the-workstation-authentication-certificate-templatewfas-dep.md
 create mode 100644 windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
 create mode 100644 windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
 create mode 100644 windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md
 create mode 100644 windows/keep-secure/create-a-group-account-in-active-directory.md
 create mode 100644 windows/keep-secure/create-a-group-policy-object.md
 create mode 100644 windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-wmi-filters-for-the-gpo.md
 create mode 100644 windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
 create mode 100644 windows/keep-secure/determining-the-trusted-state-of-your-computers.md
 create mode 100644 windows/keep-secure/documenting-the-zones.md
 create mode 100644 windows/keep-secure/domain-isolation-policy-design-example.md
 create mode 100644 windows/keep-secure/domain-isolation-policy-design.md
 create mode 100644 windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/encryption-zone-gpos.md
 create mode 100644 windows/keep-secure/encryption-zone.md
 create mode 100644 windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
 create mode 100644 windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/exemption-list.md
 create mode 100644 windows/keep-secure/firewall-gpos.md
 create mode 100644 windows/keep-secure/firewall-policy-design-example.md
 create mode 100644 windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
 create mode 100644 windows/keep-secure/gathering-information-about-your-computers.md
 create mode 100644 windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
 create mode 100644 windows/keep-secure/gathering-other-relevant-information.md
 create mode 100644 windows/keep-secure/gathering-the-information-you-need.md
 create mode 100644 windows/keep-secure/gpo-domiso-boundary-ws2008.md
 create mode 100644 windows/keep-secure/gpo-domiso-encryption-ws2008.md
 create mode 100644 windows/keep-secure/gpo-domiso-firewall.md
 create mode 100644 windows/keep-secure/gpo-domiso-isolateddomain-clients.md
 create mode 100644 windows/keep-secure/gpo-domiso-isolateddomain-servers.md
 create mode 100644 windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
 create mode 100644 windows/keep-secure/images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif
 create mode 100644 windows/keep-secure/images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif
 create mode 100644 windows/keep-secure/images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif
 create mode 100644 windows/keep-secure/images/corpnet.gif
 create mode 100644 windows/keep-secure/images/createipsecrule.gif
 create mode 100644 windows/keep-secure/images/faa393df-4856-4431-9eda-4f4e5be72a90.gif
 create mode 100644 windows/keep-secure/images/powershelllogosmall.gif
 create mode 100644 windows/keep-secure/images/qmcryptoset.gif
 create mode 100644 windows/keep-secure/images/wfas-design2example1.gif
 create mode 100644 windows/keep-secure/images/wfas-design3example1.gif
 create mode 100644 windows/keep-secure/images/wfas-designexample1.gif
 create mode 100644 windows/keep-secure/images/wfas-designflowchart1.gif
 create mode 100644 windows/keep-secure/images/wfas-domainiso.gif
 create mode 100644 windows/keep-secure/images/wfas-domainisoencrypt.gif
 create mode 100644 windows/keep-secure/images/wfas-domainisohighsec.gif
 create mode 100644 windows/keep-secure/images/wfas-domainnag.gif
 create mode 100644 windows/keep-secure/images/wfas-icon-checkbox.gif
 create mode 100644 windows/keep-secure/images/wfas-implement.gif
 create mode 100644 windows/keep-secure/images/wfasdomainisoboundary.gif
 create mode 100644 windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
 create mode 100644 windows/keep-secure/install-active-directory-certificate-services.md
 create mode 100644 windows/keep-secure/isolated-domain-gpos.md
 create mode 100644 windows/keep-secure/isolated-domain.md
 create mode 100644 windows/keep-secure/isolating-windows-store-apps-on-your-network.md
 create mode 100644 windows/keep-secure/link-the-gpo-to-the-domain.md
 create mode 100644 windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
 create mode 100644 windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
 create mode 100644 windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md
 create mode 100644 windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
 create mode 100644 windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md
 create mode 100644 windows/keep-secure/open-windows-firewall-with-advanced-security.md
 create mode 100644 windows/keep-secure/planning-certificate-based-authentication.md
 create mode 100644 windows/keep-secure/planning-domain-isolation-zones.md
 create mode 100644 windows/keep-secure/planning-gpo-deployment.md
 create mode 100644 windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
 create mode 100644 windows/keep-secure/planning-isolation-groups-for-the-zones.md
 create mode 100644 windows/keep-secure/planning-network-access-groups.md
 create mode 100644 windows/keep-secure/planning-server-isolation-zones.md
 create mode 100644 windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
 create mode 100644 windows/keep-secure/planning-the-gpos.md
 create mode 100644 windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
 create mode 100644 windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
 create mode 100644 windows/keep-secure/procedures-used-in-this-guide.md
 create mode 100644 windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
 create mode 100644 windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
 create mode 100644 windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
 create mode 100644 windows/keep-secure/restrict-access-to-only-trusted-computers.md
 create mode 100644 windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
 create mode 100644 windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
 create mode 100644 windows/keep-secure/server-isolation-gpos.md
 create mode 100644 windows/keep-secure/server-isolation-policy-design-example.md
 create mode 100644 windows/keep-secure/server-isolation-policy-design.md
 create mode 100644 windows/keep-secure/start-a-command-prompt-as-an-administrator.md
 create mode 100644 windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
 create mode 100644 windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md
 create mode 100644 windows/keep-secure/verify-that-network-traffic-is-authenticated.md
 create mode 100644 windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
 create mode 100644 windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
 create mode 100644 windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
 create mode 100644 windows/keep-secure/windows-firewall-with-advanced-security.md

diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 05507c1d74..09e5265e8a 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -405,6 +405,119 @@
 #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
 #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)
 #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)
+### [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
+#### [Isolating Windows Store Apps on Your Network](isolating-windows-store-apps-on-your-network.md)
+#### [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md)
+#### [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
+#### [Windows Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md)
+##### [Understanding the Windows Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
+##### [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
+###### [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)
+###### [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)
+###### [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)
+###### [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)
+##### [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
+###### [Basic Firewall Policy Design](basic-firewall-policy-design.md)
+###### [Domain Isolation Policy Design](domain-isolation-policy-design.md)
+###### [Server Isolation Policy Design](server-isolation-policy-design.md)
+###### [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)
+##### [Evaluating Windows Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
+###### [Firewall Policy Design Example](firewall-policy-design-example.md)
+###### [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)
+###### [Server Isolation Policy Design Example](server-isolation-policy-design-example.md)
+###### [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)
+##### [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
+###### [Gathering the Information You Need](gathering-the-information-you-need.md)
+####### [Gathering Information about Your Current Network Infrastructure](gathering-information-about-your-current-network-infrastructure.md)
+####### [Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md)
+####### [Gathering Information about Your Computers](gathering-information-about-your-computers.md)
+####### [Gathering Other Relevant Information](gathering-other-relevant-information.md)
+###### [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-computers.md)
+##### [Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md)
+###### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
+###### [Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
+####### [Exemption List](exemption-list.md)
+####### [Isolated Domain](isolated-domain.md)
+####### [Boundary Zone](boundary-zone.md)
+####### [Encryption Zone](encryption-zone.md)
+###### [Planning Server Isolation Zones](planning-server-isolation-zones.md)
+###### [Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
+###### [Documenting the Zones](documenting-the-zones.md)
+###### [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
+####### [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
+####### [Planning Network Access Groups](planning-network-access-groups.md)
+####### [Planning the GPOs](planning-the-gpos.md)
+######## [Firewall GPOs](firewall-gpos.md)
+######### [GPO_DOMISO_Firewall](gpo-domiso-firewall.md)
+######## [Isolated Domain GPOs](isolated-domain-gpos.md)
+######### [GPO_DOMISO_IsolatedDomain_Clients](gpo-domiso-isolateddomain-clients.md)
+######### [GPO_DOMISO_IsolatedDomain_Servers](gpo-domiso-isolateddomain-servers.md)
+######## [Boundary Zone GPOs](boundary-zone-gpos.md)
+######### [GPO_DOMISO_Boundary_WS2008](gpo-domiso-boundary-ws2008.md)
+######## [Encryption Zone GPOs](encryption-zone-gpos.md)
+######### [GPO_DOMISO_Encryption_WS2008](gpo-domiso-encryption-ws2008.md)
+######## [Server Isolation GPOs](server-isolation-gpos.md)
+####### [Planning GPO Deployment](planning-gpo-deployment.md)
+##### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
+##### [Additional Resources [WFASDesign]](additional-resources-wfasdesign.md)
+#### [Windows Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
+##### [Planning to Deploy Windows Firewall with Advanced Security](planning-to-deploy-windows-firewall-with-advanced-security.md)
+##### [Implementing Your Windows Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
+##### [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)
+##### [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
+###### [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)
+###### [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)
+###### [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)
+##### [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
+###### [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)
+###### [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)
+###### [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)
+###### [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)
+##### [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md)
+###### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
+###### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
+##### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
+##### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
+###### [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)
+###### [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)
+###### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
+###### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
+###### [Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
+###### [Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
+###### [Configure the Workstation Authentication Certificate Template[wfas_dep]](configure-the-workstation-authentication-certificate-templatewfas-dep.md)
+###### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
+###### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
+###### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
+###### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
+###### [Create a Group Policy Object](create-a-group-policy-object.md)
+###### [Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+###### [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+###### [Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+###### [Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+###### [Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+###### [Create Inbound Rules to Support RPC on Windows 8, Windows 7,  Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+###### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
+###### [Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+###### [Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+###### [Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Install Active Directory Certificate Services](install-active-directory-certificate-services.md)
+###### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
+###### [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
+###### [Open the Group Policy Management Console to IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
+###### [Open the Group Policy Management Console to Windows Firewall](open-the-group-policy-management-console-to-windows-firewall.md)
+###### [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
+###### [Open Windows Firewall with Advanced Security](open-windows-firewall-with-advanced-security.md)
+###### [Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)
+###### [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md)
+###### [Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)
+###### [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
+##### [Additional Resources[wfas_deploy]](additional-resourceswfas-deploy.md)
 ## [Enterprise security guides](windows-10-enterprise-security-guides.md)
 ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
 ### [Device Guard deployment guide](device-guard-deployment-guide.md)
diff --git a/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md
new file mode 100644
index 0000000000..cad68e2a55
--- /dev/null
+++ b/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md
@@ -0,0 +1,84 @@
+---
+title: Add Production Computers to the Membership Group for a Zone (Windows 10)
+description: Add Production Computers to the Membership Group for a Zone
+ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
+author: brianlic-msft
+---
+
+# Add Production Computers to the Membership Group for a Zone
+
+
+After you test the GPOs for your design on a small set of computers, you can deploy them to the production computers.
+
+**Caution**  
+For GPOs that contain connection security rules that prevent unauthenticated connections, be sure to set the rules to request, not require, authentication during testing. After you deploy the GPO and confirm that all of your computers are successfully communicating by using authenticated IPsec, then you can modify the GPO to require authentication. Do not change the boundary zone GPO to require mode.
+
+ 
+
+The method discussed in this guide uses the **Domain Computers** built-in group. The advantage of this method is that all new computers that are joined to the domain automatically receive the isolated domain GPO. To do this successfully, you must make sure that the WMI filters and security group filters exclude computers that must not receive the GPOs. Use computer groups that deny both read and apply Group Policy permissions to the GPOs, such as a group used in the CG\_DOMISO\_NOIPSEC example design. Computers that are members of some zones must also be excluded from applying the GPOs for the main isolated domain. For more information, see the "Prevent members of a group from applying a GPO" section in [Assign Security Group Filters to the GPO](../p_server_archive/assign-security-group-filters-to-the-gpo.md).
+
+Without such a group (or groups), you must either add computers individually or use the groups containing computer accounts that are available to you.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the membership of the group for the GPO.
+
+In this topic:
+
+-   [Add the group Domain Computers to the GPO membership group](#bkmk-toadddomaincomputerstothegpomembershipgroup)
+
+-   [Refresh Group Policy on the computers in the membership group](#bkmk-torefreshgrouppolicyonacomputer)
+
+-   [Check which GPOs apply to a computer](#bkmk-toseewhatgposareappliedtoacomputer)
+
+## <a href="" id="bkmk-toadddomaincomputerstothegpomembershipgroup"></a>
+
+
+**To add domain computers to the GPO membership group**
+
+1.  On a computer that has the Active Directory management tools installed, click the **Start** charm, then click the **Active Directory Users and Computers** tile.
+
+2.  In the navigation pane, expand **Active Directory Users and Computers**, expand *YourDomainName*, and then the container in which you created the membership group.
+
+3.  In the details pane, double-click the GPO membership group to which you want to add computers.
+
+4.  Select the **Members** tab, and then click **Add**.
+
+5.  Type **Domain Computers** in the text box, and then click **OK**.
+
+6.  Click **OK** to close the group properties dialog box.
+
+After a computer is a member of the group, you can force a Group Policy refresh on the computer.
+
+## <a href="" id="bkmk-torefreshgrouppolicyonacomputer"></a>
+
+
+**To refresh Group Policy on a computer**
+
+-   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+
+    ``` syntax
+    gpupdate /target:computer /force
+    ```
+
+After Group Policy is refreshed, you can see which GPOs are currently applied to the computer.
+
+## <a href="" id="bkmk-toseewhatgposareappliedtoacomputer"></a>
+
+
+**To see which GPOs are applied to a computer**
+
+-   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+
+    ``` syntax
+    gpresult /r /scope:computer
+    ```
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md
new file mode 100644
index 0000000000..f297cfd705
--- /dev/null
+++ b/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md
@@ -0,0 +1,79 @@
+---
+title: Add Test Computers to the Membership Group for a Zone (Windows 10)
+description: Add Test Computers to the Membership Group for a Zone
+ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
+author: brianlic-msft
+---
+
+# Add Test Computers to the Membership Group for a Zone
+
+
+Before you deploy your rules to large numbers of computers, you must thoroughly test the rules to make sure that communications are working as expected. A misplaced WMI filter or an incorrectly typed IP address in a filter list can easily block communications between computers. Although we recommend that you set your rules to request mode until testing and deployment is complete, we also recommend that you initially deploy the rules to a small number of computers only to be sure that the correct GPOs are being processed by each computer.
+
+Add at least one computer of each supported operating system type to each membership group. Make sure every GPO for a specific version of Windows and membership group has a computer among the test group. After Group Policy has been refreshed on each test computer, check the output of the **gpresult** command to confirm that each computer is receiving only the GPOs it is supposed to receive.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the membership of the group for the GPO.
+
+In this topic:
+
+-   [Add the test computers to the GPO membership groups](#bkmk-toadddomaincomputerstothegpomembershipgroup)
+
+-   [Refresh Group Policy on the computers in each membership group](#bkmk-torefreshgrouppolicyonacomputer)
+
+-   [Check which GPOs apply to a computer](#bkmk-toseewhatgposareappliedtoacomputer)
+
+## <a href="" id="bkmk-toadddomaincomputerstothegpomembershipgroup"></a>
+
+
+**To add test computers to the GPO membership groups**
+
+1.  On a computer that has the Active Directory management tools installed, click the **Start** charm, then click the **Active Directory Users and Computers** tile.
+
+2.  In the navigation pane, expand **Active Directory Users and Computers**, expand *YourDomainName*, and then expand the container that holds your membership group account.
+
+3.  In the details pane, double-click the GPO membership group to which you want to add computers.
+
+4.  Select the **Members** tab, and then click **Add**.
+
+5.  Type the name of the computer in the text box, and then click **OK**.
+
+6.  Repeat steps 5 and 6 for each additional computer account or group that you want to add.
+
+7.  Click **OK** to close the group properties dialog box.
+
+After a computer is a member of the group, you can force a Group Policy refresh on the computer.
+
+## <a href="" id="bkmk-torefreshgrouppolicyonacomputer"></a>
+
+
+**To refresh Group Policy on a computer**
+
+-   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+
+    ``` syntax
+    gpupdate /target:computer /force
+    ```
+
+After Group Policy is refreshed, you can see which GPOs are currently applied to the computer.
+
+## <a href="" id="bkmk-toseewhatgposareappliedtoacomputer"></a>
+
+
+**To see which GPOs are applied to a computer**
+
+-   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+
+    ``` syntax
+    gpresult /r /scope:computer
+    ```
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/additional-resources-wfasdesign.md b/windows/keep-secure/additional-resources-wfasdesign.md
new file mode 100644
index 0000000000..1e524c920a
--- /dev/null
+++ b/windows/keep-secure/additional-resources-wfasdesign.md
@@ -0,0 +1,67 @@
+---
+title: Additional Resources (Windows 10)
+description: Additional Resources
+ms.assetid: 74897052-508d-49b9-911c-5902a1fb0d26
+author: brianlic-msft
+---
+
+# Additional Resources
+
+
+For more information about the technologies discussed in this guide, see topics referenced in the following sections.
+
+## Windows Firewall with Advanced Security
+
+
+-   [Windows Firewall with Advanced Security Overview](http://technet.microsoft.com/library/hh831365) (http://technet.microsoft.com/library/hh831365)
+
+    This TechNet page contains links to a variety of documents available for Windows Firewall with Advanced Security.
+
+## IPsec
+
+
+-   [IPsec](http://technet.microsoft.com/network/bb531150.aspx) (http://technet.microsoft.com/network/bb531150.aspx)
+
+    This TechNet page contains links to a variety of documents currently available for Internet Protocol security (IPsec) for Windows available as connection security rules.
+
+## Server and Domain Isolation
+
+
+-   [Server and Domain Isolation](http://technet.microsoft.com/network/bb545651.aspx) (http://technet.microsoft.com/network/bb545651.aspx)
+
+    This TechNet page contains links to documentation about the most common uses for IPsec: server isolation and domain isolation.
+
+## Group Policy
+
+
+Group Policy is a key method for implementing firewall and server and domain isolation designs.
+
+For more information about Group Policy and related technologies, see:
+
+-   **Group Policy**[Group Policy Overview](http://technet.microsoft.com/library/hh831791) (http://technet.microsoft.com/library/hh831791)
+
+    This page contains links to the documents currently available for Group Policy.
+
+-   [WMI Filtering Using GPMC](http://technet.microsoft.com/library/6237b9b2-4a21-425e-8976-2065d28b3147) (http://technet.microsoft.com/library/6237b9b2-4a21-425e-8976-2065d28b3147)
+
+-   [HOWTO: Leverage Group Policies with WMI Filters](http://support.microsoft.com/kb/555253) (http://support.microsoft.com/kb/555253)
+
+    This article describes how to create a WMI filter to set the scope of a GPO based on computer attributes, such as operating system.
+
+## Active Directory Domain Services
+
+
+Organizations can use AD DS to manage users and resources, such as computers, printers, or applications, on a network. Server isolation and domain isolation also require AD DS to use the Kerberos V5 protocol for IPsec authentication.
+
+For more information about AD DS and related technologies, see:
+
+-   [Active Directory Domain Services Overview](http://technet.microsoft.com/library/hh831484) (http://technet.microsoft.com/library/hh831484)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/additional-resourceswfas-deploy.md b/windows/keep-secure/additional-resourceswfas-deploy.md
new file mode 100644
index 0000000000..3a4efaa457
--- /dev/null
+++ b/windows/keep-secure/additional-resourceswfas-deploy.md
@@ -0,0 +1,64 @@
+---
+title: Additional Resources (Windows 10)
+description: Additional Resources
+ms.assetid: 09bdec5d-8a3f-448c-bc48-d4cb41f9c6e8
+author: brianlic-msft
+---
+
+# Additional Resources
+
+
+For more information about the technologies discussed in this guide, see topics referenced in the following sections.
+
+## Windows Firewall with Advanced Security
+
+
+-   [Windows Firewall with Advanced Security Overview](http://technet.microsoft.com/library/hh831365.aspx) (http://technet.microsoft.com/library/hh831365.aspx)
+
+    This TechNet page contains links to a variety of documents available for Windows Firewall with Advanced Security in Windows Server 2012.
+
+-   [Troubleshooting Windows Firewall with Advanced Security in Windows Server 2012](http://social.technet.microsoft.com/wiki/contents/articles/13894.troubleshooting-windows-firewall-with-advanced-security-in-windows-server-2012.aspx#z6d72b831d4c24158874a04e9e9d37c43)
+
+    This wiki article describes how Windows Firewall with Advanced Security works, what the common troubleshooting situations are, and which tools you can use for troubleshooting. The community is encouraged to add their troubleshooting and experiences to this article.
+
+## IPsec
+
+
+-   [IPsec](http://www.microsoft.com/ipsec) (http://www.microsoft.com/ipsec)
+
+    This TechNet page contains links to a variety of documents currently available for Internet Protocol security (IPsec) in Windows.
+
+## Group Policy
+
+
+Group Policy is a key method for implementing firewall and server and domain isolation designs.
+
+For more information about Group Policy and related technologies, see:
+
+-   [Group Policy Overview](http://technet.microsoft.com/library/hh831791.aspx) (http://technet.microsoft.com/library/hh831791.aspx)
+
+    This page contains links to the documents currently available for Group Policy.
+
+-   [WMI Filtering Using GPMC](http://go.microsoft.com/fwlink/?linkid=93188) (http://go.microsoft.com/fwlink/?linkid=93188)
+
+-   [HOWTO: Leverage Group Policies with WMI Filters](http://go.microsoft.com/fwlink/?linkid=93760) (http://go.microsoft.com/fwlink/?linkid=93760)
+
+    This article describes how to create a WMI filter to set the scope of a GPO based on computer attributes, such as operating system.
+
+## Active Directory Domain Services
+
+
+In Windows 8 and Windows Server 2012, organizations can use AD DS to manage users and resources, such as computers, printers, or applications, on a network. Server isolation and domain isolation also require AD DS to use the Kerberos V5 protocol for IPsec authentication.
+
+For more information about AD DS and related technologies, see:
+
+-   [Active Directory Domain Services Overview](http://technet.microsoft.com/library/hh831484.aspx) (http://technet.microsoft.com/library/hh831484.aspx)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
new file mode 100644
index 0000000000..078ccc621c
--- /dev/null
+++ b/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -0,0 +1,98 @@
+---
+title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows 10)
+description: Appendix A Sample GPO Template Files for Settings Used in this Guide
+ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38
+author: brianlic-msft
+---
+
+# Appendix A: Sample GPO Template Files for Settings Used in this Guide
+
+
+You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC). Creating registry setting preferences as described here was first implemented in Windows Server 2008 and Windows Vista with Service Pack 1 (SP1).
+
+To manually create the file, build the settings under **Computer Configuration**, **Preferences**, **Windows Settings**, **Registry**. After you have created the settings, drag the container to the desktop. An .xml file is created there.
+
+To import an .xml file to GPMC, drag it and drop it on the **Registry** node under **Computer Configuration**, **Preferences**, **Windows Settings**. If you copy the following sample XML code to a file, and then drag and drop it on the **Registry** node, it creates a **Server and Domain Isolation** collection with the six registry keys discussed in this guide.
+
+The following sample file uses item-level targeting to ensure that the registry keys are applied only on the versions of Windows to which they apply.
+
+**Note**  
+The file shown here is for sample use only. It should be customized to meet the requirements of your organization’s deployment. To customize this file, import it into a test GPO, modify the settings, and then drag the Server and Domain Isolation Settings node to your desktop. The new file will contain all of your customization.
+
+ 
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+
+<Collection clsid="{53B533F5-224C-47e3-B01B-CA3B3F3FF4BF}" name="Server and Domain Isolation Settings">
+
+<Registry
+         clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"
+         name="Enable PMTU Discovery"
+         status="EnablePMTUDiscovery"
+         image="12"
+         changed="2008-05-30 20:37:37"
+         uid="{52C38FD7-A081-404C-A8EA-B24A9614D0B5}"
+         desc="&lt;b&gt;Enable PMTU Discovery&lt;/b&gt;&lt;p&gt;
+            This setting configures whether computers can use PMTU
+            discovery on the network.&lt;p&gt;
+            &lt;b&gt;1&lt;/b&gt; --  Enable&lt;br&gt;
+            &lt;b&gt;0&lt;/b&gt; --  Disable"
+         bypassErrors="1">
+   <Properties
+         action="U"
+         displayDecimal="1"
+         default="0"
+         hive="HKEY_LOCAL_MACHINE"
+         key="System\CurrentControlSet\Services\TCPIP\Parameters"
+         name="EnablePMTUDiscovery" type="REG_DWORD" value="00000001"/>
+</Registry>
+
+<Registry
+         clsid="{9CD4B2F4-923D-47f5-A062-E897DD1DAD50}"
+         name="IPsec Default Exemptions (Vista and W2K8)"
+         status="NoDefaultExempt"
+         image="12"
+         changed="2008-05-30 20:33:32"
+         uid="{AE5C505D-283E-4060-9A55-70659DFD56B6}"
+         desc="&lt;b&gt;IPsec Default Exemptions for Windows Server 2008
+            and later&lt;/b&gt;&lt;p&gt;
+            This setting determines which network traffic type is exempt
+            from any IPsec authentication requirements.&lt;p&gt;
+            &lt;b&gt;0&lt;/b&gt;: Exempts multicast, broadcast, RSVP, Kerberos, ISAKMP&lt;br&gt;
+            &lt;b&gt;1&lt;/b&gt;: Exempts multicast, broadcast, ISAKMP&lt;br&gt;
+            &lt;b&gt;2&lt;/b&gt;: Exempts RSVP, Kerberos, ISAKMP&lt;br&gt;
+            &lt;b&gt;3&lt;/b&gt;: Exempts ISAKMP only"
+         bypassErrors="1">
+   <Properties
+         action="U"
+         displayDecimal="1"
+         default="0"
+         hive="HKEY_LOCAL_MACHINE"
+         key="SYSTEM\CurrentControlSet\Services\PolicyAgent"
+         name="NoDefaultExempt"
+         type="REG_DWORD"
+         value="00000003"/>
+   <Filters>
+      <FilterOs
+         bool="AND" not="0"
+         class="NT" version="VISTA"
+         type="NE" edition="NE" sp="NE"/>
+      <FilterOs
+         bool="OR" not="0"
+         class="NT" version="2K8"
+         type="NE" edition="NE" sp="NE"/>
+   </Filters>
+</Registry>
+
+</Collection>
+```
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/assign-security-group-filters-to-the-gpo.md b/windows/keep-secure/assign-security-group-filters-to-the-gpo.md
new file mode 100644
index 0000000000..642d680da8
--- /dev/null
+++ b/windows/keep-secure/assign-security-group-filters-to-the-gpo.md
@@ -0,0 +1,84 @@
+---
+title: Assign Security Group Filters to the GPO (Windows 10)
+description: Assign Security Group Filters to the GPO
+ms.assetid: bcbe3299-8d87-4ec1-9e86-8e4a680fd7c8
+author: brianlic-msft
+---
+
+# Assign Security Group Filters to the GPO
+
+
+To make sure that your GPO is applied to the correct computers, use the Group Policy Management MMC snap-in to assign security group filters to the GPO.
+
+**Important**  
+This deployment guide uses the method of adding the Domain Computers group to the membership group for the main isolated domain after testing is complete and you are ready to go live in production. To make this method work, you must prevent any computer that is a member of either the boundary or encryption zone from applying the GPO for the main isolated domain. For example, on the GPOs for the main isolated domain, deny Read and Apply Group Policy permissions to the membership groups for the boundary and encryption zones.
+
+ 
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the relevant GPOs.
+
+In this topic:
+
+-   [Allow members of a group to apply a GPO](#bkmk-toallowamembersofagrouptoapplyagpo)
+
+-   [Prevent members of a group from applying a GPO](#bkmk-topreventmembersofgroupfromapplyingagpo)
+
+## <a href="" id="bkmk-toallowamembersofagrouptoapplyagpo"></a>
+
+
+Use the following procedure to add a group to the security filter on the GPO that allows group members to apply the GPO.
+
+**To allow members of a group to apply a GPO**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+
+2.  In the navigation pane, find and then click the GPO that you want to modify.
+
+3.  In the details pane, under **Security Filtering**, click **Authenticated Users**, and then click **Remove**.
+
+    **Note**  
+    You must remove the default permission granted to all authenticated users and computers to restrict the GPO to only the groups you specify.
+
+     
+
+4.  Click **Add**.
+
+5.  In the **Select User, Computer, or Group** dialog box, type the name of the group whose members are to apply the GPO, and then click **OK**. If you do not know the name, you can click **Advanced** to browse the list of groups available in the domain.
+
+## <a href="" id="bkmk-topreventmembersofgroupfromapplyingagpo"></a>
+
+
+Use the following procedure to add a group to the security filter on the GPO that prevents group members from applying the GPO. This is typically used to prevent members of the boundary and encryption zones from applying the GPOs for the isolated domain.
+
+**To prevent members of group from applying a GPO**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+
+2.  In the navigation pane, find and then click the GPO that you want to modify.
+
+3.  In the details pane, click the **Delegation** tab.
+
+4.  Click **Advanced**.
+
+5.  Under the **Group or user names** list, click **Add**.
+
+6.  In the **Select User, Computer, or Group** dialog box, type the name of the group whose members are to be prevented from applying the GPO, and then click **OK**. If you do not know the name, you can click **Advanced** to browse the list of groups available in the domain.
+
+7.  Select the group in the **Group or user names** list, and then select the box in the **Deny** column for both **Read** and **Apply group policy**.
+
+8.  Click **OK**, and then in the **Windows Security** dialog box, click **Yes**.
+
+9.  The group appears in the list with **Custom** permissions.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/basic-firewall-policy-design.md b/windows/keep-secure/basic-firewall-policy-design.md
new file mode 100644
index 0000000000..0c1698eb75
--- /dev/null
+++ b/windows/keep-secure/basic-firewall-policy-design.md
@@ -0,0 +1,74 @@
+---
+title: Basic Firewall Policy Design (Windows 10)
+description: Basic Firewall Policy Design
+ms.assetid: 6f7af99e-6850-4522-b7f5-db98e6941418
+author: brianlic-msft
+---
+
+# Basic Firewall Policy Design
+
+
+Many organizations have a network perimeter firewall that is designed to prevent the entry of malicious traffic in to the organization's network, but do not have a host-based firewall enabled on each computer in the organization.
+
+The Basic Firewall Policy Design helps you to protect the computers in your organization from unwanted network traffic that gets through the perimeter defenses, or that originates from inside your network. In this design, you deploy firewall rules to each computer in your organization to allow traffic that is required by the programs that are used. Traffic that does not match the rules is dropped.
+
+Traffic can be blocked or permitted based on the characteristics of each network packet: its source or destination IP address, its source or destination port numbers, the program on the computer that receives the inbound packet, and so on. This design can also be deployed together with one or more of the other designs that add IPsec protection to the network traffic permitted.
+
+Many network administrators do not want to tackle the difficult task of determining all the appropriate rules for every program that is used by the organization, and then maintaining that list over time. In fact, most programs do not require specific firewall rules. The default behavior of Windows and most contemporary applications makes this task easy:
+
+-   On client computers, the default firewall behavior already supports typical client programs. Programs designed for Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista create any required rules for you as part of the installation process. You only have to create a rule if the client program must be able to receive unsolicited inbound network traffic from another computer.
+
+-   When you install a server program that must accept unsolicited inbound network traffic, the installation program likely creates or enables the appropriate rules on the server for you.
+
+    For example, when you install a server role in Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008, the appropriate firewall rules are created and enabled automatically.
+
+-   For other standard network behavior, the predefined rules that are built into Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista can easily be configured in a GPO and deployed to the computers in your organization.
+
+    For example, by using the predefined groups for Core Networking and File and Printer Sharing you can easily configure GPOs with rules for those frequently used networking protocols.
+
+With few exceptions, the firewall can be enabled on all configurations of Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista. Therefore, we recommended that you enable the firewall on every computer in your organization. This includes servers in your perimeter network, on mobile and remote clients that connect to the network, and on all servers and clients in your internal network.
+
+**Caution**  
+**Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft**.
+
+By default, in new installations, Windows Firewall is turned on in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista.
+
+If you turn off the Windows Firewall with Advanced Security service you lose other benefits provided by the service, such as the ability to use IPsec connection security rules, Windows Service Hardening, and network protection from forms of attacks that use network fingerprinting. For more information about Windows Service Hardening, see <http://go.microsoft.com/fwlink/?linkid=104976>.
+
+Third-party firewall software that is compatible with Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista can programmatically disable only the parts of Windows Firewall with Advanced Security that might need to be disabled for compatibility. This is the recommended approach for third-party firewalls to coexist with the Windows Firewall; third-party party firewalls that comply with this recommendation have the certified logo from Microsoft.
+
+ 
+
+An organization typically uses this design as a first step toward a more comprehensive Windows Firewall with Advanced Security design that adds server isolation and domain isolation.
+
+After implementing this design, your administrative team will have centralized management of the firewall rules applied to all computers that are running Windows in your organization.
+
+**Important**  
+If you also intend to deploy the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md), or the [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md), we recommend that you do the design work for all three designs together, and then deploy in layers that correspond with each design.
+
+ 
+
+The basic firewall design can be applied to computers that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the firewall settings and rules.
+
+For more information about this design:
+
+-   This design coincides with the deployment goal to [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md).
+
+-   To learn more about this design, see [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md).
+
+-   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md).
+
+-   To help you make the decisions required in this design, see [Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md).
+
+-   For a list of detailed tasks that you can use to deploy your basic firewall policy design, see "Checklist: Implementing a Basic Firewall Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=98308) at http://go.microsoft.com/fwlink/?linkid=98308.
+
+**Next: **[Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/boundary-zone-gpos.md b/windows/keep-secure/boundary-zone-gpos.md
new file mode 100644
index 0000000000..b987d99a53
--- /dev/null
+++ b/windows/keep-secure/boundary-zone-gpos.md
@@ -0,0 +1,33 @@
+---
+title: Boundary Zone GPOs (Windows 10)
+description: Boundary Zone GPOs
+ms.assetid: 1ae66088-02c3-47e4-b7e8-74d0b8f8646e
+author: brianlic-msft
+---
+
+# Boundary Zone GPOs
+
+
+All the computers in the boundary zone are added to the group CG\_DOMISO\_Boundary. You must create multiple GPOs to align with this group, one for each operating system that you have in your boundary zone. This group is granted Read and Apply permissions in Group Policy on the GPOs described in this section.
+
+**Note**  
+If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any computers that are incorrectly assigned to more than one group.
+
+ 
+
+This means that you create a GPO for a boundary group for a specific operating system by copying and pasting the corresponding GPO for the isolated domain, and then modifying the new copy to provide the behavior required in the boundary zone.
+
+The boundary zone GPOs discussed in this guide are only for server versions of Windows because client computers are not expected to participate in the boundary zone. If the need for one occurs, either create a new GPO for that version of Windows, or expand the WMI filter attached to one of the existing boundary zone GPOs to make it apply to the client version of Windows.
+
+In the Woodgrove Bank example, only the GPO settings for a Web service on Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 are discussed.
+
+-   [GPO\_DOMISO\_Boundary\_WS2008](../p_server_archive/gpo-domiso-boundary-ws2008.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/boundary-zone.md b/windows/keep-secure/boundary-zone.md
new file mode 100644
index 0000000000..4aa10f7795
--- /dev/null
+++ b/windows/keep-secure/boundary-zone.md
@@ -0,0 +1,68 @@
+---
+title: Boundary Zone (Windows 10)
+description: Boundary Zone
+ms.assetid: ed98b680-fd24-44bd-a7dd-26c522e45a20
+author: brianlic-msft
+---
+
+# Boundary Zone
+
+
+In most organizations, some computers must be able to receive network traffic from computers that are not part of the isolated domain, and therefore cannot authenticate. To accept communications from untrusted computers, create a boundary zone within your isolated domain.
+
+Computers in the boundary zone are trusted computers that can accept communication requests both from other isolated domain member computers and from untrusted computers. Boundary zone computers try to authenticate any incoming request by using IPsec, initiating an IKE negotiation with the originating computer.
+
+The GPOs you build for the boundary zone include IPsec or connection security rules that request authentication for both inbound and outbound network connections, but do not require it.
+
+Because these boundary zone computers can receive unsolicited inbound communications from untrusted computers that use plaintext, they must be carefully managed and secured in other ways. Mitigating this additional risk is an important part of deciding whether to add a computer to the boundary zone. For example, completing a formal business justification process before adding each computer to the boundary zone can help ensure that the additional risk is minimized. The following illustration shows a sample process that can help make such a decision.
+
+![design flowchart](images/wfas-designflowchart1.gif)
+
+The goal of this process is to determine whether the risk of adding a computer to a boundary zone can be mitigated to a level that makes it acceptable to the organization. Ultimately, if the risk cannot be mitigated, membership must be denied.
+
+You must create a group in Active Directory to contain the members of the boundary zones. The settings and rules for the boundary zone are typically very similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. The primary difference is that the authentication connection security rule must be set to request authentication for both inbound and outbound traffic, instead of requiring inbound authentication and requesting outbound authentication as used by the isolated domain.
+
+Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) section.
+
+## GPO settings for boundary zone servers running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+
+
+The boundary zone GPO for computers running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2 should include the following:
+
+-   IPsec default settings that specify the following options:
+
+    1.  Exempt all ICMP traffic from IPsec.
+
+    2.  Key exchange (main mode) security methods and algorithm. We recommend that you use at least DH4, AES and SHA2 in your settings. Use the strongest algorithm combinations that are common to all your supported operating systems.
+
+    3.  Data protection (quick mode) algorithm combinations. We recommend that you do not include DES or MD5 in any setting. They are included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems..
+
+        If any NAT devices are present on your networks, use ESP encapsulation. If isolated domain members must communicate with hosts in the encryption zone, ensure that you include algorithms that are compatible with the requirements of the encryption mode policies.
+
+    4.  Authentication methods. Include at least computer-based Kerberos V5 authentication. If you want to use user-based access to isolated servers then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members cannot use Kerberos V5, you must include certificate-based authentication as an optional authentication method.
+
+-   The following connection security rules:
+
+    -   A connection security rule that exempts all computers on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, if applicable in your environment.
+
+    -   A connection security rule, from **Any IP address** to **Any IP address**, that requests inbound and outbound authentication.
+
+-   A registry policy that includes the following values:
+
+    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
+
+    **Note**  
+    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
+
+     
+
+**Next: **[Encryption Zone](../p_server_archive/encryption-zone.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/certificate-based-isolation-policy-design-example.md b/windows/keep-secure/certificate-based-isolation-policy-design-example.md
new file mode 100644
index 0000000000..765f3010c9
--- /dev/null
+++ b/windows/keep-secure/certificate-based-isolation-policy-design-example.md
@@ -0,0 +1,56 @@
+---
+title: Certificate-based Isolation Policy Design Example (Windows 10)
+description: Certificate-based Isolation Policy Design Example
+ms.assetid: 509b513e-dd49-4234-99f9-636fd2f749e3
+author: brianlic-msft
+---
+
+# Certificate-based Isolation Policy Design Example
+
+
+This design example continues to use the fictitious company Woodgrove Bank, as described in the sections [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md), [Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md), and [Server Isolation Policy Design Example](../p_server_archive/server-isolation-policy-design-example.md).
+
+One of the servers that must be included in the domain isolation environment is a computer running UNIX that supplies other information to the WGBank dashboard program running on the client computers. This computer sends updated information to the WGBank front-end servers as it becomes available, so it is considered unsolicited inbound traffic to the computers that receive this information.
+
+## Design requirements
+
+
+One possible solution to this is to include an authentication exemption rule in the GPO applied to the WGBank front-end servers. This rule would instruct the front-end servers to accept traffic from the non-Windows computer even though it cannot authenticate.
+
+A more secure solution, and the one selected by Woodgrove Bank, is to include the non-Windows computer in the domain isolation design. Because it cannot join an Active Directory domain, Woodgrove Bank chose to use certificate-based authentication. Certificates are cryptographically-protected documents, encrypted in such a way that their origin can be positively confirmed.
+
+In this case, Woodgrove Bank used Microsoft Certificate Services, included with Windows Server 2008, to create the appropriate certificate. They might also have acquired and installed a certificate from a third-party commercial certification authority. They then used Group Policy to deploy the certificate to the front-end servers. The GPOs applied to the front-end servers also include updated connection security rules that permit certificate-based authentication in addition to Kerberos V5 authentication. They then manually installed the certificate on the UNIX server.
+
+The UNIX server is configured with firewall and IPsec connection security rules using the tools that are provided by the operating system vendor. Those rules specify that authentication is performed by using the certificate.
+
+The creation of the IPsec connection security rules for a non-Windows computer is beyond the scope of this document, but support for a certificate that can be used to authenticate such a non-Windows computer by using the standard IPsec protocols is the subject of this design.
+
+The non-Windows computer can be effectively made a member of the boundary zone or the encryption zone based on the IPsec rules applied to the computer. The only constraint is that the main mode and quick mode encryption algorithms supported by the UNIX computer must also be supported by the Windows-based computers with which it communicates.
+
+**Other traffic notes:**
+
+-   None of the capabilities of the other designs discussed in this guide are compromised by the use of certificate authentication by a non-Windows computer.
+
+## Design details
+
+
+Woodgrove Bank uses Active Directory groups and GPOs to deploy the domain isolation settings and rules to the computers in their organization.
+
+The inclusion of one or more non-Windows computers to the network requires only a simple addition to the GPOs for computers that must communicate with the non-Windows computer. The addition is allowing certificate-based authentication in addition to the Active Directory–supported Kerberos V5 authentication. This does not require including new rules, just adding certificate-based authentication as an option to the existing rules.
+
+When multiple authentication methods are available, two negotiating computers agree on the first one in their lists that match. Because the majority of the computers in Woodgrove Bank's network run Windows, Kerberos V5 is listed as the first authentication method in the rules. Certificate-based authentication is added as an alternate authentication type.
+
+By using the Active Directory Users and Computers snap-in, Woodgrove Bank created a group named NAG\_COMPUTER\_WGBUNIX. They then added the computer accounts to this group for Windows computers that need to communicate with the non-Windows computers. If all the computers in the isolated domain need to be able to access the non-Windows computers, then the **Domain Computers** group can be added to the group as a member.
+
+Woodgrove Bank then created a GPO that contains the certificate, and then attached security group filters to the GPO that allow read and apply permissions to only members of the NAG\_COMPUTER\_WGBUNIX group. The GPO places the certificate in the **Local Computer / Personal / Certificates** certificate store. The certificate used must chain back to a certificate that is in the **Trusted Root Certification Authorities** store on the local computer.
+
+**Next: **[Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/certificate-based-isolation-policy-design.md b/windows/keep-secure/certificate-based-isolation-policy-design.md
new file mode 100644
index 0000000000..a59802bd5c
--- /dev/null
+++ b/windows/keep-secure/certificate-based-isolation-policy-design.md
@@ -0,0 +1,42 @@
+---
+title: Certificate-based Isolation Policy Design (Windows 10)
+description: Certificate-based Isolation Policy Design
+ms.assetid: 63e01a60-9daa-4701-9472-096c85e0f862
+author: brianlic-msft
+---
+
+# Certificate-based Isolation Policy Design
+
+
+In the certificate-based isolation policy design, you provide the same types of protections to your network traffic as described in the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md) and [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md) sections. The only difference is the method used to share identification credentials during the authentication of your network traffic.
+
+Domain isolation and server isolation help provide security for the computers on the network that run Windows and that can be joined to an Active Directory domain. However, in most corporate environments there are typically some computers that must run another operating system, such as Linux or UNIX. These computers cannot join an Active Directory domain, without a third-party package being installed. Also, some computers that do run Windows cannot join a domain for a variety of reasons. To rely on Kerberos V5 as the authentication protocol, the computer needs to be joined to the Active Directory and (for non-windows computers) support Kerberos as an authentication protocol.
+
+To authenticate with non-domain member computers, IPsec supports using standards-based cryptographic certificates. Because this authentication method is also supported by many third-party operating systems, it can be used as a way to extend your isolated domain to computers that do not run the Windows operating system.
+
+The same principles of the domain and server isolation designs apply to this design. Only computers that can authenticate (in this case, by providing a specified certificate) can communicate with the computers in your isolated domain.
+
+For computers that run Windows and that are part of an Active Directory domain, you can use Group Policy to deploy the certificates required to communicate with the computers that are trusted but are not part of the Active Directory domain. For other computers, you will have to either manually configure them with the required certificates, or use a third-party program to distribute the certificates in a secure manner.
+
+For more information about this design:
+
+-   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md).
+
+-   To learn more about this design, see [Certificate-based Isolation Policy Design Example](../p_server_archive/certificate-based-isolation-policy-design-example.md).
+
+-   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md).
+
+-   To help you make the decisions required in this design, see [Planning Certificate-based Authentication](../p_server_archive/planning-certificate-based-authentication.md).
+
+-   For a list of tasks that you can use to deploy your certificate-based policy design, see "Checklist: Implementing a Certificate-based Isolation Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=98308) at http://go.microsoft.com/fwlink/?linkid=98308.
+
+**Next: **[Evaluating Windows Firewall with Advanced Security Design Examples](../p_server_archive/evaluating-windows-firewall-with-advanced-security-design-examples.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/change-rules-from-request-to-require-mode.md b/windows/keep-secure/change-rules-from-request-to-require-mode.md
new file mode 100644
index 0000000000..3f8a49404e
--- /dev/null
+++ b/windows/keep-secure/change-rules-from-request-to-require-mode.md
@@ -0,0 +1,68 @@
+---
+title: Change Rules from Request to Require Mode (Windows 10)
+description: Change Rules from Request to Require Mode
+ms.assetid: ad969eda-c681-48cb-a2c4-0b6cae5f4cff
+author: brianlic-msft
+---
+
+# Change Rules from Request to Require Mode
+
+
+After you confirm that network traffic is being correctly protected by using IPsec, you can change the rules for the domain isolation and encryption zones to require, instead of request, authentication. Do not change the rules for the boundary zone; they must stay in request mode so that computers in the boundary zone can continue to accept connections from computers that are not part of the isolated domain.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+In this topic:
+
+-   [Convert a rule in a GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](#bkmk-section1)
+
+-   [Convert a rule for an earlier version of Windows](#bkmk-section2)
+
+-   [Refresh policy on the client computers to receive the modified GPOs](#bkmk-section3)
+
+## <a href="" id="bkmk-section1"></a>
+
+
+**To convert a rule from request to require mode for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Connection Security Rules**.
+
+3.  In the details pane, double-click the connection security rule that you want to modify.
+
+4.  Click the **Authentication** tab.
+
+5.  In the **Requirements** section, change **Authenticated mode** to **Require inbound and request outbound**, and then click **OK**.
+
+## <a href="" id="bkmk-section3"></a>
+
+
+**To apply the modified GPOs to the client computers**
+
+1.  The next time each computer refreshes its Group Policy, it will receive the updated GPO and apply the modified rule. To force an immediate refresh, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md) and run the following command:
+
+    ``` syntax
+    gpupdate /force
+    ```
+
+2.  To verify that the modified GPO is correctly applied to the client computers, you can run one of the following commands:
+
+    On computers that are running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, run the following command:
+
+    ``` syntax
+    gpresult /r /scope computer
+    ```
+
+3.  Examine the command output for the list of GPOs that are applied to the computer, and make sure that the list contains the GPOs you expect to see on that computer.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-configuring-basic-firewall-settings.md b/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
new file mode 100644
index 0000000000..c4c624a4b7
--- /dev/null
+++ b/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
@@ -0,0 +1,59 @@
+---
+title: Checklist Configuring Basic Firewall Settings (Windows 10)
+description: Checklist Configuring Basic Firewall Settings
+ms.assetid: 0d10cdae-da3d-4a33-b8a4-6b6656b6d1f9
+author: brianlic-msft
+---
+
+# Checklist: Configuring Basic Firewall Settings
+
+
+This checklist includes tasks for configuring a GPO with firewall defaults and settings that are separate from the rules.
+
+## <a href="" id="bkmk-section1"></a>
+
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring firewall defaults and settings**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Turn the firewall on and set the default inbound and outbound behavior.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Turn on Windows Firewall and Configure Default Behavior](../p_server_archive/turn-on-windows-firewall-and-configure-default-behavior.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the firewall to not display notifications to the user when a program is blocked, and to ignore locally defined firewall and connection security rules.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](../p_server_archive/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the firewall to record a log file.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Windows Firewall Log](../p_server_archive/configure-the-windows-firewall-log.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
new file mode 100644
index 0000000000..4fe0df466c
--- /dev/null
+++ b/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -0,0 +1,125 @@
+---
+title: Checklist Configuring Rules for an Isolated Server Zone (Windows 10)
+description: Checklist Configuring Rules for an Isolated Server Zone
+ms.assetid: 67c50a91-e71e-4f1e-a534-dad2582e311c
+author: brianlic-msft
+---
+
+# Checklist: Configuring Rules for an Isolated Server Zone
+
+
+The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs for servers in an isolated server zone that are part of an isolated domain. For information about creating a standalone isolated server zone that is not part of an isolated domain, see [Checklist: Implementing a Standalone Server Isolation Policy Design](../p_server_archive/checklist-implementing-a-standalone-server-isolation-policy-design.md).
+
+In addition to requiring authentication and optionally encryption, servers in an isolated server zone can be accessed only by users or computers who are authenticated members of a network access group (NAG). Computers that are running Windows 2000, Windows XP, or Windows Server 2003 can restrict access in IPsec only to computers that are members of the NAG, because IPsec and IKE in those versions of Windows do not support user-based authentication. If you include user accounts in the NAG, then the restrictions can still apply; they are just enforced at the application layer, rather than the IP layer.
+
+Computers that are running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 can identify both computers and users in the NAG because IPsec in these versions of Windows supports AuthIP in addition to IKE. AuthIP adds support for user-based authentication. For more information, see “AuthIP in Windows Vista” (<http://go.microsoft.com/fwlink/?linkid=69843>).
+
+The GPOs for an isolated server or group of servers are similar to those for the isolated domain itself or the encryption zone, if you require encryption to your isolated servers. This checklist refers you to procedures for creating rules as well as restrictions that allow only members of the NAG to connect to the server.
+
+## <a href="" id="bkmk-section1"></a>
+
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring rules for isolated servers for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2**
+
+**Note**  
+The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other operating system. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.
+
+ 
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a GPO for the computers that need to have access restricted to the same set of client computers. If there are multiple servers and they run different versions of the Windows operating system, then start by creating the GPO for one version of Windows. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.</p>
+<p>Copy the GPO from the isolated domain or from the encryption zone to serve as a starting point. Where your copy already contains elements listed in the following checklist, review the relevant procedures and compare them to your copied GPO’s element to make sure it is constructed in a way that meets the needs of the server isolation zone.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the security group filters and WMI filters on the GPO so that only members of the isolated server zone’s membership group that are running the specified version of Windows can read and apply it.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the data protection (quick mode) algorithm combinations to be used. If you require encryption for the isolated server zone, then make sure that you choose only algorithm combinations that include encryption.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the authentication methods to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that requests authentication for all network traffic.</p>
+<div class="alert">
+<strong>Important</strong>  
+<p>Just as in an isolated domain, do not set the rules to require authentication for inbound traffic until you have completed testing. That way, if the rules do not work as expected, communications are not affected by a failure to authenticate.</p>
+</div>
+<div>
+ 
+</div></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the NAG to contain the computer or user accounts that are allowed to access the servers in the isolated server zone.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](../p_server_archive/create-a-group-account-in-active-directory.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a firewall rule that permits inbound network traffic only if authenticated as a member of the NAG.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Restrict Server Access to Members of a Group Only](../p_server_archive/restrict-server-access-to-members-of-a-group-only.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Add your test server to the membership group for the isolated server zone. Be sure to add at least one server for each operating system supported by a GPO in the group.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Do not change the rules for any of your zones to require authentication until all of the zones have been set up and are operating correctly.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
new file mode 100644
index 0000000000..aaccf455e0
--- /dev/null
+++ b/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -0,0 +1,126 @@
+---
+title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows 10)
+description: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone
+ms.assetid: ccc09d06-ef75-43b0-9c77-db06f2940955
+author: brianlic-msft
+---
+
+# Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone
+
+
+This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that is not part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or computers that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client computers that connect to them. For the GPOs for the client computers, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](../p_server_archive/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md).
+
+The GPOs for isolated servers are similar to those for an isolated domain. This checklist refers you to those procedures for the creation of some of the rules. The other procedures in this checklist are for creating the restrictions that allow only members of the server access group to connect to the server.
+
+## <a href="" id="bkmk-section1"></a>
+
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring rules for isolated servers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+**Note**  
+The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then create a copy of the GPO for the other operating system. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.
+
+ 
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a GPO for the computers that need to have access restricted to the same set of client computers. If there are multiple servers running different versions of the Windows operating system, start by creating the GPO for one version of Windows. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md)</p>
+<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the computers for which this GPO is intended.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the data protection (quick mode) algorithm combinations to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the authentication methods to be used. This procedure sets the default settings for the computer. If you want to set authentication on a per-rule basis, this procedure is optional.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that requests authentication for all inbound network traffic.</p>
+<div class="alert">
+<strong>Important</strong>  
+<p>Just as in an isolated domain, do not set the rules to require authentication until your testing is complete. That way, if the rules do not work as expected, communications are not affected by a failure to authenticate.</p>
+</div>
+<div>
+ 
+</div></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>If your design requires encryption in addition to authentication for access to the isolated servers, then modify the rule to require it.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the NAG to contain the computer or user accounts that are allowed to access the isolated servers. If you have multiple groups of isolated servers that are accessed by different client computers, then create a NAG for each set of servers.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](../p_server_archive/create-a-group-account-in-active-directory.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a firewall rule that allows inbound network traffic only if it is authenticated from a user or computer that is a member of the zone’s NAG.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Restrict Server Access to Members of a Group Only](../p_server_archive/restrict-server-access-to-members-of-a-group-only.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Add your test server to the membership group for the isolated server zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Do not change the rules for any of your zones to require authentication until all zones have been set up and thoroughly tested.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
new file mode 100644
index 0000000000..92853aab0f
--- /dev/null
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
@@ -0,0 +1,73 @@
+---
+title: Checklist Configuring Rules for the Boundary Zone (Windows 10)
+description: Checklist Configuring Rules for the Boundary Zone
+ms.assetid: 25fe0197-de5a-4b4c-bc44-c6f0620ea94b
+author: brianlic-msft
+---
+
+# Checklist: Configuring Rules for the Boundary Zone
+
+
+The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.
+
+Rules for the boundary zone are typically the same as those for the isolated domain, with the exception that the final rule is left to only request, not require, authentication.
+
+## <a href="" id="bkmk-section1"></a>
+
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring boundary zone rules for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 can simply be copied and then customized. This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](../p_server_archive/checklist-implementing-a-domain-isolation-policy-design.md). After you create a copy for the boundary zone, make sure that you do not change the rule from request authentication to require authentication when you create the other GPOs.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Make a copy of the domain isolation GPO for this version of Windows to serve as a starting point for the GPO for the boundary zone. Unlike the GPO for the main isolated domain zone, this copy is not changed after deployment to require authentication.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the boundary zone and version of Windows for which this GPO is intended.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Add your test computers to the membership group for the boundary zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Verify that the connection security configuration is protecting network traffic with authentication when it can, and that unauthenticated traffic is accepted.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
new file mode 100644
index 0000000000..6f79c81796
--- /dev/null
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
@@ -0,0 +1,75 @@
+---
+title: Checklist Configuring Rules for the Encryption Zone (Windows 10)
+description: Checklist Configuring Rules for the Encryption Zone
+ms.assetid: 87b1787b-0c70-47a4-ae52-700bff505ea4
+author: brianlic-msft
+---
+
+# Checklist: Configuring Rules for the Encryption Zone
+
+
+This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.
+
+Rules for the encryption zone are typically the same as those for the isolated domain, with the exception that the main rule requires encryption in addition to authentication.
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring encryption zone rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 can simply be copied and then customized. This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](../p_server_archive/checklist-implementing-a-domain-isolation-policy-design.md). You can then copy those GPOs for use with the encryption zone. After you create the copies, modify the main rule to require encryption in addition to the authentication required by the rest of the isolated domain.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Make a copy of the domain isolation GPOs to serve as a starting point for the GPOs for the encryption zone.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Modify the group memberships and WMI filters so that they are correct for the encryption zone and the version of Windows for which this GPO is intended.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Add the encryption requirements for the zone.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Add your test computers to the membership group for the encryption zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Verify that the connection security rules are protecting network traffic.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
new file mode 100644
index 0000000000..e88f33cec8
--- /dev/null
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
@@ -0,0 +1,107 @@
+---
+title: Checklist Configuring Rules for the Isolated Domain (Windows 10)
+description: Checklist Configuring Rules for the Isolated Domain
+ms.assetid: bfd2d29e-4011-40ec-a52e-a67d4af9748e
+author: brianlic-msft
+---
+
+# Checklist: Configuring Rules for the Isolated Domain
+
+
+The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.
+
+## <a href="" id="bkmk-section1"></a>
+
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring isolated domain rules for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+**Note**  
+The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other operating system. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.
+
+ 
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a GPO for the computers in the isolated domain running one of the operating systems. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md)</p>
+<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>If you are working on a GPO that was copied from another GPO, modify the group memberships and WMI filters so that they are correct for the isolated domain zone and the version of Windows for which this GPO is intended.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the data protection (quick mode) algorithm combinations to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the authentication methods to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the rule that requests authentication for all inbound network traffic.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Link the GPO to the domain level of the AD DS organizational unit hierarchy.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Verify that the connection security rules are protecting network traffic to and from the test computers.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Do not change the rules for any of your zones to require authentication until all of the zones have been set up and are operating correctly.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-creating-group-policy-objects.md b/windows/keep-secure/checklist-creating-group-policy-objects.md
new file mode 100644
index 0000000000..5264c7d2c6
--- /dev/null
+++ b/windows/keep-secure/checklist-creating-group-policy-objects.md
@@ -0,0 +1,97 @@
+---
+title: Checklist Creating Group Policy Objects (Windows 10)
+description: Checklist Creating Group Policy Objects
+ms.assetid: e99bd6a4-34a7-47b5-9791-ae819977a559
+author: brianlic-msft
+---
+
+# Checklist: Creating Group Policy Objects
+
+
+To deploy firewall or IPsec settings or firewall or connection security rules, we recommend that you use Group Policy in AD DS. This section describes a tested, efficient method that requires some up-front work, but serves an administrator well in the long run by making GPO assignments as easy as dropping a computer into a membership group.
+
+The checklists for firewall, domain isolation, and server isolation include a link to this checklist.
+
+## About membership groups
+
+
+For most GPO deployment tasks, you must determine which computers must receive and apply which GPOs. Because different versions of Windows can support different settings and rules to achieve similar behavior, you might need multiple GPOs: one for each operating system that has settings different from the others to achieve the same result. For example, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 use rules and settings that are incompatible with Windows 2000, Windows XP, and Windows Server 2003. Therefore, if your network included those older operating systems you would need to create a GPO for each set of operating systems that can share common settings. To deploy typical domain isolation settings and rules, you might have five different GPOs for the versions of Windows discussed in this guide. By following the procedures in this guide, you only need one membership group to manage all five GPOs. The membership group is identified in the security group filter for all five GPOs. To apply the settings to a computer, you make that computer's account a member of the membership group. WMI filters are used to ensure that the correct GPO is applied.
+
+## About exclusion groups
+
+
+A Windows Firewall with Advanced Security design must often take into account domain-joined computers on the network that cannot or must not apply the rules and settings in the GPOs. Because these computers are typically fewer in number than the computers that must apply the GPO, it is easier to use the Domain Members group in the GPO membership group, and then place these exception computers into an exclusion group that is denied Apply Group Policy permissions on the GPO. Because deny permissions take precedence over allow permissions, a computer that is a member of both the membership group and the exception group is prevented from applying the GPO. Computers typically found in a GPO exclusion group for domain isolation include the domain controllers, DHCP servers, and DNS servers.
+
+You can also use a membership group for one zone as an exclusion group for another zone. For example, computers in the boundary and encryption zones are technically in the main domain isolation zone, but must apply only the GPO for their assigned role. To do this, the GPOs for the main isolation zone deny Apply Group Policy permissions to members of the boundary and encryption zones.
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Creating Group Policy objects**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Review important concepts and examples for deploying GPOs in a way that best meets the needs of your organization.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the membership group in AD DS that will be used to contain computer accounts that must receive the GPO.</p>
+<p>If some computers in the membership group are running an operating system that does not support WMI filters, such as Windows 2000, create an exclusion group to contain the computer accounts for the computers that cannot be blocked by using a WMI filter.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](../p_server_archive/create-a-group-account-in-active-directory.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a GPO for each version of Windows that has different implementation requirements.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Policy Object](../p_server_archive/create-a-group-policy-object.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create security group filters to limit the GPO to only computers that are members of the membership group and to exclude computers that are members of the exclusion group.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Assign Security Group Filters to the GPO](../p_server_archive/assign-security-group-filters-to-the-gpo.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create WMI filters to limit each GPO to only the computers that match the criteria in the filter.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create WMI Filters for the GPO](../p_server_archive/create-wmi-filters-for-the-gpo.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>If you are working on a GPO that was copied from another, modify the group memberships and WMI filters so that they are correct for the new zone or version of Windows for which this GPO is intended.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Before adding any rules or configuring the GPO, add a few test computers to the membership group, and make sure that the correct GPO is received and applied to each member of the group.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-creating-inbound-firewall-rules.md b/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
new file mode 100644
index 0000000000..65a3c463b5
--- /dev/null
+++ b/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
@@ -0,0 +1,69 @@
+---
+title: Checklist Creating Inbound Firewall Rules (Windows 10)
+description: Checklist Creating Inbound Firewall Rules
+ms.assetid: 0520e14e-5c82-48da-8fbf-87cef36ce02f
+author: brianlic-msft
+---
+
+# Checklist: Creating Inbound Firewall Rules
+
+
+This checklist includes tasks for creating firewall rules in your GPOs.
+
+## <a href="" id="bkmk-section1"></a>
+
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Creating inbound firewall rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that allows a program to listen for and accept inbound network traffic on any ports it requires.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that allows inbound network traffic on a specified port number.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that allows inbound ICMP network traffic.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create rules that allow inbound RPC network traffic.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Enable a predefined rule or a group of predefined rules. Some predefined rules for basic network services are included as part of the installation of Windows; others can be created when you install a new application or network service.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-creating-outbound-firewall-rules.md b/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
new file mode 100644
index 0000000000..61e94ff601
--- /dev/null
+++ b/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
@@ -0,0 +1,61 @@
+---
+title: Checklist Creating Outbound Firewall Rules (Windows 10)
+description: Checklist Creating Outbound Firewall Rules
+ms.assetid: 611bb98f-4e97-411f-82bf-7a844a4130de
+author: brianlic-msft
+---
+
+# Checklist: Creating Outbound Firewall Rules
+
+
+This checklist includes tasks for creating outbound firewall rules in your GPOs. Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 support the use of outbound rules.
+
+**Important**  
+By default, in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, outbound filtering is disabled. Because all outbound network traffic is permitted, outbound rules are typically used to block traffic that is not wanted on the network. However, it is a best practice for an administrator to create outbound allow rules for those applications that are approved for use on the organization’s network. If you do this, then you have the option to set the default outbound behavior to block, preventing any network traffic that is not specifically authorized by the rules you create.
+
+ 
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Creating outbound firewall rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that allows a program to send any outbound network traffic on any port it requires.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that allows outbound network traffic on a specified port number.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Enable a predefined rule or a group of predefined rules. Some predefined rules for basic network services are included as part of the installation of Windows; others can be created when you install a new application or network service.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
new file mode 100644
index 0000000000..251866927c
--- /dev/null
+++ b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -0,0 +1,100 @@
+---
+title: Checklist Creating Rules for Clients of a Standalone Isolated Server Zone (Windows 10)
+description: Checklist Creating Rules for Clients of a Standalone Isolated Server Zone
+ms.assetid: 6a5e6478-add3-47e3-8221-972549e013f6
+author: brianlic-msft
+---
+
+# Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone
+
+
+This checklist includes tasks for configuring connection security rules and IPsec settings in the GPOs for client computers that must connect to servers in an isolated server zone.
+
+## <a href="" id="bkmk-section1"></a>
+
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring isolated server zone client rules for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+**Note**  
+The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then create a copy of the GPO. For example, create and configure the GPO for Windows 8, create a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the required changes (if any) to the copy.
+
+ 
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a GPO for the client computers that must connect to servers in the isolated server zone, and that are running one of the versions of Windows. After you have finished the tasks in this checklist, you can make a copy of it.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md)</p>
+<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>To determine which computers receive the GPO, assign the NAG for the isolated servers to the security group filter for the GPO. Make sure that each GPO has the WMI filter for the correct version of Windows.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the data protection (quick mode) algorithm combinations to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the authentication methods to be used.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create a rule that requests authentication for network traffic. Because fallback-to-clear behavior in Windows Vista and Windows Server 2008 has no delay when communicating with computers that cannot use IPsec, you can use the same any-to-any rule used in an isolated domain.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Add your test computers to the NAG for the isolated server zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md b/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
new file mode 100644
index 0000000000..d6ff2cb7f5
--- /dev/null
+++ b/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
@@ -0,0 +1,97 @@
+---
+title: Checklist Implementing a Basic Firewall Policy Design (Windows 10)
+description: Checklist Implementing a Basic Firewall Policy Design
+ms.assetid: 6caf0c1e-ac72-4f9d-a986-978b77fbbaa3
+author: brianlic-msft
+---
+
+# Checklist: Implementing a Basic Firewall Policy Design
+
+
+This parent checklist includes cross-reference links to important concepts about the basic firewall policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
+
+**Note**  
+Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
+
+The procedures in this section use the Group Policy MMC snap-in interfaces to configure the GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](http://technet.microsoft.com/library/hh831755.aspx) at http://technet.microsoft.com/library/hh831755.aspx.
+
+ 
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif) **Checklist: Implementing a basic firewall policy design**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Review important concepts and examples for the basic firewall policy design to determine if this design meets the needs of your organization.</p></td>
+<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the membership group and a GPO for each set of computers that require different firewall rules. Where GPOs will be similar, such as for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md)</p>
+<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>If you are working on a GPO that was copied from another, modify the group membership and WMI filters so that they are correct for the computers for which this GPO is intended.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the GPO with firewall default settings appropriate for your design.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Basic Firewall Settings](../p_server_archive/checklist-configuring-basic-firewall-settings.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create one or more inbound firewall rules to allow unsolicited inbound network traffic.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Inbound Firewall Rules](../p_server_archive/checklist-creating-inbound-firewall-rules.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create one or more outbound firewall rules to block unwanted outbound network traffic.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Outbound Firewall Rules](../p_server_archive/checklist-creating-outbound-firewall-rules.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Add test computers to the membership group, and then confirm that the computers receive the firewall rules from the GPOs as expected.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy the completed firewall policy settings to your computers.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](../p_server_archive/add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
new file mode 100644
index 0000000000..59ca82798d
--- /dev/null
+++ b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -0,0 +1,76 @@
+---
+title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows 10)
+description: Checklist Implementing a Certificate-based Isolation Policy Design
+ms.assetid: 1e34b5ea-2e77-4598-a765-550418d33894
+author: brianlic-msft
+---
+
+# Checklist: Implementing a Certificate-based Isolation Policy Design
+
+
+This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.
+
+**Note**  
+Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist
+
+The procedures in this section use the Group Policy MMC snap-in interfaces to configure the GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](http://technet.microsoft.com/library/hh831755.aspx) at http://technet.microsoft.com/library/hh831755.aspx.
+
+ 
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif) **Checklist: Implementing certificate-based authentication**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.</p></td>
+<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Certificate-based Isolation Policy Design Example](../p_server_archive/certificate-based-isolation-policy-design-example.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Certificate-based Authentication](../p_server_archive/planning-certificate-based-authentication.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Install Active Directory Certificate Services](../p_server_archive/install-active-directory-certificate-services.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure the certificate template for workstation authentication certificates.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Workstation Authentication Certificate Template](../p_server_archive/configure-the-workstation-authentication-certificate-templatewfas-dep.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Configure Group Policy to automatically deploy certificates based on your template to workstation computers.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Group Policy to Autoenroll and Deploy Certificates](../p_server_archive/configure-group-policy-to-autoenroll-and-deploy-certificates.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>On a test computer, refresh Group Policy and confirm that the certificate is installed.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Confirm That Certificates Are Deployed Correctly](../p_server_archive/confirm-that-certificates-are-deployed-correctly.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
new file mode 100644
index 0000000000..6febf014de
--- /dev/null
+++ b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
@@ -0,0 +1,88 @@
+---
+title: Checklist Implementing a Domain Isolation Policy Design (Windows 10)
+description: Checklist Implementing a Domain Isolation Policy Design
+ms.assetid: 76586eb3-c13c-4d71-812f-76bff200fc20
+author: brianlic-msft
+---
+
+# Checklist: Implementing a Domain Isolation Policy Design
+
+
+This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
+
+**Note**  
+Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
+
+The procedures in this section use the Group Policy MMC snap-ins to configure the GPOs, but you can also use Windows PowerShell to configure GPOs. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](http://technet.microsoft.com/library/hh831755.aspx) at http://technet.microsoft.com/library/hh831755.aspx.
+
+For more information about the security algorithms and authentication methods available in each version of Windows, see [IPsec Algorithms and Methods Supported in Windows](http://technet.microsoft.com/library/dd125380.aspx) at http://technet.microsoft.com/library/dd125380.aspx.
+
+ 
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif) **Checklist: Implementing a domain isolation policy design**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Review important concepts and examples for the domain isolation policy design, determine your Windows Firewall with Advanced Security deployment goals, and customize this design to meet the needs of your organization.</p></td>
+<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the GPOs and connection security rules for the isolated domain.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Isolated Domain](../p_server_archive/checklist-configuring-rules-for-the-isolated-domain.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the GPOs and connection security rules for the boundary zone.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Boundary Zone](../p_server_archive/checklist-configuring-rules-for-the-boundary-zone.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the GPOs and connection security rules for the encryption zone.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Encryption Zone](../p_server_archive/checklist-configuring-rules-for-the-encryption-zone.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the GPOs and connection security rules for the isolated server zone.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for an Isolated Server Zone](../p_server_archive/checklist-configuring-rules-for-an-isolated-server-zone.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy rules and settings to your computers.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](../p_server_archive/add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>After you confirm that network traffic is authenticated by IPsec, you can change authentication rules for the isolated domain and encryption zone from request to require mode.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Change Rules from Request to Require Mode](../p_server_archive/change-rules-from-request-to-require-mode.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
new file mode 100644
index 0000000000..92a7ec6199
--- /dev/null
+++ b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -0,0 +1,83 @@
+---
+title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows 10)
+description: Checklist Implementing a Standalone Server Isolation Policy Design
+ms.assetid: 50a997d8-f079-408c-8ac6-ecd02078ade3
+author: brianlic-msft
+---
+
+# Checklist: Implementing a Standalone Server Isolation Policy Design
+
+
+This checklist contains procedures for creating a server isolation policy design that is not part of an isolated domain. For the steps required to create an isolated server zone within an isolated domain, see [Checklist: Configuring Rules for an Isolated Server Zone](../p_server_archive/checklist-configuring-rules-for-an-isolated-server-zone.md).
+
+This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
+
+**Note**  
+Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
+
+The procedures in this section use the Group Policy MMC snap-in interfaces to configure the GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](http://technet.microsoft.com/library/hh831755.aspx) at http://technet.microsoft.com/library/hh831755.aspx.
+
+ 
+
+![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif) **Checklist: Implementing a standalone server isolation policy design**
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th></th>
+<th>Task</th>
+<th>Reference</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Review important concepts and examples for the server isolation policy design to determine if this design meets your deployment goals and the needs of your organization.</p></td>
+<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Server Isolation Policy Design Example](../p_server_archive/server-isolation-policy-design-example.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Server Isolation Zones](../p_server_archive/planning-server-isolation-zones.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the GPOs and connection security rules for isolated servers.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](../p_server_archive/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Create the GPOs and connection security rules for the client computers that must connect to the isolated servers.</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](../p_server_archive/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>Verify that the connection security rules are protecting network traffic on your test computers.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)</p></td>
+</tr>
+<tr class="odd">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>After you confirm that network traffic is authenticated by IPsec as expected, you can change authentication rules for the isolated server zone to require authentication instead of requesting it.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Change Rules from Request to Require Mode](../p_server_archive/change-rules-from-request-to-require-mode.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
+<td><p>According to the testing and roll-out schedule in your design plan, add computer accounts for the client computers to the membership group so that you can deploy the settings.</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](../p_server_archive/add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
new file mode 100644
index 0000000000..6cd45af6d4
--- /dev/null
+++ b/windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -0,0 +1,84 @@
+---
+title: Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
+description: Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+ms.assetid: 5fcdc523-617f-4233-9213-15fe19f4cd02
+author: brianlic-msft
+---
+
+# Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+
+
+This procedure shows you how to configure the authentication methods that can be used by computers in an isolated domain or standalone isolated server zone.
+
+**Note**  
+If you follow the steps in the procedure in this topic, you alter the system-wide default settings. Any connection security rule can use these settings by specifying **Default** on the **Authentication** tab.
+
+ 
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To configure authentication methods**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the details pane on the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
+
+3.  On the **IPsec Settings** tab, click **Customize**.
+
+4.  In the **Authentication Method** section, select the type of authentication that you want to use from among the following:
+
+    1.  **Default**. Selecting this option tells the computer to use the authentication method currently defined by the local administrator in Windows Firewall with Advanced Security or by Group Policy as the default.
+
+    2.  **Computer and User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of both the computer and the currently logged-on user by using their domain credentials. This authentication method works only with other computers that can use Authenticated IP (AuthIP), including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+    3.  **Computer (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works with other computers that can use IKE v1, including earlier versions of Windows.
+
+    4.  **User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+    5.  **Computer certificate from this certification authority**. Selecting this option and entering the identification of a certification authority (CA) tells the computer to use and require authentication by using a certificate that is issued by the selected CA. If you also select **Accept only health certificates**, then only certificates that include the system health authentication enhanced key usage (EKU) typically provided in a Network Access Protection (NAP) infrastructure can be used for this rule.
+
+    6.  **Advanced**. Click **Customize** to specify a custom combination of authentication methods required for your scenario. You can specify both a **First authentication method** and a **Second authentication method**.
+
+        The first authentication method can be one of the following:
+
+        -   **Computer (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works with other computers that can use IKE v1, including earlier versions of Windows.
+
+        -   **Computer (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+        -   **Computer certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require authentication by using a certificate that is issued by that CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used.
+
+        -   **Preshared key (not recommended)**. Selecting this method and entering a preshared key tells the computer to authenticate by exchanging the preshared keys. If they match, then the authentication succeeds. This method is not recommended, and is included only for backward compatibility and testing purposes.
+
+        If you select **First authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails.
+
+        The second authentication method can be one of the following:
+
+        -   **User (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+        -   **User (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials, and uses the NTLMv2 protocol instead of Kerberos V5. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+        -   **User health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require user-based authentication by using a certificate that is issued by the specified CA. If you also select **Enable certificate to account mapping**, then the certificate can be associated with a user in Active Directory for purposes of granting or denying access to specified users or user groups.
+
+        -   **Computer health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require authentication by using a certificate that is issued by the specified CA. If you also select **Accept only health certificates**, then only certificates that include the system health authentication EKU typically provided in a NAP infrastructure can be used for this rule.
+
+        If you select **Second authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails.
+
+        **Important**  
+        Make sure that you do not select the check boxes to make both first and second authentication optional. Doing so allows plaintext connections whenever authentication fails.
+
+         
+
+5.  Click **OK** on each dialog box to save your changes and return to the Group Policy Management Editor.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
new file mode 100644
index 0000000000..19af4227c6
--- /dev/null
+++ b/windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -0,0 +1,66 @@
+---
+title: Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
+description: Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+ms.assetid: fdcb1b36-e267-4be7-b842-5df9a067c9e0
+author: brianlic-msft
+---
+
+# Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+
+
+This procedure shows you how to configure the data protection (quick mode) settings for connection security rules in an isolated domain or a standalone isolated server zone.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To configure quick mode settings**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the details pane on the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
+
+3.  On the **IPsec Settings** tab, click **Customize**.
+
+4.  In the **Data protection (Quick Mode)** section, click **Advanced**, and then click **Customize**.
+
+5.  If you require encryption for all network traffic in the specified zone, then check **Require encryption for all connection security rules that use these settings**. Selecting this option disables the **Data integrity** section, and forces you to select only integrity algorithms that are combined with an encryption algorithm. If you do not select this option, then you can use only data integrity algorithms. Before selecting this option, consider the performance impact and the increase in network traffic that will result. We recommend that you use this setting only on network traffic that truly requires it, such as to and from computers in the encryption zone.
+
+6.  If you did not select **Require encryption**, then select the data integrity algorithms that you want to use to help protect the data sessions between the two computers. If the data integrity algorithms displayed in the list are not what you want, then do the following:
+
+    1.  From the left column, remove any of the data integrity algorithms that you do not want by selecting the algorithm and then clicking **Remove**.
+
+    2.  Add any required data integrity algorithms by clicking **Add**, selecting the appropriate protocol (ESP or AH) and algorithm (SHA1 or MD5), selecting the key lifetime in minutes or sessions, and then clicking **OK**. We recommend that you do not include MD5 in any combination. It is included for backward compatibility only. We also recommend that you use ESP instead of AH if you have any devices on your network that use network address translation (NAT).
+
+    3.  In **Key lifetime (in sessions)**, type the number of times that the quick mode session can be rekeyed. After this number is reached, the quick mode SA must be renegotiated. Be careful to balance performance with security requirements. Although a shorter key lifetime results in better security, it also reduces performance because of the more frequent renegotiating of the quick mode SA. We recommend that you use the default value unless your risk analysis indicates the need for a different value.
+
+    4.  Click **OK** to save your algorithm combination settings.
+
+    5.  After the list contains only the combinations you want, use the up and down arrows to the right of the list to rearrange them in the correct order for your design. The algorithm combination that is first in the list is tried first, and so on.
+
+7.  Select the data integrity and encryption algorithms that you want to use to help protect the data sessions between the two computers. If the algorithm combinations displayed in the list are not what you want, then do the following:
+
+    1.  From the second column, remove any of the data integrity and encryption algorithms that you do not want by selecting the algorithm combination and then clicking **Remove**.
+
+    2.  Add any required integrity and encryption algorithm combinations by clicking **Add**, and then doing the following:
+
+    3.  Select the appropriate protocol (ESP or AH). We recommend that you use ESP instead of AH if you have any devices on your network that use NAT.
+
+    4.  Select the appropriate encryption algorithm. The choices include, in order of decreasing security: AES-256, AES-192, AES-128, 3DES, and DES. We recommend that you do not include DES in any combination. It is included for backward compatibility only.
+
+    5.  Select the appropriate integrity algorithm (SHA1 or MD5). We recommend that you do not include MD5 in any combination. It is included for backward compatibility only.
+
+    6.  In **Key lifetime (in minutes)**, type the number of minutes. When the specified number of minutes has elapsed, any IPsec operations between the two computers that negotiated this key will require a new key. Be careful to balance performance with security requirements. Although a shorter key lifetime results in better security, it also reduces performance because of the more frequent rekeying. We recommend that you use the default value unless your risk analysis indicates the need for a different value.
+
+8.  Click **OK** three times to save your settings.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md
new file mode 100644
index 0000000000..dca884a135
--- /dev/null
+++ b/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -0,0 +1,42 @@
+---
+title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows 10)
+description: Configure Group Policy to Autoenroll and Deploy Certificates
+ms.assetid: faeb62b5-2cc3-42f7-bee5-53ba45d05c09
+author: brianlic-msft
+---
+
+# Configure Group Policy to Autoenroll and Deploy Certificates
+
+
+You can use this procedure to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. Follow this procedure for each GPO that contains IPsec connection security rules that require this certificate.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of both the Domain Admins group in the root domain of your forest and a member of the Enterprise Admins group.
+
+**To configure Group Policy to autoenroll certificates**
+
+1.  On a computer that has the Group Policy Management feature installed, click **Start**, click **Administrative Tools**, and then click **Group Policy Management**.
+
+2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**.
+
+3.  In the navigation pane, expand the following path: **Computer Configuration**, **Policies**, **Windows Settings**, **Security Settings**, **Public Key Policies**.
+
+4.  Double-click **Certificate Services Client - Auto-Enrollment**.
+
+5.  In the **Properties** dialog box, change **Configuration Model** to **Enabled**.
+
+6.  Select both **Renew expired certificates, update pending certificates, and remove revoked certificates** and **Update certificates that use certificate templates**.
+
+7.  Click **OK** to save your changes. Computers apply the GPO and download the certificate the next time Group Policy is refreshed.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
new file mode 100644
index 0000000000..98b44775c3
--- /dev/null
+++ b/windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -0,0 +1,79 @@
+---
+title: Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
+description: Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+ms.assetid: 5c593b6b-2cd9-43de-9b4e-95943fe82f52
+author: brianlic-msft
+---
+
+# Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+
+
+This procedure shows you how to configure the main mode key exchange settings used to secure the IPsec authentication traffic.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To configure key exchange settings**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the details pane on the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
+
+3.  On the **IPsec Settings** tab, click **Customize**.
+
+4.  In the **Key exchange (Main Mode)** section, click **Advanced**, and then click **Customize**.
+
+5.  Select the security methods to be used to help protect the main mode negotiations between the two computers. If the security methods displayed in the list are not what you want, then do the following:
+
+    **Important**  
+    In Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, you can specify only one key exchange algorithm. This means that if you want to communicate by using IPsec with another computer running Windows 8 or Windows Server 2012, then you must select the same key exchange algorithm on both computers.
+
+    Also, if you create a connection security rule that specifies an option that requires AuthIP instead of IKE, then only the one combination of the top integrity and encryption security method are used in the negotiation. Make sure that all of your computers that run Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 have the same methods at the top of the list and the same key exchange algorithm selected.
+
+     
+
+    **Note**  
+    When AuthIP is used, no Diffie-Hellman key exchange protocol is used. Instead, when Kerberos V5 authentication is requested, the Kerberos V5 service ticket secret is used in place of a Diffie-Hellman value. When either certificate authentication or NTLM authentication is requested, a transport level security (TLS) session is established, and its secret is used in place of the Diffie-Hellman value. This happens no matter which Diffie-Hellman key exchange protocol you select.
+
+     
+
+    1.  Remove any of the security methods that you do not want by selecting the method and then clicking **Remove**.
+
+    2.  Add any required security method combinations by clicking **Add**, selecting the appropriate encryption algorithm and integrity algorithm from the lists, and then clicking **OK**.
+
+        **Caution**  
+        We recommend that you do not include MD5 or DES in any combination. They are included for backward compatibility only.
+
+         
+
+    3.  After the list contains only the combinations you want, use the up and down arrows to the right of the list to arrange them in the order of preference. The combination that appears first in the list is tried first, and so on.
+
+6.  From the list on the right, select the key exchange algorithm that you want to use.
+
+    **Caution**  
+    We recommend that you do not use Diffie-Hellman Group 1. It is included for backward compatibility only.
+
+     
+
+7.  In **Key lifetime (in minutes)**, type the number of minutes. When the specified number of minutes has elapsed, any IPsec operation between the two computers requires a new key.
+
+    **Note**  
+    You need to balance performance with security requirements. Although a shorter key lifetime results in better security, it also reduces performance.
+
+     
+
+8.  In **Key lifetime (in sessions)**, type the number of sessions. After the specified number of quick mode sessions have been created within the security association protected by this key, IPsec requires a new key.
+
+9.  Click **OK** three times to save your settings.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
new file mode 100644
index 0000000000..d01116f6b5
--- /dev/null
+++ b/windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -0,0 +1,61 @@
+---
+title: Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
+description: Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+ms.assetid: 07b7760f-3225-4b4b-b418-51787b0972a0
+author: brianlic-msft
+---
+
+# Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+
+
+If you are creating a zone that requires encryption, you must configure the rules to add the encryption algorithms and delete the algorithm combinations that do not use encryption.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To modify an authentication request rule to also require encryption**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Connection Security Rules**.
+
+3.  In the details pane, double-click the connection security rule you want to modify.
+
+4.  On the **Name** page, rename the connection security rule, edit the description to reflect the new use for the rule, and then click **OK**.
+
+5.  In the navigation pane, right-click **Windows Firewall with Advanced Security – LDAP://CN={***guid***}**, and then click **Properties**.
+
+6.  Click the **IPsec Settings** tab.
+
+7.  Under **IPsec defaults**, click **Customize**.
+
+8.  Under **Data protection (Quick Mode)**, click **Advanced**, and then click **Customize**.
+
+9.  Click **Require encryption for all connection security rules that use these settings**.
+
+    This disables the data integrity rules section. Make sure the **Data integrity and encryption** list contains all of the combinations that your client computers will use to connect to members of the encryption zone. The client computers receive their rules through the GPO for the zone to which they reside. You must make sure that those rules contain at least one of the data integrity and encryption algorithms that are configured in this rule, or the client computers in that zone will not be able to connect to computers in this zone.
+
+10. If you need to add an algorithm combination, click **Add**, and then select the combination of encryption and integrity algorithms. The options are described in [Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md).
+
+    **Note**  
+    Not all of the algorithms available in Windows 8 or Windows Server 2012 can be selected in the Windows Firewall with Advanced Security user interface. To select them, you can use Windows PowerShell.
+
+    Quick mode settings can also be configured on a per-rule basis, but not by using the Windows Firewall with Advanced Security user interface. Instead, you can create or modify the rules by using Windows PowerShell.
+
+    For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](../p_server_archive/windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
+
+     
+
+11. During negotiation, algorithm combinations are proposed in the order shown in the list. Make sure that the more secure combinations are at the top of the list so that the negotiating computers select the most secure combination that they can jointly support.
+
+12. Click **OK** three times to save your changes.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/configure-the-windows-firewall-log.md b/windows/keep-secure/configure-the-windows-firewall-log.md
new file mode 100644
index 0000000000..0bd77d8930
--- /dev/null
+++ b/windows/keep-secure/configure-the-windows-firewall-log.md
@@ -0,0 +1,60 @@
+---
+title: Configure the Windows Firewall Log (Windows 10)
+description: Configure the Windows Firewall Log
+ms.assetid: f037113d-506b-44d3-b9c0-0b79d03e7d18
+author: brianlic-msft
+---
+
+# Configure the Windows Firewall Log
+
+
+To configure Windows Firewall to log dropped packets or successful connections, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+In this topic:
+
+[To configure Windows Firewall logging for Windows Vista or Windows Server 2008](#bkmk-toenablewindowsfirewallandconfigurethedefaultbehavior)
+
+## <a href="" id="bkmk-1"></a>
+
+
+**To configure Windows Firewall logging for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the details pane, in the **Overview** section, click **Windows Firewall Properties**.
+
+3.  For each network location type (Domain, Private, Public), perform the following steps.
+
+    1.  Click the tab that corresponds to the network location type.
+
+    2.  Under **Logging**, click **Customize**.
+
+    3.  The default path for the log is **%windir%\\system32\\logfiles\\firewall\\pfirewall.log**. If you want to change this, clear the **Not configured** check box and type the path to the new location, or click **Browse** to select a file location.
+
+        **Important**  
+        The location you specify must have permissions assigned that permit the Windows Firewall service to write to the log file.
+
+         
+
+    4.  The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a size. The file will not grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
+
+    5.  No logging occurs until you set one of following two options:
+
+        -   To create a log entry when Windows Firewall drops an incoming network packet, change **Log dropped packets** to **Yes**.
+
+        -   To create a log entry when Windows Firewall allows an inbound connection, change **Log successful connections** to **Yes**.
+
+    6.  Click **OK** twice.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/configure-the-workstation-authentication-certificate-templatewfas-dep.md b/windows/keep-secure/configure-the-workstation-authentication-certificate-templatewfas-dep.md
new file mode 100644
index 0000000000..ebe06760bb
--- /dev/null
+++ b/windows/keep-secure/configure-the-workstation-authentication-certificate-templatewfas-dep.md
@@ -0,0 +1,53 @@
+---
+title: Configure the Workstation Authentication Certificate Template (Windows 10)
+description: Configure the Workstation Authentication Certificate Template
+ms.assetid: c3ac9960-6efc-47c1-bd69-d9d4bf84f7a6
+author: brianlic-msft
+---
+
+# Configure the Workstation Authentication Certificate Template
+
+
+This procedure describes how to configure a certificate template that Active Directory Certification Services (AD CS) uses as the starting point for computer certificates that are automatically enrolled and deployed to workstations in the domain. It shows how to create a copy of a template, and then configure the template according to your design requirements.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of both the Domain Admins group in the root domain of your forest, and a member of the Enterprise Admins group.
+
+**To configure the workstation authentication certificate template and autoenrollment**
+
+1.  On the computer where AD CS is installed, click the **Start** charm, and then click **Certification Authority**.
+
+2.  In the navigation pane, right-click **Certificate Templates**, and then click **Manage**.
+
+3.  In the details pane, click the **Workstation Authentication** template.
+
+4.  On the **Action** menu, click **Duplicate Template**. In the **Duplicate Template** dialog box, select the template version that is appropriate for your deployment, and then click **OK**. For the resulting certificates to have maximum compatibility with the available versions of Windows, we recommended that you select **Windows Server 2003**.
+
+5.  On the **General** tab, in **Template display name**, type a new name for the certificate template, such as **Domain Isolation Workstation Authentication Template**.
+
+6.  Click the **Subject Name** tab. Make sure that **Build from this Active Directory information** is selected. In **Subject name format**, select **Fully distinguished name**.
+
+7.  Click the **Request Handling** tab. You must determine the best minimum key size for your environment. Large key sizes provide better security, but they can affect server performance. We recommended that you use the default setting of 2048.
+
+8.  Click the **Security** tab. In **Group or user names**, click **Domain Computers**, under **Allow**, select **Enroll** and **Autoenroll**, and then click **OK**.
+
+    **Note**  
+    If you want do not want to deploy the certificate to every computer in the domain, then specify a different group or groups that contain the computer accounts that you want to receive the certificate.
+
+     
+
+9.  Close the Certificate Templates Console.
+
+10. In the Certification Authority MMC snap-in, in the left pane, right-click **Certificate Templates**, click **New**, and then click **Certificate Template to Issue**.
+
+11. In the **Enable Certificate Templates** dialog box, click the name of the certificate template you just configured, and then click **OK**.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
new file mode 100644
index 0000000000..e8fdd8d249
--- /dev/null
+++ b/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -0,0 +1,58 @@
+---
+title: Configure Windows Firewall to Suppress Notifications When a Program Is Blocked (Windows 10)
+description: Configure Windows Firewall to Suppress Notifications When a Program Is Blocked
+ms.assetid: b7665d1d-f4d2-4b5a-befc-8b6bd940f69b
+author: brianlic-msft
+---
+
+# Configure Windows Firewall to Suppress Notifications When a Program Is Blocked
+
+
+To configure Windows Firewall to suppress the display of a notification when it blocks a program that tries to listen for network traffic and to prohibit locally defined rules, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in.
+
+**Caution**  
+If you choose to disable alerts and prohibit locally defined rules, then you must create firewall rules that allow your users’ programs to send and receive the required network traffic. If a firewall rule is missing, then the user does not receive any kind of warning, the network traffic is silently blocked, and the program might fail.
+
+We recommend that you do not enable these settings until you have created and tested the required rules.
+
+ 
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+In this topic:
+
+[To configure Windows Firewall to suppress the display of a notification for a blocked program and to ignore locally defined rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](#bkmk-1)
+
+## <a href="" id="bkmk-1"></a>
+
+
+**To configure Windows Firewall to suppress the display of a notification for a blocked program and to ignore locally defined rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the details pane, in the **Overview** section, click **Windows Firewall Properties**.
+
+3.  For each network location type (Domain, Private, Public), perform the following steps.
+
+    1.  Click the tab that corresponds to the network location type.
+
+    2.  Under **Settings**, click **Customize**.
+
+    3.  Under **Firewall settings**, change **Display a notification** to **No**.
+
+    4.  Under **Rule merging**, change **Apply local firewall rules** to **No**.
+
+    5.  Although a connection security rule is not a firewall setting, you can also use this tab to prohibit locally defined connection security rules if you are planning to deploy IPsec rules as part of a server or domain isolation environment. Under **Rule merging**, change **Apply local connection security rules** to **No**.
+
+    6.  Click **OK** twice.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md b/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
new file mode 100644
index 0000000000..16224c9683
--- /dev/null
+++ b/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
@@ -0,0 +1,56 @@
+---
+title: Confirm That Certificates Are Deployed Correctly (Windows 10)
+description: Confirm That Certificates Are Deployed Correctly
+ms.assetid: de0c8dfe-16b0-4d3b-8e8f-9282f6a65eee
+author: brianlic-msft
+---
+
+# Confirm That Certificates Are Deployed Correctly
+
+
+After configuring your certificates and autoenrollment in Group Policy, you can confirm that the policy is being applied as expected, and that the certificates are being properly installed on the workstation computers.
+
+In these procedures, you refresh Group Policy on a client computer, and then confirm that the certificate is deployed correctly.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+In this topic:
+
+-   [Refresh Group Policy on a computer](#bkmk-torefreshgrouppolicyonacomputer)
+
+-   [Verify that a certificate is installed](#bkmk-toverifythatacertificateisinstalled)
+
+## <a href="" id="bkmk-torefreshgrouppolicyonacomputer"></a>
+
+
+**To refresh Group Policy on a computer**
+
+-   On a computer running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+
+    ``` syntax
+    gpupdate /target:computer /force
+    ```
+
+After Group Policy is refreshed, you can see which GPOs are currently applied to the computer.
+
+## <a href="" id="bkmk-toverifythatacertificateisinstalled"></a>
+
+
+**To verify that a certificate is installed**
+
+1.  Click the **Start** charm, type **certmgr.msc**, and then press ENTER.
+
+2.  In the navigation pane, expand **Trusted Root Certification Authorities**, and then click **Certificates**.
+
+    The CA that you created appears in the list.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md b/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md
new file mode 100644
index 0000000000..59ce12e2c1
--- /dev/null
+++ b/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md
@@ -0,0 +1,54 @@
+---
+title: Copy a GPO to Create a New GPO (Windows 10)
+description: Copy a GPO to Create a New GPO
+ms.assetid: 7f6a23e5-4b3f-40d6-bf6d-7895558b1406
+author: brianlic-msft
+---
+
+# Copy a GPO to Create a New GPO
+
+
+To create the GPO for the boundary zone computers, make a copy of the main domain isolation GPO, and then change the settings to request, instead of require, authentication. To make a copy of a GPO, use the Active Directory Users and Computers MMC snap-in.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to create new GPOs.
+
+**To make a copy of a GPO**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click **Group Policy Management** tile.
+
+2.  In the navigation pane, expand **Forest:***YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **Group Policy Objects**.
+
+3.  In the details pane, right-click the GPO you want to copy, and then click **Copy**.
+
+4.  In the navigation pane, right-click **Group Policy Objects** again, and then click **Paste**.
+
+5.  In the **Copy GPO** dialog box, click **Preserve the existing permissions**, and then click **OK**. Selecting this option preserves any exception groups to which you denied Read and Apply GPO permissions, making the change simpler.
+
+6.  After the copy is complete, click **OK**. The new GPO is named **Copy of** *original GPO name*.
+
+7.  To rename it, right-click the GPO, and then click **Rename**.
+
+8.  Type the new name, and then press ENTER.
+
+9.  You must change the security filters to apply the policy to the correct group of computers. To do this, click the **Scope** tab, and in the **Security Filtering** section, select the group that grants permissions to all members of the isolated domain, for example **CG\_DOMISO\_IsolatedDomain**, and then click **Remove**.
+
+10. In the confirmation dialog box, click **OK**.
+
+11. Click **Add**.
+
+12. Type the name of the group that contains members of the boundary zone, for example **CG\_DOMISO\_Boundary**, and then click **OK**.
+
+13. If required, change the WMI filter to one appropriate for the new GPO. For example, if the original GPO is for client computers running Windows 8, and the new boundary zone GPO is for computers running Windows Server 2012, then select a WMI filter that allows only those computers to read and apply the GPO.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-a-group-account-in-active-directory.md b/windows/keep-secure/create-a-group-account-in-active-directory.md
new file mode 100644
index 0000000000..d58c911d10
--- /dev/null
+++ b/windows/keep-secure/create-a-group-account-in-active-directory.md
@@ -0,0 +1,47 @@
+---
+title: Create a Group Account in Active Directory (Windows 10)
+description: Create a Group Account in Active Directory
+ms.assetid: c3700413-e02d-4d56-96b8-7991f97ae432
+author: brianlic-msft
+---
+
+# Create a Group Account in Active Directory
+
+
+To create a security group to contain the computer accounts for the computers that are to receive a set of Group Policy settings, use the Active Directory Users and Computers MMC snap-in.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to create new group accounts.
+
+**To add a new membership group in Active Directory**
+
+1.  On a computer that has Active Directory management tools installed, click the **Start** charm, and then click the **Active Directory Users and Computers** tile.
+
+2.  In the navigation pane, select the container in which you want to store your group. This is typically the **Users** container under the domain.
+
+3.  Click **Action**, click **New**, and then click **Group**.
+
+4.  In the **Group name** text box, type the name for your new group.
+
+    **Note**  
+    Be sure to use a name that clearly indicates its purpose. Check to see if your organization has a naming convention for groups.
+
+     
+
+5.  In the **Description** text box, enter a description of the purpose of this group.
+
+6.  In the **Group scope** section, select either **Global** or **Universal**, depending on your Active Directory forest structure. If your group must include computers from multiple domains, then select **Universal**. If all of the members are from the same domain, then select **Global**.
+
+7.  In the **Group type** section, click **Security**.
+
+8.  Click **OK** to save your group.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-a-group-policy-object.md b/windows/keep-secure/create-a-group-policy-object.md
new file mode 100644
index 0000000000..c6c8df196b
--- /dev/null
+++ b/windows/keep-secure/create-a-group-policy-object.md
@@ -0,0 +1,51 @@
+---
+title: Create a Group Policy Object (Windows 10)
+description: Create a Group Policy Object
+ms.assetid: 72a50dd7-5033-4d97-a5eb-0aff8a35cced
+author: brianlic-msft
+---
+
+# Create a Group Policy Object
+
+
+To create a new GPO, use the Active Directory Users and Computers MMC snap-in.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to create new GPOs.
+
+**To create a new GPO**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+
+2.  In the navigation pane, expand **Forest:***YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **Group Policy Objects**.
+
+3.  Click **Action**, and then click **New**.
+
+4.  In the **Name** text box, type the name for your new GPO.
+
+    **Note**  
+    Be sure to use a name that clearly indicates the purpose of the GPO. Check to see if your organization has a naming convention for GPOs.
+
+     
+
+5.  Leave **Source Starter GPO** set to **(none)**, and then click **OK**.
+
+6.  If your GPO will not contain any user settings, then you can improve performance by disabling the **User Configuration** section of the GPO. To do this, perform these steps:
+
+    1.  In the navigation pane, click the new GPO.
+
+    2.  In the details pane, click the **Details** tab.
+
+    3.  Change the **GPO Status** to **User configuration settings disabled**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
new file mode 100644
index 0000000000..93b8e8fa26
--- /dev/null
+++ b/windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -0,0 +1,73 @@
+---
+title: Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
+description: Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+ms.assetid: 8f6493f3-8527-462a-82c0-fd91a6cb5dd8
+author: brianlic-msft
+---
+
+# Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+
+
+In almost any isolated server or isolated domain scenario, there are some computers or devices that cannot communicate by using IPsec. This procedure shows you how to create rules that exempt those computers from the authentication requirements of your isolation policies.
+
+**Important**  
+Adding computers to the exemption list for a zone reduces security because it permits computers in the zone to send network traffic that is unprotected by IPsec to the computers on the list. As discussed in the Windows Firewall with Advanced Security Design Guide, you must add only managed and trusted computers to the exemption list.
+
+ 
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To create a rule that exempts specified hosts from authentication**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Connection Security Rules**.
+
+3.  Click **Action**, and then click **New Rule**.
+
+4.  On the **Rule Type** page of the New Connection Security Rule Wizard, click **Authentication exemption**, and then click **Next**.
+
+5.  On the **Exempt Computers** page, to create a new exemption, click **Add**. To modify an existing exemption, click it, and then click **Edit**.
+
+6.  In the **IP Address** dialog box, do one of the following:
+
+    -   To add a single IP address, click **This IP address or subnet**, type the IP address of the host in the text box, and then click **OK**.
+
+    -   To add an entire subnet by address, click **This IP address or subnet**, and then type the IP address of the subnet, followed by a forward slash (/) and the number of bits in the corresponding subnet mask. For example, **10.50.0.0/16** represents the class B subnet that begins with address 10.50.0.1, and ends with address **10.50.255.254**. Click **OK** when you are finished.
+
+    -   To add the local computer’s subnet, click **Predefined set of computers**, select **Local subnet** from the list, and then click **OK**.
+
+        **Note**  
+        If you select the local subnet from the list rather than typing the subnet address in manually, the computer automatically adjusts the active local subnet to match the computer’s current IP address.
+
+         
+
+    -   To add a discrete range of addresses that do not correspond to a subnet, click **This IP address range**, type the beginning and ending IP addresses in the **From** and **To** text boxes, and then click **OK**.
+
+    -   To exempt all of the remote hosts that the local computer uses for a specified network service, click **Predefined set of computers**, select the network service from the list, and then click **OK**.
+
+7.  Repeat steps 5 and 6 for each exemption that you need to create.
+
+8.  Click **Next** when you have created all of the exemptions.
+
+9.  On the **Profile** page, check the profile for each network location type to which this set of exemptions applies, and then click **Next**.
+
+    **Caution**  
+    If all of the exemptions are on the organization’s network and that network is managed by an Active Directory domain, then consider restricting the rule to the Domain profile only. Selecting the wrong profile can reduce the protection for your computer because any computer with an IP address that matches an exemption rule will not be required to authenticate.
+
+     
+
+10. On the **Name** page, type the name of the exemption rule, type a description, and then click **Finish**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
new file mode 100644
index 0000000000..d3c1139e03
--- /dev/null
+++ b/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -0,0 +1,94 @@
+---
+title: Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
+description: Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+ms.assetid: 1296e048-039f-4d1a-aaf2-8472ad05e359
+author: brianlic-msft
+---
+
+# Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+
+
+After you have configured IPsec algorithms and authentication methods, you can create the rule that requires the computers on the network to use those protocols and methods before they can communicate.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To create the authentication request rule**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, right-click **Connection Security Rules**, and then click **New Rule**.
+
+3.  On the **Rule Type** page, select **Isolation**, and then click **Next**.
+
+4.  On the **Requirements** page, select **Request authentication for inbound and outbound connections**.
+
+    **Caution**  
+    Do not configure the rule to require inbound authentication until you have confirmed that all of your computers are receiving the correct GPOs, and are successfully negotiating IPsec and authenticating with each other. Allowing the computers to communicate even when authentication fails prevents any errors in the GPOs or their distribution from breaking communications on your network.
+
+     
+
+5.  On the **Authentication Method** page, select the authentication option you want to use on your network. To select multiple methods that are tried in order until one succeeds, click **Advanced**, click **Customize**, and then click **Add** to add methods to the list. Second authentication methods require Authenticated IP (AuthIP), which is supported only on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2.
+
+    1.  **Default**. Selecting this option tells the computer to request authentication by using the method currently defined as the default on the computer. This default might have been configured when the operating system was installed or it might have been configured by Group Policy. Selecting this option is appropriate when you have configured system-wide settings by using the [Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md) procedure.
+
+    2.  **Computer and User (Kerberos V5)**. Selecting this option tells the computer to request authentication of both the computer and the currently logged-on user by using their domain credentials. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+    3.  **Computer (Kerberos V5)**. Selecting this option tells the computer to request authentication of the computer by using its domain credentials. This option works with other computers than can use IKE v1, including earlier versions of Windows.
+
+    4.  **Advanced**. Click **Customize** to specify a custom combination of authentication methods required for your scenario. You can specify both a **First authentication method** and a **Second authentication method**.
+
+        The **First authentication method** can be one of the following:
+
+        -   **Computer (Kerberos V5)**. Selecting this option tells the computer to request authentication of the computer by using its domain credentials. This option works with other computers than can use IKE v1, including earlier versions of Windows.
+
+        -   **Computer (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+        -   **Computer certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to request authentication by using a certificate that is issued by the specified CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used for this rule.
+
+        -   **Preshared key (not recommended)**. Selecting this method and entering a pre-shared key tells the computer to authenticate by exchanging the pre-shared keys. If the keys match, then the authentication succeeds. This method is not recommended, and is included for backward compatibility and testing purposes only.
+
+        If you select **First authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails.
+
+        The **Second authentication method** can be one of the following:
+
+        -   **User (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+        -   **User (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials, and uses the NTLMv2 protocol instead of Kerberos V5. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using NTLMv2 is not supported by IKE v1.
+
+        -   **User health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to request user-based authentication by using a certificate that is issued by the specified CA. If you also select **Enable certificate to account mapping**, then the certificate can be associated with a user in Active Directory for purposes of granting or denying access to certain users or user groups.
+
+        -   **Computer health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require authentication by using a certificate that is issued by the specified CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used for this rule.
+
+        If you check **Second authentication is optional**, the connection can succeed even if the authentication attempt specified in this column fails.
+
+        **Important**  
+        Make sure that you do not select the boxes to make both first and second authentication optional. Doing so allows plaintext connections whenever authentication fails.
+
+         
+
+6.  After you have configured the authentication methods, click **OK** on each dialog box to save your changes and close it, until you return to the **Authentication Method** page in the wizard. Click **Next**.
+
+7.  On the **Profile** page, select the check boxes for the network location type profiles to which this rule applies.
+
+    -   On portable computers, consider clearing the **Private** and **Public** boxes to enable the computer to communicate without authentication when it is away from the domain network.
+
+    -   On computers that do not move from network to network, consider selecting all of the profiles. Doing so prevents an unexpected switch in the network location type from disabling the rule.
+
+    Click **Next**.
+
+8.  On the **Name** page, type a name for the connection security rule and a description, and then click **Finish**.
+
+    The new rule appears in the list of connection security rules.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
new file mode 100644
index 0000000000..08aecf9783
--- /dev/null
+++ b/windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -0,0 +1,71 @@
+---
+title: Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
+description: Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+ms.assetid: 267b940a-79d9-4322-b53b-81901e357344
+author: brianlic-msft
+---
+
+# Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+
+
+To allow inbound Internet Control Message Protocol (ICMP) network traffic, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows ICMP requests and responses to be sent and received by computers on the network.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+This topic describes how to create a port rule that allows inbound ICMP network traffic. For other inbound port rule types, see:
+
+-   [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+-   [Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+**To create an inbound ICMP rule**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Inbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**.
+
+5.  On the **Program** page, click **All programs**, and then click **Next**.
+
+6.  On the **Protocol and Ports** page, select **ICMPv4** or **ICMPv6** from the **Protocol type** list. If you use both IPv4 and IPv6 on your network, you must create a separate ICMP rule for each.
+
+7.  Click **Customize**.
+
+8.  In the **Customize ICMP Settings** dialog box, do one of the following:
+
+    -   To allow all ICMP network traffic, click **All ICMP types**, and then click **OK**.
+
+    -   To select one of the predefined ICMP types, click **Specific ICMP types**, and then select each type in the list that you want to allow. Click **OK**.
+
+    -   To select an ICMP type that does not appear in the list, click **Specific ICMP types**, select the **Type** number from the list, select the **Code** number from the list, click **Add**, and then select the newly created entry from the list. Click **OK**
+
+9.  Click **Next**.
+
+10. On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
+
+11. On the **Action** page, select **Allow the connection**, and then click **Next**.
+
+12. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
+
+    **Note**  
+    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+
+     
+
+13. On the **Name** page, type a name and description for your rule, and then click **Finish**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
new file mode 100644
index 0000000000..6644cd06b4
--- /dev/null
+++ b/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -0,0 +1,75 @@
+---
+title: Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
+description: Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f
+author: brianlic-msft
+---
+
+# Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+
+
+To allow inbound network traffic on only a specified TCP or UDP port number, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+This topic describes how to create a standard port rule for a specified protocol or TCP or UDP port number. For other inbound port rule types, see:
+
+-   [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+-   [Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+**To create an inbound port rule**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Inbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**.
+
+    **Note**  
+    Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
+
+     
+
+5.  On the **Program** page, click **All programs**, and then click **Next**.
+
+    **Note**  
+    This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The specified program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. If you choose to do this, follow the steps in the [Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md) procedure in addition to the steps in this procedure to create a single rule that filters network traffic using both program and port criteria.
+
+     
+
+6.  On the **Protocol and Ports** page, select the protocol type that you want to allow. To restrict the rule to a specified port number, you must select either **TCP** or **UDP**. Because this is an incoming rule, you typically configure only the local port number.
+
+    If you select another protocol, then only packets whose protocol field in the IP header match this rule are permitted through the firewall.
+
+    To select a protocol by its number, select **Custom** from the list, and then type the number in the **Protocol number** box.
+
+    When you have configured the protocols and ports, click **Next**.
+
+7.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
+
+8.  On the **Action** page, select **Allow the connection**, and then click **Next**.
+
+9.  On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
+
+    **Note**  
+    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+
+     
+
+10. On the **Name** page, type a name and description for your rule, and then click **Finish**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
new file mode 100644
index 0000000000..b254db6e7c
--- /dev/null
+++ b/windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -0,0 +1,88 @@
+---
+title: Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
+description: Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+ms.assetid: 00b7fa60-7c64-4ba5-ba95-c542052834cf
+author: brianlic-msft
+---
+
+# Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+
+
+To allow inbound network traffic to a specified program or service, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows the program to listen and receive inbound network traffic on any port.
+
+**Note**  
+This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. To combine the program and port rule types into a single rule, follow the steps in the [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md) procedure in addition to the steps in this procedure.
+
+ 
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To create an inbound firewall rule for a program or service**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Inbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**.
+
+    **Note**  
+    Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
+
+     
+
+5.  On the **Program** page, click **This program path**.
+
+6.  Type the path to the program in the text box. Use environment variables, where applicable, to ensure that programs installed in different locations on different computers work correctly.
+
+7.  Do one of the following:
+
+    -   If the executable file contains a single program, click **Next**.
+
+    -   If the executable file is a container for multiple services that must all be allowed to receive inbound network traffic, click **Customize**, select **Apply to services only**, click **OK**, and then click **Next**.
+
+    -   If the executable file is a container for a single service or contains multiple services but the rule only applies to one of them, click **Customize**, select **Apply to this service**, and then select the service from the list. If the service does not appear in the list, click **Apply to service with this service short name**, and then type the short name for the service in the text box. Click **OK**, and then click **Next**.
+
+    **Important**  
+    To use the **Apply to this service** or **Apply to service with this service short name** options, the service must be configured with a security identifier (SID) with a type of **RESTRICTED** or **UNRESTRICTED**. To check the SID type of a service, run the following command:
+
+    **sc** **qsidtype** *&lt;ServiceName&gt;*
+
+    If the result is **NONE**, then a firewall rule cannot be applied to that service.
+
+    To set a SID type on a service, run the following command:
+
+    **sc** **sidtype** *&lt;Type&gt; &lt;ServiceName&gt;*
+
+    In the preceding command, the value of *&lt;Type&gt;* can be **UNRESTRICTED** or **RESTRICTED**. Although the command also permits the value of **NONE**, that setting means the service cannot be used in a firewall rule as described here. By default, most services in Windows are configured as **UNRESTRICTED**. If you change the SID type to **RESTRICTED**, the service might fail to start. We recommend that you change the SID type only on services that you want to use in firewall rules, and that you change the SID type to **UNRESTRICTED**. For more information, see [Vista Services](http://go.microsoft.com/fwlink/?linkid=141454) (http://go.microsoft.com/fwlink/?linkid=141454) and the “Service Security Improvements” section of [Inside the Windows Vista Kernel](http://go.microsoft.com/fwlink/?linkid=141455) (http://go.microsoft.com/fwlink/?linkid=141455).
+
+     
+
+8.  It is a best practice to restrict the firewall rule for the program to only the ports it needs to operate. On the **Protocols and Ports** page, you can specify the port numbers for the allowed traffic. If the program tries to listen on a port different from the one specified here, it is blocked. For more information about protocol and port options, see [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md). After you have configured the protocol and port options, click **Next**.
+
+9.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
+
+10. On the **Action** page, select **Allow the connection**, and then click **Next**.
+
+11. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
+
+    **Note**  
+    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider applying the rule to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+
+     
+
+12. On the **Name** page, type a name and description for your rule, and then click **Finish**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
new file mode 100644
index 0000000000..acc279e9e1
--- /dev/null
+++ b/windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -0,0 +1,64 @@
+---
+title: Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2 (Windows 10)
+description: Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+ms.assetid: 59062b91-756b-42ea-8f2a-832f05d77ddf
+author: brianlic-msft
+---
+
+# Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+
+
+By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic on a specified TCP or UDP port number, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To create an outbound port rule**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Outbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Outbound Rule wizard, click **Custom**, and then click **Next**.
+
+    **Note**  
+    Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
+
+     
+
+5.  On the **Program** page, click **All programs**, and then click **Next**.
+
+6.  On the **Protocol and Ports** page, select the protocol type that you want to block. To restrict the rule to a specified port number, you must select either **TCP** or **UDP**. Because this is an outbound rule, you typically configure only the remote port number.
+
+    If you select another protocol, then only packets whose protocol field in the IP header match this rule are blocked by Windows Firewall. Network traffic for protocols is allowed as long as other rules that match do not block it.
+
+    To select a protocol by its number, select **Custom** from the list, and then type the number in the **Protocol number** box.
+
+    When you have configured the protocols and ports, click **Next**.
+
+7.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
+
+8.  On the **Action** page, select **Block the connection**, and then click **Next**.
+
+9.  On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
+
+    **Note**  
+    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider applying the rules to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+
+     
+
+10. On the **Name** page, type a name and description for your rule, and then click **Finish**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
new file mode 100644
index 0000000000..6a9f0d3b2f
--- /dev/null
+++ b/windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -0,0 +1,68 @@
+---
+title: Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2 (Windows 10)
+description: Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+ms.assetid: f71db4fb-0228-4df2-a95d-b9c056aa9311
+author: brianlic-msft
+---
+
+# Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+
+
+By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic for a specified program or service, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule prevents the program from sending any outbound network traffic on any port.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To create an outbound firewall rule for a program or service**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Outbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Outbound Rule Wizard, click **Custom**, and then click **Next**.
+
+    **Note**  
+    Although you can create many rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
+
+     
+
+5.  On the **Program** page, click **This program path**.
+
+6.  Type the path to the program in the text box. Use environment variables as appropriate to ensure that programs installed in different locations on different computers work correctly.
+
+7.  Do one of the following:
+
+    -   If the executable file contains a single program, click **Next**.
+
+    -   If the executable file is a container for multiple services that must all be blocked from sending outbound network traffic, click **Customize**, select **Apply to services only**, click **OK**, and then click **Next**.
+
+    -   If the executable file is a container for a single service or contains multiple services but the rule only applies to one of them, click **Customize**, select **Apply to this service**, and then select the service from the list. If the service does not appear in the list, then click **Apply to service with this service short name**, and type the short name for the service in the text box. Click **OK**, and then click **Next**.
+
+8.  If you want the program to be allowed to send on some ports, but blocked from sending on others, then you can restrict the firewall rule to block only the specified ports or protocols. On the **Protocols and Ports** page, you can specify the port numbers or protocol numbers for the blocked traffic. If the program tries to send to or from a port number different from the one specified here, or by using a protocol number different from the one specified here, then the default outbound firewall behavior allows the traffic. For more information about the protocol and port options, see [Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md). When you have configured the protocol and port options, click **Next**.
+
+9.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
+
+10. On the **Action** page, select **Block the connection**, and then click **Next**.
+
+11. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
+
+    **Note**  
+    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+
+     
+
+12. On the **Name** page, type a name and description for your rule, and then click **Finish**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
new file mode 100644
index 0000000000..c18b3e488e
--- /dev/null
+++ b/windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -0,0 +1,108 @@
+---
+title: Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
+description: Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+ms.assetid: 0b001c2c-12c1-4a30-bb99-0c034d7e6150
+author: brianlic-msft
+---
+
+# Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+
+
+To allow inbound remote procedure call (RPC) network traffic, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create two firewall rules. The first rule allows incoming network packets on TCP port 135 to the RPC Endpoint Mapper service. The incoming traffic consists of requests to communicate with a specified network service. The RPC Endpoint Mapper replies with a dynamically-assigned port number that the client must use to communicate with the service. The second rule allows the network traffic that is sent to the dynamically-assigned port number. Using the two rules configured as described in this topic helps to protect your computer by allowing network traffic only from computers that have received RPC dynamic port redirection and to only those TCP port numbers assigned by the RPC Endpoint Mapper.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+This topic describes how to create rules that allow inbound RPC network traffic. For other inbound port rule types, see:
+
+-   [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+-   [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+In this topic:
+
+-   [To create a rule to allow inbound network traffic to the RPC Endpoint Mapper service](#bkmk-proc1)
+
+-   [To create a rule to allow inbound network traffic to RPC-enabled network services](#bkmk-proc2)
+
+## <a href="" id="bkmk-proc1"></a>
+
+
+**To create a rule to allow inbound network traffic to the RPC Endpoint Mapper service**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Inbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**.
+
+5.  On the **Program** page, click **This Program Path**, and then type **%systemroot%\\system32\\svchost.exe**.
+
+6.  Click **Customize**.
+
+7.  In the **Customize Service Settings** dialog box, click **Apply to this service**, select **Remote Procedure Call (RPC)** with a short name of **RpcSs**, click **OK**, and then click **Next**.
+
+8.  On the warning about Windows service-hardening rules, click **Yes**.
+
+9.  On the **Protocol and Ports** dialog box, for **Protocol type**, select **TCP**.
+
+10. For **Local port**, select **RPC Endpoint Mapper**, and then click **Next**.
+
+11. On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
+
+12. On the **Action** page, select **Allow the connection**, and then click **Next**.
+
+13. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
+
+    **Note**  
+    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider applying the rules to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+
+     
+
+14. On the **Name** page, type a name and description for your rule, and then click **Finish**.
+
+## <a href="" id="bkmk-proc2"></a>
+
+
+**To create a rule to allow inbound network traffic to RPC-enabled network services**
+
+1.  On the same GPO you edited in the preceding procedure, click **Action**, and then click **New rule**.
+
+2.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**.
+
+3.  On the **Program** page, click **This Program Path**, and then type the path to the executable file that hosts the network service. Click **Customize**.
+
+4.  In the **Customize Service Settings** dialog box, click **Apply to this service**, and then select the service that you want to allow. If the service does not appear in the list, then click **Apply to service with this service short name**, and then type the short name of the service in the text box.
+
+5.  Click **OK**, and then click **Next**.
+
+6.  On the **Protocol and Ports** dialog box, for **Protocol type**, select **TCP**.
+
+7.  For **Local port**, select **RPC Dynamic Ports**, and then click **Next**.
+
+8.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
+
+9.  On the **Action** page, select **Allow the connection**, and then click **Next**.
+
+10. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
+
+    **Note**  
+    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider applying the rules to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+
+     
+
+11. On the **Name** page, type a name and description for your rule, and then click **Finish**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/create-wmi-filters-for-the-gpo.md b/windows/keep-secure/create-wmi-filters-for-the-gpo.md
new file mode 100644
index 0000000000..adf0d2f7be
--- /dev/null
+++ b/windows/keep-secure/create-wmi-filters-for-the-gpo.md
@@ -0,0 +1,105 @@
+---
+title: Create WMI Filters for the GPO (Windows 10)
+description: Create WMI Filters for the GPO
+ms.assetid: b1a6d93d-a3c8-4e61-a388-4a3323f0e74e
+author: brianlic-msft
+---
+
+# Create WMI Filters for the GPO
+
+
+To make sure that each GPO associated with a group can only be applied to computers running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each computer.
+
+-   [To create a WMI filter that queries for a specified version of Windows](#bkmk-1)
+
+-   [To link a WMI filter to a GPO](#bkmk-2)
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+First, create the WMI filter and configure it to look for a specified version (or versions) of the Windows operating system.
+
+## <a href="" id="bkmk-1"></a>
+
+
+**To create a WMI filter that queries for a specified version of Windows**
+
+1.  On a computer that has the Group Policy Management feature installed, click **Start**, click **Administrative Tools**, and then click **Group Policy Management**.
+
+2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **WMI Filters**.
+
+3.  Click **Action**, and then click **New**.
+
+4.  In the **Name** text box, type the name of the WMI filter.
+
+    **Note**  
+    Be sure to use a name that clearly indicates the purpose of the filter. Check to see if your organization has a naming convention.
+
+     
+
+5.  In the **Description** text box, type a description for the WMI filter. For example, if the filter excludes domain controllers, you might consider stating that in the description.
+
+6.  Click **Add**.
+
+7.  Leave the **Namespace** value set to **root\\CIMv2**.
+
+8.  In the **Query** text box, type:
+
+    ``` syntax
+    select * from Win32_OperatingSystem where Version like "6.%"
+    ```
+
+    This query will return **true** for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. To set a filter for just Windows 8 and Windows Server 2012, use `"6.2%"`. To specify multiple versions, combine them with `or`, as shown in the following:
+
+    ``` syntax
+    ... where Version like "6.1%" or Version like "6.2%"
+    ```
+
+    To restrict the query to only clients or only servers, add a clause that includes the `ProductType` parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only `ProductType="1"`. For server operating systems that are not domain controllers, use `ProductType="3"`. For domain controllers only, use `ProductType="2"`. This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network.
+
+    The following clause returns **true** for all computers that are not domain controllers:
+
+    ``` syntax
+    ... where ProductType="1" or ProductType="3"
+    ```
+
+    The following complete query returns **true** for all computers running Windows 8, and returns **false** for any server operating system or any other client operating system.
+
+    ``` syntax
+    select * from Win32_OperatingSystem where Version like "6.2%" and ProductType="1"
+    ```
+
+    The following query returns **true** for any computer running Windows Server 2012, except domain controllers:
+
+    ``` syntax
+    select * from Win32_OperatingSystem where Version like "6.2%" and ProductType="3"
+    ```
+
+9.  Click **OK** to save the query to the filter.
+
+10. Click **Save** to save your completed filter.
+
+## <a href="" id="bkmk-2"></a>
+
+
+After you have created a filter with the correct query, link the filter to the GPO. Filters can be reused with many GPOs simultaneously; you do not have to create a new one for each GPO if an existing one meets your needs.
+
+**To link a WMI filter to a GPO**
+
+1.  On a computer that has the Group Policy Management feature installed, click **Start**, click **Administrative Tools**, and then click **Group Policy Management**.
+
+2.  In the navigation pane, find and then click the GPO that you want to modify.
+
+3.  Under **WMI Filtering**, select the correct WMI filter from the list.
+
+4.  Click **Yes** to accept the filter.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
new file mode 100644
index 0000000000..7f5556412d
--- /dev/null
+++ b/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -0,0 +1,60 @@
+---
+title: Designing a Windows Firewall with Advanced Security Strategy (Windows 10)
+description: Designing a Windows Firewall with Advanced Security Strategy
+ms.assetid: 6d98b184-33d6-43a5-9418-4f24905cfd71
+author: brianlic-msft
+---
+
+# Designing a Windows Firewall with Advanced Security Strategy
+
+
+To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. You must have a good understanding of what tasks the computers on the network perform, and how they use the network to accomplish those tasks. You must understand the network traffic generated by the programs running on the computers.
+
+-   [Gathering the Information You Need](../p_server_archive/gathering-the-information-you-need.md)
+
+-   [Determining the Trusted State of Your Computers](../p_server_archive/determining-the-trusted-state-of-your-computers.md)
+
+The information that you gather will help you answer the following questions. The answers will help you understand your security requirements and select the design that best matches those requirements. The information will also help you when it comes time to deploy your design, by helping you to build a deployment strategy that is cost effective and resource efficient. It will help you project and justify the expected costs associated with implementing the design.
+
+-   What traffic must always be allowed? What are characteristics of the network traffic generated and consumed by the business programs?
+
+-   What traffic must always be blocked? Does your organization have policies that prohibit the use of specific programs? If so, what are the characteristics of the network traffic generated and consumed by the prohibited programs?
+
+-   What traffic on the network cannot be protected by IPsec because the computers or devices sending or receiving the traffic do not support IPsec?
+
+-   For each type of network traffic, does the default configuration of the firewall (block all unsolicited inbound network traffic, allow all outbound traffic) allow or block the traffic as required?
+
+-   Do you have an Active Directory domain (or forest of trusted domains) to which all your computers are joined? If you do not, then you cannot use Group Policy for easy mass deployment of your firewall and connection security rules. You also cannot easily take advantage of Kerberos V5 authentication that all domain clients can use.
+
+-   Which computers must be able to accept unsolicited inbound connections from computers that are not part of the domain?
+
+-   Which computers contain data that must be encrypted when exchanged with another computer?
+
+-   Which computers contain sensitive data to which access must be restricted to specifically authorized users and computers?
+
+-   Does your organization have specific network troubleshooting devices or computers (such as protocol analyzers) that must be granted unlimited access to the computers on the network, essentially bypassing the firewall?
+
+## If you already have firewall or IPsec rules deployed
+
+
+Windows Firewall with Advanced Security in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 has many new capabilities that are not available in earlier versions of Windows.
+
+If you already have a domain and/or server isolation deployment in your organization then you can continue to use your existing GPOs and apply them to computers running Windows 8 and Windows Server 2012.
+
+**Note**  
+Computers running Windows XP and Windows Server 2003 will not be able to participate in this domain and/or server isolation deployment plan.
+
+ 
+
+This guide describes how to plan your groups and GPOs for an environment with a mix of operating systems, starting with Windows Vista and Windows Server 2008. Windows XP and Windows Server 2003 are not discussed in this guide. Details can be found in the section [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) later in this guide.
+
+**Next: **[Gathering the Information You Need](../p_server_archive/gathering-the-information-you-need.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/determining-the-trusted-state-of-your-computers.md b/windows/keep-secure/determining-the-trusted-state-of-your-computers.md
new file mode 100644
index 0000000000..c1812d4311
--- /dev/null
+++ b/windows/keep-secure/determining-the-trusted-state-of-your-computers.md
@@ -0,0 +1,184 @@
+---
+title: Determining the Trusted State of Your Computers (Windows 10)
+description: Determining the Trusted State of Your Computers
+ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2
+author: brianlic-msft
+---
+
+# Determining the Trusted State of Your Computers
+
+
+After obtaining information about the computers that are currently part of the IT infrastructure, you must determine at what point a computer is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this can lead to problems with the security of the trusted environment, because the overall security cannot exceed the level of security set by the least secure client that achieves trusted status.
+
+**Note**  
+In this context, the term *trust* has nothing to do with an Active Directory trust relationship between domains. The trusted state of your computers just indicates the level of risk that you believe the computer brings to the network. Trusted computers bring little risk whereas untrusted computers can potentially bring great risk.
+
+ 
+
+## Trust states
+
+
+To understand this concept, consider the four basic states that apply to computers in a typical IT infrastructure. These states are (in order of risk, lowest risk first):
+
+-   Trusted
+
+-   Trustworthy
+
+-   Known, untrusted
+
+-   Unknown, untrusted
+
+The remainder of this section defines these states and how to determine which computers in your organization belong in each state.
+
+### <a href="" id="bkmk-1"></a>Trusted state
+
+Classifying a computer as trusted means that the computer's security risks are managed, but it does not imply that it is perfectly secure or invulnerable. The responsibility for this managed state falls to the IT and security administrators, in addition to the users who are responsible for the configuration of the computer. A trusted computer that is poorly managed will likely become a point of weakness for the network.
+
+When a computer is considered trusted, other trusted computers can reasonably assume that the computer will not initiate a malicious act. For example, trusted computers can expect that other trusted computers will not run a virus that attacks them, because all trusted computers are required to use mechanisms (such as antivirus software) to mitigate the threat of viruses.
+
+Spend some time defining the goals and technology requirements that your organization considers appropriate as the minimum configuration for a computer to obtain trusted status.
+
+A possible list of technology requirements might include the following:
+
+-   **Operating system.** A trusted client computer should run Windows 8, Windows 7, or Windows Vista. A trusted server should run Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008.
+
+-   **Domain membership.** A trusted computer will belong to a managed Active Directory domain, which means that the IT department has security management rights and can configure member computers by using Group Policy.
+
+-   **Management client.** All trusted computers must run a specific network management client to allow for centralized management and control of security policies, configurations, and software. Microsoft System Center Configuration Manager is one such management system with an appropriate client. For more information, see [System Center Configuration Manager](http://technet.microsoft.com/systemcenter/bb507744.aspx) at http://technet.microsoft.com/systemcenter/bb507744.aspx.
+
+-   **Antivirus software.** All trusted computers will run antivirus software that is configured to check for and automatically update the latest virus signature files daily. Microsoft ForeFront Endpoint Protection is one such antivirus software program. For more information, see [ForeFront Endpoint Protection](http://technet.microsoft.com/forefront/ee822838.aspx) at http://technet.microsoft.com/forefront/ee822838.aspx.
+
+-   **File system.** All trusted computers will be configured to use the NTFS file system.
+
+-   **BIOS settings.** All trusted portable computers will be configured to use a BIOS-level password that is under the management of the IT support team.
+
+-   **Password requirements.** Trusted clients must use strong passwords.
+
+It is important to understand that the trusted state is not constant; it is a transient state that is subject to changing security standards and compliance with those standards. New threats and new defenses emerge constantly. For this reason, the organization's management systems must continually check the trusted computers to ensure ongoing compliance. Additionally, the management systems must be able to issue updates or configuration changes if they are required to help maintain the trusted status.
+
+A computer that continues to meet all these security requirements can be considered trusted. However it is possible that most computers that were identified in the discovery process discussed earlier do not meet these requirements. Therefore, you must identify which computers can be trusted and which ones cannot. To help with this process, you use the intermediate *trustworthy* state. The remainder of this section discusses the different states and their implications.
+
+### <a href="" id="bkmk-2"></a>Trustworthy state
+
+It is useful to identify as soon as possible those computers in your current infrastructure that can achieve a trusted state. A *trustworthy state* can be assigned to indicate that the current computer can physically achieve the trusted state with required software and configuration changes.
+
+For each computer that is assigned a trustworthy status, make an accompanying configuration note that states what is required to enable the computer to achieve trusted status. This information is especially important to both the project design team (to estimate the costs of adding the computer to the solution) and the support staff (to enable them to apply the required configuration).
+
+Generally, trustworthy computers fall into one of the following two groups:
+
+-   **Configuration required.** The current hardware, operating system, and software enable the computer to achieve a trustworthy state. However, additional configuration changes are required. For example, if the organization requires a secure file system before a computer can be considered trusted, a computer that uses a FAT32-formatted hard disk does not meet this requirement.
+
+-   **Upgrade required.** These computers require upgrades before they can be considered trusted. The following list provides some examples of the type of upgrade these computers might require:
+
+    -   **Operating system upgrade required.** If the computer's current operating system cannot support the security needs of the organization, an upgrade would be required before the computer could achieve a trusted state.
+
+    -   **Software required.** A computer that is missing a required security application, such as an antivirus scanner or a management client, cannot be considered trusted until these applications are installed and active.
+
+    -   **Hardware upgrade required.** In some cases, a computer might require a specific hardware upgrade before it can achieve trusted status. This type of computer usually needs an operating system upgrade or additional software that forces the required hardware upgrade. For example, security software might require additional hard disk space on the computer.
+
+    -   **Computer replacement required.** This category is reserved for computers that cannot support the security requirements of the solution because their hardware cannot support the minimum acceptable configuration. For example, a computer that cannot run a secure operating system because it has an old processor (such as a 100-megahertz \[MHz\] x86-based computer).
+
+Use these groups to assign costs for implementing the solution on the computers that require upgrades.
+
+### <a href="" id="bkmk-3"></a>Known, untrusted state
+
+During the process of categorizing an organization's computers, you will identify some computers that cannot achieve trusted status for specific well-understood and well-defined reasons. These reasons might include the following types:
+
+-   **Financial.** The funding is not available to upgrade the hardware or software for this computer.
+
+-   **Political.** The computer must remain in an untrusted state because of a political or business situation that does not enable it to comply with the stated minimum security requirements of the organization. It is highly recommended that you contact the business owner or independent software vendor (ISV) for the computer to discuss the added value of server and domain isolation.
+
+-   **Functional.** The computer must run a nonsecure operating system or must operate in a nonsecure manner to perform its role. For example, the computer might be required to run an older operating system because a specific line of business application will only work on that operating system.
+
+There can be multiple functional reasons for a computer to remain in the known untrusted state. The following list includes several examples of functional reasons that can lead to a classification of this state:
+
+-   **Computers that run unsupported versions of Windows.** This includes Windows XP, Windows Millennium Edition, Windows 98, Windows 95, or Windows NT. Computers that run these versions of the Windows operating system cannot be classified as trustworthy because these operating systems do not support the required security infrastructure. For example, although Windows NT does support a basic security infrastructure, it does not support “deny” ACLs on local resources, any way to ensure the confidentiality and integrity of network communications, smart cards for strong authentication, or centralized management of computer configurations (although limited central management of user configurations is supported).
+
+-   **Stand-alone computers.** Computers running any version of Windows that are configured as stand-alone computers or as members of a workgroup usually cannot achieve a trustworthy state. Although these computers fully support the minimum required basic security infrastructure, the required security management capabilities are unlikely to be available when the computer is not a part of a trusted domain.
+
+-   **Computers in an untrusted domain.** A computer that is a member of a domain that is not trusted by an organization's IT department cannot be classified as trusted. An untrusted domain is a domain that cannot provide the required security capabilities to its members. Although the operating systems of computers that are members of this untrusted domain might fully support the minimum required basic security infrastructure, the required security management capabilities cannot be fully guaranteed when computers are not in a trusted domain.
+
+### <a href="" id="bkmk-4"></a>Unknown, untrusted state
+
+The unknown, untrusted state should be considered the default state for all computers. Because computers in this state have a configuration that is unknown, you can assign no trust to them. All planning for computers in this state must assume that the computer is an unacceptable risk to the organization. Designers of the solution should strive to minimize the impact that the computers in this state can have on their organizations.
+
+## Capturing upgrade costs for current computers
+
+
+The final step in this part of the process is to record the approximate cost of upgrading the computers to a point that they can participate in the server and domain isolation design. You must make several key decisions during the design phase of the project that require answers to the following questions:
+
+-   Does the computer meet the minimum hardware requirements necessary for isolation?
+
+-   Does the computer meet the minimum software requirements necessary for isolation?
+
+-   What configuration changes must be made to integrate this computer into the isolation solution?
+
+-   What is the projected cost or impact of making the proposed changes to enable the computer to achieve a trusted state?
+
+By answering these questions, you can quickly determine the level of effort and approximate cost of bringing a particular computer or group of computers into the scope of the project. It is important to remember that the state of a computer is transitive, and that by performing the listed remedial actions you can change the state of a computer from untrusted to trusted. After you decide whether to place a computer in a trusted state, you are ready to begin planning and designing the isolation groups, which the next section [Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md) discusses.
+
+The following table is an example of a data sheet that you could use to help capture the current state of a computer and what would be required for the computer to achieve a trusted state.
+
+<table style="width:100%;">
+<colgroup>
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th><strong>Computer name</strong></th>
+<th><strong>Hardware reqs met</strong></th>
+<th><strong>Software reqs met</strong></th>
+<th><strong>Configuration required</strong></th>
+<th><strong>Details</strong></th>
+<th><strong>Projected cost</strong></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p>CLIENT001</p></td>
+<td><p>No</p></td>
+<td><p>No</p></td>
+<td><p>Upgrade hardware and software.</p></td>
+<td><p>Current operating system is Windows XP. Old hardware is not compatible with Windows 8.</p></td>
+<td><p>$??</p></td>
+</tr>
+<tr class="even">
+<td><p>SERVER001</p></td>
+<td><p>Yes</p></td>
+<td><p>No</p></td>
+<td><p>Join trusted domain and upgrade from Windows Server 2003 to Windows Server 2012.</p></td>
+<td><p>No antivirus software present.</p></td>
+<td><p>$??</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+In the previous table, the computer CLIENT001 is currently "known, untrusted" because its hardware must be upgraded. However, it could be considered trustworthy if the required upgrades are possible. However, if many computers require the same upgrades, the overall cost of the solution would be much higher.
+
+The computer SERVER001 is "trustworthy" because it meets the hardware requirements but its operating system must be upgraded. It also requires antivirus software. The projected cost is the amount of effort that is required to upgrade the operating system and install antivirus software, along with their purchase costs.
+
+With the other information that you have gathered in this section, this information will be the foundation of the efforts performed later in the [Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md) section.
+
+The costs identified in this section only capture the projected cost of the computer upgrades. Many additional design, support, test, and training costs should be accounted for in the overall project plan.
+
+For more information about how to configure firewalls to support IPsec, see "Configuring Firewalls" at <http://go.microsoft.com/fwlink/?linkid=69783>.
+
+For more information about WMI, see "Windows Management Instrumentation" at <http://go.microsoft.com/fwlink/?linkid=110483>.
+
+**Next: **[Planning Your Windows Firewall with Advanced Security Design](../p_server_archive/planning-your-windows-firewall-with-advanced-security-design.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/documenting-the-zones.md b/windows/keep-secure/documenting-the-zones.md
new file mode 100644
index 0000000000..30d08b26eb
--- /dev/null
+++ b/windows/keep-secure/documenting-the-zones.md
@@ -0,0 +1,85 @@
+---
+title: Documenting the Zones (Windows 10)
+description: Documenting the Zones
+ms.assetid: ebd7a650-4d36-42d4-aac0-428617f5a32d
+author: brianlic-msft
+---
+
+# Documenting the Zones
+
+
+Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md) section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Firewall with Advanced Security Strategy section. A sample is shown here:
+
+<table style="width:100%;">
+<colgroup>
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+<col width="14%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Host name</th>
+<th>Hardware reqs met</th>
+<th>Software reqs met</th>
+<th>Configuration required</th>
+<th>Details</th>
+<th>Projected cost</th>
+<th>Group</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p>CLIENT001</p></td>
+<td><p>No</p></td>
+<td><p>No</p></td>
+<td><p>Upgrade hardware and software.</p></td>
+<td><p>Current operating system is Windows XP. Old hardware not compatible with Windows 8.</p></td>
+<td><p>$??</p></td>
+<td><p>Isolated domain</p></td>
+</tr>
+<tr class="even">
+<td><p>SERVER002</p></td>
+<td><p>Yes</p></td>
+<td><p>No</p></td>
+<td><p>Join trusted domain, upgrade from Windows Server 2008 to Windows Server 2012</p></td>
+<td><p>No antivirus software present.</p></td>
+<td><p>$??</p></td>
+<td><p>Encryption</p></td>
+</tr>
+<tr class="odd">
+<td><p>SENSITIVE001</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+<td><p>Not required.</p></td>
+<td><p>Running Windows Server 2012. Ready for inclusion.</p></td>
+<td><p>$0</p></td>
+<td><p>Isolated server (in zone by itself)</p></td>
+</tr>
+<tr class="even">
+<td><p>PRINTSVR1</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+<td><p>Not required.</p></td>
+<td><p>Running Windows Server 2008 R2. Ready for inclusion.</p></td>
+<td><p>$0</p></td>
+<td><p>Boundary</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Next: **[Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/domain-isolation-policy-design-example.md b/windows/keep-secure/domain-isolation-policy-design-example.md
new file mode 100644
index 0000000000..9d43df0cc7
--- /dev/null
+++ b/windows/keep-secure/domain-isolation-policy-design-example.md
@@ -0,0 +1,65 @@
+---
+title: Domain Isolation Policy Design Example (Windows 10)
+description: Domain Isolation Policy Design Example
+ms.assetid: 704dcf58-286f-41aa-80af-c81720aa7fc5
+author: brianlic-msft
+---
+
+# Domain Isolation Policy Design Example
+
+
+This design example continues to use the fictitious company Woodgrove Bank, and builds on the example described in the [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md) section. See that example for an explanation of the basic corporate network infrastructure at Woodgrove Bank with diagrams.
+
+## Design Requirements
+
+
+In addition to the basic protection provided by the firewall rules in the previous design example, the administrators of the network want to implement domain isolation to provide another layer of security to their networked computers. They want to create firewall and connection security rules that use authentication to reduce the risk of communicating with untrusted and potentially hostile computers.
+
+The following illustration shows the traffic protection needed for this design example.
+
+![domain isolation policy design](images/wfas-design2example1.gif)
+
+1.  All computers on the Woodgrove Bank corporate network that are Active Directory domain members must authenticate inbound network traffic as coming from another computer that is a member of the domain. Unless otherwise specified in this section, Woodgrove Bank's computers reject all unsolicited inbound network traffic that is not authenticated. If the basic firewall design is also implemented, even authenticated inbound network traffic is dropped unless it matches an inbound firewall rule.
+
+2.  The servers hosting the WGPartner programs must be able to receive unsolicited inbound traffic from computers owned by its partners, which are not members of Woodgrove Bank's domain.
+
+3.  Client computers can initiate non-authenticated outbound communications with computers that are not members of the domain, such as browsing external Web sites. Unsolicited inbound traffic from non-domain members is blocked.
+
+4.  Computers in the encryption zone require that all network traffic inbound and outbound must be encrypted, in addition to the authentication already required by the isolated domain.
+
+**Other traffic notes:**
+
+-   All of the design requirements described in the [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md) section are still enforced.
+
+## Design Details
+
+
+Woodgrove Bank uses Active Directory groups and GPOs to deploy the domain isolation settings and rules to the computers on its network.
+
+Setting up groups as described here ensures that you do not have to know what operating system a computer is running before assigning it to a group. As in the firewall policy design, a combination of WMI filters and security group filters are used to ensure that members of the group receive the GPO appropriate for the version of Windows running on that computer. For some groups, you might have four or even five GPOs.
+
+The following groups were created by using the Active Directory Users and Computers MMC snap-in, all computers that run Windows were added to the correct groups, and then the appropriate GPO are applied to the group. To include a computer in the isolated domain or any one of its subordinate zones, simply add the computer's account in the appropriate group.
+
+-   **CG\_DOMISO\_ISOLATEDDOMAIN**. The members of this group participate in the isolated domain. After an initial pilot period, followed by a slowly increasing group membership, the membership of this group was eventually replaced with the entry **Domain Computers** to ensure that all computers in the domain participate by default. The WMI filters ensure that the GPO does not apply to domain controllers. GPOs with connection security rules to enforce domain isolation behavior are linked to the domain container and applied to the computers in this group. Filters ensure that each computer receives the correct GPO for its operating system type. The rules in the domain isolation GPO require Kerberos v5 authentication for inbound network connections, and request (but not require) it for all outbound connections.
+
+-   **CG\_DOMISO\_NO\_IPSEC**. This group is denied read or apply permissions on any of the domain isolation GPOs. Any computer that cannot participate in domain isolation, such as a DHCP server running UNIX, is added to this group.
+
+-   **CG\_DOMISO\_BOUNDARY**. This group contains the computer accounts for all the computers that are part of the boundary group able to receive unsolicited inbound traffic from untrusted computers. Members of the group receive a GPO that configures connection security rules to request (but not require) both inbound and outbound authentication.
+
+-   **CG\_DOMISO\_ENCRYPTION**. This group contains the computer accounts for all the computers that require all inbound and outbound traffic to be both authenticated and encrypted. Members of the group receive a GPO that configures connection security and firewall rules to require both authentication and encryption on all inbound and outbound traffic.
+
+**Note**  
+If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. However, computers that are running older versions of Windows can only support a single IPsec policy being active at a time. The policies for each GPO must be complete (and to a great extent redundant with each other), because you cannot layer them as you can in the newer versions of Windows. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any computers that are incorrectly assigned to more than one group.
+
+ 
+
+**Next: **[Server Isolation Policy Design Example](../p_server_archive/server-isolation-policy-design-example.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/domain-isolation-policy-design.md b/windows/keep-secure/domain-isolation-policy-design.md
new file mode 100644
index 0000000000..7156c376c5
--- /dev/null
+++ b/windows/keep-secure/domain-isolation-policy-design.md
@@ -0,0 +1,69 @@
+---
+title: Domain Isolation Policy Design (Windows 10)
+description: Domain Isolation Policy Design
+ms.assetid: 7475084e-f231-473a-9357-5e1d39861d66
+author: brianlic-msft
+---
+
+# Domain Isolation Policy Design
+
+
+In the domain isolation policy design, you configure the computers on your network to accept only connections coming from computers that are authenticated as members of the same isolated domain.
+
+This design typically begins with a network configured as described in the [Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md) section. For this design, you then add connection security and IPsec rules to configure computers in the isolated domain to accept only network traffic from other computers that can authenticate as a member of the isolated domain. After implementing the new rules, your computers reject unsolicited network traffic from computers that are not members of the isolated domain.
+
+The isolated domain might not be a single Active Directory domain. It can consist of all the domains in a forest, or domains in separate forests that have two-way trust relationships configured between them.
+
+By using connection security rules based on IPsec, you provide a logical barrier between computers even if they are connected to the same physical network segment.
+
+The design is shown in the following illustration, with the arrows that show the permitted communication paths.
+
+![isolated domain boundary zone](images/wfasdomainisoboundary.gif)
+
+Characteristics of this design, as shown in the diagram, include the following:
+
+-   Isolated domain (area A) - Computers in the isolated domain receive unsolicited inbound traffic only from other members of the isolated domain or from computers referenced in authentication exemption rules. Computers in the isolated domain can send traffic to any computer. This includes unauthenticated traffic to computers that are not in the isolated domain. Computers that cannot join an Active Directory domain, but that can use certificates for authentication, can be part of the isolated domain. For more information, see the [Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md).
+
+-   Boundary zone (area B) - Computers in the boundary zone are part of the isolated domain but are allowed to accept inbound connections from untrusted computers, such as clients on the Internet.
+
+    Computers in the boundary zone request but do not require authentication to communicate. When a member of the isolated domain communicates with a boundary zone member the traffic is authenticated. When a computer that is not part of the isolated domain communicates with a boundary zone member the traffic is not authenticated.
+
+    Because boundary zone computers are exposed to network traffic from untrusted and potentially hostile computers, they must be carefully managed and secured. Put only the computers that must be accessed by external computers in this zone. Use firewall rules to ensure that network traffic is accepted only for services that you want exposed to non-domain member computers.
+
+-   Trusted non-domain members (area C) - Computers on the network that are not domain members or that cannot use IPsec authentication are allowed to communicate by configuring authentication exemption rules. These rules enable computers in the isolated domain to accept inbound connections from these trusted non-domain member computers.
+
+-   Untrusted non-domain members (area D) - Computers that are not managed by your organization and have an unknown security configuration must have access only to those computers required for your organization to correctly conduct its business. Domain isolation exists to put a logical barrier between these untrusted computers and your organization's computers.
+
+After implementing this design, your administrative team will have centralized management of the firewall and connection security rules applied to the computers that are running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista in your organization.
+
+**Important**  
+This design builds on the [Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
+
+ 
+
+This design can be applied to computers that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
+
+In order to expand the isolated domain to include computers that cannot be part of an Active Directory domain, see the [Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md).
+
+For more information about this design:
+
+-   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md).
+
+-   To learn more about this design, see the [Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md).
+
+-   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md).
+
+-   To help you make the decisions required in this design, see [Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md) and [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md).
+
+-   For a list of tasks that you can use to deploy your domain isolation policy design, see "Checklist: Implementing a Domain Isolation Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=xxxxx) at http://go.microsoft.com/fwlink/?linkid=xxxxx.
+
+**Next:** [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
new file mode 100644
index 0000000000..430a558adb
--- /dev/null
+++ b/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -0,0 +1,47 @@
+---
+title: Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
+description: Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7
+author: brianlic-msft
+---
+
+# Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+
+
+Windows Firewall with Advanced Security includes many predefined rules for common networking roles and functions. When you install a new server role on a computer or enable a network feature on a client computer, the installer typically enables the rules required for that role instead of creating new ones. When deploying firewall rules to the computers on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To deploy predefined firewall rules that allow inbound network traffic for common network functions**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Inbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Predefined**, select the rule category from the list, and then click **Next**.
+
+5.  On the **Predefined Rules** page, the list of rules defined in the group is displayed. By default, they are all selected. For rules that you do not want to deploy, clear the check boxes next to the rules, and then click **Next**.
+
+6.  On the **Action** page, select **Allow the connection**, and then click **Finish**.
+
+    The selected rules are added to the GPO and applied to the computers to which the GPO is assigned the next time Group Policy is refreshed.
+
+    **Note**  
+    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+
+     
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
new file mode 100644
index 0000000000..c82d0ba984
--- /dev/null
+++ b/windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -0,0 +1,47 @@
+---
+title: Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
+description: Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+ms.assetid: 71cc4157-a1ed-41d9-91e4-b3140c67c1be
+author: brianlic-msft
+---
+
+# Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+
+
+By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. Windows Firewall with Advanced Security includes many predefined outbound rules that can be used to block network traffic for common networking roles and functions. When you install a new server role on a computer or enable a network feature on a client computer, the installer can install, but typically does not enable, outbound block rules for that role. When deploying firewall rules to the computers on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To deploy predefined firewall rules that block outbound network traffic for common network functions**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Outbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Predefined**, select the rule category from the list, and then click **Next**.
+
+5.  On the **Predefined Rules** page, the list of rules defined in the group is displayed. They are all selected by default. For rules that you do not want to deploy, clear the check boxes next to the rules, and then click **Next**.
+
+6.  On the **Action** page, select **Block the connection**, and then click **Finish**.
+
+    The selected rules are added to the GPO.
+
+    **Note**  
+    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+
+     
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/encryption-zone-gpos.md b/windows/keep-secure/encryption-zone-gpos.md
new file mode 100644
index 0000000000..d8eddfb597
--- /dev/null
+++ b/windows/keep-secure/encryption-zone-gpos.md
@@ -0,0 +1,24 @@
+---
+title: Encryption Zone GPOs (Windows 10)
+description: Encryption Zone GPOs
+ms.assetid: eeb973dd-83a5-4381-9af9-65c43c98c29b
+author: brianlic-msft
+---
+
+# Encryption Zone GPOs
+
+
+Handle encryption zones in a similar manner to the boundary zones. A computer is added to an encryption zone by adding the computer account to the encryption zone group. Woodgrove Bank has a single service that must be protected, and the computers that are running that service are added to the group CG\_DOMISO\_Encryption. This group is granted Read and Apply Group Policy permissions in on the GPO described in this section.
+
+The GPO is only for server versions of Windows. Client computers are not expected to participate in the encryption zone. If the need for one occurs, either create a new GPO for that version of Windows, or expand the WMI filter attached to one of the existing encryption zone GPOs to make it apply to the client version of Windows.
+
+-   [GPO\_DOMISO\_Encryption\_WS2008](../p_server_archive/gpo-domiso-encryption-ws2008.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/encryption-zone.md b/windows/keep-secure/encryption-zone.md
new file mode 100644
index 0000000000..324c6f3514
--- /dev/null
+++ b/windows/keep-secure/encryption-zone.md
@@ -0,0 +1,67 @@
+---
+title: Encryption Zone (Windows 10)
+description: Encryption Zone
+ms.assetid: 55a025ce-357f-4d1b-b2ae-6ee32c9abe13
+author: brianlic-msft
+---
+
+# Encryption Zone
+
+
+Some servers in the organization host data that is very sensitive, including medical, financial, or other personally identifying data. Government or industry regulations might require that this sensitive information must be encrypted when it is transferred between computers.
+
+To support the additional security requirements of these servers, we recommend that you create an encryption zone to contain the computers and that requires that the sensitive inbound and outbound network traffic be encrypted.
+
+You must create a group in Active Directory to contain members of the encryption zone. The settings and rules for the encryption zone are typically similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. You then modify the security methods list to include only algorithm combinations that include encryption protocols.
+
+Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) section.
+
+## GPO settings for encryption zone servers running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+
+
+The GPO for computers that are running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008 should include the following:
+
+-   IPsec default settings that specify the following options:
+
+    1.  Exempt all ICMP traffic from IPsec.
+
+    2.  Key exchange (main mode) security methods and algorithm. We recommend that you use at least DH4, AES and SHA2 in your settings. Use the strongest algorithm combinations that are common to all your supported operating systems.
+
+    3.  Data protection (quick mode) algorithm combinations. Check **Require encryption for all connection security rules that use these settings**, and then specify one or more integrity and encryption combinations. We recommend that you do not include DES or MD5 in any setting. They are included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems.
+
+        If any NAT devices are present on your networks, use ESP encapsulation..
+
+    4.  Authentication methods. Include at least computer-based Kerberos V5 authentication. If you want to use user-based access to isolated servers then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members cannot use Kerberos V5 authentication, then you must include certificate-based authentication as an optional authentication method.
+
+-   The following connection security rules:
+
+    -   A connection security rule that exempts all computers on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, if applicable in your environment.
+
+    -   A connection security rule, from any IP address to any, that requires inbound and requests outbound authentication using the default authentication specified earlier in this policy.
+
+        **Important**  
+        Be sure to begin operations by using request in and request out behavior until you are sure that all the computers in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the GPO to require in, request out.
+
+         
+
+-   A registry policy that includes the following values:
+
+    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
+
+    **Note**  
+    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
+
+     
+
+-   If domain member computers must communicate with computers in the encryption zone, ensure that you include in the isolated domain GPOs quick mode combinations that are compatible with the requirements of the encryption zone GPOs.
+
+**Next: **[Planning Server Isolation Zones](../p_server_archive/planning-server-isolation-zones.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
new file mode 100644
index 0000000000..030fbafc71
--- /dev/null
+++ b/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
@@ -0,0 +1,28 @@
+---
+title: Evaluating Windows Firewall with Advanced Security Design Examples (Windows 10)
+description: Evaluating Windows Firewall with Advanced Security Design Examples
+ms.assetid: a591389b-18fa-4a39-ba07-b6fb61961cbd
+author: brianlic-msft
+---
+
+# Evaluating Windows Firewall with Advanced Security Design Examples
+
+
+The following Windows Firewall with Advanced Security design examples illustrate how you can use Windows Firewall with Advanced Security to improve the security of the computers connected to the network. You can use these topics to evaluate how the firewall and connection security rules work across all Windows Firewall with Advanced Security designs and to determine which design or combination of designs best suits the goals of your organization.
+
+-   [Firewall Policy Design Example](91fc4c4c-dca9-422e-be05-42a5e14f5e4a)
+
+-   [Domain Isolation Policy Design Example](d918816a-52be-4266-9027-7bc3c36f4916)
+
+-   [Server Isolation Policy Design Example](c275b916-56cf-4863-9900-e50193cd77ed)
+
+-   [Certificate-based Isolation Policy Design Example](85a83c33-358b-4b73-9b08-ef7589d01f91)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
new file mode 100644
index 0000000000..cfc0b71639
--- /dev/null
+++ b/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -0,0 +1,39 @@
+---
+title: Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
+description: Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548
+author: brianlic-msft
+---
+
+# Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+
+
+This procedure shows you how to add exemptions for any network traffic that uses the ICMP protocol.
+
+**Important**  
+Because of its usefulness in troubleshooting network connectivity problems, we recommend that you exempt all ICMP network traffic from authentication requirements unless your network risk analysis indicates a need to protect this traffic.
+
+ 
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+**To exempt ICMP network traffic from authentication**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  On the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
+
+3.  On the **IPsec settings** tab, change **Exempt ICMP from IPsec** to **Yes**, and then click **OK**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/exemption-list.md b/windows/keep-secure/exemption-list.md
new file mode 100644
index 0000000000..a74d5b6f83
--- /dev/null
+++ b/windows/keep-secure/exemption-list.md
@@ -0,0 +1,54 @@
+---
+title: Exemption List (Windows 10)
+description: Exemption List
+ms.assetid: a05e65b4-b48d-44b1-a7f1-3a8ea9c19ed8
+author: brianlic-msft
+---
+
+# Exemption List
+
+
+When you implement a server and domain isolation security model in your organization, you are likely to find some additional challenges. Key infrastructure servers such as DNS servers and DHCP servers typically must be available to all computers on the internal network, yet secured from network attacks. However, if they must remain available to all computers on the network, not just to isolated domain members, then these servers cannot require IPsec for inbound access, nor can they use IPsec transport mode for outbound traffic.
+
+In addition to the infrastructure servers mentioned earlier, there might also be other servers on the network that trusted computers cannot use IPsec to access, which would be added to the exemption list.
+
+Generally, the following conditions are reasons to consider adding a computer to the exemption list:
+
+-   If the computer must be accessed by trusted computers but it does not have a compatible IPsec implementation.
+
+-   If the computer must provide services to both trusted and untrusted computers, but does not meet the criteria for membership in the boundary zone.
+
+-   If the computer must be accessed by trusted computers from different isolated domains that do not have an Active Directory trust relationship established with each other.
+
+-   If the computer is a domain controller running version of Windows earlier than Windows Server 2008, or if any of its clients are running a version of Windows earlier than Windows Vista.
+
+-   If the computer must support trusted and untrusted computers, but cannot use IPsec to help secure communications to trusted computers.
+
+For large organizations, the list of exemptions might grow very large if all the exemptions are implemented by one connection security rule for the whole domain or for all trusted forests. If you can require all computers in your isolated domain to run at least Windows Vista or Windows Server 2008, you can greatly reduce the size of this list. A large exemption list has several unwanted effects on every computer that receives the GPO, including the following:
+
+-   Reduces the overall effectiveness of isolation.
+
+-   Creates a larger management burden (because of frequent updates).
+
+-   Increases the size of the IPsec policy, which means that it consumes more memory and CPU resources, slows down network throughput, and increases the time required to download and apply the GPO containing the IPsec policy.
+
+To keep the number of exemptions as small as possible, you have several options:
+
+-   Carefully consider the communications requirements of each isolation zone, especially server-only zones. They might not be required to communicate with every exemption in the domain-level policy for clients.
+
+-   Consolidate server functions. If several exempt services can be hosted at one IP address, the number of exemptions is reduced.
+
+-   Consolidate exempted hosts on the same subnet. Where network traffic volume allows, you might be able to locate the servers on a subnet that is exempted, instead of using exemptions for each IP address.
+
+As with defining the boundary zone, create a formal process to approve hosts being added to the exemption list. For a model of processing requests for exemptions, see the decision flowchart in the [Boundary Zone](../p_server_archive/boundary-zone.md) section.
+
+**Next: **[Isolated Domain](../p_server_archive/isolated-domain.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/firewall-gpos.md b/windows/keep-secure/firewall-gpos.md
new file mode 100644
index 0000000000..e370430566
--- /dev/null
+++ b/windows/keep-secure/firewall-gpos.md
@@ -0,0 +1,24 @@
+---
+title: Firewall GPOs (Windows 10)
+description: Firewall GPOs
+ms.assetid: 720645fb-a01f-491e-8d05-c9c6d5e28033
+author: brianlic-msft
+---
+
+# Firewall GPOs
+
+
+All the computers on Woodgrove Bank's network that run Windows are part of the isolated domain, except domain controllers. To configure firewall rules, the GPO described in this section is linked to the domain container in the Active Directory OU hierarchy, and then filtered by using security group filters and WMI filters.
+
+The GPO created for the example Woodgrove Bank scenario include the following:
+
+-   [GPO\_DOMISO\_Firewall](../p_server_archive/gpo-domiso-firewall.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/firewall-policy-design-example.md b/windows/keep-secure/firewall-policy-design-example.md
new file mode 100644
index 0000000000..5caed1a7d4
--- /dev/null
+++ b/windows/keep-secure/firewall-policy-design-example.md
@@ -0,0 +1,108 @@
+---
+title: Firewall Policy Design Example (Windows 10)
+description: Firewall Policy Design Example
+ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7
+author: brianlic-msft
+---
+
+# Firewall Policy Design Example
+
+
+In this example, the fictitious company Woodgrove Bank is a financial services institution.
+
+Woodgrove Bank has an Active Directory domain that provides Group Policy-based management for all their Windows-based computers. The Active Directory domain controllers also host Domain Name System (DNS) for host name resolution. Separate computers host Windows Internet Name Service (WINS) for network basic input/output system (NetBIOS) name resolution. A set of computers that are running UNIX provide the Dynamic Host Configuration Protocol (DHCP) services for automatic IP addressing.
+
+Woodgrove Bank is in the process of migrating their computers from Windows Vista and Windows Server 2008 to Windows 8 and Windows Server 2012. A significant number of the computers at Woodgrove Bank continue to run Windows Vista and Windows Server 2008. Interoperability between the previous and newer operating systems must be maintained. Wherever possible, security features applied to the newer operating systems must also be applied to the previous operating systems.
+
+A key line-of-business program called WGBank consists of a client program running on most of the desktop computers in the organization. This program accesses several front-end server computers that run the server-side part of WGBank. These front-end servers only do the processing — they do not store the data. The data is stored in several back-end database computers that are running Microsoft SQL Server.
+
+## Design requirements
+
+
+The network administrators want to implement Windows Firewall with Advanced Security throughout their organization to provide an additional security layer to their overall security strategy. They want to create firewall rules that allow their business programs to operate, while blocking network traffic that is not wanted.
+
+The following illustration shows the traffic protection needs for this design example.
+
+![design example 1](images/wfas-designexample1.gif)
+
+1.  The network infrastructure servers that are running services, such as Active Directory, DNS, DHCP, or WINS, can receive unsolicited inbound requests from network clients. The network clients can receive the responses from the infrastructure servers.
+
+2.  The WGBank front-end servers can receive unsolicited inbound traffic from the client computers and the WGBank partner servers. The WGBank client computers and partner servers can receive the response.
+
+3.  The WGBank front-end servers can send updated information to the client computers to support real-time display. The clients do not poll for this unsolicited traffic, but must be able to receive it.
+
+4.  The WGBank back-end servers can receive SQL query requests from the WGBank front-end servers. The WGBank front-end servers can receive the corresponding responses.
+
+5.  There is no direct communications between the client computers and the WGBank back-end computers.
+
+6.  There is no unsolicited traffic from the WGBank back-end computers to the WGBank front-end servers.
+
+7.  Company policy prohibits the use of peer-to-peer file transfer software. A recent review by the IT staff found that although the perimeter firewall does prevent most of the programs in this category from working, two programs are being used by staff members that do not require an outside server. Firewall rules must block the network traffic created by these programs.
+
+8.  The WGBank partner servers can receive inbound requests from partner computers through the Internet.
+
+Other traffic notes:
+
+-   Computers are not to receive any unsolicited traffic from any computer other than specifically allowed above.
+
+-   Other outbound network traffic from the client computers not specifically identified in this example is permitted.
+
+## Design details
+
+
+Woodgrove Bank uses Active Directory groups and Group Policy Objects to deploy the firewall settings and rules to the computers on their network. They know that they must deploy policies to the following collections of computers:
+
+-   Client computers that run Windows 8, Windows 7, or Windows Vista
+
+-   WGBank front-end servers that run Windows Server 2012 or Windows Server 2008 R2 (there are none in place yet, but their solution must support adding them)
+
+-   WGBank partner servers that run Windows Server 2008
+
+-   WGBank back-end SQL Server computers that run Windows Server 2008 (there are none in place yet, but their solution must support adding them)
+
+-   Infrastructure servers that run Windows Server 2008
+
+-   Active Directory domain controllers that run Windows Server 2008 R2 or Windows Server 2012
+
+-   DHCP servers that run the UNIX operating system
+
+After evaluating these sets of computers, and comparing them to the Active Directory organizational unit (OU) structure, Woodgrove Bank network administrators determined that there was not a good one-to-one match between the OUs and the sets. Therefore the firewall GPOs will not be linked directly to OUs that hold the relevant computers. Instead, the GPOs are linked to the domain container in Active Directory, and then WMI and group filters are attached to the GPO to ensure that it is applied to the correct computers.
+
+Setting up groups as described here ensures that you do not have to know what operating system a computer is running before assigning it to a group. A combination of WMI filters and security group filters are used to ensure that members of the group receive the GPO appropriate for the version of Windows running on that computer. For some groups, you might have four or even five GPOs.
+
+The following groups were created by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, and all computers that run Windows were added to the correct groups:
+
+-   **CG\_FIREWALL\_ALLCOMPUTERS**. Add the predefined and system managed **Domain computers** group as a member of this group. All members of the FIREWALL\_ALLCOMPUTERS group receive an operating system-specific GPO with the common firewall rules applied to all computers.
+
+    The two computer types (client and server) are distinguished by using a WMI filters to ensure that only the policy intended for computers that are running a client version of Windows can be applied to that computer. A similar WMI filter on the server GPO ensures that only computers that are running server versions of Windows can apply that GPO. Each of the GPOs also have security group filters to prevent members of the group FIREWALL\_NO\_DEFAULT from receiving either of these two GPOs.
+
+    -   Client computers receive a GPO that configures Windows Firewall with Advanced Security to enforce the default Windows Firewall behavior (allow outbound, block unsolicited inbound). The client default GPO also includes the built-in firewall rule groups Core Networking and File and Printer Sharing. The Core Networking group is enabled for all profiles, whereas the File and Printer Sharing group is enabled for only the Domain and Private profiles. The GPO also includes inbound firewall rules to allow the WGBank front-end server dashboard update traffic, and rules to prevent company-prohibited programs from sending or receiving network traffic, both inbound and outbound.
+
+    -   Server computers receive a GPO that includes similar firewall configuration to the client computer GPO. The primary difference is that the rules are enabled for all profiles (not just domain and private). Also, the rules for WGBank dashboard update are not included, because it is not needed on server computers.
+
+    All rules are scoped to allow network traffic only from computers on Woodgrove Bank's corporate network.
+
+-   **CG\_FIREWALL\_NO\_DEFAULT**. Members of this group do not receive the default firewall GPO. Computers are added to this group if there is a business requirement for it to be exempted from the default firewall behavior. The use of a group to represent the exceptions instead of the group members directly makes it easier to support the dynamic nature of the client computer population. A new computer joined to the domain is automatically given the appropriate default firewall GPO, unless it is a member of this group.
+
+-   **CG\_FIREWALL\_WGB\_FE**. This group contains the computer accounts for all the WGBank front-end server computers. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with inbound firewall rules to allow unsolicited WGBank client traffic. Computers in this group also receive the default firewall GPO.
+
+-   **CG\_FIREWALL\_WGB\_SQL**. This group contains the computer accounts for all the WGBank back-end computers that run SQL Server. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with inbound firewall rules to allow the SQL Server program to receive unsolicited queries only from the WGBank front-end servers. Computers in this group also receive the default firewall GPO.
+
+-   **CG\_FIREWALL\_BOUNDARY\_WGBANKFE**. This group contains the computer accounts for the servers that host Web services that can be accessed from the Internet. Members of this group receive a GPO that adds an inbound firewall rule to allow inbound HTTP and HTTPS network traffic from any address, including the Internet. Computers in this group also receive the default firewall GPO.
+
+-   **CG\_FIREWALL\_WINS**. This group contains the computer accounts for all the WINS server computers. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with an inbound firewall rule to allow unsolicited inbound requests from WINS clients. Computers in this group also receive the default firewall GPO.
+
+-   **CG\_FIREWALL\_ADDC**. This group contains all the computer accounts for the Active Directory domain controller server computers. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with inbound firewall rules to allow unsolicited Active Directory client and server-to-server traffic. Computers in this group also receive the default firewall GPO.
+
+In your own design, create a group for each computer role in your organization that requires different or additional firewall rules. For example, file servers and print servers require additional rules to allow the incoming network traffic for those functions. If a function is ordinarily performed on most computers on the network, you might consider adding computers performing those roles to the common default firewall GPO set, unless there is a security reason not to include it there.
+
+**Next: **[Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md b/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
new file mode 100644
index 0000000000..7aacef01e4
--- /dev/null
+++ b/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
@@ -0,0 +1,34 @@
+---
+title: Gathering Information about Your Active Directory Deployment (Windows 10)
+description: Gathering Information about Your Active Directory Deployment
+ms.assetid: b591b85b-12ac-4329-a47e-bc1b03e66eb0
+author: brianlic-msft
+---
+
+# Gathering Information about Your Active Directory Deployment
+
+
+Active Directory is another important item about which you must gather information. You must understand the forest structure. This includes domain layout, organizational unit (OU) architecture, and site topology. This information makes it possible to know where computers are currently placed, their configuration, and the impact of changes to Active Directory that result from implementing Windows Firewall with Advanced Security. Review the following list for information needed:
+
+-   **Names and number of forests**. The forest (not the domain) is the security boundary in an Active Directory implementation. You must understand the current Active Directory architecture to determine the most effective strategy for deploying your firewall and connection security rules using Group Policy. It also enables you to understand which computers can be isolated and how best to accomplish the required degree of isolation.
+
+-   **Names and number of domains**. Authentication in server and domain isolation uses the IKE negotiation process with the Kerberos V5 protocol. This protocol assumes that computers are domain members.
+
+-   **Number and types of trusts**. Trusts affect the logical boundaries of domain isolation and define whether IKE negotiation can occur between computers in different Active Directory domains.
+
+-   **Names and number of sites**. Site architecture is usually aligned with the network topology. Understanding how sites are defined in Active Directory will help provide insight into replication and other details. Site architecture can provide a better understanding of the current Active Directory deployment.
+
+-   **OU structure**. OUs are logical constructs and can therefore be molded to fit many different requirements and goals. The OU structure is an ideal place to examine how Group Policy is currently used and how the OUs are laid out. You do not have to redesign an already implemented OU structure in order to effectively deploy firewall and connection security policy, but an understanding of the structure helps you know what WMI or group filtering is required to apply each GPO to the correct computers.
+
+-   **Existing IPsec policy**. Because this project culminates in the implementation of IPsec policy, you must understand how the network currently uses IPsec (if at all). Windows Firewall with Advanced Security connection security rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are not compatible with earlier versions of Windows. If you already have IPsec policies deployed to computers running Windows XP and Windows Server 2003 in your organization, you must ensure that the new IPsec policies you deploy enable computers using either the old or new IPsec policies to communicate with each other.
+
+**Next: **[Gathering Information about Your Computers](../p_server_archive/gathering-information-about-your-computers.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gathering-information-about-your-computers.md b/windows/keep-secure/gathering-information-about-your-computers.md
new file mode 100644
index 0000000000..16e161b101
--- /dev/null
+++ b/windows/keep-secure/gathering-information-about-your-computers.md
@@ -0,0 +1,58 @@
+---
+title: Gathering Information about Your Computers (Windows 10)
+description: Gathering Information about Your Computers
+ms.assetid: 7f7cd3b9-de8e-4fbf-89c6-3d1a47bc2beb
+author: brianlic-msft
+---
+
+# Gathering Information about Your Computers
+
+
+One of the most valuable benefits of conducting an asset discovery project is the large amount of data that is obtained about the client and server computers on the network. When you start designing and planning your isolation zones, you must make decisions that require accurate information about the state of all hosts to ensure that they can use IPsec as planned.
+
+Capture the following information from each computer:
+
+-   **Computer name**. This name is the computer's NetBIOS or DNS name that identifies the computer on the network. Because a computer can have more than one media access control (MAC) or IP address, the computer's name is one of the criteria that can be used to determine uniqueness on the network. Because computer names can be duplicated under some circumstances, the uniqueness should not be considered absolute.
+
+-   **IP address for each network adapter**. The IP address is the address that is used with the subnet mask to identify a host on the network. An IP address is not an effective way to identify an asset because it is often subject to change.
+
+-   **Operating system, service pack, and hotfix versions**. The operating system version is a key factor in determining the ability of a host to communicate by using IPsec. It is also important to track the current state of service packs and updates that might be installed, because these are often used to determine that minimum security standards have been met.
+
+-   **Domain membership**. This information is used to determine whether a computer can obtain IPsec policy from Active Directory or whether it must use a local IPsec policy.
+
+-   **Physical location**. This information is just the location of the device in your organization. It can be used to determine whether a device can participate in a specific isolation group based on its location or the location of the devices that it communicates with regularly.
+
+-   **Hardware type or role**. Some tools that perform host discovery can provide this information by querying the hardware information and running applications to determine its type, such as server, workstation, or portable computer. You can use this information to determine the appropriate IPsec policy to assign, whether a specific computer can participate in isolation, and in which isolation group to include the computer.
+
+After collecting all this information and consolidating it into a database, perform regular discovery efforts periodically to keep the information current. You need the most complete and up-to-date picture of the managed hosts on their networks to create a design that matches your organization's requirements.
+
+You can use various methods to gather data from the hosts on the network. These methods range from high-end, fully automated systems to completely manual data collection. Generally, the use of automated methods to gather data is preferred over manual methods for reasons of speed and accuracy.
+
+## Automated Discovery
+
+
+Using an automated auditing network management system such as Microsoft System Center Configuration Manager (formerly known as Systems Management Server) provides valuable information about the current state of the IT infrastructure.
+
+For more information about how System Center Configuration Manager 2007 can help perform automated information gathering, see <http://go.microsoft.com/fwlink/?linkid=110412>.
+
+## Manual Discovery
+
+
+The biggest difference between manual discovery methods and automated methods is time.
+
+You can use the Windows Script Host (WSH), VBScript, and Windows Management Instrumentation (WMI) to create a script file that can collect the system configuration information. VBScript and WMI are built-in to Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. Starting with Windows Server 2008, Windows PowerShell is included with the operating system. For more information, see “Scripting with Windows PowerShell” (<http://go.microsoft.com/fwlink/?linkid=110413>).
+
+Whether you use an automatic, manual, or hybrid option to gather the information, one of the biggest issues that can cause problems to the design is capturing the changes between the original inventory scan and the point at which the implementation is ready to start. After the first scan has been completed, make support staff aware that all additional changes must be recorded and the updates noted in the inventory.
+
+This inventory will be critical for planning and implementing your Windows Firewall with Advanced Security design.
+
+**Next: **[Gathering Other Relevant Information](../p_server_archive/gathering-other-relevant-information.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md b/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
new file mode 100644
index 0000000000..1668112a6d
--- /dev/null
+++ b/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
@@ -0,0 +1,128 @@
+---
+title: Gathering Information about Your Current Network Infrastructure (Windows 10)
+description: Gathering Information about Your Current Network Infrastructure
+ms.assetid: f98d2b17-e71d-4ffc-b076-118b4d4782f9
+author: brianlic-msft
+---
+
+# Gathering Information about Your Current Network Infrastructure
+
+
+Perhaps the most important aspect of planning for Windows Firewall with Advanced Security deployment is the network architecture, because IPsec is layered on the Internet Protocol itself. An incomplete or inaccurate understanding of the network can prevent any Windows Firewall with Advanced Security solution from being successful. Understanding subnet layout, IP addressing schemes, and traffic patterns are part of this effort, but accurately documenting the following components are important to completing the planning phase of this project:
+
+-   **Network segmentation**. This includes IP addressing maps, showing how your routers separate each network segment. It includes information about how the routers are configured, and what security filters they impose on network traffic flowing through them.
+
+-   Network address translation (NAT). NAT is a means of separating network segments by using a device that maps all of the IP addresses on one side of the device to a single IP address accessible on the other side.
+
+-   Network infrastructure devices. This includes the routers, switches, hubs, and other network equipment that makes communications between the computers on the network possible.
+
+-   **Current network traffic model.** This includes the quantity and the characteristics of the network traffic flowing through your network.
+
+-   Intrusion Detection System (IDS) devices. You will need to identify if you have any IDS devices on your network that might be negatively impacted by any encryption introduced in an Encryption Zone.
+
+The goal is to have enough information to be able to identify an asset by its network location, in addition to its physical location.
+
+Do not use a complex and poorly documented network as a starting point for the design, because it can leave too many unidentified areas that are likely to cause problems during implementation.
+
+This guidance helps obtain the most relevant information for planning Windows Firewall with Advanced Security implementation, but it does not try to address other issues, such as TCP/IP addressing or virtual local area network (VLAN) segmentation.
+
+## Network segmentation
+
+
+If your organization does not have its current network architecture documented and available for reference, such documentation should be obtained as soon as possible before you continue with the design and deployment. If the documented information is not current or has not been validated recently, you have two options:
+
+-   Accept that the lack of accurate information can cause risk to the project.
+
+-   Undertake a discovery project, either through manual processes or with network analysis tools that can provide the information you need to document the current network topology.
+
+Although the required information can be presented in many different ways, a series of schematic diagrams is often the most effective method of illustrating and understanding the current network configuration. When creating network diagrams, do not include too much information. If necessary, use multiple diagrams that show different layers of detail. Use a top-level diagram that illustrates the major sites that make up your organization's network, and then break out each site into a more detailed diagram that captures a deeper level of detail. Continue until you reach the individual IP subnet level, and so have the means to identify the network location of every computer in your organization.
+
+During this process, you might discover some network applications and services that are not compatible with IPsec. For example, IPsec breaks network-based prioritization and port/protocol-based traffic management. If traffic management or prioritization must be based on ports or protocol, the host itself must be able to perform any traffic management or prioritization.
+
+Other examples of incompatibility include:
+
+-   Cisco NetFlow on routers cannot analyze packets between IPsec members based on protocol or port.
+
+-   Router-based Quality of Service (QoS) cannot use ports or protocols to prioritize traffic. However, using firewall rules that specify IP addresses to prioritize traffic are not affected by this limitation of QoS. For example, a rule that says "From anyone to anyone using port 80 prioritize" does not work, but a rule that says "From anyone to 10.0.1.10 prioritize" works.
+
+-   Weighted Fair Queuing and other flow-based router traffic priority methods might fail.
+
+-   Devices that do not support or allow IP protocol 50, the port that is used by Encapsulating Security Payload (ESP).
+
+-   Router access control lists (ACLs) cannot examine protocol and port fields in ESP-encrypted packets, and therefore the packets are dropped. ACLs based only on IP address are forwarded as usual. If the device cannot parse ESP, any ACLs that specify port or protocol rules will not be processed on the ESP packets. If the device has an ESP parser and uses encryption, ACLs that specify port or protocol rules will not be processed on the ESP packets.
+
+-   Network monitoring tools might be unable to parse ESP packets that are not encrypted (ESP-Null).
+
+    **Note**  
+    Network Monitor added an ESP parser starting in version 2.1 to aid troubleshooting of unencrypted IPsec packets. The latest version of Network Monitor is available as a free download from Microsoft (<http://go.microsoft.com/fwlink/?linkid=94770>).
+
+     
+
+## Network address translation (NAT)
+
+
+IPsec NAT traversal (NAT-T) enables IPsec peers that are behind NATs to detect the presence of NATs, negotiate IPsec security associations (SAs), and send ESP-protected data even though the addresses in the IPsec-protected IPv4 packets change. IPsec NAT-T does not support the use of AH across NAT devices.
+
+IPsec NAT-T is supported by Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, Windows Server 2008 R2,
+
+For detailed information about how IPsec NAT-T works, see "IPsec NAT Traversal Overview" in the August 2002 Cable Guy article at <http://go.microsoft.com/fwlink/?LinkId=45080>.
+
+## Network infrastructure devices
+
+
+The devices that make up the network infrastructure (routers, switches, load balancers, and firewalls) must be able communicate using IPsec after the solution is implemented. For this reason, you have to examine the following characteristics of these network devices to ensure that they can handle the technical and physical requirements of the design:
+
+-   **Make/model**. You can use this information to determine the features that the device supports. In addition, check the BIOS version or software running on the device to ensure that IPsec is supported.
+
+-   **Amount of RAM**. This information is useful when you are analyzing capacity or the impact of IPsec on the device.
+
+-   **Traffic analysis**. Information, such as peak usage and daily orweekly trends, is helpful to have. The information helps provide a baseline snapshot of the device and how it is used over time. If problems occur after IPsec is implemented, the information can help determine whether the root cause is related to greater usage of the device.
+
+-   **Router ACLs that affect IPsec directly**. ACLs directly affect the ability of specific protocols to function. For example, blocking the Kerberos V5 protocol (UDP and TCP port 88) or IP protocol 50 or 51 prevents IPsec from working. Devices must also be configured to allow IKE traffic (UDP port 500) if using NAT-T (UDP port 4500).
+
+-   **Networks/subnets connected to device interfaces**. This information provides the best picture of what the internal network looks like. Defining the boundary of subnets based on an address range is straightforward and helps identify whether other addresses are either unmanaged or foreign to the internal network (such as IP addresses on the Internet).
+
+-   **VLAN segmentation**. Determining how VLANs are implemented on the network can help you understand traffic patterns and security requirements, and then help to determine how IPsec might augment or interfere with these requirements.
+
+-   **The maximum transmission unit (MTU) size on device interface(s)**. The MTU defines the largest datagram that can be transmitted on a particular interface without being divided into smaller pieces for transmission (a process also known as *fragmentation*). In IPsec communications, the MTU is necessary to anticipate when fragmentation occurs. Packet fragmentation must be tracked for Internet Security Association and Key Management Protocol (ISAKMP) by the router. IPsec configures the MTU size on the session to the minimum-discovered MTU size along the communication path being used, and then set the Don't Fragment bit (DF bit) to 1.
+
+    **Note**  
+    If Path MTU (PMTU) discovery is enabled and functioning correctly, you do not have to gather the MTU size on device interfaces. Although sources, such as the Windows Server 2003 Hardening Guide, recommend disabling PMTU discovery, it must be enabled for IPsec to function correctly.
+
+     
+
+-   **Intrusion detection system (IDS) in use**. Your IDS must have an IPsec-compatible parser to detect ESP packets. If the IDS does not have such a parser, it cannot determine if data in those packets is encrypted.
+
+After you obtain this information, you can quickly determine whether you must upgrade the devices to support the requirements of the project, change the ACLs, or take other measures to ensure that the devices can handle the loads needed.
+
+## Current network traffic model
+
+
+After gathering the addressing and network infrastructure information, the next step is to examine the communications flow. For example, if a department such as Human Resources (HR) spans several buildings, and you want to use server isolation with encryption to help protect information in that department, you must know how those buildings are connected to determine the level of "trust" to place in the connection. A highly secured building that is connected by an unprotected cable to another building that is not secured can be compromised by an eavesdropping or information replay attack. If such an attack is considered a threat, IPsec can help by providing strong mutual authentication and traffic encryption for trusted hosts. IPsec allows you to more securely communicate across untrusted links such as the Internet.
+
+When you examine traffic flow, look closely at how all managed and unmanaged devices interact. This includes non-Windows-based computers running Linux, UNIX, and Macintosh. Ask yourself such questions as:
+
+-   Do specific communications occur at the port and protocol level, or are there many sessions between the same hosts across many protocols?
+
+-   How do servers and clients communicate with each other?
+
+-   Are there security devices or projects currently implemented or planned that could affect an isolation deployment? For example, if you use Windows Firewall on your computers to "lock down" specific ports, such as UDP 500, IKE negotiations fail.
+
+Some of the more common applications and protocols are as follows:
+
+-   **NetBIOS over TCP/IP (NetBT) and server message block (SMB)**. On a LAN, it is common to have ports 137, 138, and 139 enabled for NetBT and port 445 enabled for SMB. These ports provide NetBIOS name resolution services and other features. Unfortunately, they also allow the creation of *null sessions*. A null session is a session that is established on a host that does not use the security context of a known user or entity. Frequently, these sessions are anonymous.
+
+-   **Remote procedure call (RPC)**. RPC operates by listening on a port known as the *endpoint mapper*, TCP port 135. The response to a query on this port is an instruction to begin communication on another port in the ephemeral range (ports numbered over 1024). In a network that is segmented by firewalls, RPC communication presents a configuration challenge because it means opening the RPC listener port and all ports greater than 1024. Opening so many ports increases the attack surface of the whole network and reduces the effectiveness of the firewalls. Computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 reduce this risk by introducing stateful inspection of RPC traffic. Because many applications depend on RPC for basic functionality, any firewall and connection security policy must take RPC requirements into account.
+
+-   **Other traffic**. Windows Firewall with Advanced Security can help secure transmissions between computers by providing authentication of the packets in addition to encrypting the data that they contain. The important thing to do is to identify what must be protected, and the threats that must be mitigated. Examine and model other traffic or traffic types that must be secured.
+
+**Next: **[Gathering Information about Your Active Directory Deployment](../p_server_archive/gathering-information-about-your-active-directory-deployment.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gathering-other-relevant-information.md b/windows/keep-secure/gathering-other-relevant-information.md
new file mode 100644
index 0000000000..d92519121f
--- /dev/null
+++ b/windows/keep-secure/gathering-other-relevant-information.md
@@ -0,0 +1,91 @@
+---
+title: Gathering Other Relevant Information (Windows 10)
+description: Gathering Other Relevant Information
+ms.assetid: 87ccca07-4346-496b-876d-cdde57d0ce17
+author: brianlic-msft
+---
+
+# Gathering Other Relevant Information
+
+
+This topic discusses several other things that you should examine to see whether they will cause any complications in your ability to deploy Windows Firewall with Advanced Security policies in your organization.
+
+## Capacity considerations
+
+
+Because IPsec uses mathematically intensive cryptographic techniques, it can consume significant overhead on a computer. Areas to watch:
+
+-   **Encryption.** You might use 256-bit Advanced Encryption Standard (AES-256) and 384-bit Secure Hash Algorithm (SHA-384) to check integrity in situations that require the strongest available encryption and key exchange protection. If you have NICs that support IPsec Task Offload, you can reduce the effect that encryption has on network throughput. For more information, see [IPsec Task Offload](http://technet.microsoft.com/network/dd277647.aspx) at http://technet.microsoft.com/network/dd277647.aspx
+
+-   **Security association (SA) negotiation.** You can use a shorter lifetime for the main mode SA, such as three hours, but then you might need to make tradeoffs. Because each main mode SA occupies approximately 5  KB of RAM, situations in which a server brokers tens of thousands of concurrent connections can lead to overutilization.
+
+-   **NAT devices.** As discussed earlier, NAT does not allow Authentication Header (AH) conversations between hosts. If NAT devices exist on the internal network, ESP must be selected instead of AH.
+
+-   **Switches and routers.** Proper capacity planning for the implementation of IPsec is more about thorough testing and expected traffic loads than exact calculations. You might have to upgrade or reconfigure switches or routers that currently exceed 75 percent usage to allow for increased traffic on the device and still provide some extra usage for bursts of traffic.
+
+-   **Other factors.** These include CPU usage on network infrastructure servers, increased overhead on servers and workstations running IPsec (especially servers, because they usually contain more main mode SAs than clients), and increased network latency because of IPsec negotiation.
+
+    **Note**  
+    When Microsoft deployed its own domain isolation solution, it found a one to three percent increase in usage on the network as a direct result of IPsec.
+
+     
+
+## Group Policy deployment groups and WMI filters
+
+
+You do not have to rearrange the organization unit (OU) hierarchy of your Active Directory domains to effectively deploy Windows Firewall with Advanced Security GPOs. Instead, you can link your GPOs at the domain level (or another high level container), and then use security group filtering or WMI filtering to ensure that only the appropriate computers or users can apply the GPO settings. Because the firewall and connection security rules have evolved significantly from Windows 2000 Server to Windows XP and Windows Server 2003, and now with Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, we recommend that you use WMI filtering to dynamically ensure that GPOs apply only to computers that are running the correct operating system. It is not necessary to use this technique if your network consists of computers running Windows Vista or later.
+
+## Different Active Directory trust environments
+
+
+When you design a domain isolation policy, consider any logical boundaries that might affect IPsec-secured communications. For example, the trust relationships between your domains and forests are critical in determining an appropriate IKE authentication method.
+
+Kerberos V5 authentication is recommended for use in a two-way (mutual) domain and forest trust environment. You can use Kerberos V5 for IKE authentication across domains that have two-way trusts established, if the domains are in the same forest or different forests. If the two domains are in different forests, you must configure two external trusts, one for each direction, between the domains. The external trusts must use the fully qualified domain name (FQDN) of the domains, and IPsec policy must allow an IKE initiator in one domain to communicate with any domain controller in the forest domain hierarchy, so that the initiator can obtain a Kerberos V5 ticket from a domain controller in the responder’s domain. If firewalls separate the domains then you must configure the firewall to allow Kerberos V5 traffic over UDP destination port 88, TCP destination port 88, and UDP destination port 389.
+
+For more information, see "Active Directory in Networks Segmented by Firewalls" at <http://go.microsoft.com/fwlink/?LinkId=45087>.
+
+If the use of Kerberos V5 authentication is not possible because two-way trusts across forests cannot be established as in some large enterprise environments, you can use a public key infrastructure (PKI) and digital certificates to establish IPsec-trusted communication. For an example of how Microsoft deployed their PKI, see "Deploying PKI Inside Microsoft" at <http://go.microsoft.com/fwlink/?LinkId=45088>.
+
+## Creating firewall rules to permit IKE, AH, and ESP traffic
+
+
+In some cases, IPsec-secured traffic might have to pass through a router, perimeter firewall, or other filtering device. In the case of a router, unless the router filters TCP and UDP traffic or other upper-level protocol headers, no special configuration is required to allow the IPsec traffic to be forwarded.
+
+In the case of a filtering router or a firewall, you must configure these devices to allow IPsec traffic to be forwarded. Configure the firewall to allow IPsec traffic on UDP source and destination port 500 (IKE), UDP source and destination port 4500 (IPsec NAT-T), and IP Protocol 50 (ESP). You might also have to configure the firewall to allow IPsec traffic on IP protocol 51 (AH) to allow troubleshooting by IPsec administrators and to allow the IPsec traffic to be inspected.
+
+For more information, see "How to Enable IPsec Traffic Through a Firewall" at <http://go.microsoft.com/fwlink/?LinkId=45085>.
+
+## Network load balancing and server clusters
+
+
+There are challenges implementing connection security for network traffic going to and from network load balancing (NLB) clusters and server clusters. NLB enables multiple servers to be clustered together to provide high availability for a service by providing automatic failover to other nodes in the cluster. Because IPsec matches a security association to a specific computer, it prevents different computers from handling the same client connection. If a different node in the cluster responds to an IPsec connection that was originally established by another node, the traffic will be dropped by the client computer as untrusted.
+
+This means that NLB in "no affinity" mode is not supported by IPsec at all. If you must use "no affinity" mode in the cluster then consider including the servers that make up the cluster in your IPsec exemption group, and allowing clients to communicate with the servers without IPsec.
+
+**IPsec improvements for clusters running Windows Server 2008**
+
+Starting with Windows Server 2008 and Windows Vista, IPsec is much more tightly integrated into TCP/IP than in earlier versions of Windows. When a TCP connection is dropped because of a cluster node failover, IPsec on a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 detects the TCP connection failure and removes the IPsec SAs for that connection. When the new TCP connection is established to another node, IPsec can negotiate new SAs immediately without having to wait for the obsolete SAs to time out.
+
+## Network inspection technologies
+
+
+Within a TCP/IP packet, IPsec without encryption changes the offsets for the destination ports and protocols. These changes can adversely affect applications that are running on network devices such as routers that monitor and manage traffic on the network. While some network applications have been updated to support IPsec, some are not yet compatible. Check with the vendor of your device to see whether the changes in the protocol and port fields caused by IPsec are compatible with the device.
+
+Any device designed to view network traffic, such as hardware protocol analyzers or Microsoft Network Monitor, cannot parse ESP-encrypted traffic. Only the destination computer, with which the originating computer negotiated the connection, can decrypt the traffic.
+
+In general, IPsec defeats network-based prioritization and port- or protocol-based traffic management. For encrypted packets, there is no workaround; the host itself must handle any traffic management functions. For unencrypted, authenticated-only packets, the devices and applications must be aware of how IPsec changes packets to be able to do anything with them other than route them to the correct host. If you cannot upgrade monitoring or management devices to support IPsec, it is important that you record this information and figure it into your domain or server isolation design.
+
+Network Monitor includes parsers for the ISAKMP (IKE), AH, and ESP protocols. Network Monitor parsers for ESP can parse inside the ESP packet only if ESP null-encryption is being used. Network Monitor cannot parse the encrypted parts of IPsec ESP traffic when encryption is performed in software. However, if encryption is performed by an IPsec hardware offload network adapter, the ESP packets can be decrypted when Network Monitor captures them on either the source or the destination and, therefore, they can be parsed. To diagnose ESP software-encrypted communication, you must disable ESP encryption and use ESP-null encryption by changing the IPsec policy or connection security rule on both computers.
+
+Network Monitor is available as a free download from Microsoft at <http://go.microsoft.com/fwlink/?linkid=94770>.
+
+**Next: **[Determining the Trusted State of Your Computers](../p_server_archive/determining-the-trusted-state-of-your-computers.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gathering-the-information-you-need.md b/windows/keep-secure/gathering-the-information-you-need.md
new file mode 100644
index 0000000000..1ff777de17
--- /dev/null
+++ b/windows/keep-secure/gathering-the-information-you-need.md
@@ -0,0 +1,30 @@
+---
+title: Gathering the Information You Need (Windows 10)
+description: Gathering the Information You Need
+ms.assetid: 545fef02-5725-4b1e-b67a-a32d94c27d15
+author: brianlic-msft
+---
+
+# Gathering the Information You Need
+
+
+Before starting the planning process for a Windows Firewall with Advanced Security deployment, you must collect and analyze up-to-date information about the network, the directory services, and the computers that are already deployed in the organization. This information enables you to create a design that accounts for all possible elements of the existing infrastructure. If the gathered information is not accurate, problems can occur when devices and computers that were not considered during the planning phase are encountered during implementation.
+
+Review each of the following topics for guidance about the kinds of information that you must gather:
+
+-   [Gathering Information about Your Current Network Infrastructure](../p_server_archive/gathering-information-about-your-current-network-infrastructure.md)
+
+-   [Gathering Information about Your Active Directory Deployment](../p_server_archive/gathering-information-about-your-active-directory-deployment.md)
+
+-   [Gathering Information about Your Computers](../p_server_archive/gathering-information-about-your-computers.md)
+
+-   [Gathering Other Relevant Information](../p_server_archive/gathering-other-relevant-information.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gpo-domiso-boundary-ws2008.md b/windows/keep-secure/gpo-domiso-boundary-ws2008.md
new file mode 100644
index 0000000000..4c2140385f
--- /dev/null
+++ b/windows/keep-secure/gpo-domiso-boundary-ws2008.md
@@ -0,0 +1,46 @@
+---
+title: GPO\_DOMISO\_Boundary\_WS2008 (Windows 10)
+description: GPO\_DOMISO\_Boundary\_WS2008
+ms.assetid: ead3a510-c329-4c2a-9ad2-46a3b4975cfd
+author: brianlic-msft
+---
+
+# GPO\_DOMISO\_Boundary\_WS2008
+
+
+This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. Woodgrove Bank began by copying and pasting the GPO for the Windows Server 2008 version of the isolated domain GPO, and then renamed the copy to reflect its new purpose.
+
+This GPO supports the ability for computers that are not part of the isolated domain to access specific servers that must be available to those untrusted computers. It is intended to only apply to server computers that are running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.
+
+## IPsec settings
+
+
+The copied GPO includes and continues to use the IPsec settings that configure key exchange, main mode, and quick mode algorithms for the isolated domain when authentication can be used.
+
+## Connection security rules
+
+
+Rename the **Isolated Domain Rule** to **Boundary Zone Rule**. Change the authentication mode to **Request inbound and request outbound**. In this mode, the computer uses authentication when it can, such as during communication with a member of the isolated domain. It also supports the "fall back to clear" ability of request mode when an untrusted computer that is not part of the isolated domain connects.
+
+## Registry settings
+
+
+The boundary zone uses the same registry settings as the isolated domain to optimize IPsec operation. For more information, see the description of the registry settings in [Isolated Domain](../p_server_archive/isolated-domain.md).
+
+## Firewall rules
+
+
+Copy the firewall rules for the boundary zone from the GPO that contains the firewall rules for the isolated domain. Customize this copy, removing rules for services not needed on servers in this zone, and adding inbound rules to allow the network traffic for the services that are to be accessed by other computers. For example, Woodgrove Bank added a firewall rule to allow inbound network traffic to TCP port 80 for Web client requests.
+
+Make sure that the GPO that contains firewall rules for the isolated domain does not also apply to the boundary zone to prevent overlapping, and possibly conflicting rules.
+
+**Next: **[Encryption Zone GPOs](../p_server_archive/encryption-zone-gpos.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gpo-domiso-encryption-ws2008.md b/windows/keep-secure/gpo-domiso-encryption-ws2008.md
new file mode 100644
index 0000000000..c5ec2d8c7a
--- /dev/null
+++ b/windows/keep-secure/gpo-domiso-encryption-ws2008.md
@@ -0,0 +1,50 @@
+---
+title: GPO\_DOMISO\_Encryption\_WS2008 (Windows 10)
+description: GPO\_DOMISO\_Encryption\_WS2008
+ms.assetid: 84375480-af6a-4c79-aafe-0a37115a7446
+author: brianlic-msft
+---
+
+# GPO\_DOMISO\_Encryption\_WS2008
+
+
+This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. Woodgrove Bank began by copying and pasting the GPO for the Windows Server 2008 version of the isolated domain GPO, and then renamed the copy to reflect its new purpose.
+
+This GPO supports the ability for servers that contain sensitive data to require encryption for all connection requests. It is intended to only apply to server computers that are running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.
+
+## IPsec settings
+
+
+The copied GPO includes and continues to use the IPsec settings that configure key exchange, main mode, and quick mode algorithms for the isolated domain The following changes are made to encryption zone copy of the GPO:
+
+The encryption zone servers require all connections to be encrypted. To do this, change the IPsec default settings for the GPO to enable the setting **Require encryption for all connection security rules that use these settings**. This disables all integrity-only algorithm combinations.
+
+## Connection security rules
+
+
+Rename the **Isolated Domain Rule** to **Encryption Zone Rule**. Leave the authentication mode setting on **Require inbound and request outbound**. In this mode, the computer forces authentication for all inbound network traffic, and uses it when it can on outbound traffic.
+
+## Registry settings
+
+
+The encryption zone uses the same registry settings as the isolated domain to optimize IPsec operation. For more information, see the description of the registry settings in [Isolated Domain](../p_server_archive/isolated-domain.md).
+
+## Firewall rules
+
+
+Copy the firewall rules for the encryption zone from the GPO that contains the firewall rules for the isolated domain. Customize this copy, removing rules for services not needed on servers in this zone, and adding inbound rules to allow the network traffic for the services that are to be accessed by other computers. For example, Woodgrove Bank added a firewall rule to allow inbound network traffic to TCP port 1433 for SQL Server client requests.
+
+Change the action for every inbound firewall rule from **Allow the connection** to **Allow only secure connections**, and then select **Require the connections to be encrypted**.
+
+Make sure that the GPO that contains firewall rules for the isolated domain does not also apply to the boundary zone to prevent overlapping, and possibly conflicting rules.
+
+**Next: **[Server Isolation GPOs](../p_server_archive/server-isolation-gpos.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gpo-domiso-firewall.md b/windows/keep-secure/gpo-domiso-firewall.md
new file mode 100644
index 0000000000..78e4c0281a
--- /dev/null
+++ b/windows/keep-secure/gpo-domiso-firewall.md
@@ -0,0 +1,71 @@
+---
+title: GPO\_DOMISO\_Firewall (Windows 10)
+description: GPO\_DOMISO\_Firewall
+ms.assetid: 318467d2-5698-4c5d-8000-7f56f5314c42
+author: brianlic-msft
+---
+
+# GPO\_DOMISO\_Firewall
+
+
+This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to computers that are running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2.
+
+## Firewall settings
+
+
+This GPO provides the following settings:
+
+-   Unless otherwise stated, the firewall rules and settings described here are applied to all profiles.
+
+-   The firewall is enabled, with inbound, unsolicited connections blocked and outbound connections allowed.
+
+-   Under the domain profile, the settings **Display notifications to the user**, **Apply local firewall rules**, and **Apply local connection security rules** are all set to **No**. These settings are applied only to the domain profile because the computers can only receive an exception rule for a required program from a GPO if they are connected to the domain. Under the public and private profiles, those settings are all set to **Yes**.
+
+    **Note**  
+    Enforcing these settings requires that you define any firewall exceptions for programs, because the user cannot manually permit a new program. You must deploy the exception rules by adding them to this GPO. We recommend that you do not enable these settings until you have tested all your applications and have tested the resulting rules in a test lab and then on pilot computers.
+
+     
+
+## Firewall rules
+
+
+This GPO provides the following rules:
+
+-   Built-in firewall rule groups are configured to support typically required network operation. The following rule groups are set to **Allow the connection**:
+
+    -   Core Networking
+
+    -   File and Printer Sharing
+
+    -   Network Discovery
+
+    -   Remote Administration
+
+    -   Remote Desktop
+
+    -   Remote Event Log Management
+
+    -   Remote Scheduled Tasks Management
+
+    -   Remote Service Management
+
+    -   Remote Volume Management
+
+    -   Windows Firewall Remote Management
+
+    -   Windows Management Instrumentation (WMI)
+
+    -   Windows Remote Management
+
+-   A firewall exception rule to allow required network traffic for the WGBank dashboard program. This inbound rule allows network traffic for the program Dashboard.exe in the %ProgramFiles%\\WGBank folder. The rule is also filtered to only allow traffic on port 1551. This rule is applied only to the domain profile.
+
+**Next: **[Isolated Domain GPOs](../p_server_archive/isolated-domain-gpos.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gpo-domiso-isolateddomain-clients.md b/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
new file mode 100644
index 0000000000..e03f882634
--- /dev/null
+++ b/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
@@ -0,0 +1,181 @@
+---
+title: GPO\_DOMISO\_IsolatedDomain\_Clients (Windows 10)
+description: GPO\_DOMISO\_IsolatedDomain\_Clients
+ms.assetid: 73cd9e25-f2f1-4ef6-b0d1-d36209518cd9
+author: brianlic-msft
+---
+
+# GPO\_DOMISO\_IsolatedDomain\_Clients
+
+
+This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to client computers that are running Windows 8, Windows 7, or Windows Vista.
+
+Because client computers can sometimes be portable, the settings and rules for this GPO are applied to only the domain profile.
+
+## General settings
+
+
+This GPO provides the following settings:
+
+-   No firewall settings are included in this GPO. Woodgrove Bank created separate GPOs for firewall settings (see the [Firewall GPOs](../p_server_archive/firewall-gpos.md) section) in order to share them with all clients in all isolation zones with minimum redundancy.
+
+-   The ICMP protocol is exempted from authentication requirements to support easier network troubleshooting.
+
+-   Diffie-Hellman Group 2 is specified as the key exchange algorithm. This is the strongest algorithm available that is supported by all the operating systems that are being used at Woodgrove Bank. After Woodgrove Bank has completed the upgrade to versions of Windows that support stronger algorithms, such as Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2, they can remove the weaker key exchange algorithms, and use only the stronger ones.
+
+-   The registry settings shown in the following table. For more information, see the description of the registry settings in [Isolated Domain](../p_server_archive/isolated-domain.md).
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th>Setting</th>
+    <th>Value</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td><p>Enable PMTU Discovery</p></td>
+    <td><p>1</p></td>
+    </tr>
+    <tr class="even">
+    <td><p>IPsec Exemptions</p></td>
+    <td><p>3</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+-   The main mode security method combinations in the order shown in the following table.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th>Integrity</th>
+    <th>Encryption</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td><p>Secure Hash Algorithm (SHA-1)</p></td>
+    <td><p>Advanced Encryption Standard (AES-128)</p></td>
+    </tr>
+    <tr class="even">
+    <td><p>SHA-1</p></td>
+    <td><p>3DES</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+-   The following quick mode security data integrity algorithms combinations in the order shown in the following table.
+
+    <table>
+    <colgroup>
+    <col width="33%" />
+    <col width="33%" />
+    <col width="33%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th>Protocol</th>
+    <th>Integrity</th>
+    <th>Key Lifetime (minutes/KB)</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td><p>ESP</p></td>
+    <td><p>SHA-1</p></td>
+    <td><p>60/100,000</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+-   The quick mode security data integrity and encryption algorithm combinations in the order shown in the following table.
+
+    <table>
+    <colgroup>
+    <col width="25%" />
+    <col width="25%" />
+    <col width="25%" />
+    <col width="25%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th>Protocol</th>
+    <th>Integrity</th>
+    <th>Encryption</th>
+    <th>Key Lifetime (minutes/KB)</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td><p>ESP</p></td>
+    <td><p>SHA-1</p></td>
+    <td><p>AES-128</p></td>
+    <td><p>60/100,000</p></td>
+    </tr>
+    <tr class="even">
+    <td><p>ESP</p></td>
+    <td><p>SHA-1</p></td>
+    <td><p>3DES</p></td>
+    <td><p>60/100,000</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+**Note**  
+Do not use the MD5 and DES algorithms in your GPOs. They are included only for compatibility with previous versions of Windows.
+
+ 
+
+## Connection Security Rules
+
+
+This GPO provides the following rules:
+
+-   A connection security rule named **Isolated Domain Rule** with the following settings:
+
+    -   From **Any IP address** to **Any IP address**.
+
+    -   **Require inbound and request outbound** authentication requirements.
+
+        **Important**  
+        On this, and all other GPOs that require authentication, Woodgrove Bank first chose to only request authentication. After confirming that the computers were successfully communicating by using IPsec, they switched the GPOs to require authentication.
+
+         
+
+    -   For **First authentication methods**, select **Computer Kerberos v5** as the primary method. Add certificate-based authentication from **DC=com,DC=woodgrovebank,CN=CorporateCertServer** for computers that cannot run Windows or cannot join the domain, but must still participate in the isolated domain.
+
+    -   For **Second authentication**, select **User Kerberos v5**, and then select the **Second authentication is optional** check box.
+
+-   A connection security rule to exempt computers that are in the exemption list from the requirement to authenticate:
+
+    -   The IP addresses of all computers on the exemption list must be added individually under **Endpoint 2**.
+
+    -   Authentication mode is set to **Do not authenticate**.
+
+**Next: **[GPO\_DOMISO\_IsolatedDomain\_Servers](../p_server_archive/gpo-domiso-isolateddomain-servers.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/gpo-domiso-isolateddomain-servers.md b/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
new file mode 100644
index 0000000000..d179b62321
--- /dev/null
+++ b/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
@@ -0,0 +1,31 @@
+---
+title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows 10)
+description: GPO\_DOMISO\_IsolatedDomain\_Servers
+ms.assetid: 33aed8f3-fdc3-4f96-985c-e9d2720015d3
+author: brianlic-msft
+---
+
+# GPO\_DOMISO\_IsolatedDomain\_Servers
+
+
+This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to server computers that are running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2.
+
+Because so many of the settings and rules for this GPO are common to those in the GPO for Windows 8, Windows 7 and Windows Vista, you can save time by exporting the Windows Firewall with Advanced Security piece of the GPO for Windows 8, Windows 7 and Windows Vista, and importing it to the GPO for Windows Server 2012, Windows Server 2008 and Windows Server 2008 R2. After the import, change only the items specified here:
+
+-   This GPO applies all its settings to all profiles: Domain, Private, and Public. Because a server is not expected to be mobile and changing networks, configuring the GPO in this way prevents a network failure or the addition of a new network adapter from unintentionally switching the computer to the Public profile with a different set of rules (in the case of a server running Windows Server 2008).
+
+    **Important**  
+    Windows Vista and Windows Server 2008 support only one network location profile at a time. The profile for the least secure network type is applied to the computer. If you attach a network adapter to a computer that is not physically connected to a network, the public network location type is associated with the network adapter and applied to the computer.
+
+     
+
+**Next: **[Boundary Zone GPOs](../p_server_archive/boundary-zone-gpos.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
new file mode 100644
index 0000000000..995905d641
--- /dev/null
+++ b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -0,0 +1,64 @@
+---
+title: Identifying Your Windows Firewall with Advanced Security Deployment Goals (Windows 10)
+description: Identifying Your Windows Firewall with Advanced Security Deployment Goals
+ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba
+author: brianlic-msft
+---
+
+# Identifying Your Windows Firewall with Advanced Security Deployment Goals
+
+
+Correctly identifying your Windows Firewall with Advanced Security deployment goals is essential for the success of your Windows Firewall with Advanced Security design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your deployment goals. Prioritize and, if possible, combine your deployment goals so that you can design and deploy Windows Firewall with Advanced Security by using an iterative approach. You can take advantage of the predefined Windows Firewall with Advanced Security deployment goals presented in this guide that are relevant to your scenarios.
+
+The following table lists the three main tasks for articulating, refining, and subsequently documenting your Windows Firewall with Advanced Security deployment goals.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Deployment goal tasks</th>
+<th>Reference links</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p>Evaluate predefined Windows Firewall with Advanced Security deployment goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives.</p></td>
+<td><p>Predefined deployment goals:</p>
+<ul>
+<li><p>[Protect Computers from Unwanted Network Traffic](fe94e9b8-c456-4343-af5f-5511b8047d29)</p></li>
+<li><p>[Restrict Access to Only Trusted Computers](29805c5c-a8e4-4600-86b9-7abb9a068919)</p></li>
+<li><p>[Require Encryption When Accessing Sensitive Network Resources](261bd90d-5a8a-4de1-98c7-6d07e5d81267)</p></li>
+<li><p>[Restrict Access to Sensitive Resources to Only Specified Users or Computers](09cd6d03-c1ce-45ed-a894-d7f7aaa9b6f0)</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td><p>Map one goal or a combination of the predefined deployment goals to an existing Windows Firewall with Advanced Security design.</p></td>
+<td><ul>
+<li><p>[Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](39bb8fa5-4601-45ae-83c5-121d42f7f82c)</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td><p>Based on the status of your current infrastructure, document your deployment goals for your Windows Firewall with Advanced Security design into a deployment plan.</p></td>
+<td><ul>
+<li><p>[Designing A Windows Firewall with Advanced Security Strategy](36230ca4-ee8d-4b2c-ab4f-5492b4400340)</p></li>
+<li><p>[Planning Your Windows Firewall with Advanced Security Design](6622d31d-a62c-4506-8cea-275bf42e755f)</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Next:**[Protect Computers from Unwanted Network Traffic](fe94e9b8-c456-4343-af5f-5511b8047d29)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif b/windows/keep-secure/images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif
new file mode 100644
index 0000000000000000000000000000000000000000..374b1fe60e24f5be3578d253c4bc19bf4c757f0d
GIT binary patch
literal 345
zcmZ?wbhEHb6krfwxT?$W{oB{7s;UDA4(!;mW7n=-d-m+vym@nB_vyIay<4|#UAuN|
z;fyC6H*Q?BX3c~N6WZF^eA^DpojW&g^6u&xI}0aXw{19-TCwrj)2F9So%;6eTSVcK
z)Vhrkh0_mSdB1n>-qm|<r`GK|di3bTRhQQvd7WCZ<lyD^`}gmEaR2`D{f~F=-o5eg
z<J6YZsV)2d|NqZG7Et`j!pOj&%b)|&4e}EMTbV;+fk%#HKT|`|$|Fnq+=M4fo)TFw
z@8u)|34uOVhxSE#=j?N1N+`Ub#eSS|0ZS00nh?tprUq$Y25l9oJWhAEJRdf9o@^1N
zJRWy0FAeEDE_YrAWgYqQ%4!B)cR>brF_}C;cfL+<K6n20Ui|KiJ9h5c>F&s24FKQ2
Bg@ynC

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif b/windows/keep-secure/images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif
new file mode 100644
index 0000000000000000000000000000000000000000..60246363c0eaa6b92f60945af89a703b40e1715a
GIT binary patch
literal 519
zcmZ?wbhEHb6krfwc*ej`S63&y___Gx>-zit^K@N^-}Y?Fwbvg%e&lRE_5c6>n>TMh
ze*E~+qepMvzU@Ep;^oVickkYP_Uze<moFj~U((+7Z{v-33Nvo?9en6G<9zn!d)Hon
zzwzv&^{mT3e*D;a{jKW8Zzk*C0>SZzAEzF;t-Rpj)vH%^cmLPh@?CZJ|2Ln1@H8Eh
zU-)G2!*8!XevjDp?C!ho??1ekTmD92=B@T~Ure_DU?|zGv;HGb@71qgzkd1hMSbfp
z;hytS3!aNK9eMuz`MrDh-oAaKvF*3U+K);zZv!37Fw}tJPZmZ71{Ve$ki$W7!oZ%=
z;L_CG(%RO-CdMJg*51Nr?#$ZPB4*>*JH>_1klATg6B9Gz%qcpIYLgeREN*AiV^VSv
zWwbJ0r>?=|!X(cq)yE=Y!l=Nws$H4Uj7fz_ZWg1qk+sYMWfm<{@dYlD62f;MH8NNO
E0Jd(khX4Qo

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif b/windows/keep-secure/images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif
new file mode 100644
index 0000000000000000000000000000000000000000..2d1bf229c3c9b657de2f0140d7957869069134dd
GIT binary patch
literal 615
zcmZ?wbhEHb6krfwcoxP`RaN!x-`@iV4*dQ5XV<PhfByXb{rlIB9Xq~%`?hP>u30ly
z|M>nLDE1Rbef|35`?sGze*F6R^UJ4CzkmJw_VvrJpFj5O+4K41$F*zMe*X0F&+lKe
zrmvbcef77mUnfkMuyNzY??Bd<&uwjOUq64IJ9qBp&6~Gw-MVJYnqNTeU%t%Re!^nH
ze)i_=Ux2c=UQ9i7``Oc{hAkWR@85sr;<dkj{&Z|O@#EXKy?gh@?78kf^}x@cKceRy
zK6Ccs*DqhpcVG2ee)jL5-xr>K`2FkG=TDzLegC<0%VDmToj-njKYH}&sZ*!U+<pG)
z%a3J8uYLRW?fR<^yLazan07>Q<(UWf?<+NL|McO*iNojr|NqZ0a6s`V3nK$V7=sST
z37|M(U_a6j#?;)>8rI&y#KX$W%*e>f=;`0lZp7Bzt7pgP;VU-PTw?~SW1s~iCp$Z5
zhnT3hi<EtUU%x@n+ICJ}Yi&~<{oX!C_6~M_tzb7xDOQss$J*66Y`hG8oVd7Tq#4yZ
zRApU5jjaTQ*;pNzRXgN0Wfl0{1zx;jmG6*HX8Fg@{bp%$1LH+bPL?VGhQ#D(b7pmc
zi4u?c8Ccmln8F+!nI^V#ORDs66dEQsbIA#GE?^3B;+`ZSZX(dg(QtOQMZO#t3xhQP
Dp`8fT

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/corpnet.gif b/windows/keep-secure/images/corpnet.gif
new file mode 100644
index 0000000000000000000000000000000000000000..f76182ee25c7510ca9929611898fac5a56a9c194
GIT binary patch
literal 7184
zcmWmH`6JVh<G}IP?%BrXzBSCPnshjlxvymI<Y<mWhen7JbKlH;mJy+pInyC?pKqo^
zC>cpAF-I!NzMt>^@O=F6w6HSQ(e>U2R)AkT0FTFinCY~TlY7!u+xs#zGBteU)lfi$
z|4eJk_(;{%E9Umj)<}P;lYl^NO@3_NZ3zjX4-2#X-MLR%Qg;9R<b3SUudSz0C=Ipo
zAK$Ys2e_61z?-*kxLj^18hti{ncp__hTZVx^JI2*_M7*ws8s6Bh>I3x+Ru7Bh(yBl
z^t)H%_0w-!iwe^^+VaU{a&m&-(&Cuy#i+9ZE-^7NJ3rS-i*8m_RBUd1URi$A+|u0K
z$!u(Gxa{aS|M_Fze?4~|mdw8Epk~$r0I>FBo=7D2_V#*3q%CrWNF>s|nkrpWoq~J0
zeq}vZlk=Jyk`<K>?C<~k{B`O3*Xfk9W<MX>hK~B0=Blha>5YwzckY#O*B8ysnzG04
zH-&{2RL1V^?sh#d+}rz;5EmSu5bxn;l%JnlJ6xTR7dQQJDme05ZuX_B?Ch^AQ#Dn$
zLldc&FJBG|Ip=%HcX4s?*RNk=LwEao9}m2mJV!lS-+q65YD^o6^ziWb`t|G6-uB1~
z7ykU-T3lXWb+r%m7OsAq{kr<4_<q5?`g?CCI~r<lZEt-`ElH}YuNxlj*FUMh#{Dre
zaPR6hKVv&m8>@M9Ya{hek@b12uAvuOn=21nT9=oX?Yz%F>3CAZ2>)+v?AI@DadEMu
zm;K`hF%_lPSHFLtWkg3tM*iGhy>;`NvF;%|Kf6y0Bk$k8*U(X)oSvX~*;!gy_{2J$
zu|0V^D(dgwUn3(US(SIYUsiKB*XtkG7w26$qN{~Qz{>0M`?||<SZs1pd~SA_peU}Z
zt7|MKW`2HteSLjmV&ZdGR||=>y1H7~cz5~J`0D!it{zqih0@X4H8VXiHaa>qF_fB`
z5)*Zv`M4-1EwAEEMs5W?$=Za@$heQkXSbz{k2c<U{4^r_GP5DJWw>#3etvptz$4Dr
zwbFKWaxy77X?URSV$^ktjm?ks)kV(as}JwJLnz@fVR<>RWo2c~uFh9tE?tceVUIt(
zb-ynr>z4a%yXpG6%-rDP$F(J7#Zn5Ac|4x{A1DX_c!1{r`T_pm1c2lLJU$sqCZjtZ
zDXi`>#H{R1#wl8tTQ*hor%Py`IeNU|UQ?V~09(hLUOkYf>iEE8xOtHXD5U306fgBK
zHLa5V>ANUcjaHE2QL-b{V!K%JfIaEpSk9odc$Ux|>$V5Zspbf&zdsLK6~?<Yrpem0
zUpgCW^6cBui1vo}PpDdV55hU~iGq}xfw|EqhkKX<X;HV`PIHKPSO2Md?S)S_60D%u
zF$d^odXG}t$>YNvEng-WCh2mv&sx8}u5*0o_209$@9&trV2||X>CBjR-@$N<+mV5C
zOdv}WL~Aj=%ip3r)hWeX_c<CQowWZGp4r1Q_7aa+{nX^6XdcBQq&Qyo_FWi^vE!|q
z=XfWE3H;T`7&!OYqB8x&-nCO(lh@xK%b*;UIhJtS%!A&Kv?!no0|!7wedu0-GaLOX
z5XRy^L7Em#6hmE{H#8xIWB5g0GDM>FBj3uOQ{GoO=N{O}eQRh&&z~|>s8phB$%7bq
z37cPQT#OXQw(a;LK!XbBKK<LAbouuu-`PR7(_%5=NK&|10ZaC&Z#H2K%0fZ}>irAE
z{Z(-#26}-tPWpvk71NKUwtC+2j0-PJ6t_f>ynWT3l}k+JN~ZZ8Bz@f-!{?M$%1)t<
zss@3_1B)t~XJ%?Eh?Dp{QvXnXLS^D^1m^T%WaLscOps>*2`0Q1DInzqnf1DcIVgXl
zl)?+0vhGHIo4K+t2%RTg7LE68*$R7-cf(Pt_N}*4u<|1<<zUka$Keo-vi9Lu{;N+{
z?mt|6w%Y!E?KyYgZ(+;kluf>t5_fYH<}v&Inzh?rh_TK>{sx-=-~L0QSw8{9lEM&)
zL-;%8%!M8a3qK5hR{))b@+8nnvO<kHafOn#<!qb!1VJbom4E{eDQe@5j^PM7%n?cP
zEim-BAKeH5y})dZ$-i4wpHR;RNTQ$=97IUei5NOb9Bg2*amAzCT@dA9v|4p*PCRn#
zwC7K@5j3_>-AI-F^Bp>yZFka<64xtcO6MI(oC#<&KBj%u2?wC%$83LfSv73%;Va%S
zkOH@U{ktJ>6*oDcF4;GixS0O_eFRv9Z4AO6D?g$;Z@Ov#(@s*n3#?R*zK_u1!wDuz
z+_#9f=C9z8tOd$%c_DtZ^}dfl`6iHK6?|6Dq)X6LoBKr+@WByCJ|Zn@bM5#V+%WiT
zFGjG!R1kKsyGYgq7Tic4#Lvf11bq@p5X_Qfw$h_TM0EOpHb3cHvtmT=IJ$mP<|Y7i
zh_rYLYb~z!>9784(NGcvJo&aG^aB|3Rp<OJxC3VFcNo&#;s)<*H-bHu2N@wvR6@0A
zb}0+O#dVAY5oR0|69;Hq@&3)5!pA}z;$#j{<N09$#)QyAP*1WqE-|9(7>>io=`fR?
z_3o8v2Ze(;mDpGvGxcY5;I9ru$J7$NaEFK_H^f7S>Ws8U>Vlz26U~<_^Z#OVU<Q7G
z<Y>U)^@Sz@c_bj6?0OOw3W^W)^Ok=eI%Jwg2REk6{;Edy>76-pyugXDt4ew?t}B$A
zvsW$ujtMtS+YFBRuq1={YUTXwe(>=+Fu{v2MWT2!$B^&|`hbPLJd>-NncgdLlyYkO
zw(%{sawQN2NF+#X6+a8~IChj0C+0yySNw+VMIeXIR4<AL^(@PJbCT4dCXi{og$_EP
z#e1^~s_&?By}X;3Zl3@W^`!zjm#N)G<kzLUrtkQpE7Nh)AW{DmnZ;+c*z5PTD=SdN
z@E7tuj!ZzPZ`J6O)~t%J2jzU+?*xT75X~ThCPBFBs+F>pF2cx@kfsHmo^!_VI8L?t
ziSO*<r5Y=RetMc4Tza1S;7yoTTm9FY>P{0%Z|kEUJaG9T<kGTR@hHUkgx5dyD?REi
z@91p}4Z07{r+JrW5xz^vb_>*-OF6aeDDgQ+4aFunKJ=c0TiTR8@ciYFah_t?2v);V
zGjhaMpkfc=Gi`F4x!}I`+GduTrY*th%}`I`*+`|yhP2lO)gBnv@<*4?SUF}0Eja6$
ztRQXKZyJd_zVNntRt`QI?hT5feeLxAM*%5H^cS1MPd;>iuM0vuwT3%)j9<vQcu&9d
ztHX(-Q=MxUo6&`SR#1cTXK7c2M?5zH2DImCozY6dLqR`pUBm+2<Pf<iA)iI?3mMAF
z*lyd*9WnVJm=ad{xnaGpkf0a%!@Dn0I!9#LRIxeT_Ec5H9jzVRiCkMjcHg~~D;CFB
zyKQ6t#+N~2lAYdd7sV8T)#4~>d`|=mPA3I3-d86MOb(A|LGuzzI!@Sn>WaF1I-QRr
z!PKuAi{3XTNWh2vO=NddGA@REl2X)lP<IcG=DinGnHXsfpPejt<yPSsCZV<iI%0Ii
zv_|{A8t=59b$U=yLeXK@OBU{0=672#b7{mH{NYK*3|;41+0+@8cK(cbW52qSy3=a6
zU@X_gj9J28<QePX#!5uoN8Q>h{fVDn-7wa;VC=rbF59&~d(%`I{cmVU<bj=|>JNA8
z^Sb09fi2QXh}x+W?-XQ>*ZcKM<I!WKj>o!3@6R|r5Xz^WKk}3$=mO1KBUm~OG)-oA
zEEfA@tMO@9wmr(K3iOyW!ygXVsQnw2v+-b-u<hd#^;`Rpe;E4I#@bgBr<8cz%4WV*
z7jCsEOC9ek>w8^)bi&1>5%j29BGin(cRttWfsBXZ@7?~x+|AO|yc+MWh=xmI>gm)_
z1z0ZcxW;pfmZtMg-le(^BLbx0G<(z4WFi1im0oVL{Xl?9F|99J0^#LBdaU`Sc<>pn
zS&yCp1k+fP&YyzQd72WZ#U+Q~TA+COD@P3tV@E}B+NEzBz9VdG-=->*yN1eNwtTGz
z`9NusjvTm1W*Pz0J4c!a=e`EjDfv#xi4;C11(<z*J{Dl!e2m(!-4lCmwl3*+yR5Ch
zWQQ5b;rZO%zx~xXmN~pwUgu#`Cd|S;7Oc*R`?T{}$!ANNV`=y2b=N`UAyP>oaw1nS
zbWAScxAd$JdG}#k<|WMl1K$7uglP4?7KM(MPC9?H=LZ{B_T^8b;rRrG=~!ejN1CUG
z)VkH?OoHkXKSMpbisb3zH*N|W{+TF@Z`Kven*Q?QVnju*cQqcM=jm;{JF%q#b|gVn
z5_G-~N|=xUBbL4h5L574&z)=5)B+Z!->&VBQC*0E;=w*ty&P>_;S`9Th@l-TI#>%T
zOa!6GkmrhVxsH%y_>(nDx^|4%=U*a&7h<aLAW;(fyJFmfJUt~-QgdD$W(97>g`(&X
zo(cN3qrp328$Npc?x47|u(C{q(7r2wGY4%%LW<xG94w8lQjC^F1k{n@{Fb)9G^7F(
zcA?|cu_4PYCqxw^{_et2B?g3UkMXP%l>3d^!(m0)@M4?+&}YiW>#(X~CtaJQ2@yfw
zR8S5bMq`|EDz@5gO?I1>004wJ3pB_AZ2~YbE1tR#D}+Zq0nl|ge&YxeukBObZ%pFp
z$lMh%{uGcf8MH$~Z81|<edAyHoqRr&936}i?%|WcWxlEduW-=@9LaqZ&>etJlnCUI
zAjX#HtcV!0pZ1F(8kCBD$%Te=z{)H^Q}G6Df=wzb<CeF>9s{b*%-);MZUYc6D<$@y
zfDduNcJve-e1guBg?@E9l$w=3Nt35w4-rv86fBKuqFkKxiC}2xls!ShDCp)A+;Wv8
zb5%=n)zxynxM(F7iYS?PL@lqEh_&LtG<YR>dQbCI{$SMbAV~^Bn1K#r!yO`$uZdV(
zhvuXirE1{8AGy#e0J#{EuoXbUmVo7$Adi^>uRjG8$wD99LciexIS#U(i}=FPyfRZ5
zG>pt*A};6_g}N0{zJk<9fDjJ)gMvt<ASfh|*S1A0)b#XM@%$C|H5xL3E#UMt=h8|}
zQVCdoIIl3WMD-6woQ)L618zhFL$b6=xAe?wKqs}NZaD8$ebHYsphZIJQZpjzGLmM}
zFBqi;CSb24ks_1=Ri~^Lr|e2qud+V~Bni$Wqf43PV>9LBC6eEi#2)_!<~V>Ooqmj*
zSej6P4J`A^DQ;q;pY!;Tdim+TM@xDGMMaJIvl!Sxrhowv+rUO_yH)H2Ry0uZzVeAY
z?!f+`ASP6@S|Y8x-`rVI1%)w>J^#aJyKQPuu<cQ!ivuV<Dx{pjze|VNP*5Z6O1a%i
zydEZtLGW8h<70u5R_J0*>ZGZ8@{D+XF+-ABc8n7H^mpi?OWD+544DWv$77Xfm2PB#
z3?kN_4YDk)wl1v>B_j4}?nb(qs!B0*=#XJcM*MbFl;Azox2#%vem23@?P-N`4m5;_
zE+>KqDJVZOmSY5oVnEO&zR+{Eq1K2I3e=ig?JroPQd;FsOK8ro`KT+#zXCt<tSpUG
zJjc_v^nE5F4FM?vC?x<fNE65;g3E~r1EzpF3Bizh5XwT8(_y#1iR}-PVx$<RxRN@j
zvX!&^%Iq2%jV}{=IzA!X@`;N$3+o5)%lOD<5FK}^ASwexp*P&-@R^ez)SeTo-$exx
zYxt~CuESPP${DkyVkj5o%SDAV%XFA`9FBqzO4o0BiyWp2+^1Cfv-rRaYy%g(#X{c3
zWsZGoh_V*l7Z;Gi@#WBvAU&9Ds<ki!^j9eOB{IwzhxMhQ;sB&OJ-ORSYsFORFbHv%
zh>l`FWvamU8DJ_I{R+?D#%^$<34{a|X=)UHAPP`&z*RVeGmT%FM@(;J!@K@4NUd-(
z<5v0xT9^qR*+xOwNFf_LD8=q~sFZ9EqL%@!vxF-#z#$aq+4Qz@0A<Do4*qSUq+$@=
z_sBO|s1!u2DtK8JIU50%Mo1k6V8R@*6bG1QK$q$>zC4hU&I9{VL4E-0E`T}?;%8HZ
zqX5|Cu+T6Q<Z}yWMFk5{AYszjUJ`l?u&_4;r0|$M1u1a==FI>;COoOe>x+gpJ+jAi
zs$=zVa^eg~vpX0^f>21JnSVRrf)dSi;3E;9!$!8^AU@UTe?V(xx0WyQ=9(oE#X<Ku
zfn{;h<H(>)79xWc6~aci<UHr|#vJAWuxWagB?GX-qp#hPf`pvN(uH-CZC4&h9oE9`
zktJpDVjmyk(EZqHIvs>V+<nMo7`d5{p?i#Hw?iOI2E;F?3l%G8MpiJixnHp$Nchac
zXi3k)q$FN+Kbq{8dm)9F>8aQ1QFN8$i_@Tkf)0WuWln^xh{<c56wWvzA6_Jz{$Bjo
zPch{TsZcFBnHwH%pqEd&2_NjC1xIiO#^TdCP=vAIl)NlEM}BibwS6ND29iDCFFU=U
z>CxaVGbMLGc|dZrA1>HmEhM|yuHp0IA&=c#+oaB?*tc|FL|++a{=q%PSlWFDC(gkK
zn&aU<3O!ADOAn!w$AxQo#*%s)8fVPK#hQoCZC?4QMR*?fBF1AFA|wQl!=o1cV4%TT
zd$3Y-FX2e<zYRIVWZ9xumml}{^dHA4Qilq~1VfwrPZ(>O5as-gJuGwNZ<NaxC<W;W
zj^+Qvs#nP+M~yvie>9t<sOK>HSY@P6ezc3EN`niV(dAb@Q?2%tYeW8nP7V%NihF})
z!kP!6-tOKxqJ5{;+`69uMAaV+;#Y&m^>WlZe-31!rP~T7Xv@M6eS{u{1kFeJuXQUe
zjo~VH6gzgXMY-cixvnb9m$DqrTkecM`5<SjCAZQxX*uB1VRQ*AJNfDg?oCD$(d9t0
zjJs?s#llGP69`!3Wrzit3HfbaN%FoT;(>>4%HFT?y9O5apAxm6yrSocFR_<sz5nJU
zILM4FF)-k2*ZIbdf822HirJ%y*B>UBAaBVkl}qK)sbPw}9A%%|(rfqc%eJ#IKRic`
zugNAI{2=cdnkn6CMEwiDw!iGTo8<Ex{w~~BT~chs%hod}Q%a5BS$t3`-L^+2YMTB?
zD%)U2Qm{+Re#W}rJ>tV{@it$2lXgkde{j&OUd!bIXLW&3%AE8WWaW&}Tluh%!K+E5
zp)R=Ae-Z6>25o|+aVK6u?V$<?L8h%!*b#81|H14NnDT?Tp-hdDs}kk5qlOMDvCY@}
z4$e#}O`<NkrSdArp|O|rD}zpg)q;(?A@(1P`saq6)#m2{yc9o*Q)Ku$h1a$4f3*a^
zbvkx})qvwT`#Cv6>Dm1|L{K!u+Ia5g97O>H5H$t=X4)Hwx_^-mWSsWB<|C}?>pwtQ
zu!vpw%<qRjBAM&oUFIw(c$fTBUg$q#$RB=Lh!#cb<Kp3QwIf+$;RmNIZ$N_faB4v_
zk}n!nH$IWp#7w=G_#5UdPf1z4TymXUI^!iumiz3e_1Wo^h)eWmqnyv@_Jut@e$IHf
zM0qT6{?xLX{jz_wP{7?~$)@Ei(Skwy%WfXv?8=znLtlR6KwsebwAok_d}oq9{xC)8
z#{O~^2ph>`Vmbkg2Og936WzmvMzB}*99FKJ!jPFr7b2ev9YG=kkMMlkOk_G2j-UcI
z0Lbg%^N4-n;(dTc<SXJJ^eHeB6<FtBbMS}|+IIvU{DK94<P|~Y0?Z&7oC|4r3F%~@
zv>EUhhY;&z;C2?dcU-7(U*H-ONumHZ>8nLVJ{A$81Yp^R5L_-im(G0mSg6s9?;8pG
zo&_x;feG9nMN9~SfjSCcl^AdY4R(zQMSfV5+*q5(|9B5TBPoC&9sX+{;!1>sFkmM+
z7=0$Bhygba;tIxcXQ?0$8r+q!LEu2J>nJz{Im3ad@*t4_R+hKEf!+AlP63sWAP1Oy
zg)~?Z1qj5$67jGOE;4`vxk+CiWo;ad;r9P;1}V@ID)s;sTE-O^rNa}M0GftQq+tmZ
zAe!?PLEN%EFJgD#=SeCOPx@)h<a@wDdCX&CY1qf~bypU2ow9SW5!V<5aw1~%8L+1e
zD4UA4r9xGSwTU=T4SuIR3wCS%m)OQHV-Dsd1C~rhKBXeqjNhIIkbz{tkO_%2T#K^%
zL$O~K!$ZxP5Nj&(B);tx6&lS1vN@2)WIz@72TO$1H}28~c8d)Eo?}Avi2Rwr?tgSR
zoD0vR!jb?C42SAIyf@~s>cWA(<I&N{3|KiGEyLkE!u*}cK^c;<?JxPUTzDb%-}HJ$
z{~>{8)<1px-^Ccr=Pn=-z`+kqKKBW*kA-+7<r8-%7EDqEmCjV3om@1_kUSQ&G(Gvr
zf-aEhDWRY;5$|>JR1`HNUKs0g*N<@)w~|}|8ErRUs8|)$M0c4d5YD|>v9Go&xTLw0
zJ}+Qk=p;HFeo@Irv7!1u56-7oSrGXApT4cNSSfEH>EMO;Q$O504kXv$?ccp6*jy9)
z2Q+P3+DPV!nR4^K%(Y8;a5>!<>x$%+D<kGo+-Ei~jG0=HwDOg0=MJn3d<nj>uKw<*
zexZ^}Vl6<|7%c=1Z$VJJ%(16o>*KbNv>9ag>phY$p9K9tO&L<~bdPnTQp87~$w$fV
zuEy(V&F{%&zix0BGG75yd_M@{5cj-!Gm9f26sY;zjq`2fxXm{6^z0-L!6&C+bWeW+
zb(G6Wi_&LQc=|J|a0jANI0#LD))ygVatZ}xKw~L%T{yJyDHpljVVW6fEsrx2bH_|P
zkz`C?C{n`68>Jx?N#24doi^^#VHj3iIz*29DH$1+f`T3MB2Vgz-^+h>M55BtTimMM
z+b0)E-HuJLX^*U>?Q3>ll!Pd#62L;x(&}NbOL@o{y#gu!6tcf6I8CzzP%u64B7;Sf
z{is8c7AlM75i^w@k>l^0Ej3(sur_=Knt%k14NPdTN!mE%^*8Ye{$c^<oyQNC^r4hL
zp7lx5R4)i~$;|q5fiG$o+Jn^y2f#=nR3voJK`pYHPLlWsN|a4nQcCp=C<vcT&6*MB
zKgcT|(9mEL{iLi*EB!t=&WHq*+=#2nI2Zo@*fPv(iF>`|WGfM$X;T=<NrMd-9Cvfw
zQ&mco4+yC9Oqh{f5LXqebj>=yM3SG8-K|NG{kc5^FO<(!RraRO99&M!Dw&pV7NlsI
z<V6P?g(s7vLHH^9<@@2qge007+E9VrBWS*RdkGQ2_}xz_%X_JNQI#EB^QOC4)h9*#
zl*^CZZ-LoQIYsinDTK_(Br^JPbN#Vpcy6-Jvn%a0$NY=q-xuBrdiK5j?^=6yWh}hZ
zCS|9%LqARIT2FeFe5z*BQ{V|<YSaCmyqx;-s~!#BiUfeaRJRcm^gE)OK$lZaN9%Ou
z!AFuR<wHi@-=!o85f;n06l4Z}P<@HK+G6=6$-M(pp5mvBR1cKS-2iqD{j2Dd^)ZO}
zl3Wz6(0bwg!wv6C2L^5|ciuXsuu@y`vH1MdtijZ$;R7dUmt$|7;&S_o_KU^SEEj*r
p=sY=|su1++qr8-eeE5kWH=!vdL#Q%27VSrY$o?i-!=Qlv{{g+-rxE}F

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/createipsecrule.gif b/windows/keep-secure/images/createipsecrule.gif
new file mode 100644
index 0000000000000000000000000000000000000000..91016f03daf338482239f48e2f72d4daf485605b
GIT binary patch
literal 7017
zcmZA5Ra_Gc+XnD4(x5{mM-LPM0cjYc8>JBe0TECnL|R(9n-QaPbmx$6Q0W?-!e|(^
z?|I($J9_WK>*)Sn*V$i5MNw4jy(+K)u;l?bty5X_0PUm*P5CJT00893W>wefFOx^`
znt5MeUwG}@;Pn1df9qVH--NduMCi$QhF4Sfy00xCGE)%(fuyCSB^69J^siZ4TaUKY
z9`+b4H@+S#Rp;j-FKtGdX|lls#U0*qgXkW|xC&LqLbPNVoxXXI5fcas3L=q6>o2ag
zwY7pG5`~3@B~?w4k&&F7oXg{bXf)c-&yS9d?$5&3%qQx#P@c4cDh&+{6bdymxdey9
zK_HN>p~)B`g^Y~sqE)kZbee>e6gjq-o>OdOWF+(imzbD%Jkspz*RN6WX^JWuVGd@s
zKgVKXVggjz9336a&CNNvg?V3!S$+D(z{nhy@hdVVS5!jE_632K@#n^l{+l5~4IRTA
zTe-xdDPj^*)aD5t1LOGkcsgQ6TU&c^^_ZWZzpZ~GvtrKQ?(NX;z45uf5CxUOT4Y@Q
zWPam<UwA@l`E+Gv<;ddx>fZUt$jJS#cUUa;pN9YESTJ}v0DuSJ`M>$Un*a#0eirzF
zK|g{+Lc_u%BBP>XV&mcy5|ffsQqy4R8KJi1**Up+`2~eV#U-U>i1Lccs_Mdz_+JSc
zo0?l%+uA#joj<#}dwTo&2L^|RM@GlSCt4j1h^D4zX6NP?7MGS$E30ek8=G5m2ITkz
zt_O$cqvMm)v-69~E6nxH?cF^Vfcua^xhngoI}_QY(LhyBcL*7qYKC%kZf^vwpxxrY
zF$?h9Uy^VJm74s)1h7u235M@|e+s|lP=-pabx+K`;ojn4ZP7R!^1Y=_rLOo_p7OJ`
z$4~1@{uF8Fsq%^ml}wcx)|#4#*O$#yns?tLO6w7GwTjK*?}i)77aC8o1G$-MjfeWN
zj;DJ|!v@9BRzKWF6?rr$zwS`VXQm@f)$9GSY-(BR%{80DxL5C&N1AK5$FuqR?;?&v
z0{;~2l$nmU)bGz!Sq^7uv^E?p$Vje@x&i#qsLsGg%$jXY$Lj+L&&<Z!JWg?MJtg3p
z?Jei~v*mIrT#c+j^mE-2%vv3iNAzSa+Z$0u?KhW4>%(v@WXIjj)#*NJ9FBGUPI$((
z;)h3Lv*J&1PpIWaB?|%skST&!gQz;VAf6=Du3CQ7t~;wCppGJtG()h>S{V33Bv<0G
z=7xDVe;+u{>q%*UqND(SHXH8mwC(j6$USXP=;cO}WsEFm$p$ulgm`y3{Ge`jg5;@g
znk>bNK*?sZ$@MgT6z!}0_mYHo=38ktg(X|C&keg<>5hHe+Zis?Mjyl6ArG|DTrYOF
z;eG@>;B5CjZVoxJS^k~e$X9zic{cM$=3c_qO$(ClW5v6L)HE$DMcKg*bBY$@IDbXt
z7M7O!0M)~l3M@={v<l0n?e-Jo=jHax+X_{ApoNM-c9lKh^E|1qx-9dfm0frL)^3Q+
zEmxwS53|+HT1RBod2Bs=F0X4GR?x7K+`5>O*z)k1oaM=b-PWVNXXvyao;T60r(0#{
z4!3X{w8Uf1A#^9+6Ys)&p;CIz)|&b1Pt|1ohUkP^#n08)LP{+OI{9wXztv&=g%OB?
z{pQo7ey~=mQx<j6U+0i#^mKorjL6TY{w&B+$C}IKzk&e*jkl*0K!SHX{S_4DLOx<5
z?MKjq7reqgifFO(sWZLym630gk;2m&X!VmQ5?}jQ6*iyLx8^>6BIchltu1$%W$QO~
zmf#w`t6gy4j}k_`?#iq~$^X&V{SzddA+pMc+abEnjr&EZGf>W_cD0g~seV&lV$5Uv
z{*CvUoRe?#%dLHAdDE^}NJYaG0`**Mvw9)2WvgsvxoQ7-WqIpx?W23Ip~lnCHN&9K
zRl9hUS3?qsF{iNGlhFt|$=^U{et&{H0kahX&}30N_Jl8R-0ax0JFAq4dGgZFi&PiQ
zghM(xE)`0lyy89IUdG3Ba~KG}otKlj`2qI5NuNd<vbWtiX5+HNLI}G=n1KU?{)ce@
zoPkT6N7EmH=!9`x8IV6=U5pF^5zcp}2^<<{kUU5d-qK?&Qlmhs0FwN9C)z1R+~$aj
zm)iM=84^Gqx#GjbAp78`Q;r1efJ>1LV&ViSP&9o6Qp7S7<<2sZY*c#EK2F+xlhn<4
zaTFrUU_l<E+<5_x3zPO{eX<~@@W3!G+Q?;`hI^-1a*ZW2yM<|&=OZ(@t`;trw(0pR
zNQYcB1jr|!P0(P_bz!@L!_?DFGbqw~`$HRx8^dl!xN#|`=-e50FxUAg)28Rb&pgpN
z(c(7M9Vp5FCdnPZL7&#-uV3gKooQvsw@ur9mt7frk2^&OsT#Q$c^OOz0z6^X{^!}M
zD0k4$8^bFAnR+%ZJD3HhmS{{S*&N6*VMZj)?@uP=fX9AieF_*X5eT<S8|~>9L_Ha`
z)jx%~A7#HfpMyFC=w#q<6j5_Hj=8M8&phz{D5-=|x-&w1(9`GRDja2zMuM^rerDqf
zPvE$}5b$NUH@g?tRv?w`jHc4FkU+Vqkj45HFsy*R*@<MW8;a5<Gdc-%!8qhr$LXt&
zSDy=;%Vq^ba9II3MDm^O*(Be>39;W%8e9{q6z-?6UaP6c`+ZfdNxXXE>^~{a=h`f+
zo#A*Hof_q{qwwXp0?_CdMF~tTy71J;-P=}ya+dcOM}m&+yJse+L(|;B{Gnf`xbS5h
z4K^RRR7#zd;Q<y@e*XTd6X2q}yG1$u(^ESiCiz~O<H(<KixiJ#2cRqhTKL?cg%|G4
zOf<$l`8@bY3Sm#mD$Kvw$NIb4)t=OpnIGsvaUN7<uSL|=IBEPwzq$Q64p*9J0O`?b
zBSy^H$Uc>af>tk3&wk$$KXfq&`a5kZ{ez_xZMV9yBQ7%;&KH%vu}?lUmbB;Zibv9A
zfccH>4ti)&)WR&mczg%Cwi3&G+G<90;ac@%6FyQ^1SfPo%PXq4(cz{0O}XP(?;gsd
z9ARW8-ccEZ8Me?|r|ct&hWsFIFc;XAP@|kD@1<4D_U0Y1RCQg!)4zoXD;>Ri${C3$
z72GG*kcVz1`L#T>{%axlz--q?sCQ8<_o2j*+}tu>K(G9Y??)@G4@~DnQQw|<ZQe3r
zf>(yUsRfw^KC20;%`}2dYa^ixvA@RpW4n6oO<z9>(7JbOVO(JX4vPFXwtMp<Jo<g!
zQn!@68+mubBp=3lchzFKS;{+!FLnxM@@DvA(!2u&VOcb-mc}^t?WY%OA`CR3RX$^9
zHW@Q-w-xS<d*pieH8`*~y%e$9c#=UYgyPvUvTDyeL#C)IjqZlX0B_-4%P+k*)ZRL<
zNi+<-brs8eH)&IuFrQ7r-q6^$N+PEnknrtQ+v%R=9IN9z9bm(j+3$;)pit2AhaIJ_
zs!+<lg}EayTQPFme&<IGKOqE-ZkgOp&x}oc)%!%468|1>(tkxXX_}2gH@h!&(TTi8
zc_;3v!%sBHrG=2JTq2^KDnNa&%k&Li`{pIju^ad2jbe<gv+|kU)mv)5T4Nuik;G@-
zUWYg>jwJ)ixs=Jq4rPtFm8GW@sJ4iR&l?k!J4|Irr6hqy4(fvFZ<Vz(X~%eo@seeQ
zF<9pA(QxaqnC&;L=ELeuCsMv4!Ib^lm(jyD5-k<Xq~gRMb?bt9#tFvgtACezLg9pS
zYdR^S+;6}5#WlA1JqYnkC#QRz)<4dkq=`Vvv_o}d;@tDpmsfKTqaBU2`?fSUD=53m
z0(ATF4?d56K4yz<wDB>#l4rvq`nne=ec?d;UCu#9cY1v3(xc$+xUBT%j|j4`%fa(}
zq4f4JrEw2g@axLJ_pIp?@(#INsxRw+-R5Gw;{wp@`vQn~G$;XgPXL%AZ$cXvt=|9&
zus`(FFPnpvQrSN*(1T`xTVowSMixL8ixVaCfssh?QJp83yM3@8X<co=%QYb?r|<kk
zY~}|3!l77JktY8i$v$GDEH6dLg{}fQYXavKgP1IW&aC~EiCAU9<Z`n?DxsX7HO_B{
zSg+pvc;6pnV8{Z@23uR;hUPgd&-_qnVtY)63%3aV*u-Y%PRchBOvMUNG3R(%g)0d5
zaV~!Ot2!j}H>uN32pQB9S{xEUB=p@qlsxxG%1mImXs9L8k8n%=M8mL?u23tBFj!Mq
zL_pXXm$CUkSgvTeGi&fu0nX`w;L@gW#B6xQRd^L`MAa;w5-6g<J)$W!qU<X8IySuJ
zDx&i$qK-DQ$1w8eK*V(?Xw@QQWHxf_DsqB0>bGdrL=%A$Bx*J_YQ8DzcW4N$0O$9g
zq?`~eVAU|1TOfK%nc75<RyhZV*BKp%6TRzBx+5BMVMBKA9)s@$KC+=aoQ?5kiMa-o
zVnkyJxT81RV}U<o0AiHb+1PI^u@C1+@WtY2#7L<<;s%?d$y6vw=i+Qw;waPN=#1jo
zjp8plV?lG|%+2v1SmGag#Dm4+ABZJjvg2Qrkn^S`7~&)lawoj9jfFf-d^?c9go##6
zqn74Q6jn*35lhq*6JtnA6c0<(wWU@Qi`9ObwAGX(AC_PsMlSI*Ss^azdMC+b?um_U
zg1JgEnLzRvBT8$Jm``cRp088DbIDF~WRA@#F9lLALQ`BZGyx@Xp1UdECQ?E%6n<jZ
zm>*)PpN~^%JW_p1QX>Y*qtc?|AEdpnPJ5`5=4G3fQbL|Km!vV67VQDccmQ+ahUH<R
zh%Mtw!(f{`X@rBYFT1cxTk?XzC(sq(ixpfvK*kGg+`73Z$fp_I4>J0iVLBL?rXQ~8
z3O*hvQxt;NI!E5#{Nx1$u#CynpUCJhd9sAbTz;BW9G0#dhP$<!Y3Y|a*G#_9{6u{s
zOMyS@`)l}?2YeTkQMpTS5QcvomR4;W2Q|+!@`DeAW%rk4>F(lf4FYjhv#kr_)^{>Z
zva{_lnNL;INmP>#cQPILb54x1X^e2?AOPv?obUd*JmOi*uta$>0=yM`c4KTVb!nU$
zKi=A4u4i?g)Lw?jHJLLR!I4<LTU;L9AY6LriTYm7eOe|kJin?WU&FJ&u#{3jwE$O~
zGv~O#oUYJ9yfCer)XKBa23Bb2N$WQtT<ApaNLS=6UgTn2<N~ADvy<DZDf0GY$a3fV
zPFEbTNAGK#_#>Gk5LUbqz*J-t8lw#QA?^`l42q)@wGb%*LPO(=eN)9jNp=C5bj(RS
zNhx%t2#PR~)#5@JGrXl#;ZI?~Ug<?nNy$)2jjC{%dl}+knMrZknQR#u`Hv29=5lew
zr9i2_4dMg`!BLF3c#RlSMYIk1|7t-L(;-TY%kR3G=6Op0?1e7bVOeJ85v#C(b3kcL
zID%NWA~K~&$*_E4sA7+<Y-$K$1uog7tHfNFSM^tLr{t5+vb~j8Ur_*=xhlM2hhEBQ
z(P=xk;xRXf*fjI7;i}0NaDeQ3O<tr_9mjorykC_u<*L9XaI5M~U4ygis(H35b&TWT
zbEZ@-@<kwB4Ya`AOvwCnSTlc$<sw{NAIvtwp?mPPdg+hsk&_jhm)lu>wKi4lw0;mJ
zJ)7);as4aMppMR=f88@YMfNRq=Bc_Tll2tCq=Vt0^cl&zZ%W5MYmRU{@U-889Dx?}
z%sDAGtCWs{`_h6p8oR-kyu-EYo|R)<^;3D4jM~7EXYY8=uz<x=Ro)F%Mu2PymBt%F
zSu;+(F?qEZFGtp+4+OzqBNl8~j{tQa17AO4lMB`hZPl;-0EwoDM(;O5E+AFG&DZ(O
zeELAriDo>i8d59BwL%N6PR(y67M7JpkzRRG8X#X#b4m|XU+9e^r^c!dkUUZCkG`fm
zKakf2IC|RV?b_y2rt!YFiDAN+aYCBG5g0R!bI#UA0cs7GkcG+1oJ4@6BuvqEtm8ee
zQ9V-LuGXMFsj?u)H$5NRw%*fjy)m~^Nu~j^^1s{YHjqBAW67;7UeLd%xAnS!0vWXN
zM&t=@nX-~Q>wg#%)0p(1Ym-Y#nI{_`ziPPAZXi6tdWaY5p61JN9DU%Ex8kak&69_M
zie$8V<?Dsjcv?MZMPv^1aU2`o8tUn}=t=QJXg0V2cXg#=g6xv<o1*N>iWi{X4VI&M
z8m(pBldrV$y!uY%x`y&>z|YOVBkwQ;Qe4_H=@N~Ft)x3VEQ>;Yq8S?Jmb&hKO&+?s
zf$A1kDHaY0NvDzeS^55nS2%7X8UpGyR;?A}7TpKJYD60ix(kXJe1&TrE7~)2w3=0U
zii$v;AymJ~K0|Fau>(&}W_j2ULfa($HW(rSvC7biw|>pQ4-BJ1p2Vr_OAIid4?qY!
zNEI|C3i`PNesZ69AV&;ng+_Y4kvZyWLv7g3cLZZc{?_$LvcD05J^SB*&g}<rZC0O+
zGZX-T8AWX&!>JAR?~@<k`%G&K4eXyyUu=CK?)#M7XDeUW5SKA*#!&V2ue0dm5&9LQ
z9(?<c!}50NDpgzWwI2hSTt57a)Zoyz9@Tl%KqbADq}Dy$pKdWqs-Z{z&Yto>KC}-<
zrO=qPx4WkP7b7u{In#h;=_A`+J*T}2w^TRmF$=ZETN^b!N<SNHA(Wo1-M8nbNid{U
zScL)qS7?J~&v`vhaAVWRFB*E=^dd<nDd(waX|~Qk3uSsk7tk=Onya$m>zi7EuC_Og
zZKI!{pO&WOCl!{@alGEite)az=mHnlvF~tu<vFV48y>Z`l+_5SY3S$UEGN}*K}W#>
zGe$)-u$~#tcQS4+9h^e)=rU;V0aK`yvpf})VPY00FB{9K+m%$4^nFgDJ?_j71ddQS
zp>%dXXiE~3|6KrG`Oq4bJRiV-eARD7_eqU=SaGEu2Y+cY>dv`}(UGrLs=a;b0MV*d
zzxY*ormYb<RyubC8<SQB1<RX|Q!2`Pd2eKTZ<Ql<7|T!R%P3CfyB-OYEh$_+Lp^$j
z>hnZxmoMMXR{+#jy6sjjqE_x<$W8m1)x8yblGVRFt7jUkOLnWo(W{%Kt6in#OowF{
zjq<0`D7LI+p3D_4k_v9=6$VZ0TG7HPh^c}#tNb|$=s`!hh{xm-Y~B3xI`3g6-*P2+
z#hQ3DN?3C}t!-h9XXCNPhUDRz2-AkD^oFMCrlQa0JkRFiFKZed>n-J|bJ(U%$L8Yv
zrq-9OUk|q~U-~&qZ@ZXoyZUUqXKj0SY<n+n``m9k-<SAF?*y6d1pDlSE^jMo3O-ET
ziN4>7W!jAy^Lu$n^3;7dHES2vv752Hn{~fSe1vZd*vmKFEA-iWIzU?7v4>dR%U#~9
zV%jg(Y<mg{Xz<x@%Gz(~*l%0j@5tKM2H+#5|Mr;v?K|9O->DF^O*h)39FdNFJCyJo
zlw;DeGAx}w+Cej35%VhxoAAf<U^+T}A?x6|z~RO0!3)g6N(B`sUBay9q51p6)6m0b
zC5QW_q59VeXcDw33wl=>4YEaFnwD98jk_O1b2uGs5*;yeAK_LqIaL8DWR9uKj%j?4
zY2n9o$YTc7u^t4#$b7;obHZ+R!s&YghM&-4k9klhFR&-Hl?3LFI6`KpuY6BM;iuxr
zQ%TgRH2PE*f-fU;CU178=zAtbN<cnA@NnWx6MLr3eEvq}T-WSe-}l_G67UuRFhZT1
zV$aQ)FDzs(tYj|UnqAnyFYIK_KbYfu!Cp8rUpmWNx|m(M`d+%jFLn6wJy4fE*h@d=
zEBA2%5ACa9U+h&V{3;xI6^Xiv#$LsmT|IyR;><9~zL-=v28P6BATbFjOg8g%uFQ45
z*>$oO4wd<JDe@YDx~}lOf@801WNzw^*VSe>P4Jr*hwEbGO$YX-(-+goeA{Doi;%hP
zgWnFx+_WQa$FR5kT9^r$yGi8LfZ5$F{4NT0JCC|sj=7q_-mM{TR%PzDkhhDz_j~Bu
zP2~Nd!}S67{>1ENR|b0lzd82BUOQkgq(mM8{|mOUR8$H71>4Mo2Y6Zk0oy?C2M?(5
zN*}x|s;;T6OGv8!2W(riTmJ#uU~vduZ*TI?f50}V5j!$I(b@iMaw<N%4^Mo0aVdRl
zd37!B&-&KnOR2us+XsgpE9jH8&C`o!$zDj+<=w>bJ&>o2t126;ul1N`5#KRK&IpfL
z)mxrmv?ro~&SEi@o3%eC@XDXzsS4X*LYQQ($)Iz=VDfXlt_+pa)nORhhb))g|A=ki
zLq^sAh;0JTW|-iw(L#oA@$7y%rT>bp-O|v1#WtK#E%`IJI5;b}9sG^mU&3*H=pV4H
zSZa0u7i=3VQApqM3dVfbqwWR}3i$tE%lPP($?OrdhnZUGzhLXcMOyKB4rCn-ll>QL
zg-w2aQc0n4_q4>?%`|=8zj#Dn{&())&a$n&waIC{J?EalN9#&qtv^rAAhT`PdFwPo
zD@eM%)orl0($cr+9qT1}=g)q5w9f67>n3xSffn+9|7c)YEfVe6afd}!8zgvLM|Gp1
z_c+DoF2LXN=KiY;#o7VOdgd%9H2Se!7QBW{KvVE@8-qYWDWdlx6hpP6EL5%`IC_<O
z3UZJ9a$<1_z_d;V5odZ_fy%sT?zzI;9e*Ci1{{fIT8Foj<tBjJ04WJn6YhjbZ*sMN
zGIE1ob%#6~IifS+)g~(lbz|?BBjpxNMaAM%??y{YQsw5msCNm=B?;w|Z6#4%&22y8
zzv3=TcB{iea7{w>$t+-Q2tfBkZcq#8Gj|mflFrfb;3LGjAweTMaB<MwhL%=f{h>0r
zdXtfAF%*ZGS{wAi1l;M@6&d+ucPCXfTRW+WRg*K2YR>UtLM$8_sPSq-@!3J$r2eOa
z`dQO-NW9HU4;GVW=Gps<;3m8G1(g>tAcg*`>z%i>8?mb)DY;PfhO2+Y_EvG<w)Qf=
zX7V4geNI*P`p9z6$)m5nE9Bj>KMuYl<|$v=#+NxD1^v8d|6}y>Ygst$jKlzJPWk=O
z(DO!wY9^rnZ-f99V&EVEOh#7I-O>fxVpKd+w<T$@h^@~05&e06Oz_OREFgFA2vPIW
zpwGUZ74HlZ!ty9@_uI$zUGu&|gB1H$EDx%$&gUO<#RrUj?B{i3dRJ?IX~8~L?l$)g
zbs%Eqf#!7|`Hr=}iVozGc3TY*d10^;u2jLi9xXxAypf8l<gpoImWA04v>(HuvI4(|
zYv#uIxa}4-F2C6;tsQOIuhXKwIq(`ay*X@HJ(O5$BScaCMW#Q$J?1BmT|F5QLH{Gn
zN_=-`lLiiV=d&Ljat;UF&{`ZTA$<2&8z~O=n4O}^`|H1r==+-yPcu~zK;r)Z6C(w8

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/faa393df-4856-4431-9eda-4f4e5be72a90.gif b/windows/keep-secure/images/faa393df-4856-4431-9eda-4f4e5be72a90.gif
new file mode 100644
index 0000000000000000000000000000000000000000..d3c8021646300a2c29927e6fc77542f328d37d3f
GIT binary patch
literal 595
zcmZ?wbhEHb6krfwc;>|L@8935s;a+#{~S1Q;Lo4mzkmPw`Qtkf$Mx>rv17-tUq5&4
z+EqPcXUm)&d6Rb=R3G{B=@U?uZNnkowgcb4ef{zM``6E(zkmDo?dz8x-@pC*@ng@P
zJ>S26ojZ5#x36C}Zru3w%a^TNxBmM1^Yh1#ZEbC9*REZ&X3g(kzrKF?{Q1+z2@@u4
z-n{wmpFb)6dz)tOcyRyz-o1PO{QmXn!v~;4K7abOd-v|6M~{B{@&#zak00On@84fI
zbr(?UsZ*!^{`vjv>C+$IzWx09<NyEv3_}wr{$ycfU~pp40XZKOCk*Tx8l0G$TUwpk
zJD3Gon3xzCSQu<gJKC*SyL<Z?%q*m*8gR|%>0{vL<mB#<X6Mqg*5z1gufM9Dn{BPS
z;gY4C9h{PEygYmy!b1H0``Z=84>>BSv$E*)DRyYfi5xk0g5QowyF=dmwxp$$lJON5
z`3_Yvg}cX3&QR@86Zj+{;vgy&C2G*Pf|-}&%f79z8a$46i2M#ncu=s=Nl&!H<3t5V
XW4lY2n5P1l!=@!CC$%#%GFSru<dNcm

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/powershelllogosmall.gif b/windows/keep-secure/images/powershelllogosmall.gif
new file mode 100644
index 0000000000000000000000000000000000000000..a27d8b9d9e24c2098b9f3f649698501d92c38420
GIT binary patch
literal 1415
zcmV;21$g>LNk%w1VHyAx0QUd@c&x=;qQ%Mg`$<}by3YTI!{^!M>iPcvM`nem$=iLx
z<~mw)xaR&ggUMQksW6r2tGdWiYm17;`St(*oZ0v~WR+}sm8!<%m#xNfldURct5bTa
zak$gO*Z+II-2VOkjIqR})bjEF|AMNu8hgxvw(PRn+;FkYgqpA|dB&*3%06|wag()r
zji!~<>r8Hudz!RYkIE&6*V5|#hOE4Wy!3Xi(bMbpgrc;=>;K&T|H<d<R(PD;=J9sC
z+0^_0dYrv|!|_~~xo4}??f2=4yU}TstCqXX)b{>lm$qP*uIB&$Yloxl{{M=syMndM
zxXtRDw$tJN|4wwMXR*@s|MYpY(v7s+>;M1T^8bsi#h%37bGFkxa<z1x%bdyeWR=5~
zyWMJ>&0(Fql*a93tk0Xh(o}DR+UojZrOLC!)KhSbiM-lCSagHA(UZE;qQ2FGs>xi6
zw%Y6Sy3_W&+x&#D#X)PFK60ybrM&g}{<YKcX`G{+!PK(v|BAc9ZI7>zwaHd{x`439
zTyc(Ro3oz5=GN!;|MmI#`}$aRc=G@Fe3`3csm5fFz5n|Evf27%k*0g3sL$m0&*lBI
z%Gzj_$7_qEQ;oAykG$>w_*;|CxY6%Va<Z_>@!0V2sMYHK`}*eY|MC0!^8EiveaX|~
z|L^?ubeFk*mA*`No{zM@T$r?trn+K^$XubmpUmN2sLqA5&}*K%kG9ji|NpSp_=Jv_
zvD^2*-}YyevQLA*E?t#QmcDwj?Wn)#naAtg`RAO^>W!|aeXroZ;^cg{@tVHQm8!kK
z+3$9rqhO%B!sFbKzT)im^~B=*pyl+;>i>tQz=WsGW1HqlWRP8lw~)ZsIf2!W!r$ch
z|CqV5X`#YMYol(2t)8^ZSCO|<kiFUE{ZNR(UY@yTf|`uE&O(;bUyZ&|iPY@+`dE{|
zP?*5Q$<$ev!&slmw$SIb+UmK`;ANi6f1sIdkFv4D+p*8lcDmtszwP}0_<X<NxBUNK
zbcJDtx<q-nA^8LV00000EC2ui02%-l000R80M(H?py$8=QD|=5K=MO?fEnTr^_Vzk
z&W;<On&=@lVS<QBt#IHNL4(GK5rYQVu>%4`pqFqGpfT7H4KfsrS{*xb@=uW>=H47J
z)2Gi+I1oM@5P>D0kvxT-Fvzim1_%yVeR$Ycpcybj7g{J4u_S?!CwYnp(D5Sy4If(f
zDJW2YOtUaiEPT+@<VTTZjT)VBAwbHrC{L{Tz?UyykQ!tRVL+j@2@(M0UUA`KC4`hE
z(cF0Opdd&P2@<{-f`I|i0W1v0q=`j^iVZfnkYJ(o?aG%LzG{@XqNSe!*H}QY3J|M|
zZ2+`#VOf%FnxjoI{^3!z#(1a+OTq~MNi(Fm6#y_+$uszC!-_5%@Kk7X>(mGEamJK?
z7l2!#3{F&HkSG4Eu);sPY|sV-6C5x>7A$}<PbTYt<3J><?0|(f_INQ)3Jo-%!4z$@
zlZb=KI3UM5?u3KMEU^5r#1bmB;J}9<YH$Yv1|%|y2ypOV4LV|oVFNBwNWsiD$|%9k
zIWmwS12z?S^T7wsh=2hPj#vT)F%0M+g$cvZBMAV#H1NO!B&5JgDjz&D!67ZM00<CU
zh?&DR*-$`%3(!ztOgaZ{uz(7|EHWn(fS?kGo^K2yj30jRQ;Q!GP*X}5I~JqKBBZFX
z1{3wLP{#$*Tw;VQ*|71)AF_C4;ff$rRCC5BRS;nS1m!de1Pm}_kbx1pB#{IkeCT40
zAf0qm4I@qD`XCBxAn-y25fDO11lIDPh$3f1P|X13sxg7IBFwOdCw0)l2^3IpvWG2@
V+;a~+bPzy52c|S}u08<)06WRV6^Q@<

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/qmcryptoset.gif b/windows/keep-secure/images/qmcryptoset.gif
new file mode 100644
index 0000000000000000000000000000000000000000..4ba626b3ff66cb45138d8ff79551db96f2d46c32
GIT binary patch
literal 6297
zcmd6L^<UGE<NR~MNMSULMgaj)Bm@zpw!ua?x{-E(C?Fj&aCA#|2qTn62~jB}93_ni
zBLoQ*m6C9u*ZccdeD868z&-BnaX*|62CaP4aRHbBHgth^@7@szgp!u|p_!fBx|!vT
z-z6m_%gf6@fBqaB8}s(|R=%a?;NT!DD+>TXLqmg)e`rl(dunPb4u{+Nc^nZDvA2IB
zEG#_vc|+>T)#RsnZEpwOkIbMk2Bwy_`~pG+Wz`YHglWoN_vq$}x640&{~es%+T1-D
z`~1DNZ-tqK#mUX{9r-I94sYyTS^oOFySw}7<gD$(>eTYy){mp3zh@1vdM$0;(yOOl
z4XmX;%@Y=vU*A3`CACBsk2SpPou%vz43WS8IxZnKCqA3d(9l@fKA`?T{3rPTe~A2r
zf&f4lxbi=#|H}lRr4n@Iz(jGbSV<x{CN3d~D?U0lEhQs8F*_^yX+dsLYEEf>W?@A!
zsl2i*ulCvVk{4AC)lD_c`KnsF8jv@l=<dsJAn$tm-lKcpb`K4Zhx^AyKYW~;m>C?O
zpB$O~GQ0eFY2nk_;`-cI%D0v6)t$+!SFS<HheyYMPfpLy|4{)51HW!#X;0YiZvwW1
zjb(kY@QZBvmUqhEC-TU9+}HJaHjpZ;ZJlJ~95a}4*`&6M8$utQCF?w#IrsZ3xj^~R
zA-iVZR}8a=Fp{FgQ3AVgsLY{Q-ntyac}mb4Cupw5(6K6qg&~@qbuaL0Aiq%@m!rbq
z!gEh3rQg7`=Ty<c5n9nFF?4Vhc&6tJ1o~R=Z`3}6akROE&<!3VPpGu)2R@Z6bWN7u
zVRSsgLCPO{Ahx7}bi`1XhFs$yqXr;PejzpU%qbFus{<ipnaxDP;2y|6FiR{q(|h1Z
z@l%sP!pvK{mq$PQ;8<zF)6WNssYJ-V#x||*o2}gxU)`igUu$NmG}8CRp1zndAyJ2K
zgx1%ONW97pa6!jYH9DymxX-pVyiI_q$Tu2ua|DH}hqjw;Ad?}Hrn)DH-vKWi#h^mx
z7=^xHx&X6|#$`LqjhIa6TsC*>4@~Oe1e=mI8o>@(L;hU0d}PIJRw>JSNIJ#}Gnd5F
z>u&v2T3#)@gVFnuEL&p2IjJBdiROUEmF+FQKNI!<$c7~(XFI^|iFB}H#3L1o)%Jt8
z%5x~w)ml!N+gp_mVc{Qg+$>$A1#kN^Z}l)_ZgogRKDeNm7ZyB9Z=d7sFX;%C-gQI5
zL>#(v@)6UQKDktd<IK{~$DH=ghEmxxFsb(1io$9w4J(*-WE!caig%C)X8Gz6)DW^T
zlN%wQvf+}G{(!O!HruGRXy(yq*EH*VYnk;h+3qO4TEww&9?YA`+e=&d{+K5}B(h5L
zMf9+h1x(QN>lLd<k*Io))pCqSSFD`&5AZm;9WWDgftwTcMmlnPlP=hLzhj(5)l;1i
zrLV2pM1HNaW5u`ESu(&%{H!gaYZ-R!(4DMiBiF1X*5PaNExseln_UwlDo495+N#tm
z`{Upy%>INf1p45UzS0Q!lcA15>%a|+*TLBDv&PkF+qElW@Y`?=FpW#9M)$mPPWY=i
z7ZZmY3tsO=UM+Y}s<nOgtV$0261ptYwiGc?)J6%TeV{~nB4pUU9DkG?w35vC<9Ido
z)Bwt;xsU6n*YUI00+l}car0Y2;N$+yvVxS5t!GtBDmzsfS3`E|Cz(&TTh{73cVExe
zpYC-0VGjG*#`rLF?=2to^jH7Ih*M@2VaJpGDT{~a2Xprt&JPy@f1V#vVz2$99?#yw
zMeeUxHT*l-ZTtD}bfwQ5IN6(hNIgH^9J|d1<0zw20j5%5Czi;d>_DK?F9mb!z5xrS
zMZ%Lxp<nLZh8XTe@sKHpWLg3Pe(#Aex%BTh?q0Thc;rRZG6suk^}p%kA+S<G0PfHU
zo!Se9H9CTU?mh@V2*gH5fQH2p1oN2zt%?;^W`{l@FeMbV%MT74>}B~q7BLIaU<Hr&
z)9P!0NPVlU{ey1+Ri8wV>_u?G-hV?z0O^c70XzVjMjrrR?F1IcI2eJTM1Fy2FgnHc
zOIc4u&HNFC2nt7zUZ(&~NiLfS8bh@FnjogjT9B|@0*qsY3cgn;2y|Z_2K?$lbog%8
z9_0ZZ<KLmrOkG7-WkFcOrgWCL75D{74O;taaTRAP&=g^io?sbGW|-?H^BzFu?1^QO
zb!EllKU^1|%tGM^AiSk6usD(Fs2asPKc~JeCY(2{S`HV(>C()lr8}!?iLVXm0p{?u
z=?sDdpCpKe;*-0dv<X6V69DCwN74OGibL&W%MZW6C<hJJCmm=X(O+OtmMDvol(xwY
z;ry8j7bXdB0H*7gdoHcTzGJ1%90Cs&6mUjB2*ZSvYrqFpJioKYM3R)x(_2OM2J!Q{
ziq=odXmi~Ww?c^j@_wgJhOR*by9wxK(+ElGnXCBqJU}^M6iCjz1R&r9>rX9du4WpL
zQDqb05(P{n0~YD|Yt}s4Ql)WVFOupFG70caN!BMo@ZSho_6Lux-q>4&2N6mHHDi@*
zSJ_2QwWY)<Kyvslx@J&Y%rHF!#qZ&E>)zb=@PK&Jq%~}T<wD=gSoA{T3a!vMkkonj
zYVx({gTNi@yT1?Hy7pzfV?%pG*^b)9{M=8O0m77TL&uu))x)4cz4;mWrfCQPQrvE_
z9d87(A#WT+xp#WROgyKI*aub}S-gC8Ba}%^6!|sb-ElMgwOrxm6?u0Ius>Y~sP#hc
zU$*%+{3>rbY!z}JuV?La9mLM#P2FTt0eK@h3bp;6z;lu|P|Ht%VK`o~Kyso~P%{fQ
zca1Lx|DV~%beBkunD@`$i&{><l_q*|K`3Kda>Ah2{$1+~4|1uLLM9vyfY}^AaNS{x
z-|ZKbGQsGZAi6Wz;v4~EeS06d(vG`aRnjFv1Ccklds78AuAB!(axl)tKn^#ap2xZ=
zWN>`Y+btyebZLFDW{I!4a!F2|7u$sh?k!Vj$bsy>gE37;gbGM#RbnvB_1q0&l@eU+
z3HZ_ziwq{_O~a#*Nr?|8V4E-rG0i+9&w!i6Ue|5@%B?S>YQnh;${tnc7UbV<&GG*V
zJXF~=uz`m1)$GTTSyj|3yut=&vE{D6>Z~+|r-i++YjjJ_{WHdcE5EYo>Q@#U2P{pl
z5%>nQ@`8-lxXFfZ9oTivbb5|}OSE44=h>uWu!T~!HU<Y)NU<4wnd&k81dQyLb&71E
zWsN`kF~rF|N+cj<<+@7x?_b2IdjLUyI@&okTn;K2olSHe6{LP$wQ%?7tRT(BHXCfi
z%U-XL3>*5`(g<ulo!XxmCYs$_Mf@;3)7R~JzuoW))_(Z-4{!_zXkONTGWoGD_F%r-
z!mR$Z8DnuF=4Qi>*9yKhv3CzU6p1n64^Iql1?*(K`R;wUG-b^&5O&h>BS^@hon3jM
z^Z9vWsDzBlpQ>+E#PE$+%B^l_LXzipq(#N5?aRB8f1P&~?L(Dg8pV}@F>wW>iKE|D
z7_?LF_{@558@#WXHoJ{#lwytl%wKomd7f$3PH4idhE6xe<&G=z)>GXP_hmagha;UD
z7A(-g+o=g5YSOGNHx$1>yRp`Ba=4xOb2<Nu3<o^<uM1Qc*DZPJbs)#=Up8d?`TI(y
zWW*2RS!c^xhSbbAKd{$IEM3-?T+)`OW=_qun5z;|l85Nu{jSdYu1pSgzljef`y!lQ
z>U$&6La}C>@^*NnXY7nGj0PJT?G(7~rGW|+7}Vx6$B)mrKZiO~rYziBBfL0u@}}H;
zIP96?kY=0IsP8kTdF$#lt{w$5{u=w3A#oFT7n|D6J3Vds?nv)A|Hxa1gp6z>Ay*@y
z-Gm!%pfP7+hDWEH;|tyJzt=G((16oGH9CS3PRUPZ)@owb={AzUP^zPOtcTFO^9O~~
z`-Z$9r2Z(!&dwq>kV8k}1}YHh@1vlfGi`b^R&P5Nn=qj5O$4SdIfjy=)c5U{(S$>^
zHEhq%Lp)^WBIYKoa~fJ(-8`1mXQ<BM=ESK#Fylez7r3DiRFMf>CjvIE2{bRYGY1S_
zx?npmTR0GdE|GjG{y>~k(g!3qE*6Ih0FwQJ!~HO`$oR|(K!KR}c`~RE|Jc9`Q*=bN
zWYRT5H3k(;2EBIie2}FdAmQsMk-$rg3(irGth#-PTPxf$b<f%M>^Sw#oF;HH?VK(e
z8l1NCCxEUaZRt<!lu4-G^lk07)F!c%nyQeDY&6kS@7rJ+)YLG76b>DTA%C@;?L$gk
z4voo5)v0i)RX~de-Ph{Z&M_k@Zl>=&N}YOz+S@Q4b-`IHIC@P10WMf>3Pug3le>@e
zbGe&98}Q5pkB`YXdY190(!^02gEb9qCOQVWqVvS>kfXh(Cw-bxk*mm<7k-&pI$7V>
zQVEx%`RD@dP~iaH-aaVG!cy%A2d?!}Ovyc)2YG3n!f6p)aVA0c6_Dr)II4-KxZ#Hi
zw55VUs3a=H?P2FJG65Ezr<}X{ERE%BivJv@0f~n3<R2Vb>RK5{Dq1)MVl#<eLmYV?
z^q4;ffyG;DrFpl#Bm+8zjG5<eqXv@S#oM%678VDm4sN9ncNEgm=Zs>q=D3TLI|`<5
zrp*KwQF#g%;?oA^i)iNyDORbgH;esgi#F)ftaFT456p%*^mpk?e!8pt!j$~kDxSxe
z{EaX9&YN<&RdQ}sawb_ql`I9YrJ#@!+S(F&>rw`fQus+J8y0hs2<1YQaD|}ebIW)_
z%6<-&32m40NtMq-%P-cJiDAnb9LgmV%B5?|dAET-2jy3X%M})=Wr_^XRPvvxCOo^1
zC|64`gr$`stt-$W6}tHq*v<<5g$hHD3eJ-XW0gu%>q_&GO3VC8YwJp*&Pw}}N(ThV
zNrhyxQ0Wpv!snAbI!P!G()|;XH=@e7v*LkDRX|8p5SHYhUlq1c_4uSB^rR|Er8){x
zO$@1yld6izuTEO14hgxPf~a}QK%#^D!c3tev_M8@O(C`tMFC0~YGq{Ai>zx&2^CSC
zwTU6MFQjT1;I-W2wavq|bmQRC6QCvkd8HJH83*k=d0rR-q6c2|BWmbyF9!2p40paD
z=T|=|r5i`oeNw5LvaXv6shi8MTj;D?T&P<*siUY+>*NSfa2lk~yZ&2#{dQ;l?n3>K
zllnbG!*7*_ed~t9kcO>%2w0;YGOqaVL=Mu}03L6kS~n`QHlBGjGDx%2-D+e!ZIqg5
zgfcd9FtV}PH1X`Pau+o5hqCe&unRj#kEFBkK4n>A6LpPhKKJH0g*U^~n&BdxroZHc
zZn5*Efwa=E%X+e0Nn|Mzk*$sbNqILD<)jby_*yjOsim#mvVwt4;Hzsbq9!eJta9Ds
z!ulcz?oT`@R)HTP5+bDt^G|$yYy904t!uqJ_BNd6j7%Lppli=B<@SIOZ~@)xg0)(R
z+!fi8GU?q39%fn2o0>1L8wo$)6JuHvmBvxIL|4U>j5&KjBJI9h7gi+=qoixfxen81
zVmw)xahLcB9p^n#vs!|Mavc8^C%FtP(#Y{D60`<-?bXzBU9(*_QZDYf1SL|6OaUAw
z_<LCew0yW6z%rvxC8W~0?w4II{>X&DaS3|!Ke{f7(iC|v!Y94QrK`#1&MM?9*ABkb
zB+vSW+z5h;^00vg)%gU4;PQ8jWr}^dvZFXBcLXA%I^#cek>S!a(mYeIr2sM$KTfhP
zk<+Z{t&-zw>0iPl6QE3=E~Q%>8KQ^;5VuQud$SMM6j(&dhVxKUN~BjRmKDU=#g*TC
zy}($k_Sb*BDD2I%@tWr<<n=;1m7SrBt+N@BI1}R?2jwyfs%gpAg1D7zxX8WS94);L
zK71b6g&5Z4xJ(e%O>ZHK{H(IA%8X20?4nQ;+4GfauD%!7%Q+)7FVgeBz1D|N|I<YV
zq--DcT?cXHewM$K(Zk3%AW$#>jT{JB9H4d&Jmw!f0S2RN2gw?PF}8zog@ch@gGq}6
zDQAPhi;c>SH?qTqatnv@yM_uEhl<aJO8JM&Rfj8Vhe=68%8d<54v>n;;rg@TM*fe@
zsvlczKfVh4*k1Utv+HBm;>U*j5G4YXBc~WzgX-NS_S>d@P$dtYrG88zkJtu|@sFG-
zk4zN?&V-G8+I>!bG2)j)9a&-uq$I_N^Nt=Uj7FfnTPramcr(heWtO?$qITi*q&^a_
z*1%;093)M}kER4>)+*o>GO<3#PaB|^h9gU#Ru`pKZL`48XRxe{Lu6!3!IU%3+Ra19
z!ixV(Ami59^Ys|3!(c}mC*cpCOv>mDQjqMd?h~X<`lcVaO;_R&s1fsaov~1=HkC{^
zsWmlVoz=(Q(ATpf3etZv&P)zfc-l&e-ImDlfuaXuP--wk)Nu|iV9yPpId6D258CpX
zSsTm{B@Uy?T+Gw5(TAJlMW&GheUo9lS^qkA73n!eJFWQLOy^Y&lfMp}C)PFI(9YZd
z`4<UR*3N-a&ELEDJP1nDeS^HUZlLkO!}(>dF%RB6$B0d~wn_ojtPo#mnIIKAt_huY
zUY}U#%a_q`%b+pn4FRllvr_Ghi(T~PNjh7~Y86C)q8Pq*If(QK#5#i<;+cG7q30Fv
z@g&IbcaYlHWydZ7BP0}u4xjRRqc(+76Ebt5w77=iNB92B8Jmud#A@r)E*)Q7`W9}p
z{bnh4dg;fA@m{zVSCQI5a^U?V+t~|uN8-jDD~xCG&Xi|~$yQEbHxqU_6M@HJqjv7T
zBWh==YJJC;#qaU+8O94i>TlyC2VSTp=UHGaCdARxkD`6616{LQ33q99nybduIgp1R
z?6}9Ny1^9_owUf4ej=^8Uxpd-*|cS@;-?GvwcD4xn2JJVk6gblx|<$Y8WGnZ0<#VG
z>@^e?H19b@wk{8Be)-qu?NK**@qwpRz~da0kKRGJs$!Ilavn`k#G`|ZJqaK55y12H
zE6MNPWXrVex|w>oj+CI$S8<;c(&zUI2HdY^iVkx^Zlg_T+=W~T^5Lc?)4F_Ok4K77
z){oVa&5a)JM}bftsy7T^@Th)M-1nI5mCVO|XnR&O2d!2Dqu542%(Uq7_B1<2&<#6n
zYE=8c%Rmv7-0{FoCIGSJs^I#t<uQgi91FfN-Zuq|%{>+j+KR~DqI>MB^xp8E1iB)d
z`o)sRU|}g<LfkaSAGb68yuLUllP<;$nJph2;6)!c_jbyo*kZ@u@b9dZlTOBJzah3F
zA(-CuDHO?6inYT>HM)FnV=izfx!lXN%Ib(y&AD%+5SK4$)H!%3MfXl2H&$xNE{pD-
z1}vT@%f)C4Q^;W+{KITX2I+*>&dvo)P}-Gm7Rie7vnD}K3a%wZama%|*``KmL2*;X
zb__p*UZJt}$h%}OgBwWurB>7{bG?rC#FaS<<4g=CDA9B|xHS{l?@Bsz^|V<x)4OJ4
z_dficj04Hs-1wS)Uw=}s4#u4G3(jm&*2S_1>d0p9414Uj6_iptleqt4S>PX4Q^svl
zxb;4PSCh|P{ZFz6-?`>r-E?^W)4%M0f7zk(-~E-I`db{KRVs8MR<X47W9Kfaq|r1C
z`x2>!H*;@IF%kl>6`>C{mR1dHkiqt*re3Jlr%(%|@XMIb1C~56pq0}am4cFyjkioa
z)w!#k7<<NUkR6<b-uimipeCR2&Ym~m9M@)y^H0g-N#9ZXJnv$+rj8k!0vmG}c<5&1
zrVT9UonKC;dzu-#wBjb9bW8w9CpsoJE<PbKDLExIE&XXafYL<)DYPK=3v_fcAkYOC
z9aKye9XA_rLFY+yRaFDAF`oVcy$<((kBbgFZ46Uq6*ufv#_&h-$l>T{R!&~hI{;t+
zV4xWmCQ@|+Lv;PCswf?nm&BOK?%tMY*pd!?OI7dC*#92el!;u#iU$s9n|`+m-rZv1
z(o19Al){gfb=0b3M9G2sEc-S3wVx%dpU_Q|3}sx-1Kl4Ow8n<hi|dAAT1W;cX(0i4
zz#}U{irN!~gPcdz6VG%rxTI=ZYbLACa<z)EFSkW&%v(JC6a1ggHmJRh641-8t|Yil
z)=o<V)O~KV7;7f#wf!*e2>3JO^}Ow;1>waDdO`j6#+AM}c4>QZd(+xL+C{zME0$4W
hG`#YjOXQB0&9PGLL_vej)~(5Eljj>RgyF!g{{t2<RZai^

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-design2example1.gif b/windows/keep-secure/images/wfas-design2example1.gif
new file mode 100644
index 0000000000000000000000000000000000000000..3d44049fa2d64e0fed4f8e4963a38db718b4fc1a
GIT binary patch
literal 29827
zcmW(*c{tSH_kYi37R!u%XE63?>^n2ovDMfLMPn;UMNyP$#ya+~hR|4&Bp)Q%8~d)Y
zBqUi%5+#+iXnuWv=Q+>0uY3MF&vWlR_ny~1cJ{W0Mt*$Y08khJ90LBy|8Ua3QAi3W
zCWZSa0KO21HwAPHp}Hkd!xDsH3DmR%@jor&F)hLT1B5aRp~TeG6hkOOSl`1F$Wqof
zFxK~ktjol#%Y;ZZVx)Ugq<c70p{ex^DW^I^CqJyyJuJC~0{|-I8mvbn&ZCh`CObJr
zs(93qox*Wmjd-s*6`y7xh-2ziV(k-&_i5$`3E};^bp4tQ{px(YZkYNt0@17CUOs+)
zeuSV#!;ofjNCF|G+3<Xq_5W;-SR}_ZyoYqY%_F>o5IH~&Z?ldZ@QTbMN49xHwxx#z
z0eKv!=z++{NRQ|)ppfGg-Q`4^Ak#+tXk~^8983wvkJjZ!>j|RucqC5+CG><O*Ciw*
zoKGI`$yx|c9|%t$+4b}4qWMH;jRX}gg%@^(6fPLnac<;|<mKggm2qwqPK1{%M3&6b
z3MbB&t?trr(Pa~x3Aza-6Uk+5;rG@P%BCV~*3-+T%F4=?vb;94NVK{Ik1ozs;du^?
zmQ^!*qw$kp7iXX>IiYbgx|u_3{*>3aP|~=N+_s+3w%gd)nBMlOq<LYYrmU=a;a>Ap
zS@TkI*Ir}uKzh%wte)MPwxxSrt9d;f+61SthjXuIsjh3atE;PI;8V%Kue=dXW6$bd
z^S|ggZ37D>6P$Y^oSG3%-YlnWWW8{fQ#Qq^nc&n-{OTH6zxNMMaVADaIL*yn6YKY8
zIXx3gT@#x<6YCQb6Lqtk=2_0b)Mnf4uf_$=$kb-t5~p#AGcvn5GW%&__EXQoueN{F
zg-=~eoT-IR3kwTftDKRgUjwVZW|!8dmUd^CK25FejjVH~Rynh)dkd?(zZM22);X)I
z>m!?-+4a5Ib<V>2-qQN+(m%ZUYiV<D>3^29y1BRT>7V6rR+rW{_troC(_c%woXt;r
zpFZub@BZ4{{q^h9`sOa@)9$bJJ<jew&mQN~-ml&NDQ9nw^K0)HXYZezv-j)&A?JUB
z-~b$?6sexs9fuH9J2_Ne)|-S;aB!k$<oBnF9k#qP)KD>)iM2|RvTv*$&QWozIoaB{
zs;D0rF_dc*OC7&sczJUM>0jl94;7eP7;3DZtRUs6`HVC@n5K6Gzw;BcfzwMoA5Zi#
zo~Tbiwdd<wt+`)MKMtO*@fmI2p1<iDu({*FJd<k>^`=^4;ORy4xE1g#9nVJ>-<U*q
zZ!n3XaeN8^$!#T0t&Q(S3tR>&Y@R3`t2f?Rk`VcPw>@m3?m^e-vD+VCR*{BFo!j+Q
zef~S;c;bdeJ)w)X<lgzq3tnK|p{;&uqNDZez1P+aKf67Y(={&QcpvT^K1F%a9@D^S
zbnfc-`SqQTL3@=(ar><=iLZMeLV6}XMhBa{dH(F#t-oxNK+X*#noS~ZF+p%#Z)m@q
z`x?epWhK6LzcKaf$~VF1F}9f7(+HP(qGJdrFL*UsrDn!i-UUM!<g(aE$hgX5Zn%<e
zxQ>uh7d^Xn#JqPgydU)=E9+zmN$J7cZ1DHXNU_q_&{fIaxd605ZFl)v{>dx$rK(*d
z!Er+lE{E<9li(*AI5mG*zmvyrHF(mHR-d4@SD90ExFPz(`@7VoW~YlmUEQ7~Cr(<*
z7pLiOsyL`O(*>cnxY!JnNwMiO%;GDX_cc4`D@H_Q7OWwXcIGvkHMMFuRIbq^XUA6i
zAoy`wereH5J5YxRJ1O22inWU-?NIFFK~UBM)dA}@KI3Gu6?ssuQe*JLxzn$dbSds<
za!R5SFQ=!smOoVofPK^<pf~$C&_1MgNBz)f@bppb#GAqixP`rspKrZp^DBZ}JX0Q2
zy<08V3N;mCY{4s4EQyUme?}l3vN%ZqR*B^&v`PKY3I{Mb@|S?mBX@Srmt|~fKu=Wu
z`aGuFE__rzqNs>&*1X!**t6>j0$?X~okrRZcQ7<nMbW=OXww*g1wS402aHZ(9)b(F
z$(lvht8tuAk0<F8Hedr9D=|>->Gl=ZY-^YIk{j`l$Ey4x8j>$T9UMY};-y2|Po$hb
zAM~`tc$U7f$rX!9%iQmM?r1IaDcDayYcX`Mi&sAx**Ar*$a9@=U(3)ncPtHfTN(H#
z97Iz#k6Ia4>ipK;>+1xXF~#z?ht@tczoR-7A9n-`k(9HyxNGpa!)k-E;s<tF7Uym4
zd9PyE*n7z@aai_8R;^+_?jdRV+2wE(;3UJ}wr#NVZX}R0cGoPrUN<Mh;Pp~2Akr6A
z3c&X>FHk_|^(Se#)iU0I#Y{(<m1w(Wer=r#F#w1HO)r0MKq+O!j$D%N_l8qZiQBZM
z2mN|m;i>8^BzQTN$@AKlTVW9jiKg2bGH3=uXOHp`a>r*mj2-oP6)@5|mv{MeT>R(Z
zGWrdKe_u5#?n)~fS;;6z4?j)~?yC??l4l_Vx;w;+_)pwMtRZlInWxjvq=uyh)X_yV
z{N~t7V$9wr6GMag-xc^}rf6zYG#(>~T}H`nf<8MO22}!hLN_aLSwd*zD0S2eL=uF5
zc=*UQq{t)*E`Cxd0XVXod+>ov43SIKU|LDeeXTrn#$N7pp8|%~0ad%&Dg{|0XHJr&
zH7;Azd|lGr1lPLp%7H0CEmi{7jl&Yr_T$5S5S|dnc$1>Z-XOI@K76ATW_i@1i$@UR
zYhnZF3zm=r_pc>qh9NXtChF?qc(G5);vTTWG0RkREUaX*;J!?~*cxsm-?aDO%y$rK
z-z{$632jglZU+{V%ibB=aM2`6A)xZocgB2Gpy3v?_UUj-bwV#dfVsw`frV83w322U
z9;$A~?N}DiY>2vi-LRDGrJn{5)!U_4K_x_qidq}FfPQU&IJ(xFpN{}=#}K1x+vglg
zT6A-R!b6@Zz=YkJyZwxu^jkiDh>p?9IN}ZmN8>l`FC-?o&d0k(FBkJn${E}d^OG9e
zIK5=K0s@N-njg!P`nY71(DZlW;j`a9PIsH@drCaQ&zhmN7l}#Ho33?o9|lA)8+j@%
zU!%WJAm9)N&v}GfR2Y_p-}{n&oip^f=J<j5kGI$-eI*g$n7Bip?KQQ#s-um&4(Cok
z4@fzk7Qk&VNmC`7@JF}{!D!XCW{7O`MQbq3;3w#nu_%3$$`o9ozdPt60RA)nvhzcU
z=lSovx^#obN74=I?O33BfHDZr*6@RmUTb>WbFOv652jPoaO4h!_}@$<NgnYHa`9V*
z)aVZEJcY({X@5;>t_dk_YL^<^lgGFe_*sihfjMtkN$hr>_rDCY#%|u$KfT=jBi^%5
zdDm0lJvan&JGk+R4S%=56wKhlN+Faj*Td%*=d4fhlPQObf1@Yy{_&o<`8|%u0Mu)o
zA~y%G5#uFOV}+MYs(-GEaE8MsCN-y4=$mXx2U!y#5(-YdNr<#;->}1mHiFZBrHYo8
z(G0+;LppD;5CigM{NCjHt46F)_(W5D3XM-ykTo2wPqO$Wfr#q(Vp~OqYwf7$gx;7}
zLJnCOo}IL}vnzu$j(yeMq@|r(tPq4&|5ugdBjbi&6S<-vQEGJv8JTNj`I3+XF_-QQ
zC9aXxt8KLcKLqRli4(yO=}8n#W?o~(0j}8Qw(-Z@5nF}c$%yY30)B!njNYR|ErVRu
z_qOaNL9|c+{;1WND*T4^3fyXqxO9+-t%SV(n9*|HiJv#{)mu0wUtO2Y#T8}x+qSJ`
zu<1B?z|QAH(J+Vd?NGZ9#yAi_@!pDRQ#|r@zNx(%LpO*N4~V;7yl`~DGbzp^4?)ee
z>U^SUD8c88@$N8P$Nbki<J_I@h(U1sR8`?ZUD3RkHzmvK?N5p)WN-y6i>S#ejUrbg
z3QSBlU2hv3kNa+$3s|YqRJe)1y7LIt3dg^(PJ_KWarP&rrQ2C&_;YVUxEIUbo=^HU
zwx$_*EX+y((Pue~Byk^#;#M{uva;AE0PweK?`i)1X3ZV31_}FHllxH>8U%o+#Y&Le
z(p?cL^YiJ^(p}fjHhO$EacKq@9~jO9Vl4c&<U*3zOVXU?s-NIZ4ON+|GoaP+pRk1h
zEdP&|M2_)HL*n8n78)4c_L+wM;~l@o7ghY}ecR-5FtuCq?+)B-LymEcUjCDB866wR
zg(CoX3fyOkFM@piPLlj<jI%G3xA6?=_3`V=gU*d*+-pgvGpj(G%9pnWZ}wwR!8yR}
zdn21Of=4mvZ&V%&xY8R2nxl+*Ly<f~_C!*k!4=>$^@?q5wEt~f2LYSSxI*=ZTVi23
z1XLat##;~A)yEtA!<VkoURQE|Bk)Oyg=CAyZoTAwPL@`fHTq@?s4VmTW<;%bqu#L5
ze|Ij2QRDo`=uI-(kE$=jjx)04yG_s-crQz%>SORcoov-BOt3)%V95pw1)T{Tf~!Fz
z0={$O2bH$I!u^fG8@zr6yOF@U&%G3;V#|nJa7{EjPU0`;{<|ERv>$SLpLeZ0@d{mE
zgqb9ijh^P>QW5Z1SmyPGtK?DX&@k8+0*@XDTth~G-{HAh2@b={1rdO~dNgU!<~y4w
zn4R#%51zW5Oam*m@@K4;8Rx$|o^VVjXdn80$NRk>&tEEnUI6?@zZObIKmDF&kj?ww
zPROkdsV{7b6^nOkPEnfxoWP*p0^IFk=+|NB>J9Eq47$Pwz_HUYJ-*u%#M<$6Rcq8h
zz0b!psEat5ei^t~4q}6asr`gqVP`Wo(wir_zxavi+DnWvjfFS{!84b<52li!%nV3~
z%oP^6&J$f9EK^0`I{-igszTKcdRqU=0f@JhpG#mv6^`Nh%iz5;m54Nwtl#0?XD4Z6
z<jxR)0%r0#Cf_N0nXY;?hk%X@MtEQ^k1wM+VHZ>JFxP*%gm~S@57hhxraqs2WheXN
zI(IK#!?T;q;DK>J6SbEG(3THxu!J`aX-$(UduMX1k4tv3`8okKmYr*8$;V(A{Uvhe
zBqK9FsP-awipc1xdexzN^jnI;0D%6B0V^Tp^2naXVLU~Ki0|zDCL*6d7VOVPdr%PX
zfYVPYd|DXDEXMV{93s)aK+Ovp<R#ftApDGDFPTIsNMgG!vMCW+=pu2Ib^=dd1MEQF
zfRBwPhDfGj)A~q!ckLzH$b4gDm<E~eUZH~A8Nv9cQbBakAesJ7JM9Vc^kc6(k7+z3
z2y`bI1~o3-n2hJ9cuv;y1mh9k!g3oy+<)tf$9|$|6xnD(i98mZxpSttyhLNT#FY$H
ztFLGVK~2H|leP+1L&;PM{5{g{6Xm!UjqgXHdK<tOu?ykdS2<w^ykPSfxKe*d-+e;h
zdxd3c;F+)@h2J|+u2$Kg7VvXc)-7;Zt8!VBxa0tv?>hzI*H&hrjdTlgS;Uq<{>j@$
z;QP)-&0-*0YFw}Jkf%F*iJXz*EpfYdA#lT*3ZerbVkC)679>bi+F@b0+qCUd1QqIq
zjk+s;1fUj{VWI~20tbaD1a!2+zvV*fI>>~2@}0v}wK*`Wk`=}oJa-3bZo4F=%vRn6
zml+U%)>;4G^=NSvs#UE@N=+^Y3%#kw_k_w-w2VH7fz~n53D>F*Sk*~I=(E+wQt=On
z5~T=|<W`X2owkaSnrynNT-h%TaF)~;Jih8$%@}YCioN%+@yz#-+NK5sbcgFfJ<s+|
zYOfCO4(3tYwfg}n3boW!DDyJPA^7-DouO->KI*xw(}+$?72Ba<+E^}ixuSQDuRRg<
zflVsM)Q!zo`*SFDaw-TlRVWcvV6bxg3OSotl%3GZCj$mi!i0~C`0G#phj!-y)ax^1
z`GPOsGmNdjNWC7+;B8fvtitj}N<alo8amn(-{FIeSyCYj4KmkZPr@LgSWF)VY=B2R
zqBKsX+&?Lgz*7WI)bkxDXGbylbWhY(BXXKuO0Co+W9#cY!}+f0fujLlE4tu&G9oG2
zlH6XC5$mkNMsM3!B2%x2H0Qq!<MlIX4mi<ltbL=qM(Uhoo9}J|L<<&q{i#M+qyJgZ
z-5Q1T>w<VH-1h|fF{VNu1NlsTNN<0d82z6CkxRjn8#2v%yc?|i0Q^-AmZ;iM+}H|I
zueIk0po4RGJg+^exN~~r1ot+!xu(5M_+u{F9*8_6-tf@4NgdOC?rD@{)hoaUj)&cp
zN4SMmHa2koWR`3F`ghW-?h=rh1Vm<ihv906q1@ezl-BcDShJyIL>4ISL3R+Olz+9;
z^`lbdkJd(YNl(YNjfc;+KX!E%DbVbKBiNZCF3<KpHXG~!eq@QCsqJkaAAPU~wl_=R
zQWY->S>Kmg@%8Y_7&uu9&VQ&|aJ2(V)iGvBQLYFcIVYp9_CRg^c5@cU2UMvq)<Xw;
z-h5PwQGTXZprD@C6|&xQxZ~mHRE3v7tsy@wDpABR^jQc2?f5dv4-b9X{!9Y{J;!15
z&D=hbLk;n5<mNEThkhdlej{dg`dp;?(+K?@TXJG}c~~yI(gyJPqkO8i?v1^qb*mt=
z>;`O-S7dTf^4zrpq+Ix+!HAQC{t~^0tK0|oQOk<{%k4t9ihD;HV{x@WQgQq1vxv6<
zDpEYOkspO)fbh)DJPI=>t#6&$mLJpcc!#g3V>p}z=O07l0;tlHGD3^O_lwO=nZo?o
z6afn4vLB{&PuQHuHIm5Jv?X+11o@*%Av_eOk=EX^IC^q7my*pZt3RfIVcUm~8A+7|
zGsm0&m}U&>K7lV0+kEl(sXW4f!6a}93k$1nSuZPIlDbhvMz4gH)Nu%iccxs<9TP56
z$O51{mp#$=Wy0}nJwyCSZJWG*H&=?5ph0)e*Ma9cL@s~1Teg0(@55Tw?>sq1;47lC
z+fNSGwk!VLNgZONf0H!sz7sNU1&7`-yHIpmT%-JoBs38~Gg)29f5Lj25$4wg;jF25
z4d_vE$Qz#g-<Sy<2h?54^m|iDCaaIhLXb`2mF&J-nC`pOmId-HpDbXX(c^E`BTwY<
zZ<x`}5|mKKG=&}4;g|Q96FT7He<)3rRfa-OO19Q!9ou<vSZda|oNv;=be@d<o!@YT
z$P?T<%am5RnBFDs%(n_mMM+mF_(&%0lo`4}1*Ujrv0R@yn8idh?uxK$k7>wTJMj1X
z$Sm@F3<e%gKy7!zEu4|Xtef@AypYF&7$%Bu#D2*nQJu&me&4~oK@eep*<e4n*FZ{W
zVO;lWHv9x}J21wfHm`@L#U@^De|%+>&AUU9?5e+ZcYVf=AAKAIUJM(})=3+svdIjT
z&%x>&{OcKBR4-xt2@UQZDQH(e&L7J|{iPVU>%C<vS9pN9#e(PVAYIas#RNoJ{gUo+
z?ho~t1NNJeKAsu}K)FEVsvS3HY{ruYgAj4U0Ax;bKyEQR36C@^qeDA-PLw>7dc^J+
zTQR(J=dBC(_xd0VVNzuheK`vlWK~61fRP+3LOcX^jG0xm^MXi4?Sv(919O!C+~mjr
zFB8`IZ7!a=lnM055Kx)*a5CRaqIG0i7U13~b?OLr@{ZSQir@i$EP^H|D1&O<f?qoS
zo^oT*(3P7*mT4m_MiNt0$_C1*?^JMzrTZI+tc{z5!7Q1_ieCSHasXrqs4HYoacXAM
z469^p?(;bOay`6wXU-;Lv!@re#1h6*dMAh%_1WkrStG8jMq@va4Hf?W;b_;=D^`XA
z2Ork#$1`IG=#s}2%X0j7io)G#V!(F$ji(-L?%4~1c*=(+Em(6kEUg+mXYN$^y6-Y`
zDTf!8wezpYMs8{9w}tTpb1EP_&!pyr5bvlm#5?qV7ph&+D6*3+^l{Y475)CK<T#nv
z>bOu7Ro{xq`($rxo6OzG=3Wf5g9kr?V`0L4a%EVUI}9rI+4=4ci^<o2ov?X}fcSo}
zTN=w_u6kFo@kkGrcY{A&4G&wqUeA&FW|{f^zE{^f&=vixS=CA29X`HMAIZFbZ)%RR
zz#HVpFgpT)_3RZ8#JF$X_C532$t)IPjjx~I6dtn!F91;IKkxbU@c2;#^M1<i@uTgI
z%4CMh5G)2k&sHF}6sC3t)?KP1UB1dpqOHN8=aiij@*eI_0N3R;nk!8o1npFpJVUsS
zBlq!N`dM6ep@6f4WbVMPW8lRYWcd-)UCwk(=Gg`O25w1egCclwPVwof_m<DuKK?wn
zuF6;h3&L*-T&+X_4XHDPSQxJijucDHAYc)P7_P__>lCi%!CvlJx%n_CC2+<QbA$^l
zvm9?-==#nf_b!6}msJY6*ih?~c~76~`y-`h*NedKF;-7+*`&+Z6uEzJt#U4r7q+3q
zS=_A@;g707j?6xa^L_$I9t)kjgr&Ma@;HoZb%Y9FZb%rYN`s+b;fD?m7?Axz-D|;j
znDV}kL+ZkEVate>TyF^sCA@kka756;<(hT!j7(7`VSN58eENQIp7Y(k2Oqt_VBKHC
z3DPI_I8&z3#_I3Udg?FhP7VIO;IbF$aZ1i>+lt5<+G;tE#7!QX;{!Q`4C_G-8Oonc
zPokL4G&W9UL7?$YtED%!?;XAScPII4vP-d%ma2=|Bj0Dgd|i;%ewqZ(ot{{LH1xp1
z;8E09RLh(AR~MP5YaV>e2IW~MJrQPU*%)tf(fl#jy1F&%lbTcOu_mTiY+R1Jw{@bR
zm3_lNi99VC<NB9rKX_a0XP>RyRkg(QHi1_BFenlW+&(AJca~Tu5kWo_HC7XTS6Re$
zw^|m#S{C<Iy2B@kDXX{4xkeiMWIb>;A`K9RdLhxmh+t-#+z)qE0SCln=)dg!HUMqO
zS%4%Qwc$l2*(2B=v|Z;4zHy1GTn%79RePxd=Le@$PZmUO$}3G-ZwlNK9T|~&n+U%^
zksrTS=T+s*O=#2-QXMh5cu(h$%5a9w*P1@QfJ`$hlxmaVo^zh&@Aw?E^@6xuyVYd{
zr6anM$4JKpXjDi0!Sf?!4u|s^pE{3r_m!PEzx94pqs>}*QKkGr+6&1mbMkSL?3qAW
z@85EXfa-p+wJkl^NmVGrG`sc{L#e@vTb0uCSTo&V-E$4*&hSH-6!WSMSy;Vlusf&2
z?YjDn5w3~3bmquNSrl|c!(qvC#=TarIpn3Y+#UM?4N}e@0mwzq;UB${Rr~kvsB-?m
z=48YF%25o>xBJ|V=J7pzh{#rKwn|AeSr-FK&-z}6HW@TiVXDi7qxVTNa`F7G&~%0D
zqn6W?LDS{QJsK^+RfSKkrF?xL0ItKr)13x?{md7Rmzff}rH{pC;*Kg}J*K}Uw5j-C
zV|tfj>u0?uPa&~HPqAkwD5ykHURZ{L&}I}&dI=FIb}?g9S!yl)=wP*9{?R~gC6i+y
zg}d?~ZGnlJ&V01A(eTl*63;JOkZ}IHt#vmehCd#WZb1&9BD-t;>~@PBD5>#i*8Z@F
zvAfz9QDHp{2)Pd$Cnxx$q<;=MY%ww1QRhjiZ187&TZs0eybMRo&aiHhhjVI1Ua<>U
z(JtrDxaD3U7|15J=;qTD*s6z({Q9o@_Y@j#Z1bnl<A1nM-EA96i&;yt^V!v^s&NM+
zB9kpmj`<~U^`kGR#@d*x=`z8p=^=k~rl%QG=}1Iaq}Ls~I0KtR!*&Z)Zp2+<RTVV2
zRPtmd`=l$CB|L6@ceQsviR)^3|L_J_{3XK9A{)e&6kH3kVZFFUSv4r?qY2I`^eIGm
z^7qg_1Y2ym8f@-n@(B-^L?U|)^Ig);dunQ_WP6%yfSJITa?K3ZXb9<Pza}3hjjPNO
zFlRwfLR29bb`3s77eFywl#?i+(w+(dh&(>){)0ZzO#~Q^<0!~V1TNl;2<N>TwZ?mU
zx`5|oRM99YTOf8d&WWHfOv0Vbt|h_GttSj?5(9E7+6AGwFKMIFOhlxhly(OZKy)M;
z-9FK6*rEWtA4Eajep@bz^u*XeSp}6?1^grlW3)pl$gj7SHFZEa3Q<u5TfJf)V7N$Y
zuwo9z(!Wp1Q9OhPLa9zPsiT>jzp#{8BiPBHRPT#^P)^D$$j?~TfsfaZ1&t!04>lg)
z@E8EbSyl*|AP5wKBmV8JOx1c@z#D&GA6m_IRQ)TA;zyBs6845ysXl?*b|(Lk0t{^)
zhDksB4bol-pm!wzR0kF~jkf}PSrEq#%56^jN&8|?{6xwIIQ}joj_)QFK6-_%T(%ER
z-HfGa@bt=<2umF*TH&*&KDId}CZK?5NFs%mXWgau$pZIOnAnJ#{Qzg}zgf=HC;J}C
z5-i1U7%>2BJUrHB__94M{%uXAj29LVKb`YT1K+C~3UibHB$s}1#!B!QrHA(rhRc6u
zH#I7+j`&M0$(&5V<_Bw{eesO`zf%RUW$@8~UiJSZpdu^P1H1Wy+$Y&!(GHBSq47^w
zRnsa>i<Shla^gv8`2eZjeOI58Bg&f}g3ZI{;+z`qJ(a2o7Ja(0auMe4A=EM8s#+d<
z!=6Y3RKOLZuQv#l*C*rlTd-fGIdu6n)2wr>DCpw{t5YfvUmp5X@sdEBXkrB9d)w7=
zC{dfZJ__k^WsOBA)J5nyq?{B1+KiJYtwNI+ww>n#j1hwl(D1%C+%jrunQKBR8gnYF
zSMoSpj0ZKQ>=f4HU7Uq8o{zKo9^8w_&;4>G?iJ51(+9TW2k*G6sq3<$OyKuB+5_j#
zx3q%!ncz=W0K(*~$44=_whcQUKGEB;{6K!-*@t<`PMBki3YimsU;2b21GUb$^BL)r
zVqQ1}8pW_?jl1J4cLOm#<e>@4>xtg#jr7lH`FtPfiEy}2mbZ1U<Z~025En11U~45S
z9om0aW^#3ym7_-)Y6|59FQVPPL5O;41leCZAe}9}mA}#?kWkt2zn^YbjDBy3SW8``
z#ZYDhzt~+eh2L>hj?gYMWWnNn_&phMGUw(}8sGf}$&Pk+eO0spz{SU1bBe$(5;O(s
zI&-vvRA>|yp>6zSJAJZ;_q-HhZnF_=KUX2{_3yi}Hyrup3F*p5&HK1Bt~t`;4muiZ
zNS&G@sw3B;>cO0@>IM-l*-33{nlO?W9b3z=JkB>(S3RhsIk*4m^|+9n9WEDg$M<26
zSfJ%O3z^Jp?`kXQbBtD^FPRDy<O=otiIMo|ICtRsG;Mg>3Z%kL8W(KFkAEZCGUSj=
zKQr_sdK360>N!qvEE%T~vBC7mT>^p30B#8gct+VCY4=Q-FN@3BWd5<hEkR)U!mW`9
zRa0dbzxCRlCU<74vS7alj2CX6(N`5BCZNB0uCceZ9H1zrY(dsrhDD-Wkqer5&RTSP
zKS^!Bam55t;E<-U0b5uTla5L+lc)LxL$imdIx6(?hunxE$W@Fv_$1Pek{HMY@u!OM
znbP;DNb@<7qUwB$GU&}abpLAJ=3evrh;E2DJ!l^;_rX+7ow^CG$32cue^^HoQ{qe+
zrv3&}xf@T6>VaFB_k%lzzv94iu~+a=-65`P%k^==t=I7JKjgcUG4X*5VAzZph5+~7
zhjZXkiL3M+qhbAYP+Yi5q93<a9y=k-@F9%JGO0xTj6xPNk$2b{7gYb%{qQf{vEqR!
zXL;)NWmO-Rnq(QZv!@ymt9s_v8Lyz@CTWZ#Kk3Y_OZn9*?e;{@6wz>r%1%yote}}b
zObhG*tb>z?1jubcgV>E8Jw&WC34Rz0M1Sp#qsHNZ67Kj!S%QFmU@_>Gm;wQQn$_m#
zp6oBiB@7lmJA-fv?v~~kvIStj=Hm94(CTb8Tc?!jM$l&k`mLdU8$Z48>XvZ@b}4kb
zcy{&#t*4FjaGI&@6b!c@Kt|mj`fT+_ARx0lz&mcMKx%wCe}Xj|<g%Z{ahxvD$01Bx
zsBL(vh9Q^y)IiA&>>{8nOc`R}5M+FJ2q-~t4Z^cQHLB;jK^UxP(Urs@uFVm0w~{Z>
zYiuG?9Djo@Eb}Er^I$NrOP+Ch^&LKVeP3%>6lv(?>Tqm9XZn13diN075S-o}i&^Zf
znL&C2Nj-7^H}g;f57LPxX^DVpF_ZsA<H8)hO0k}8DU1!~QgwGM!AktTjIxU`{f>9|
z-JTFih|}ALS3AM2)sxM)Mjy_IHJ6c6Yg6_6AaxS7Knj;zR0;pbQ3gICm;s&jq&D%4
zr{EK!s8l{I^xQstpAI<}1rHTZh>3!?SKjwstCaAH=cw+36DMPNupo_=62JKbtOF3|
zol?_gaZn9a-9ShfCWh|A-Gj&4$e<w}=i#?v+RTKyb|(Y2n7$aiR2z0aDkZqSw`(gQ
z0C9WTX*`!~g7-UenKkaR9A~r-KSv+^+r%|jT<G=_bY(HqW?9Fy5KIAqx(#E`EC?Rk
zf%^ocL{ZWSo{1946B%q;c$ky$e%sG)N2*56z;k00QV6$YuF)o)L-dTFQV1Vx;=Z-B
zm>zxeYuP<Kye)UsWh1RsDxq*IyQVzu%3LOyuKG?4?t+m;VE(&KPQc&*aYCDoxVl~?
zFFrhJZzj`TC3csUqxQtbm26x!E#}RpamWHs`45`An_R^2O={gkoL4Cprlw!5Pqd>t
z&-0MYmm#fV&g&Eb<@rp7DcTt_+{ZKV8Yba-a3YPsbuEf3RoC9;XOhREhxahD+B<b-
zWn$c9kdZXqTTDeq5eR0&gf!^qs@2>&At4Mm!y9yobdQS_r1c^Axgq%F9XIp+q;rLk
zRvz-}2-H&}(F0F_`c>BzpKxV|+k6)mNrzL$2FyOdC9wd`C8e4~jVQ2{1bMhf(}NKZ
zof~o1%SU4AT!XqVgPypYYJp8xzR-H4b8J)K9Q(Q1J>*=aqntCUf4*lrsyK+my`qzF
zZZ0VlEAOL{bPGWvzsrdlp5@$Aky40qu|XaW|IWIP;mXD%<2;XNfN0ep3Jk(tUQK_Q
zL?s(_jzFU<FCp13c=+XD+~xX2i-hs31h^b{_*+!5Hz6lh5#bh`cq15o2?IX@0?}U!
zUaMBqC!@F(0fT<eD&d!LEC_cy<iZ9cDVZlS=y<IP%5Jg1fE90Z=V(+AuYlnZ7d==^
z3;RLi{NH%=sqZdYEZQwPRMa~CZbIy>25^}o%m<rv6M)sLa6c3lxUUFQJKJfzbCq-f
z^>;4N_G5RcfCv3vwN=_tVkX1PN*e2x5glhxUD8}~R7N{<MEbaO1!(KB<GFo^mM8eu
zvgC6*&LQmn@cukUGMJzB2v*_jP4<NJ`FPvdn}Pv{N(2$VF=JDBa#n+WxH^?TD)FxZ
z;!=(dyWgSlMS(#JOk`f)C@ArgA~08T@|0NO<-V?FPrET}d}pVI1766!CS|D;@Fsw2
zCgVc@?o~bCkw;l?eS9nGm7A^&$|d`LP)txQFup*3n(WEng?Qz>yVQoCPp4L3oSlVv
zyCGu4@JM)4i}{vGp7I<#Zpfh154ulB%FIKqSeoRr-juh*bGLxhK+DU9zUFevl~~Ac
zx9SUCl-VGa-_wahdi2ALc$5-#QsczY>AYPMRxAN_5pkQx(Edqoq5<=ncr7oUX_Af*
zs9cTXkSdVRKtgsEbP3HA)giw(b1RMYKvOy<iWIlyfO?9Iw^Q^7$xP#<!F(>rPr@fE
z5U+TY==RHx3msm4|4tuCNGMSR4n>+Ms7{qI9$Bz7gmDRC3y)&M)^1S)q&1h8Rf-{m
zH~lvjYH`3tI%NYEDE98L9OZc)J`h8Zl*SybHT3Fi$(b&B?%xvE7KU|khCdBobX1~}
z3=Qut+uC1)5`RJ*_918a<CbnvO`_6W^Vi(!V*L%dLQ7tLqbvq#rYr!Ut6}28_0)&F
z376VM6-yCTfAwvYY_sdB5yGR!=YW|6m(vJ;lYVoB@YAJpBDU;1^9zvi;L3AVNDi0;
ziL3`}KBijltaHrXiFiW7>yy4pXJ58ODS_fntqWcic}XTIsdWV92Pal*d)Uv}$I){t
zxSc)4;Iq}oj66=EBHOX%!SQ0ew-MIA`bCJi_K=X^LVD%Vf>@Mc+~6=*B=w;rBg=3$
zI72DP%`+|n2$5^m1T*6*5an>5IWuC2%R8OJQNH;A>ZxB_eEAvIumLp@$J6+1h|2q}
zt)#HwNvE|~KK8U-s-G*v*_IXms<E`E3%x!~PuqD#WNxOc7jj^*OF#lPn1<ci^r*`^
zSK?V=D2$*dwbo@d$xPSbfaW8-7sz;+VB!fT%)15V2PBnB8;JWUa2l+wzZAY>^UTXK
z#c$Ak+GdjOyncR53{pf=mMMgU+(dr3<5#-#s;(gPKLpr{n&iU{tzX{yFHtn~#ca6>
zL#4%2{^onF7qM;Bj1D{u6MJ!g;Ly1Cgfa5;l9hb`85SVZWVH`grO<|*(}weCt)Sp|
zmFagpm^%s1F=lIXi!W~l;}*7F+*$@piESNJe^PZx3Yz1(wBOUPf8qI&EXG=DMHr$`
zL~5q=d9^PcH=BuEI+Gt&BK`(x>X{GukN?(exEx4BYy;uuK~t??D?8Y5xR6pXKJMG^
zwq82Qc{|A^O0HC4FiUxYh;-V!6mP@BD%A;>HZC*_eF^|Rb0owcIvv0rKH1#{#eOS2
zYNC=UO#On0w$ideCVikAO+LQVE9fpE@Phr}f>*pkeSI51Q&D++#IuwT1<_`>zU5wt
z3rphLpqjFdxBYp+c{?3b0I?V!$Cg~0$8Vg`EH|Nn;;|qEK*HDyM&hAr$W-6>Boiut
z5y@7m;SR>9G^?n54!JBQ9G?Mzv>N!&<kIBr5D!fD7?}7=?XgjKemddG_v+`jjtOmV
zKUOCvM1{f6w<Mk;aAD3SUPLFww7~F~qw>sBsfD;Jw@($}!JNMQQ~h25?{`hDY+Y(n
z&yY8m^*I)C1q{$U>;$dwP-ml|2j2j`49v-gsT{`|wbbvC2A@Z501-q~qG!Is>%FfG
z_R?!x`sx2t&nUw^30x}M_issLZ~p!vq{Z5Fj*p^q1+dyi0oak2WS=PL{?O@`n6A!b
z^Kx?#0^u&sy{5H?)G(xSQTAi!$Ta1BE@W(V@yPaD!Bf>q&e|!XAJ&qOj+3#;P{TxM
zU6vt_BW$YqmT2@ldQ$e&k!#BdH`Qt+k`vb|_J!t!t&YRaF<^hNp?kr&3*Q2DZbCh(
zK@L}Gq`QH82anwN*9Nlq1q$}6bB<JBO!A(CZT(?a{g?Gqa=x5u0w!@azRx*@b~bNM
zcr23r(km)IszSsF8EOz4PKGZkAp)wCIDvE2_KQ&$*Un6frRU?~6|q!4OxzIzE}3MA
z^h(;jo5@xUKjZLR5h{$Ng6ppJ@Gs&<;wE{KTgg_~WciIRaZ%SWEeY4doWz!6B(u2u
zfU)whdr%g9dN$L0fA8X8yh#h^xAF~er7swuoAi_T4+ZaFd*V@|@;rJ$AdpCsn0^e2
z2?Bv_2OdoKlaIGvKY_pmzH{-@@Dw^OGjlqg3eOi(a9Oq9<S#SJB#kEvCJ89r4Oa_W
z?tPC|bx1oqVjZlupn(v7A{Jqf9eGyk{q)lI=J#{Qy`iDs&Rwe?qd|hkBx-Rme_OHG
zxvBF-kAy(d-VlCItvXFgLRSr^Q#EuyY$dQ0taBk|1EAp+B;1Y|+LH$4^NKXHv%&-H
z66=SOAI5H?>_dKzy>JU*ySHEc+~uLv^6}U}tGepSAEA)vGUf(1<PQYTOiWnBBmB-z
zm4V|=j5)o~Y#Dt;AA{X{{egSWWPiusW&h!cctT=wntDi9dDpdos1O8o61Bb=xF713
zo>TP2g33|6oP84}BILjYr2>4BT&`CT+|WZz8<q2lf$%^ke*s2)p7q$4Tcg;Ps(R3e
zjTQUdVw<A+eN5hx=W}Q<TRC%w-`;JlmcZi4T^<^`H2kwEhpamel2XmW^dK^j31Dkm
z<Fv=AarI#paaStEDo`8{GX95Rfj2Q{(jqbh)O(t*Mm5Jm62qV$)5Ty&I_K)*os>bF
zKV`*V&OMOj@sZJ4yBpD+#e|)~;OMYaEUp*!rO9gJ+)Gvfi7uBBJYu0-UM-)xJ$A`I
zE#BXfbksuCdRn1?0+y03sa(zpi^tfZ<VIYwh1^bilv~=K2<{yzstVTWbFZ9Pb+%>4
z|J=IznlVo)d!c{K(PI3p;tLIT?^L$l#jV!&!jmzt3Pi+V+U!<p2rUa08wI!(!5%Q<
zjK7hrw$Dw?1duR=XHz6p=RMa#QW~mtY7p|Kmd}Z~V#@APBin%iQt^zQq@!uj{y~|~
z?$lnfc7Lz~Co*r$ktIES5OOFV$|5?LBQasfCZp>?U(Iq|2Ow<s`oLtxZMArw$C%)R
zBeq{K=X8lHo5;i#P(HVwPZU8(d^XbK5;TyLMK0?!4h%?8`lj1^QHR5IXorO>ET8D+
zwOB>>^2Iqgq)WLueUUNP{sLF9ceNZ==CaWdK*DMk6_vI`&Y}$FrNihMP<ENld+(sD
zeA?<BmRH<B9jsnBtQH#alIzB0dtdKlO8^=asqy`m`tqO5(&JAjTopxBhL%4^m~mmb
zxnAGl6(V~!pv=k?+@334?3FekUVhI@zn{6~j8eF@e_-J1{8QV>HlwPeQ7!cbcdCJF
zG|P!2bUbqDr{ldqD}EVXq3&bATLJ?pqQQlhiL!_uh$9w+6f$Iriw(h09ZW1=3{9TY
zO|aQv@xT@a1rY?UM{F9Pi?I6`b~{VBLr$jSaZziE9sd}PDe;6MccPN1jLl7t9>2V#
z{ilKZqYwJ}{N=3s68YuA;?RFx7N>p|`J;I-6x0i(O+12%{892TMjUB%H8{*-BFpc{
zI|^Ndub%p(K#>Z`g@{&T;c8F{6}Ai#@ZA9$d0O%Ta|$qXLW*b%C8H+C3cyy&9x+-z
z?X4Ohv>T@<{P(`(VJPEsSX5b>q2;BbllCgh0!#%=V6?@b6^oRpPX10M*-TEbSjyjU
ztCScpNkV6I6~S&<2y_uR87ivN!{FCf2~IO!8x`CuV>m=9nMG(xZ>kV5HbXS{1s=jA
zsoU6fh#0x(?gPAIJBMF;Odx&C=6)Ot`?de!iU)+DcwMyjs05U#WG!cQ=Mr6qM1+ai
z=c^t?Cb-wQQfdz&jK;G1#KtV8|HNjBBAHzS8;qdR(A%m5S<<|W;R3cmDr6*{VTB`c
zRi0b>5U)REB3}l8Yb(If1jdDlnR_5Wg8j?$$ia}E!inxF>B_90tH*Y;Im3bG_TllG
zX1!<Z?~xR@urP6iJo7#-n3zsVxv1iv%p35JDAMg$bLHX_{{rUd+`ON9X6}%}#?Hp$
z0$XYfK1(Rr2=D;b24bPuxXLh9RZ5L>;myZYG&6)VcOU9jptZn>;S8MR`y;>sRpekF
zu0g&$6TR++Vek*RsRnqspVo7OciJ8g_~{^~_pR*7@H<V&V+5T|m8{c~(D{_Z@6Y<~
z<(i!Il*FI%RTn^~&8rhtRFcrZ@;z8ttmAKnXHgdwym~0m|NC@WAp29JciAdFM$3I<
zs=TAHA9v=1(SQ7DYt3bPsj7MnTvPeStf41t&-P>cZq({?&HiKC<-HHL#ryk;McMi^
z45UOfc?fm#PG?-0oUmt50X4BOACX{;P0TXnG{JHb!EwakA{aENmX>Pu4owun+yCo<
zod|*os|&1@IPyqDaWId+^5!L!xH$W|WPpS2p#bq?V!=1I9R&nczsSna`pwsOUc{L4
znpf4^*=}J9?g?N!iVoSzXg9XPZ+$SQP(4-f@(EZ;lIXlVpwTR^0XBRTIli2l0cuM4
zwi?FIn78zvmlAte?$_lxzFB3QP#yyn9q|t?FuEXBFy_^u88tK{y%~u8FxxNmiCHc-
zEG09SkZbH+P{{mlmHC@WRlh6}^75=pdh>cAP=mL1r6qu_wmkK@;l#YTYJ&KcpP%=p
zp#OEOBSz)9zsUD6vMw1C*EW~K1x5hP&hWb&u<ldMt4aWTO7(1gpMt`7%*C4V*b6CG
ztGciSl-7`Yhkvyte6P!(Yg?L5nEuKm{z1f2g>gRg)dw2NDUg<Uk~^B`HydWQp_#wp
z8%UZZjFS3nHZ6P4p1cD;3=p24L2c!I>;4a_YV;IFLVYMImgjEvk{RHYG4hGk|8QZ%
z;#x`P&3|0mNq%k+<#n4+e8t8JmP@0>?_2pP_nfcVu{hqI?dkK6v1(6$y|{BJGFCZ$
z8Zm6_SbH`>!Q^Bfe7i`qCd<6}WDyV@%=NOhgm5ml13<oQW1aE_F1*PVN?A4;I)&N=
zqH=Z)BLHcb_?+>2bAdJ|MP;O5Y@mQcT!!rvMjtAyR#DC=&PVlM=(PlR<`nLJDB8F_
zN)B+iw}_oJH3cXRgWWln%cK_7l^jVbm}?mV0;roR_^6M2o#@4k8!-M4zvr%#l`78r
z&ZkE0)xAgqQnW`qBB(uYM3;XE>q2(kQK0}y=hN!}{p5gC*8!o%?<CCqoh*#!@~e{N
zWzoO|oz>;R%kRv;bGJ>nKt-W|XkRW3am-E3%7hGU)}0cGO7NsoP2Nt6l7#NuoA=le
zC+<i$+Y6%WWg|d<z&GMnc=x3P;R7QK5JmoU1B*?@%EK5DAgWXUDT7B$Sz&5Q)+skr
z+3XiDzxg>EQieIYHf<OVHC;o7?erQhAktlUcZruQP4r8NeDitO{S!a*@;0_Uyca!G
zpfzu0nkFZnzhe3aVmxFo)E75SJwn;QS~lf2XZ65`<b>zsRNrQ?RF~ku30dvi-7jQT
zgej0O)YsyDdUM5=1wH0-z;=hnaZ+ro6V}WFyJ_aph9ele&lB--G9hkH_51`KN+>QM
zL<&{~Mds67a+<`d$I7Gkvz#84e=STW98eng$3CCzy@AVgatGT2MMBN1(yj99u6`os
za!&V(RlQ#h`uQ1UQGVo2_opu%yoKmm6T9Bs;hzIb;|OC1y`r{Y>IY%VFd|5396mJj
z&c*EwFH>KdvugY|Zv>Q2aiOyRl<3RJ%sq&!QjAw+#a-Awa-6b=sD!}0m#_O_#dahu
zn|z5eOdz>j>%za*$`e0S$xmsges<>`>hc%7iPK0d(LlL>dz7u&%%@E%hw1i56Ih0(
zyv-VNziD?J)9>nPt$enTQ$JE7zE#Psd0YMT3Ri5gLl*eZknrJ%3^R67h9W^5*XxU+
zLdb<iGS<=(A{1EusTY&_g|yAkduB(bok7lkM+tEYQl|<vdYimXg$>wKEPcyAL=G!y
z#w(BHTKC8!1(uPg1Bo$Gze8}sR7C*6+Z;|4kE!In^vb_&l~fmxF2yZE<z}pNo%ZL8
z|8Uk=-(`qnGAoMgt?k!(_JZp20y}<pr2hD9Maqg4t<xXeB?j_IMobjU6#YGKV?lP&
z{-Xc{`GRz1ozK7XjaKyIJ!5A4(jYm<kT>6LDBF_Ms}l%4Moqwt1SzV$b#n#>z9mkJ
z$Fq1B&5s1WnVkImB8w#sMb<HGz5QUku5ft)Kjg`+asM}R0-+A4?R`D6y{aY;jV?Uu
zi>?K})b^c~=^Ju^&V>uw#4uOSC$-cP-uFpfFrGS=%a8hI1*lmkJ-9!3<Mff5li|kq
z^*tD#YRbpkme%>>H4!C5Qm<hklsD?-acivNO;_0FfLqC6-T7cQ70XzOcxT(dp#~0A
z&to8PPx&mXo1a9J7P~!JU}+u*&DDlpU0CqGIrSO#Kr>7f<e5D|4z|S+_4;~^>9KAC
zfybC}<F!`#jr~hyM?h3h(1r_u!-S`7m<zZX53F%V+y!8+u*pe*W78?wJ=%*_mW<vA
zH3Tj;!E@$_<=OcwmbTbKR!{J^|Af4a{cE2Mmg{zRx7DSh0Gd!PDDi>41qmjp)kpnn
zW3H!cS-V*rmQf%8Xzo}U^XC<vwmEQ;p?m`g6wroWmz_#qeBu07Mo*R)BgXK5tt)(*
zi=WprruT0LmsyJ<g8JbqP?9=AhPj?~z2}&DEVZ`O^Zwst_?B{mu)A<BCyq}FAkx*S
zx-9!g$a^k*c}ol9Hj<z})JI@?F@~l7r+4d*-G6@}343vs+i*u_(0O)mo7_9I4G~_`
z&8y^%ry@sN5=Cq~Xyn&YLApS@<*8#HARQ@4{t$u4KG%q|);d%&CL(R18|v5*k0JLx
z1an>1e*bjY{x*B#@#0w*RS*@oWif=5K14ac(ewCGyg2^c`7qRzLsk|sD;|jRO+zQH
zq?~&;uc)kM{k-(ykU$^qZ36ns8UC``5djuRsN23Zl-~(#iMPUr26P=z{g<amPOmK8
z!GSyKKKuMblci4zz>?l7O&E<jwNNTnV+%ug?rvw%@!-jR>~=i|Y#J4J2SYfYI9yz2
z6&pD&L?XuTQ-$0Yls!Cg4Sk=5FJ$F!yM6$SqzV^MJg@wRUrlLP($B_jT_8q;Bv=wm
z_f?2ta3?1Jw$S0{*@8PIQtW>zFv}8@UM$b>Wa#%}rtAv1==eXq=Vcxp|JIxFhh;AI
z*?|F>E*;gYhLrF1#zZ6s5JxlTYo7#8-m2eHM)qtrKri1sdFrQhvX;8+cOqOIDlE10
zxl$Z5W^clCqJ90s>76>u4Mr!*k_lYYJ664+-|rwmaMXm>hj#1g4#54VvHhh#X#PL?
zeYqwlmkwNfPFjhBLMIk$-2e89O?cU2AN4GZDds8!iE-j`o^YEnde^UL@)|l$koj3F
zWEhzAaFubUnBhg0z0QYiHoM5zRmbkbKHV0Ysa_I7pt&fq#$zwh$B2iUG(Z5zM=4(D
zt*|Pk{uPR-h4CnjtapkDLn!yj&m0a2BW@uX@)XHQiX=RlsfZWV<x}thG`Kd#4g+)*
z3`9vV4p0Al93u!SJ`og_f;rBu{wL0&?;<#@aAJ!T7$UIzcM!Dr@$=ThciMe&74oQS
zY>{95>*=RF%kh`*J$%Aof#WSzI=De;ER8^j#2<*{<zB~*a4CZXY0<<|DpiFI7CwN>
zK8}|?9M30>3;5Rk`GJr|)uM0W+vT7WK5sd)C1#GM9U%5f6`EsZF_g?(d@-o0*CPH=
z$;n>Bh)*cI*87e=$tFSJ_lM0skXuKfPt8<bKKOdb{B!i_J9tqPM?_Aw1!ld$()t6@
zJp+|`nTW;4$|wU`Cq@2|UIuTFj+*g19nt|#B`?elqmH?$Ofhvuto0iba!>cU#v*mo
zScKy$-8bR7b3C}TOO&Q+`7WO4K~VAF^Al-(r8lxSgZhL-(Oe@<PWYEcY;<{3a5fcT
zUnm3DG1iJgpulfb($UM5w{wbYV(}wggUmY1MO#~ycxl~q3xj_6)SD&oH?lX1H!B~j
zn>P*0F}*6Su0X*BBrp_5!1l%Yyyu8RYavm&7*HCd%9YEa;$nbUuW_JtvACcX@wIXS
zI8cgE)12WIvU*Axy7KAu(mVd&UT&wdo@|O;Df8!D{v~gDG7***K_d%Dll*-if7@t`
zJ#1<a@!L|zv^PTqn)`?4Hf`fLzekz&gP$flDv}+~Z{8JHifc^pn6Znhm$-P)YmDWJ
zc?L3hYZb*)d&ku__1AjQw_M*Sp@E+;v*^UIHFo4>D>pIOtIt1}3zWje@BR_LyE^PA
z|2?9;a`gL?RFt#!VRkIHP2GtXd7710raX}3+lI*jyB3BxV!b{n!m>Y4L-nm|WUP(E
z+4z?4#|&zlAT7PA5L=Vn!MiL@Pp$y#kA&di2zzsOj@OOuvsTvXy-}1v0>o*`#E%*s
zX?R%@`X|ut(K}koaSC`jF8ICRZlZ+e|8;N{UQKvy0A9j?F*X=oV;~X(MoK%nkx~&*
z1}ZHrKg1fNOGZdYI6|dCK&8~tEg>!9Xb?og00j4WzCYofd(M0AdGGT)1TdtmzHC+f
zVsYmykTJn$<7pY#l?b>PV%>})og3mrJe&3X&&p3(A#*zBO1XUO)=O_j=S?nx#kyV0
z9QZweE%os?<~IW2^M_3@HGsSNT0?3^G<_XXyWOXRyqkvV9o*b3HIlb(@1YN=U?#W_
z04jQ1SVcmpuWI1OeqAcdMj2xMo9*fdH{285*opu26RbbjB|mQfQ;bO6VuqbLDERNg
zKToKV*IWv9)Zp6sj+69P-|Eq(<2j+oM?1$42_!_I2I&VwQ`!L&_D+-ZK>B5r*?GeQ
zrqaf)>gcr|gOQtEOh3Ta?0b~(NlP7*_sha`tAB!2Na&M0uOP=cu7B(<mXF;FjHv;0
z_d}&~T60dpJy2MyK|i;laHcE2O@I+58Ss3h_0me@!x@6=Ay{L(<5s)A+6q|aW2A$&
zo{r&(d8X+Ie`MKSjC$=a=O5kX7vgc3lPW{*+LvCj3}t_KXi``(iY2fBX#mwO%i_Cj
zg>|jF+DEV6k9z;^)T{=)sn@<t?KHg+4K^gReFJN_bgJ68XskrZsHC%K4E7$hjVK#x
zMPC6SLj#00fP{#r;s>x@eVzHvGd5{Z{896b))_6vsd<@*FfRmpIJudhzf@FmXRH3!
z`}NL&Ooi}H;jTAs5}<QUJ(HdM(<TYiQQ9r15uCwVvkZfC+b|x>);Uk80x{BF7brmo
z$%l7p(D}c$IbRB||8lwa96c76;(UH)h>P)oH|M3)e5aFIrw)XC;u2o;<2DG^vRVsK
z98}Wvr=DB2)dmT2udIm3P2W-OQfnuxjK2N*ouRtYs)qv+gg)w#FnYoaPHvp~5U;eI
zD~zzQPH{I%;#KsRXi8h|d4PnOwm`)6s1MKDK6hwNziE+;TZR@FQ6zzIzoqIM26zh{
zN8w1dO5@#LixLy&cWF$S-XD`ZwGAypIT*P{_R~9KW&}XIeJ$@Z<S1&#_ez7O1}oME
zBL0}86m2U-r;z!Lfat3@TBlg*8&g(@6d}gpDTe~&w^(<Sf;4OJyI8@pU84RIxG<|2
zF<Q{6HjHF?W#vkV77`MR1n6yh`A*kf_*K$vY;p?@d0-mRoI%TY(4#FFvQDBUKB!Ck
zE@UB4EzF5JnD_ONDJl2+J&r_n36-&eZqx+vp4Tl|GvMPMenwu2;<p2u_UBe+gHm~+
z`@j0{o_he0FTF-3D!!A#;OhHfPQc`chGTA(F#^~#6@({Z3gTLAvatBEz7S6^Ik}Ie
z8D)k;omo(GJe${0e<e;G*`mmJsp<qX1&DsdZJQ!_eBk1RzJWu1*}((0F#xULE-xU+
z0Vv;pR>K{d>swY;Kj0BNqbGi%yAhShdz@pT8wZf3SA(ummIsf@=wf({p5y@e9$ow{
zA;!yWQw3&L9!>QLjZ8<w@3zHd_mk8wXxpk|2rT?!DL<sl2v}0~gRs2;bVRrq3^XNi
zTUvyi&f;K`#FG|Dm7PC|eVh_|<9VVgUSr?EZURdy#02QP$_~}MV=&{E!2RsWQ~WUi
zAIC}{D`?QgyE#?Y=aPy+D^xmIqa!-xo#GuB2B7se-Li<=r}CQ~8LuT?oKPr{Ny2{(
zn&b;FJc`8dy%uMDgG1mLOqvag{Gq6qF-Art+;X)q^X4%yiaH7R_lAO`wkO5(vQ*rK
zgDKqgLRXx<A}={#m@IAzQhE3Iap+WaIhEVdzY+j6lLk0@q*1*reT7-6sQ{eYlye;I
zetUY*pwi{FCwN(XTzzon@5FGI>b~r-o&+*R&NOc&j)S>o#_ylZT})LuF89p6tVmuJ
zd|06eG(?S9n=P%X$YX(bH_D+?X_ZpVD;a6p+)N-EtoEi}+UCmUlcmT%#efJVypzUO
z>vzlc&<By39AED$TL(U6r|Hzzq=g5^ggvGJp5YobMJUSSF+%qW9Z4D=As?I%Q5<qo
zNj@h<jJSMXinpX-#Bsk#CI?IL_3+1r<$J~{k$|E?zlosnVn?=fC%aBuyp2G~?uXj_
zz6;@3#X|L8!<6E1wpCaSO5I?QE?pw7O+A`5dhF?6R`KfMc4(wkWXw5E$@7{kdeA`P
z<>;pCTJzpreBWl6gkig_A2Yv2oY5XQ^UDy4CxCd@O^u~#)LJqT=pcDwa{l$W#7-nt
z*oM%lv|`I0M;W;%2P2D-Nlo^0WX#KuFB$Z+%1UiTc95bkT-_x}p%T~muKvI(hU>Ap
zbd~VgIdTHk>vY!WVg_P!)V>H?s6kgPPN*2RYwBg7Qy<OaTvj~fPky9R+y#R)>8mip
zW(=eb>v(=PF)b!KDjAe@BF)hb{Fh>lq<T^%@2H!xvIH7g1)K1`!>>yBqL_pmf&P!_
zD4-Wbw~@98$m5UG{Q4j2b6OQN1YTq>Qv_mjD8~M3O7UmP9eQj^Rs-wt3WCzk-Yk?5
z<Et~l^5$B}9$sfp!(Bo4xj}>ZK=)s0f`G-;6x%haMAl}ILiiqsO=55XkCG&iW{eu9
z67S2XM|lz{r0~WPx1c|<>Mh>tu9{Get--TKfAx^w))~dzw^=kzFWN}mzK}K>P1YvU
zhk2UZ+5h1T$^+76-Jjj0e+pgDV$lbC5iu7IhHmNzdhyuLL}9|qV5tkE3^rv>8knJy
z#M<`a(YZ^}+#jV(^oQTrJoj1zuv5-RJ1WY62%W{ow#EpX{mHEG4lW7omTj;bNbo~+
z*qfy?6J8d(fJ<)tvqL>{FhHFBP11e&`_gB{$q2JHF=G<@nR@CO`JnqymfQx@CUlZ=
zN*9Y<iz$;{ycvoON#(j&-er^I#8dh!5V_wMyJ{(x5{4Pevs*Pi<6uNKb1CInsB^#U
znw|us8orU+)aNz*;oP`06|Dt~)Qb3dscAqpeVSmPc1rrEOUs}kd$IJB0pT1n;mqe8
zQTKD%X@4$4B9q(W^OVx<0Uwy<22JCkxOCgZdtqipw+Fm<y`ct-J_CU&FD7kAS-WW`
z2{c**;+kYbPdaqxgS6lBPxzC%@L-Y!98XfpR3rg&2pm2(2E6k5;G6k|U5q|G2zE3E
z9^m-Tas?$u$}YnE)H|jR<bn8*iZ@Q}tg|=#9aMqSex^HYHUk%R!yjL5q@geDpU97Q
z$UfzOkeEG2XNfDN$_%(102+b2ySX1pt78czs#&Pi5CHrRD@ZF#rTYm!6Fa-3C6`8{
z&#R&A(#+Ez@k&Rr3faYiaa6c~UaW-QJ~8{pFNwFq-2lEt_gAdHMX&OaM1uEHVK<yU
zHgAx*tU0~S{{vPr@OoF6Z7%6d97cdON}V_T;{7szFiIlST#)a^mNoxGJ<T0PNt#d)
zXMCsYpv@rer$V9t7k*L&o4}2%=P)ns6xI-*q3f-dz+0=h5FipWwqhti*U3clWSSbw
zD8~Gp%@#k5**gDAXj1p`4bClD@`Mt#ELlYy3E_(@cJA=v=eS2Nc@*^GLcO=DA+_pk
zQ79yT*O@ESZ8F8<=PvSAiNv~T^LhAwsznxy0qu5Ld7YeddZ@K{S;$PO+y0gzOEn<2
z6`$8RwORF<w_CnvNNbRv@$TkYEe%vMR}M2IzfH68a{C<oA-+|I^?UfiQ8u^jMZFvJ
ztz?%dxI0kY0<z<^^lOSPH5=NYT+PG<2UKM;tZ&QHKOm6KE~%oZ8KqE5&#S-rRxb82
z^*1!9$_Y_jd7Om8ovZ~O4Ax>4Q}^%1hE<oud}`y>3oyF(sQTvE2`)~O^j$_Nru_De
zO{;0xM1%Cta*iBy4h{zTQJofm4rX(8Wl>|IA>t|@kKIUBe1=-^{>+FH2A72<Yb0}q
z{rJ1o`3Zz8e?8{tx!n9p?P&<`ecuKrU{qtt*OTiz|5bR*9$z5yBkHU3zapHS!rPDB
z4Ly$vzi>FGoi%!;6XgM-(Xi`nph2_LO&AT7xQ(?5NOMqFV5(a1!h+G3;^T|%RlUC)
zmb!Is0gRK6{<d>5QQ7!_hlK5JCQLOWm^4941nb~CvHnXca?IDNj-p@K!vHprXUk6(
zm;G+B`-uJ7HV<YU)|Zz$(T?H=iCs<Jg~b%{-jf`V7#sja;p?H^kQI3;+RIS+dZFb9
zBG*GhjX!CF!%Jyc5-I3;yR>-#fQ^FPt>iIA0AD=%D&ro6UIN^p?kZtLUoUY=1)j-_
zT(WcTvIZd^i}B7BA?-W3CIEtfv5)HCM45sPwe>gvd!j$6-I8Om@@tc&wIx*2_aE@-
z&=lrsjOgJeu)8zS-yHU~n6IOVyE&34wut+tqL5OzbdRhF+Kn`dt%NOAkOqQ=Yyd1a
z>_4r!`WBlx14mrgu&f{^#sCeiOy+&#!%;pK%ZUY!w+E{~`jBNY0xx2}6PV`XCS_x-
zowHHrkf!yaAMp_-m)vfO00=xa;Edjo{Se4kgkU$9;fGd@NV=Ih(%BjxiSs369+e27
z?81*1)%r;MYH2Gg6|Bca{8>d<xq56~k%)?&IAf88?yEhQ4ES3lY$lEtpn*-(HHsIH
zT57Rs7I7bzM3hM%RP?w)Q$(FBN1hYdJO*XwEmS#`qz;&(hXR(n44SpgYsggAoO<bk
zab!FYUTP;J{O=9aiSUsSwd0h-OS8Wj$L&bN<=h*B;d1(mY-*K!(k!fjO6iW@WuNQ0
zCu5`pZKYV4gc+}~$X$6e%6PBetr2TuF(s0)Stt3?mh3PYA^;E=#J=FH#js$036XJ%
z@hTqmCE>|(U+S{ghH*W5Ae0g_4hOO%9<mx&mD##`t(hGw)%>+9#YvlC+*MIr;+B#8
zJ?&?<BY8&j<$El-FQ)^P0OC_GaAwN@)dTh~<I-W~#T8=^^At`fO3(o$SoRTh6gcKs
zEnlge8y|@wj_W&pJbo^(7Gikw@VT072b$)_Ccoy5Au#*vvAkcxOOaiKLd5+Q%{n;6
z$rLS0gItoAM&6RJ?+Qj5-|5fMjipY^`1cU}da%O~OJdK&SJC9}63GGIs2QC6q54KP
z{0u%7&0A%Z#9%><G1V`l+Hw-OOV&Da`T~jHydeWp8Xzlq{h?4v1rR{7ahNbfAXHd+
z{*40dh_{)7mCk$=`<tNw3RPywlwKO&Dzl~AbU-HP66paDMkI=fq$w*8s(1M4gfmdg
zq}N3@jW<Gt5fgtGHGghsDS9aMU)R>NrrF7ub?9@sO^7w=#qy1)=XSs$QOxizIoO6A
zzE_N#DPM-s5dzr_cj=Qu)K9s3Wj-nwI%sGe$o9BN@|2n@>{tjRnv{NwZR~76`fjP3
zNuMBgN=+O(Oj;CB7n#g%SvOiYD@waI#FGKs*wKx`8y8UJ7lb>!L8|t7#a0YZr=q{H
zJVc^x7i^b?`6LC<z2~oed|(IVmQ%a^Q}eOLo)|}^t=>hl!{wh27jD0CxY#r_amZ)I
zZmM!9Wc!U67`_{9-5qlI)UNb_s_?j<9HiR_Sa%_967x6GSl-~uTX%e06}DqgH$MhF
z(}}Hrtd*%Eo>l5RvgFK-cgX`O?Rju$sZ3-7EnYQR3f{VkdL%3lH@KY&9z$PMwz?=-
zbC_x79{f}4=%UemZbxvItMwV&_(vjYMeC7)8#np72AP@3%e$?V<x2^62XvkeQlPA@
z_m$YGx;OY2@f0+AW^lPw?#SL~R3`_2!(|GOqq~JdZwgvf;~K#iiaQvl$_AgaI88#{
zSdu<k!@Heux%=F3p<wM6Pf`6b&-W}|zhm$}Lw_VcMkB%?#Td7uST_xjV&f2D$G{Uk
ziEX2h25@Y>o#-Vu+2>SWgJO|Xdq1ed!oX`6rs7}G=~|D0)~@;&?K?DGmpCtywV2Dd
zIO+T<1Ii9-taC*?6{*?`RWIS+W|(3xw;#kvJMW_|Txc40-(LK6wnkRb7X<aJB35R@
zR$H4#ZLl4NAiU^N4d1Re4E=rI*<DO5TT6fOYYj;-Yq6P7afd}8TF7f&eC{|oOR{M&
zB2Oh)ZmF<k>Br88dsojbOi_jKiz-u9xSmvuyWs<quKzT`&oJbH+MnVyAbN-tj6i*n
zNEndF_+6pGgheO^m;WXyT#i)eAjGJOKR}V~L;aGx$g+nAr6k2%GXFk6>b!aan+GOr
zN~qTc*S2`nG!o;?6q{xdo2r&dNbpXXbaATJhL<~bz82w}j^pqY^cQpEA+R!y%j#wT
z>Iey|j&|{GvNO~`xf`5`)U4-Ch4}s_=tE)($?<P|lAB5t3vCmR#XX=4b{Y7z5rzDe
zehzuEj~=>DHKn{Qeht${uN`LGG<1)B6W)ED^BsmH%FH2zqon@24ZouEb3{hfUClRE
zLuOF}Lr3(qBO@%o;*NOmxhc6(Tb%6wunfbE|DX(7yYa1@1slcSSM9!h0ZeAi7hFAL
z`@ZQf#Apu?8}I<sgd6hjVz$B>Adzs-Y`L(Ho-@m@Rv!o0q4GUx7WdhF{0XJB8pqTW
znLBylxBOCEpR*rl2+#v?{RQT*(DKJ}Rl<O^&tDdZ9ZOAkWGZ&R`8ru;I|ibAq+7DZ
zHJ?bUv7KPw@Kr=QS~@v$Mhe=!ykONX>|Y}Ec;`aJtg^lvYgV*6dQQKXKMULP!WAoG
zZIFBJ1Lrk>rP7jnE~q>s;{5v#Eysb_+lvDJi|o4X<`p;i53lIt>bZAhOTSCK-M`%6
zK!@=>(Xu?Ja9^|fC?2zP)FuFCImQtFmN+r)09bJU7?+{}3WiWKEO(6thy8?x(>MX2
ziscsP1jK8%B<h$2>-Z;ic3b{&G=#nwbWb2#mt&+G9iVcjP<rVJG)o%6!RLE$7HVE?
z>m1;-!jt)GKlC|ie&o}WYF*qMd<8?03UeMJcr$^OI#$6<cSGpQ@?`|X>t}D6OBD{W
zq4}=?O&I6C7-HTXP8b2EeOLUoX3?ONxI+yQbznax{i^#<EGHAFO)T3b?=ME&NvaZ$
z6VN>Y9qjb#O6fNNCH^KGH~;+9EL>c+2w_N(v-0i;*J=s4#R9t0rAbyZqvZ0tF&mn9
z+PVb=Uh9|1V&5L*y`8oA1Xp!p)Nl{ptJ#09<`uklUgE<046OswpJLe#GABWndq(0#
zB~4LZkkwnU0DC#V4_gNCjP)SB#>>}K0p<-})+LL#tl&QIfRPRzlbX>i7#3EZ&R3T@
z8NKhM$u_Uln$7aNlAPYz&bQs$8C2}JP<AC!ag*7*4U5#sGYc>q_>Db`a!=KEdX$eI
zBH?E^oS3}srbV28^X6HAxI=;Vt2^Szl`Bq(PKrtaZ__+Z%P^*kCDtVW(ATSVwYL-`
zPJNQ@I_uKME5E(X{_|i5#4@oW=dvFuepxZ0iFPX=5I8UE5OYE9k|OJhTn~grg3W#M
z)45#Zfig?H6qO^KHhrM4%h2~!H0}MwlM3)D8?|kvz(}w5^1Hu1u}plfxT86kqEgFN
zGJ|S;dHDri_bP((lL9<iG0}MX4|6>)OrECmqK7gyX)pJPI4oB@JP5*mU>Cne^<<@S
zu9bQk=1>1IK=DXf9$&w$FEkl>cW|%MYF~f!9C)s`RdnDFf8AEg#aOjJ4$7}vX<uf*
zPN%Opb3U<)dyX3@%6xY!-`44hc^~C4sIJf@7^N6%{HbPgUa(~L>F1@%7D0kL<X1E8
zwsz&kmz)R^W48dCxERmXeEmH*RgOFWE9vaNF+H4g`t|N@dQ`pNwdQZB*rBAQb<T}m
zXSZi<G=ri-#cYX-#<h$mg=nIi(Ca1gu>Oy9gg9t<CgAxyVc)IZf98tNwpH7H*L)Xh
zq3xc?w=+UtXE9?se>4gOjFoA2>kBSCn3Y_t#O7wl^vKI&+PT}$`vUelU*L2llGs|3
z*MADmu99c&(6)uY^iRf`(O!$s8{&6cS4-E7CO?wr+h}RPfw(WSYO>b{I@<f$<m$80
zIc{e;>Fd6()qmV1rJR0CW6s;??9Cf3PlPmR-7UQ0CPY|D8qxPDJ-7Gufh_Fpakrqb
z|FXTuu~W@AT`+iZOW%2J`C;Ix6OgPgYA4!sk4mT`07Xg#H1EL_-8*fVVWIkxiX}ZM
zLR#iOFc1!)m<Yq-iFShB^+qWOLdaZt3=s)Av}|v?W1oit@hzSHVNod?Eiz0J&`DG&
zAAe?<r+NQ4^D+p8jNe>}mjG~RBnmu{CMHa<#R7HvHVsw{Iyp>DxhV#TZ2B=CE4$%i
z6gKNPC79vZ>vQ-aD1_A)m8>3Qe7%D8f|*caAk`yLR%`xtWgw<3U+eB)xMrhQY4P(*
zZ(GKO;y^&;gG1V~KhO>+G8JZ#IM6Zk>WiA89nEq{N!iy4f$RHFoE($qtRAARX=%TK
zNA4ocgHVOP?4Ia>F1Hwbow}T?o2vWv_@|YH{j0BIcBESRYW}lR$}J~5?V-82txo~y
z%rlNRco=RH3ua+uqe4hBLB%X2=8BCOnJ2i^iZe#1%rP2L=ALYJKeM}&#A6)QZP``V
z>z*Y44)*x&i<=Vp2JK=+mkiuKPuYk<VTJ?oNGKnV^u8EVv@7Xq-xxXOYI_nQrkxaL
zkYw6K3%2w>vQdmgOLhn0kpu&ENn4tY!PPr4T~7jkj+ulTBMb-r^F@@#=d*ts=L7oD
z{<-?(jtvpm2n{<%y3S1zFF6(Kx^BR#(KvVYZHx)fuU3r7BuFiYB`pKug5uEVp(%f`
zhLjPRrIonD2#=}3<%5d$<;c&Klhi5O=P2&FvcPIZCqRLy&Elmxf7{(<gQ{@*Yv-dF
z))u#3J>`xlGrXUp2Q6Ul2QIupO4oa&E;1cau14(Kq#HG;NywD1VCE?DU#mj8Gd)$9
zKet*w0U=-z6?{Ud2(qq2{fx8{rldnG^0EshHtxE?E4}<_ms@&W!$@Vl>$m!_seb6!
zKaTSp(^*CmnWIXwBK8elQMg8UAU}*~Zc?r}Zf@1))0=T(^0;0$pj0suYF^2`*&Tl7
zZKLy+T8N3;9ZK@;DQsSwvO5`_1+V2{RazT7@NZ<(W+0Iupi$_pqHLm*`r3dLH)W~^
zVHDv9y!ukLwD2B}NAy&zsJzs4;P-AS%0klgR|Y<y)Iy`%;bj;MkCQJ{=wzT{w`O9l
zlIh01YquNufpoJeg9>qn^{=H;9X6y=+7deiLZWjmy<@z)R<sa5d}Q{AlWrx)VlH+x
zD=^$<#VyxZ7sfKn9WdK4g&HbFDyMKY7zUrQdf`(23fgLb-gvxs1R3*YJtuw-e(&^G
zlH{`DTjEo@e|&R0e9vZu<yYV}W5>Oe;3~I>kIsU~!^`~kUIykb=f))j2$IT0mSkC}
zWQiT-4y67nr@a|T0t9PM_i~fmB*ui+NU+{6iwa-PWzy#9qcL&PBYka6fofB6u|~;g
z0;i}i-$jYcpEyq{>zr`nV(sA=75|X4h`Tl(?G8%@xWRf~*fpgwY>0T|V7M3%uNbdd
z)=4VG$EbXDi^r@`A`yNtDAt3iO$rO>Gmr0{T77&p^oV&Of>*iChEIg-qs7t`qu_Bf
z(JOrDf@4+bnHcgTX-)$3yp0Ioxq4xE({j?|W=?@30Q7vHxS+frlhCTViRR93D)NYi
z^cKev_C3{*X`LjJ110Jn)%bp&ZRZa%L}HifC@F0``EQl+Fs9?7@*JmZqoNt!B{(m8
z+awW&Cwpq|XYl758Ugr(?Gd2IHg#mNuVblJG^MQil|`QqXI`C9jIzZeBKg}^1)H1B
zs0Yt*=#9qVO84SYTZT*(@V0#0R6kU-qQhZn37dZ?g931*KR1!fjq4x~`D`R!80KV?
zJV$NtUvHe1VIO0Q=&66iUIc0Y?W*W>$EvYk>|%RV2K(F<%bY!zSL*SCdtv5`)tNmb
zkAHFWn%N?(EWO7_u7ORCCl)UHO@_y)NDBlZ^OvefOY6HuTKUvvdb+%@U>;-5{gC#2
z^Q)EUx0x(}ipu%xd#U&Ln|UO*O%MS`91nBm(wwZG0iC`I1kp6KH*?7RZ(v&<ZHZS<
z`qv*oc0uO`e8!g(+#mYstU52tOh+VIn7kTGF<1#yDfHPAQwWcwh`4Ksax1<@%$A#k
z>cKzDkqnZY#V!`UOj@3B7jl!b1R18yZp7k67<O1L^-IV7iV2*JcfB{g?JJ$;a4RqF
zS7nYJ^8rMa4$euqU*eF1I-2b%oin?i6rcfe`78`ToM;&saZ*`tH6ax<s+l}Z>ad$K
zhYyHSa9FynT|>G%YTeMyeZm`R<p_Kn2(3kMU$Ifnlr^O_Z$12bOwnG<=vtIs*)|q(
zKnY4G2=oWI4N&y;h@%S2QlG6PTM>B6n38d)y0k6cc(HXcp+Xf|^NSTZSw3W;t?jzF
z%@&kAUB%?&pj+|BpO_13ASm{&q2@h5PDgyFa41X`q8q-V4o>CGf2OC3wX|;BK?u#q
zB>Y!RVU=~{Z*yEQ&39>2e_?&|{nH`F#yK|S|2ye3G4axrcJ@$8yQVVG;QI>Pr|Ztg
zW(yI##tU<jgtk1MZweo0Yq4>~e5UA4&H(5zucKcwszGd2;=;a7$^)-uf!5vbi=m5b
zt~hal%{r5_4=`dls`$jj-vTLht0<AY$)-q}vUMpg)d?mrRWA3VN^pO)1J0Y=!pAK5
z#DK|rPyZrTwL{QfG1=#&M4*$;7+XWTlIC9|_)nzxzO-irb0G^pXIjqT3`{o9>uN0*
zdJ|WEb}K}yln*J)7j$$v`KrMaUj2WyTXngj%oq7g2~zd#t`C|lqJJ_kW90Z`7th1P
zOBNsaS6UR|H-bG+<~i>@hcX0`-a18#m&UY{2jf5~1jF`ePJwog8A8&F&U;%<2F#7+
z*hH@%cY@-|;t^93T#4_Gm)6w0<(i7bKsNxJ-Ll52Dha?1wP%8jIcn1k|M!N`7v~Ht
z7I|44plrYA8@J&tE}#DPU)7Fkz?UHznT2s;*B3vMzPDW-v%Ly0!wPYJnGJ(c4g>z2
zv|bizF-s~+tcy)}SVfFIr&1m`vZdP+%2$s_7bC)A$<X-ACuS3f(BSh6KZ&@OmOmG@
z?a|kT)MSS^PTu|5{*PP0^|ys)-@yAt-iLesx7zk^vfkOgsj|Z#&hm@0_((gN8yq<G
z?zB~g^@AjdePdT`zAKdx(X)=~TMyspy*E?ho9THcf0=D@lqH`D7)rhU+a&T68kQdm
zd_+O?U(^QVMD)IiSnCaA?$h}8%Rj_kyN=4<N%wUo-RFiy&7(PP;BSZrvXxFpcJ&%v
zQwb7l3ZuVb`i<vo?tx>^;hSEoXFQe}-UDN}qAncTex`B86oDscaP2rHKpA-YA}1vL
zfkq?Kr$DxYsOu-!$?Wx{zy`S9rKkwzn1Bu2wo&rtDBST-zKE{VdH`2@gSsYV?-tG`
z+z8O*x^L8Xg`E@~2!0ref0zx8OWm-|t}|jGFmEE+FRRKr?Yb6YNGLb+*xe8)ES@X{
z^=?w%{g145gOO<42>*p)$uMQgXHIDFGCLjh_^?Wzvx(p(Giyy5g>4|wFG1fh{@6Z3
zi79~1Ch??!Z5hLo9~+-!e|IY|au@|wFio2EGTQ?%xfubBDey&`@V`nd5`>s#`a_O(
z?Se@}jmOQ4ge$_K0Hc3%wU<3|Mo7OdvB8dQ3?H@N1z~xf0&ce2qcBUo09VivefTgQ
zavXLQrk;b6Q|9__6cI~=RRdCc33@+F?+)3pf9?f|t}DEwvM*2+KEyyFCKS0%+k`sX
zR&kb{Q8;@p=7}Sp3I$HjMg<1qktEnp8xEmaPLTv1pDe`Wf5PV*l>6|APC@{Zz%;YL
zNWbW9Ry=y2kHWl1gXegOWl*F3F@au8C|AlQDH`X2V`_H^+Z+j@uO@c0NpFyjC_rXl
z>K<Pz&lWX;r)B|&B*Ym0kqd~~yPK;3^GE>2>NE=Q=|69s3%Acnb_&$_YsWT?<VdJ9
zf@Q$&ZsuNn=DiROtsruY)g@)2SWRqDd8MqL9vNfP@EX1hc0BY?pG4Ite3Q=pc}7T+
z9{ZFfUnz$<F9GOm!ydZvcq|C!#_z3i^h7WkK1bwWo)r>7de}yL?;&BpbzTsE{+FZl
z&&<|$NQlKc_((3FCtc}%&*K-(XR;*=(g^_&0N7GPwuj1oh+$b`0o|Z6(&;Qz(HO)X
zS^>_JV~&uuBnDIe=sijQcPi_d+@}Tjr_2~g=$kVwNcLY;R$KfHhe&86k}Ce>$|!*;
zZ<DuRlmppvCdmd8y-0M%!)1No8~l7#MEEow@nNlq6AQj+lj{Ov8>b*91A{p^p+8NE
zEfTLZlAsGPpwcl_HA3t${$G#Mt|WnDF_3)_S(E@|>!bPYQCW$|4EufP>s(9=wPa(L
zX}%mBiAl0Fe{pq^BOR05+5j!>f40-i8;6H7e-vV&f{7GZ=Pt)4-mia+ZN!`P9i?O%
ziP+rb*ubzj(+a31P#+oLx;psWC`bP;lcy#qboc4)L`KEfvjPVb$p8wx<2Bq$QaFPO
zy_pd#P7F9zgCFg3Ez&FB3m|p?=p#J5VwZ_X1?M{PNd!Uyk)^!utUXBf9TFme2wCXk
zBGL=W2dc*>+3#Qq9o!%Zbasvb3JWKzCkBcmJ(J1K&;-=(B^K|nYT6N>^2?M9wLlMA
zKtxROXV$u4Nmh?1!I(N|0g=Py_}Ms$H4G0W5Fh=Jc{x}Cvcp5e2<et~Y)=I$0%#R{
zBxnNRG0>vk_)@haDOkgdDZZj?dbG^homsIGYDZ{Lt%NEHHsrTFAH<Y1=<HL8)sS8A
zox18XzKuo3aC$|sI1(CwhyNmS%o7-X{pCSt_R7YQ?900x{S;VVOCxbN&qVgM!nr!n
zIU&AX@b6f}DeYMw{l$6@Yil6;939aW!F-wcIwlfmi>bf9^`>B&qmjUDOL^l^1imrK
za=cbKP4IgMNS4m@8^^y{9Oc*xWD6id4!#mEpJjb<{N`!p-9{wLnO5<(92^iB&`Iao
zK_WV*;Qg<aU(x?ve$%^SuG28)03=is*+}7mh7#C9SX(-MA9hh-H>hCIuQeDd*h&y~
zI#u~jfIZpb?KBCVJWxiB@tfIVo3wcQUPf*K4^I!Q(zI!jeFMF-TiZ4Gjsj!PrZM$J
zypu5j??yn&lHLc5vb0n%Du3b8{j~R|S?|k|+IHt!W!``^>!5xVn9-+q9NLsN0^1!L
zlOv^yE2*8os(ly;)C|1sn0*_G>yQv=YNRopZEM|Qt(9(Vk4dA+xRjmEhc(ip#c{8%
zjzSfR;V26D3k!QApi2+erl#Ei#sd`6*#JnO;ZRq(PnUiqyEUz|aF?r)2$CdqI-GDs
z5J4y^)A=H%s}wd3A}D#6%XX;Ke7?(fsPqCHJ@9WGISNGq0EKiG0JRGY0BGcc0d$Bp
z03f-`5$e|k2<(cg>I!Y^@*C;{eC;_u)*C@#^Qr5V1OQy;p?8zngYwy$kwBA^{%ulU
zGnE-I%IGv}>r1H`czV<qF9fXpS4qidV^I3t{rc)~eNRug>RkpIq=8EK(B0XA`zPJ!
zi{SUSAq+s@)w=$;?ZK#fef5_8FRFUl{f6brdyTaLl7QX>ZNSyh;h3S`H&ufz+5>s{
zy_5Hbw=9#?w?DWhv-<>g51nw#P?-zshA!f|t*OimWDjv3T6}LvgTi*zW@tNkG$NNR
z$g*#SGRnbTw@m@p=7XK!W4tM2{MBQE!(+nLB71=yVshi+R^w-Gjh{^!m#!X{9Uhna
zHm<<_QBm%rveie`lyT0Dv5%k(wc(FC-#(sapU{(=FwmJm(wj9-u?eHLrox_>zzNG?
z2G*Q?(qwJIo?YDT)+Fnt$t$0+j>D6=uO?mJid_5rZUBI8IEi+Xo7&WydOQIo`=P^5
zxS9d~YI4(zz#;RXX%oF^{g>0GdSiviUKgP#pSM%%V^fZ3pk&~vL1br0!GPu7OivX$
zV|Y5vYEUB|?L!%2*z|;4ow;y-hMG1b4(_sCWI<8pdgeRB3&4SG!|6gmYh<s-x7i@S
zo?gpOC@Q?}7AS%;-FPz4Ki{2{GHrbF$@!$e`dj}eq1kuU%s$ATHl4A2_~#&8Utl%-
zsvn5w+nrdQxgy&+?16uG^E=}-@ToQc@vWayFdL!+@YsgTejb^r>td7pLe^%?e)|lq
zF6eYR>HU7nQ7$)NP3Z&^x+6%l8K0qGOh5Q9S8`ofhA`0UejiMi?$LIaF1+wmaX~C2
zQTruyT@DSlq4&=(ywhHMQm|Cm*1w|-C}`_D8D6pwTGoqXKRq1)6@oQLopx399bq)Q
zW|oNSHnCjfshLOjEebF2i~i-Bob0f-Ud383MNo$?%rD8xuM}>t7HAJT%hSJo8|szo
zue4h90jv$+d-V}$Lj?LuK3g7+&i$9mbYb?_^olit+vYEaGoUk4ek00yBdVqumcd;3
zXZF7x7HRp#>$=NoJENY$o0Of|(-W>!;YF97k?K>9ZOocM&Fr7IjJ|Es%9C5`jKHoy
zIJ&rPv3Pj>!s7Y_=aMXC!%%OXun5u72I#z7CVz$|W7ZrWb#lwE(d4%++BzS$Er9E`
z-v1r;80tJN7}UUY=cH_B4R@McTQ~p9apPpl=<nw`ku595t&jWuudR2&<<K6&BMyF_
z1}JQx(;m-zBN_gmwjWI&)O-imbZhue?S1(Eu4;`?#C)3nJwW^WHvKEnvb$kuH<Nv?
z2R=XdW_|SodR<qlt8Ryn!NL1|&#Y)qtX36sVc%GB|Lg@N$=ZE`w0${IB^<{AVQ*jg
zf}B#ofoi}(6!}28_CQNiN{8d%e5$IO-)P1HKkmVl`QDtq8)KAE#KfK|a<uTnI_<k{
zEt(|&JuZj#DnQQ=L5RXRFcqF6C!qgj-*5!`+J@EQ<;+#WCsPjYC*Ou{`lHK5*7<b%
zuBD2UKl*K%_SNwz`k^a2>;Ae$8o1kUeVh2JDDsy~?XPWHW^Nmx%jho?v0h4k=K%go
zj>zcvt=|11*f#!)Kw+oP?l4oqG0_iXjo(ZjJ&yiP4}5!Q=Q30@GGjRQCBe1Z$*-4u
zi@r^rd&XF6{{DUcq?^V#s;Obtt$}avPFWLs1{4O8N0*(nM|DNeWsDgg;s{Xq^yByK
zih$ANhdrk$n}vIaXGM>;6pu159A&wpa~a=;gn%7|jQJqHQT7_9Wc-XH0y*=S{V>~?
zARo;favG8@o?QrI@EPr{Y|_ss^RYZ3{!r-XfcXTk2JY7m0#tc^-Wb||6tSpEwi36;
zW3EDUFhO7WG58xbv68kGZMh$pJ7PIPq`16ouZ+cTh1^Lbv40}vOL};y#E)KwoV}W3
zExe2N>~I+fHfnqFQOu$#X!S36?AFfJwmUy}RzFRDccn!_IV9W8p|aWxWpExs*=*PQ
z(r&e<plA12yIsuNQ>c^ufG}$p-DKF4wJDfzDq<ohjcOe2I~~z+h?3W<`1h+>bH~Yp
zcMke<C4R<v&1XeaCpX?|G(6x_rE9~`Gh^RihA}K86!k4{^~c0S^+@vH2)WMm80D#p
zUlva99`3D<FyB)T5XK(;?Cq}o^8TSGy?*sPNKqWi8K(YGMl$tvrS$X7<RrkWm}_|-
z+JHV42?a@%5O#4c%s@;l$J0DBg9~*DL@m|CPpmC5>4LVh?5SGvEvX*{<I{j0bBJcR
zZT@I0hi_7viD-Y)SX+EYNUF|pab~c&Ol9VXuIy<AxE{=v>D!kzE<0|Fzts>pw3+O1
zpp{%^Cy!mYHZLQt8cf^J=DMj8{3dz7>!p5{{txzEI-WJDZ)yttqvy=`<g(VY-v)y1
z%w=C?>f#jM`VPt;fVfI34Fw*lejk8LlrS=Fo(;3C84K){WVj0{GXn^m2@--SgMHWw
zm_!)%g7p(=<~aYvF}1qqN@CM)Nw4I}7h8zdGY{j3V}wN-D*Lg<m?sUd9ZE97y5Nza
zKc2pJk%OCCeY*YoYB-}`<(kdg3E7KTb!nGy8DZ=QS5?k=^V|j4f{*&yOUJ#MI-poz
z>-$`Axl*;LN-23AqC2bjmL03VK^*U|VC^~izr8moZ<8<aXXqQwKF<&g&Ouf4Nu$N1
zjCMZWoYP-O6lVH4tmoD-^X#`*X@-BmwP$%@$D5@ou@OEM86GV@RSi=uI^}PE9s63M
zz<2%X2cKKmHGI63S6ew9_UG1rt+99g84aJF|M72I&(I2ZSNXa%fR^EL^ugjc;v}$?
zQS(Dsu`Ar9=88Mt8TlnFfNiWbbW(O0XZ7Lc?0d^gJ=Sk6d$vNFEPsa@B?W@++jXL{
zPp@`M7Z^cM?&0~*`a)7=XVbPPv=0IfmgdcuLw{IIw;u>xlV4T*rvv^_$L5dEcup^j
z&q;HGfAj74m;HwlIXX33d~*yxn{Ty&o2kzE!(0qBW%Nb^cjGMBy$_hVAAU;qzdt+(
z3t~bN##5~M!F{gQv|w7hMtiU_3IpMtp^c4o1)ou*o5)K^9jE!r9Yt|{;NvSE(<`+`
zsS};7`!YVv*WUl0XZP#%e+II*YZ*HC_+nIlq^EvQAi$RzjNyTv@4no5F4N00VCAJu
zN>?mCM=mxeBcNQNK{aeBB0tZpCxr~BidQ9C1WMW=)fc^GnfRCMTL_w5;p7x}(6T_1
zK}&AVn9;3761OL)`{?ngRx^OWTl36BN!15qTO~FZc-UvYX`^#5-au$=)S#`cGhQEu
z-RZ(--`Lb6_eu|XV>;5Gz}dySDiR>IN|N6vRvsIVkKK_m(fs-nnX+zvO(5^zkev)p
zZQVu|NNnU+*QINz@2z%j_ocgFL#!Yg&mQ~1%=~&@gss)Za(o%H3JCis!~m=>)5=rt
zg=VBbu39;BUy9d?Jd*Jr;|N{#cjm>V;`B(?KP>ta!D60;#&<M)o;!^zAr0Qy<)}GH
zp|5v7iusl9P-9l6V#_T^R^@s;GGS`O)i0=MyZK~RqCCRqT%vh;L;Af#X7goy^X+3w
z!BjZ2)-4}<-DG9?z5KH}>kd2{Ws=N3jzr^`c40(yskO0ie0HPMi|0OuassQY`Ra`p
z3Gk4jq+@2oJZamSuNxITS7eOaB5G2KFIMr$jhs*PnKI6DsIjg1e6DkL_~Fd${8b6h
zb7SQn^7d_B1S|GR#>DgTIPC<#ec30tm<g^P^^#;N8ctkj!m;@8mA{)UZrpCP`9Lwu
z28(5_T4xn)qZ>`y{X7`g?YAz~-FvRrt9^@C)BQ@{hp9$f&^Ln7;3XsdFxQ|0-=IbD
z{*J1QxbJNiZmV}@n)y_CL7NrXbwy0Y%@;Xv*W+$8UlzV{2P;{xRGHn9q)fk2dIwU<
zb;~{U>Kxo!j>YMF&FduPpG(_L{y#6@Wh-`7h&(4A;mC6LbBinJxsTZT>i3_GzQm*C
zi6*WOY{4uI^KaEJ#|!+Gh|y^iF?rzF6^n9iQ%_FgN)7MeytEf5r~T}nUwx-kR!~yX
zpu6CO!*08X=(F9u>DE1%-r(*%%6iMP6fh`0_+=~~#p{M25C4FK(SBxim58+KQQF0+
z;A}?vO$Fc7K{rX|YcwyHwayg&VP7W2yxT7B=Xz%qJhKiybMAqiR<4ZPT?=`7dg4i7
zb{dV63@u{6?`3$_X)MVjv_$yS6CU04ff5~yz}@$@^mO`|w-)+B=hWLK&S|1V@^-n^
WeIJJxPLq{8ji_TqZy_cKK<j@#ncd(3

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-design3example1.gif b/windows/keep-secure/images/wfas-design3example1.gif
new file mode 100644
index 0000000000000000000000000000000000000000..cd11758ff492ca25f8b75e403b66db4416b7ad7d
GIT binary patch
literal 22393
zcmWh!c{J4T_kYj67-Q^1Wb9)f`;attvNW=9HHaiMgtQMc7;9sx5H%Db386?DYbY8^
zLedbDN@)4Yr_X18{qDKvd0zLPbDzJSbDwiw&+9t5IFc<wBSC>6IsoVbf9?Nq=HFdP
zLG7;rq*67K6<|^dm{cH53ZNzxP;v$GuUq}~N{m${&Z+`Ksl-t#tgNh%_SGZ`6=z>9
zWnYQ^>(149=XwmaMZv9F!L5<(7E1UFsEtAZP@~opsr6JURV|=}7|@~{&`1hsB!;vD
z5kesjryJ5@ACg24sV0SXl0zHGp)FRSEx_3YlZfun&`?T5i&VUjdLo@1+iMlu?Ht?g
z7TZZUD|Cx*rz8zh<2wVAt~w|6Qj<EJ&yFM|CHb7~21<niXS)L~cDtpHg<R|ox!4<;
zT8XR>Qq#vmQ@ee#CL+>%Po($mQmG1+!u0g?fV}AwS%W9?T0#n@Lki~N^9G$ug-Hb?
zXA4FmN*CfwyU$)7xp;NtM8(3@t5+|Uj-{54QCfttl}p>HYTK#Avz24%6=N4G=i;kZ
zvnt2d^Q@BUS1T(k^QtHEs;3L8CsG^d^6IBAwrr%gtY2-MzS=l<wq01-IGx(Qu~eGc
z(%4whGMCl4n%=ox(f$_*+gsWz+vh6V7qYs46?AXccaBweF68y@7WDqb3kAKuN_&OX
zy$jX7OX*|6mhOe_?(T}g-K!(Q(vjWDL1D|_Qt6nmVobQvSz13L>>ODwofcM32&*TA
z-D6ALW2@a`>%C*Em2<-SY2nz|SmU&?cVfMBdbfT-*fJ;Vp5ASr6Sgb}N2b?DrZ>i>
zH#+~~xsC1x;n>{z*xW|%!fxl1P&hI&F}E?eusb(5*SjPfSrASvY!5C8rx!LxmUeqr
zg=0&*6HB`ztHSA}Uvo>_W2?f6)!mWxzpHS1b$4!cdwNwkx4OHqy1lzFv9S7Ub#-;=
zZ*pC@u>NadeRpA9xU~LjX?=I~Z@3{`+Spy%5Uy_gTHV-P-4L$-4Y!4VONHyJtJ}i$
z?cMcl;l}pv_V)JbufISj+}POuoBSpGwf$@3*Y5WJyYSa9;otag(XZXzU%SHHzb5>D
zLka;QO2N5_+rvakY6lNBRrY1#RBe}?>Z=?MpB&-@oE}#>kVUY|R&Z&#Gh9UUst@kq
z$ZNUFpXPJL!x*DC$fwumvyA)Q<mD9$ss>wX$8S3qX@?vv#A`XpAGZ~_m>$o(b>O7$
zJ9KExpu-)up`vSh!|X$6mz8l_yPj!~^~GW><9m(o0)Al{-wr-9uweeXF_+{uh#Y-{
zj*1$#L*M`KoTI9vh?vZrt}wn`T<PUU=!oT)7@l_MY}N6&aroYm(K1ub$?76QX8YGu
zf&iB2(P_C}gq*v*x`>iT*N!$NB+Bjer{1g^0WYB2v4b)APt!9GPrh&bw@qiZHTIRz
z$Y*eStUqUu?9o@<7f0fAs!C>N+g?;15w@GUt{#;BpAdi(Y0(dQjNTr7s9QLnV3E#+
z5<WcETx3Z}Oy#Qveu?xt6;U#QJ@A%vI_EOvTGUe3Tt|Y4@!QSGG2QghH#Dgnd;i5e
z^38!O8X-d|l2B{F=*59$7TlFc)Tmo7yqCT-60`Vc@`Z|rKc@&4NS^S>4^FO=&^pHF
z6oD-sH)9U)fe+}SnD$RK+K)`aub49MJzRH<#L8i(BfmZ!cTHFp$at6(kGme2RI{tP
zk!v=hrp=@Dy)sHfmQ9KrWB>eEb1}atvxMBiPuKcw_^|eNZB6|h?LN23Lk1BH;W;m4
z0`&Q(`x|W#XDm4YH=y~8h0Lk%mw9nVTlc^4Y#BwtG28o(9d+am<m~WIN~M^3i9`?9
z41z#{1Og3^JobhydH^8X0MUszDpEh|_UTrhogsdG>ZTXg&xKF~EUjNA4{M&>i^l-~
zh`omfK#$#p1ENAF0Qf3VuGsSVheY~S^Ks7eYdaZTg{lWhYu_~gm>4$<+@A#)qIDrQ
z6kyq`Wf*NDNq30GoZ9YtiFvfou<z3x=lj?VyqocW?y0-k<qu<Wy*L-LV@#dD4vjas
zqw&fv`{v9lDqfHfw%;WVxN+eKfKE#UQe!5*i|NcXf&0x>WBO#z2!-6im#OpajB&S|
zrxiL0mzG$=fivfRen5*$!k!)Z02$SrmtWX^abqf#ggDUeemeTt3&kx7GtATBKJm#I
zrl=&<?cu1TU&HU@Hj}<9OU3sPzrR6F^xkuqVT_Nhl)mq_czL5MuW1&<89V!``N@9E
z&sK=d-OqWs-7a58ASLIggZg03uX&mC9(z|Zn}#e02w92>u~Y9e7nA0n+A1dLHoK@c
z|04%<b4-Ap2gh%JKJugK4Lj@iDM{DbzMf=w_a=xf+2^0Bb}S-Qe@5rx<0?lf{4rJl
z2Xgve2TL|?6R4*Fh%mxTKL9jm>fH~G=FawvM0C3M$DJ52y0IWkU^g-ALQy8cWnXoX
z+@P2~c@OTqHf2c5-T#FKj^9h>8a7P@SE2P%L_BZ=hynf{HrhE{(K54Bz1`C^+Fup=
z?{!CVeNW`Qhc-|zFT@@wIM2;QT)WH$YeA0z3;?L~(`BSmI)M91&LH}KXUS~e(ebHd
z$U%mOH`BxLzc?(BxG<1~?zZC{jt|z&21`>rB^kh_c<2hCmH0b~cL0{yPDGJte^U`}
zs$BBAxWkP^n)uzsL;8(mKuI@TUMEOY#fnj+yV|S#ht85rm;gIMzu#~_FK^L6mz0cB
zDebS!kgzlpi7G#6N^iR3-ij;?#=O$NKUN|)PYT)OjUvxV@*ugyg{f8b-S8{Fm+Q8f
z6`NRK>O<kVUl5QvoL(o99rfGO)ppqa`|ge(77x5rLr3Y_`C9X*Y=(QqjC4PiEY_wc
za~P6dWh^B}o{NmUX>;elxGVR9R1`9!oi>n3cQg+Vm_;tCs$Za2I~%HPZPR<ddM`S4
z@5@r4C%_$jII&Bey*;?q1GnWcVXVGIf5~>sucih7*$#iWbUB-TA?zfYtLdFrh3aYy
zRcM^|*rR62z<U2sE5lELe+<{4FM&>(JW2Dv{m}@kyGY|2hpArUW*8`7^2+ahk<hr-
z*r8u1^BE6)PH4(_+IWm>J`T3X*czD@{s;y6Tj?HDh?hhYs@(JMD=&0A8D2-_oe;Rb
z^Pj{A)?6KHb(<KloNiK(#80)UgZdK^NcrJISN3TN0)3^c-exo`YLJ1r#hG^S7jZw)
z!HeI{&;Dbcy&n^~bx}X@I?LvC!=y$CMJZX;D1Xt0Cq7xC#^|R@9@AH=jH~QPQItr(
zF<;pXY-;t!$jlC#iFFVf4UXrfycc`q`s|+-1EX`5S8>5-cw&`}?z#NDAWRg*Yzt(!
zW2hwQ76(Y=BM*?L!DjKrkqW%<i{kCZx7$vJ9E!Z|uk85Hr1SOgsfZ)lvv<&^IExyd
zfLyMuZLTctl@xzRpV2}uI;qbRN<sW#2U<ME^zBo6(X;jLb5z~`M4j`4+VPs%Jz+}~
zr(dE1`ncut?x5iWATSC^fD>{<ro!=w?Z%v~T%24UfzORB)*dp<bjXn#2M46*+S1U+
zrhXlu3+BAUjZOrWgrb}InfgW-KW1!BYdjNeYbssNiONj?WT<NOzsJ*WaC-LS?Zvqx
zIFQV#IgA6bS1Q-@O30gzH|WLZ3CWgU5;RfLZ;5U0kN2&{m&oZqB@W($us}D6H<aJx
z+rY!9P-A@f-Znv!F)Wx9ixoguJ;>P?Z1NWa1OwC%*z;*Y-kEE)V&<i$_Yt(u_#FoH
zpN%tStDu~ineco66Iu_c#H0bIwEwJt(E}z5i!!j~p0=}e5vcWI&RG%mDCLrK_wc5e
zQwjn8$E?rdNBos@7{(fE@i}(~^S$2O6CacV?y+G{ilS8Kh-JxAtg(3Geqdb)*uywS
zSeL&r6b>C7njVV%*?H1QdJedX8WFLG9wH(~C=NH`XhlYxryrtZk+MeoUyq)LD06Mo
z-f7-a^oU`K_%Hu>?c7{$LFxObf&K;@?&eg=vZQj)?3<UojAP!tzTI@(-O##O;Rg87
zD_lvsfqeQ0P}BmUMiaTd=h<$$$$7vb|LL|DL?kq70C86);0=NXK55nJe&xT5Hr?}E
zXtF<{&+lL12g$?m8yC*~e&LjEl-8ttH6s^qWSM3rHBXGj^2EDuib02(Gga2!LU#Tq
zw)ion;W#dkCTYaDwDuguryu!Og0WL5;#CP`@-f`IYDP54_Do#fltBVrO!d0x%&*I3
zB*ws9oSzyLUCZdEp<mdXd!&;3Z<xpfitc`Zh8j=BZKl5D=`~Wt21#jhbWoiWLnJ=t
zP*WNjDKgz;O4`xPdTr1_i_hDJ8YkmqS5p7SXWsV|p^#z!JwLVN$AI-1%2%^SG|{~T
z)%!_0o>3sLC|yiO4BQ5TZej)@&$V&Int_ad^GgUDj7&xbnus1Ds2&?qX9#2z2^eqT
z8u2>CANR=TGga)$jQk_6*nJW#ycUOb2C*KemDAbZe`pr@`u9>U4@x*f_^`L;z*-aH
zCxDG^SM1}8Rg~bKPeUq+*>hZoStayh)o~5dWf@4KG8I>(ff}R1BdKDu)SUa`=vlhh
z`6ifV3ho14()&%0NG*m(26~6ok2+o)p{M5eB3ZChAqhKb3u(u(T1rG8IOhFqLYPvJ
zD-@4IL>z()hzarzlC!BzaY1kP3Y{SziDnH^V3;9Rcoj0zBoahI?efy=La*!~QJaKt
z4ctYDA(q*j1J=rZPUTD`a|X7KS~hXQP9s=Jr(u;I78%(4)Ph|h4O2xqzQ+YyHVyih
zh_f&SL~t?c9cj-g9$FU4D>H>_QOy2_N&R#O4;+@;1iLE`dsBk4{v>my71u$RbV(_W
zO2Nc&!X;V~AVA6?7hN{R|8)lLg$aP>!PZEqp90kKX1E3~AGw%swgp_LC9$aoV(D;a
zPKh%etjaIRKMT&5E6q9!|EY>>`Y5upmi?s}9p{-F8=yN0KY?yWhgAW|G%>gn<Wd&y
z4?PCb<ibrx#S-Ao42UY>P+0K|%f%8h0~*WoUzx@@{k@x|9=;Ro`dX_hb6_9~S2txi
z=Y+Gf03I9<yvT<iYAR9X-te!4o!+Vt$lc5k+CUmRr1t=&NB;I!v+Ub<fJ_aAuT)92
zfL)%5diuN^(~LeQh!pJ+gP);0r&pNMZ|#ehF55ySr7A(jWtCOrvAbN{!95oYaWAN{
zg(O)|u7cGTph|!q7bMh3qeu9<IKd^3q17!Qc~KR)eGICtC4T9QBp#@$P~$?+NoFa_
z+Da&&w^3}P$X_o}tEb58^kPQ&DyhxL2oA(LO%hLs_yFbqu+Y6EX+>^)q-Q9Ei|E{R
zKSMZl{<uULkFbYUntJT^zD2MnfZQ1u<Mv>p3(Ld4%j+14dWMOT3L$4~i#fA!Cd#9+
z32n9oHt3W(7YTdbbSSr}B3O9a?`OXogaEl*Z*_(b)ui~ds$el?N}~YAX3nK{Q*Dwb
zmbe6!PrKklE3Wu~&SYH6uSA(G7H_B^ZRrqiKbHbDVm_Wp4ulhCB_>ZuhSyo7QDH`m
zAaXrE2dAjKRJQ`xVohOh@nI_#z}`)0<cP}v<LrI5j1eBJAE28?N%{L0w@iWHA3;r7
zibohXMvD;_G;tkNxVt5Q=iUorB9Aa2SA0EgFV(1Q*Y(Pv+c>(}r=1~9AZJ4L2t;&o
zrrd2Ds}?PqkgeUd4tYlxvw(pZbTI*4ESMxMwFxyTvpvLU7&}aiARz9LWMe$7&9{KW
z<A!JW5Od)i$diEjg~Pt&RyAGU_X}rAas}<@+<(-Enj<NpdAHn}J<v1}@CyxJ=kSkQ
zbR~fO$rBso6ud?veG5J3dXUbHmd+EB=A^of!w>(RGjIfyKl3rf<vg~efn1uTW>aIv
z?F`>AaC*H&lO=Gv>HNC{u*{~I&pr7zI`${Q3mS&`(}b390)*r6{nS&ZnnAVz0?E1X
zuBv@3Od|@6k=Ef1*<z=u@D)3dJGb5)B2q(>%o>vTN>kTw5``Lr6}i|*06W`6tOu~W
zwD21O^b*hlArJ=2N^)mQj5sAnXvIbhpy4y|W{^iB3A@N8&TJVA!1{~~?E^v@B*i=8
zJqtbDgstJZA?c7EZL=XkEAF_I#~#tNkNS`AVQ1T)JiRBsZ&>Un9TOx#y=7^~k^py(
z_UjzYH+!&sq|S*x(t@k5w6~KGD#9mWX*|MS4lL@kemM#2D*?V3ByoAqW0}*>LT65O
zeOBrZ!ge#jL;~-5j<ys7l$U@Cpmm^gpNe7#L|+8+p+0oe^OPju2lOxQ1L;rzs1y=P
z)tBUf$aX;VCIs=l-=)va_lxC%5h$n&Jfeyo;A3+Hs$x{w{eL>&os)XF4`_Q~MAQX|
z@sgjs5Cghk*ML5wa&31KuwJK@#()q{f<@;0z)MEBV0|;;553qTbLIy#vqZDJKafd?
zUrb*=!pr=<<bG!pGS)sA$}^)&T9?yB7WpDV7trw;y>BNaw{A#$4|?|K#uEnusDlTS
zVkCM|#Ynl&&sp(m(~uB4#7zbMq7Lw+iDJI+-lh%-s)ov$`yUp`|63edZ)j=UXDn`P
zNC_s-S{XuF`)75Jy8STuuz73G=JWov)=`yS2hZNL^S!OQAp3FbK^(-3i+x)D+z|7!
zb^?s#_kh!o?)(Q=pk^%>REWM|6AJcqo?&(I=8@H-b)NgAe~h}Rj@fwIq^hAun=mg;
zz_QbNjU*BBV~N;5gEw%<_uKtYDSMTlN`Zrl@j?X!2IJLkF1UOC6{Kk-u9p@StU{+l
zN}{0+QvR+>MqhoLFnQ*;6p((vxXx1(=#<?}>HU&Sli8PMB)j1yqcMe8-5<=7tbhZm
zqw@8D=tF{z9<8;$u(+{HqS@+obsKa^!rrM`5$itrJ!X>p^c4w%DkMqk5%_KiC@}#D
zq5}Vw8FP|uWqprt^7mAj@r<2)qv~t!g;AuPuTsY7o_Di$UBl8L<hov@j(z*SEx?=r
zkNS*$yNR-{N*m}!E%V1z|KK*i=%F9VlPctI5BR!#H>UegB&qs!k|Q&zy>bl5o5acA
zm>D7!a-NDku5~s)fqDF?Vi^6FiIDrSkC5j&ap;77&zT>52K=bc#fADFv+4-Ts2`pc
zUQUc+`J+wd^`7s4R^%UQDvx*z_5rHeaM+wC)4jZ=yu%Zk7bU(|PP{+uZ6me+C<QRP
zJzS}PjC|;ra?$d|J5b;-bT<PMxcSC%^p)kmn12Cq{}&?Osc>%mo%tekx=FP6$)N?i
z@%L)&_5Z5+E9+P`1MZ}{M<fs3GrWHA8#JR@B0l>?6VZEKUi_v>T)4UD_hm7C^9xdd
zE8%@Z>XYvzl%NSg=sq<bvScZWz19R<;e&KGh<gbov!D-Vi_i~z3`*4F;*W*V+aFUC
zQIF?z+U^v7plWtOIW|vG<w829hG(crdKxEzo~Efg(!G2WprcLl&`nDBsPX#`=Fy2O
zej9v0{)A%wGcRB@tTEQ&DWaRPx)10(xv-ko8=3M1m0%4dE?{1|T?0?RAD22jXu#!f
zh8vxmZUPF-ngQdtL>>oW*3+uo?1QFYqs;>EZB3N_2YKqgPx||^4b<DWTb@`Rdw1_@
z5Enb8hrPMEPRa#0-_$N()9d3ucXWU5+Dq_d-wxcohqVzES^!AkMmYmh+@$c1rCr{H
z^{on5RW9UQt8LiQ(`o8IGy3WM2Qvk#zVCm_o?pDYkF3wiY~Q_v{R3cGRLIwbjc+%#
z$t2)e68wJw-vq*9JIllmssqS|C`nK5GS2Y&nrU4FU$oB-^!BSp+a}7axeOQ2kRf3o
z$RJ&tobG++)0fRJ6u)=yK^&mIz90X${fb?Rf<IxzM)Jgnx3(wUkqZE*Wr5f{4Y4rz
z{!gO*gWHy36>n_Y-a}Q9mVfBl&B#AXAcFR36Q|;k72+a4TxD_dEPz?G^KzsW(TKmo
zZ%uwZ0^v}wM#($12`Eu2@HtYn6C2{kAbmB8xLIL$TpC!!m;`!|a=Cr_yzg^lDO!N_
z9!C2kn#hazHODJI{wFJOG!pcAv$Q?|CCC0;`2JKR?e{(bYLk0n5AS#WM5CD}sD>nZ
z#`>^?@EB!QHQ)`zFj*8>G1`Y-*1yiHg>aK_<5+#^T>cT<SDxE;qkKJ0G;nb#u5f1x
zE@5W|0G=AN8fh@mz4j&4MO)UHKnz|04Y{Y~HB~vYlvOUtRvjZjQH4b<K6ji;jnZGd
zHM{mUI~^_Owfd3;1?YrYH~>mBd%f1$?4k*(03mTm9AkBYX->fMw-2p**ZT<DR3V`Z
z)In>)E+OJ-y&ro&Hv6z6WC`WyCO5qcHN5WM>9vBPQm{2a-G+*`#gFgp)rn9*<VH=J
zt7(LWL|J7hl)~{5RZ>T<4TE^BG`sWQ9TZ`WI&t7NEq`{o?n<X`bF^vmU*7xv>93ec
zzWw!ES$BP~`7CfelQ0GA+lqWQr+q+#dPO?($mTbI_-?43A*mR8weir?%Sr-BS@PEd
z0MtL!?&9q`evN9<+LqR@0N_&X@7~fsJ=RD<r@+agZYRL*9+p^l_gb1g=&qu^)J(Q~
z^WY~y1&aIq6>mv6C%~@71=#C@>cCKgr@xqSouI%?+<-eyE|ihn3Kp|M?!=3m?kQX{
zWZa6e{D!Us<Mn{CDayLl&4l^oN{}VqiE?Q<YJ+z^&c(SnW<5R}kY5{t^@8Zm&awvy
z!3^>gIpA&w(XsrXo@QBS%VX=7HRiCc3}fw<yztLm52??!b~Tg2b*m3rPQ^D`4jybg
zMl6o`gQ{Y7j-=ENF#WY)w&<yTOo`Pdnr<IPSa*=N@$<<Q*VH2oy!uv7P)BTnBTW55
z%x4A9rsWlRX->_-Y{|%(Srxpz?(6#<($WdllOVGwk%!cwRFW9EZAM!mM10tGGDO<)
z1BjiEN5}-+LVs53>*`AiKI?g5sjh?9zz0(ZddVf{e$|3t5vA3i_1XPYwzP|7C)6}5
zcP83?6+Q&P`x<=edDbU!;}O@jTpj>Bl`S4CN>bKVZ8&o)`%(CH&(Ee^(+PAz(fM4h
zv&yt}Wi^@<^oXy;0-O`79Ac&*fKCOMI@qt+dUGqvg|LCpdx!SUKMp6880?HVwy9i~
z(fre&5f2R{`xmAy1*x}A2M5$%J7=`@`#2X>bFUwSi}J4wd(2paPYt0$8Rl1uiadM`
zkxRE?+WY03Lkz^hDzMd=NP{#F$I>s~0<HJ`D6MB8Pc>U|d*qDEK~6r*V9$?N6~EM6
zq^-<}f4`kxW&u`FwpH{=J^U#eQ57JFyb9J#&T_aFO30*c`-pD|o<&`-VSfh=9_ctV
z{_K|4AgGgyO*)=U?8VSqn%$)1^JmkNf5-ZbO&iL|yCB$Ik9CWe5dPjF2NP98v>r%1
zl-TO7SBk7fxGNW~vD8Tr#A#6m<}d$XOLjsFQR1rho8Y5Jxn5-6{i+Lfc1pW1Nn#i2
zs+YEJ9OW0^euQA#@98=VWJo;}Z6k(8ihBlcm(zLpJFoB}G29>6Dx}HIqEW!+6|l8u
zZk^&WriStWBH-6kv&8Y7qhC~Z`l*(nQiJrh8@Bstj~#d0Rxd+ve%Crd%GFwt_&uEk
zafD-Ne<?cKfkc64N5R8i-j)%)U~Bt_k#XQhHKJP5QAxJy=>bt7F-gLHPd$SrlS_k2
z)gB}67Yy$uD2v3d-Dq^yd?<PITdquiD(3BDGxl1(awi^Y-@?Uv=0a4ywxFjrJsoW1
znvf7a3jr<dj=@VP{L2HuCBm}I$-)AyT%3|<>tbj6CeyJJBbT2rm7$3Yg&IPRTlV~B
zi2vZCVrylJw2wbFs@l9Nn-%f(SgnFArQck6aS@Q=+I7d=zLoh9-JeU^dtfiWP)N6j
zg^`BN6|3SsxIBotILd{;jO8i-vh6l6SqjXcPgA|8TkXd7a3!tuxi+#R06SnRQRZJ9
zbzk&umQk^dhzVXk#f$+lU}Ren_5|s?VpA@xen0-OK_q~KE21Xa=_D<?8j&J8>!KpW
zX_8fTb+!n!RI{{P&zh~;R))DVN#h8+N-bMi(jx_e+dpvf$oY}Xf+~2h-u(iRDk|LN
zW$#`g4P{&c!uXj?OAFN;oQd*5A_GR@dlq*xP2D`<ntY1ep-P@;J<WTHEr$DP^?q*+
zW3a|jx;`<>R&Xpq#A)ZDLA`&*WNo1cJGakBbbqAJ&K3h-{#x=x$dFPQzQ_swLZ-nV
zP14@?Zsec}diK)`^?p92@nR<26R<bHy~RY%FE#7i!gNc<b7Oz>$umf44{x@lYA&Np
z38Q(3M>%=>NuX;U7uT(Wn00+GkIA>&0w+!^je>@Hw9kCvSq?_L%slK+HR!NmYdP-B
zVZ4M*3nJrjhCq)Y4C`Eb^Ngi{<)9nh#Y1j2QbCxgnGa95eq!M)oKsDrIpgF*O-YT)
zx#`vKZDGnnlCPZv`lQKS*u~Tgzd}1{bs)a?vI1}OPC{sFq={NOvEP<b1Br;zx6~B8
zb(>=_(Sc)##HK;ZviKbQt=K`+jdU4p=$v-{X|1KnYlnSa1OkYXdtq66StokY2Pv%Q
zMjhcp4TmcqY@o9*=YrrK`=s@i-n_t6uI`aa<y@(7mE$;!;)TPUeLuLP5W0=rxpA>5
zj4D&bo~>QdoF7qKNyi0H#H17??o_oS&jZi3v=1-)@14~?95NDrb46x;{g=|z+SgNl
zS7B6JisVO<ow!DJDv)g1hw+34i6vx7QlMzH)8p!U1*z$+@^?ZY_WRm<axFhtD%U&1
zErbo?>95*(*9=QFZ9j)ON|!A@1Co<{b}bk_FQEGQt0GKAtE&>}426cJ<e_D{Sme+s
ze(^8u>P$hOzAUen&Su%ne2u%hx>gY1WiJyP4Ypj{gOB|6$c;Llo4g$QYI4cn+1Fwv
z{jG7j*qQqb*(0ts&i@R@Wo-kw6zMoUZ>n-8Z>ZGJwBu`7o0bwK{)v^O%T7<0u@YlX
z^v&DW7@jUv++J)4Dt_~dszM)dj(@!uMQivV`O9_gwwTeNrrbX_)4OjlE@W+02P@>q
zxj0^TqeusJgc2+ypl^CT5{4FRm72-t#YtbbIl9|ohNqeO{wt}7;9ilh?d6gUTf#H3
zB72S7N*oQQz~XY4x8dsE>mNiEx9W1EfreXIuiqua!>A5Ax2V*7M**;(vsbOguYLWE
zwPf_cMF7HOehElV2en#2f5#2pzxY7WC+36XGe-vQa29U9NNlL_f@Ng5YMo@xqH58n
zoSYXyXkmQW@OM288-TQlpd+o)N$`v0bbtJT(#KF4G6O<|{*)|sO-VC5opywPpi$a>
z>*NO#GHvKG7+&L7!fj!YcCE1yxB)$%%D!{Ya^Z1jHLb~kgLX&WwajAslbGj*GSK$O
z@ZXvHH%-bosUR}Yo}i<l+=D*I0O2ws*UV++#X|fMMk(3vZP?-u+l4NtEp3CW71hLP
zZ=a30Qqsy$OnId`e~ACv49i&twh8un7NQZ{<IX9*T$f5Cf!BiAs|idG|3-z`-unWO
z9S0^)gFHvu8RlX=h#5zAOvRcEn9hbZ;dVfx9h=!#hcB!8B;rw00Gg?;rorP}@@L8<
z?YG3_sTm<8=6-%=b54UE2=7eH+^+yCt(9F*!9IFXpq&E1$a-NsSYQdPxJhfPEW>u$
z{v{Q5iq!YiMUA-$ZmSf@5TOi(TQfZ=L?&LH*(!P#RL3aMr@?K+p`5MMBlBr4$iZ@p
z{xCI!K0kYrjT%&aSm(*|oWzoy4V}n!)a_L3FOEXlEqgEewI@34lG(1)F?KcDt%^j1
zEV&gFe~s`ZC&<6V<TmPROxI<qh$SBGE6&o!T*+E{PE#AqWn>Q7l$0<aLJ}ypq>LKw
zJVj&Gry}*ah$MN&hq@t!)bx1%Eom2ZGF9q|y#wdvT}3{UZRpVWkmGs5Vehh18LiCv
zcP6?3+9Xl@iNp3HG0$wWa%b52n>L&^i1jCiQILwReV+ErKH0VO*eLm=`qtW3=O|?U
z31y;Y9e}bJ*ds-e+8lX;xsuGy@xe*vb>%|5Ov)&*lMEy(6<0fdbstVihk~GU;HOBK
zFI<%Unpr640F%lhJ;7wMkVrgB7)woW{gIC&rDc83@Ar0-9mlb`z(2NWcS)ep26UpE
z!;?Bt9torLShkr9mzS$u0x~257#32f^9;6+AT#F1bu+d&jKdr}R#5$zweHFAq3lgx
zgPu$fdCfrTkPts5J=g+f-CCvu+2fI$$2K44LMhS&)Zr=F3Vfpy77(;Kkl5<s%yW~U
z@o0|9Ji3SR&|Va-!05tcU1H#zc<rDyM4WwbNeAcyB<rIBaFC&&LEm4q#*`9CjUZ>#
zq4@Hq&>B`P#GR_KSPW*c;m&tft2FERP~@yrwqQh_Pi?3K(I!OuZ`7~x`XJ?5NwqkN
z|F~=6b?Z%IVHt0PQ>Mc~nz~Y8QT~~o{)ng{t|lLEw3&eynYhcAwj)ibCKc?Xrh=%4
zF|{)Dla_k7;Vm2_bq1W&G?B{U=w7w@kT|f0&v?SoD8qSWE5p9IjJX2UxJ|h1JE#i>
z>K!$88*&A^2@0)k(fkC{wq;u@0-{KqpM!@@UVhp99(7=<FRH|qqAAIFS?3RHqXPOR
zh)Y~=gYk(@f7tJBVEf155e70Qgw0T4Qq{T3iD(!*<1HpD8gETcNcF)3>N6Tq7BBDe
z85egD;Pcr>e)_zmuvWFZ-TAQn4EDXgn!60fiGLC90#PIpf;3E3^2)c`(Uo(a6fOy%
z-xYusD6ws4TC;#Op!*!ehlm%Wq>@H1lVHdEdk8;4<$*9g=QPUbn-?^w+U6BW-1TRv
zZ2fmoP0=gIRvxcL`ID8?6BQZp_Tun=TuL{maap7Rd#H6KDEkiTAXv&JkWHx0tY^%Y
zB;~lw1CsBc3$uINQ+2-4(}<~(_XzM7z^v)##HDC(Sqi@I)8i{SBlu?EB;7WHT#Aj7
z4O>flg~}qN*A2}CHddny0ClwUoTgePdY0kc$=n#(?^HrHPkZof6Oc>Kk7VDMD9VZy
zAk~QlHTQ=i{y^_l1b*X!c(2DUlRRAI=Tl&s7u-EO=?(L-x~EOqLgTfoh+1;W&k828
z<J%C(LO^IHzz_Q~XCgerBMM*c0nXh(jmP@ceD(MEas||s))5r4Ndmb?A$}KzaPaPT
z-K1@jVCV6O8wu~rS~4!-X5AS~d;p*(@MRG*=;bzPCH)7}>bUjdg3+rvK|se(v>wuD
za-~0$<m3ICu*rGJgH>{(GT04w6gYFs-mp-@dwEZW1NDGS3KF`Onl+$wil~4g9C922
z%klAdrHFEyX@49FzAFOzpr})#KCrdSIJaUDue+PSw*;LtV>+p653e|P^nYLBUMWzU
z(ayw9aeL|rzS=BSFEE1)QF#35Ko4Ut{jE>I)&Jgw3iCu?Z%g+b5f>XEm*Pqu&lBd<
zJdnc^@8$=Xde#$%eD1~psr_D<qUZyAewFBtfYmnBNR~GaRScBy`b>#l9u2ZET!wpY
zR?+XmIs$yVI=qI<@NlPEUqXxc%b*5R4R2<hOvT;yadX5@8ishDXV4yoLQlKYy&%gW
zxgb3vr2lQzQi_LhqqAoQd$Q%t-JOgDuiS=vPpOR@M{L$180&`ua8eKwd|piipBdnb
ztiNC2aU@$D^3FHeXV@z8r+r@ZWO%~0fl|)Zc|Lkds_W~0{7b^>LG+s?im|Os*ZJhM
zbFeE2-Ta1dd&9(t`rTU{M1{A~m6;^ash(V+&rDyU3e!vv>!XTPjI_B7U;BnzOB}nO
ztgw3g8Y(GYqHWXaeUR7L4H26Zh7||)wD42F=8=~ib1_^Rf)U9~e$8Hs`nD4_wc}l(
z_$fIbwOE|3J(+f1sw*=pymUn##?6S~Hjb>bJn*ouLmg(S(Kml#W&N3#0ce#XgFBcT
z1~5;!j4`n&97?8+WcNVC(tcCSx--`mr}R%S+nIJRKMi|bp3%7X`o3xV3_|3spHUIr
zn8oGbG9-(_%e6flaT|;J^mWMdY*f!Zg)4m+`TZ<E0Oha=dDdR^R43;wD*ePxrbfG#
ztX%+W2pmIy-Fq>&e;Ru}3hV2O6k>NkX*;Rvv(V}pmJ$hlhnJ=3f(HA8?LZqPw3D2s
zg=Lzb64vtUZG4VruIUOm2aZB!=M%2ok6&cP(%v4N03RbE4F&SE$p;?}Vm`Y&a{R&n
zmM{QDjG9~=IEt0#pX%O}s($uL8YhOC@})d#gTs;bHbb6Jh1BibifCHCJ`C={YYY%x
z-zOX_9r9fBALP$V2mdP>umJrfRjcurk!@64pU%&*W0c_H!2YQ#zE=eQfmu7J(jKR&
zYHg^a04yc@zrk<r)VS~JqY8Uxr7E&lqg*e4z8d748?WcL9e%HbiLK5(mG1vggCF&h
zelkfu)1DZr93|qjmM%P1f5)cez4*Vk24xa#7a0aT6qqQrXw6nEW$Ye_V+t56zY5%u
z&}!bd{bDGHOs9%wMqQKi`TjQ3w#Wfm7bgVmA|S1myaKx-B_471&TJP?sdO8IK^g40
zTAV_Yoi7P7o%}xD`TG)Kmg&Wo-bq#RkJ}|67kwdnx4x;{NGLa_?rIbY^pO-zU?D%t
z`7L8M5Rc?$^DeIA&ao9r-~$xs>8!wRBC9<OI|p4!<0WcFAwu!ix{i7JPFL%=nXlx5
zXaJn6j`SdWnfHlV<CwkkU>gt^D8?7m&{p7sE!wM}X@99K9!iKsTOxkkAk)(~gR2Tq
zk;r-B+45{$GjJZK+$pp4<wH*W@Y|;_)XK!6sghtO<3%!nn2$i5B#6jSyRLot5y54W
zcv?D}`N!b5I)1)PC!y1JzAcO;4K@C}{GR1V-9QbU#u8I5KmR7}oWcU!O<wxfa<iq=
zH*qS8@Z_9*45Sl<TDA%C%)x$<|6OQ~^dV=)G4R<>FbV&|#_VJUI2<33-?@{Og~IOy
zDQzlRWbggox4o!r1L6jXynD+J@~?oAdK5Wd6Z5ABft+ovtHqTjCikIK9z{KR>5Fm2
zn@+&bYHlSr3(e^~gbJB9Kt0c9q+aGA63=|Q9{)M*NH!Re1$u_@SVORJt1O&{@K)?U
zn>6Bh2dmTfT{X?>$zX2d-R&18SXILB6a%C`H8W<du=U#y5Ce312T^??`}LX9>2Hon
zj-f1m{q@|w3)l)XE<Mf~X}0n23&Ce|{)L(ntkN3%l^^ndTj_c;5VwL$-vr<~5>yXh
z6CiLbUNc&<mxY!!idoxS><h|)QyEcPDucNgb!-YJeor3g;C}_WF0le5A9=r);F)kr
z{s}!vYn!@+$UfUsYK!wz@E$<v-PpTCw)TxyJtFmsmN8e;HXou_tTvlZ>tRwKSuXn*
z=*(Q@U%)(0Es(T^K>#1U*-)S&H1uPbzevMJCMYm})IF*WXX{{PDqNuQJwnDaDqFI=
zI*aQj?>At?y(u5IBV_$We~Es6U0KGj{3m;F>^R)6HTo$n(exyttzGRlhTDAqyRQwz
z;+2$fQwVXsg8ygy_wg0>-_OyA$xhCsadN(r-KFgB5)wp4Q^LowJ?2xdL?JlhAuiU{
zR8qbkM7#8K0KkNZ9b*-gUIQr~D^fG%@6{A6dJg~^tjS4~jSb|c`l&mqaQRb&H>s8m
zC5DI0dX)QzNk6}MLXxhSMufQfELXEGzpF!X8H?^er0qbpmHgZ!uI!MQtD4CN3Cp+^
zC@7libo&C@bi!HD4AbFK7%f$Yy9CMQj9Z>c>Un?Q4~4`Nsyu3)IV=KUcw#&{MM*h2
z0+%HO3#VP>nIJ9W*}wNYsSic^i35kRRU8Kk@lw=&c?;z__Enjo3$sNjhGQjEKoZC6
zkp=zLRDzHWoxRY{_i3NRL@YWuqBr2116QCkyq+SIj|CusubX&5xkvkbMS?WkTI)!u
z%$jtCr^ycQiM3rrluM0SXi66Cd_dj0xa*?g7#qVMm%L7p8Zn!Gxvlqjv7PD0=xXnG
zlZBKEsKD32&a7OdI2~rIz>=q^mc>;$)*!Rm4S<T|&f#k0eMTUVx^@qzJ&j33I1ZCv
z_uLn{-2tpu%0$FfgeSTt)X%QO%cfLFy<HXVxpqwIW6O)~hs;*x{2i(cTP@Kk4M_-n
zZ(I9#+n8^2^0A>SA8!a?zgTyYx=^zW(w%>P1!bO1%B|;5BKKcRnna7*IXTG{NcIAr
z-Y>5N7N)rTuse<cKnKVXTgm&B&a~GwGeY|lUO03q7$+H<FDHxKK&tdn_RqXDd$3qS
z;z=IV`Ed-ei*)ap`qFlg6kU!;>#!wUP511B6dc|<;Pkxzu^qIN{?^SLBd|B_`Y+z7
z<-E?@|Gj4zsPEVw2TU0l$}j=>c{SRCfiHB5B_VD=ZGrldH>sz(?XL}XOxKEYKS<oq
zupNuWD;6pF)Shg)ae7$whs0O19*OZ+h`y9JNR!!mm+-9{a{2ov+z8C>IOSRScm&uL
za8SA@BsUH5XD|Gq?9jE(p)2Rkn{6?vCrI9Z(7;_Om1dAGB}itm-%^*v(5c)|Iwj`?
zl9bReR}0smZ{o+LwlX}{8f}Yam@jCnPu6vpvETa+?g@KL+{N%%2d!Mu2tFit-d3XN
z#NvTz5+Ksh7uRsl_20lW)*Npv7}4AxFC&3|(%cX*OJcrftvx%SY>zv;I0nBtQ$=)l
zxq`17(1fRT<*@Y;{(qj6r?#^KiQ+`9(&4rds@;)yX-YyM^BuWBw2)+{{Lfpk!aoSI
z0A)+{@8O|1O=K3W$x2kn8iJZ-wv7e!yNE51%+OYxa%1d_)1Nqhf(zJo|1ov%>Clwm
z6JiEO?u0{9maE7;Vp?~2Vn6wK&9U(;Dd*I^cHy&X8iwf>Sw@j*;ZV2?DQ&N}au&8y
z9+>|=l8K{S<Fshn%}p9KvcnW0seSr-RoM}kWz4GGEp@Su?&BI6@o^6s`y-dkU_bhT
zD|ejG)|;S{aN>=(Q&E=Ly)9a9U<Hcq-Bze3+b8T!2r5+iEcJW(IXExvr@gc8+qN`!
zI^kwf*kKR7l=O2Fy#1k|!DJay5oLx3Hrp)dC|hKKmbX+sc!`K){U$5v4qZI`aMTT{
zrh7V~PfXt3MyR<io_%^#<+c*XcE44}6BSZuIq~bH(0A$ZO)w4SCz$%E`+9Qi-Bju!
zopp&zeEmIt1gC9wK>&HPqq~t;OOt!C=D%&Rr#2KN=|6Y95p9u+vBN^BJTluw!fB@e
z-m&s5oK&l!$5dZ~66M~3xq45nwc8i}5m~}zk&B*s@b;Tgu8Qu~YyFnGR@VRqdb6Pc
zcdumwoOgBBJym6(W0mS=Gn&&Hyq-b*#mBW1f!&u#snWzRA{%WszwqE(D-J(P%%&3E
z#tnQ_d_Q^kpJ+Khi5mUHg!Z=m_mt+fVV7D@Nj_7*tKj6~bnQzUwmDZ5QTW#4`a<jB
zYua&%Z9<u*yN14f0OZu6zhAo0%@}n*B=A%!EX1^d(F7&WxQQ2jkUwMQRXsw#Af0wp
zE6jcX!XCXO3=M>F!lPm!B(<--W^;4Cw@>|avQxD36JQM=$i*M-is3fNB4{YkTiLT_
z@m`XCW}QyEY3H{Gyp10`e@Pt7`oPJMB(&+AJGv7SRkA1C^mZo1vd}Xs&ATac$2JE^
ztFz1a!c;3_Dg9m%`OKX!{QYlsY}IC_RD*8%<zoRa5|)m#MlBW%o*Um>kM}G6y{>;Q
z2|vwGA^;PZ$>jTYYrnSWdY3r!Zc@J@+|`@^ckLH*ZTPv%P@Mg=g36rMk^Z3$u8GSv
z1yP~*vE4S^Q0PDS=eg03f3|m#Gi8+&o(s;&slI*t#!Gr|B<10@r`vry)hW(XK1K_-
z5)ydjm+7l(v}p(#wOyZ}8_vIW_HM{&c|Ey_T-C(>?t=WKJIxj9(g|&EX%Sha-QkV#
zIy((r0K#tSqF?EKORk=!fKp~&RHJVrdVqYT%#WLK;GSG-L!tRy+dhz~{SD=Z^3Kwv
zr5p>)@|?Wzc`|;4?EXM)S@b^%<E2W$W!7%{>!Cqg@0;tz?ei-Fi=zYQ4<ETZ62$ay
zcrBI|jKHcKLn-*D=FflTSoytHsWN>#>9YN}St4&;zIk_$A%3OtulkH@{rSzxxoG`Y
z!h*m^#FZ%3Gr!Z<!f=rIyAJ&PIo^Y0Le8-pvgkwtC-ZIaF3oB`tr_KG^<Vpf8+#`6
zaeBfI0K&=bteU3H{_Q;5cK=mV(ko^DExf5_F|$N2(c<naZ?9^2mEA#39e*?t9(#ih
zdt(}yXQHh3Kf||A)fQABnO2WN5>I)0yp!JQz$6mN#H?-k`3##t`$QS%sP8LjfyC6R
z7|df)hAI8+L2}X1MHD$PO)2rcEwA^$j!mG;k@pQjw_<usqI!dL0SPIkqn_Ev#|vLa
z$wXPOnnMo$oohqD(&Sr1Y^PE&8?K^8_6DBP|EaUIiAn___8&!|K_*9CI6agSVcM5i
zw<G0yUFq__x6qpNwx@}3V>M<`1qHFzN3INH(*>GVSY$iiPD=XS$_qqWPJVx3n2)SS
zMK+}4g~!#A(RYV!rLMx-lrC^GA0&<4-JG)n4!`^=(4eQ8b40g7Sj0qTAYMZJ8uWlw
zKFt38pqg`VD+}Q~yP8)Z&V>+3pp~=A_>Ei#Z{NnJB3(4G%#O??Y1wm+y>&;CIvTQP
z{W-Qjyq~GP;s5kblnZJ+!4Z*oX;1^V=yFi{Dlqi#`M7o1nL>#+4Rb+qouvp51eD8v
zH8)W<sUZvMtSm4+)zU3Z^S@CULZ56QhZxpB+D7BGX6{XxDJqd$cqa@Lx#lDyp$Oce
zy<3^%NWIQI=2uoxRaO_~IjUq!uxrHdnqW%0&<U|Xdt76>aeKNr7LX`&b?@?UHA#(G
zyw%n<Dqq{Tx2sPE%G8T;#7DDQR?4hn4~6Ra>1w$>i8++8c)JMTorN7cApiP6P1tDq
zps4;b1({07NHeX)!P&G|_I)aj$AYX>ez+VxYUOR;Y`>lkSRj`)pd&J$dJZ7%oCy>$
zcBpICb@?At=UN3~UxFXB9XwPa*C-kiFsEugrkb@Crauz??6K4_7;1b}$+MmhCqz)(
z`@SnvY_09FMyg)zFcS&FgA!Cu1N5gT?*L8R*2?CHH!oXDIOewO-59_}tOVBdPrxce
zZG-)vsJV3MLK}WB-n~#$vm9E`71{Xoy#^Z#Ci1cCX?tgGO&BWL>(|)t4VAcrqW-Y0
zv*}mI*xwCZQ8(#9B0+cB><JhJ>m&A<U;RmDtUMC*)b1*_D(&z=)TdlcRrK+oE}obE
zK{a=Ygf$1Vz?uu&+1fK{fl}d{;wrPcyhJnmFf-M2zA!@!*91L;7r*H^Wshj+yI{6<
zot<VHgSw1XF+uhNO@j`)6*xHYa@07W(5rJ{_?Vf%p#)`OLCns8X-4%05r8$=QA2tU
zMQzmKaj&+ndggZKIV?}xN;w62P`$<ed=0T6P6*Q^GAn7s|1RF`L`K?D)~*pF^G62B
zT`(w;2~K<NdSU*c!rHpDR!K{Lzo@+=QiXc>s=rx(c6U0se5`mIVUo-+A_p981z}wx
zPl~&%w!WLtbs=1^3EV(FyKg_AUT3@0YhN~ioxU4LrChc~6k_{Tx<1|4Efyg{yyFJ`
zB)Yf;yFM4s>uq~(UG@BoqML3&9%Vspf2?NqdfFaLKZ;zp*G3EVDRRxGhjL81dOP!k
zC{KJxHg0I_ZX@fIv*Ngvi&s470_HVrWzWiw@GF?%0<~dlYxKRqRl_drvJD!MXqVHy
zX14~OfetiQd0fH(ay#IZ9r)m}db<>1v|p?nhm3o*HUGb5uL5FueKGoJ@yNN3#jXTE
zuWHRuu-?A(KHGXMJ*>a98vw59T(f!)P{BHaL3LnYsMWstCh@^B_nINZ!q4(&xsK-(
z58fd{^BbO5DZ0Iy4JnZMLW!Z2b<P*811ad@i&zQ*Aohp3?6b-T{~*S7L1jBm+VOP8
zH%0O+aIc9kyDX{uVS%=_vWKoB5Ig=KQ*>)^TAC)zo}0Xv@Tu&%7&}`Q5y?brF(!Y;
z3{aV98-{7{J6{5Lu<+%<J2y#Zl^!r~^B4V|VswvMqn@Q)dq#`>Uu`K5+i)Q}&5Rmc
zv>_<aZm7D+F(Ni-H0jB_6V_fLGUsh!<H??`YDj1zq@wp|LGTq=tc(t<F{&252=9HJ
zAojnPpAU`R)%Iuh4r)L0jicU7H{#q^plv8OUmHW)eO!XR!%_xYpeirLuIrDqRIGA)
z^gYuL>b%oA<Z$pu9L|<*fWQnNAO5H_(|e7O*I->h+-%eju^+`k1t<d<hY$qPE@8>O
zL@L%*@RhKZR@wbUxfTXidxyRGHK@U0B|5{I_aJ)sl>XEyS2qpG7U&X@Vy<vX2v>SU
zP(^{Js?c_zGqV5Ge{&{og73kgCY!-5R9ZAtbveEK+6D}vq?5?3i~)qOTiVNM=y+L2
zQe&@?66)SHjS?YUe~0Mpw))>#{~;;189o-HBd$q+s24xLlz)?KP9w#jz>Fpb+$M!%
zgY%lhJ#*K>#~*T|!(R2zV;I<e9X~)j>i1hQ-QhNgkYwv-o!mYfILTKAq7F3KfQk^8
z<MH8dwPUit#fJW^n*eRuEq5HCfNE@D>t;R$tXDnrB{eacAhPtm;FHV*Tf>*V*z=70
zs~^pVh^W+ic0Xt!u~22NKz+itwzsa|<5A#cYUdc#6wBD-X5>Nku_eCz*!u2i<Erhv
z!g(UfR$;iC{P0=Rgjo4?W9D`hFU{QT4(NlDc9fmy`%SxL`tRNZ-51+fS6g;M`WGUv
zeNkwihG9rkn34vZrN)CPJui~9eK}j+8L01Pt|Ar>9;yL`>uY0Ps~sXzm|C1s;O{Wq
zH-aw4Xv@D@=jHYZ_h^d)il$PV$_jl}2mb2YvQZ{mZo$3#5Fi%=A6<8Jf`h^{f$={D
z&!KDVbkm0yW**iMF)t)2zseCF53!m%U<=LwWu75@pupgQ?eA-K6Qf|2qj8Ri1xGQK
zbQBZj_kz;UqyMO1eF!UgTq|k9zgOy=#xmaMVP@D>zdOj>FLB@(W^V&s4;JF?bnw6y
zFH-}lukBQIO;XmtL-Qyb2wfZSc1jZD_2ri_OiK)1skg!WQ-}I}w`4RuE{Jiagi9V3
zZFUU@DR%RuSFS%UVC(oluh;gPl-Pm{c>n6v8~GFA<=b{#+mm8{oACY6qJ<7yo^DK%
zi^#~IBc}GpKvW7ti}T_jUf#B=WHOLr-RF8JZF-W3dCeEeJ>eeoZ1L=Uzjvdi<F#ND
zU1tBaf!k#j20y@dS12?3P#NPyY-?Zaz7HzPKjnu`ADa2JddbADwMSg5hfHd>3r@Y0
zxLp_=duJ$!@nixcvD4LbSoeha|1_YCH&w6AdYJ~<XAB^opW7m;dd-02v$iay>jwB|
zXY3^)c8F9XhN)}AR`t^VY=88q$BpYsF>}oOsXiYiUoD(DPKME&3Ej3P1mPwG+VZ}7
zn?m7{3dmmV5YJ4C$;`G}l-iyr@x@|davX?iEUbpFT+-W{FKK_}#c`rrpHL?0oKF8&
z`GZItv+(}{9~a>0qo;=|040zKPDr*SZ^a$dh0cD$Hu!grvoA2LgDLR1kDF;XNbCX(
z`a_KG4jaM4wmDOhLiuvRHmEpZ41^o-FH~HDWH<6GKm(=sc{n#iJLEwDQv{+TEIF3%
z35>UpAw!uDK=3*`hf>3i(m*uu_DZ}nh;qdpi~vFSfHgD&a6fSrZo@J-L0%7l2Pmm!
z)`A`n1Olu!M8Lwczm1#9I*0NDZJgE|OgdM`xFp~@PMpED41^Pm!!%Gfs7L=HG~mM`
zAn=Oa0Bj4QDs00il=8eQhC=V~3-Bzqb0{E`uM6CIOE5yYlR-1octd!BDZzv(tOGD8
zJmlU&yGw!*Bs&E(!I>N1F)V|jY%@gMLN^>ut~UC=b7-|IK({+^Loh;&9|5L<#U(sJ
z!*>86m_swDdy29<K3IIRs|#Syr!JVoxk^dCGsKuXLixS`o1Z+yYQhe?KrhfZ$RJK5
zYs07Ggc$hxkw<|k@Iy1yg2cy=D=@=0*n`hw#RyaZs|TMegu@_|?*jyV$QSxRD8L#x
zJ?6H<L87ZSuslOZ_WbhsO!UDG1P}x`!6)DYG~5CV2NWs{!!-26EOh??ybBQ9r)WaY
zg2L*I6{Es5DE&Y%z23tw)DJ`mOg(-J_uJHRXE4GOl>6Nqfh4p8IW)s947(ZCg4y$f
zHPAs0{JfN8{>~2rIgtDSv;a6WS~N&3-j_ZJw?n#ou{UISM(FoxNrG{Ah9Eov*Aqkt
zM1drX!#XqrFu20l&jc#mLhp~mCzJsVlrKSGKo5w)QEwiHn8O<6H3qP9D|a|RC>Ssx
z2ep3(5hhf)kYPiI4<SaBIFaJPRUrn3__WQ{CXXLMhU`OOpptR0LZ(!?G9{uaEe6IM
z(7_3yS@!yEYsL(gD^4tdrsU-67PDsC*8Q_4sS6DVG6zz);RXLuP^(w5W>v{)n7K7i
z2P}AkRTQ*kE(SsXRFQ34w{PK2<kux8jak!FVP)iDpaoOMergrmrpbu~PzNZW;iQbI
zS^W-flgx~AWy_W&OXl~_-YiLFoY3ficmRSCLcH`5yqa}uu3o_+=uy>bsAl7Q#LO`+
zZg1befj3-5L-#UhqOdkWFwly(ysfp~c_IS?X_+o)(CAWzdw1{LwPeo@*1Bobs-dS>
z5A^ldfwE}_<#ddklb9VA1=qiye_KZ;VlrZ!V?w#A555Knp_gI;TMw%{#6UuZ5v;4w
z!kA2J0f{Qw5X8X`LG-A-*k-%xH7x`hzydk?Yth9Q7h3;hw1KoBhe4|@5h5lsoC{H~
zOWFt$i6KuI!N?<#JaWh(vk3AMAEEp(l&;(>twgIh0cM;kAy{KG7{LsazdS4$NC7g;
z@ufkQ;HWOaUXF`W&N=CH5Ef|KsS-Y{ZXt(EGrMR<%s~nLjUPF{f?$qyfLT+e90MG%
zz&a_d)Y6Z#B*zpZFuc;LTF8+xrYLwT)YMbmYKM#zEy$ytVkTwj43cOhXBbB>%~e<E
zP-&(eKrk9;0U_dJ514g633dP<3_{h}XD1p5#k9a^r<vzidg1{y*D$BiUBM0as#~_P
zCW;gX*dU81t?IR%JZ2n#hFqYn*WQPyQ9>psdfETx7N9O^;;;cA$YY&<#Z5S2QHrr=
z5wzaB0S>HcnZ{gnX&~j^jX73moG!{7$OTE(xs@eGkXTN|MeKo9;g>5FWtecr0VCuA
zC}^Tsma;@PhnN&lg5HjaCYm2$?~}t?<W@qY2bC?T78-0}uG&GFX{H0fm`?D5tY*vs
zBwh>FD7EObiPq$2GfABWrIiG^K_(-5A?Frct<KvjtjEz>rUh{D@G4lQ87B(zUdRva
z#m^?@T-{7rhZ$6wMq=BH7HQ`gruFVzCBFTRX@MKWz)BTn)-h%6#Dr$tb+q%mxdSb%
zAtxEiRmuWEg0&cDn_)QjJa1Q+$$D#HNyq;Rm1M|SMvJk_eqH*-0XaUwGHM52B{<}+
zi;i)^xm|dLRT*ZQerD;y`q4|jN@jAbDMQ%-5})3F#&daIrV!)+U;B^{VL6$Yzzwxy
z2Gzz_CsEu28unNQ9ddxKuq5v)p#VnK<`)7o5aWIwbY1@9H2@QQZyUgf)knl|gMnqF
z3(JrkEbx{<^@O4p%^=4(7GZ>&4Fm%{Xdjk<v5j9@Z+0B?;1OS!za6>&5bfB;0aMZj
z99(W7vonP~!qJRd1W$%q2?Z>eF%5gP;}cPsAI_$-GnS|#8DazkabjYDD69gBb+jKT
zqOim=^r9crNCpD$&;vKc!~{`T#5n)#0gYiGu!|uPMJ<@IjWL>{3^~|gSXxj8^t5Xj
z(BQ{1+^{-=DM4d)H0Ay9xI+cxzzxgb2Q+|zJCF1M3A>A<59rW~f9Ql6u8^hYLP3;B
z@?#vIC<6^HIgk@HVPfuMpgpWX2Op4!b&fdYHIGON^+5#!J^+L@61hc?v;hf*K@1I|
zP=;Ap;~(Le1~YEqlW@5LjFAk-KiV;iMI4iwF&RM*vTz5igyI&>SO*Su2$c{R@=Mrs
zs0Z8O2rZn^0!BFGI+`&IdCoEmHy9*TOpt>zEaEZz$V_G8=?X?-Whkz2sb!|I4am%b
zlHsu)RQ?&zthfRgHf)C^oDl!QnJ57eW_##S>xe@o2$d#uc+5K9Sqt1T;tUe9B{#*h
zosrIB7P@RmX241ggrJYBv+zz1XdpqvJRqk6bsrd^A=X&{!i-R<Xdaq{RJ~%88hJ=4
zR5~EiPq0%b8V!sf2-AZRQ1L?65zk}K*w_JhU<62LLL1zA6`n@2ALF2;4<g%5IT&%T
zr9~<+<N#X7M!~85fGRUI+7XYmAqz`75@RKMAq*Vp21xKi8yK<E&BpZ~a}AGLGvb3a
z(9yKbbuKCLa9q*^whT_4#X-Ws%h-klNI~+hcbl-JC0*9L?8-_@DFcmd+_SiIErV)F
zgHAb=(z*4uFG8r{2r~cVK&T*HOm(@6U0zxyr7m^pFH>S*0~h5olCcM8xXK+P(BP(k
z%>fx4LE8InYz7hd1(;GH01<4MAEb~&6htFg6a3dZBrPjf+3AoMb9JBJ$xbp!69V~?
zqM;iuS_A-)3J?Pz0zO_yJ4itaGLXRsG>B|&p$z2}D}fC2<*|{c2V@~5<QF0kfB<H2
zkUvB~01=2lnEyeAFGt`H{}@9A;y~sR|6|N$CNh>KQesl9feaIVY=5Inu*YU63S`Jb
zlJRUuEhFR_WlqHy05F3_17HY4xU;3lkP0$ig9=2RfdBvyhe=oZ&WY9!l9QZjRrlD`
zrCszvAT0tas5$=vogTtJQgP=m&sqdQ?zE6QO$A8bI@d*R^|6udn^&h90J5I-7=n#!
zT?=5=vv$X?nLTR&P(j+pPWHFKJrN+sAr<AW1d-kG4^E$30F|(Gk;i?IIQ#<J!Hz?-
z|8Z|`hnwI1P6&_z5O4wf<I`UjF~Qe-=MV$n%f1eBw*LX-hVR?o6$ke(%AN6pTq6!t
z*zzyjagA6bBo$Pc_dndR<&>v8-*Le8hb<m+nJdKL46nq@ah`LxRN~p!(D~1S9(17(
z{U5|YZlIB#bfqty=}mX~)1e-9sappEf<huGXh3wWJF5eE^&r-_9`-_Yy^dfP``N)n
z_N!+d?QQ>Wk=nD#cDK(xIB@^E-07b8xY)geX4m`Q-NJWN;vMjXmx$o+NO;39z9ER8
zp5N=33YJG?43l>Y%z;yRxVU2sMdLhN;vj1`i=Yx)-jCy@2l*rZ;@}P$_(39IdWyWB
z;Fy01?H>|*xM;divyKSw6XN@bR3i5Do`K}&e0s0<UGepr-Owa512y~nADI7eh|3-E
zR8(RN)W<ayVE$q5`yBg1w*JX+J%&n<UjW&!zWN!he%&V|6>&hn_`8n~?vHsP9C!Ia
zenI4JPX7kb{4fq7+~LCl5dQw5(j@O7#!vsofd3N00o~yOaShk(59TZo&V<bLegXY@
z1NHx2NA>LGKC}S(T<;oYp!2j3_8yJexXsLF;L{GG2B|>wXwU}7Kn7oM24qdvQbE>+
zKmbI}2jh$ifUx=mpwik;A!<#{+H4134+wLR;(nplhM>qoOazLM+p^FJ|3SpgECL2l
z1jwz-wvY<kK?G#&<|1GSsK5*fE(rIn4c~AM%`6LNO#uD?52>IMnvmP7FbKJA1eb5{
z9%39+tq~pZ5g{=WRShwouOTX7#E1_DHIeq%3<kUGAlzZ#I`IWLF%?)30lBON#}FYR
zfaN?44K=a<#$d!ovG`sO_z;5h4q^y0&Db&#77^kJ-7L%+4cCnA6oqdLZjH`F;1vIj
zQ6Yp+2^B)*MojqTZ{VB}<$Qw#UB?6yA~&Xv>1ZGk-LMZoZ2okw6k$-!+|UhQkQ7<5
z<j@QNMZnBN?-oVO4LwX4=MNz|tPI~V_U7;)aPc7Wu^xMoAdAch69V@J&i8QfArH|W
z-B9|Btsv9v5QUH6Xt2nvamyZZ9)E)y8OIwDf)OP#B~>yKDKP~bLI!j2*3ePN)KU9F
z4+^&|9pmvP{ZS(capQ1r40BTUc#`*KGR_o|=4=o6cuxRq5BFxE2+7aeB=QDbP~I+*
z;-c{oi_#+}5+w62`9?Ak6OU+6Pz4tv4(9O`MWFNI;0gJ0D95nP(kvipQZE17?H?-P
z528{pYfUH*!VBf?7iv&1g;Cx{j0NFsC>u@4wh$UcAl>$oDLoR+ev-=~O(A`*FUKIv
z+(8gOjMEyk0V%FCQBL@7QZX|!7GEzf_i`J_^6{DvS}HLjW?%pV^B1zP31{HL;%vlv
z^9B{r%LFqxYcJm-062#;IoHq2q|Ysr^9E@!-JH`n{ZYhB(>Q}O&T3604?+(~k1zqy
zGR^GP#4_RvkPMgcAKb9>{(v~4vpW}}J;&fGKdmjptUiS^FzJywVYBRJlkqkt6O&S}
zNOEyZQb6wo7;)`99qK^QCP5W+@gVeUBy>UxuR@FFLNWC3G?ZvKv_t>%?n65!L`8J&
zNR(qt^hDb(MK@+eS@i5&^j=^zB9d&$&}z`c<HE>56G*}8V)VXd)Lv?IAy#1xjG)4x
ztOI<2445lOO>0Q&rAQAVm8K2?lt6Ky6se>XT56OZ;AOgupbX~gNsZLR%D@PojBJ2(
zORuR*p9Mzqpr1mZ3pAlk*#gP7NhZ3)O|c11oyA1QL6kZGul8dc@?d^mAU6HfegG9!
zLUbJB#RRPBMH~TQ2u8yiwSyk@R5+9$ULYpAfYn@N4ekR^7f1FswNp)nL**bQDs@ma
zAw{&HAp}#*Jd7=d5I6)8&e-A**;7>?LOd&CBNL5P3xz{xqzwN~B@fJmRL77ZBknLK
z0wdu<1n812YH}iMPa=#J&ybZ+E|eN#0#(C=A5z3jgHbK>t;0T$I6tff$t(`uOaNR?
z)9w@IysQ)Ja}I5f_zvzZqm#?XEDrax_GX~jXt7?GkzsF;FPkyUfUq3{v&`s{JO45v
z>TzJxtURl)9(8dGGgc47tjk0UH?i`}I&TIb)-PL6J3q_|%`98tB3uXMLP?>DoMmh1
zt05!q8bsh4bWiu*GvXvI#JKGb1}?<fY!=zm<%BlP>{a$g(`ow=6!jGj@sbrKt<ipA
z%+gKzBF+rUZQlwL7NeH<d`=D(VgM^G%`9^aZ*DK8kv;!Q&)8h96R!bf)wTg=kZh}#
z7V)z41o1!D4kE~PAj}m^&~+ft(je1J1i~!#lCTfoQCgRlDjTiZ+V5M#G8o@6A$ZQq
zW^ij`G4@pP8Rridk#ckUFcrjhH4}o<{t+;-^55hz2f@!?sZVl+HFkY({&;c~XL1!|
zv1S>y1OpTyW~5e4r3}*IB@NQ&1oHSa?i#@|A~h}JfDKp?f(q7C6jk-jN-ua#*DmQ$
zb+?Q%(`|dN*C!K#^~fy~aSwbOvh>O=-T2bXzH?sx4Swg(ej&GbxAiS-R!m$qCf0&b
z93dv0cOin(7ID%bv)30F()(nW{*0{{ul8wov2_18F&@`(8E<lRjjbQ0^*fi*SnHPm
z7&IH(@c&S5^7@eiVGYgL)`Wr5E{!)74L9y0f*;^$0GwcP_hT+%A_NvUf`zQZz*l@J
z7;-~Q4*f9SWKbZzHy153Z&mdzbCB9Pb_<_Sa%FNT-60N(@Eq5-$m+4$ta#R9uhE9!
z)4W%XYc~vwunu*X_2kgmh;Sk0&{zM>%>J?;C3g;8ZVttmCS@&S_bz$6ad{D<9h7B7
zjMz88G+t0oRjn`60FdNBx%zm{`#5g>X4n$J?~@l|{4h{2yASiS&-xI8Ua8Oa6p(v2
zE)Gmt-PEs@87-ADuM%)G1cUkh7|@lw^^^a7uUmO8m|vNK{~(zI50Xn#k`V%lV*&!S
zpl5$$6|{hwl;Dy#l_8{W4l#K4^y7fT1V&dus35=y<_lUS!o-}QpDaKV#<?vzjtb71
zBC;3}0kka^K}i#Y2DD(LB5|LZf}lG95ac<Zr$?Q^gi8M*7s!C1mo5afKwTmFh$I?D
zDEcH9p(&QmpcjFfJ369KIzp|vB65Kg0D%m`Lr1fN$_`CaQ~FI;+Cp18r*rP3UnHb`
zn%{uhMTB~&!L6uU<fxH4*_66Jn7XNt?Wy@As-@c0sCqxF`l`Wor#G~x!z3LZA|AN9
zXtG*Awz@ZX;RB?g8Ww^cq=2o<x?}&&IyllgF8tsFJ|G3$8X@3XucctFIi{|G<F4W2
zui2Wc4<fGjy07C`;~)@a9YUBV;`0iHvU?-+xNR0o57`L&Hw=3rAVVS$TMEdUvH6-I
z3YN^;%ySvSwHd-%BLcQ30=8*ebc;_3k<YWe8brYwE;`{2Izg-<qO?)lv7t~StML#;
zPKK-R<b)68ATa-?+lE0g0aF<O8PEb{x%xJ43}n~<qucT<(7Pq?7r1ZBI*{Bl5CBDR
z!#>+LLR%p^0S)Y1xQV+V5L>TPyCE``Wmi)W!PnTV(Al^RDI+eBZ?3?#QpAez=8_Ny
z0ny#u^7SHMZ>jAu$FLsD89DzGV!}hr%x1BVhhV}7(Rd5|pPehddxJx(AszCe6J$Ie
zszJs(;U8+e6Wlt--CD-qz`lVT4e+}m;voh2n-_AA4DEF_N3jKAc-D5+&6e>!oe?7i
zIEP)4-VX5+*^~65w#hqB7@^!jg)hV`&oE{88krCkeT>E9;zIl34PG3`)1eyf`yc8X
z4Q|{I?EA)p{Lk+jxe<b~0h=BiB4a~Q%Z)c9>-IZ8jru6^kh2mReX<MnQPB<Zj4R<b
zZ;keR&(j}$A<Ep_=1_90@^ax8t9!ddfBP-+9LR-R&<CBr8CwbrUA2J~i^mY=W^H&o
z_RXv^ArRckeX<yXFW3KtEx~WjDZleFf1ToF7x)^D<xXAAecj0194_WNA@V%dA0n^!
zniq;3u>E@o%B=@ibB@)G4qfvPe6Pa{Gc@`62{rtC;rCYO%{0?ZDiLlMiILsyog)=O
z-=&=))hx}yQf~E<X6-B6-(uSlLdIo%A;3KaZXCyrT&@@5AJ5F^^s@oW?EkuqIX|8k
znGrjYQ$7>o<3Ii%XMj4}vii_$(-EQw1v&Xj{wf2rEs0fX;cUcOUSIoD7u$T*RkYPz
zWUcr5;t!%4GTsjadt)5lEg-%k^4j7T!s#_W>YdN%Uli$EgdY3=$r+*={2;%%{#mBJ
zEvi24A8PH{qU~PY{!hK0M!|mWvAynz^zQK<zV&`e`M&QP{_nli1Xl9!5kK)2fAJZ=
z@g4v1AwTjZfAUk(0to+E29>5YfAcxN^F9CbK|l0GfAmSe^iBWtQ9t!nf6#J3oQWnN
G0028ffSg4D

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-designexample1.gif b/windows/keep-secure/images/wfas-designexample1.gif
new file mode 100644
index 0000000000000000000000000000000000000000..f2f730c70f94aec61ccd98971e60ea3d87b6ed23
GIT binary patch
literal 30091
zcmWhz2{hE-7yr(}%rM5-ca0@mmdO$!24h!^HESUXNo0vq&5UjALlmOMzNWDxR2pMn
zlPyUak|czLq~HAef6hJUecnCq+;`qR@11w=J=fCOLhqyx1C#*@1prmxAO6pi{*8i?
z^8Wx}^X0LIfObBhT?E%ohiVrAdgV~PBKSWsEJ7L<q5lc4$k5Obiz7(lZ=><$g7{)V
ze2pl+7-L70v@4gitJkyh!Pu2!2sLZ~fVz##6UvncH5lhcdFMs~fuQ7EV`mqs>Rf|y
zYr(putGeaOyEU?rNUU4E8{sP8&sOzn!Fxq&d(~@uHDdkSasF98K0b#2jfR0mIR8fA
z_M%`In-G|wceTUtYKK)|i&bPfF0z-6#S+5W-6C_XB6|rjEp9QzKrTBnG7`vVyTx?a
zkwyumK_5~vyol{jD)%9E_>h=}$!zE3ai8QypJZlW0y7~Y!7Y6nQ_jAc+#8l&@0B$h
znDvkJ5^~x8xwA3<cz#Dr?&$5@(ZHg4QhrNrZtm5h+1vS}2Ui10`J=c-wofs8n<O7u
zJRMU!N-7#nDC$ip8V@U9PA(o_PRB>qET<Qb7Z(@1wX?Iz$4T|G$u+Yv_3Yb?8>GhN
z-1_O<`q}*YX;RBZWCy#bak{8+Ho1K{p?y2KePgybzp=5gsAYD(oK(}&Tii0A+_78U
zGM~=e&gx*-v`?oq53-osHSP0R%-#0(4$>$)pUJN8n9uFqEoUw#kFtw;4{`_Djm*XT
zQFielyJ+;FXq4UFyI3>G&Yxx%kF%MBvmJxW<>T!3(bbO8<)T@3$LK0^bh&1lJvusC
zKh0*2FEhtCTBZ+b=Gl$2>;q;;{XBbgdU0@iqh+4WoIU8B-ELfD56*6M{L{~FjL&ZL
z&L7Oq&UP%aN9VT(=h@TqtAmRN)AQTRW%lUe!T93A;6Jj=9$!9~Ufv#D{YTgbv(wYd
z2g{4gqpR%M<%9X<?eSIi{POPn>OVP{-eAwKvKLo(7grCK|7kYZ+pDX~8@tOJ2khnL
z<qh`g#=+t?dwKg{b^Bmr`(S%}dt;lu{cpO<-q<}j*xudUJ=i{A|D(GH?1O(`{~vHR
zz(z<~(P^D=Z~+z1etL0N5?anC7G7J@lPY?A@L_*LX<sJBEJf0~v25U;lH;8n&MQs@
z4~#<lJ+ZWkk%xNW%YHHfNe>=mdw+DWZmxP;YIRS=YjBcg=$bU{npNFYGga#vNoL5%
zr%Sr_7Nkhow$#0Ex;WLzm7{QJnn&|VU4H87gO4|*GT;AozPurxe|&zCo?S6PXr>4p
zJ3s8IZ0s5s?@Di<8Y(yy_2+M@;u%k!AR1|1{B}ytw}~pp+7_Lg@3hAz^-~4**WOjO
zg*-XPnXGI0@re<~?nqGNf*0w<)}7q3{rEa^5ho}2q`m#u_nF!zb<Xw=Yj;}S;n<y9
zn6D7Ygd*+>Z#rK6$s9q&WRVPq6~8XF+dH-lIq$LoPEnTfi_mlFdWVxghs2HS67O+%
zbu!=F5_AcW30;lI=0s^P2*wFz8~!{S(X+3}N>-}KlOjz<IA$7F9ZoHr#^6bot|H4-
zpEJzG<Y3$<Ni^ssITyz?H5G;GrR<s~V7uVI#GlC`dP{yLf<<=ypYMA{4WNy)@eAIk
zg_ZVfPkj&2lDZe%@=ZZ)ZX{}0h5*Fe<Bi@~{_-exc?KzM#OgMcdNW!2Nxi(SdZpy*
zY>A!Da=%<MzZQy45-HuO{#MbEzSzU5dx{n>zn!PWlbu#k6ZEiFu=KQXQ#3oQ@H97^
zkD^<+TvO|?3YEo|W1_dXjb{a$25b5ihAyd3)|HM*ljgfkMU&Qp)}LXv!r`}d5n&Yl
z?}Vn*#%ey(zP6P|slEJbjYH<`o7qEE$ND2CcvW1|P7*nMR+86W1IHp#g}zKRlZ2{v
zO4BtJRKyWd-__s7aS7H^r+S>730sJ@Ghy{Fl^%iZbbc8+T6&)t2&LQyJx_aLNE+5>
zKwKmR&gwAa+n0{;J*JsLM9&GCoyG4tg^uY39y0mu#<Jl3@84^t>us;eXpKy@*F`?2
z<BwlNmbt{$q$H1ZLitqeh*K`6`_Fn+Z(a4H21iVcXqw#md!2H@={lR@47ZIlflW?5
zArI^K;f~9}N&T;Web%p$gH`z@f->}aR#Y)kj+<1HbErv}+od<jr98otOXIT*S6f<A
zHLGq^i0QrV-anV?tiuQsJ1Y=Upf+WdvJG%6WhpQ9zj&9-f8&lrrdBgtDdoME6Kx`<
z<c+NC<;SO!s(!qG+c<QuVMHNw{_a4m07OL<#3>X1*da}ig$|zJyv`~({4Xs=pf^u~
z5og$Lp9Z*<AaVPiXN<ZF?`(EyRZB?h&ormJ>$xPw2KrP*%bpfsSsaf0kjVgho;$I!
z?mAm0iu--0P0?~(%??b}MG|t_=PME6NfSbarO9qth6^|etFiOG$i@WIP4s?y!%bY$
zLaOADIT8T3%M4RR;Y-4vLA+seRx10D1m|iVfW*^bd@&Yc{KyjVb0*y)x0zh45)4=y
z8gadiDYliDfDUGo&0M!Kl{-s1<@tF10ec<)70_6>Rqtgqw^*Q4sXX_&w4gdO>1$~h
z;T3?f{})q<H#4Q3hwy#}a<^znj;suKw3KbA4=23U8acS%Z>16ht1Kpq+Jz^}c>2N^
z@(H3*4A^;8r?xNA1R6yjvd%7XzTYh`m~n#01(?JSG;$~vQ_UT3YROhD$*Bx?+I%Pa
zaOzeIRd<7|WB6$KPz*7!fCh5VCIO+C9uyqS22C(b9y!5r0xT>vMqfZ@Y^hJfDDoac
zwfIIY_>q3=$-!&x+A<4u2<~1)+IO^R)`<o{kdT$>`<`&#j7SQEqk)M48lr5!GLZOt
zG;i=8&}tYE6=jkhO)N!4)mXz@y%BzGCE^0FE?_pI?5{DwHyoC#B4tS&->1r=o2p==
zC}j<!{_s4$enk-4XChzI@sVZ%$S9Hv<8Id_x$0^r$cKe!iwac>eiV_;o1Ijd2iNFP
zgChCg#<@<*bGk2;XnAl!$QuA3XKuAom>7v99svXO2cLPLB6ZGAPCD7Zoud_#;w<GX
z<+4KM*c>}|Y!H&D)7h!f{r2rDdu)M2=2@X0vU*~0P=GJjInYh<m|d*6_5+ZT!eutZ
z(5{3IvQw(5$!JGuL{K=~uBa`6?XkkcQJzx^rlKa8<gezLO=c9Fv9$@nqwUz(DQ^y)
zv`Mk0B?4G4b>h-Ho=~NF1vmi4i#<yTs4L|<kxahXT&r_2^gD=zg+)6<63tNzSd**e
z$p@(vV95!hR`k{V^9P?83&yKZ+S5B{@yy8hg@994r8Qi!$edHeXGm0@A(P6wuGFO;
z0VkcNZKj1pg!NR$sA^`qUGQFXK#s`wpfi#wIYGpM>P3iTOIm@g(({fB7I=XI+MHS!
zsSa>Y(DJr82~{;=w^uhN=!w7mxVEf!E;|$r&yY#K_eg=S^+_`Sq|6C<33naU^va~m
zH|K5_SUkbbTs{RszuDzl5gepgVk9St%9vxK8^m=$F!rmbj-0#h`6M+p5cDC7B{mx{
zQ+#=3zVJM_@*ud`@JDii7boWN11t5E9GN!MX-0jGeu8#}Po>0z_Opj@v!omX%Fh+X
zlL`f?bo<!4%Za_~53Vj18<{^WS$=nH<Z?eMiB+%(jHWdvoNTSNH!wD^ETu`p?-cVG
zKeP}utQvrbH)PD-{KI0MNN<JE=HY~bSF1*QIPRJ<urb76pcT@XV~?`GcQAj_AxTMu
z2t#;$MY*ukJGIDRp$-AGao7KLFImfkc$s<X<b-Gx<jP+*jG(~FiyE}=9Iu5@`IiJ&
z@tyH>lwWABAih;ax;yOrwKpR9Oq~ek#KZ6MLynMNc0BDu32FYrHQ*wrDfMYmQn>-@
z8*?E^q+dJrjz=HAVif{j=d*r)!f>(D{#gC*O$RViW=;K5IV)Tobi6Q+7j-T6A$)8`
z5Js%~ym2!r-!8!#(qX@B6$gVQsru!}xl7P>=R_uu2EPGGOX)grsdq-r^TRJ@lzkL)
zK3Wg(hK083xEa))o&Vzw3Efl?vLaEGG`@Y=>fT;Bt99D}ZS*KRlkq?(lI!weiMOlO
zG+U*8A$)Pb=hy3#_|DBSp1Y5iQOK%fOvzS+yRHma)mixqsm*R+)v>&@`K|%oPWy(q
z;%>~H8?rApkvS8PK{B!%chYDxYUPITA>bhqioAW}YC|(n#kf8Lg5{eBYCV^isZf%&
z3itKC^ni7@Th~RUpUklm3C<;|m~t-=H5Jhjd_t(<CXJeNBs(8ulLK^N>}tgptica7
zgueAIi#)t{y^2H}On@6)zWvT8L4`l8Q{lq$G`a8S1xSE+Zlw5bB)Ls6@kDgsG~l5{
zQ>`TMP{(AxD#rWq!L=IzGL7e#C08<_EwPET(n|=STxb(M`#Zu{l_To6h~r82WrB<_
zpdkXdDPrWST(CW`96cgKB+(ZDM#_@2EQpG&$%(Cr%GbHx0v>prdYgAt!!z%wJi%>@
z4Tg@y%-Br-1bVTQc#1fqEV)0zu}?7g1wOWF%R!40(oc~M9fSIYCivnmRW#f_o-01#
zdg;{(=rl$48waE#B6OAj)#1A{D0_|W529mJt;4u;1URNysU_4K+!$_w-6Mnmm#K5a
zE9T*YLcWkHx1nh907?oaG1iv`IvNmA>CHnT0sZ$?2NMw-0-S3Bg4aWx^DsQO1H|oh
z0V*qg-<9G^&s3Yryx8aJBVw0jMIGwlP{eX<M#=uBh<~zjA+S%_5$^l#PQ`3EUoa!W
zhvjql(BUDCT+@IG59Z>a1M-cxq9!I)#G3zbGfvf;M`GE&A%{~!6holE#mCMvT|IU8
zZg71~P*1Q`i@C4g!x04W#xZihjWOrokp8|adF51JZ^A8WE+^vITgh<QRy$ub-~_<B
zb5xo)kzYC?n7BAEoPwTauAB^Ss{qG>_pKS9<Em(sRJFKlo*Ux%S=C(1>iukHPIy`W
zeJwrfkT#7Z7Vljh0M39wI58Oy+-CP~cqE=RphiLoc7s+x5(38c?JkHFTg{J5CkT{T
zs((!4(%u64%<?e{JW&p?9TAKtL7<P7s!S%nW4}$;s6JtFj&}^BxwVOG)q>1K$a;&p
zNH6=nZg!gxNj}qS_uq}P$RyQ8w5SjxuD%udr2(+KTqNm(%!xy^?H|bkw4KpBoYkuS
z^wenLqk<;xEdr_p%DM2~fkW&9*E=ZF*|BorZe=l*?-^3N0UCdin}s_WNulwBxH)ce
z%jQej(lu5$^92gz{WnkQy6{eJMzjFD+umRy0K?9?wFh+^Z1(S0EK$D^Q^7|_LfB>d
z7rttXtzATxBmv+c%LQ*m7hEZy3}T`Uxd+Eg$HBaQmxl0{X@wV?-;}B(BKH7ZJuC<W
zb{UQk-+@A~&+b)r!j3<%I~Rp`#g?z~{#sspoogE>AT4gZfL1eQoC~;#77J8n0gtM~
zU^+6q|G8u@4#*n>Rt+U^K5hcMaAmh$k$Vh;J_C7MrBbnkXE+?p3g?;yJT!5nhwf+>
zn*9Ri3TPZ6GR;%{7MiU`42qWW;lOm_%k?=pyC*pIHhFHtky}(QeHK{VyY@~>EhwA2
zi6C$tq4SmiyIE=6WrIG%*ch?$m1ViM6cG~BK75rSvFNH_U;L9}u0Vw7@09G4tv$CA
zs_b3tIz=4k;F>CE$X_CA<A(SPfVU09v8YnN6jTr4=e^enH4#MSVe+^1(c26)dq$Fq
zYz<_Lx1i}(O~ct2>~m-HbS@0I<z?;K=5oex1yZI`Z1<XP{go%beSUYsMqPji`Minx
z%(~NpMZIM-NPTa3&eaGw@bnDUn&falrzTCcRnKFO%~s3Lw1c*&;?p+ayI(S2{|;!K
z%+xmU?AC2w`_<B^Oui-oT;tX}eT&DM2HV}_IkCj`35U86`t01F2KPTl`suJKdFvNA
znobxEzRJTrOH*b-Aw<X`qvhzz-Hv=mP*up5(DTbDo8zj_-@4_AamgX3LdXxHX9)03
zEKf6$XMKz_ZKyTlh0=XGbgK`rrPtqsBCBu@??Fp*;@TXmQM5)tZ%}@ai(_i6E@&pL
z{ECae*o8gz*KD&7Y5$ca-U`gA<!`m7ceHSG{l|hW9K1+>_$);8<<@i1b@PW|)s8Kj
z$W?vodP0SciFuAPZ`5_}t2MGQ&p9VUseT-=zkZYiYtQbZF9e65I!vF9z7@G!=Fiy!
z`yJ_D6$Wel1s1PVS{>@J{uh8@UcZ)jY3KX;z9tvmo%gx7V#_zXN&>G=7&Cj4+SdSF
zG)O%p8st$+ReX;}VtJ;DU2-@b8Rmh%wf!qhdd`>Mb}~%+tL)#G(=%2HIxigc0J!aD
z2`42QXly>R%Vw?(G1ZYTcWUKJ7|=c2t}jsJ9`+$*403VRpmL0NG=@-5N79(7j><N-
z7;QFe{!ka{E0_oZqzjm`P+KfiNlw=lyB8`inQDi<Qrum8`W(c7zNv*LZ_rBWH5SbP
zN+;}L&2XO9XAM)hhiA2t!760f=1QHgtsa2-fj-r|iTXk~3QByb$n5?8z4uYtvoGR<
zxQn2qP+qru@k%0!O$4c6tXJFx3jMiNgOoQ@?v&^T@z*GQM1a3zuaw|kI{5v28Wt_|
zN2E?5C{1?t19t*-xaj3D4T&ki4APT}qxE_ASg=hx=zX2VU??0iHmv`QyAdaV!PM;~
z!j#K+(oA996TFGLZ-^AGJz{r71NZJG6154oDd{)^aLrLU28Z8-Au)G1hm+Wtv3JFl
z3F!KD;#fAG$MF7GVJ>$m&A#B~W#r$sX;!HsKcYdKTXwx52r}{uJ5rTZxrgS}116Q3
zy>1LnjrD=Qg;HWHpvZe-TBf#nw!z@Z6srl<_crAqmzzp8HGkq&iW4|jJ*kv^W9Eft
zgnro=QOf0XZOh<vU){hUz~#mm7#bc{(geI1yq}46Rap&f=+{9b6DEG#ePdl#!pIGM
zzy`S9ixZIW<`EfEm}v)o)7~vDw$*dhM%PpZo~m~%8ZRj1NFbtaZcbg3oSr!j5NO;t
z0p7U+@okr9+b^br1bM=rmn91GxDx~}y9bRBq=o+lFHe;A^??KSpbMN@{SjTeMfl))
zWd=+hKEwK;j+}cZGuQ6@A|aG_f*@XxMJ;(h8+!8ol}aN7*O=tOW1Po%L*bRyMCxEk
zovJq~SO>Tc@a(MLY2>Qci2Yzq9!~o>vvE~wbEM<gtI92U>!aa00VkxQ0nj__R!K*`
z<%c7Cd3Q`+AqrLQ5(G$_7hyWU6*}UWSL+Gwg*>%-2YPEl`iEy9djBA&kN-U)RnP4C
zIHQhR>}cX*Va1eAU#Y|}CTqQV^nt3)$+VI>ZaS*^w4Qzk;`^-^dsx&>n}xJm$O;kl
zENDT6ys)PBTH?Ia>Cuj07LuU;C0>pP8xPc{`MIG~B-ohT`H0D9NX`3zwkh%LXvFeE
zB-a6Y>6`~Vfd(rkEQ!<)sKkC1+86^GzkdJl_3r2=LKF9Ef&g$Qbly%tZ_LT(Pg}9A
z-i$s_3M^yHzNw_GZr4ISv!K=h&n)h%2hXY%>Pt+$c*P?qqhpw;u7NWI#K!uXE-mUT
za0vUeB)p$?m}PbYH3N&^V>iBTKjgYe9X6K)TXYPRp!&*2m%47h=tixtsIS+cic~k=
zpIAX=efv1?)ZN{LTpCrntEa`He<WPosC@L}+#e1Gjro~?fDkwz-&r~sUbB59CDnoW
zOy78GwD_l9wboUjIyjEU?I<^9$VGcJ4>yHj|Ag&vZwTPOrT*P~T??6{{v4R&6~%&P
z{yP%&XzBIGt<F<(19RNL*zIeE>jU6fovlPp>o4~};K+2t=L7*hed_?U?Q!p)9pTGo
zu&9*uAFsc|X!HT=G45V0pnP{m{PDuII!FQ?B>{W{k1yN|{c+|8lki$a!9&1czqIi5
z$GhFUG%$FXHCsDg1VQf>y#H>{(UE{fdGTzi17G**nP(WhcDR)RqrI(=y>%??%hoDr
ze1S$p(OA&CuRpC6sl3I&b+SNO$tnF<7$n#n+YE3%b$oP1`3?5-py{{n4JiHT?{fM^
z@MCBKqwAdd-e$<oV$ea=wRKVUj161k)9I(bi5Irh7HcQGPA6ofum?)jCJ{QI%EBIw
zh8<w)%Cf=v-KUwmQpY&PHV@bSpoFEe023P)jto84O?+^4fGO|BY9qq!lO9KfOC$RU
z6)cMkFbwy$Csan_GT-S(5pP4{QZm%Mu6qiN_7Oocs;|299lwq~s2@}lC4T-yC^1i$
zHZO4c=1_6E$jJG!OqJdv=O?JLE^h|dZv2cFhk^G<h5Q+=^dZx6d7T8=kC(Q-(#T4W
z3^|oZu)zV-BtFF!frv1$2wmEw-8q%N+~$75g=KIbc^TQBp>|=z6)AAq@a(C(oKo)1
zZ}WK>ZOp;~Off>cG`^|)pq%a67+WMCwE)ZUn72;+E6#|oJSybznekz%?8gNY2iS%G
zL>=TqdicbKq@!(SRjVNsZ`co4kE|!X7LP3-|JNj6ke8Bh_Np>;gr~3Yc7ieW#A3F3
z1bux(O>ut<M6#+em5T#OqoI#XS;bXtphsP*`v27!eA8dMZm-ByfM&=V^WAXgkgWD2
zXqXE*=UA%9G>h?RDWGY}JmJ0qVXwa(ltQKb??Czc!!~5LrSDFPd8gD428@vH|I4C-
zm`+WhmdMlNSe^COQe~*AFZAb8Z$hy$Rp<@=r`E9+_sh9hH95Zy5KhlRVv;qHRoq?1
zYC3CNzH*6IgY%bfg);l;VhN~#Gr&7#u*z_F@R-ctwx++nXGF5D?z)wPjIfj9X?shZ
z)%%*c3zLmvf&3+f0h?XwZ?X;^=7>oOO93E^ssIPKG(Fm>Mder7uR$Abh{7XWdo3%&
z>9JHmZX}VP>~v*f$+A(jirj)V6`UL7zCk7F=(ydZq0BrazPHr)TrSEP&sA+QmvlO@
zPo;Q&_^6#{5wN=CPIAn-SnD6Uw5Nh~_dsVx=P18x44-%s@-aT<rpQO%+KFOm?wMyn
zB3Cn#ee9)CFZbQTY+8tqNf(4qOVP$d75wRVAJbZpD!jWWU@ktSj{EbonM;M56*KZu
z4sKs3e$=U06kcE(m4AyjPP;RG-=DY*zV!6epNP0f*<N==TcYa@NMos*bAcXzKVm#2
z6lhyZr_Rr4R21h0e|m7nUg6PMn+j!!_S&84eC-ylUsw9>X+{E0M3ciB{7qVxg3=?t
zO3}v10=*yiW&>c^9OtVF<zCvm-<0ZrMK7!t1%z2VGTU5tD4jfc>Zr8H5!k%afGhU$
zUahK|seM7{e*D$vCP@!nk=A|C3!Hws=P{hP{wo^Me;2z8-#Ig+6&WKS#kACbo1~02
zM`s0e!7#UU^e$)g^6$NH{)AMn@fPOsX%dq5MLr^>_|dQXq4)k~kr5vGkn6kIqEey0
zQeHp`*Iea2wr@bGbP_dfpkoquCjVmeuUnGFo=`b{_j05bLkPZ!;SE#zd`6wmR`uoH
zD@tsq<dg&e5uPz6jhUDrucNJ1qC1fxXhlYq#VMm=sOM=STuE;6VJ{Rbc;{*ucYvet
z6Mls1;Wc|by?FiM<2-+P{J^}#__&uz4>ck_3t`}k=pH3%!a9<Fj}8-n(M*0u(vMWp
zO>bQ9iR)U=a(pDt;PjmCAq@lr=P8MDPfaP(N|_3(u3cKI_B?|^@u-wWT-;8{ef<to
zO;bOb0*5Atd6+jZZlK>bfP@U2G~>4c21}e69Ipqi<6ELRFDsqIYOL8wJ=Rh<!(c#)
z-m<&FF1Q}!Zj*E`WZB&(F*s-v31!gXkoi^+zTKQXlrd&1CJpVAhCi=D+sW{)*g0$0
z(3`B)!=3IUp*5Q^Lizy7=dx#)M)SaFQs@FDJUa2@#gk*Cxp29S_^&cKw0_T5L~hrz
zm4{^<IivgGP9x1YLz<XFA)1U}F@;e4H6uYvpHV#npYd)sROcnK_{S=kp7x-<#TE_O
zGZ&avLK?qQ5Mh4U3Rk%2E^3<tf@8g$kaeMyi-!=Q+x_Ocm8)Fd1T)D)YM<&f3sR!_
zuLiF4$?0T*oxlDsyJ&Am&=;=zHRpxSrTT&dcWGnM!QtXBT787iHl+Fz%p};0`$_tQ
z22RO3-g9t0kmp_j){4xiKbxE4q?;;cJLZGX&{L{EL4;^bE{GIsTIyDHj(Dw11+;jp
z>ePfy-#J_qxPoRHvc<vDcAajeuSC6IX!@HP*i-Ljwd)#=?h3<<w7Y-Hc&Djj7y3UR
zIYjrJs1BR)%DGX#qjD`I@)#-{`9<_KwOhQ7;I_uq1asA^k4WdV7S=v@YM=kfoh~^p
z{ZJo-A|vSb5h5hNzVq2@VyH32VP?~%mD$v@8KM@vP+|ySc6?M93`H{!#>+q|E1mo+
z=yRY?C-NcD*>^1`5Cv6o4Qj%CGIk#zLjBd<N6)LpC8#c~3%hljNwc>z?|OoShP@H~
zp|Tn2iWwfxw!J04b9mcjzJz=%X4qoLTuxN)qYvH>xAOnwzEAVj$K($69_v*MiuE7E
zSYI!X)tX+RU)J~b8M({(v!KT?KoKH77QkvU|Cu&AZ+#RQ@t>V&luM@hhml7TzdLzV
zyaF#<wfj?}Qn+A5m|yU0z^Ocj#XN>2o2UP#p57#n`zW}JdpCuU8wD=Wvm`vd`Jdm>
zlDF6XUhb5iz(^F98Llcz2f*(==NEwjleMy$7~!_)-KNIIs_mFX&fg<Zsi#g5wFwf+
z+qZ~@qY@#T-k@_xCAg6Mm{k;atN4}ey0-M|$BsFb&ij~36tEH5$=q|SPiiea#{)F4
z-sbHYeU1L!`BRQd)-OY$K(=41P%Z3lFXY0PkbUE&%OIQZSo~cAqognzrV`CuI#}N+
zH2p8rgJb{8f*TVc(yClb81Hl~>#vK2gcuwtO~<`P%Akq*ws1>K02L6TX3Ryh_?DLM
zf8ty`9=Tb?z)9rehuS*c2iExjf2Z~;4^Bl*5oPphT%aFxA8wv>e0T(xUpQC!frwnY
z!Y^V)n&0D^0!cFGN@r}0rq!a!0II7gp<6tj<l_!6gYyHrpUrA`R8%_WMkX7V!+p6U
zB}@7%jZf*3O;XeY+;<GrIB!XNhs3TIPd>dipgc`tztDWMC=mRq6IX@dBzgM6!6w}(
zSs+dU?guv@8f`^t#(xgSBgc~N{EE4rY`f_vv`rgOqpYWke-hn;7XQhAvPn?~9-<Vz
z0bap%ez4VJ0E)H}(8h78K)vCiXb2AlaKI4ZL?bY~qmbB<F+&0vM(ZDvIhGItvbw%q
z$DSCxzE63j^@m~;deX5pZqXHBCKo*r1&gBLU^qY;BQA3T-^`4_cDOHc3E#DFMi`FI
zrQ|OHaD*gSQj#LYcum4~EXj4qU;x44PMH}K!I$xHEKamLIZq(Pt+eFX5H4ee@tRE5
zp{tIxai9e|)dBe%(M1B3MluV+K5R14!{G45I2l!nJQN3Jn5YDR^#aI3@eqIr(xVXn
zdf-H7jLB$IJsjSF7za>HdBy-eoT>Sa8E(#4biZq3BH1%9;YmQvu`Uto=uFi)idtDF
zZc}}JLh`OhGrA0+(VBEERKOhviy@McgD*+0oyM_7c*bizLCW_Jq|e6~QeyyE39lE7
z!%Lc8h&THCfx`LnHE75D-%3Fz3zBy)bS~MkDrpm<vnc_DRvFr>!W|3^T=mS=oy^rQ
z_GD6%!su$}a7niqG?0}Ui9%Fh7~}gb1q*w>$AJ#b7$gj!2k-Y*?GN;`5Q^yfcNQ|i
z>ZD!2f44Ckv6NgRp+hKbfU#iLC42sK3c2pXoDM0G!3|OI;20e2XR2`YN)l)VlpzXM
zvNPeKc8EyAFGyNlK>~PsFGZfi*RwkjX?oHLf3nU3{Ia(cX>)ZhIfx~3thA{IaVk?D
z9$tpXlDAgET7NUO&h;B00i4lR33o*SX%-wGiW9aQJT(Ub;z=M$3*YY7U*aG<0I_`7
z!ePejv8oLv$ILQ5E(vOLJ060WMEL8)TY;aQb&Ct657t5l%-`BX3exe6Y8N-_2QwVu
z{T#}npeDR+#ti7SAOvpL@#Tt<Lv+U_ypg5h>5W>W&$TAsO2O3<lnHtGtR!6C$&@|6
zH1hSHX(2)V8nHRG|3$wbJlqcyahT*mZ8l%90sVRG5|dOa0QV403II-1&?7eg@*8h;
zF}c^Es-&J<r<UUre#IxO*qQ%LiD&+Vkya_r`<&PJ$@lh0%}X0W(ap!q46_|aNlJ+}
zEXFrUC2dh{p{j}kN<1FT?aWI2K1Xq6Bt{27dS>1jmL^`xwqY}mNwV&P{zAnKw4gne
zR&+hjZ=iM}q1Xo!A(|9sm=M?sGae(Y&W!1rC7z<T9rF-Sl^he<Ow>3$PC!<R>>oo{
zR~f#IyCDh-YE3fjw@1FW|N7$fpJUzk>HQ?7-am1;&u{SsG%Ybv;DZE#?GXCh$dyw*
z+)<JdXUDAkud~|R2ME3OcGjEXN=#CDm3@q7Fy3(Z!HR<et5e*Gx%ayx;e}>(YYQkH
z+98l|vjKahmE!`P{vox(U<LHVn|Ma0@V8uoVI=n{tAuF8NK>puskW0mk~lTl_b1%O
z0S=T%QizgPMgb;ZQL@@IYX`;@Gz~Zo#~V=q3(3(*%*(Aq)lk8{p*byMEp0PM+$o6i
z6g|}=wmseUtunS$0D!b(z+OKk9E1>#=FYgQ3|QIJ=kKq@<$=fXBsaBQHaF8$a@r_%
z$d+=>fiOhtKDWqCwDdHqHjDS`Ny`-jPEwCMx)JZp)LLQH*cbxo`y$TMr%~`2#QqtV
zKEc`f%4-rBB3eK_nrCe4-I9(ymxy~8ZGX<Br?bq{geR}l?aL6HU?ON|x}wDhMA`^?
zGK!o#Shj<>X6H5HAcz7M^RPp^CKa{EDd&+U4{Akmjk0E%{9W~&(IACZ%R+PlG60|+
zkW@CIkN@D@WaEoG<Zn(O9ImFy2fVkAc~7RgiLIGD92pRbHNnTn*>1kSyZ)}jynEx{
z7PqH1^Ah#pTw)%Qd{RmeY9^XHN$Q937ph=aXR*i+^xYa5THv_c6NG}OOkp$)Ekog^
z0#iJ0mW@zV>OC|ATr`f@7UfoCalWE{aEyG<&eXxXy!s$TV45Bsv~}%_l{bB?<0P&<
zIW=tJ{t>R?JvBMQ;Gs5LGPOT_0Kw2_nwr4Y0Bo~{Ge{}X3-_jX=*h=LSSS^GY-|=(
z1z^07lL>FpN^o;3@i3Pt!J3Zhe6j=fUW?V2re$#g<nfQmy89r(P3Ut0@g`hq+h4~|
zJWQZ}{O=2oXY$?8<l)@H=fMF+MsQ-xx?8Cr1fUx6DfpE1^u%y1Y|e17TmiAt5-g4L
zbi3r)0s#$zQg~IOuc+l3Ey1@carb~jgHdW8NR(!|Iz)q@lw(yBpAOeA%x5Lu-K6tQ
zEY`0kQmo^TdgqA&kXiy1w{O5k?1RiPQ?CecM2iELy3uPXr;=bRyeRlMt0R5P?D*!;
zg<voSZx^fzKfZs_WOU?6Jg++dE7+`GZqL;x+8tMk6JQ7l&p<+5VTrRjUbMtWisBQF
zb7Un*QR=*M2T?cRK~O-2rT{pEj{{5d+b<$t8A;Z)0%<F7X!k=&{f<eLgcHkN?Fkpv
zJ)8o6Y8aZ13kS8wfk|dmSU4^blX%}t6ZXN{*TRQvg-+lM0A9C&{=OorEDO4RW?bBi
zKf@y{JvRM-;643<c%;fVd<qiK57wQ2>$9xcBne~%*QXNo`1K`H9m#I4Fn@~r9XAet
z*CaPu3GV_CG*-kW6TA>OP}p*g=rY5G_0Z>f)BQZCAZ@W(jgspHzco#Wy|0;h%#dA@
zeEIf~$i@mR0d|$qGC9C;m5_v8$pB-(MFsJP=A_ooB55v9uJq>GpyL&y5NB7&64dr1
zE947T5ZUt|Bg_LO9bFUu)@|n`#i>i!(~cHI6LA#SWw`B&FpkTF`@cx#Bx1Y7%$InX
zAa(JSo46joX~gAP@>I|1LR!#03k2><V@O_d{re!z5ovA0BN!EOgD5Hsmb^iQv^?Th
z*#~8XJZO^!E->Ox_0NsC3cftQssaRRSwM!Pl3$~i5z-?zwzK7b>n`EeCX?e`&jVpH
zB9{6bY`;*L2E0Om0)3u)g~h0M+lN7T)(LCy3L{BD97%;5^oVe^He}uW*7`Cz;k|{V
z`k2@e*Q9gF6^@j|$h>5X&HL2%3H_Zy$WXCT;dSx~cuJ>rr6uLt#>dssrtkmNt=)0$
zuD;sP8y~V6Wa*v|!ifL1m7NNTQ|jONHJ@}>Nz^muhc#y1x;0Kh?`jPb%%vy7n0`|m
z(r`<H$g5Mm*2`#Ah7=`}uM;+?Dv8%Osh(n={md>OndvsS2P0l^XaoclSY0|xfSx6M
zOle6oz<67H+nl;{@$imT5cY*i^RaG&u+o9HqI`}((a<UM51!B0H%Bv_XEHWsa!<#2
zv9-8B>U569isWH6E`$arZl6RR`Vx8Kp=OOZmVV9W(slLl?cTq2J%!t;4bY=fL{T8A
zKsw724%3L9kogI|qW6hOL^AC`?kHYu%zI7@ICVU@_H?6pb-Zu%_h}ApxymdA*6sY6
zZEG1R6Hy>d4h-#WFiN^!3Ep{PE9PH{P@^ZRKH#~nuXS`~aMP9J${1Ln^yiQjRF?2a
z3>`A!(rB{}#oS1<+MFIhZx~u8LkrNU1z_lyh|%5c<@R4WCXgqtfYs)8teCFW_aCBs
z*Cqyp7CO@Y%eu#v=aoV5L&bC8Uvt@2CL{VUWsL1oSi2T6g0@O5iZIq)agS}qjJ#t4
z5q}T(Zr;GY{i^jRNq2z5m&ygz%aN_Dz^sDYK2btewvNQj)l#4e@QXJqKV{-l!=0~(
zTm~%PQ>0yU1hBtHuJ8X%+>ZxAQjGJQ2KKE?PdUx)>zXLcA$}kCC0{EF`}vKN_eFw7
zUV_JdLTwUuG&$nAf*a}iPC5ZCN$2zrNNsx-BTe%n?Z*vq-S~D8^I|XrbX7#1hCsU}
zHVJ2yej>^~Z1Hf*DZeXl&NWfq=tmI%F%^j}4?*D2@m@5r96atU!16+SX9WD7#sQa)
zpk9cEg^wlNG;$8n0I>G}rwt193eb01If$x#gb}iSNBE_&!4=jYcE{7F_mjCiWe%Co
z6Vc4pLYBO_2_U^c`=Av<?EoAI@vZ7<A|;5}%%dLkq`RW9pN^cjSxHv^K}?gt(L~P6
z0Wi!sSM%WtH+nUl{@2|4@YVRW_R8C5!d`q}-(1r>Fh71zXY23flL;&s1q5lOsswCe
zlx<x#;mFP&ekO(Q?I8gQ=MXaI*A215mvsVA!wr0F<)t3k+w~|1TM>D<fd}WeDp5Ku
zqk%^zc}|R2&MG>Re<H;f6Usnl*gVj@y1MhNH;BNA|9$zF%5<Ik^Xu!YzaHz7*tBe~
zo3KuzDC<n_)uF9VZ%bAG6H7fdt#&@HvaSK1d`YfAEI@*dmcd7@@E}C~Qz>^oExFX6
z-J=W%H}&RFMIYVf9xpbtX(_8{I~=wZV`?JJz{z;7At0Mm$o@Ut4;P1q{M_CsI;S%A
zl$j*(PCN={{I=t<f@Zr+;r18*h1vC;r%yjNj1N5Gs=U|vI8Is-UTD7@Dk7+475Pom
z>6`i$Lg?7jYey_;_OkxrhrL&NE~n0g+Z->CM0Xp%9qCTE!tt@i&BV!y;DL|#qf(BF
zVQ_s>Qa1yrCv2eSB$JPZlxN^p>vm);?^E{xy<?3lf{~VpEnexUk2-RW^~9eHKtNuW
zOXL9$)h+I9@$mtv6rqJl<t<m5T<)!<@k!;q!^;J1BTi1zn_O6+{96PMekTq}w34?m
zN!Df%eGCWR-`CSaQWKM7R+Yz&YmNj`m2}iXhtzG}c78fyILw%d(%~xW7RRkteS9pj
zetihsD%OMJJv?RJ!@(b6GAKcKzm3dw;wt9Jalg|7)_5dE;l*C=NFqQK@k@wO$-g89
z6z!tFX7Qbf#bIu$*p{5Bn$%z82dDE_;616jI8Of^44RtX&{kMlEp4vc0RN(yf)fbc
zTDR~@b0a8tP3}UtHgca0X)Mkr#Oa;&Z|lDdy6ZNK547+b0PsK}Q{E=`I1avc-{83N
zA)q|aD8{YW1tig20?$H*Ny8T2)XSZ08M2=~5xp_l)R%)qXZf8M{(fr`{Fflfrx_0K
zUa)vXvzAdN#;1@KV-_SHpy_%%sYRAs+*AJy9=f5w#ipUT_;=jV;t*nk{XJ#*k+*_Y
z4Xtq|P89pGqh^Bf{U|=h7~aHejlTEc%vLez{$DsWwKpOBXg6?$;8?A+)Z?8_=IGo7
zq<`VeMozgK{zR!&+I78A>O+mibze1i>>0^)Y0@&i)kAzpZ;Dg{St!wDcHUimf8EwI
zN&B<8=wZLWyUDX(wlnLb7zY{T04uByJ}~Ls2FD|t<|j;P{xMw;RB#f?a)M%^lD+|G
zkTMic*98UZawP4YD$ygdbrU~i<_bYv8x9^D&iL`Do!|!x>|B&AaqBs?V}gwnES2u1
zJMu<{bA?O#@(91gaJ~zLhv7pmH`6UDvdL6~_|=#<O-0w>Zy`q*WE(w#r55F#My2Fg
zo~Jj3H0Hz5XNNaneD7Vpp-cF5l)q>~zm1{231~2sh7o6Y00$?Y@3cJ)DMOomjAA5_
z*8r6G7(;kLM5e^NTeuHRG2E!^)uyL8hjV=ZpnS*-I{@~X)oZ}zjCN0pJJOFHQSRO1
zm2hI{4$?Sf1*)xrg3}}6h(rwZdN(<uI9_2#<{G6;qGnTFUAVQ!cwa`JB$%nJ)9tPw
zTxEDZtqbGD#xC4M^OKQSbJJ-vtHcwNGDgw7seDAU1GG#p1r2b1kz)u~k3sdci<8UX
zM9yvi@*_EmYwH6XOYjlUso6pY=F4Q_LD>#AWf||Rz!IBPmJW4`5{LVo%Upasl6H)&
zXluM|w4>r2-8w+w@GHmY^nHU(hElwB_xNHXAi0l|{wa4<Z{a7eGpCHir%jl-nhn=k
z*KIJL2@#&Fnau6U^5PE@DAb?CUtHzkn@l?*d;_EVYaIuH0+Pz{ZE*lFk^e@X<B&x(
zDp%@yD8X9(JLXTiIjro??b@f3<2x!(&?$;h?N_c^$P8Fva17HF&j&Z)k_EfYzFHu&
zxz2Bjn2K6+Tnrylna)zi*vWDLuR!Ooh1ymqm4U%0J3Xwk2o9H4L93yHCr^?y(ptua
zMSH}JJY|aS7UZBI-lmQlRPa5UrE{ILXP^bFQ}}q7<gV^T?dkwDnBh~P>A!xKdmOI^
z^^UbIwh-kcLds@;=>1xuMaYuwXQ}zuaBbpHW66DCbEW8n%{cCtT+=OSauP3DNp9SW
zTx$Lhsh17YfGW0pDq4mISHKYT{hISAA^y@!nH6se^-UbI<)Z7ic;rL!ONf7IE=O3M
zN=z2Ft<h5_&X}2)LjI@ahN`~fVy4i<n-d-8Z!x~XpMnBYDMxoFF-<%~+bwo4-&M>g
z*UM)YDh|3!uexER89Mz=1}-E?`RC}Zm6{{8V;^tImhor0#>=gFC)wcrg!Tcd_@R%>
zxs|TOV^)^Hhiv%kk~-<V6>`YX@r-MepV6N{%-Fw2%Rw(`y0`yc@#b^5fQEOHpAKm_
z9+q-O?LQEFj7hi{Q_L9~y@+zcnIJ6v(F#b+nbTPWq5Ih_)Ll+KQ0QaM*x6xq8-d%}
zPpbFUmd$|(*A`s)C7_>zzQ_acDxR2YFgotS`_}}M=laXSS8`C_4g(7gwTK9p{P=Xb
ziQl9pPJ*l!Y+$t{_-7rLeU9m8`I761{na6ENi5e;(W2l+UDD$-pmg@lv=R+?|3`-u
z5`tuRjb?}&g5F18N}fD-A^Bs!N)9Qb;SQ5;w!Bw&IOShNzlc&O0zqht$=z$eFf;c?
zQ72-}+r;8Sq68Y|cNKi`vGz!_R;cpagD{8gCzx38R{TL$wS8fGD22Og(RGImqBA5<
zXFYQs_rBu!0{3qGD)3Mm6zs$MXOyqF_dfMWrq{~nAbL%>o5C2!9nWW&He3=o*D>u@
z6$GN9lzQ@jA6!wEFPN1_zK{jp&@54jyc%Ik)y+mA43%YtX7rsjWrE^ceMMeSz^D!H
zy;mP5ben-B-0HdQv@cQ4szJYi!e7@V3&VkPS-+ozKe>2`!ma`#E_IK_NCz9}k@+&Q
z{d(m3#Ji%Wk~A(2LTNPa+WHBh&trW@PTk;*wi8i#FaO-3r6-S3mWtT$O3|B-ZE_=U
zt2_pxl=Q~2@f6>PtDtV45NE1ax0%%I{T{VTpi~b}_5nN8;?vLTe>jlmFOt05hK!q^
z+&A#A;iQimW6p*@v@MpP=4A()Hc*BQO4#`~AYV_K>Qkgq$IqTGd!+7^t1pH(_zf`@
zB%?OnJ^YG({>xw|q4~!<pQ+k-w32luO*j)+s>AjkdZu(fH~gH52t3E6c~-DF;pe6V
z<bK?lxnXJIh5ct7nron;+zY+Ugwa@v5-p*x`2rt<Z6>_LK!oBH`yVfvKj2;=YE5?e
zOW|K}eE2HXEr(@31<@iwR-i}oL)G(qV|mxVWUU>C99?r?H!-(Qh`-5aIwREs-9LXm
zdQ|p{&z6b#QMiPh6`s$ExFZA=MFL|v3GvuLRKZ8crWvZmTxThhf1lNed;=JoMX6cN
z8WIgDGHDA80~$n0egUDx7(P{uiU;fOcj_Y<{CNDUqn|8dnVAcarrU|)J7(-t<TqhZ
zxgA+kj5kUN_vEOEL|U9Njy7WL?N&%O1O~XJp;Dseo|_E0kaz^=2U)9bo^F0qbSF^t
z&XL-^ZC>*Jq_h*#WDgDWhvEB1;2eW&&{6f&GlD)z*mx0qmt)>N0YS2o!h-U&q+*q?
z1m5RZhp$!;LX^|$#9ARW^1QHgJXMXXDjkn?0F1}nQIaN0Q*%qtWSsDEB9a3p-XQlG
za~ZFTnOlXgiU#JgO!GH6#hrMS0oW*uC<6b~it9nqg%1PfERYjPg=7{I7#Jyigzp4!
zAhwldKhZ2lZT{p@6XX9bE?Jvs=b4#UJU~hMX?4V{fZ%ogaS9O&^pi|kL(?N6^GDpv
zR=)rot{lc#6P&u7l~K>9ziDx0Hk_gbHrY%z-v`Gfu4_tQ>(k`ZT=-L-JtymiGxW^Q
z3df83x$hx!ISHM=@i+j_23UBaJ|~fqEUYbrhf+Y7PnesQ^EoVAXV5=I&Go*p7W!;2
z<m_Co9$}_}?-IeuoV$5+ig;91oopP8s6$$rjLA~}K3;xrf<M3XdFqR$EaU80auEPh
z9s`Mvk)nj>E@(2ZTR?aC-kM<2B0J9gl3xb2%|z-*&iIjwC(QjWNgnL*AeHR*C?H9A
z`PJk%LVQ4PC-4C$AQ{Z(s45Gut9Ufo0~}6A?N3QlhmA%RoQ25JgmRV5u8{3Z5zkCc
zw#vHgTZXPe)LI8sVjkd~z{`Q>|GBB?<mF+L%Ms;Z6}tfh)Sk4B$^7f@IQdYnibMy=
z-4Y#!uUlM`XY;7rC1fmh8L!B<VSCOz`JDJR{d5d(@a=*muWusjr-ObwIZ|gRn5tyI
zL5(`cYx1Tk{Z@{J3<$hShi<~}XQE1rla7$TcE?2bC9@&zqlKu1Xbs7R%6zT;p~)J5
zqNYj;Yr6W2$rlX>^d3pGcqh^gX}249Y-JwqmuIN=D7JRW{`25}IGp(#AV=a_M5i1k
z&@;Z%xX|8H`<ug#-<_M10n&~Kz`fj?1(gjK@1O#LPnsL9#8;E5lV=9R?cyRBy`0?;
zw=s}A3wYQbC`=?vk4cuzS3ma=b`llK{#zX-RJ5%p@$aKDt2oM)&4dPkjDyJnN;0s0
zMrj4R<m6af(*2&NE<P0}5^h+?o4zE`WT0qk%cHa!T-B-(0T)I2Y|*VKvXG-Q6=bsV
zH5Uas6XyAJFcT*lM=!8iXv?}*S13{@>4XQPwZAu&2#h>4F^Kp8^bh~gF}L;WIz>}f
z4nB8cEZ+eL#G0CD1cUXfYWYno1<`)zMvu7>x~$HBe5ILySX^_6$Jwa&X~I<%4&#j1
zNFu>Qt$L!d=N->*07$#)u0dhqZjIJQr_;r}4-!8p&OnX*f|F@O;H5al6Fq1YBd<N7
zKYL9_ko>O+ULm%RA5-VpYN{X|uhy^XhQT;**R>Y}M}(12;JaK<YNpxdrihSnVK#o&
zx?A1~S7Hu@<m5-lFNgSW)TSiNYWEyP2XqDUDF^d?Ulx2it3q%S{cX7B2v~k=zZ$j~
zmzS-4eg{7{s%E+LB;-_=@u6A>7POrBcyU_c^O;(~GV+NP*K7Q0Q%hzQD}l@43U6V%
z4Ltdkx}~oX<F<E_>zu`I#5I%2uAF|kAK4UMB%|+uGq_dZn&{Kc6AZzbl?z5c9;(-$
z+B8%5Q@Z9*??Ld^ZqzW1CrdQ@;hjiSX(;(>(#e94uA+R9$0;~%v%_qwD-}ns%_Z`O
z24BN7`3nKz{ihi&M0A>&uw7N50!ca|F45(Ryc*Um-ikwW(`0AiM0PqJ%@(iN?v<@L
zBbQB93h0+nSl6!W1SF?mB9=%VV#-dh|0Jp5fPT=BrlVwr?E0o>SDQHd?buEav^m((
z&P>XiTjU77BRf4>I^H{?U%4*sjKcsp7K~6}LdyglyEnR_kN>kf-h?E|Gu%Ch@r$p*
zk|^M5u1=Ap<3%NPgPJ(jV$Zq^QSM5;1onxd6`&x4=NxlLY9;ISLv}})s-YM5q|A(|
z-X_t)%NDpjDDVz7q)aHb7r!31l)3OFVIM^_M6Pzbf<@&;m2)}~RX};7swg(a9}sqw
zC$poEi+(CV?W?g)XgJo9j|w0E!}Z<*AXiyI!T7PHI`T&Zo6HAi&aay;WSh<eT*U_v
z`ES25fp0sEh2WJWEd}G`=}$BSV0U<~ogeE2<d65bGWiLgq24B^4FRe)@Y5(^%a>aO
z8_(fqgKr9b=-DJ6Zf4LNx4o@lWtK3a-N1XV2~VYxq~f_pt-FS|EL3ML1Sd|Jebee>
zTuQv}SCSbJdG_iIkHD70o?S5hUyWK&J8XXgsB%AVXxHd4Y}O>H0tZu7iIS6M4{pD2
ze=^YTt0V0<2xfJjT7nGMtqrRt=y2l&)0jE5ov6w0T1`JHOzDn-vU@gt5`{k<s-EI0
zAoU-(fJMQ5LxHY*g}@Ue+Yz4J#YxnX7Vde*?kxL(BX1G~+T;=12@o0jc1XQOhT5Fj
zaYCG-lc`~>*|Vz>DtMl6q1{NjXW--AQ%L41g4wg%8G|SQUAE%^8}RzWS<Q1}+34TR
z^v4rSUQ0vuYQmDD$zDC$mH~9Uw#nHOS!$Mf2TrOW4D%vy=h-WlW>R>OR`z(ou32?r
z(52mTjH`-^9Kqccg-#54@|p@G?ufOQVUF2<uAeP1IH~<E;ih}1R^l|RKAtj+qd3(&
zxPou&_8OhkgY-4vJsC<zy1AjA<#tS-nVkY`g992T0Q@ou{pR<bN7+i%)al!IQ&)8f
zyzcNd#~05-XVOl!m^bg^bnWa`|1~c$*j-KZ3Eh>rkSikkhjF}^CwTcYs;aaoq2EXT
ziWnZoaR9AyBYL}<bcD;2N!`c)RdC+_RCs?Jzr(&0*X5e`UVCPT(7o55S)oD~nMp{6
zeCk@+x>nilMG>lNWUG5cAqhzt)ip|HMnh8f>-z_sbACDJabA!2`~7^{IZ_@XGZmeH
zkcvr}KLLF#2f!9FU7~+B;(qmiSKp~fYMu=F<VBkCD>ObgjC;Qqv4r^Vs70&h-CGSG
zOL=}%gG7#JJu~PxlZY3|w=!P{>%%;BJ*KyBKz%0K`izHcxCY>@(_z?ICF2hOmqoc^
zZ)fhF+p`>NChmP#&wQ^de|aE}l#DUgc_906cC{eS;1o>v8n`Q>6{#hm<F<E;ekXH5
znpg#iE%;-m!I-a+HNUHvphfCbjZQk=NQcDi*STiZ9n)UUwK!p~*u>>`3C!W?FK`UF
zCh4}-k`kGG`<+44je!C-F!^>$^U==?zG@)WqiQzEkkIAr{)gxm2ZvIawZg`zc!}gb
z_rz<TvX6-_|FAqD2v~E4nHyvl{KkHaUNv&@`u)2X^1|Bvan6yuPd$b$q(R(##!A7@
zgl$Fp4p+VejJz~{)lKQQ5*?V$ANZpgrFztT1Ego1D7l2wrm;XZ-?NnZQgu?u$Aq+(
z20^VGL)R=sgg*@<_Om*^;&ch{uSAu}o|;SMqh|(ilO@wu?_S^dQ~T>f^3!d62eEUZ
z_(uwxdxNDW30`o|7^e{it&%T)%ld=fnYxiu9-;3RqyN4oE%P7P`w6Gls@a!k@7v57
zi_ew4uTLECOxBsaH4(kq=~HJ0TeX9lqZ+_%E^190&LbNzz;lf!9_)8bcT$3qe$v-K
zUOpDf)qmYQeexf%6qYDZz>Vo^*XP=k%IyJmcOdua$L`-aqP*0nR_3qO0ylKORN|U-
zTk+|}HSXi~Hezh7n^NnraHgg{;DDR+xtoI0O!9icb64U9yyN)tk>hh01O5_01Y-g<
z&5fAEE2!YsLG|r{fjcw{408P}(yvHLsVRgItZvC1ufG(Kd(Ot?szx+@kC(+|r{Jp)
zefME?&5fgxUnV>AgHBW)PXIaSFiAbG3g4ifV@CpAlZ3mnUgj-wxKbVMqrTdF?n{w5
z?&WQr>yGg21Ky-LJc!d<a~Gx0PzwFva{x`pZS;COnNZww!{K^Vi?ys372MMpi;R+E
z->Y!)>M#?0ML||cp2_->qV$wjNlZn*%KrjzW7?ly<;!so%oL_YnDN?fP};nDZ@wyg
z`MRr_k9W{nzx(G#d*oB>qWXIK`OMZ;ICiPbh-4WqCStn&`HR^te8U~LXrRMkMK&<m
zBSxiyyT5w=#hpj4g8=jwvc6{a>0Z+Nt}><M4#}J`fp)j5AqxS~=q+_Td+NO$69|b`
zMcG!_1Q3;rt}&jbP>2BlF4LND!K0?*o3b)JT3=+o8G$&D`qPbZcQeHmL4E+d-2P%p
zj&{dO<p9viVCiqF{f>^mk<qIfVV*kw5)5MhNV=Rt%`2w<jBg<Ep?KIR4T$g2eyP^h
zV@2#Vs?ny0tTIL%UPv~9>Di_rRw;}eo7-fFi8D)-QAwP5mK48k&8NCo!gk7gf9V9D
zyz+zS+Wk$P!>H8?oE%ndLOB%&kMV!DWAw!rptO$y_1vNhSUeR@(SS@<_&}Mfggnn7
zP5pG8;c9WW<P?}!bnVZ>rnAEPL{OoEkUW^{E8+VKV6xJ3dH4>?zlrA_GfNJCENXn>
zlCsp@YX2~0{wyHD^M$KY0Z^oXR2Jb^6chTGQ%F2sF?9K@9-&F}?0>T>@7$%7Vh1z=
zZBFqf1MgAZD`#!$hEZVAJ6}#@B6gN|EmUmJfq3rOEzN{|3b|9@T6aGP@k<=pj8AW}
z@CcGW#cXrU`}ei3vU<*KKEdPpxNN!_fmn+Ki)tiG6X#0dbbfv07jgaDJn|uR&gwPg
zhFtis?_Bp+>Wryi3AM#%JYR*M1J9kCrP*65a8n<P_=O~5P;aL`Cpi}1t1#0PW3H!@
z)UGbS_`FtA9mG>>jpF)Qx(nx7H#@zermx(u&NHBJjly5=PzN1}94k3L#+phHj<bJ_
z{c%>pis03)-nE(Ajz}Uk-HJWF0z!2ea4P8LG)X{e(COR3cj86`J#m-fDo{HcRxker
zWnNFN5+|siO1y+NKG8>*4msNhI*G{O;+yjJxS=}zZYA*%^q{#zT#1L4xRASKt}Kq8
zOY<<+wWcHp0nAB4tfU;{BhuYeKK18^kZx;wBwn1U)FDb5vknIo$nvB0(TKppZ}HY(
z3l)Rhr+<Ik!tYdn(j(+%x{aCL0M^h4BuP!c(>0F#%Fh*%F-2Y5@Qbhlf*`UlncuWJ
zQRvjb(UI*GMuZdoeakIAmRLbWz%V|&$m{c$e$pSYBpH(>8T+uW#^)!&6kw0kV3?rh
z3bYB&vgM1;+sox%N(%1TH5cHNDJ4MIX{f;OKoRvpsw-JmI<iwlRFw3vBPBQAq|+jQ
z&ox(o8e)rf^|x|kwiop`$sXyDoxRs|^UZcHo*rRlDYTGf@?9<6K+HmO&wxM3F!!RD
z7{Ty+LKX?Xgc|Hfl|i*xtYPF_4A++QR?JY<p2>XRv;>3oz;xv;cA;Z>zfjy3uW5!X
zPj8jHa)vW3awNZE_q(NjbCW;{_L<~yK`X6~HW^2~XbDF()3j3PyeHp-X?)JlO_T&*
z**UggOL1s@t+@QaEqUZHgHLKy%qdr2{#IypfUYT!Te7j>uDZ9G;prqQ1gU~kEMi(i
z7Wh?kBZRn#U)KtNoLgQfF0o%qDdyAW<0l)Fj?4`OTN>_CqQ17^F=7;v=c%p_+-t<$
z#R%NN#hItLCS*UE56a0AxKni5+-FSq@eS-ZK)$5&9>XBrO~G4U*thN-iD!xRtOnk?
z#rv3(FZ_CtuuNJ6aL4oB8QdAF>tNCmkwsa(KEhOv8aFP{C4lJmOm@&6$Q^aJp&>6K
zo3xktc;eu^4KF3N&r}3)$mU-+5<m3;o$S?B{h6aXn|ni!3t4P!9T4`#-9qeFZQa`x
z`7@=HPvauN6~*e7zqPcqUCgbvXC8z{@+4mc{gU-H5K<#(&n3<IYV#Z3GI~1e<zaHP
z>%V~-qV9D18pl+m7d&_YM*QvFt{)EA`YaoJtoi1REIf2*CoK+^m^h(O!}}!ro7b9v
z%Kp^Vs`}F^XItApWmyuH*J!Ke*IN@V8@n@GjR%aRC#JTi#;sqa5yfVH3-XDcyC=X;
z<T-udsv9EK_2b8RQmb<%H`2WyQ<z%wL{X4L-h8SKuTy}<lf_@KWv2e}9!a@IwV`1j
z@)HShTx#b6zT+V_?=@3z#Z$fNUOsiuX!Nzza@&Lx>J{5|kRHxC18GNTe9u|O;q$L<
zpjKESxPCwp@*MQ64Pq?fQf{?G&`|v|6K%$B*nb4nWrhJRckF~8C*EZgixt9KFu3>V
z8aYEm&I{fZkVsZ0Rr|ZeM6}dS;m5FZ_LkKGwp#CMbyi_dlyD8ghOa@5f^Xb*bI?=l
zmqL~qY~Xt?v{i{`HEbsdqGX<tIs2d_|4In_>U*r;hP4>gWOfD)5QY_|DOqB`=c!%h
zerW^%9}Q^E#DQwqNjz$J9xdn=YAQGgeC4P=QN<S(RWu8@l9h;3I>!TLG{+ZzNhSxC
zBsBn1uMyavV}f)i5r7xXVxS4&2oUqMiUc?mEJz*pO1PBxWYn5>fp~wo)bIJ2Uhz38
zSKw*B`vg8y)0N+TU5_KDECsWAcc!CeV%c-MfcM-=AYCBN<fuWP4G;`Ml6ko~=}aUa
zlA^GM0|3(i)6;>O{?RquR|XwPj`LYD2mO+I9AsJI`Gh#n(emC=O~(Dv8Cg-VuvBi+
z)FV4m$(is1l`mIgKvZN)>3_Vzx0rokO)i%?ujLEvvzaoa1fx#YH@<O8aSgZ-nyU{Z
z(>$QPM{;))t$`@TU`dIA)4F!$gKJkVJpLUOJaYC<KLpDo{^w?=iqez={YdxgSB?O&
zbz{(lU#7~WBhlS9N&VouDMhp|?+mA$S)%8ABQZgsu&wp3Y2C9Yuqr+|S}k(Hd*=La
z$MdUY2oEN6esA6S-o>`Pd7M60()2a9CK$j4EUJ?OAm{&Bv(`ZbD2GksIs*I)#sBp}
zoJ%AkjYzEmc+|qJpJ-N9qMgvXg9(LLvC1#m>?_evm$>I!98R7Ssw(yA+b&bxIpFsA
zNP~ppLBH1Wd6>LaS-28jk?)P>x`2)A;osvoH=zq$uTOAKD~K9fbK^C5FvNc`3C{-w
zc#A&^GW>CyY#3^ROPu|Bsp0n&%%hbiTSXAC2>Ymi5wFIoZ$$j*^WU(&1-J=-!ZZNS
zA00R`u%r`E5Sce>(<3ZFOkAE{G*R&5mMjXYxZj`<HRd2-jWeF#6RH9_QV_+69W>R@
zg=y-RgM_G_YNg`sZ@%`)vE3u{^|QgS&1EPF`sE>(!)9VD#@Xycm})?T>8mBioI{gl
zQCWAHVYBYJwi$;zs^Z*|#tNK(9IBx-Rn$VQdv6_6la2dFxkSK9lEY`}o{8L^$JM1Y
zu$@>SU)YmZvP)YY2iCYQW`Yo2Id82`XbfREf{38Y?)OVsG-A+Tu90~V1O(Fz0^i2T
z{215T8$TwUhig@bl7Z-@c^QLe*k_TJnwGe-lw9aSZ?G2rLerBcGzp)1T$zBZMOJbK
zTR^n0NS{YitVyoC56xs9`)7-5eI*N57h!FCa3yKlR`K$XVXq&c-#&PJeMclFojYyk
z&7sqvit<MR1l3#yX3>>ZL4wqAWzGeb7&@t{P6)mY;N<}bpx0&LQH~E6zX>G@z_+j@
zK;xC2?dKEj!_7egWPkx#^vzBeN!`{U0#C?$o#hL$NfemU*mNJ$6WH{KA|A1llUF3o
z<~T?_Y0^9;Xn`UL%F#xUiNLXuVL~YMBQZoyTdjzt#*5|N>jPmmbxN~j^e=%`K`?`5
zpc89LNCQwMDCn*!jsShNW@!la9TQzRD9FWa3LT*WMbKcNDFl1@2=uV8ui`6sJ;?F-
zc846zL>4&V;&57@M|k3b+Fc4J8K^0O75Huj)J!nUb&!tX7dFqAHVpdG#gc{f2?_e~
z+U{ax3E+i?kVQBThlFG=I6lB*#ZS0_0a%d0!{sSQbGvV!_%uLM@FR|NiHvZ77|o<p
zWkt6^NHXE)Y7179MX8s?2`|9HDd(cI-|gq~kMfE>#6c>~6Cly%X#}*iAFzO+f%*Ps
z$=5Cbm#2`3w7f6yEI|X22<X^d?l}RChYQ)v3t4U*Gef{Zhp1#e>U}GA|NFsy!HLKD
z0MoJcC%ekee05Zrp=1(9NWCMFC>HqWr%J-ltVz8v{yWyB3^Bd8YQERYf-vg|k`GZp
z3Rbu=;f^KUy63xHY1oN^g?$wg3J~Ofn`MN-JHh<;dNjX-^Z-4(j{m`hf9r~KCLK<>
zS-wRGazF%d3ES8XgxPN@G#6BGBuYhn)AVD4Z03a(PX1FXG*T&4ExjvjlYnGU;DHqL
zvOE-?n21dB;Gu8{(dVPqkvzh>-j9cLg>>J3$BvpQZxJNFXyG)YJ+3|W)Y1}9(c>0z
z_wBv4sU6KNc!=FG!48S&ejp+dF}nj&LHNSVubi`S7it84=@Iezfc5fzb`@Rq0*Y5Q
zA_0BK{H<DVg#rLE6s)l?Mt^tbAIsmU>g2B<U0Df7%=6?#6XD;Vl{NxB1WCfx+d@|e
zel|cy8T7IAw@#@vHXq?Z(GSe-<cUjg!Mdp*{jMIWAdIAw)vZxwcOs_FH+-cnoRgU_
znHU}5F$LH7aU`+zA_Ro2_>6U1l=Xbz4Z#cbf9APP`+IXo#xyZFvyEX14C#D~$IqWe
z0}xYm<x-mNQRl<^a{ffLZ~JX?{>wj{eqr7|w0M_e`J3>U9lp^+#fSMy8MMhd(%us8
zx%_ay_`413<tw?#suuDS{Wvd$N8vVwaoThNauZgeRd!4;66RM6r>I}9!v44%6_lCm
z2>_^rU?pg-9HK<Q&tvq*4w%06x^Zm3D~|T~m`$HZ>%7>LY~Z~pM`^mF+m(y1TvBKv
zEavbCE}2OJ?BDz@wG~fd%3??35O}dZ0_e~+bR|;9WFfNmXtnfPUe0Y6>F`ysMb1pp
z#V3v`KrcIb(ZwfOtQgAG-%2QH`VA?Tp#8jzI}Pkkqrj@fws3q#G;j>A0Eu@MB^~|+
z$%Q8pFVT141Rl*dR{mteV;zjCX1@Nb@rq1Y8cni_^?D0`-R_)76<sno3>4#5GsY6U
z*^vq}5KW9pOCl$TR=EfY<D8hZsybP`XQIt~`msdrCBVn%s<tW$7kMM&mukzHTQVXM
z(&ee#Ly&HrKbty;ZY4_hVE32-?O`mLNp^M%Q2I*;I1wuq*o^f;<Af5B6-u~|pM3#_
zVk#H?dst988Ya3=EXO?RTxRb5i_~pFg?qFRUIITS$5(38y~dF)HZ?D{bkeFAp!Pwf
zzzS2?f-7~6Eli)(hb6+@XtL&5`6Qk}fT8#T*PW!FpbDm<CpkAIwrwg3TqLAmK3`-4
z;*uju*8}r`1L%69v>Y9aA@kS&=w|%RUNMlW^Tku$%8r2qR=;LLNvJYZ<O!n0%q{NQ
zEkYA4MM`YNqcvw4GG=g6u7jPBIwg=pm#$}}6$kLH&5JdXk31ECG@hb!aHX*Z64K&T
z8|GDDSLrdJ)Dlo2a1a~U;(Y?=toT*_QlEr0u;O!ZO=W#l;R5>h9l1?fa(bVDQ-Vw@
zT}+_ucrab8H9^LSB{26)HioQKdx6f8Fsj3lG$nn@GR39DpNWjkOV0&sU)g`{g_Df2
z;n#G%6I-lkDc%6d)LVI=;}OC?8Xa6n5Mn0CbR~#i0p{TXMC<4hdq7D!y4`U+_#WY=
zUEag1Vuf$$1!xl7mRyxxBKPR4^cEAS*62;2IA$QGI6(w`>{ML9=ty<vll5%pCY1Sn
z1w3bDrJ1}_Y|&MmbU$6ZjxJ{OrzJB%d`Ve)bzXFe$r~YFc#j?UBlmGEG0pp$!X>mo
z=ox$>ZfXt@dDR#5Q@iMzAB1wd$$zZ_@{-8yEMa^Gj|W10$Z;lq;0UI`6kE7XLUA>u
zFB0E#+!yAi@=J`(#UMQ92zvB76!#_pWTLiu7fW$hh;;|Fo#B<&QS<0MKVTSMiB!_@
zNSxV}E|WLFtMN{Y4+y0Y9)Xp4_AcIyQlo0qcsppWz+%+QUiN=tX%=%iHZ0X&MkzKd
z^cYSYT?6x+Q@#)zd_+iTi4AHrP!yMVp`)_mNh@ktgfq$fF$8X^VF%WeJCMvjahV~%
zhx$iMyCx=e-9YMnsVE@yol5Z|`96`Z1j*Jk)t;UwKb*^t`GIp_N+m?l2(v!>%&TW<
zQ@5KN8Ws^>X_LidekYT+cK}e^a(GeCkm7=rB#tj;Uh4LJu?bwlHnH+HVDUTg9>PyV
zX=R*+pEwiW&T%J78tsoHEbs>tYB;lROp1<3lhI{#rmso<c!JDLO<WX9dOhKI++UeZ
z0cn^0fO|mcCy9@<Ox{M(B^QKwYm9V@ycILf%;<!oel|lK^=Ezmo7=F}pSfGSKu7Kk
zbI*JjF7rkI6lz*rL<iG8a)?n|BA>K|CC<@g{Q#2YA3oK>*hCA&7*Kj4K^QJQ@zjgy
zMU<S10)l)^wf}pQE}^b2-R-vnw8V)sJ}kBiEO~QFr}aJ&y51fIl#GIMX_%M>vq4*Q
zMLDadq0-exzDFK2B}Yq^y_2&1No(?b%f!#(juu~CO`9EY;*+k(W8S*)zD?IaT*0QR
zO*T>-ZE2rIR%z39TnSch1&*;3b+kGP(g2=V%Mr36T~O>>d&IR~e(~#v40In3`MYsJ
znOkOwCKFfHMw8xb8p;&~2-o{A|1CcS0c~z+eE*trER}-TYQ=t?JjQBShxToCOD{U9
zKJGK^5<A<Ffjh}tyrFzoNRCz?n<%5k-q7QeSk6BvWQqg!H-DqPZo=nBHp%qyKVMP8
zR-#|8P%IZW!GCnWDTCP4v{yo$pJ!Bmm7fyV#O?K9H<puloR~YYpxs+C)rVtSL^4Kh
z_O~dA$L$sXupk6<Id+qZ2c#DCr9=SC(~yK`q!b6aO{%r+vz(*|HnfZ{YCaFh;p8ze
zyu&tm=Uu!y;`!eMNZ5nFCikT4)Q*-LT`11fCNq;9IT_+68M^l;svAexXNF&cGVi)I
zobJugYnXcA)&0*-I68qA-WpS4lBxgTbc-K;E7uwz2sD)x;pv#wqL2*4$<$Dx1PVD(
zf?q~*CwF-;&!!Bu`nWk@WaunYqcbbk24fU${^0M(E~+^In>g&WeEEFKb-QgSw#2Ay
zeY*Ahk(2;j9pe0`W5Pd}amO^^SP3$$>W*7-pMYSWjpJ~2QO7v%rc(T08hJ6pMqwyV
zK0W4kzIU9#SzO)zk9F0Nq8%%PuU>0QYJB3)ubez9Buy-=KT83@t!c)loaDmiMxBE%
z$VoIoBmn=`f<_esrZrJ7jfK!yNHJVskuM)k2yoR%Jy6JKm?1cQPPz<<hWpO#jOef>
zxgE3HlM|l(2X>>R1i@EZGxS@+kOkZfWE~2o#Q1r_WXIm{vkoIh_SSLx@S%V^C#CXc
z0TLq<*{Wt0>4DbA<j@qNfHO`kS<q`|&RbAVv4{s1805*tZ({W>{bPEq6;A!h_o||p
zg2fZYp8zc{HQMaY+0`)Pg<l`vTu)fyx>{qH8@$FxuMpjd32~EGs!4h+?ZgJ0Z)_U%
zMAWx^RG}IB)GeDC4({=UGWr}*b&mXcX;m@9c|krPzqdNCYC<{V+72c~Y7~kC?Ta5=
z+H^Pq^3d{aHTShIJfE{WRv)evYH25@q#8otb{Bh}DKxCpHOd$OjX}QDEG@`6YG7_l
zfr1-$Juc})(egvlo43~;?YHmvCTeEtH@trt`2xDo-FQv|inTflz25QykY1K<Z)jU5
z${mV29;ShM?4EUL)MCg#C63g%`{)G;k&PZ)OgE-zEtd7zJHTg};nD~$Zc>LqOFK(E
z&vV}2Nq-HhKib}Nj0uWqY=MkRU!4>@ZRV9IEEDz&*zV{@j>#Y2fAai<Rv+-$2}Q@3
z?HRf+um==L@}uQv$3HUrZXJc+kh=0&m{<D;0DDlC-5SbyBS9z=EJ;B+BA>4WI>z6u
zIocxYzhHIj=iXn8=FhoBUWXZw;%P$yw|w%5(W6>T6j*Wx0a<kpkKJ9^S>M$uzhN2%
zcp=0Pl<|W`uKPGxd&Wg$eGx7shoU_XVNFe5mo;nuiJOonjz2;#<XbC5ulV_5Dnthc
z7a#91gBQ;-mDJj$k!7p4-KRgkD&u9H$ySeB=#cp_cFx3Q(1IlBd6u`dS}?gF$86DG
zMj155N~J_ND4>RDJD<CN%y05WTV|S@&Zz6}{ZoyXteiImp~t_n<vFwEr`-i%u}CD*
z)SMQl56C<twkVV5iP*)bSsb}ciX|QjFc0B<j!p_3kMT-Nv7V==V{7oZ+&5-f!j!HR
z`D~ou2Z-5EA<Xkf#u|HxGXMAnk8F+K=sE)tdN<E4qt1l%UGj56p_71W%6UGjR_G(?
z_3HI6GRaWcq~SfuL?jj@J_Z4fSpmf4EVC7obCjFjkWxC1+|rS(QCD>BZ<W+O^n1&p
z-<hF28|fJ5Q_?D$=_48;&6#IgX^J;op9|+%=U{9;5Dk(A-4pu@F$waHfh$5LAEV05
z)oM;%xo>?oFwz8J(0_kvyZN(}U&c_QV!~}hz>yNL*z4p#VWTQVA)8>{xZ<4T5@zaz
zAhz^X0&tf7{FMTdEtKXtdh}b2?&(cVZdv=tXGbq*nD_6mz>wgjBO!qUwtTD#H7TT8
z1Wg)E^Q-*pWk=>pDjx%WaYz_v%IhMPjysrxBk>fXQVp`E50IkC_+oxflj7keYa9cu
z6|rTFN4g|JRo?JhzxC~*QNOzlez$t(6q<5M?!n!#x3BH|GcsbZ{{DIo)=uHI65=(?
zFm3@;qURU@Uq0=I_=7%eX@X`Ms#=14^0nuNGQzgX?dA_prtNITshJ)<rT^=2TZzZI
zGti2;0MJ$=JyVUb1o;p%z?+<y=>@&b(8wieL}=;hCMTocvR^2|3*=rmi^#ZB3nP6`
zrn_!rR1{wb57meCoS1xu;RK35xU86$hKYG4`BU?SYQYN%Mw1L6F}Y2m=6Q2rE&|uB
zxlNLZDm)aN+ps3DK_j&j=m|hLgq=67o6I^>mt^azonfT5Hpf+a591zD#N9`ON20)<
z?;dZ;kXtDx=6OIn2A49Pl_bZHLr(2k9V<#$AfZ45Bf&3@HwyB}C$DhldRl9c;`lUp
zEco-B7|uPBKpm%mPE(B?cRAo3t)C#YQ+IQD-6$FU#Gy6Xi3KoNpHDYW<afWm&=|v|
zDtBLz%iI&A?3IueGXfIuo~20IuP#QreP-U#Yc7AZkgc0`O36LuxlsXeK1c%v_Zv&Q
z{HjsdNOPV`#fig;d7DJBtR(YWdNmqtF_yW_S)o_;hh=wKQ248HlWrIb<NIGmLjkg5
zm5>1IDkzx$g9G$fhxzJFf~ZOapIMt_KfIs4#%J(0|LD&PdA!&p0=00`LMw@@qzPrD
zb8W`P*$Rtv*H@xd$$TJKo-(zn!dVC7G{*pva<<g8$&%6te6&|ZizLJu2tTHT{^9Nn
zz3|;1y?41$gyygzbC%6-=5wBjIE3uYaZkZpENNyFJapuI@P*FIGmeA$$?MD`0xM%@
z+1eMMtTSaHom9mOTChulhvo}|21H!eR<#>xblfsx1TlKcO!CYnpCXInt#oLY08B70
zZuBze;idGq^53!1xY6+eLR7|JdT=ekQg3xT%jm0tlA5(yS9nfAv|AN>g!|ZIuqbzG
zp#$HhF0Woi*dr&B6|UhJUs*{~dv9a&ViWYXYQcE+by^i`t!W*{4*PkdXdZO-QQIrw
zTM_<)31M2WXIgvC*?w+E9i-<g%(KDZ<J&18*UjKp>yVV#vx=+LzxYJHUd}jpU?yes
zqC^DF_xo;*8Hfab%(`?dB36>b54{0EnbP6cqs<mb7m*JZd#M>rromM(|DS%R&Gu=d
zeaSeJx+_|+3ysw>Pq#pA4oSQeaHYx_C$Cp)J^zZn1+S5|S>l1XTQR}@;@#xSDH7*6
zkYOj-mo3CoCtll#>m-){OY{wQ;w9T{?SOX_zGYYfmMduB6v>JA=@{aR6KoK0l~apu
zbArCb!Z{JpQ~>w)7ngmQA;K{tQOp=SUnm&Kt;rYrDuT}k;QFNx<iy~8v4vP5z=j!+
zQpH4ElR!5OIvJ7pnxU6hNU+87+9f8{v#z;CCZt_W*%9S)XC{J?V4n!Srxfuogye%?
z7p^=`c6bj{R6;yuB$=e?k*GWjCdIo$<OCJu=A7h1ONH@4Vki{EGmv(3!cpzy1t-`f
z`FQtOe4miA!`I{mwpnBh-+4CJWzf--%2UluNvIP!;Vg1SDMNS=!Ju+@NXVOOf?xvx
z_jv}-(=Eu$n>QB-$vJhIIfFNHg_H*vnca1;4kh?n1gf<to%}rF3kYOD<tZPFskN49
zCxFLeP&bsaz4r`as5}N^8Ou>=j0Nsy>zw9}gjVa!N~fI9N?c8O6s5OWzD_Btcd~&K
z(4MQ1<C<5jeKUS2WxN7Fs;N97G_H>Zr+Cw;2!EgfJN<Qx{J*rr9u-gs3*5Y#4F;qk
z@8@#JPzF19&VafR<5i&O{(@W8U6UH(lp>v;Dxs`VNC2a3a%s<RL68|5>G_7IPDEkz
zQ6XHm3E4)<1!kT3CN^NZ@muEi3+$$iM=f(j2}xo@1+F%nLc<nr?cWr=*!+`2h2Dl(
z4`twym|RRcY8A^L!c1yT%qwRU`mEf(_#5G|B4ZtrZ>e>N3}ml00i7w=1n%*B(D>`L
zL9&25DJvoy%c(BuC%|No4@IB_P@Ie55u@FaFC=>a03H+-5EgKArT7d>;BFB}jwXHk
z1>zqW@d=r=zlb;hz<t@CQDbK>q!gFLqGB~c$Os<GNNyyB%Y$4xOW{H~ffEc7lvti8
zA*i8ruCm|7uhT^UhG`*KerGpStwL$k<C_LV$N&=YClFNj_D<NzQY+^}fdiK{0FZ15
z0$>41b_ItD{We_+pz%LuSCkbOb0R9fVK|jz{4^^ZqMUpf`I3k%t^)u9x92>`L_A;v
zh{W6KCo3$PVBbzb9s__NDwMNQwp`5nID)4*z0!IMkp%!CBk1M75u+FyU={YaP5Mwj
zqbE*ZP2l~-C=ZPk_;e^Q8?%TlvKQG$?ES7l0)VoVN~9BNl)utCqb7(_S<+c!H&dgw
zUsZ7*UL%B3AoH<l@<y#@$0zw801*G$(X9~(WgUPTwx-CuMl}@mm{B#0tzGUcwaA6K
zo~}`zp{uP{ojP4qO*M1|zz-<!0c3g&@|vj;9NLAh-GV=*NuWw9%T7W5rq`5DSAvk0
zyTw%!aoq8tcen0Wda7{h!l!i(8^r7ggm55wAOi7|ayUc-YsS*me%xX5m+fvLN;J!?
zsk|1rs>kfA*$AGbSnk<~vgfhfu^C*ljE4LBx1TO@AJCxZeIdd7m@T&W?{lf{MdZ#-
zI=~4$neosXhz2uwwi$I&mjw11m(XPHg^W`}n7b?WkN8DV*COtTazX!M5iJyfr_U}g
zc0S^N>3-lOZXbb|Q_<aLr+tb*{M&-U3QqXlXGmn)Je&s{FsduTuq_6%fd>7_L@+R@
z5N4Blrp;X~flp&68nzIPfspM81TzJE@wArOO3QIbD^a!8%&yhqe5+Mvt4%|z-OE;o
zwbm1m$IgE^EymsQ?MM{%jO#b#Y2hZwKJ#9<xPDP!p1)mN!1=bI%(jq*w(~FBF08d(
zgtSMhwnw}KZKbM2QF4Dec|3G#fZ*;=F)zC{Xn<FmC4RdsfKY`DU7I?jy1#gfjaKrR
z4rFXcdmjTF0eQphfDmDN1^{=OPTsN3AD*3ceF)}d_?ed-pEL!CzK?`uyQ)>Q@2<&v
z#Syd{gl#;o_D^8%I2{cVe8k%fG!*V`R?TRADgS97Qa^++#yNk`F&%?QcE1#Eb3zb-
z61gv%pC9Wsps4Wb17Zlxx)RNwcLlEs2k`jf*1$)*?g4ug!k^wePhb9z3l~-s!H?KJ
zA0o&>FhbhbTzb?`LY|yP1+g32PD$`&9bPk339@Kk3lXb=Z7YV_I<rpCGn;Z7OR#0K
znh4Q#_m6AxG3P-C0JTrl2hVo|x%9Zu6I`I}6E$PuJlq$bwn+^FP3K(0YXD&QkM5>8
zI1$%TC&c`zTbX<cg=8}8j3jKcP}XHACI%~Ri!CpPE|;M6oLIJTA};YLdwUTNCotF;
z<PtXkO6;+B5ic%9JHJqz7BuBTMu`hvzRVK5z|xN+_R_Zzf*FjY?q2dGJ}i~zd$5RJ
z1UHBQv+3!#+`c0^!sKWoxFm;$B6tu7h{1Y($9Pm><B$cgY>3fli5o^3bA~J;heaCs
zgBXJrO~YBt8mq|Ry!D3qk>Q*&-UnHY&t_`kjA}d8D)XQ~Tz&1G_|n*|(sDHbMto$J
z$;1z{`XsBKpN5D)`!L25A;#EONYvl4b`|@pA5o@`SEZcph(+38d>I*ixd2^z3?NY5
zTX>0Yl{k2_5tZQuj$Q3nGXkX<k8l7$5if9ZC(OQt7m0nIY*@L{IbuCt{M-oi>V9#$
z<Twaf)T{h_d3C@gt47ZWtY$RkK`pgz8ZVh1mnk3O`%wB+1>m7s)@wfi*mx~|8d8D<
zJT*k{mXF!2zveqY1dUB7l$Y8XfixZr>i;bz{B3kAgFcxqn^xoWc?t39#~?!IpD)Cl
z#Ck|!qD(de|NF09c#G05EWk`?Jp2fFmG4iTe>HVsV=CN%Ys7O9W?xh~GN^vKrYWAz
zp>TDl*KjB!00$<}1k^J!WVt=o6!uQTo4Kq4;2NRJ!^X0hgS$43O(UgkL*oUoF-*pE
zzBlT3);qU&9?$r9Wl&(!g(1)NfwT*#u5^^g`n%kbDmSn9ZS+^5X4PwCc<6QyE>B95
zbhNHEPWI}k_kT$ETl9?t<j+9#S2CZzr<O$+YORF&F8jk;(^={t#Bj-=NY85y^L=k4
z|3pc}V0<M=v#8UsGB^IcrqoNf^#R@NX<N1FI&X+-Ip>|+gK340kI=dCg6z94W$yv6
zUe^8{Sv4sFW{=U<-^Bd)ZpY@K#fRzMo=+KBv(CNp1TDxU72VY>_|{4QpA#)x@!ykc
z=P&C71atit-1;=c7t!rE6>veM9sAgBmV2G}=+U2n9`SLJkHsA;Guq|QA<c<ve+M`l
zV}E)-`FMS_{y6>X?<d~>rVlpQA~~ODsl1ZIbPpeP)!!MwDAP%L=5OzkV9ub&=+NU=
zHQqiFol;oI&H2&>VJ%aD4t#K@OzuahNGy5gw$w+_VdhXtf73yQ#r7iQzk%h@H@WLG
zTI!z^j1ZiI*ZP0oWPN1sseg_CJALP0L-D^)S>!Uw3=Y@w>9K@U?9!gW*s)2d*YmXS
zs*LMny9^krVktPhs&xGmTH{kA?5z(7RY&QL&Jq4cDAwfdj`7i|W-fa=msx3nJbDHm
z_RyW;c><+pq&6C4u>fgUUz$dxXZ-Uam3s8>M%l=QMQ`b8$r+LOF}@2kmbsg+hbu)J
z2R{F;=$R|y%zc>mL1j@(^)wOdA1B90D`!UEt$uiC9XXafv{^i|k=C;*n$;hq_R(7W
zFm^2OkL%o|!23tb50EIKqUE`384?#I$n%FT@g1Bql#N9hn0-(<o}hGAVs{<<YIX-p
zM-cX(%AeSc3*K#Iy#hNSs9l|H*d6fJ3xW*iyNAK|R%h|PC%XcX0zV?KuDIRdf8V!7
zf3yJ6^3W#ERe|lT2M*u9d!OAEe<J@eLZ)4Fy-E)@w<>TxLx%qHM`-1>v&SX67XW{^
z9xB!%jz$WMZB-X${IcK~+TY%|P{{jie`w_SuV!a^A0)z`WB3XAD=T#G1);d|<%gk)
zQ=*|W^A{w(N$I0+h&<_RR4;GLxgL~%MB*gsiQE~FS|*~xAF{|syg*h2fM1h!cGq|K
z{?v*1W!=4ZqVd%D9vk+@*0<JbeAsGy@3qXxgv_js;2YcduUaM_t+oD|D*S0~s?Xbk
z7u^zm$oLIUgnlCkw6UvyIPq6rOq#OpiG9t{IF1D>F}R;!6p<7_%I+Ne;iXR<2XZ|k
zkYkX2Z8xk#k@lXMI4(J^BLW82RJ;&SRzMq7yuQ#cD2q*Yi`izUiL2s}_Cr*%{Y|7v
z4&Px685D$Is-VSIgu!#N@Y9m3<14Op&UYQ}o_<?zb?CPX{~#W~q?jB~a`9)T)=#y3
z8KVcxPO0B_J=pxcm^%F8-6Pwq$j`GLp(VQ4xp)8KSPU-I85L)}-$!l@Ch`g^*zKKo
zGa?T5I9(C!wAd!@p?l@K5_{y;8;<tbp*;jXc@nwfq!80d4$VRHlSXvLn=U4HDc`GD
z-llJ<R>_J^x?S74^wq1yQgr<?g`abEJFGXL+xFAx&H2|AiOa93{5@d(L1(KEf8Chw
zG8oJ46FKwh905D(?zgQ6(eOV(ru^6Uf*=R~h%AQH!LfDXe%qFOy?AKdT{O@qf4x$N
zVprFGPGxc_W13`}E}LU{tzJ9X#brgn@_J}^=Z(BIhORhl#*#9Eb-AxFm{^*QzeQM7
zZpY<IWVih)iH<T-Y|rygc+^+7T;bQRx`w*(eB8x&=chG->qvO|j(y@nLp{cDDR}F)
zzUZ|Y2c6jhS*iH-gH(s3ocnU4z}c|F!FY5sGDUMF%a)SuxT{8&NT1`8b<n-<n|z^2
z?Sbs;GC!?nwRwhS^5Pf1YrfzlwXLX|CDaJPaf^Q4nl_)I6DS9---+7q?w8~OA1N`n
zd8I?I7!IhPc`|P$9m|gVY}fA9X*B}$WcoY#RJ-Y%>4V#aHQm?cpJ=n<_)fItD%C?l
zmRCxHxK4R|ue&)lQXW~6Y+TBlcy6@(zU!InhR<5J0#QO%8Q7Uf_mt4f!Inv#g+(-P
z#p|m`<d!xu=hWu!RGDj}dpAoW*MHYayIq$e<Xj(%MbD_y=Tp-k#j{^5D6|h0*ULQV
zt$#a_H^Z>J>5?_rE|8K;xO*Mrovw?&+Ew=~Qx{?b_?&F(tXvXmxG0xM1<c;R=h>6!
zT&R(3KXjubPyocf^5wA~r&HM--&@i<cJ1~lmF+%Y&r|Ihng8xhJKA~Nn_m`#K51U~
z(pCM&aHp1GA{<&Dy~DRVQjUM{rq%!<Qh#o5#&Wm8saDdVOZk@qQq>I}KcbCj0vu5Y
zpHHofjM73saJ@o*UU5B~c#*;lI_15?ynVIe%vj|e>E)@)RBi-wf(hi6nGm~ca%+#Z
zc%|oDow@X_<M2~5iJQd(ncu6n0^?W;wVdl;ZC~8rcr`3n);q`ef?M(vJ_g@B3W@Q(
z&Y8{lE4D}AvqXCQ%g4ICm+PK}(J0k*w3Ct@I#=wuPe{r6@>iM>g^f~V7#%)8J&XG4
z<H!6$zf#1vfFeGPWDfVyWM9O8Us0%kPH7&w^Zmh|&uW(#U{!10lN!;uTV-?u_uK_{
z6%nKRBeHr9E{+8SvR$$E+bXByNBzxpR2<UaMnp+J3C@J^@LgFxDFU8Y@IJx9Z6HK-
zeC%YEl}Ou0|4Fk@q0BP3Vyxk3Xf6Meo6p<F4PN)qLmi1JA4TN#yPWf-m8-5z%%_Dp
z$xB=^_tSSLSm}8V1S63SwMv*K)rmUUdhs-?9V)L}w3b14&s}O;Bu~=c=G$L(tXKN1
zZT=Ro35emnwK$O@s&cNvv14A+qqO{Cssg4ZHZYP(Nj{BAz3n*Oj}apd1`U6~`X0P+
z3BUjJ;!W4`4bGgTUUmMELuhmUq;IOk9GTb2HlUzRE<ojEaeb;<5U#K+&E`q*qa?Xk
za*Y_FIkd_nG!7@fajxLKc{P7y`h#+_iC2eAQQnuOghD;dC2K^WOM#<`q0Y32#&2%b
zGM`leqRnV`VpV#2hMOJ{can8IDkYXL<!qy|glv2qH}#89E&8wj*{$N&`kOjNf4|or
z2Z|5Z7UkvC%?ZrpEFg#ModGtOz;khC`52sU?voHXM{b(?of6fv8!oRf$*vPq)*@~O
zA0%yp`brq;!sTg~v#eEgFlhOcx?vJTuh)l(_O?p+L(Iu+Ny{2*=jD1&5kJ9}@spGH
z+#fdtsB;K^=21RbdVF45;ySP$l_aRUEa`%?!;{;3-ZLUrk8IPXQGZ<6+B%^r7U9n<
zU6QU4$(CKQVc84!<l2g@<%2v2S%Xu#gatW;ij#tk=XNW`^QKboT{ge=;g8SW^IyFU
zkHJSuz6!=u^KyEWR70>`vI!3g!$fwnDa+hmS=Ut_F|;G1{>6E+K{1^l)s+*y{R@zH
zZ+4mEi>w$8l3-!;yB|f0E=kOKiObjUoaw1`pZv3+%M$eP`ceNMJ@2d$&wPO@`;p3S
z1l>-3xd;3BAt~87w;XLHoaMA)+$LDSg}7>Mlb?3J#;*8H_MHp1Mvt6Hg}5<7hi_Ie
z{7D`sa&#ftvV$*VG_Nqax+aG(l;!DZJ~rJp$;c-ADqPG^&vy#17#q-Zf8<Vo^Lqc|
zQ57pF$kea9U)t3|9_s7}v;B3>GT{ym)1)hx;xc_G_Ir3D!JcYcB_tioCASRI3sY!5
zG|JB4kK3GkFLqhh^AcZ?vG0#}*Ga<U(lx8k_71jUHhBduaV-j%gu1ptmzZ87z4CAg
zq8L3-Jk42iMLwDz_P6Z1(rJ~fC*Sa22N%O@yTj+)+qs@*t6D92&VBLm>)ue;y7H+s
z;hUu}ED7LVJ4Q|4SJ*4w@s2py{$s!HncU$k5t3{bpPh6&MnJ?TGRta<jXC>q!0=yW
z#K8s0rOUf}gAPxOb1Uck<UL|v-nWXp^X=AWt=d=)*=Kj<E>1vgDfab$|1QyZy}z0%
z#vK+pqiYnsSL}k~-jx4~t~>kfi@}Wwt+uO|8-u*p&Me2h>-~3`k?OtfuXt_x)%7c_
TwcZ=&pYG%8qzfqkz_I@Ug;zfV

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-designflowchart1.gif b/windows/keep-secure/images/wfas-designflowchart1.gif
new file mode 100644
index 0000000000000000000000000000000000000000..369d0de5630491c31b1a4cc4ae1fb8f36bcb37b0
GIT binary patch
literal 17357
zcmeErRZ|;`^EKY!1b2eFLy=+uf=h6xxI^&*#Yu4Y;O<ad3k8Z>vEpupQYc=arTIU<
z>-Q_XJ7><GyPes+I5T^cRh7ggtW!~U(L7O5cu@YU|LK_jIsgL$007|O;Su2hi2h?D
zB1%#`N>U<9N=jNvN)ROxi1t5_f@mpO{$mg=2n6B)QF5?Qvaqmlu+Va_fCN~GI5<EY
z92^21lmZ;I0vsS79u5H>77-p=0Ui$V|5!jkT!2<w03;&7BPT#9A|fCnA|fRM5*OhS
z7ZH&APl$_4i3`Yyb4ZDc$cgjFi3><cNy$lx$VrLI$;oNRffVJ$p>iCGigGH7Qcy)6
z6%`c|6%MG1oQVpLhK2@IL(xKm#rl8XfkL6yPyqu2sDXijiGhZR0o2)m$Hc_I#KgqH
z1ZrVo;AO&NVPRoyVPI`x;$<OVZEay~Z5?PW5NItDXf1AUZ|`hx9bzvKVlU$CZ13#s
z9O5kH?(Xd6?hJPq@p5;EyNi2ydHH#{CwYnc`S}I<c_sNt1^y=j149D6vI3<-Li|EP
z0z*PV3Pa=~A|eVS<O(Ac;qVAJ93BUcsD#T^!WHA<;*yg7LsC<cVrQC4R#sMLmPT)u
z3Ic%`Kxh;eA_@x&#|ojPrKOdXm2;KQrlzKqCWF@2)}2<9&d%1(&d%Q6-jiO7fq{X`
z0qe1`v4=71xw$#yoc+qm%ErdV&d$!s$;svA<;~5_!@~m-iTvNi|9|~I8vr0tAlRh$
zwK_D^01~dF$eN|W7$Ro10+p7s(F96im#vAG^6?aqLOiW%YsF+-64w#Pwx)7A$1`5V
znB+&rY`(b9kFCkJ>aWGLm@Oq0wKWUn%7O?WT6^tMHMCr<5NCM_LtUlK0kbu>ZuO(p
zmw37lLWJavPDyOK;LgU)F3&?WGBgf%Qw<E4sqN{mkGr4CoG4rKvj^D+V@bFzfBGa-
z44YB~T50sO9#2z>xesDcIcLe{DkRW18f#_EDWSHo&h~b=wz{e`2Rp|Sxr@vA(}vFW
zb-gReA>bM*kz>T?vk2pUJ150n#!Yss^7Tt?McT<)TTG~BS|s%uDOVb@qNM-R)5sR5
z?gWcxG$<m{p#})}(O>gi#$`ZkH!{HSFEEu|jo!%Ix)@Z%k^U+YEiheK(S@=!mg(s%
z=M_gu&3=*GvlmAZ2%*Ta6UdTHsS`w^Q=-BaKLdhBAV%2L*!bp7ZNek<%gQ)h%!kUt
zUF_0T!^&nr#lG{`k9!KjN5F$5Qgg4;4+wL?VqY|C=OY+tfXzV;YZ*t{`#?%TbT}G0
zr(Kc=K{rdbbJgSl8Q<KMN)(#^6O`3$NBnK5XuLdqwnyF5LAn)NUSTe<QF%8gVy?ML
z&YhUcg3T-bU=mMvisMYqNF(=1F7VFeG&~F^s4n|wVclu{v>*~Et^9XdPF02bM)!{>
z1WvkLezCXHQ7rnk>RFOHHTQhUI~hv1nr5Xx`3;0=CO?7&vg>N&d71K$qm&*4FasqG
z7aL2_sW^ev)Ipo{v4-)BHms<UG!>nTCx56rDzuc{f@@`LVAKVlR;}S^aorV6FJyli
zI0(Vq3$QWz;Ns|i*E!_@nxU^+20$5O{02o8*bB_^YG*plj9ok%6MCHDI<=aiz7RjY
z@4-|vlD~i6YDpn^?&g^>r7cyI+9l`x#PB(B*vk!JyGuGG?tTjf-|f7WdGzA-n#9dA
z&zFpHlKdbqR8&lu!h3EQoA2ctu`rc9Z(c9$Pz6?h5>`ZVrUJ8Iu43D?<KMS;^;68m
z6n$G~i$K6<-uTQA*)_IhH0&8pj-;@l-?OUJ|EeQGs$Cw=2!}L=K1BYcEaf0}`N356
zevy+tt^T|6B_2^2dreBgS}o_eQGl+u-_gQ9hNV%5P}|LnH)g?;S?%j=#g<&dld&l?
z9xlI$>St=NNnuHnKkD?jKuN6HU6xH4q4h2w4Ac-Y(YIeNZF?I-^MXsv{-i|bvhw(b
zj0f@Qt}B36#VpRI<i_QVR_7c$?`EAs(ucEBX=C}tuT#|I<#!a+I?An{zD7KmWoM}Q
zb6Iu#(B0u)+|kd)CO^S3X7*-$;Rukywc&~kq6Yj$x*QFezBuX=;adG>nJ7Y%L1RVH
zFi~~je1nWvvC!a5bnbihXu-6Y(`nO=WeP9^Dks^^!~_h4^vHU}%dN&Oy`Q@qJ%TuU
zjJTv^QB#)CUpJ{}3Jv=;8M90+IHd$imL$kA7WWv8!_?3Zzgbm@RPOVDv#yBOFQbI<
zW@AYLCu|c<$tGX+c-+Ko36q4b0h;nG%EIynY_ay$Kk$z-<@I4~*6Uo_c4d;*dKgi!
zRW($#bQ6QAHX(pfSzE~^iHWW0WdR$($KaocHJ-SI*2!5T_gnU~pH<@fH=4=fNzACU
z)smyST8H3~th`7^$ng4z-$n*cUH+zDq6iYb%Fk8dFYS?^O-}Lo-&?I*AzjH|lhB%)
zIT@mY0zS?w!5XkHgb!zH*Vm+6lgwEW*S$t1%mxg`Uev&~DN@B;uP~n-4B&IwR-MkN
zP1{)JWW{F+F00Zbr~?xb-h5LK*ICM^?qFw4%8?V-X^rQ)ckba@SMREvWNVFqE6>(x
zso}f{9r#}SOE4o%ZbS-9Fp~H;lVWqH>RabdML}LrwYi|pfKBgxljE0qOJ4NV{%5k{
zg}?PylT>R%)c!mn(hW9VrfZ{;uestv8th6X)~9q?TeD{yR0QhR=lo%9Mfki*a@-q>
zTCnyi%?mkb{l;=@XGdiSubTq*<~q{<KQo=>@$fNQ-@Y+y9e8Q9jp8;RCGP5uyjNsh
zo<}!h>gvux3HL=6i22SWhPJc~^Gi6#I&-k<o6q7a8=N-#DGB@Z*-rs?o_k9@F{i&x
zdW3i{e^Y^WpFppK-|fPT^zRR`j=!SuVMv+{6bAc2jJbx0w8%XSb^jp~XHT!gHnABK
z@?q1ot9R3ObyGH!ywr1zzBW1aJqy>(3|i{3j@)!Ky*0|e5n%e4Je$6)QY@c|mgM&{
zhxC6Q$K?oGQ)4uam}s6RRJ2;tzZ0qQsMcy8XT1H9-Ec@1)iTC4CYaSVbIkYQY1(SX
zJA*+{nxZlefd(GQ{%95DW+Q<de&XdTWzw(ihqSX~Ikn}dgy)g9QR=uY(M6!a9i@L!
z356ClvgZV;f}s;^f#mGjBo|hxil&RfbDjl%I!bIzsQl@H7$d`mv+=3VOOgE|Rr^~t
zzY?bvY;i<KA`M*P=c&Ji8Qj-lemZlxPm!kcCQ3W`-V9vPCPn*`QR8>i66HK2gAoa8
z<M$Pa*yd5cuRquE>pv%3;+pc5r}ES9sP$B;B|f~->0Tb0AS0_&mQ~CBZ;;1>6{k$Y
z@>0+BcS8@`jjwj;DSwCcc%dwfI>6;`)sY4xe`jm8_<arQgN^hXpUnzvP{8j=uK}jk
zwGdx3Ls{F9ApoD$fh^KI`==!4b;NJ(Fh;tw(Y{*Ahjx{z7~<s?M~D)<EoT1{H6Rf7
z!{-Sz;XwZL`Am<=EsU{V&9yfp97AR-oq|rOWKb72rPy>;fP4NsJCmwk|GI%sI$xk~
zUJj#0`kJFm?t?<+hAO0(bzgaT7j1OtA<7`Sg>GZ{q-d{I@pmXqP~mt-d+KBPMw_kh
zHN!qhwdwhzqx{ZL*87uVl7c|n74ml^5&_?s7rV!_I&ae(-0R6Dhu|{LwPg@#N^3U5
zDnY`UA=}Mjx!rGR6wcx5rn}oS6tYWGMKJ<2Y1Ga4r=1bQ?gx`3F~qNnuj$@}78B<Z
zmAn1@QcvPQP^O1e5}pzX>gPSZ#r@oyOn*n-^EGfE@8X(MT&S!`#l$_zFu2Z0@n$V7
zo7adV>VR3E*emmU$f1bPXqTe0J~IZ~x2`oD6(C+GuRkgpCQYizdZ>)D3~}@gy;Y#6
z;RuD;U_@1UXDkV#MLJZ%Bdqm-1ZWyv?d*U9)rw`%A(jT_ty4?8K1hftA={KMKr&z1
zO2HUhW#r7{1+&+KAxB~36)-7OxZxq}83I?dh2O#93gz&tQMmje{3m9#EOYcJBwEHc
z`UoB^T^_wR8ZCJky@?qk!5p&!iQ%)2`3jHWEsvQPjbS{Dp@<DXV2K^Zj0M@oeul?B
zm&JZUj>bM6#P(puEi%P*LgE&N)pWZ_as%i!?uo9u;=~u?PD**ynBt|u@h7E1RTJ;!
zNBnEViR+B%b=x_ay;+1FKG+k-x6}aJjOiOmB*V%=NWUets>F^daw~c3&X<b+vreSD
zPB;d0zwczHK}%YQO-xthmei#ad<^;;n?%K!w9z7t@DVFx3$0>KKCDUlnd^G_nEU~f
z%vu(A<K%qp6sQ`ILJUq}v59LtPWg_S+RU1I0#1E30R^lFJk<pLnMfhBPCaf(m0wFO
z`khK-!b3i(P}pofJDNZx0VIy2%M!3a*~4NyOQ4xlz!tE`Nlm{9(6$0u08ugoowZq!
zf$6VRHMu9#QA#Y{I0KmxbXHduV9rcwRd5#6LfHhUa7G=FN<_YgHr9fMgNnwQN~Bjp
z@#ZPBaUbQwJTXNoRy&wRK>&l#3+4N_EY&Ar0u*eBHCj{}xy3xD(gKRBbB5(4^*gE@
zpEz>Az??wrj1Q{RA+^}v&J+<Qqyd4Ma0%)dM6R!MPNGCE=TmMO5D`{OmQahGM3tFK
zMV(ihn|X%Frb;i3qbip`M4sikp9$Av=T<%;+~PD_CJ}9cc~pqJ9It$n1w?yo&c}6O
zd8_oXz=E+els=vO-=rdlJ(lK9;4g?~H(S`3IN0s7HioVYPXJI*On7M>xQ%oUz@ai;
zt>H9LraL@|3iK85K8Pw6XB@Z{DfLw^LQ%&TVk9DFVPMv{QRF-~p=+98>}}T<c8Wr&
za|eCN|3j?FDJJh5r5uc|ti7btxkyjC$c%Ag`A%QBlGvR>M8HwM^tXZ&mSberpo)*a
z5vDHN+%V_IPEMzG$X8nyC^IWtjWFI1YUXkclN<JdTV;rim{biHF|!m9?CW_Wc$~pK
zCLbYnlbF2-;j$Mqg;h9X#8>GC8@eb;w3Rn5l*8EUbL7Q%Ao^FNtmTo0v>QCO8I`>@
zRSry*>gfp_A|UTx?ax>$M&VGiXSTq)^3`=1^_pH^q=CGnOudgyCej;|t5S~FpF4xN
z8YhSgSgBz-!t$Yx(_sW#?1&HXL)dDHTA-Y9(3gJ}?TrP7nkupHgBa+lRF@YGrzo}D
zw}M$j5~PG8m?fZKjDfR9BHc#(UgHjMzz8V_uPTybZ<0qHd9IA2hLc%~i!uXVq3I}j
zV-hI{-wuf=q%($;>td6X{?e&WRuEPHRyQqf8#y9bNdk-#7RZPa79$aNyLDn?(_aZv
zf8UmjOWkM?n^uF}Y{Jppr`l}c)J!B%$5h_@ccQu6Iyy@Y*x^7z-s!)uq8TFG(u~%^
zf7r~tUrwRZ!oFXA=nNzw6{7E>gCBDTIJ%1;vS3EK-Q+Q(AO{&z*xpNdE6u-l1272}
zk=F-;wD*-6Q!~nc?>niuh8`+0<7L!Mmt!HZ+mJ(Tk)}mt3%ZLD@932Mjlw;2gjnVy
zn1dtPR9Bfk>$8B+Y?XwHZ<ZK%bSqffm}H367==_&h**UG0Jv?GgwwmmtNdiVeQ;Sg
zEfP4LaT|@f(_v$wx3{&`-ad$f3RPy7qlgOTBOa=0=JRf8)B`!=V|7%aS{@8`%r(*E
zKZOget+}P)RXz@<Io?^VEYNJ<E8EDW2tI@>^Y=Wy0WOumy)Ih?dg@k?Cv}9Dx6+cA
z=F^gA{AR&|T|5?PA0=teykL(gQ-ALtZ&zif>G$eu$W4$#m8$0tojF`!Eq5J&Ci>)z
z#f;nkdBrCSO}x;QrF6uQ)wbcYn0gR3(AWmjEY=0BW_kz$#}BewS9YOT^?W-lB_w9#
zBvE~Q?az56)X*o)>k1-L=x7dN@c&Iuqb6`>+J#thp4KZ4ph!DtG5_*F1Tll^x=PTs
ziA_Iulo>Km-#ERx^>=|*d=GG^3+|ZDCt-g>#^kC;F=GUJ)0nSLM$zYfZWgWnH(Ax3
zigZ0BA)iDWkMw}+wMB!Lfd<w1Xp1CjI<eQtA?a8m_(Oy(XjM|8>{cvVfiag^%q>co
z4Qu3VgUK3G3~hmz2xDZ`;e-1Ovyyz@zGT%ovSKWuRC3Ukb5TKN;+CGSntSS2a&%P`
zfr6rC<4Jm;v*r_@N*b9`z(T6x37du{Hc+x+PWsvP36fUl=XqYB(;KAMmGgvLT+{KX
zbvyBB)hE(NVD>3>Rqx~WOi`*9n}*BAOphf-M(Rq-r~A=WP3aUwf0^kAKhJO}tGLTU
z^YG-Z^n)8(6?*aBNC9wCH=#p`l&qs}pxo)^f_lYD=oBr7158Pjlob@f8=|NEq@cfR
zUH_qC!YX*yozgfBL#<#>wdP2aC`ldbhbW1iOzx4|XGM<S95o^fo(&&EUmo2HJW9(6
z?A@Vv2UJDzqKjdS(Q@BLmYq#_E+~wUTaf^|7`>Tf;cbeX?;>VWF=7@mNtoJ~N5eGN
z(?FeNKLexd-^Eo}K)V@*H?tJ&?1mRDiD5qtnxq7fQc&N+niTT7=|ypo!-m(3o#?~b
zRc_zRq~$oBSS%O$=D%p_^;6hvfIR;)kr?PSNd;yX^b?5NCNFjbGlPpfHTlU5`gB#o
z3RvD54f)b72O8Iu%KNi_V@VwEKmNOVHmo22NrqBUU)Vq)Sq=4EM<}a*ZODd=r$ZYb
zeI|W7CL#-Ts4H}(=xfL21r&Kbpqs?O(dXVKy86i3zReo4&4tmy?sHiGRe#l6C+zR7
zzJ@{KorGlX?7Do8R*Ac}h<U;$GQHcyTULUCr!=oD@2GR_Xv<4b=sK-2?9d=s*ig5!
zuvtM(<8UW~S!q+6IjTL;odop4!g(Pbcw1Or<~XrVE#>@8^M|G}d8xZ1Zal4^0Udbx
zW@MT0a#-s^1OFen1IJ2K?kE%p3!~hO$Xz;E+xO5}YH>V>i#=GYIdC63Sm8X-qyh>N
z7>jAO@a@D35F|+?8_Rkmf(gi{M$P9s4nHg&E)ZKRjb^GfrTvCkEMjKr%rR=v^KN6J
zC<PuHhiYpP99vo*Sw~nH%AA-q9a~%;Kc$^Cdt=)qpWuB1I1QfYdT6H&qMH)E^4~cL
zm_siBVg=8g*lCdk&QU>-jHj^6legZdDy64JmZv)VrzWUp@4JhZGD*_^k!CiLWha|g
z9yDTw5a;iZ7ABJy^O-xb(Dw`vvFZGf_4?tQ_Tv*P-Pj_VxoZtg1Yr8<c#Y-UAAH_<
z|Cv&>AH-;(G<ZI6sWGTUX&sJXO@6T`bFplBA^X}PT(?g=$3e-VVDcXzv5D?owzYuO
z#YyPpY0;&8^hF(Y_$e=ri=o{Z0@bGku+MjiSaIw(JXdEjK%#!8Ne1qSzLLW}ml3>t
z>G+lM$p5hagFfw*<K_1)k;_c~<~}SN9KyWcq4b<9R%f+~XH!5H58^-1L~nzEXW3&k
zU$39$T!9gt>ytnTl9rgKrk7v#=<6FTTymRF?vYoD%#*K)Xg`^kdY9eTZn=Qy7aSP+
z<J(MhLGurK7=8}CcrZ#IhQaAi>vmV#Kr8NSZqNE+d5rG!?DHZyea<gEh`~?W<qWGp
z76r87dc965p?BWJ%)TOiu4bb8#Qf8aW9cLJ7GZCxiao#AR<enCO`fZ5J6HFNG{6p~
z-@U5y(uZO?2~~+hxV}Q)dZGz_?c2vw<X`185-MbC<K$VD=f77HlIQ3+FY8g~sx5nJ
zc0VNAFBeLOK;Fj(+!QRGJt~UzCDHvY3F;3Y?p77M9b<XaMimwy9IQg`A#vN%TI_Ig
zm2qbfKlbLcN80cmx4rymO`xL)>6`g{ipyX5d4l^L6Z7r$6OeIVTvSh?<6cle99>_y
z(_EFGA0K^KmuVP<Q7sJ!F2IPZV>yjaQ!7(E_To@WO_RcBjz_C>7z4w|`9m?NbdOZh
zSv89k5xU2dYOf6kU{rc18hK1Wi(1639eu21$Uh8f{hG;ag(P}N{EdTdVWhYaoZ8^W
z*D}3E%d8&KbHgT!{-%a!12>~a+u0&WzKEM?r}A`@Ncx!#8*`cXeuLe0(@eM0@5msW
zn<+dT@lE>V9`fshf_DaUsWgI1crgX^5AEC}H#*Z9%3R(75PaK3MT=}Dx}|GnW?_eA
zznW+?q;*dQXM5)dI0<|+{y~jJ%5<3wJVe(Sdf|CHD%FJVTCk9z=Nhd=XZrcZY2T8$
z>!W##@nrKCsYAVD<pAoJ=k$7hQ+?syPu@MG)Ldmh5!DJ`Qyjvn3CgINu0}|3c%t65
zA3v6Bl*HiKs*wI63bOk=t?1R5t|4`+0a|N9N&1Yw{zhAnSlf4^KURwKt0*>e6rL;=
zWZ@(G*Vufoo>^ns#8%9UGC81jrd||#yj|kN@Jse#GZ;Ij0>p%5Qb-daskhUHfXF5*
zh^IKh1v5?@8U&RSq?QCTw!80$6}adY=OBMx&tPOq!I(c*vogC1l`;L&AQtAK=<}Yx
zMYb1clOhFzVFLtz+M%-hSl$@}iWDzEx#vUxuzZ`TwXK?oyHZe=9lyd#MM00-_uFE-
z2sDYFtP+%Rc|=Xrs|&2V2Y!`9Fb)8h68%;f-1{?Hx8p0E#N#>YU}&PfB&lDqDlaAh
zYd5}RErxv-8tOX6?K47sH&-L(5pu#^+mgaQDnPKl!K%5pu$~xGl$890SjdZX4ha-x
zX4O(O<?y|g=jOBje&>i^ZpCY6Hht-Ms;Ebs)SJb}=IA%%+_tI84=Xn53&c-$S+map
z$Mw4Y5+{wO*%Dm2u47bOc|J-%9E!roT^vi`H-S#&uEfty#qox{&dnPBy^goYvMR~y
zih4tLmxiv;GnXa<n`hUie)2yR&C^YJZtbd)AKa_I`M;^?Jd~mK=;hD*<56<4@?lH!
zc_9DSM+WC*Mr}0o0*|4d*H8m3l3yRZn!cAWH#sZVrGX~8vJ1|s=vDo;zMi2ap}oDG
zcz;{<=KH6WwdFPF7`DN9-hJbc{v}S)jX2=*rc?EXe}fkVt4x~jtAFk_87Z*==$Mm=
zY1~4H(AHsunCWBP?YytK9dCxro1a-Lp~1ICe8}K?uvW3F>a+3Nr^n-!pwObtUCDQU
zD8?9EUw;2GMAkjXqBN<6>oZ%SzVaKaVTDE**pw{MJ`R#Vnw?21Kp%K&M38t6MA9@;
zrmv(Y>W)XXVaz=EfFyr;QXwU{f~_^K`okdQRH`+r)LT}RW(Ab)p=g#5`(KF%zo`H9
zv;!YeQTkJ&GSdTNB(_Qk^VbAfZroxa1!ZG(xxxYhf(fR<HUyQAka%~XW7a%66~BWL
z!u|kLSsX^qJf@V>vp}2|UQYW&p>(pYLlQPqPHzDj&v?2{2~R8s;X@|UsBThY^^ee=
zY9y6qh|_<bB|~@=m6Ti>(z8FY1Vv)zYYv>n6jrRUgQ=#L<s7i^*Hd!LmpEz47Om^d
zS-I8G5w9;^y)OZ5bF#0CnV%4+227|6W%Xz{yk0_lg*gbzwo++bBaig%o>W9SOyZz&
zbJ=^tQRIovGhn$vtnZ4BlHYo?{5zKlf0=(5IX+-@Rl?4vh;Wo)266O<keGV`zKDY*
zVi|nfveKyV6ho;r3TLbdc4*o5P`Kt5h?h%h&!)T0*{4CMqoqViyNZ}DI!1`rQbNrF
zSvs~w^Yly?22E#0#&KQs-b`5<CTuH1EWN>65gU=0a!o-dn$XY+1<v)OxBzMighz6f
ze4&ngiQ_UA?HqGVxjidPUuw-SMOyvBQLm61swpR0*UFVrBIHF=cEe>-b~qW<ZU7{W
z5cRa7t2Zfs?n(8n(F~>|xGV52<ytrJ3fQJ4mGsm}^;H2P+xEYg50G-;;n(P>vZh%d
zp6Dep%Hyy|a3zro<zNLmD8lYXY$YPrKbEyu$HEJ`C6_beQvH=$i7i;^7l^E=G1x6F
zQXIC&))SnaB_|gqe(~Mp?@l;imDDP}FZw_`%lWNCqtg1Nj%}+0m}4VqPWgV}WIHy3
z!u)`jCXmiy$D`E9?S}>B2ZPoeH75)&8?Rrhd$@d0RU^VKdy7tA(|22jUV9x(q2GJn
z0GI*FL`y%gttfd4)Plci7vQA%5Bls2s*V*oFbaIf!xQ%+Q<8$0;%afF$2l(mP@08@
zBYW<Qk6DbF;}7f&1nmxo;<0!co3>;B7#`I4$C8jGBh&5h+1Ug%@iYg@EFo&=6_nMO
z6V4>9JFyzfAA%g3L=0P%0$w2q^8MeFao%RGdmr!FKY5s0az{0BmRekJ<x0F>`mk({
z5Pd7wu+FNQ)AyGZq9``$;vsO463)HQ4e+hjs{xg5mhApr`}!X9PKAkfKT6REpJy1L
z?E53`7mK1^Jcn=84|Uqe5O$KX0sc__kTnej%&Cd`^9HeVhu)ShiG?BJ{PNCSkNZ{V
zaCR|Tk~D|i$K+KnGyi5k=`F`T-VJ!6|NHv>PS@|$6;msh>TS|H?&Xb}D=+@2Uklg0
zs=K!A&EC5%;SUD9>e~Jl(zW&@smLLNfA{U???B|UMOT;)?_MoczynUvXHR9`eFf&u
zdIGIHsVgFsmKFcTt`+Qr`X68S_{?zqyRR}J!3HGNj|756Ua1MQBya8>$G>fRRu}s0
z{85l_ZXnT1qPZX>D2yTvznm8?us$_|qR#`tmqmp5C>G(*OQkY?b?^7l#KMC}X$SAJ
zx$#kA{yvMx$;HUZ+nir|NX`#8#dUo5{%J4!W?<=GTSr$&*1J{MdXJ1x^*4)>fYmn}
zeW4<s6AFI@ru2oX%E;xdHe8Ki1Rvl^y)Tm9xribBwDszp$n-AVZ90YEvCm2%R4Me=
zoyVscm3OL3xJAD-xx+{8Wk0M(?cIrMzbw%6A&E0|y{-W>{R^-@!<{QEHimx_bE>+|
zHS?@uB7!}o-gCM8%x~W^#03t>n1iO8I8Jm#&42LSyex-&W+{cM-n|li8P!KJKYD5Y
zGH*-knA>H1D8RQCZ^_@$e=R|AmdtgYHdMw(L6!VOL;Sc2V2y~yDo^SK$Q=map{ruw
ze<6NQNZdz9abF<UMa4v4$P7jWO7;QH7<p)^2uyzv!9j$#r>PhscxR|XQ&w_#f{8Lc
zvNwYyOGMJuUY`?)gnMduPfiI|TdE_PWpR7(-BDjpI;D=+3V-2DY%C-AK`HOiL&PSS
z6*~x|Q^3Y;AjXqQWGF~DfufV&k$kygMZ)G=gaV0oJ`59qKQH%2>PHNp3#3pl4|5#B
zzHg9cKlWqc43sh|{0q;hD+?!r$sffLi|{1J5D_pO3bT)VAvbS|jZJf}g;7c6s5FoZ
zQSl7#QP6LFYOEbNNJxL$#KX*N|LaQrA@B2o5Ya3+IVraaRYDFuG4{YSc`X(ak^4E&
zYZU8<WbG7U6`V)!mdDNgS^Z~yx`1q|3Pl>xXNSzhEJ|<|iUKL{OXpfYymZix2h#8~
z1_#RO21~baju)(tk(`am+{W$XBYx!~<T6XZ7<t=&6tX;JN(ATv?c)7e(%!eXx}D>p
zs5TN!=4_<mEh9#PIKdMF6oSq<NLUH6R&!l=pzMU43iy<?XYF%2(FD)XcyaB(<N22^
zc`!+P^)ESc;)?JcLBcXgK#p5BR$JDBaXprq{Q4e6*;ImQk07>lQu?yehfkpL8N`pJ
zOaNz5q*JO<S=*T>z-l=4<x3KNxnf^9etlxBQ?0NZCw)i!)bJ4S0H|7V1gacC?E9p%
zx+O&gRLaZ@Nrg}MiYtg-5o?16*L$a90+J;0rm<A(2%efn^>I7!7&{xNy4;GE)96vA
zho+vUhEih*Hr1w<IW#3iZa^BXpJaW&8Woh2_aGH@nz-^-GL(hJKYs-Nau*bF;3aK<
zK{}L6j45M*v2z$2JW|}qg1zbJ=7CZU%{%c~)cn^ce?+TAiVkZMQ4$ps=G8zAt!GyC
z+jn2SX8^uHWiEJ%)&XfDELx-HjANMyKPl!L7~^ds)m;PPK#KIim+E&W)uTqzAx6sw
zJt=#A>gPo4?QqaN2K8TBTqG=xVF85tLWP#qk=C4n#Z7yPAm6!}a5#&_p`rZ4l=3kc
z_R1h?7(9R9ti5bC|B;9<>NMRtuxb1TrV${Bxv9C0N`87RSZxO&O(LHLED-9>t8mSG
zedus7A=nNa;s8#^l?tovt54>}YAdDzAqlVQHF|-3^PI#-CIm&|T+H7{q=sa*#T86@
zblDqA=%o?sX;a8<ARot8#{6D7mWeJdSoZ^0y7*Bx9WPLr6#)UN?+W5!_2KU=_B*$c
zv5^q1QDt<fbwsVPJZC7P>wM{MRu^Iga%kcf`2zS+Q*~4oVMO}-)341q+oNNXnNU+F
zyEBIObL*DpE%YgLjw!*9%Th@U=-9xV;CfSuad1eY7+BVSc}W-!JY7%qR&BDFRer%s
zicI^8f@7G@NG~!10P%1^`z3C{)2N&&-Lc6ha)ufDEAt5qdO;l%DicoahDEmvV|c3|
zGb8{0l_yS}j{?xUz?EFYYEz9-R*Qb3vticyYI>hh&ZJQjz!*fmmc_Z&C~nMtplxZe
z>iahj8Esz-GeE#capLd$V=(iyYA`rcBh^k}s|RbvCKw4B80mE5HQ1P_YmDetJf>#r
zHC~Z)&#Ql0)-r~S>%~n_R7|q6)*78na+8dg6=>MIO$vBTN=#tIn5N~t`RoBv0ivZ9
zm<Z19D1q3hvQg=lp$*x^jp_^2rl$=B95Y0eX#?k`vZNUT-?ZAqOx?xI2o)~&WLQ6G
zlD@uP5o-p`GgD}prePT@IbHQ^*?^yI8a$iv^kmEj{+EeteWFA3i^h-4R*ph|MONUi
zvDsaDal!!^!w|eFGMs5qwi(tm)&(L4!Rf3wajbb!pMl$7Ko%te+g>>6bd<f@$J@xA
z`|VxKojv>=vGtS)fyT=OfFjXOX+}R@DjKQrM#gm%a|s7j5{=t<=jXSb3k%DGi@2mm
z;)Nsj<8PJ;Bq;2;QA1g)U;MHZN_KvHtDL!rb1KE#!kI&$gx^}gJo2_<tal$m-p1pw
zDCo!p{hd3@i+c$noWw+Ikm39$+f%gZ=`x@Oysknm+H0?*#_hDk9s|U{GF<Sn;c3`3
zU~J$?{6Bl#SFdphWLWS{THOT)3gz|-C%`l^xMcr5EIjs6#+V5mQUT6eQ{4p?ZUWjU
z@Sa}61<KKj%x`uF^sz)R)6z!ffq4!OFsX($)+HtV<^CgY*6A=&{gL|HKw6|pT+#Cd
z7yLARBauLGKW=!hhy|UbN6wZCdrKlY3BR@}C~>F2>n&x~h?NdUQ+y$RDT&Zh#xqz~
z#jS`YG!36om_G~eOy_OwymjW&Zh~_pn~LUCiJ;_?;jBfyFm6_CDxWE_`tFD<Q1DnY
zo_JunP<iV>)^f^OxRuszPT7GV6m9w=Est@u-8qSa$lq_Z6Gv@V2j!kK39-kyiSz}z
z+4u<hzfcmQKvA^dL*c{YB&S&CDthtIBc}x}i;;M{*9rEoarPHEPXuUjNdOA~Ah;&>
zTkHIhZHGY!fcj_L1dK1`)G<;Zwn^@L3-o*Gys<#*ai^ORkC{`zu_^M8gi|RI|7HFs
zgkQH?dGZ%e8Gc04d98io!_d(uyS6=Z463<$j?>ijqngx34fnHH<E4K-O;?G0x0H$N
zD3ias@u%nMh9|P~Wvu3*7&8KB(228IIoaqN+cZ9W5qBHd*fG`+uN83aY?30uIJ3hg
zbAvh+4M9YD2&)UNWW6VXiH~s5Cg);}6y3rga)dI4q{GlJwli@KGK~uw14r@0`iXd2
zAsQZWMAg9p!?D9wz=W)SIE~`8G$<(il7t%eUo<tFu}WF<23@Dr&P*pUaJF=Hsb;^x
zVj~1x=N^7`(c+Fi;3%q~fj!;mg-|ZDF4nPjuFq>aPOy`VGmyW^-AmdcY7LWDSizga
zfStef6S1j;=scvE*-@uN^->NWq3*2$krERq2?-ZFD;^vF00*U?Z45F^(#|gEO~hxG
zO<QL62V%_ye|8WjVSC}5MI;fPZ{7XV(r^>m(SH|taxf>9sM&lu?vUa{M@Y<;RRN`F
z=p9Q<6`|(L(g?sXc%sEO@%$2D?)WJ=Iu_3lRi!@HqscQ-)6-&P!f@LJU`M4kCMPQ;
zTJn#NuQM6PyO68T>1xsGyG6k_^03qQkOacr__!h_hOT(^<_J6$6q-kLdct`$7ZZAK
zQ&w##W}OKN$du!wK1E7y5!{Pg42Q8Ro-NFquiAj~qc>9U`@$<z7_ZpvL<mTW113tL
z!}C5@J2ish)KlCMmp=zb(h)<w*+)tlUpfXy2FWb@*+)*>UE)2Nyex}?@?CrjgHjla
za@ZYB9)oHZi`qxu436Ys>wyv-U!Eaf=;EE`s>l}975cVV=WV5~m|v;@@%(9OUQwL(
zS}s%;X!w=YDC}NN;^N?`Q3M``uZUsxRo~o^&_ayO^4I+fXz}WPHfN9V1s@Yk7%ymr
z{usidM2WI-`|$47Z%>NfUhKcU#eVxJ|MoTdO=l`OC6xLac##rt;rkV3Ri+sF7y+Jt
z_>>TFb9rx>jK5`k31r8nk4Kr;B)lJbAM(*s<@7f)EXHpp7r(3ZU9R}!Jj9>aBp}{9
zAS@;TdRCN5n}b^&pSb!M%ut<-3^;rJl;Icv)qP6o-pq2meOeDtkAI2{;8~4T%_E%1
zmQBm&?~CbjH@L<~$$h$3Fe+DzTb8)vZ+)ofek%Aau$PCoIzNe8OUAyQ_*9=TS)%}c
z>S$sh-YRROWX78=`aEq4Xg^{pQBH$b2ccxz`Yfc8!(IAH@JL5a))y!~xMToD+^z?S
zl2J(7lJ)qP%WE9tp@R`PR{^QUjm^9G1P!+Af<r*qv>3g)a}x1c5AM|j`n*a8XJ_y*
zG0T`^yu1opCQ6|Mx-2$o_Me2FxA(yd3+l*gfk;Nqms;z_u4*Z*Q__!ov@8UTZ~;8k
z_Jp_nRdIrYRBYK+=?S|rLEVI3JP*~4>{3^AQMFFTr^I=6Y9OaT?ZJwqHI+~R*rR7H
zkfQV-kM2vw1m(3^P+AQVCoHZaChYvXlIZV1Ukrc_+ACrnrz_Af42MF<?evOq1Qy$*
z*x+={G?qv$=Kb?@!HSiJK{=gA)w^smlgp^p?abS1B1gzER1qPd2Zl!Sc&n}Jm4KMD
zJo#pr1@wy4L~?{?Dcd-gYlu17M05rIdwC)n;tv$PxF@-#Z_Ot$;_Kyc%5EsF^9{JR
zy3vZK8vB;n<jcyqu!HVaGMFIfUPvtR8YiWyB56W)EKC;x@OWw;jxJYo^?Ff>1IO@x
zfqHdB!Hu1+dg`!tU!DD;#f2&BPE^&$cG2{#r9>&09bJL4u~-99(i^}qmzua2#N3NS
zpKo4o<%?Zoc9Eb0(SaK2GNq_=)E~Uc#gDl%rvF5PG8&iKzEf_Nm}*re;gZ!ju*1j8
zmZ>T1KOsX)En1eGOTE~q@SbM}Rh@ATV7YQG*k#djDaH`6(;xh!9Q%vFiG?7Bc)-F3
z%-XDRv$1=uEkA0d)3@;^s5LZ^SacJ+@tuN?<dKBLmDzrSR62%%5C?IlbTW7@OUA3L
zfIN;Ex-2pmHiD72i2?*ilSof}AjUQ`saGIb3Xy!xe)wB*iBuiU-pTp&cfC(XS!JGa
zOCGLN*T$?V-8H4b$y5|Ip-NT(sioOZ4r|Hih^IqKgCHAHN1g1|ssaQ#X?2y#A}5hi
z%&`(#yzp`ixzXo1NLF2RsX;0n!@_!-tRz4*)wt}43&)83p_9aLvvh;A<wKnQ&jQOu
zeTLRqzR}vYvyfh5p9Rx%;`Y_1*NvUquMv%1-d;3(J@k=g9{Pu6eU~oZTR-Hq{+jxe
z*LOQm(bWI6sQ+<*dw-LEko%g(Qx!=Ze5H)e{4;F`_f2BjFrn*m^9b1+(w0$jodUt}
zSJqqC3N%qtH{;C0EUm~%+MI$LeV)Eg^Hcm3u+|xZaq~7gk;CAtS@H8vK7-P$e}(5?
zaCn6mAm2aSO{;QC^DptedAaM;X_FHDc5YfIy84=7(+@m{O2)qiddKTkX-<#Wu(wwa
ze)w{8rnc9xLglm_>A{cp`^)G4N`OH)viA4RTN3)xvZ@V-tlG%tknV+O1}#(_B|vAb
zXQ(`Zz%HTQC6`8tUBKQ+TFyYRW#2+P%}#axWf0iygEz}hsJi8wON{q(E$sP6^miB4
zwl9D3`y8dDu6MECO5RMeJAWFTeIv_sN2V_O67x+xSo-0@87c64yZU$km;D6oUpFx^
znP9ZnRzaa%2owQXB+6OeOB~7_KbmY0)x37ed60lCDl9T=KM(!IY5dcZ#8CMD#>n5F
z)nb29t-=WIvXLl&K6;|7$Q}6-H2A6<p}#8$vA!ugSLv{FO*1^DMgf;wFiy1{%Fl8K
zWjiTR5a<TS$Ye$me&53qc)TLiZW{y`52B$t$;D{}GvQJWqOfCuU}C}e__6bFKJz^+
zv%gG~eV$Rc!Ct6z8whkzDYj<rAdzb@Gp%ULsMzZg5~DjJ{H+>nrg_F>uL^YF&P1f}
z0Z)>vTRFqN__*lGb@IjJA@x)4gczD`Dy#v)xLz}^%BM?`<ZBlM>KT{O(k00<KLllE
zt14!<W)veaSjq1>CUuK+NosjExWo`DMjOEFmP8g#c9Ur{G~S%bOk0Z6HTAbmN||k>
z4j`RCRRmRA)}-B$5W<<l5lcAjOTo!>-Q=WekWl_cCaze@lcqtPPR97rv4lZ}mZ{QG
z_MR_7{JrX&(U>sbEv$;w05QTEx);ajR7OH|g~FBBR;&X=lcxxWvZh<bYb_6=75r!6
z2W}+171ns)=A$Sh_2D_5P8Kr2FIoS<7~DyW%5QGEt42tfgfAxA-E8Ub9gd`+*UpN;
zLG^{;X((xl+|Fz7su~nBCiRd7r7B3oT;_>4wet_%<{v~QJDK+LQ%NE7!`R$oO%0BD
z+epa#MpkR<H(5X3dMDy^YJguyJv;NJb8Px+g@r7xE@BL`AYmc}Dja<<@dVkh2+OoS
zlcmxifekD}f8ZIrIa*hN)uFi%P^;xr=b8bH9>E^wf}^b=T#Psl$ZjZyn#lgR<P%`f
znSu=zj9UmWMPj<XG8(kmmL@sZ3RNx5xQKV(FS&n4XWo*3fc7u&z<uFe^KR8*WiAVN
z@zXTOyVqT0X<Y9eSX0%ql+;b-b+qZH>kIK#g<MKf{i2yVxs65T-vBXO!oF}1$vN`k
zqG4h-3G{IxUhBG+s)e8x<WfCOl2mR_GB=NGPYq1DJuEf2*H!Gi{KHmGNn0e_K;G#O
zm2xOlmFieRfcx_*XBxs+ic!f5Sw!Vpq$tU{dmOrZ^w>v&ymc)x1~cWU`}b;vz!5SG
zbNZ3Haq&Q>rHq*KGSzQM<G?b$;2B|7K4}TU%nvsK{I5z`ZQ*a+&gQJ9b*m{}Vw6oo
zF5pQAabyfGyiN{2*)rp{$L$0&vD=dgjU(HflgcWY=Y(b$XbwXB9$sM^_|9YXMg=O}
zor+osmK;V^8X^+hp`qS^Z&`}x>{h161HFAqMVu(D;Y$Ubw*e3hXXPvhj)KscKqzcO
zv?FkqEsD4C{L`tVU+<Xol$%pQBIj1D=C{(Z_$@%>X&0W^Vm8U04isY-sk*r`yUXhh
zi`Cuvt5~BWA1&H2*~r+c&%v#JtXo(p&A_!V_tomS#n~hHf}XHxn{GunOs!DJ%4d~?
zX5e*Chppu^5kOD{E53TSdR=|aaR;ziz%D1~4%zMbG|P8k_t)lFFkg&gS8Lh>Gm5Db
z$~tK9uU!Y!X!6FrdP*BJ*{!{S6@vE)q5^Db_)TJSJQefC{Y)SL<BKa5rm^^MSetxe
z{4&;Il7R{@kMUnyvZuWVaC>WfF~0DTsBFF@*c7@#Qs}W|spYr+Lb3z0gH6r$O8UQf
z(lpmhUGSYC$ug<8b8BE2=>Db^2%Ry-9&V`DV7m^lRdho8iv98z$s(xAsKQFB6FBqc
zk|SdX&xRhnk_d5YcuO5}C|ykSY>IJ@6<2Fv@rIS=?MSd1^&0{&<T(i+WQqwbb!-ry
zjEqf{U6lE)f*q3jn0w@bLlgT3coIw~$l$gxuA(V;BU7uf3+hXs)>D7~(qmLH94Htz
zH_93uHQ3>f8@Ofex)J*A*9#lozLWOwX9=f!j4>bJNLu)qcEy-BO0<D=QIZ$dzjbV#
z@G+fWEEEq_M@4KK{hj?dEay*Dn&CNC`<gX(<ZEDr4hsd`JO^}DP}{8eJ_)h~$4UT@
z8>TAj?j>3MG-EX$^*b|M{WfPLvGKknR(C$yjAzUJNU7)%3HJbu`X5DvCgu=EDzk=1
z<|I*&>hAf1#<f`15hjd*%W(Y#{A~`j9I5D5udNC2E1gH<hyAsP^;eL;xoEoK_Q3?<
z5|l>9T4C#|hV!|#g>y#037Ec$tBHAw;B-hyZUxmy3T9cn7aXQ&)Ub>g>mPNx&ox~}
zV9mkwE#gv-u>5D}XUM2Mp#&9PW^1SVBeOe*aB9|cs>m5F!@ZnRs{DW8Iis_z13c{b
z8OxUA2|v$5>Z7+BJ;r>Uw2`E?HM2XWM-y9(anF^bS@U!3ML7Va{B~zEhD%6ER%vzv
zlXE*$W8)}e{P34b<JXtFa3CZP50;5yUNpPxgo2zDsAJYHjl+7f3=^T5eWEsZW3s8F
zX2-z6jAypd!5MQd_$+7)&OBs)Hp!ElaL6@F`o=hmnYR(J6TR^50XWAy2d_9n&5^S#
zni&5XOJR03$sB%E;!X)Ji1WXDn_n}kPQ4REMPK?e<^&pVbyW~jVXF67Zhf)rWo}{U
zshXO&x89QMx2Fh8D=rV-7Fr~ayc_d$qSI*JwkpNMF;zD5r6_7(Se2Xp{S+Vc1b_Dl
zZkJ_S3xGiHu(bA+Tqo6BQduK%u`HMj4{66!eKD<dRGLp$L!}DUMKl1YDjJ-rH|x+f
z)-w49YjagIbsPudn;m(SUA3(>l_TrkaOCmJS&=f&i9|BS^O@$19i2L@L5Ls5z88a|
zkm9|C;-2)$tp&r7@9u39hC5c`5{4xd4+8n*pbwBI;hLSQz`8zD3&(a;IE8zM!fb6u
zelIX6ohItx3~QyrO%ffl8Oc3gE3%o6=pm|R8WPpxUm1vem(P3^<UjJ>Q1P+D@fMrG
zdO3$lanC`c#CEINF*f>Sol-Y;vy^qm(!69ZX-uQv9!ZAvzCX{B2-D%HIwF2-S6bOV
z(HL_MGa^0lMSSj^69LE1F)gQ8@53W;3L$2vuuzn_ebv%;`i5WA%0sP`ea~R<M;0hb
zw2tTSI{;Q_gozIqJBevE4kjiFCK66<r;;RNkkT2Ks07o0!kTl(3h<1K723}*s7(M^
zo26o!j2t9PZO_-5zY{NvTZ=ZPEX^^@cfTjMN~)#x-d}N#@mwP!zfsG*ERr`?wxXT#
zvl}L>i3lCu`0x~)Xpgq%Dev{k&iNBHjKzd4xa@Dukl{#zpXaMwH;5xfO@dAydyt9!
zk&%fCc8pUDJ};M+_zw|DnEu&#oMMhoKzY`va-axf`w(6A3#5Ky{NW72co6dulL}l!
z9mz4_6lYTFFe&5WRHT(R=nQDs*le(XK)0v{7ED_@DjZeoN_ADm5As6?X@6{S85)m$
zcsAu_!hoX1*;Br1D4LApKqi<_tF=D>n2KTnHu?O|F75`@y%Bl*Q!$)ew*3dr@@_u{
zW$GJH-@@P&9YX6>7Oq_mMmcBa6SLeiSxPyArA1lwfpE57oZY+z=00M~+#c7=PgD7Z
z^%bJ|{duKz7vqQGwp}f8fM<GMdhS!>ys3)v3ekG0JjQl{xq({FNmc3*p_32Rn^pg?
zyPuaA2O7BRxF%NO-b!I5xf@T)t65#b-#%i0)!C@n#+HaKnSS0-^=@qGKO>!+=;u?*
zY%r`?BPxw;oaA&J@-{2}SKE{cC#8nW*MV!I*R}$wD*sxPXOHsHH)eUMdI9GAFsx0?
zQBjP4_W#4GX5_O8KvF47U+yr$9Yfug@ySQr4UH;F{C-Sn^Nb(Vr23_f+T`N=a4EM+
zV+P$U*EduK4D#XRZ9y0Kp!4{RQqiR>>xb=X4zo?$Od}~WV=@173)5<JX&rs)PK}KT
zu9Kp5{?>S}Q$|oSfJ?qtw8L#4O=8eEH3YKlQIe_6wV=!2J^kUuqMUK<C+?lN_Ss49
zD<55U_}7j;{_{}uKubja`>1#IZWYf{NwHeNb5u!E8|61Hn(auB{GsXKSM>Agb`k!F
z_DL^?kIB>#C#Tq;0}grpVT7~N+irK}ODttpNIGM!6PT<Dgz&UcD;^|hr=->0$1p-6
zubIL3rNgwoN5cHdR);mzcRXl5lI{y$Iy>EQ?$I-!QI0VCVreV=sK7zsoULb>M_`ZJ
zoJvsWACG;#Fbmkbf@3QMejA^OfcWF*3cNlL(%J(?<$oQ{+kU*N+9|0=RRu6(BszPv
z6necTSFJy*OPDxHl~C^JCa6|He4*p?OvEbD%=48pnT{mv#^*6yuJ)@#40$-OaA8zf
zk2lWkjCqqHET#&NUDSin&P%T~-KaeZN|^pC(Jr}~oYFbb&s1++hf<>Q42;sJY-7BN
zU2vFO%HyVHYIWxD24j$4$|dvyDc=Q*SD4tYuXq)a$L#Q32LOe4)PCUSZCG*@Rj6HZ
z78{*-BU?hAI3c-0U#$@dse-v)aY^yTFAZA~OIS6Yql<I#9(LYOfMTrTU*^VRH)s$u
z4$L6K$s87{x8h2_(aMe+zK5P-p_oiG$*s%HH%E3CZQ9}P;w$c{7P&FGP!D|MU;3!5
zf1onxD1TbcOe3(m#+H>1^Ou29e4oSou8u*{oWAC}a;otjr$gy)dw+>WElRaUmt&I%
zyA#)y#)mj9_u>GwB;BvLQ#CY-QXL9^F&b9hDk!d*)lh`DB-s;_>F8-{ZG#}e*-a?n
zP76i}Q1Z7AV^Pj4$Fxe}_~ZuUiiA<*Kgz6JHOGIROxa%FpJQVRp0Bj1t!S&P9OESz
z(IS;_eq*U`&izs`FiFIUj3@|0L2)j?4C^tAlFp6iys@Q?4O-`+xqWp=R2Noh#QN(M
z>`7noK^cax0?&#rJ~bkJ7wxo3?wk)9cJKV;*6|7Dn9!qibiq7FXD-#ww9u*4<5TVo
z8k~jU!9C@k<DJ;YfU(_qiaFKIH+lPu7OK(ST4u7Ey&HKZ-73{R)RRIFd3T)Eg0TUs
z-d1};DG_3oGxgeyfan)&2Cnk>`JbOrW0RlBuY4btBjXMB^Msg$$$ZWeGMO(7goDj}
zm~gtM9yYD6qC+(VftFjvJrhZdqVfE*AGq<M<aEAo#lK2Z+3;9bikFW(x6Pnt$=)Jy
z<PJxstUpqb^Tu&AS6pCSkmmdQp2_}Fs<g&TX1MPV_}!<0t8Bk>(zENsfp+xrHix1p
zjP#WTN&>h*<QN}It0wS3w8q@p$|WcewaCh+rX`1_M5P=zyG<R+e6Mi#)caSWL=09^
zj$2A0IWrQlz|vdBK2n;KP%hg$E+9FtAzAq@zVa7dm7}DFTkqHI_UbmQ8p5R3U^J%i
zp&E5aMFy@~NiT3l8>1mezdfiMBu_XZ`GOLTvKIakDcSt0ubJ>o3q@ZG!<$z2zE=J>
zZDM_GvTxdz`&ts@2vq{u3cwii+Gw9hyWaP8g}v#H>FZ8;)05NJQ~aj4y07;m@&n#Q
z&*t7}hw@;<l4N5}?63Jhb?+qy4wDCdz4>|9_xb+<lmcu03y-J=y#4|_!9$M0A3WhC
zyu!cxz&E@@F+9W{@WW61IZ3?5yLH89yf0xq$M4J~%s~){z#Lf6$Nw(`(N6=PJWBb`
z{4^BHqZ9%GKnuh?0jInX+5G?dkGtzUD9u5s`+V|*LJTRw8MM35!xA2NKmb5d3Oo@4
zH~<%XLei7aC#XOcFv2md5hTDt1w3cfCyx^F!PdtSByd2_hrR1GLJpL@AKAeas6G6Y
zK^nNd**k#TpN|S8g5Adv0;GN39}X3CligcF0R(>c2m%xI{Tl_s4j?}Egn|laecxmM
z0ttXU<d@DSR6rouy(5soA!L5{c)|`402G}*3p9WQoRsK`k4k|%%!hUIsbuTx%~9R{
za~`u5N@nfvj62I_+vuMs%oRAf)^jf4m-PO-xN~xO*D-1qN7YSqT%ELam!BZE=PqSX
zMhD&mH{PU|PAUJoT-_wc7>EVkN0Z7Ma#W0oT#0q%T<l?+WI`VH*Lm~@;ER8zFn^u}
zEQfU?Kx7g%aA2kx1SyEhlV_lyD+onV;6zXm1tS*|&M+cqq9+Ph6nP>zl4MDfCsC$U
zxsqi|moH()lsS`TO`A7yMifZUV8MeFcFx#2(1;?RqJ)y{IWXbEh7XxW6#2BWWF<8e
z9*Od#=n93YIl+b%JC<x&vuDw|1UhnQ&y53<QiPi4VO*XEMF}#ZkfA6}2}M;pc%^S9
zk5e;&nyMzxM7TrKMwUF8a%Ibx5mL|$G}B&Do&8dnF=Oq>E2Hrmf&5wYXpv3_<{4eu
z2x?J^TF>Bw`k)}xP%#G=KAd=Q<0e;+^yK(tPf#h7lVq;-tKZ|-v1ix5z4B7--@%6$
XKc4b*^5@Z~SHGTpd-w0b2Lu2+IvA$V

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-domainiso.gif b/windows/keep-secure/images/wfas-domainiso.gif
new file mode 100644
index 0000000000000000000000000000000000000000..dd3040653f305cf35bbb999093d7d6fdc30a4f05
GIT binary patch
literal 18347
zcmWh!2|N_e7vFmqyX(%KCFIU+U0Fw3LW>GTEhQA8kfYcGyF`{!&Mc8zOC?uY_eQi)
za#c$b^3x_sqW$-OpZ9t5eeW}$&%Dpfd}iLvygBUbgtZ9x0`vk#0sy*zfAoJ$`&UXS
zssS(o0JRu|T9BHW8bbFvz@R|Qz#3puAZ8MSFv)?KlpwGrve+1ibqUhC1c56P!<ATD
zTN~gAVvdzkj%Bj{7+)!iuT{gR8{o-U*8q%brP%Qn453W$uQ5W7CZR-)P^(F(B@hU@
z#~amrn+<#$eF@<>-*iBbKp-Zj>)+z&A7kR*hz%&g1~j_{WCa8S;DVatef=TV=Lw;y
z`0z^Pb%AwM7e2hjH$2ZZyxldXkr37HA64KRlShbY*Sszu#5V%+1Tir&`0GP}0)fEV
z+Bd%I`1SU(a6$mNEZ};3`1Q);sXYPYo*;71@$|9K)SlGT)X?;S(5&Vxat@|a5T9P_
zpEDhlGZd9Ia6PLrCTA%AA1>$$EtnPr1zpb@vThXQ<>mR739c86k_$$o$|lyyYB6OK
z@nxgrlF`(Xp{UBm)UvUaEbH)EL0(x`Sy@?D<yd^<Vov24xpCUJOAyc{$ZMP+Hw(xu
zYXyzd1C==i%@b=S{vXO>dTL8bnkQ1**GihF)7uxDn;T17rYCCCV+I82U7M9H6D92*
zD%(F~^=vk_4`uai=k%;+^$2SJ8M~$hB_*|8^94PE#;y-}1KX87i(Oq^B?Ie?J@X|4
zf|j1K=AQY=0YSm2pk-jbWK_^KFws6RpEn`cZcl9=S}YqAbPX+5{*$ANU85^Kql>i@
zg61*7c2Cae=xF1Fpl58QWnz1K;Gb)Pu8Hl&4}yuYv7w2T(TVw?iM7#*we}B!q3N}O
z>Fur$g3;+U!O+my^xE|F^!8X|*Sw%-UNH7yePCWNG`~Iie-@0*Zw@W~lY;5__0dJa
zhxwI>#m&(b!Sv$hhsE^|i<=WG+lz~f(<|E_R<;H6qaRiT^DCS4|BNf^i~qoyU~z3z
zusFZCw*6sUu(Gzj_)o5HudEB!);HJIx7XL#S2hJ}o7?|tt#57%{^|eJZNcWI;Geer
zj|KlHgaGjSnVkcR*-b@AYWs0mWxX`9eJ;iLrt<z9vc?x?IZ<UL$ry(WMd#*<7q>LM
zYW-d`SK@t?EQgAnA3Yc;!d_XKtzm(6@8YP!N-oFLb>$D;()J&ETr*xpxbIRToHuZ^
z*5?t(ruIqQyNATy45gyC+Eb4_+sgfiTN-AbMjkE9I&!sgx;^g4%KPD`3$tAb-#~j^
zTUh}$$)eAt>sy;X4Kf7kH(l=-ejd&@epFIFRrh(6>CmxptQ<#{7`k`D;(fD=G^6fF
ztBDu$=8@6znxxT@4s(tpK=`GmxOL2Ud`sp-6O=^TdR`@Yesee4{O8xg{Q%bPLt(&F
zZ+M=-VEp|?iqOK5A~Vos?0=xuyfT6J{7$^_`pC>ZAb_1Bx1RGWTYOP{J^R}6+h*P7
z0xABqt#SS@rt^5f)7vq7&M)N~b*J_P00kkzC#7Q`cQJs6dA!2dme5~kB0o-2RIh*e
zN&ARwEZ7`LJf5%e>Eg~@_5IAAP;)ANM=pmh-uxmaFU>sw@%c7YTub7Lq?Cauep+tn
z{l$;R#OE@7FAI_MY}2IF@b}bw*aaxc*3rV3F|@!!BX^8Ml;p8FXBTNtx!boXdkXK~
z42$)7P|z~D{Dt24tfe|OWE7zSI6Pf5Uz9cBTvdE#ez_DsbbI2=1F3_dnjR^QE48O~
z@&x>>Yv+b6cvt7kwmvuH4mpPw?zoXO8nQg)zgTl}gxIA!Z&hmVsT}Vns>VFn)~>_*
z*Xf<^dzP+sw<RrPx+weRDV_V#oA1t)b{D{cpZ1J~+-PgI>G;z6q)ck5MdQiPx94ZH
z&cc%Rn#qrue|*`i93P-foxL+8t7wRC2}@t>uZa&FsE55Om@Pg<Id)iD$=mh&l`FX%
zW>+n!IQO~!pzB2ETH2q<E+YZ>%BXdssZo0VobHcN8yWw{Ttmt5jWNT0|22=f9(Fr%
zeRcQj07Ub!Re)!G!-5H$a71s@`@`R5|G|C7hfN=AU*C<GJUf_`_cY<&b!Nih^)DZh
zPObv}m$xv`K_VGmewRp1&{$U<j_TF>^@&h$XJP826sBG-e?7!0eKmCdsXHGbZ6|?-
zEh6Qg^JExL@Rxpk#V)W81WjA#mZrC5)Ghn!tyGmXT2)^K5lrW&cVBExJ{<gT{Q9Qe
z!NTvF>0e~8<o^o3akcfAY%t!paq~WZ#;Q;QACW5(GVHql;k6SX6CP|9uI)jtUYPQU
z{ZYXQ^B?a7?CnrrtdH`(ka1Nj*jG5J=9EAF<Ws$$4cXUQ<b9-BFy>~(dDxd4ijk`q
zXlA3~sMN6M^#}W_P(51qpK?*1e?8j%^K)@GN%VS#4zZ}q8gkAWo&f(adKmKdfe%db
zgtVY`u@asxq^7>*1^j!Awk-#9gIY~;Ts94}O{+3g_xa*oV~sM(veb}o?trgi^Y-?f
zx9^$H)oX;={7&T{8a+HD9k$p8r!Qun%gm7LpblWnhLDvOxe9mVn&Mp<H@`mmRL9RB
ztXh4YrLumO6Eb*M?eZ684tdY+3cah+usO#qej!C;^69TUz+q!-?taDFbX1SWA(i==
zcx-_KVWRRZM<RXT{2@a<idvw`4@afjUho-BgG(9FZ}*44aBWw+a(p=KfyvCetHYry
zg_CMWOhsZw!pha}#?L-rwoko$YmHB^>z0==R<|k2gXD%TSETkit6w(qay2+tWOO1{
zV34HhjC)kSfEUw{NU>YLvEO15kA6*7-eH1iObMH+b4O3L!){&~8#iCQRioNXQ>(BL
zgUQ`?vWS0tL3Z_nt#v@@?qph}pQn@LH)^gMg9l$A!mT(>V5u;Wi)5<jAv-PGvGB{*
zcfttwwY??8!bcG;hFZVx2$x%$)Kq7czc*iDn7>Wc%pEa&p+UfbgIS;URBHC?&CVg^
zw@e)D-f{^FTDFGaxzWL41U$~f@=V@}!o7T;Wu?o(ZCMX$i^PPJ!!h{2$$9+sAD{69
zCr`w!sy5{7_3QIqpODH2Sw)R-{eEEa{iY#7hu&Xw&g7cwhaP>%daI-RyVY(@AbrtU
z1$1&q!=N)+ky<~>3Oi4$^Bv7Sey>ERA=T-Kllf`4qxj0B$Bv75&S75Hv7Y348K=Jf
z6(I3Y*3~Uk_ME|Z+BwJqYcME%_=Eo>SVm)s5^?*6(&Cy}t|Vi`>D9Q$O0L?O&t;9V
zZRbkgu}qH4l9z24WmW$$8^9ZUIQDe+>CMKs%1ZeME+?M<7`kSx<LglE+&lq{&ZLTO
z@CS6YiziNz&MF3P9ZpMh`1mz?vWTSh9otNT9Ow5cNbOzIIejfnx*j(m->81`N#)tS
z-|VCl@llL3bEr6}DbC@0h7lKBOB4>oA8>Q(xs`)CpF{#Ho)|E?ljHgc_2Z>rcv8yH
zzsLH#k@0=mPQs(Ysm>ttFUZl6Om4i3m{Aq7UMu<pv>=C#^xUv}b#dbIrPfsi+|2rI
z6}iO&yYWoD+=YDp>IOmL*^-m3{Ftx1(R%dO=bAUMOvRC<cwxR@=N;z3db_GPv$(?D
zNtzvhxzGh49(?$|<=gNRm+OX?9JdkG)F0Ei;zp_W#ei>o3+rd7t=i4|UQes{oqycq
zG4jRvPkc!IX|rQy1!iw@ktb<&=j4BL*4)~g4n7@?2=kS=<fYs(TV56&q5GcWedfjc
z)q@qCsKvsBi&iz>AeZNZs8ABkiPxzTx6g35$kRq)hDCl_(VSr#d#1taxZu$R{B6xB
zNh{yi{Rd<E)s^^H_UpZ0Nz0(P8)xt8qf5TuDMctj8U;(gOcs9g=4T6X(}(?D?SZ2P
zuH270mGr$=yTH80vz+^&!|$bm%&+lZu0L+f?1W-pwVit0C|xD!SoO5EnjCA4ZHZRW
zzO>(b_Lk1Cr>~!_y?gQJ<#D~1TJSwxCDP!{?$Z}C9Ik&WENBlwCdW1P@x=cUA)n5o
zmla<ID5+sO-)NqRXGMO3AK;`|9TSgDK0EbeX{#4{Fn9I%-6WU6I8FVnCitjAJi6&Q
zPO8;T=>;uq<EiM8H7n+}&DI~}Qd|l@Jz41!754ju_g@F&x$HnLNU0zsL}0|5zWQ$0
z=1*taVf<xfuph6yY!Gnaw?bUf#*G1yeHJjgd0X|bS7CoPY0|%N05(gaoP>I7o*Z~A
z8CWe>jscuxNm%3HLe*iYNd+7RfM!a7t3lEsiI;DoSpX4;IMgJPvR@VqXHj$~Df*K@
zO*#b<h1eITgvJ0s7!fTyI0y&$PPir<cNkf%w+;}wMuHI|DH1%2>tu@iR*G93a6bYT
z!iL-B%T$x7AU;G(1&qa$%VkUf2$>yXia!o~1d-~A2NM~vOZl*7G2~?|?Gs#L-GCMs
zhlt3Bxkpk6trR5|ID{p%^F{U~GZoED(g;AG<bZL45b{to!Z{A;HVN>`htV*!UB2iq
zG4xy{iiyZ*V~JGwWQ63MXdq<NP9n?VP~*IGOb+_;QrdMq$XyofL4vUu=(H&6NloGX
z-Bc_dkTDs|z^d;Mg`JmD4)7qMV#sB#=siTn2ri?F9XOevCA}$Jfyj8+iWV@C3<k^u
zm+m?V^kBndT4mVGR4f9rzX`ZT7Y@ij=%6XT%o6e^fn4LfLfOLa`J!_MsCO(8y9Zf_
z0)}wB$Ur1&E>d(?3>g=hhT>5q_}~bVNc<dhZIarrDe>RZO+TN+)T`MA-6$Fk+OkA3
z;b-o$&{L79URI#6?=7?VTU7#<$SWRWmy2TXAWG~M6B4WxD#IoT`ywFt-&D0I`dTYl
z%_2cVPHvV6-<hPy$iYATO7DowGXI@N6uR?>h#cpm*8#$RLULRHLOTE%5Gi?o)NSil
z;AtMzHT2Tpq}&S<Oh<_B5{Z~#i%#KCRkC-|;`7f;38Q?`zc3<1K1gp8U>k{8=kAH9
zk(i7u$VO0@QAmI8T{su$PegrVphgJ!^n$|L&|6gu5p=vLgAdl<0$*d_2yRNv*8&iI
zvhSJXQFD;~Vz+hipinOATO_Kwt#GKVSU6sIfPvZt2)ht+bn)P8gn~d706$-%psmP5
zE3K<dW=9Z-(B@DyN$~e9^c&o*ms9uF3K*k8CH4P?E)IYagUSo-nJy^$5Sm&1TXq%z
z`{@jdW1v6tk*mM&3AZz+u*h+?Xg3ZDPAECuRH~&S(*B#QE+ohJcO;kuxHFJn`AGN+
zrba@!bc@J1MwAhmw<!nxikIG#A>lh&8uz<2H3uC+ya~sFZd;&Uq?g-UR)l^o{>(tS
z<4WLSU>f(1m*M^W9{1(7^Jv{D4=zQe9X-O!bDXX`U3)?&0dd_T(Op;?!YVP*25htz
zD7eVJh^!=qz}Ep4XHHhdBnXeN(0G@UbHdVS9$hOZ_2N*GlX03_PU7MV;ct9ogMe6d
z^Fq~A1JqY8^x6e@P`ebGN7njIqHdRLPRh{RDVl8I&j!fsgxZ_a!mkZ#@)Bwe<<w|*
zQ%hD#!wY4~5&-v4*4Bk04sz?dw(HpP^*xsLeJAS&66!gH^+PLlj(o^bF%ZlE044&k
zOlVAe!(?H@bVdV&S)-{^=OuhEJ_o&5ySCy&?T{QusjYE!x^Zp0kuU#n-SXka$%mUR
z4@uh%7P5_{CuJgVC2bjv!!<xO69!9UA&OYS9W3Mw3;l;BrqCo|)g(L&Bl8eg7GO*p
z6hXSZ_fHc>q4|hh9f(8<bE%91is-}xnasMi8lXI>)~KkkwjJ#vU{m}_B_7>WjU&~E
z9O9P&Rd6nJnTQk-eq>zqm^LLmC5F^d@US}7yfa-C5daU}0!@ga{I>7m>mHvLxzj;F
z$Kpy133Rva9GkB-$A<T`67ESb5p!Y{2NWKiIrX&O7x@)aq?7;1o!sJes(MaNI)Y8{
z;G+9675*2WW)v}8bwqTgfWO<M6yxt+5NQp`L7T8BY7FE!>xo8T>kWnWseF;ZVM+vB
zN>S*fceN{dM(P10&4YlxJj`V3w6_eOt|A~`V2Z7XMTc_Qlm9$wsFT{^LUlBO_qlDS
zPj)<==`4s5d5?kU!~qXEOC7}kYK!jr<{-U)gWfYlVgy5-qgGv23{*C*gvhJa&mm9U
zxPLMV@g^NMM=1B#?sBY!85BL=?s&d4^Zf6h=Kw`E$eR7T1E_!ljJW_5m>}dV8@<C8
zy+-}-RNcvL(Z~c~HvpA=;kkn_7=&YE6nj*yd%$6AG=nXI?AAthhpaqOH0!kM7X3Wk
z@%3}HqHe`r>#o{(;c)}uBmWkH&qjZ%<Q&vRy+ffhytcU`Ph$&vE$a*0B9WmSxP50k
z7t*WOjna{WzczSeo>}g`(^n((tVak2Fz!2|LV5Fa&t^1oF<*%GwcpjRDnNID{#*Ec
zWS$4JtBx{&Bj;)$3UxJsCXAaof20>6BDR7|5nj>bGuO&v!Uk!+T{bL=6?-sseozM}
z<bf$p=HyCEOTUK*NoxW72)&ngs&jN-q`m0%#MD}T)h^7GK)$7Dkl@V((RM|N-^}3&
z0^;)!#f9*!o!qYp6e2AlA9ZwJ*{Q61ITR2t{F)DCUDJEyC-J0{5+|1bmxP8oXXM9-
zR7@g2aqs-(A!OMUC9ys)akmHm?#y^dp%u=^YUL~BNPrM3ibXLYy;zr#Ir);3$`xJW
zB7bCNSqP#3MxxIVO3t5B8t{|wR4g3DJ>RGw0+C(~`6B;Z16c93z4lXBL^#ZjI=MUm
z2LQn~=so_o1^}WvT&_-jmxtiH^DHi10`n^44@V>6l|1UsYa&!f7TO%vubqQtFmsdf
zAQx7OEFZ1gQ1}QSx=v^`<aM}p<JZM*qnIym438sM##dv6NDM?J13>~HatXpIjETE^
zp->c}lq(eKhN#2{g@#XrG)#n*Oq2lLh3*QSLm^_b-UVHs2z@pYwfip0UzpnPE<S6L
z6e(0G_U_92$u2g;lmQB1A)gRL=J}%S{Hb}8XsN%*7870CAR@q^OP?VHyeX#MbZG<n
z!S2)+Z~6&)x*avstTbH}K2!C6x=v~4VfgH$>(ezhv(K_-%WS5ZZr~fFnc8PFef}a{
zZqtwbMS8Mk+65ysPgn?_NPrdrY{~+{#m@M%K72(1Tf#&^9ffU-OwtzDg?xC2osAL`
zsrGwHe8voP^P{q06oN3g3q~RcUuMBBG7u$f-bJoZE}M6mFoitLqp*2GUA&7JA<<D@
z2?HT@Y3`!IzYdy1oE8>an-fc#kh#P|UYgguG$E!xr>8%Ekqv=I@}BTT6}yltfVmY6
zTI#RplgK#%Y2IdZZeDBw*@zw{EF3;P?>x%0LC?9N=bHQ%;0F=MyI?H61;<g|DR-WL
z{psK+Zx{y-)c=fcTnO!g`Tkw-=z?A5i{4=KEJq>8E`)$5x*@hi`763ZM8#pCzXhz9
z^kvin?*j_=@|V(Uj7qOgzEIZA+n=+Qz=M7%#Ch8+?o?zRgYm-2Mq*)z;u(ql%R|3n
zd?_IYjF8X*9(wm#@d#0LSr=$nD0LQ66(=@W_UEH;`*P`}TMaCfpa05DLk}7w?HpTl
zllV9kiV(k<^@xWeo&H)EFVecV(8pg29gWc0g35<=^!&Zochk4z^y(CS@W>>v$u-H{
z4yr>3z6XfDaQ^S%y{x!G(XkKrIxwPZO5ne%5-Ycm(pr!yZs(V^d&~DuPziIZH?yAN
zkkY@w5|yiw)6g9*GUE?&!r%>y^_3d<a)(Kg;i9q<I#3_)iAL}wY`^OY243qRp2#=5
zMHa&Nto1(ixnfc+k0^8i5B+i1dLR+d&HT@*WZ7|hJ)QW@C_8J8(T2jU?>{0%O$3DU
z&@P$2+c#^g#Ks@4Qe<!&u<U*oixNUuL%!NjDt_(pys!a>K0*gU&s=dK^Wh{opZoLl
zng6P{kpiM9#zS->a-&>$dH)=C8JB*5(f4U){pIiVuX}&#-Vv#1JvEQ$*A4;g@P6gz
zAt-!=k-}z3-mMX_fC+<5ILY|tz9JM3t*5klDZ4kalp!ARdo}O*T^?kt9VoyEBUkCs
zY_`-E1c}T<A(3n@yZaT}&u2#)N493{2)OJ;?mxW46$nJfj_x9n$VJj_&-2|65jz6X
z&Uo_fob6xaj;IQYJ^TFc%EO(xhr4?<g%vOj>pX~o4g}!g!oyLZsJ)K)gfjbxPr@x1
z&ObbT7c70B|L3m9Cnp~hvm}U6?$JX>2KL-@Ebt7nL&=}$@)L4k57}KNe&{QZ{4Ajf
zy4KwN*$ZH6c~EHwJTJ+yl|Hz<Bbgzb$4x#2t;W@El!B`W*8_{RdDSwdKDUJV&2RT>
zhuJszD%CyFI{6SZ>4^$3sUuZhDRn~WFl#-o8bMPCXP202xYFo@PH{Jsd;B*Rglh1r
zzMM=Yi{uH;w;r<QIHq)BO5*3)0-XcSCzVcZ3hbcz@X_W89!`e)?79H9*AI*G>9Kn-
zu6N)a&H=<!ggkyQ9>)0{tNt=i)Vm)>!zP;D6MspDeLd-MIGYfYkk>HvoMy|4?GBMr
zs1PYVBS`w#_dDC9TbWXrILcgla3i8JxX~A1l;B#8$YQXK(QV*WO%1!viE%NNU!Ju!
z4&u_nb~K8+bFhi_*4d{1-JO{T8rbanc^s+_t0```S5Car%Y9m1`6ZeMRufLWzeKs3
zv}$OEE|OYuxNV=(JVY&&TPB_LTWB8sKzx&(0&X{aF$6i)6pa6dUFTpgMSr?4XM8kK
z!bR(7`Q=gc5tF6cSDpTJAF+dvAYSeW)UeEZUtt-2G^@+A9!HDaogbCYn^;P;Dx+~_
z3L5JDHST2O_p)PNM-Q1EKkjyXUzwF1H0B`nvRuEXeMHP_!Y9|7>QZl5G}>~Rn7S;T
z7>MP8GA%C}x1QAw43Z6Wc+!ATPU$f_75?<?1kgL!bNNZ=+^x6F%LJa3cg&ei6Ki~Q
zFR%3I5fy?D1YVvZaqXv)AtK46U0oT0_Q~=6WOk^mI4VNo$?c0l<2Z6eXmjY?Mx1?!
z><R7ZbN<=1i{7nn+8HXP$rV9s1O4(kOKA$Q%W`Fa$im-hkZB+1qW{pXCgUIO*<cDz
z=_b|8(MoPlIz-Cko<miYo=#ap3!dgQO=Um)>-z3vtKBg~;`zC%f#SeDnv2#hLi-So
zE}{EKW|0RK#9QH(9k;D1?6&`&Lffq}$znpPnMK}~>dJB+23TyyX~f}`yv)<`Pw4xd
zoNrc@q>V(q*>cpB@ztJ2UVLpg)^47}FjXl%^Q=HONbyJk<mTZc7Oc;Ahm+)h5G;?l
zhyl^%fWj#eU?4f;KtB|H$>;B{{30AFUU(JFhRVz)h33a<Pmg_hwPm*<W?_0*=raA*
z!KLFVu(r;?brqdo%tR;f+2}u}+DaxF68?|#l9MXEMbHe=KG!**5*7z*Ay`ou4N~15
z6dcU^ktYU&7&P8HlSv~95a<*Nf+qu7$B{MgV!;P2l)C@U*^J^S)_?Nf{dwc1M^Own
zz2$Y%r4VK+*OQ$FD|3?1eNz7?T|c>04yFItj&X6JT*49yKoyg3h~Rl*n;f{j8VjJo
zuO>fDB(Aw*yU9p*s;urINsyQg`AvPe6zM*q$-7&!F-874M%30vRzhBpE%acy%>E_K
zWa#)>=v_pG`<j7ON~fxlqR#x%O>7w$$5uAf?H3RHw`r{g%I+);n!3Lh4(Ed<l;YT5
zhZZU1R$QirZa@4ez0-JaHh8>FPE~Vqz;MDty@7xDP-N3!b|g63;m86~G|=Hi*(=P-
zsnYS;yRIt)!G8d9hT4RNP_CvT3CYKDgnV*DBX(S*-*DjAq!{4~8@&>G7`p!MgxT|g
zD9W>iQvfkC0xkP3){gyINQ*sWvPixfQuOJ_4w(#Aq~t5ei3&~Fxdq9m6hvP>Z^vwt
ztpZZY&C@^HWdbuYc>9Z#XBM5<S4mfH*I@Q@`u1+(vM=A6mm1&<V%b1ZPtrUD+6Dqm
zOxmH}G*pL5oz}Xk&G_oe0Kbr2*<fhDO<Hq5BZUBbTiKLI#Lodj;;NmTB&)LJ&oRtj
zYTB74hz+YW*Xsy{mi~<<nHNh{s(j5d6y;_AkcB)*WRX$lPrAphgB2~X4jM_@C!%>|
z6G6Z({Nd2}yQjhn^&`3qw;%XU-RgUb`Dp<VT3u<n9ax(yz;Vvl@ByL-Gv%G?K1KT`
zN}qm9{U^=7vkjYa8LLEvVkJ(HVd2y*16ZrDAw=<Zhu`9f9?Vm`lk?%a#<BB#sfHmX
zXU?twz52>PluBrL@Tr-hF{&z&6sA0m%ldT3zLn7(u&qkVO;ma(>V>rzu_lQBMH2x#
zP`=Q~$P_)<d8t2Kx4{RAbt`{AiNPoBV$Za{pO4%JO2nkbg%+hFu}|w4cQ5$-E-NDH
z3b%f{?s~1%;-fEj-@c9fRQvM**_kYAvr%URQWZelt4stynB+?dFFztSh>#9nfdTcq
zaA8g~d2dZ6-&Qv>09D#8CsPgBH_qu0@f^I{w5;vlEBrW-*j%sa?sgKcTG_J;mdxLx
z*)o3nCAZ3rZW{dPK>|~e{8q3D9=w+lFxC);QQYO?%_-t=11`}7kVaB!%{gah8mDH@
zIefvc8=(+Kl=K?q%bo9_Sg=2d%4zO{_i)orc?RFDv*@>lwWPDA$zH-24-{T056p6E
zloQB;5jY0q8mC}%3r}GU@<s2Std}@7c_7&t2gO%>QkrWWFpdSXJyW9hbT9`@d!n*0
zDfS2<79x-nj>~&Y<IVwH!gZIrLq&<ap0d3Wh81&}!nfUOL9b=h1%5<3a*9g0R4auo
zep=WCQYIv|wg36f=gwqwbU5m8A8My1mvlTuA>cTu8xZg3PjeaZ$e1<#n-dlwc`63d
zmTJq;TMZCU?e-M)iO2foph;y4U-Q!pTd&{pH90H)jRlk5d!2-yB-2+%k5aFuO-G)m
zh-VVvRZxWsr}0!N2U&Z=ZU62p$v#T``OhejSc*=4lhB3R3IIR$O4am_@Jqb~>(c<6
z7ARmo=;#aM@)@%9nwc6R#qp8Fsmp04ol>4gX+@!EO3?F8sfP@U;Z#&`Keblek_fn3
zOw789+c&Vk+sEaSVOAn!--2`wKz;%Ev--eq<7{iv!`dzZTx|jH)q8)x92c0SQcr{i
zD0j%gRk5OJ9u%ccIlUO?!#<v3-})0z!2%@Ct4np6w|*N~cK+)?_LJ(m8El+Ib^9^&
zd|p~(-1@VC{3Z1GJfh5&1YrX<EbjL`5}8U3!^5@3nnhUPY2%x)KePoO^ndd<Y8=qV
zad;9Ub>6t^lcbdps1vSQ?Q^+HxV>a)ysMzeN_5rgZj_u0v+^zjiBG7`$pHvi8LnT+
z|7~eIpI}QY>J0h>&-Aek`U4-P=IKpZ2=T!2q%?&i=>n^C?|fK%99ZQm0FT4*2sk+{
z2+e@L2LKM&1gjCCv6EmYPO69>S+N=t%>oIIB{GxGVizyo7d^MnGPeuWv;V6OUD{9R
zY8;j8Qv6C*NIs-^^YQ_Cljl+nwhGsvN%<C=!*pduvuk4Z&NYy8D%tuWwDX)tw|K?Q
z@o6!Upugpmsyh3F&Cg!N86aELs3b6qNe*PD8F4_zi77}c2R9$M5rd?A#FTo4yli2G
z#&?JzyE`s|y4x@x0!#sHIg$0EGuIT*oP+t?dl^{VH!#YC#QLb}I6xIT?WLojo0@;o
zF^K9IXl&;5oqDiC<1#(X%~9W!F&KXgSsaoY%1V>L6gcY~8YST3iEOF?L^Gk^r;nwA
zNsZZ}zz7&>2uL5?O8#m@m81*UHF)XFy)sM81v_kVlR|SmUPiMlEiv7f15Z;W2gPe@
z^Y7;<JP(o>G}+fk#td#1Sx2wh+K5x()rf<fw6a7YeeNE;j`ULq+5yrtFWp1X9k|@@
z2Pv`~O>I~#juwMqBMFsnxei+f&T^q7Zuh{eB@KhtHb3LO{MjdtuJpp<&O16S#l^Sw
zRntWfX~@???ifH=ROek%nul0(`^sQ8aVW=v6pNEfp}VMKs9-F)J`+W?%sR1TO_hc9
zlGR)dt-GyBCYr-{A8S4~X)92p`)$Fm5y>yk0<UesTOa2-W62qD<VyyIB^;45Hu)_F
zdQt4w#lmN7T`583%R;aLFo|?H!Gf}n1Ri{yrtU)b;-<wCs~>LDY4&&ftn^Jogg_Y5
z9Ues<G%_IRM#e&8x!o-(#<7~C=r*cwH9}_+rv6f>OiH-?TBh%0nu-cA3F-P^hjx~W
z@+OWpTSAkFZbj{BNs-VsX3z4=msvPwh(#lwb0q9_v%~Edik9^6w>w*AJCkv*EDRy{
z!bl!*gKybKN+*Y%U%*bCwcPb{;Vm>|U})ceS0A;cpJ2k0*r`jaBt64i*jt1|(a2D(
z+kMuZZ#zy;RwdW_AaAVQ3awskT+4PQ9u<mAgJot-ce<@;!u+@>sihH_5z(Z{5jj1b
zt4l8ho*Za2pLT}CID+(oK~YK7bpFMM_r!#iv132PN1`SP0cU|R1ls=p2zp_;E|U*o
z>{OLQsNWSwXX~XA`wmrqdX>q8Mem~p<4|8#a}J%$J;jG5GvI^s4>coSE0>Jtf`*>v
za(~Zy+4m4A0Gch7j2l5jVUCHBj3Y@BKueMb+jELNER~uWh<Upv>9yPX#$^Q-M|xF+
zgFCzxi)~E{kcB66Xl`-iJI2R9##Lu%8rs*pMZ_O}tg0U#X>9-G_*uI3If6G<go`GZ
zgW2E?$851l&rLc^r<%T9)8q1%9`sWqiTS!1pb?sy9l)W-YNmwS0Ah;Xd;^RLGUK?t
z5Pj>n<CpvEeUt{1BfSgH0?!f6$Xidcp~rIcxEmx&#ug|fPE<ec%@ik1MN0w#nIz@q
zfZ3!=O!y7Gp=8|T#w0YJuMOBo)(0HnF-O6y(aj6Tw;yvKo6xPedu%Gx^1!}1;bwWp
zzQ4~NK#5Z`#3*4TQFlDUYZ7+d8sNq9m4)7Pz}<cy0#9PXv<}gI`7~xp)+rWkDO1%7
ze{wFa`d|k2VfaHajCYojK9wgdte0Bn|D3T4chf`U^``9iHyg?lwM9IWnS^z`E%sW1
zL2?21_a7JS(xW+3wB6Ls@U+`Dbng&Y5{Gt;3*)Ay2V<SrvG#&J@zsodN9=W>njD}0
zXWg%)gfBl!O(xI`Wx+Xa<7D2+FUM(u*Nk_ofTI?T-b*mYZjD$6f5s%_NPUGp3zo@*
zhs&n<Po~Nyqy_-sgyyv37-*6KZ1$&kEGvy1a8kzi#T}^+__#OKsF9lfJM+7yS=?D_
z>&dKq*NsU^1|yYNlI6swlGzXQOR@q9DH%T8@t7Gt9tK)y(#NO9R?`x=h-79{QV9I8
zkN;mI@+Ia>aB8|2mf)EOX!-dueHR|S18kN)or2-z89?Hr0U*ZV@-ROj*J$c`+Hq65
zZyc;_oZ&RtG=|T%;=kQ9Njd0ncOWx6a_PPZeO$0C{P7h7esGIisbGZEJPEi((j-9*
z#Ec|E{1ch5?}_Q&9FG9{s4VvQ-#E=vl6@)~fog6-wIg>xa`cPhH-3@JMV4R+Ntw=K
z7%6t@CGMbd2t08qjZsI^;u~zRQSW&uu}#@alPOLLMt?5=<m14~BlL4|&oUU4GfQ@n
z{HZ5lu!JSJ`De5NeR4NWQzpaCzLN^N+^B^mOXgFYH3M6F_JHUq6ym~sUZE4hhIlAj
zHjYeW(E?hb39ay}^rlm?@OTUxfgjz_Ov7SC$CVmPMn!$t!FU`P&-~2b!6e+x4~Ni_
zdGLhRH0t?}ksYu|reP8*ZMTUou)CB)8>@?E1YVe*=UyNQb4ai)O6oO|s4VF%8yF@;
z{x{iB8hbQd@;9mhemr>il1{Wd{9FPwatUrgblBkEdX4`Kee|WyFjarj?e8>MpOISO
zK6eIx;V}K|8iA6unah&TdT?Fm&Oqw5IGXYn`6?e4F$uSpMJW+N^N8n4BNyadX2a1o
zh(p=JEK4VY5Dht4B9Z2A087+_5o9|y;?i<jv(-c{yq<$u(dWGHoK+{K1TN;Xrf=)h
zKb&i)f_Z7z7<asx@MPv}k33X@NNPT9U&>mfwo)@c&r4z{&ayIh2A({<S@Yp6#OAz2
zv|gGDzP@X5xozEBV1f>q9^ZE`#6%up<SxFZj01ZygZ*lroT}5sVgaI1__=myB!^~X
zk?Lzoemt6<dk|T@5GcV}(We7E)AC#pHiS6h8`4)BK54?<AyF3oFDmEF7|c3l2eV9r
zfGZz1M{Wu0_$*29_{)Cz3s=K}W9gU3t)WRccp^9D0+YNCi*lN{w8$l+Wue2Dppgu?
zI-R5k$V1!##EbFsd?G|~;N51jB9AsNl4@KXu@wT1Z+)4t`0ejaHF3$Yr>c=^EV3$=
zzjQD)nAxQ0Lk^@zz9Eoa>(gKLl5{S#c+1kR(t+Hr(>aORk_XT}bbvx6T!!|2=B8*Q
zBS-M<NnQ8A_furuXf40J$(PiyBz^ehSU%j1Lryk0sCJh>&L-c|pcg+P*>Y&X^s<0R
zcyt_C4E{QU1)H=%>AgZA`Iiko8o&tAn_SuD=I<sC?K$OiOzaPkEh(Bs(LX@FU~tgd
zc3rKM|2PedWKpk)RZ<LKS9z%_OH`BAXq^HIx3F6GV<R+g<G>lRjBVFtp0{K`wikoO
zp9^<CjN`}`z%bvNSH6E)dxg*hhv0u&2mc&5m?4Ldud-;xFTeV+*nS^>YKt>@BkMi{
zr~(I|giQ;m+W2%U?GhI7_I!32qD?a{HiTx$IjPmWU48NCvG6aO(uALZTR;J9^2ghd
zlmn;XZH+aZe=UuV{jxCp21dNo4TeS#(~KCu!1)`2wp7I>Y7`>%znZ}f1K2rq9J$Jb
zvklJ(S*9lcfYZTAELQlp%}-#OEr~==&LsB%_G@PA;wUy;S`sJD*pHlLF8SpWK$epI
zQy+X@HeLY-3f!OSCrdlXA*=Y%z;W>#k!ovG(S;A=l_wC)(C88YJYkq*PS|1|c1U7_
zXNH9I@AVWXz~hJsYMS5(#<oaBf=<q`!|3)qvulk9s0SWG;)sxawq1{oCT_&RA?*XV
z?5{liHpj!=)u+SSMI91;0GPpXCW<tR>J$_HpQ3z<3@6g9vr}+Q^V-DGo&MloBblpH
zJ`rjpw&G+$GLB}!zV^vD@i9#_*}Kg6dDQD)vPA;;DTVJ6@VvdR$ZyP(E-8bU$N$#c
z-5m@eCvs@Sx3s!HfBVc2ex&6dbojQ#A@u}pe;fuTvT&b<$rd<xJdEyK36szb;bVGI
z-pnh~zkgHdqf6}ftPe3%Mfu2>UtV4MzK_FD4tTw#`LG*E7?5ZVTV7XxnG%WKaR@Y~
zX~)*qrplY|AIxB0A1kK6Snq2$el_`CzWTrscN;Fnv(hs9#_Rf%I!ah#L(K%MlBu}W
z6z+3JF;lipLBeEEF*@7QAYavN)!+nNjlMc;c>g1t0vAZG;Uy|^!B#Er!&iMY+=}qp
zmH&PI=K5CJ0#DXjk*z@~1Wl3?E3-W+je;JW-%|+t`f2iN`=*t&)q{Lw(5v%yV`hid
zqm%UwxUZMYUi!Xof1qP6%lff2R&~YNy7{a3!t@h)OFrlQUbW!IKP`K=!}+$TXltjH
zvO^Gs;HA&QJ)EL96O94NFCV?Hl!Y@`qsa$8x6Bx9GAQnf64sG@QP7q*qAv0tG7`};
z7g_@XCa$O0`%dApf%XIguAK%i{ch>`?*6E5YTo0gH{rC3vxly2Y^3#F*lvh?Yv%?b
z0YE^AovNLeBF+JeZ;s}PE;HtM;vkE3u9cD^KuAE_8#Jk&A8^830$&uZenj8fa*B@L
z|Dbj7f<;KPJ5}_g#n~)TB}uZC)n>Ia1F9kcPz9?<!0i6YRcg8()}5*-L@0#>SNL3r
zr{~LDFVLzgPS~0QYTowJ$_?8~D!1X+|2PB|$3+E)F_+mRwzK@@FYyIX7lHzi5J*sP
zROQ)gnMdNtIf`OZIIV68=P;HcBob_Y(^5sXW@<nRje>W+);d%~v06(jO^9~&zF$$(
zkdn3($wovywoJ{O=_h1ro3#oLH<;~CO*cYRhPzQ2s@wq_0&|(#12#P6A~v+Q*g*A}
zY9Y7dU2})wk=eZ@SevY`tkH`%1z%qaMB#q?o8gLrV2=1<u1=Zqp1wJE_3h2!vyI2X
zVX$QA=YZA6@emwv4EQ(-`~)1ub<`48$TDdThs<~mOtyE%Xziu?HMgqY(3^arq)wGk
z9*KO`;t@8DJUV)Pd&bzW$CnUc?+qb7wsVz~f`Q@*1mTZR{}IoLu#VLylL6VgarmIC
zZ&HWeKQ526KeEryMV9WluG4X8(C(Gjl|PE_A}wXdl;41%hFFldtV{Ywhzic`YtyTw
zIQyI0bErjyyFVyTv$ByE>p8cyJS{a38M^V)KDuvk-@u~OT%SaIiPhLJ=(%#ECxGZ@
zPnU9D;Ej|kw{D8r*8lyF{4^&?ke==IF#HajD7^Xo#UI=A#1CBQ6ZQWRE7+&C#O$mt
zTpuO4g(%I5iKpCXV?)CM?>D1~<ijkg_`Ap)DCd`ilXwNe$xy|$h4}nWj&|~&eFdNX
z?(e1J8~5$dyH9hX+IT-#FiAg7?G=jz%V3zkhp%)$)+9ex@T<qAg#d+$=d!Uxrpqr8
zE@>^$w609d;=c}wR5Vfe(+De5x~6Q3&{MJW{U*k?Vh>bPHl-KX=;P)vrsOUL)M<`1
zgIBxxOan-EAPit=%pLIIs`_UGTITs{YL48=9Ea$BbU!aZ{Ew5~b0t(L+<NwH7suW-
zs$YlrA_F73C&gZ(LdaY|A}UA)Jt6x=hPWvfe%RY$qOrc>-8Ad>h*Xf*xf&E^m~w7i
zZ7S!sDM_}<Z-&_(G8nq%mhf1&Tr($y4$uAf2gAb|10?hrAhpN{&2uU`8tybhojjnd
z+M7!R&eay<oNv12m>g+<41k9Z004HIn;B`ckCHjJ%Zw~kMfGx+ih5@i#CLDOMY@`N
zq_&RBHUfrJo$94z9VNv5*(`^@G*HhQ7ZEfd?P7{#$+$KY4j|e9A~AWZVSC)vTSpyL
zb#u}@l>zk{?hjD4bi?q#6U{lY+EN?LY}b&O_VrF4bne=O)!0v14{Ih>MU=L&f@7rN
zBurIqf!llpvchJJSEvR;0D>a)1JixOlzYF_0Vip8mnNi9>#M9szduo(cdP{%xof?@
z2hlO=xpj>3#xqRgx^}B0+Ozs<1&%PRb!TU)tj1k$-!ThHS|fih_r7)b8;qs_W$ua3
zVQYDKMNnUWP*h>8S`}W)<HT81qqn2{MZ5E3fOu;Y4KqEctsD&CXt(*`X8&^cp08dn
z?NLpyl<<;$Q%9Q&)&Yb3)nM`V&hA;3PJt%o0xE8-7gg)imr=M{e*TH;dP8hdk<T04
ze%muoDkMa)0G%|$NqdP<hMdxhMOo~tD=l6RxIwyZXNPoOW^9z)(L>mLTSr<KuS5+Z
zBVO1G>IizKm^~f%Z@c`j1HX(WTAt(`_?91Z=7L+j_pw{0zP`C*`YaP2JE=Wz{n*qW
z0Y~vp_VRP+{BuFji>3H`VPRmIzNUfO6(?Uf4VCi(sFbZJ)kTCke$`b9exL;w3fet4
z`&dR<ccA6jfu8A$Zg(|nz~3;&_M_>??iU9tYsRYx+IOBGxUwKCF*$5_FJ8d~Bi0!F
z{z`KFHAcH?ibu)5*G$$`C>kjo@bJp_!Y`*Z(PDM?Nz{Ftn*0wM3uReC%cDR_RG{?_
zmq!7HFg3Knte(hpa>^n?pD+dt?wq&%mZ;@={DzqK#a#8RXC~>L83!GKYaxxjd*Q72
zD}wu|BgDfU-8mFIP!LJND>5NIXD(B~SYX2AuB^e^fHu)z@_x@3=~@JPO1PA{S=54G
zo0e1S*?yVEM(bJWb22a)YqxYMqUwLg8u-^gkR-T`D~WQ~p~tUePDu!JBmeBKv7)bL
zb~c(Xtc{4fq+L+xcXAh_e+FGHycG%LR<GTQq1K_M7EgGcfL^pXe0h;95qBv6W8h3$
z?fe^x6eGHF@$isfeNIl`tTUbun{7Bmy)1*<`^@8>R^F99w10Yexq@V0bzV<}8zX*v
zrP}JJ^Lx5x*vBzt{WA@oU$2LcRtz3q%e~s*x^T0NYy&U&)bJ!wNfQX3Y}4J0$`O?8
z109<(Jg-#r3^kf(_n~7O_fcn`cnbY}W61|c7Xz+w*45<a4|q?;5HLmNio}XEfaxTp
zIzJj?wI6F&JN-ux?f-71;OWBtk2OON71br!&;*4a(H9C1+)}l<DE@s$=SNM;_!EVL
z#lJtyr;NyKHoX#_^F6`5()H`!w~Fu9zH(1O`!{Yr4YhV@XLPc3o*#KR_^Zs6t;x3!
zJNIre<j!k9Adho%b8dX($-NI@<K4(CXO+EAG~a`|kGUDTF2(SE_xG*7z4ta8e!lXR
zww8$c*0G!&;lLnox18~L8>jE4?C&aP1gVp8;T%IhoVPV4)D-p~<jggcB2-Fo$v`lT
zTa~_FQ&<iG9(WH}!zqmW%=Qy!PX>reBr!cYkANAy!|!3X1$ow{S;7aAfiK1x`9-m_
z_D0drh5yd1zbEGJoH?B0>&@&ok-fKPt<1;79-;|5JL?py<;H(~`*2=B4<t|IFY0o!
zy*UXF=TimzQpM8<rPvf}5(lW;ZC0VAoD_Hh!U0wfhZm1q*D$fqKJKWi_7qFzOirJb
zqE4m177zl}-3QgDx#(gg!ySy~-*S(NH&C%tVc39)x9-QIaNVX^k`#Bz+X@Hz2lTMi
z9~_3>hrsBC^1~!MZxfPIST7oQAKQ|m!u`;-9I*O~V$A13-(VC2??3x2VCJ(yqS{X8
zjvuj$`|RlRBK(>Cma6If0nG0ERh;|zoL>FfOkEt<a^=$j?H51<dEy#RD-8TS%vsKV
zpB*~QEG<Qe**6&0tBX~0zC*dM$d<wN?mbTxi|&7Vt^#+dB0BmUUJ)!5-7gXicDPe<
zaGvnr?|F`0uS_)5t02c|sNxLw9G>qW72Q8rK_z{!z@F%72g)AI^)=+%d9MQ0l+-;l
zQam&IG~RrIvM6{Lbpv<GB@=)SASj{4-o)D8n@LhTnCqRSj!&t?bHL`8Dow2&9Lhg;
z$k{`q4=J8=AZokogi)oV55YNLqxb5k6H-oZ9x{r)(fF*}(oaxH6uzgt<m4Dj-4A=E
z&*(i=4rp*Z@9M5GC0j9xv$u&Q>4s4kEnrZ@@I(;0S;_IFoxJ_lF}q{Zmo5!1wY^lU
zcvFJ~2RFMJLVC-TND^-<FEpQTYke@uuk>2O8KgLbXF!|jUYGQXs49K3J&?$Daq{b1
zCKdy_Q7^TusS44bG#woRFAQs)qn=oiS5CQm&hyKmV~a$;2VP_B*x0HQm^&w=(^XIq
z2~_&3_1(v6V?0?DIj1PaMXK4r=VNBDD+;Z;G~R0W5-9!RWll)0y643wCC$f<`})r0
zbp~5?c3+82mF8+JB74mqR}Aq$^q*D9_i|$FM>Rs`bEO1J{+N(hX%+Yhxp{Hn6eG7h
zEpgm&zZ^9`ixSE1;;Iu_Uzi3We^LXQq;eliNt_4b_Qpw%t9h2)zGbb#&extvW>;rg
zR*Hqpi$EOAuBi;p+GANgZu;p~mU-EKmmC4rSCGpj`DHRpx=$)s#H9Nn;EU{O@0V?X
z`JPAiN_iHpWkqX^RqEdu)18nr(x#|}oV*@<G(htHovIYha;6iofe)6(2Hkd~-pd`*
zJx4VqE&`WInJDeDF#=;-v^*9{PNN#W*{@@X3X;yL7<zL>-4oj26)!yY_}u%b(B-N-
zJ<?KRQCSysaxV~GjQ9G=o~_Xy%lZ=gvd5%v>57>EAYE}@O*~YlqSqvIk-lng7VQui
zeF(`9c?i77I+#-Cez<8bTjbw!xN9%I-I2AhS6!1iQc!cR``DVr9k-ae+7@M%JxA`U
z+TXoY4Ha^>jamLuU1ObEH*`n)e)Do|?ZvQSieZX_Iib5_qV5pi&ZfD@6jRsyA@$`Q
z2ZM^tvzI87LaXdOx-p9N5Q3fgmhO?xag3qcj-l`T&pXuD<2F%fn<wO)sayS?cdCXY
zRdP;iUDE@I9T{@UYSkanYSC@K^!02f$b<t{^Q&l_TXo`t<yUo4q@IK49FAR}y*%G*
zg9GKnl9cel&s4%$+W)2I+drSL=rLMt4$nE@FAx<{@;lImzM|#Q5Acd8<eq}wvLp2D
zDY*@SlFONwBv#%oc1o*0me>1D`<n0uYLjLd=3q(c&WvR%Kvq8N?I~R;lwjH0hV`1t
zYL<TPF->u>C4pX#sxy`TyMWdWLhGni_9}!pdz<_>u5mFqm!s#`YeTZPkL?%DFFu2B
z^jeulSJ)ZsIAAp+j8}W~>3%xAZ^qUU78_Ju67Zq?x1ULOK1paV#HRnT4C?vdfHiTz
z-u!lUwa2uRY8u@=dKw_h`AX#UsvucS1K(624h9>&jvTPiCp&pAAZJWl&0r0+m!GX+
zkRSQ*m;6^1jsw=Zx4|XS71?Vt>tGNq_?JrxyX%Ly#DSzA^Z%GNNtzo9M|W%BH0*|0
z$z!bi{2oz~n)|$+<!!L3NxkT!J}rQuEej;Qx>^%$XG9mWW%no`BE@Z^s<{AJCQz4P
z=y}pGCNSy&AFQScl%csOM)z8}QVlowTWcWGu-=0#isZ{`Qgrv#bd)|Dq!HY_SD>l<
z=z%hISi_O5b_*a)vbXH)H8G*e-d)hbMqqaw4Enm!NF!mUox<4zuJe~^A>UAi_VVUY
zaBR0qG}!iBuQBf{yrsv$uU9bCBWx9goCLzZHk<A-Fa<A5-v^?Q>!)`Bdml$(UBRZS
z_K@*uJ=xxWo>+0fI?)24WT}hPB**k>rRl3jj@OJ9cod}_lDvYBbf2982W*?tYdZVw
z)%jr^Y=qhEURxiqW<@vpWmGi*sD^lG^NO(lsK&uRM~xKirKG<7aRH#ByAi*7tx|rN
z>VDJLH2S>;vaI@{Q$;n_>9+c#BkTJ8(2ro7FB`UD8^}tk78B?;9tG!;BrC`}u-@;f
zV3(>51KxpS-zfXnB948EFs?9hec0=u=3roL;z(tAnE_CQZUr_7`D4Q_$mI04iP0QL
zE##4-l_5&j)Uyhx!!S4v@6|g35&mK-q-^j14S*t<C=KGIc;8L#$K0*?>D?R?_pC{Y
z*)7U4Q1WgGIwRPWJj3?850uaEIjz&OZfNFdxw)VO)`dJFyfQ`Mjm}#&oquI2%_J)k
z*L|t6>KQGrxh?yHFKc)=hkrG?6j5<WU=}reE>dzKQs(L9kMmKzXD=TxkEU(9f7!Tl
z_-PD$HTq0+%o+2m3X!ohKVq*wjhp#=_0^TQZ1aS7f$?X4#8*8{EcLtk^jG4ms~i(^
zvv~@>t|jT4dGfEP$pUi{yp<%1CCjvum9dolt&{^;s(CBb7MlWZg>1!MJ!2Gc2AdY#
znihejU2UZ$W9hV3dNwxwZfkleHlwOF<01A26`MM4o;lc>`3jr$t~Ki;_U4z?o8Pe6
zzgn{eSO#3s#t^m0k!j0Ow#ePzmV3bBmiceJX^IiH?e_hvKq*}QBnaTjz8zt4)!X9G
z<o^O?2b%c8H$;RoM7cyLgDp(NH;_3**aDVoIhVira(j717(ta6KnXlV2@Fz|SHVBn
z!UWWL9sENH6u=A=007+iKhQY<7`mIoxue^*oIiva0Du|%Llsc^rB8q@7y$tAd6mz@
zJb3v80DuwHfuWE2q9;NfWcj1Fx?)HAKaBbW%zCGf`k7yP6<~P*%(|#sd8`9~E#P{e
zv%0GnyFJ7DsMi6TgZZd?f~9wQn=kvB|M^4My0Evov1dCq?|Bteff-D?rU$#XFS??8
zI;Go!C)_!;|NlC=FS;jidZTN*y#HvOSNWYQ`l44loliiX^SPfJ`mPJQuMhf}7rLF>
z`Mf9mHIMm2%!9J~IRFIunsdZAgt@|Bygl23p)We3W4y;-_cyS)#eY1>m%PcJJj$m$
zkehakx4g^0Jj}0nZL55A8(M_lJkIC5&ObN__$tlEH!m-_NB_Kd%Qt8bJ<)Tw(JMC6
zC%ttqJz6)t(?hpo<HJU%L)2^8)JHd4Cjkgxf<<5g2qXbdOa0atw@<4B2(0}WP{bIl
zJqTd^MVtNE|2A8{J=;qJ-h)8f=QQ2dJ!rEvK6w4wgZ)E@{n{si)lbB-t2v){#N&5_
zCpf!bnEycuc)~XrK?%%*nn%aq13p><C_XIyMGQXNgFWJpJ?Te8o6owN`#ML!K1X!B
zM9BU{RKX0`!aS6K89@0AP{-$kK6MAZV2Fbp48k&Ogz2+A+$(-XXgov|z?s9oCsaY_
zPyR!|{+a)SGMEA7KSUkWfe}Q0pG*IlM|sHix%Y?pJWRmDOMjHBIrbAq@C!e96MtZc
z!y4@W@r#2+EI&Yi5SRqtKZ6Gk+A3hs(*%PH|CN|gWkQ{Q$|e{wvJhg$e|08QnNh;v
zgoz;$nki7F%D)LEUfL>AW#czb1&mZtsneE2j2a;#6grgXp(sR=CRMtWX;Y_9p+=QD
zmH%p0t5>mRO$v*KQgwm^>H4<{?6QAg1&PCl_Mf;~wahN7HE2y;yK)AJBZ`lOKoBen
zCbb2iM2P|<|1Iok@Y})?77s3*0eQl_lFH1?FvwD9&<SRQDw_d%f~|)J7eChe&**B`
zuVKfQJ)3rI+FZSY6-!o-S-axY+5NYyuAqN(?Iy1)r&i#D$odLoflR5wgJwuBq!~H!
zH-rUdX#S_LFieas|8f3)u(UyCFkiN8pBS~n0^YT@w!NQ!fB*jh><_ov#8D0}y@rBL
zI_aoG%DVdKs{=9m3Q*=dGdyZcsEIa1kGqmg`-j8y<O>m^#VTA)zW`Zm(Zv^G<o|C#
z+6r7lj#UsON}TAX<1t5}6tYD~loo2tH0;t7ucd{QDZru<j4-GUWk8zeo0&QbalRR%
zY^cQ3#&bxd&9GWA#xv1OQ_VI1nQ=C^)LBX$9;s9CuQ-RoXo5W<L#(004x%Wdh)^rR
zvKjWA!Lp5@1PvjONSeXIf35^iClMz_Otj7RjPfco*$h?GQAx$h%@*fm@HrmwER{u2
zU5!=NSw}sU#UxZk$j&5a{SVe&felvJ{cHtL9qBM33X|ws9agqqosCx7X`w0>KunTo
zkSJu5NS0dIp#4_dai_JG+;a~K7u|K)t+lIm;Z+yjdFgG@+<K*z7vFvPmH+MDeuLE)
z;DHIA>feH86&T@#86N83hDTKx;)x4>nBp}hzF1>?E#COdj6Du{-Hu0{C&Yi|0WIa#
zJe10l@IIPpQrAEh*=BJ`7S%9MAY4qVpgMG_fJAI*$QIFN&hMz3ndbQ2VH+DW%&Da`
z1HVaUp41bo4^pOz2M^N77RxLgTbZpx1ZixsFY0>AGM8>z?sjvw4V4YN0OqO8G@N>|
zc`~BNLWl|gtq#ospMYnOL;`xA!m98@p*^w73Ce#qiX3vlO&h5SEUl_}?$KwhyEaq=
zNF8szmzuyr)fQW9yO>>4<~@gI*xJ)XvcnH(5>YF_GK6lTTD{VmJpX9;szfK<c~b9<
zhYl~OuipCWvCm%n>w!q!djVEQs!5g#^V=cCAvD4aBO3bV{Fe%w0qoz^^EthjW>Cx_
z;9ass>a3dgJOQrhUXu9U0TGx$1ul?*-qXT8hGK+?uta}T8x4eB<`6SbL`05aOi<{D
z9-lR4copPdX(XhgxDAkn!1|XgP!U5J&X9&RwBZeDNCyPUfDZ9M$^`He5i`WjA&IDr
zh|mKbO5x-mH?hz+<YSRK{4O&n8{vJ@W5VN^rT{$iL?S-5!WND(R;Hs3>Qcu;A0}l}
z2T6paG}A^5G0`Bot0T|;!MnqNrYAU=&_N1ghBjugA|#QcqmU$Z5tx(!kIWMz86hbu
zGtLGTYHV5nBbiBJJx!DR!DJ^v37biVGAf@W<teW+N>nz*l&f@QwK(}onmtmMwRDXt
zZ8?-y=8~5OfdvX+5lmqYlbFRc<}s0(Ol2;Unay<OGocAhFwnA>)r?9yc0dDdZj+nc
f^yW9g8BTGIlbq!==Q+`tPIW@Un(d@YKmY(c8z#BD

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-domainisoencrypt.gif b/windows/keep-secure/images/wfas-domainisoencrypt.gif
new file mode 100644
index 0000000000000000000000000000000000000000..3ba2beae45a8951d68f399dcfd95826d6318a904
GIT binary patch
literal 21039
zcmWhzc{J4D8~)4;GlQ{jV;}n(V+$pXCHpcYk)<JtEFnspX2xL1GS(=|j3q+$WJ_b0
z>`JmVB&29alGOaZzxO=nx$nLAy!ZX%o_p>+&wH(GEDeo(*FgrLZ~)K%{<Hu4iT|}i
zk_rIIS3yAmP$3{RLIHHX0@|2OuMlon$Yxx~XIzND(D*Qg#>U2Qi*hsu%V$w8WI;n(
z&?K$%HLM8;Y@?)oxukuSp}jB4z8r<EVgY~(whDEwQRQ4Y7K_z5N7Fc0tK!j!_NZ0y
zZUHW{e6c|m-qC2^c0=ECL*GV>Z#g2A<?HK<x!efcTVbJ4w>-S9FVnC=@rI#Y=Yle<
zLt9X{SeWPm`{>$p5w+Nec8};B--vudPy{x*{akdr^{rtbhZP+i4dk=D@6qfDW8U|=
zyzlkE3t8CsG2<lGWkS!nq$%&D9wdzwlvEoZA0M4miz;VbP8|qM8t~4Ti%1=~ms*R>
zVX?fuqcest=g&ptcNx~Q?&S>U<mBATA0y<C`O;Vsw3$%a$}U0SGL3bMHnx&voK!d*
zQN9*Wo7zn>9LR}YOSQgLwM3)QQp=}q)ow23coS;pyxUo+RWtV*Svj>cE#<ZOwKIg4
z?f90p&@R?Mc}7oFVPWIUZlQN!<6L87V@qRgVapt?WhSX>x2k2hyk#b}YkRXiy1Zqn
zrKP>GWgw$xzr1T^t}&yqXS1qnrM7F1FviLlVCDC)YP(j-d)B(Tx(Wwa8B?tMF;>gK
zO5qr*Yhb2onAJYKMw?=F4X>5|$75@?|L4t~v9+oh)?rV^*w|S49E;W7UOU6u9VqOX
z+H9FQtXg6<&aoPoSi>`$V>2tmGuvHrtg)Hx_9a%&9BW{1e|T=YYl+pq!kU|#JDmD2
zKdWbjHMO)owX{31!kSsy99}sbTREIsIh<SB9b029t!z%M9j>gb&8+PXZ?dM=STk#f
zW1IgmYi{juX>E6DZGUF-aBXdkwKBZ4dAPL6TG`xR`EO)%cWrZ@^<Uif{@V88(k^Rl
zo3*)pxVHNrSev_to4c&--Tm#|L)P}%?(Xi|{(oK8_Wt4S|H0ZmWbN;>So^#G&F>$w
z4*vt|{|09Pw_YNx>#5ywa6vV%p?X?xBA>i%fptSk{{y7%)fB_^;=y#3d9tKUW7+F0
zm9te|uQSW?6e|6O3v8O6j6OEJzPa$asbahs6UQlK+gv$WYJF$y)@0+;=?ZMAExW4a
z$lGf7rmKs?&#T|p;fhQA#9L}U)Snx#@_y6uZ2m>KRa&aui|xVY8$UJ|-@N!f(-sT4
z)34rIzuZfn2Rn|mDlQLD<n4+yBDFuik(Rl1JVZ0#-T1jUW46B^1gbn9pS}3J=0xM#
z%(dnI0{JJe>1@!*uS=sHFTQ_l(?`@)DJvPz4yk83EFI`yuRFr>3;ZyHFc$?8yU5;`
ze~{h`save|w0>&x*A5#d-z6K5l`t2{R!XlhDb82zb6e*6q{+V=6rLgwJTA88MQ}M&
z0Tb1-2MWTq!mZ#je~&JW8zB7xM|CA{9HbmWK|lE>iUn*;9&fMdkrIG-zcAzT!>{;U
zj6?u<$np0293dCx!%QK-dYM1n<jLDn;6#Z9ib#+eTD3jG_fX@yp7Qk}t2b7hPa-1&
z5oFq3xwSn1+@Q7mfJQ&AW0IC}G^@1@qSY<#qZTs((un)R)c7O$bO<n^d<Mzf5tZRL
zJ`^j4STK~+g$hXBl~%s+*Bt42{{$1bc<_7)#V7zUOV7Ejz{_7aRq<4)wiPfd*1y5}
z!F#tbwrU|O(I`pXX3d?*&T-DCZTL9rZj<b>7V6V)jU&fB*Hl{+evB9#&B`kmzI34X
zN>;v9988q~eW9O*WOL!wX*|FNz-leoZr=i9Yg5fu4$_5w4F5^LX9zV)N!{eRq}66H
z^=G^t`1AW>TP+V`_*n<%li)s9pt-f6)Sk$4eZTaZ<R(<2Mq?w*;$-OaNIBodFpf?X
zRPCrnaoegE?^&x}izwA<`*!%n7I}OH0r0bgz}xg#aMdQdpcT-hm`RU>A%P7Qr#6=#
zu#H~ncgA?hULlUDOrd#w?JOpr09#JGKHXemQ0Nchm`r-euf>=wk4T-#W)>t}>D7J<
zSY$Eb=T@uvTuRI+`I5JF+h5LO3ZGo=mqpz-0H4r&EB)b((Rhx`T}^A$EL^ki@{j1_
z*XK0)A45&~8o5u;Xb9RZwXPT4QI$)c9#=!`9yb-p?K=`Kwt?Adu2}I*IQ%F%-5EWa
zC9|kYZE<n@y}s`fsy_p{_BX?L{5tW}=F_jwZwGgVXEcNfqG(A*Tke<a7u(nCPA}2w
ze~+GS5A3}am4%;`N>tZZbAM-CQk!l#>h&%15d?_V-0TnbDuUoU!=Of^e?NI{MxHqk
za<BWES{wXb?O~0XS<7Dc<$HMz7J{<@cpls`a-VF8c5HYheaLsS#eKklH8lWP>csHQ
z&2m0l6V&vKK8D!d%ooC-5^Z09axTEWt+0(&wf{*LM4^c4(9irvd{14oGo6av&ODVS
z_@CvW^l*B#N{T)jRbvOA;R`R75NP(5SdSUlinSgxTY4rmP;Yr!k3c%{)0r2h$Mq_*
zIbUS1;TSq3#b~C!ae;~FWAY8^Fs}@`JQDDy!7cR;8j_WwbU-#LlI{xnrpi78nGe0}
zl=w>r7Z)&sf9o%*I@*l*C8UVlyKX5c>Cvm7C;#wRx1!!?qg{7MW0oL;Xw=A`f)@Mn
znBniHQ3B$%LZA&yfqp%h>tM8>K>EWk<zcZw>6e-4f`gIue3##>)X)*Efp~a;PvCDE
zJ_Q?v^hQNjX1{)>^>pFIr)xeMpqd5$>yNu9Dl82yD7jhmN<V7t4$Guiv;#J-2#W%1
z6$4?EzN_XIsq%utRZ+93%%Xj^E4+d9X=xGyEQWOx|Hi11mZVo)@?&$lwaG4H#sDn1
zJ<yH5Jeu{XWf7pvRFik~JEpZxUnB8lnL^Zm@S(eiALQzZb5AEftd~pQs<dx2n{J(T
zH82i`8vNiO000W$gL?ox_$PV*zJ9a>1O#G~djGwv!!F7=iTS=bt5GU-8z;dVvm=6P
zqk6H#Mfm~XjAZnsW(Zzr#*o(S`*wtVG>bSLMM6un3WJ+rQl9qf7joNM;$^OHC<u)B
zrkZY^ZAcM5%Ufg%IeoW>N6ZideRP=A9c%U!W(aVSlZmgUs83@tgs7)q;}IAD{2=t3
zZ+|x7XRI8j(;33`)24CKbc4!Y=fa|7@ox*0pLYF9RckWyMcgqg$$A{h^%n2i9+C6F
ziY6ewVmYrT`TVDg`6X0G_^LcA)eVFGe9ZH1wFsjzv~{v|-7-U6X%DOqeB`F%{?566
zed1dWJNT*`X*?@E>szlk)F2vr*Zq~!dHaMjA<-ZTw4cXq&@Ol9(qHkn71H#flRWr5
ze~r&{+vifSB4ssy5rxSQ8qf2l#=l&(B)xUqW%*o&N=-GZX*JxlsFfSwOd4&3swo0o
zOlxhc!M>GEC>0jes(Cw==>xFMw7+*S=RJCqpwJ`=SW@=<=D$vx$$xlxGN3V~aNfIk
zF6O0kc%9U6$CCQB{Q4A1!y<8#$Hnz6pfz#U-EeTORP}pYExYLb5q(4zZO;=NDGI#<
zT{mMK@4IF4rl^~k{Oj*;$r0olm7{RUiAt}#|I;i@Ff{0^rRl)=fW~t3!o_dmIj{G&
z_A7F}y_X3#T1q*k?|UqD>08U;5+(QN;%!+T&#%yl%fAcQ=Gp71{2I?$F^rm!vMN|E
zSIx+cryDbs^MQ5}MR&EW_^+R34+)<4$YbH+1k<n(-qr<xGrSGv63(VPA$v1k>E@mB
z2VX2tKdS%46J5Ue=8N_R-^l|vEx&oYS?4<vz>}q4x3fZm>^j=p$-;(9aL42v2Mn+8
zq*F$urLHPIHQ>+Ahx_5sOy9hF@wHMi@7qmpoVZ=^2sO@ix{q!pY$!iJR?^Gw!Ux(r
zfI?Km&15WR-oN^1yy#s2D+hwT)T481(0(7{AB0)`)?@fiH}{var26L}@#Q+>*q<8}
zvF@Xv4n9^HG;iOINHbzaus1FU7k%f+2@38P@Oj^7kW#I2VwK9Y3^BV&FXeKHQii{n
z;fChcACzdmtFYwL;;fYL*|L1z#frzX_;1*HXrX@!#=2{=J^His(`vcH-(}O~srr*$
zX*@K$yv`}7{XX*!2&^*UZ}R!#;jfEU2`6a`u5~`P_6)XhA?=RAJC4hD&eITbmjMnG
zbc^ErCKEpRQ2G*;qi>gcazYm6$MteTb_T@*Sis#UY@j%hBc5a4E$)dc=M0rg_#F@o
z5IPhI9;O7BZuTESJZ~5dfm1MjJkY)aj=}M)FcIAt+fhHR0VZOLf!HpU;0$NWz{TOL
zty@q$i41Egx`&eh0W&0Eb|5rY4{n<TRa3atZYV`jz)XnEM+zdEY|y|&tk-k9)2-kX
zND^NHx%G4xmB*bT!NHn{voA>qt`rEJ6-r}Rd!cxm>oqb^Y`|yu77n5O;&cuDzes3W
z8DK{t*W{g~(Gi37ItEPqxNK4uSs(|lXoGXE4kx{tVn^^LKB^~JTU(b?5Svt3nm;IH
zB6%#vprM|-BM{)GIzB&$dw~>g%M<8ini$k`Kd#ichXtn@!q(}8J`3C?mc2a#eDNTK
zxuHRuKs?NoaK{-B`9ApIE-)V>(2_{FPT?*MRPv?*Z4r=l2G_w}@*vh35q^CKnej#d
zF@(lQQG=^!>3<9b{#pw#!wFIVg0oGd$U619A%!8twZcq?GuQ-vXI|;yoJK)E=cUiK
zW;n1WGvvCt)U(*8F?Rzp;nEZdH9nr@A?Gdtp`HcSgJ(JZ=AhLhsxgW-`1G8pEW_6c
zx2!^=Gl8@TM1P=C6kiGy$3BhE6c<hv4FtXWm5sLHnrDJxVm5iS43Ar)o?nDXcnLu~
zVuP#{g`;p#IY#($<3u<=OhDWCL7`uA1w1%EPO!C^f}3OP+;2TprDf&wCk_GG0X<OY
z2Vf{Xn|#2PQ=gamC6E6#B8E>gFfcz)Rrthf-suDI^h9ESAJl#p=w#&kT60x!T<3fG
zNFeA@>m+aq`nci4om=_BGWik?Xzm0LrS>2|eB$wrHCGc}f)icPmtWX4k(0)v7Q8Vc
zjNTHS!#ew6^G3{I_LZPQ)r=M@XDdG_@t}}Dh|4%%f}$dJBPoBrlA9+J$YFAgPQl_~
z#jU?nek4gqPh=l(q&J|sH;u$tw;r}ta?eZxRhUPC0vt#@VdqQsD-1_l2AE$wqa4jG
z8dDS>LG$oPVgec*Xs*{&8moc8@y)zfm@FuYO;tRdhDV56!!tmoh944+fW#BGOGh#x
zZ8Vttm%JH(t!<Lsw8}Y(4)vNV|L(3t!_eBai&6<?5~`%5a6%4)7T5!A>t=t$EcCrC
z%}IIWaltx+8hI>H8i|G2(V^dwPsFl-nLK1bd%Brns>`NE5{oZI4OMt>i*p{U%zL{c
zp2XpePkfajrPn8+8qS^(&N+mW;$S{XjHvuzO~?!aLUGhFVj>5c+qLphGnJz)f-QH`
zJPHeeejvG{Wo05{_nG|d3}R%Pgz5w=%Qp4NVaY>}BF*KJkUR-DIs$c_{nFvXgAa)5
z*_5`blQ*p~rhxrNCgNg=hMVEB2hCRP+TiP0WpS)a0-@@KVJHbGoEfgPhqKL4Pg9t6
z85j;0Cr2@=o`U+1Iauu+#Z)-UmLmgQ5BgJ=OfjILc*J@EzQboX%wgt6`Hv{PGZPN-
zS++A2-n8&wBnG7KpF=RM%WAzcjF&LLBc@rmlwu4)^Z4AG*P$jI927>=6(&alqbZun
zagEW0XL4L+G$qt?m~l0mR6~maxaA*?Xlk?l*Cq<^{IqBD6$X?81u^*pb+3MIHvinr
zuKE1q<}0`sk2}x=CWo^`vx(>P(CX(7>MwlmKwa)YU4x%r32%<*Xueb3a+9lt;MsCT
z{YBK*CKD{kteUHl^5R;@^EA&F!RoDXD4tYClMW8JV~5y5HSaLEO};`|6PzaVa26VF
zGSA6kKux}Kmw#<yVGvLM@D|^J)^c@R!5~<u<|TZ4YjwvJG`w@Zz3FRHPjLG{b$iX@
z&Np|UjdmSZa2*pJ9n*h08cudTXWi*&tXEeU;H8&<=EIwc^Pl~mh7$ld(~jdY@XAh|
zgL(2rI`E3^PZu7=k&St^%k_%D<e-GVvZ#JlOn>#5`D!Ql6&}Uqjs@v3q3PjtJf?oH
zgTD8;9$N4UkL^wXUctHOKe%48Ep)?2Uj4J{0pIPxqhHA0?dCwd5)bL&F{ZO0b&DAH
zTw_AmvB0$ncq)#IC*>8>vs=yU`Hp9g-Q(Wt5^%F`5NJ492L(x|@;;;VAM){f7<VmE
z`g`mU9^bfGC@v34UiX527M91mpab`9;2D;u`p$q?%|OTkr|$y%8mcoua`5^Br{}`J
z#gxHt`+<9sygO)kGE0*8Gj*ue4v}o!l}a7zsUC{M@+5tO);>^Im?3ijh^|{od3+^m
zOzy){Xn;fl4adVnERp=GkwJaRO@;Mdv2I{;59dh;;WO@nnu0exbNR~8&S^MOB*yrL
zZ^R8JZEz)0B$f_`R{}vrLOcT)`vE>4QTHn1@*5Y^p#qI(N;K~1NXQ31og^H^ol^I^
z6b^q(UI8?a!050G#rZ0?ad659Dy%((L+ejX*mB1z*O)>>8I;=eD?|x<0<=c$G8N|<
z3@_geQJS?)ZAXs`ta7z8tS#q67bJy&zoSl*WGI!(aZV$HPP&a9{Zl$p6Uco=Xq^9)
zQhx}bz^dm~<aTVS=N6uO^KU^U4&8-X6rxfjo~h~d8-up!6R!(~laO3vz@+v)wyax^
zC89a~t^(kfB2uGw1lTpSaKo~39Nq8=lfJ2%1MYRu^lm5H*=KM2g`S)&6!rWov~;BK
zu56qGU4lA0!V%5`3w`<$!`Zf6_;HTig5&8t^u2SH==Cijnb7whfBBCXs4vDk-R>Vu
z`o_i&#-NO0$*)Cvg<ZJHS(4iOQ==m3qY51sS@-_Ff15;z{c9dDnoKB^_?2IsM4=AV
zQzaFvB!=IFP0l(vzgN`es>E>=`$~Lu7O%uSyq96KhL=!1r4us*`KvZ>KblON_-`Yt
zKeA3_-%1^k6y_SjOGq&qyYJ22pdr%m?Dkh<n4fgEXeToM@}`pChB+uHhXRkN&ngNQ
zYlaZ1NYIlqcq;luDi#*ac*W@h%SLf<F2OCT8IU6=r^yTMF$Sk2oxg}Kl-7KW2_;~-
z#CVn^csMx2S_t9G#S}&~rk?vBLn;ie8rJ>Ct`~uT^DgzU8*>oQ{nsWq{R{e^;Rh_b
z20}FkNHwdG_N#=D!D}_E2@9O53`h`SDEeE!v&q2ay94KId2iNywkzs)h#gSanMTp9
zM#?0(@a$n-&}zPQDq}6I3wY^kK6+@DG0N3O;|Lknn4JTdl#gwjZ^yiBZCJsrUh^;R
zceFnAY)!udC7*0ge$ae*9u}s~mGQ4Gn5)I=YfExb+v(sJX^yS8J2sp>zYyo)=NK)G
zcAYQoK-)SxUVeSq&DC`!yxr{N*SGT>@4q&k=KI<%-BSIvX_%|?Rng0yw9ctFo%BDQ
z&+P<&QQq53lePwMFrMotgMWKs>)V9v`-!c^f4qOGJk<d7yZ3|xrQmj#z!?kh3eLd%
z1KT9lnt<(Q4t>zaZ<s%DGEe%*Y+dAO1V_m(T&ZoBTkd#MCV|87{G;=Jt4A2T)Tp2k
zx9Plp>0F3etD_^4uf6N?r*=lBU~LhImDH0>i^&7wb@2Lz1Ea}m=6Vv#eI5$j2=`^m
zYs29(0(Y>Wwg%t<op+lLQM>rxT8KXk-Z9kFOxvV<?z_z2?{4(YNQLtxWbe*#^R^Po
z<Fj8aM~y-8Y(F(KG*byVuSHTr7b*cxsxL=41DeCZJFNm9WAHAZtJ~wOMPEUIbCog=
z1&;6%X^fAfI@$i-*4q*pA5jng_*mOWI2v^{X?buiW0j4=e{7Bl3^RydmL!B3Ke!n>
z@4|p<Z+HhV8@B|xzR`J!6Zj1&XYjo`V%ni!<3|Ol={K2(XEuzqkKYIUXQAi=$JZlm
zlRL>7zg4=qxV}p`VAjLJASUAyT#Sz9;*$*k&ryAq6y;7mt5_h?=KGCHvrX5mlVs8p
z!hjo9r`7*CWbmb|e#;H?o~XMhVttjTv`#`D4V(MNzlYjhto;E@@-C^NMZ=gUf2>WL
zC2&ibkdQmF>bE;ZkZAhnkCtgtr()T}c8ihPaz<*s8ydM5N%{z8{eX*-oec%m7UZ8b
zWnXmao>@pmH$JQQOsaIKN*{(8UO_R5KM`?(n4<K|M?YzkeWrTt5w35xFaLBbBlkn5
zyVa=bh4F>oe{ODNlvO$vPj(QrInH;XY<xcZ;YqEf{0Ku%H_;NBZmQJuIY|#cJq4(X
z^$lbtPe6Vi5}B8k@?#@^q#l_^uls&A<ATSXRplojmL-4L!KAKRa>ZN%EpzdQ68Et$
z`3?K2lYiR3U#u2HY-k5$^H^SYv^pF4=>Q?QQW_VeL&YCF)?Jjj;c?sX#jX8f$Nb(6
z>)%KBYu8I7!x&(#*!S+LCYJ<a_r+>YC7Sudj3E0Z<7#UbjS4S+#<ut1dB(of@^1m!
z*ajCyH<@Qd;c02wH(Ny6DP9Cz?g`ImQvwX)7Rc29<1-D>a5%iBBvgv9*`etgHkUsX
z<+bON*SIS5rJF*;P4<^~naMrcM&9{0R7uofaE{2mc06f4`*;k0$!#jL*~hw@EUNUU
zJ>vOvz-pp|O!|t0HP5t#i>XFmIGgb0rG+6I3M)Xq-?|iy26!jQkS6Wz0}C}v$W=y)
z@!$fP^iq;dK4ogMHH3(*U0F>o?nKc2idjX&XI=BnXfWG)`UTSzkE?ob<+Bl$V=DIO
z6Vt}riP`TeFVCR?$QWwUQT7Mgln$7c*ts?ON7~aR&(@g<R~t!1tdCVJ1+L240%E%J
zPJYW*giY(+f6lPQOqff2zP&}}gXjgWSL*!HeyFD*d;OvE1-EW^mR7HE>Ed<)=2;<8
zFt#fDdgY@}p4C0i)yyCm(7NC2<EF=#JLnNs&+l(`f3Eh7n~m0wHL~r&tEHF3p!ewo
zLZ9-@8kGC&B|c@JvTVRv2KJZywuPj#n&y(VE?4%Hc=hA&!atu{Jk~FxcbcO=_wvSX
ztHLvG^m8U%VN2GP!Re7tIn+M{uLf6moT!MS6@}W*Z4V=ET&whpfXdrF;o<PlutsA@
z_moo9+!9ot_VUr%K(G?*?d1fS=(VHwTh$EcB#@JKp&|9MrDuT5Z6STOM%>1S_2^!S
zVI?hD!w0T@D_+E)UzJ_XzNQ1Fk&<N|=&A~OyM{qg&VBo^O3|C!`H&ik&gl9wid+a@
zrVKHypgm%%s+@3a#inN3iI}9EfZU@kgjXJu*h(!M)kXNFz=SUyRD<69vHoEqCy#E0
z=z3j;ujwi4Md2POHUL(q>G%v5TaD~pIU|RiG_#t9GXo;^3;^cG$9rZ{3#v+r-$T66
zfW+YRD14F;!))nC+)U-~-PWUgt^DjaEF_T5i6tYS^eZNN2*yV7CtGB}DK(gjvIL1$
zubbHx*ufKd9|lESTG{VS^u%8(OXOW&heOa*O&WZFBu9fM?5&*3`{GggHYU4E40G4K
z#_65oV97myHE$l@lIgea1uron{K!c<^=Nl6-SCQVGau6OpXnp_1M?I~)TO@zt?63g
z<09>WNY@_dgP4sp*$OI51Gj@1t08kWFMM(?iVznE=}^2fCe^}K#opvE!y|C#H9Z74
z!}C7Lar60EF)VvZsVo?-@5`$43#!BY?5P-x9!7?`ix3*X<<=oeIqQ_gu8LtqbzGI4
z9FzEC4jRdl1W6+i4&mcvD6nEooVdsoI~QIN>`1w2EGv+5!waWMJs28gKs2uHll-&}
zEN?dE_h=_O<g@5-390}>sES!oVXdq(t&;ym0VOkgw$j2ZgSQGJMESJ<KX>5VQ(EtP
z=0yocH1>8ia}`ry;>#wF%yc#RiFq1b1``&<bEYqRBSTTM&S^Lx<&m;jiR-$_JGcvk
zyr)XD{=!+DF%#pC)xMPy<lF}`;$3p3DCJL|$XJ>7T*Rwcd^R)mzg{gwCM)YvLFRlC
z833xhfu(DN5tkHraHl>L%up9nJW1qqkh@%cY^qY(h|@NGZAyA<N5B<(_*%H}xO8ud
zJtty<bhYoN@=T>Y-?v-mDS4mReJ6vR(auCqS&;O%z{C`E4<tHVUgSL^QJw@A;f?ZD
zdf+|ex5ebp+N1LpTblz@s1I9*gigeVZRKwhkk<(}JGngSM3F0r(lN4)g3E(vwr@AV
zz0X#k=$H>Y&S@Lw7Io9h_Sx0xM`qW1j_a@sql#;>#GXcFv6%XaFo%-Vqd;(|-&T?x
z+RrQ8@Uzec1}Z=yq@7IYLH^3?zt-&s>a}F+D0cq_;-L@_dMz-}kTx3+K+u!K$)5Sg
zV&l}o#3{038Y~TgELrLjKn2)W;>p@AgpAWmBNt6dCGbY77qFX<8c)<`Y5tnLcahEA
zrAZdHF;}UY=&Q$bjntIWO`STD`y|cU@J8QO)5pa6(WXOINm70fVp}0a#S=b;YH|GR
z3VX5!V-Z3kksk+RSAbK7jTzm+tB}A)vV|t}v%EMM9O*lq84ov<4gw5PEt(|xA?J0)
z1LiW7%Kh~|<)7c|H4*rnx~=k*^Nr!7+<kMqyIYJ?Z)pqS3Pe5Hh85o*gg`7N48+9B
z7!bb-rqmE54uBoyz;2!!Dh;y8PFPdB0>8cTepgYhMwM^ss`LFGIEcJ!#*&usfeYPz
z=RR=L!mOKDZ5P!f%P}(6V+@6<uaOV|%VuLk1Z35Y#H&+15|hqTqPb#Oc~2+eeJm1-
z{b<tf;q2-Y4XGdHP_W#zks#itt@IkTB!p`J>4inXl$2!w*Gl$wSwF7u3G*77`@pGf
zLI!0X$&N53y!0InN?3UO@d$bi`sB#{bkqfgXQIAEX2W{ehZ71$O%g6%W;>Jh<M)`s
zWUlY;dtcsL0M4EMIwXeR3f1(~v72~KI7E4hbjL|#KZrjW12SS)Fw|M6s*j(P)A4VO
zlzq=ga88a*k`n@bvAu7t(b|xXBY`*fh9Ep+rqM~+-d)Q%-(MP~vThte>AbN+_zb~6
zNzy4&GkmS>ueRuyw&fPCBd+Ako9+rHNnG9*K5zdm;1^~7b69#T%-F^9pV{?BbD8-2
z%?r^=iYp3cea7&_5?M2@+m$^u!*osq|K>7T;>fjNTw)?T-so}Cr25OLlP{xAvWGDf
z?+nF>pg|u>PbHCw5Ww*48~old=DtLu(=0u{wbAJfUZIJu`UxY5=#o0C28RREc6DU;
zlMqAd<JZq6hM+%t!QYyWP32X;y2W_`&%PVS9tCH=VE9U#lRm2hv<JVEtjra4*9Nn-
zUuM9LYgZ3dCe($u{`>UoKEMuf$KRotO?sM5oy4%&x8J*ciWP!^2!@+;9Cb)}k?XtR
zp{@Cn&IIo!6YVVXeRtgsKKbi%J@M!sjHE%Odqx|fNgfMyGuW*zCAm~WZw^89DoKq!
z2yr>k=sdX~2=y9`L1KabbT5cK{rw%fBMM@WLjUlf*W@Vi0TBP#SDvMl?DVut?{!nW
zHJfrJNI4vN^S5~!IX;F`Zt4%0&n`DRi|B1t2ne>|MzP;EY$F@S+uX$nqT=j2&HCX9
z7gqc3^CgE`8<fG%Kp8|h>de_r_WMJYg4i=|q+VvzvwQeVqgJsoTj0u{I<IdOi*Pdt
z8PMuxvt;99=K}}Z<@#E1x-p>aoe48pDdRB}tVwGEJ3ao6%3!=Z#+HOJSg^FuPWg`E
zc3g#}FcMEzJ-}w;@8c7rysV}#!Q4oL=kA)HFB@zHCvFE3A1}v`9oE&}=Ev9MdUoT-
zDW;!$$l{gSCbHFGuJS3B)?;M6_$=)0V|Z9N>~Yy^3Te19PZ`4KD;BaF!P%t6*hFXB
zJW3gST!2YJgQX$*Q!(8YxJ3QDW7WGQ)VJpQbP_(h+XxOTAA!eU67L{2QYtlVZ`n?5
z5ETQ5hv?)`?CW-FoCO&#N=;z9YcRHK`{=D@SYJy0s>SgOpdX-q9Stxt&?cx6|J=X7
zC8Ylai7fSlsK<A5s`W)hc;YlFiRJkTZges^yO$3lTTAauyh3Id`ihqb)Lc|y-^kRA
zYpj+3&6hHJrnHqP>@nhmQmLl{ZyqH3(kh2q!M$|&sD*jd*;C;Y;0ZQ|y1o?mSzSnY
z{%2F+`$q64SBIIJs`q8Y{1k^;k~uGS$WFIA9;;@FAvk%$wKg>2WH2;m!U;!`MuXu<
z6ZkzW{F#n8wra(k@Vy;-nhN@z2|owoZp}}9s=;~Ooio-y-GrRJswe8nfW;zDh{kD)
zJ$@ldb4sDVDl&8`*~Qa{k|{X6B66yPI=M^Yv=1ka2jYz={6F>j{TYeBNaF`W4zGa<
z^&Y3C-G?>HPNklsteHN2Kp1O~?O><}unpNbnNKDh=q+@f5QpQX$zZ%L@xHDWfB`K?
zntn6W`0tL8r)VhJK~x}hz{JFfcz7&M!VE9*Dk8fy#zp!nFH+d<u6x3RHmPvD@|HGC
zrGX|YYqNt+*2IiI%!^+IJrIS%Zd3H?F?jJIN99GkGBQd2AcX@(S}kZ(qbBHT5KkiG
zHRGLrvrQ)noE<O~E|NUnZ)o?P<Y4f5ScJ;%PkCo|i@bOj>->i_&{OMjM?Y5mq@+Zb
zWSstvc-;{AWWJobEB<l8j#cE@LhWpX(_ffkE8A`Bga=>PZ(M)Dz5qL(gqLqaL+XK2
zOy_4#7%OT*+9eOqlgED3og>E1{tel_ctcJle%4ZG<_>Z;o>~)(al3rkO-uOo5H9{0
zL_~8Bep~=_-|*~|1emLma6y9O_~kd_dLX611czCmwBf8xf5WQ!`5TMP%US0m_21uk
z*KT#D#=P)7d4oOLJ$V)wOJ$0BYH;>iXFI+tn>q`2;+uWod!pj2wGRAs{Jjis9lQWv
z?Ntt9lGI}yBQciAo=6_sc%;cz>8PVoAgYh&n_!FmPaLmj&pBnD8|vW}<tAvR*iiN%
zEk?S5^psx*Flmj4kU&Mzg4)0wDBkH9E-{=A-zg)oJ;(kzp<nS+uQK(0JQK29I!6kg
zV<ik-ATtu+A2?fO-}L@X5`OKv&wQ^-0zVI3@Lz!4uYcWoO2Do=yI3Xb{%ltQljJ`O
z3u7utpJ9I(E;4>hq;$6GE)@p8>!sKl2gzP|%{}_?dFz|ceMz>j-+ILbV-kNIdpY@x
zfHL$BEw?#_OK`@-T?||d9|hoN2&x^^h@rEU&lj0G;6Gq}l^@_!4jR&S5KgH&M5}i`
zb}|$H_&z3^#-;5xX*%M*^iHE+E^z62H1D&KIB)8LUG_ZBmu{oW9QXec{qho}xD&n~
zll{nm&FBMVl_H{llb&5jJc)rZy_<uv#0#wnzfwQGe&*Hho>dOFs=_B;^?I#S24*>J
zT%3H4cR@^0*=@p+?2^a}?Ejn-$!`#OcF<_-w%O$21$c#;jyMK%R^9|&sU>vE^?nxa
zd<Qmv_CgA^N^t3wNI=pv0oxz$K1d7@owB^v54$ltOzZchyj>Q}SFKW6D2iD|N&9V=
z!d!lG-yUK+M*Z|7qGB(LL*)t4zc4X4k1}}drB)@o)9gy_)=K-qz<my@mPyh?mi;@u
zQ+oRs&xTAtQh<bSuo>MjSE63psd@16Gvba=N}?b~CtFhqIu5Dt*<e52obvjlHO$SQ
z=v?$sDl8qPkB6N5+;j@#=C<rZUb4qy!Uo`;Y4s%&pIuyu#(9a@zihaFVAg@R+wa1U
zb$#AaF~pL<SswV{Ha{qKW1$3%Ih!4DHK1RF$$on%U_xQzL|V#c-E^zt`2LKpfo^h*
zTC(B%`Ol|3Sy4858bmF3=&dJLHn%7V(eizl*WZ1+BI}mzF3lcJS-%h<1(}uG)5k|s
z!H^gro@drS@S|rQ%n48Q3z)gI50O#<Kzx9dO7azWisoKkxHhb6qT-6>S^ra?^uj)g
z96-YPHZ((nu1Qnfsj$R$kk_BNR0gan+^-m4pPG_l?>2oOn*f7v(w5drG%ptiP8CrR
z|C~4PtDLG$Tc(Qmg;73>&_Pd^0;-mJed5R#Sb`cE?tL5xwI;G^bA6p=VMFo6(+7~I
zZI>$!U!MmAw>-h?;I`LpY_A7|S>Qn6Jdkt!_Sb>!Z!_ClYuoy8!dB5Xs-A5_>HBW%
zc829lpk<;l)#3)7lrHow%uUJN?=c(mgWx|{%QATU2gk!9)1rVY#Y^x|dI(KvQ!;JZ
zHI4kq4OF?&t%yz*9ot$o**eKcOb^+5s=2{hAxMzOCb+NQ%Fsmm7N~;hAMcg)WFt8i
zyz00unz(~}xFc4vBmQDXVsJ-N6xiblP(=4%I7qx1@}YZ7u{YpxM#hu=C3t56@Iafh
zwP&@cHUvEW4Fa<{2Rsl!PJMFRhFWo!a6E;tUm1B9%32EhWDvDwBr+Ah5vPMA8<HUj
zDskTrN!BWH7L^oUcedX<5Ca(%q-ezaKa#-ue-9)O*8%ZT>OxZP#osA$;^8~1wSW|L
z&-TThUB#ZN3a~jwbo{mF1pA2<{ptLRz={0npoLeZ@1466ZFfG?4^Pw`fkYiZWX9bB
zLJ7v!iE8j4dfMpx_JrXcxLKu|A}g`|IKJ^%axO8EQv1L@02nEWgnay#B^@6`(MG@r
zoEVYF3cPJP$&ea#UL9ilVoRACWgv6Y4h4WKK`%sZru-wRp?^7HZc34_OHs~EX@W-<
z$sY7?y6JSiYeA>qgFrYkrwWk32WY`|SjyJx&-bqjV-Dgg@nWJoPLo&f%P?WqdpVb*
zH2+P-$3%(V{924se`JXoT-JbK*aGe*7q1YbQC}e;J{Qh|35nxgPKn1`b)mESqBhVg
zxfS=&?DeR9zgL`M{Ip^^$<p=4N{lZu2Cv4<4SFBq40VviLH%3dO=@uu9!4~X;!R?R
zd@NGjwF4)<J1-o!rBL|QmYXfLcqi(?bJ0I3A^;e9U7qvc_$c%J0C`j6W<m`3yeC|W
zZ_k>3Q(O_R8l!gm3S6GN1FpoY9lWbq+6+`=reE9>J{^#mxR>=kDX$-HbKzE-X7=l-
z>QZ!Ei9J5Q?)Oyi(#eV6Sz{#Db>^+Oxp({ShOy7&Z&oIr%Lg92+^#+_gD~EfP@dh5
z_I0TGElWLA0}j;c_Or$y;jJ)QeWwKm+;}Be>vXd8_R}t{y;l#dh*r>gYr=Rgyz>0A
z6R^Yg>WE~!0kbBmZ{9s~J|datZvsHJE`|zd1TxQ}9iZYz!5d83KC*!FKl7i&l~=-0
z&55tkO!*-~2pXx9kAHK*37cH6VHRJQl&2lxe_~M4)CPhmz;S;0p*-RAa^o-Ja!T<D
z4WlgjV--t;WuiD@#75*TLl`1H=e>26;_&+Z{fVa<I&29<*qJVktk?eMM?~^wKL=%m
zZRVsWQC#^@nE3a^iV;?hzo5IndoJ|A=<SpJa(hXJe+%{J0}C6(sh7EEbiju}6LvLM
z{=kVOkV{XO5Mc+EbbRn)<#YdASF%SI+8roQ{pn0!%DZfzl&eRrXHw?GLr7QjW4bjJ
z97;643apJdACJgQp@^P1ApR=4pVFUNtedK6GtzUg*NS}R1^K1=MZ@i&7{`62Ug96(
zapl=NH~VYLcn-t+&3x0|(7UiHA4`mAiab;WSd9JqT*Oo&#ps5&f7a&#i{qSPI7^%r
zGW@^edB*QTASaUEtJhz@c7dCB#Lbic#n%3%Yp*_^=QA)s;`<|P{IVA^N5s$$56o>J
zPTQ!Og2Z^{WHYi@pe647i&}q3k(6WWi%n#>(Mw!X#CI{PJW%ySB+};GJr0+IV}Gq?
zY$3yC>?b)iRnEroE_qP&O_3CEg706NMX*SC<;bPkd{lmzKl-{8HxG2C-|UFZDiNl*
z!%R(m)?I%o)Z|~DgxD7aUqC8xw^vfuc2k@`3#qD`1ESWS9e#M$<;9r#-h|v(u95FV
zKaCM@#v2RC5kMIJdwVJAwxVLUU1pg0U>wNQ{dyiBw3F%3d{NPDzDTVh`ilx<b>|Xo
zOF)RzctmXTTtX4`M_?JkRlLOBA3x2()78m%dOj)Je@qpbdqK0RreQ9#`g9A$>O_wH
z=Wbd}$XNkaYe$urbA)qu>5}+gW8Ej&(_$1na*gs;qxleebMzE#FLKo6A4PtM-RlNA
z@pyZ(M2@0C;#qCF;Mr%_ii{5p+>R}z^rVQ?J)+c&zofXh$ffR{XA=SoA|MFV7@H&4
zeT@`zdmi&|=h&bOQ=jk<uN0DD|B<O@b?erC#EHB1|7p_~mEsaXf;F9yb<R7bl_0K>
z9w+oo@i*lld0_pA?@Pln9+iT13nFs3<|xWla3m%Sckh0}?HP@~?<)j~n1U^{$0p)L
zH)klG;Fy;$PNB;pFWT}N<}r?CEwP|Ey<6s-+o317_ktd;WD`abw<s_EjP}}i)kdxj
z@cVVJKynmwC$!$W!6Cft;Ow!@PQR2JY~9vgwsh{i{jU2HJo3)E^m{G}GH)ko3e%PB
z!WY0)#Msw!$10PAZC%vw<$$FXzj!c~-es<z;?$9W45~nL9)FX9x^m+a|MmPh1qtt#
zdPw#eL?)UPGA%CBhG3484H)nKaYJUSjm;xW+I@Vlym<*k;*gnyt^XwBhQMJn`P10L
zgV?=*egUZ|ObRZ6ZH4M&6XnbGR-39|?GA(9yO~Ic#u|8(z=TBO+x<tn%`#5ff4};p
z)2>yXcR!OB7KqHV?u$sfdFTUX($h}w!3|P^<F-0UCz^7~RD&!W-$a!oAU7QOHd#!V
zL12dY1_|uR%^`)n=fZi@zEpvm52EJCk)iKG5>=G#7p-%tQnH96MmNh#>kbL1?P;G}
z4;0~t#H8^csn8Ryw9u0GE%)D^2~ipv=xr9wc8LJ#P3k~wl&~COUUI^yV90d~F?yh$
zsdtaX=Ra6}w(Ssqeurh)$s*GS)gVQomY9T-|4h@2G%#%QvsOCSZ78Mq?uV*>D#U3e
z>XAVV$)+QYt6?!yCw+T3#`Wk@KQ=1zC;Y@`U1c`?A`tuu6-21vAg?|-jcPU!7ibMr
z3@4h^RR)5$+=F7ht^xw~r7{QKGEdC+YZZ)u%AA8%Y8j^F!q5Kf!S3uV<HKd%o2~M+
z@t9zAh%eU#<2b252Ue%tKv11XRrn@jP={PT>C<{i!bX?Q>A(JtvOO$mI2otiDZs&o
z1R8N6U+gZ~j<%q?MW<2KH+jD3eij2D=9`|7IeHrPa9v=d)!aF{*U%PF2cwgbm!$}A
zZuqXivqwi<y7LgH7E-hy6vExl2k@MVdSE9?2aAlgCx6K-mHvqzRGVR(&>tn#sMF(5
z(=$#Ni?OTPwtWy!`@`qwXQ3)Mn}Dn9IaOiy6Pq{sTIxYJ_r)V(&LP_+je>|C_2EF-
zs>{y=y7=Z>3({jBOvy#Lpx+skX!4s`n}%O+8<l@5+V)gPNo|icK}yW1?Ni#u2*Q1N
z65UC5*YiqFW_BlQz0>jhqFU{Das-pHnJm*%4b~0!{4jKNuS>C^N6*@84gsSyBlwO*
z31q~5d~)OY<by3`sRANDaj=5_txDc$(+B6M_Jf^=Ouw9Eaz)Akd)N&Zh!2INPwmMT
zaJCdIa23#C61BHuEVTj_a@_Y;#P%pEQ*Zl}bPY%^k*fYz*WTv*o|7LbMn^gt(^r8<
zH42X8-0Y`!af+>I!M)b2HdldV*^EA~+!>Xi$&j^Gox{kZa5i4}oRLP&N*(Jz?WT2S
z#+O$@avO(mahr6~yjMMwa!%~D-V{E(PgLcnjf3U&4=yY&jm@asfCQJKnmX(sm*+*{
zRu14K;G7kgK8K;zbFNGRWa1BSiY&qn#>543KT&va<M<n3`<$H~$i1usB%-0c7_W7g
z#~r7b6GKfD=DIuh&@-)l_MI@tO^oEvd-{1E+S~<q+k4LLD@yOuwk69_Uqm-gTk!zE
zZ3qDT>JsDz>c5*4IwFO655`Taxb4Wx?6;3=PkmY--G?nsV%2RVVkd=*FU%<4u!hVu
zgav6$FxD<c>SWKK3DZ<%z>obBD>s$<p?4R|eu71kLGj@M44tPq@5SOB-1iQ1D(t#d
zH)i+LuNPNv+fg#sP!uJhO9lmjn0A9YnHkt-R_~23&kUc%6<NkmiF|$x!eeup!-@^s
z*rRmvbZMlIk>g<ib3bV$m<JE6Ms7nUJ3hVA3vf!zU%340*?4X0NFD@WSAo+(P`T@$
z#*YMpSr%izj{O)IU*dJnJH?H{#E4IzAV7HM$hu=3gzdiyK>c5<6jSnJXD>$n=~G9K
z$3ErkKy<&S-n5o;9#qhS>;q`CnR{UQda3sx7BRD+Umq6V-6KjNsGvhradZz53x1z}
zQGCQ(eAb(dha|HHa9b~7EKpz~&YIM79G4J8Sf~ohCS}l%7rfoexCr=T#Py1QfH305
z7x#>0wiX#HAdC>^<NQ4{UX0I=43>=ig3rz^(;bH;Bl|OaY>R*TWrR<7Zk~zPVf1nP
zo1dp9fFvP+6lny6gL2CLKKF5Pv}h}%c%P$a7X*OEya3nY{n4V8m)=51pC9iSV*iSr
zkdO!tj-i*2oJI*+WLX|g6m*U;_k}T^@lj$8C%4V`*yg=!DrY+4y`2BiRKxr(l5W*j
zTysuV^}_Oz_t@dN8Cf58n^u%-zt5=R#j&4&e9TAKn3sU<(C$6zFEN6Qq|cZQc^)Kv
z_>Q^<!ms}H;|{>U<``DlJ;!HxN)d8H(Y9dwI4XZ1@`)+0>&FEf#=>vHFB(RCR*u(l
z#jvGtY-d^7>!ad6YULeEk}Vsi!>|wxToTGHF}eLtSbVSsiBYr`#~!%8eY(i<EnNI8
zIe+FO&sBM29p8_?X=btDlOmtyX&3jz<j<V=Wa=N6fuetKzLfXn;(!>N##j*vNstCF
z{d~6|X?u~kwoqzhnXx6|Ft&VBgiY{p+4OE4r)yfF?~=;4yz}lS)j9D1BwfQ@02@9o
znm{|QBxh>xzZWgfF!DDY!tpwm@!$RU`zO`XZ}mi%)X7+q7MtJeq}6IdGHAoi)XN(X
zuz>C3K{_aIJqA=01!<I8_=y)q-~<F{t2s2ENYtSiNlVhqMup#m=d!a&fcVc(kL}NZ
zE5T<E*_6T`Lpxb0xtV!mm-4Z{emkijjRY(Vj??(WKT6szNtOWIfo1cT@eEUxN2G#j
zpV=vK;C1C^l<jQuvdlFT>8m0Zss(W(Jr_;Po<yD)b?!<(Zhr>C1iKR1q_83^slLuz
zO8nB8rL97#p~YoIAJZeh-|S1jCO!FD<X>LKOMR2t8}(k*rrtchWJ)3$h6_SS{^3Lq
zxgofK-gK-u+ph?@5{eyIZ}f}edZcEctMyt06MS8dejM#;9Ygaxv_C&qdTY0QT(9?Z
z*abY4B06kC{>P^3eC9}1C9YOwQ-2-219l7qbg(Mc*|uPf^6{ZU5}OYY9@udN{v35S
ziRkszo`pBM>xEAs8qM->U}?#XD%lqb&J)0nQFJ}j7i9(TRfi3VH1t?OYFL8z!xBds
zY%ZtQmvhLX<=-lsq#nH^1(g#|FIlP<n#|Lm4IcNuWIaJh2~o;T`-15MqZy=7P*wS@
z<@-MDzoIXWis5`k*dCkVa2DoGUOvfVL4{LK<2G&8hBu<5Nn+R;E@}`ihEWoW8Y%?q
z%%*{BsI;ruXOjtUz2gIyJnytCFuZZgqtbBV6~Idod(@-6bV=AG=!xd~lgKJ9P#h+~
z!mS4W^hSK$%)(f_SePR_IA*?@m`@S|6i3vsLtfiK7kRBqM42@Hn2*N8Qu9F<y%Sh{
zTFs_53m8@LuMK7ajhmb~ODRhDVCzaUsNhSnw1oi_zo-pfHKnKB#u=GmZXbeH|NG|7
zBd!H-k;BwCaXnE&t4=W&cezRKT>+s=GLA*EkEJa-Ypt+8n=e~x3ado5CU~XUJ~#my
z=O#Ctyik0^8cCB9@iA$L+{Xji((`>_Qm%!YuLe@FXW&r1d&~zHTYf9~Th}@N^Z~`r
z;jgaGG~Tp_yjlBN8))uwfuN64rQZN_?y6a%d+gL`pBj#B$<lb$E*ZF~V<&nh<$z?B
zEtF-?K<<{+tm)`$rC+x|ZI7xg8%y^maYjYoFeIY>T{({M(D%2u8i=9p8LU}udq}uQ
zU(;~qbONc>@iSkoul))RG4=TU-##4*`1;1NkIDWDUI;$iCsQx#qs@8cA*p@mvTYw~
z!tVCMOLbGSBwwY5^IY}kT)DMv&eKQo93=Cm*uEwuKv55pc{}9ojZgEBG*8S)n(}?u
zjfIG2lfd6Xzq!aOMXAp@);U>U#g>5x;%vwMD-}KE`aJw)*QfSD)%o9=Y^u0Ar-^P|
zMbo0gK8LYIW5<j0ekJy~HQR?48X=G*4}A5L?<h@zRt8Z&Dy$=$sNWi96AtoM`~J_x
z_eX7te7KbWIc|=}Le2|uP7&f-sP=17a=W|&wj|B1;0rSY*e2*l;w%eQy<Y7JCr+{|
z^p&`T5R#V!$zZ2wlX}PWfN4doCq?1TPng3hakrxYbj`}EM}6W2aeop%2(d~*WuFCL
zR}g<PrOCZvXYA1AIB7#0zhe~~!8>0fwEzCS1|Bgz9>Y|w@74{XtGPqQpp;{?4O#BM
z!{-rrA5%gGUcNa_8xi7+pvWs+hO7<~x3y*7TqI77b6aZ#JbCamFHXOcN!ueDZkV~q
z(FIf*6dw4?MOC|PfQ&87TcXcsSwM_82;J<af4)SBr0e|HzxJ#<4x~?4(}T!n**Y@u
zx_5goOWPiM4pCJo2W8XQKSq)p37Q6g00n&7B2L?1*Ls#k)V6?}rho-D#CS=5D#}ed
z=V>xp8PfG=q0+Z@FY%hQ=6dzl!{27=ug1wE7n;br1N){Gt0W^qqUKSr(cL(GzIk2u
zUW0<((;Hyf5#6TG$Op-hCXfXatqh%*M(Kh$(>t0ka{Acxx-nMf=#4Mu`iR;J%}NN@
zC*C#Yyg@RCgwa(CSSP@nLU2*n-&oXoNTK&#uCghPdRD$Cu+u9ZZUx&ggRv|`y;AHA
z2udNnr|+8U0gt>!Gt6I~Lx(gQ9`$PT5uMg8I0J*RKem)ox}hkksUSLc4TvcH)%EQ2
ze2-}H{J5`d-9`uCOrB`xhkaan-AD>i({=y!EX(}zSE781DPPR>Cq{(WrRP%vJqCf`
zzt)(jB#;Psi7T9doXC&3wS^PBktnvWN;7kTHX0V}m?{tjvoVAn{foL74tz_XR)h*V
zPM7{AW3^6a{CKF$!%(hiNkbc0joI<eW}m!n{xUp_&EN|T4|_`&s0T5n3_d29=_s7>
z_@EnVelto!(f?6z<1?}*?z+<%o!cK9Z&&w<8@^^k2i$E!n((&L9Sp2T&0fIw432hV
zPao*&#NGcYCTeKl+xvo0EI_<-PI;ZgNg)~<8j?=OsG@s~aD<|6%LH?_gt`N8=z*UH
z(I5*@E$Ed@KZq?h(<?B%sQ`#bHa&o_yeXw<T~S396%UwKq|&E@h(R;GJcz*FK{~I|
z15v}AYSEON{|oXF4enTrm4pTmLNB{AlW(h0oWn6-(=P$}mACknGpAsaRRSQvF`UDa
zhdJLmxmY>%FIjkytNEITOOY=qFC+m$b%2*g1DMmfT8?>{4>~XRxkT`}qc`ZEGw3io
z^_$1}oFn>v+BqRudJ?opq(8cqhq{JOI*ZPNpc^$I*n>3~10icVBS%9!EV@xQI;o5L
ztsl6lLusXR2@iO=ILH{R=Ta@fvn~`Im3(@xQv{?h`+Ds<ouay~kpLcS!#O;|p%1%P
zT#GgIgC>Y{t?PNNH@mYp8no9bJUBuS9RFPhV8JmEbT4SKwi^U1B*QnPJ6V-P2Z(`t
zmwT1_dtsmZy@Em$I9TPJb3cd!puPIM$3ik#13zp79xyj#D-ghc)u>;*l4N;N@&Xq)
z^?G0dDZs-y*fdVVx<fs~H}u0X-~kUDT>=Dwmuoyg(fnd@JY;Ia95k1{BY`7q1FI)P
zwmWnw6xzz`!Wg`Ou2oJFT(QkBNyb0DdkDN1!viRAfs*CK1n>YJIKw}PLq_+)(7$Ra
z*upYI!^*=0DPRG`b9oZz0ZB`}agckt<2;nk!Wz7MiIG53lY-ZSJ)n)fNS6KCr@bz;
z!H6yWR5gJk1h(8WQPe+vi{`pA=>I_yfc#VU{oj8>Ho%o!rK(&l!!w}0;Um7%Bb^yp
zg1AdQvqwJbzih5^p2MBKiIKny+<;PRf@S|hJAA`85Zf}OweX)5D+oVZ6C3F_ggI1p
z8;n7lDZaknfEYLesK5RK(Y>?V{Rx``Dy%``3pba$*;0=|8)UZm_d`T%gZWpsCX7E4
zxEc6I|MXYC^@Et}Tfg?_GxxLEo5jEX|35$&5IE4liWfn|hygY0UqgovAx4xqkzz%Q
z7cpkkxRK*SR4+P)6giS)$&m?7rc}9-B|KE9^dx*S^Ti5+H*w-jK=TEUgqBb#V>y&)
zQKK6_9#y)OX+)Gwp+-H*>;Gj{RNACw)w-2qQm$XYPJ9}cY+18s(Mt82mhIB9ZQ;h1
zJNN8bx_3ps#k-epU%wjd{uK;S?_k4+5u**9*l%IRk0D1cx>zz@F&cPg*1VZ>XV0HO
zhZa4WbZOJ4QKweDnssZ`BtTZ?>(Xj%+qZG&*1el|Z{NRx2Nyn^cyZ&$ktZ*XRd#dd
z&!I<`KAn1X>({Yo*S?*5ckkc9hZjGde0lTd(Wh6xo_%}w@8QRnKc9Ym`}f1U8it>L
zf5QU?Xv!4;9PrP;1MdP*B3HV3Xqf#V8pf4~x`EIkR|YH)!3{Y)OTmYT0B`^h8Ug_T
z005NYA6Fa@QI3B=82`Y90RSNJpAb<bu)`gB-0H)I!T=zQf20tyNC#XY0ss{Olt&%~
z9RPp`IcR(k#X{uJvBxdBJnF}PqI5vaC8M0MNGS#!KujnD1QP&P&RkK;F6peZq%WhC
z149O*<b=p2Gu(5+78@!v&J68LRMCx6ltPLyf<zL|M^VI)Ng-X~ghWE!%oIgVl+<w1
zQAveJL;y*|5yc@xbihOvS)@@-7~70-!Wl;#vD968mFU5S<k6Ew0A9TCqHY@ORoP`9
za)m||ZDdy3X*KEw!(^$=R@-g4?bh3G!3|g3amg*WKjqL(SKW2lZP(p*QQ^hht>(bY
zwR`c+SKod4?f<vm2IQSrD#rx2?gdl|j*8%fr#qP8rWSq}I)^1zD&mTpqZs3&F5Xx&
zjXh?m<EUWS0v3tlF*)RtKwdeek)hgxgBVVJD4rN*c6p?hbtVbsreMLDW{32_nS(7N
zl4s9k<r(s#rZoyf9+A2s0t9(Dalr*A5#+h&yu?5&=$TK}N9Lm?l0r=}iC9t8idfVL
z$!4Rq2!t>u9H0<aAnh9AuTA=Sq*fXsMjwpErul57)7H>gw;hrr3~am66Y_s5YzR&Z
zy9tAnxg$q%zX=~y8cody&`%B|otzqT%klFXaE=5Qsg*NuFZ}R|66XNziKNgljJD&J
z#{nXO-~VrQDO>;{?qTNES_%+U9A*F_LY&Z{5Fh<#L<d}8p7{d97~oOvIdSx#<(rTF
z@7YfZn<9O@@g|;s>i0$;`s@EEp8Wk+zx$QL8;!u-0nea2ion8mGuvI-zIQ#yNuh1)
zBhdhu7B}bpV;DAi5{!xkI?ahHbr50Ee%cf_A~A_+?t`Dt<Tnumo}m^0a0Bk_cffxT
z19xut#|#_sk3k@ih`1xhM9xMwiUiLgF2GxX9N;InJ?=tcDwf(nki`pXPlT8Ao<j=Z
zDqDT=a*m>6e`NPUj6{ro_sie@0QkTD$#H-METRG>ayFw4t#J-9V}YDF!fvz)byS*=
z9RKR(JuYf*gbpF(0Hip#6l%y(gEUYY)o790h2(a*Gh9XVs1F7zF(SdkP$3{0w=hmE
zd@vePH_%idDxt6t4N;NS{=tb7I>dThBcuarX-G1vP<?m9oQm#)$xKpYlN}-4CoQ7K
z`~72-e0)e4#N;YJ4Z{UMYEcFM;R08MftwAHLpM7(q6)@HYZhvV)w&t2&pCj3`>|0u
z|IxQ_j?;z9q+JZjQq5^Lq?-P$h%yaI7=VU_fiW1ULu3|%giZvZ6KzN{k5V&<z~Z46
zZAe8eicyc21*8)d=}5y;(uAHArC(90L0Q_;t-REqF_mdnXu3?B-ZUyX&E!tG!v6^=
z=5nYVv5-DDVj-bo#GMpDszsivk)~FJYY?gGMS=%N8A)v@K2;-7x1v5<A~PhQ6YEAm
zx73St5qM;^$XPX_LX5z5tQhHr1EzLPAh~WOUVR~0RZ;;TC}OT;RUbL6R!bsj&1q^C
zsxFZy4@ZT;m_Pyn5gH^^$_@##Qox!N&nbmrNcOU|?CjJEp*1OTQ+gE%gA*l-%+$KT
zPoyP+VkajD3YyPp(;Jdx9U`?XN@1w-7%nH821`y1k9zMkpQfnSG}pbBt0eI&`~aJh
z3J5>|1sH5a&Z<5uQmH{iz>qP;>L}w`PHmnWz>A3B0#~e#NCR-M9M)?l75~L|zAhLB
z-gG%y2UsqQnQ{QK-s_6yPK2J5QeS~TS0MloU_We=!s_$`CcMQroZV#Jjm*ne5W7NY
zBO)$wlSCp6%L99Z8Wfu7+L7zdE@I<YLl$tHV;%39$36Bjj|;$EA$ymwr8KOHKnJ@1
z7AU<))?Skpi6JCG*{n>82;Z8U<h{8feAuh2L_YTr@ou@5E21ot6{|u`?Ws-2qoiBE
zELRSuFF?dZCX&Lek{JUoVp$OKp8*|cK@XbHg|2{5#C&8hE%L76!{!R>TII1i%Tem3
z@{?ov5L6<sm7p_Ur9X$v7~2w@kp8rzII(H*ExM6JqF$vNQV0MjHvh(AmFsY+RK`2Q
zsnjfcA5R?;F?)!D*u^&Xv5}o@WhXnxf383l5Dk&nHqpt2;#)T-DC%lM+SCxabX^Gv
z!bo$msL1<rMDiTzqJrRx+g9`23PprB8@biibEK}Voo<ut`D@uV$#w<s>}XHKe0;+o
zs~4?HPOMIrQB>P4<r~|&S`9<;g|gO2tUmsR)_D)_Fo{vQH&p9wc@23lL>gRa6@}cv
z9XB7s2U!R|9WPTPY9)s;?9QCa^}U*^^SoJ|ayZNQ*TDXVze{2RXlJBq$4gdqxr#_~
zI&HIRRj*?~>w+l}wINpbtXf06pXtfL>r(?2Z2wUR>dBmg;r|XUY#ke4u8w`F)lGZ%
z@<~19I*mwE3j=YbO<bsT{j#w9$Kcfpb+lWz=)gvLfBvo>e)sJ0{3(Qp%`<tORo>`*
zZ9Gpo-}#hi-esW|y{}Jy^o6D#Eu>$W=~*8V*M|)DvFFI_Jyv_$YXtWj(>=x@ge;eS
z{-(b#%JeFtRt0xNt@yNvS}o%Cib#L18yPy0GLqE}j+5_F={?4bf01$6KoR!H2tV7}
zYU`7As%g7^M5s^jki=j9@XyEqrUpG=VIC^quUPmk0vfoh0Lah$DB^SS44=5kdPYP~
zjz>)(MBeC$gR~9;8IaxZN$tQ#9>hsa^aE91WOZc3A^&0|M!<`0$VddStpn!<Qi8_?
zYQ#oj1el1Vg5)5+V(=kgFpFSBQ=F(p1}vOvq<I=ppR%ggjKcpU=3-U>(S~gt8e$wo
z;T;-68AQP$av>KSLKG0~9Yg^N|3L~3&<Y(w5de(<%TFR);6)Bjh2qB6^yWrL<imQ<
zS!&5@xGioXY<-47io%H7K4)so&6q3+c(BdN0`W#v#1EM)!N^G5?y6AsMnkCYk>u+^
z8l(^>sjleo{kn?yWU9{uzy}&a0N0=))<6KR@E?3Y034zMD!?H|u^~i308a5AQV|*&
zq7@yY*#gbGz|fHdk$4=3$&kqnp$K`VC)2X6k^jmpxa2KB#7cT7=)fL{B6i8-I?Pez
z4M?Jq+sJ5;Dy@W^#nU9>8Y3roN@x>Jjggu{2_L4$vY^P`Aq%wdA95iJbnzb)AqyO0
z4Q}xt=CKs*u_5x23i;6=8^X`d@Vg*_N>1f+-tZWU(R(;yPn4!2Z4HVP%jD3+lElgZ
z@CHL91Rc-OR5WZ)Q0OD2k*p?3P#l6&9`PYe5(F+$l3GoD=r0LDv84d8A_Q;%9a17d
zpd(XBL;i3h8;RW<A|o3~DW|Q~K1i&h^6<RJb=o9z9)c<Ftty@J@LKZTOb%P#DZVPG
z62<Z=t!<d*jVt@FCsFDrDFPaZ%pwZ$o&UN?M#QN=bV&*(v5~9?d8h{&bIE-E5=_De
zNx<hD`?8k6hj~(ko;YO!9prdIgp3}ueHN2Y&dMg+hDsa-N$3kqUc@sY!ZZn~dDJm)
za<Y0Xb0<A7_2hCQ43McJ1amxxgBn6Y@{gAsV&NdfLV}aTbW?NW;OYECdw5fG@a8v%
zM0*Yn-K2<-_=b^kb3(3aMYN}KIH5r-L>?dnL#}K>+))l*Bs_id@c0V)mI59bW;VNn
z%lb+5;FCMDlRn%tVd``D9wI*rW<UA!qu_F+05m}TQ(y{|KM!<X5_I<#)La_W_8zoc
zA~g0Ulw2zGDBABU+z~D|)UI-K82_YzES2Iy$E87QGb3h%M6bzd<SZlfY56W9s_Jhm
zX!Oe9?M5ktx0Xkj-f=)ZszK>;D5Fp7mWU#Y(;<Y<LHy|b$kIaSs;OABB9=5gMFL9U
ztf?df-bM{`u!VvOrKpsYCuMW>$Ra4ai%25^k?d_nY(&8>P*2t-4#7lBNQ6b!q!8j%
zMkUYzwy#CxAWrv5Od6ydWl|!t=}xnWPC+1>yeC9rBw518Q1wPo_wvBjXKmglP9ZaO
z=JY{8P)#n#oU*C=^bANt%1j-?5(e_d3Npu_p&oGzA93sy`>|DVObc`D9iSn{{y`M7
zAPRm_O-p3vl2ap(5&zZ)kpG-!4V@*gjIogrsUf<ds`O8+^lE*&DT=glA_6I#<P=)N
z=@`AoX}s)<o;B^FRa?!;1qNwqUNpTh^&#{sB%u>?lr>3X^YkKSyGRk>PEp820Znm{
zyJE2wXAxlkLCBz?7P(6x3k?__Vvs7Xn+Q`WA!kIgsKJnRDZ5Wo)`Z&{bz?!GO=r?n
zw1{IHiNa`7NdrW$cur)+Xq+lC(asH#9MxX6k+Mn@RZU7&!2(SOumB^Xd=^zA*Of4%
zv(+YYDT~GAq$n)Kjh9Rk{>V~k$uiv7%}>2ZYTYuQYPLzgY!90j;R2*8i^4?3MM#G>
z4H?Wr226z>4NQ?Xod3XSOP{iW;$~Vgr%ip7ZuvHs6bWBr?P(jrNOzMk%WO)!PFF66
zX8~89+H^GisDh{x+vaxHwDDbclPJ_STpD!z+?FErFSs^EP1<LW?nXvsv{A(bZ{Czd
zR2O#NDVx#>d;(;4ZzP+#iAr3h%?!6hN|kkG&{5s)<W@veGjT*%g?9&)2Pc+!&x&{F
z5Scb81xwX)eRidQ)-XPlB3RU}taKu@v}GqEeC<k9il-vnsY)}VLyv__`L%m@1XPIP
z8DG>nJ{MdvbUw;gI`;Ql`uFq#*jolz^a{9J4!H9Ym|GUu=o)xi9vIjnSX&4oConjJ
jHF$$LxPv|TgA_qHghhCSNw|bf_=G_?0S3<K0s;U#QqzQc

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-domainisohighsec.gif b/windows/keep-secure/images/wfas-domainisohighsec.gif
new file mode 100644
index 0000000000000000000000000000000000000000..49fae4ab6b251354dec108b9d1022c94ada7041a
GIT binary patch
literal 21301
zcmWh!c{J2-7yr(}48s`v*vFdPD9hL~j2J?L5~4=QQkKaQiOgclmOX1BL?k3hXe`;1
z#*(CH?2;t;NmBFn-gD1+?sNZno_o$c_de%yKaY*AHO|Pp5EKfc0Dva&PyTNw{ag7^
zB51U<h_sTl5>`n`NmEl3z!qY#R!Ue?s9q@?R|+>R)ikw7nU?b5%W<Z7G(G`^FEuqa
zMd8c&tg57~Vo_FAcsw3$RgNLXiV&+rh!6CLUefke()JA)`zj6qU`P$BqzAZD*GMFi
zl6y1p)J0AA2CP>W*1bX1s};D&(er91dSAnNKj5IzdKbHZYYX1q-uR2nq<{o`P&p|m
z!8_oJcaS$RsMYjJPf(EesVnIhgRXI~So??vq$};jh#pczJ6}2n$m2vrM4Y<T1r&0;
zVoR@Gi?yeXk`ji!X<gp5p3#d~ubW+23HAXAJpnfx5)u;J)2A?1oQvuG_E{XSteGq6
z{psoHQ`hwRV@Uydqx;@o5n01Cv8q=JyCMqvXJ~q{dHn&Ub9s4rL8UXXg`-tjS+v5@
zyu#9Ln$nf>h4lpNwer!MrR}uxu7uK2TKOokl@nVvI+t$0l5W*pSeRZu9`Rtkyu5s+
z5IvQ5k=8I3+pv=LU_7CDE~{Z?rZnPOD`%z|RoF1oUzMKFy4ldsu-U-Z+R#wiJae;s
z<!1Y4dFxz5YuC-L-O~1%hSuSp=7#j1?W*><^q&3LVa|j0x$>@+tbR^m52vAPF0X%g
zx8X`v&q7yMS84xdX+NjAXQ6PEQ$EZo9p!LFfd|8!m9EnE;g!NEPWd?J!6>I|c%^Eb
z(>}W1HM&wd!|57be=x;q9_RFou8)q6HcWAP##dVZd1g30Q=45=oZ+d>);Uhk%<k0G
z)bPw^*BobbX0vCGGcz;Ov%ndi<Lr-jjn8fNFK}k&=BDO0M;G?T7k0O2Mu%58GYi}O
z>zvUQ&fLQK_{#q9I%jHScWPySW@UG7WqWRAcV%T|bdxi+&Y4@^om=0ZTjwmS@2;%x
z?yoE?Z0@gY?yhfcu59klZF5#OIqRFdE8F`k+nn|7{q=3m=JxL9_Wt(v_R212`=7nL
z|NqS{XZN4(bN2r!=l=rd0304^Vq;l111_xYIoMd<n}kxdE2-IfU!RKhGrKp~bZ_7m
zhL9p{+gv%6qbjgjbV}VpQcdstaN4!9>et1%u(=W=mz3it#D7&u+qKk;-6Q6x{~7pJ
zap<<=c{`TvlLv3>+ywe2=bhiYOh4Y6B6Ga8{(anzufE+qMnAn?|5P9Jadm^2Cv$t9
z%Q|Gfv-A2_-i%-1U<Z_5%Shqdul0)qnTmHyBh+3CK6MrE<8%J$JlDlxrAzreYzesB
z5nX$B_Elc(yT%K}mM@F`3z)b!z;l4mJURPHuiE2O_meTr^6VUqbEBT+P5Ib_FO}U!
zC(qLUSchnM*+04bp52?ukvnnJ^y}G|b|F&fB@$TI%i1sA*1oqba(-U)<<lF^S_9rO
zjr10-S3d?n$4Pta71^1)%4VRf*UGdzp%-39|2c>lk~FTtmI+5Mz5A4`ls`x^yiK)W
zI7%qBa%1NX9wP&WT2$uKaVs^8fotx){KlM0$cVH$z03vSp$E>tX>U;I=@NJ`Gl$nf
zuV=*kXQr=%PV2_n@@=v;`nb-7+Yv`o4k_%WNWy%jyX2k9#if#Ph5yb`jV_}4q?tPm
zq`}ad&`Mdn*nXMzOY%J_EKOP-;}~6i#j`Zmb!O~H^cwcAL(#)-UbCNpM;vr&(3jS0
zYv}KeANf!pCZH{C$MMVIB`5oTe%K~t^`^*rZig;%o0L<k-yL&%y=kyIg;(e3c8;T}
z`ht=Lil&$U<%#3wVH*Ulwv0=g=e$c=*--vv?dGP+`%*{3S^_5E9=UYs)*bD44vIE|
zMcsn8Sq$W*Rc=knvv&I<qh|HQu{sCiwI-iVRL-dsv0F1%z0#BM9%)UG$c^u{HBg3w
z=^Rw3uNvmVwt6A>G$!|uV;LV^q~6Dn|C!us{g2w##u))^kEkdYRQkx5?J@bU3JJOT
zTKI6|?_^>7T9ea3PijXh9$)S%k)7umC%f$Mp%FS1E7d=NIrf^TpMGsEZxDIRZ{DUS
zUkY^|5!#*Ot>WCXc?nx%eKUC35wtg-uubPTE0?|^4EHb{F`VAfYhI{NXZ1Sho>biY
zwQ5qK@YC$J=h+E(n48J9z5~yNHU~`oJiqY}g>V0B+i}%>+zwPB+(8Qpo>_lZ4dI?p
zJ8t1%IuTy@`v>dzn%$ALsK?gt9f^(yCC_o*IZy|7sDJ_P`p`|OV9lm@o{gt(n5TGK
zK6Rmv`^;M_jIDmF(wgWaydD?(J+oUf2@jT0L2WX*b;9F$49mQEEU`2=AECR%lnK>!
z0}Foy;D4@dk)|=T-|%Hg^ZXR^&jpZee^g48(!DUjP>Aq(Ca8``HKtz^B=5_kE&<ho
zbQ%wv6Mh~n?*odHvsZ{pp&@-cHi0OYS)RNfX$ATZc_z^|^9n6V>V0g8u{=q5id~5Q
zPOx}d%U^qzAU~zFsF&ga%cp`gL<=`n_^{nVEDVqGzLWR|;sCl*INsUb>F^z_7xzjd
za@%5%-=u)-C?u>Ykq(iXTFdx>pF;Q++8XXq^N^W-Ij}wqB6jB<>_U0kuvQ@Sn2C@3
zUU^bNEnDcPf8y63#haRa?AWesdY(}3(01&I=*U99**NGfo4o|FUn^7pk(A=o2N5^k
zlSMBny{cLRU9%x`8@Cc=@mNrr;g|)6D%gOJ)fN+zgqe2;rl@3&=ejfd^zIFC5W!Id
z-XHFGN&D&7<(?I%5om&OtGE5u-Zsc^2rta)PxsX$#<dbB&1yi2pWga#*%OzKUhzwP
z8T(j8sDLrX>yhnz;E4D_;{MQ|1DD5#yP~D!R(ER=m;GNysG2Mj!;(^b`z|1RhVU3S
zk8H1kP55VOzqWVpO-*96%E9)#*NN)IZ9$8E9{4#(Jk_cpx}j#1)f0oK@Kn?L&=zF0
zeyi@p*2etpZ^P2_)t6kSu?X)Irc`({^JbR<Qk3OpBkZe;e`;4LHCM;OPwh@m?BW(a
zRU>a#%uI`z9BoAL_8Y8yH!Q|txW}OnKX}s8!~0G(M~BrD#>=PLIF09}#kp=N<pU#-
zj<RzZCm-$<H6eZVyj^rD49cunY7nV6+!&h}C{Ca3^#sdwqi!i(Edz2hx}`kg=R=h%
zQ(t;5M5>TBqaIeLUI7*(9WiU+oTgM8wFsG|TnB}=GdaiF2@=Jgk20*1kgjdVp}r`}
z+h`}Yjcu9W4^g-|lboa1M(TKEYsD8>F&U)?>E)er!hXEmF5n~IXN>4K-oZ%AP$rtH
z$VI#b@_eYv=&R{%*c8ND#Luo>Kpgiy!|ZBWsE=?;7)8TO;W=Pd*4tcyvWyg9y2=Q=
zCv{RbZyn2=(YX6c^dl>t;!)NKGN^btiA#(cp-iZ+zT><~1S{#^=zzrb{PKKBf#pmz
zj=!y1928<f4Z(a;`1-Pdw3r{I4qQY}({<1(x0YulL4Hqc5VX}}R(d5YK2&u^#OY2m
za`?Nq?V(ihWma#DRb!Hl3?YL@BB@CHb!vEJw+cD)+gO@6laGB~%H`q@Z%TK1dy%Aj
zO_YA=*EB_c==o&aHJWUhe85RKLt<CoXZoa<uvX;-TDv}|;vH!7Lfkc}j0PS^yk_}X
z0HR&Kx04y+l;IHh{LN0qz-1dIpFb7N&y<d+b;zpuh&DBxV%I$ji@y{sM}{S&la7Ev
zxAol?r;k-x7kgliMSrb0ZC_I#6;B;^7Wu7T!<p_^E@BGbsV|p~KO41{@=*mD{>*gB
zjqp<EujFy&{3<1x#2*c)=uYDKnnBSl{!<J|H@aynn>(R=+AZ+Pbx<ZVF<to=I3)Lj
zNKc!-t92u?P*`1T5%nCb@TaU~(TW%B?&hG0ES3b=n~-D{AcT>{@s)uDny>Spha^2;
z?1Us-!h`>kWG_Fq#Cb3yOZS>WBp*o>1mLa(vgV!YScG}sfh?@1R}LC`-8A^c&E)D}
z;r5@VJOGh7&S5bmHD^U^Yb=DwkAJ>nmVYJ=#BR)Qg}b0*e>U1$3J?KmcW?Dpvp4|^
zQ1{*~$^NRQ_R2|*F=oT$e#H&Oas<#JDdw79zds2GJTRR5ZX7}ImrvS8l2TG78HZ#;
zpV}Fx$^2FN_}6XaXV{W>l+`NciFl0RLYSQ)^=uDfj$$Ovy0nxPo%CJc4vW8^D%`Mo
zz3Hdqh#`P+gJfW1Apihj!>d`>Z@}m>Zgdq~6i;I$W(}TCqHC_jNDoF<lNdl_tdc)n
z6;9Wl2DIS}OE};{=GEPkv?0dM&+`VnJ6C9Z=rKl`Q5G=|g0ERYmbW6BXmJK(Q1m<x
zEduxrlj0}SmElo?hhrn}GX%!3&(B8&PJ?(zRKxR;iSKCM;DqRZ{SiwuPP)v&aFMqJ
zsE=vy2a+)8@C*)yTZR==&4M_pCaJ<<6F<XZ24igD*Y%k($%mri2a@dI00niEVRJJX
zMxXbix4fgJ`SIiqMjkJqL$+Y&0s5jm->pah(Reb#@(QU1@t9loI$$4-Me@QD!+r{g
z$&1*y3j5)1PA1W9NwFVKLzet*EU$(wt-|~KVr|}qWeif|m@!KD8!rrRJjzOkPhZa`
zhqwC0_WJQ0g-OM+!j~d%Sr1T6_QIaQ0i`WT>vs@Uw;LAsV_@z#2v0McuJDbpG<2!a
z3^!pZLHO}gS+KHX)=$X*e>y*wUfq@)^X_^aK3==#rZJIj=>{qE=dIX_sdS?k;Id_E
z=`x(@EPYCROF^Vs4Wk_=+p)#hslb&zAa{V_y8naknX;5G%S(vK_fl1Mq%Din=$5$T
zG~pk~lL>_sK(8CdLL?XgZ8=AcVpm}FiGj$g??9n$k=br3nsAs4Gsk`~-v*bdjRPDE
zv*q0AkfA(-wM>6F5Ll3CSrD&_X2hUx>f!)fxNJKHsT2ulpsqAq&=g6iS&FdqP}29c
z>`B8|Vq{Lt?ZoG|Z^{Jl2A~T~h(%b5+eXA&*I>ofw%JO*U`Fq0PgIjEjAUCe$lC-+
zd#l_I#mExtzt9a$`p%cHEOqJ`_h^A!I#qaL52lU2Zo5|eL@m=s{N{N!ypto&I3a%X
zg-tBskW>XcR#lZdA1KahyS}v-9#I%s7Z6Fo+<}m99r2GeBlFb2Wk>Ea8evg4-sQMp
z?o_LCgWYe0s7d9Dxyw<aA6d|BtGV>cVH~!$)HFm19tFXJ^-1|IsOuGKckh2L)vGOz
zG2&7lzO85+u0jMWCo@vf`6>nR%0<AT{hT(QSWOQ|Ms57jp;9EBcag%CG<IV@3uy`A
z{s5e>#>T<Qz{8(0W4{E#@Q`z1JchdI)y&v5BOu{^V!K;vzfEke>Rn&E>OBcr-2eup
zG3BUQN~a;$tpIwPM6voW$-=#A-NG1^w(u(+#eM-PR}aO<8OkPel&^|Y!bDWLE@S1?
z8@Z*2!*U9MBHpO0ZIPo%_phI(@>8P@8Qs4+7^QtJsT#|rS_lwr?(yTn4^nOwJ*ZV`
z%q%mmyXSF(2mhdxH|NfNoeZVm?K>cF4Z{L>RF%E{jPZ90!Fw>WC5_%N40HjAKG%jF
zf99sQCGdEw>d11q*=c$^Ptu8`>elJv-x5+Gy#H>`V~f8B0QnK>H#-d(t!?-Bo)yIz
zXVZ#emDh@{8fO0TNG&AZgi2K}%kveL1q->AO9qIhprf1R`JQiyA<BaGz4=_4fFjhx
zc^c2cRp2zLN-(=hY)m}$qVPmpf#PuSn(aNS;fBc5u@KHoc=Nl4rulr8X;4A(V*tZl
z=AUojmL2npw)~UsvQ>TFs4PaZ*uakdL^4|*eKXmwvAU*A;ZhRve3MH#z_Tma&E%yB
z!e8T?7RL~MtR~cybQP=V3DC^Wf)|OxCspK6sU?bg*G?I^)UP);%GX^_it3e=Qe1n`
zIA4yL2AbQV*xpG+GoXCdgRFr3<X1(>um?)y`bSw0%-H2itNC$B^s?gGD1Y8elPAkb
z+0Zj>HDB7|Fzu%Mm`*aEy`oPI30W#`y@09mzs%cC=IhM%dF8|#BADkOA(c%5b?r6b
zobyhDs$Zn4w{P*?Qt)XaA-A#!bP(S%IdFobA=OR|($C@^zS5+&Sh7IlA-4cmiWN&>
z;&;Wn280kFF?!xoho5FycO8GRtD(0dB_WMC*1uI!LUpWXCkTe}#U+cXQ;|EVfeU0M
zUMjaBpGr*`za=CsLzgK;Vva}q!`K}r&HU*Tp-0NOiXyvfgb;$)0N$-e%@RckO}(JY
zVzPWa3l<L<*gRteLs%q*$FTRmFZ?dufT2yFAlSDvwD-b%J@lZY8vig1^VDv`qT57N
zfaH2wQ$;5RkdzYJVap?!e9rb&rzuap4lFvUUE<7_mp3rlfl3Hw{qb%An^we-l+?&I
zz_G0V%7#TJ2@%o_Dv%gl_C~znU_~XEmB$3#Gs!QT=ehOep&zJ&c72E{Qgng+^R+tg
z%R-^^x4E<HJ5c)IW!8)RMQ&Y`^Xhr-hnmiEN_=4?;f<*w%V$Hhuv`_VQWz6Djh9_$
z1tw8pwoBZKh+Y$5p!z)bTIEP{z4>CJ0&iwtn`cu`4VTS#z7Pw@4Ey<Ul5i0wq|S7N
zTqf|GrJ~Cm@m?6|iW+^+mgj98kz3-O!zd@lyj}wF+eHIG$3zY=7zs8%ug%a6Y5s}$
z5q%K%9tzoj;@jThyZv}Heqj{BWFh&-`mtjhX(pTfL;IStHBA15Cg7sA(A;C75A!mc
zGF-c1!y5}Y;02Hz8L3W;!19(y;Ht7%`j~VtLa@|<{KcZhQ<#PxpBF^D!6+-DhB0GI
zGtH4Mw-Gy$i6ah3HbSbMiQHj<`Ir-5zf3HQA+}g=<+dy)_<9egO*VcXgQ1|R-h3gt
z(A%c6^QJvZX(p}?0&WhnC<o-+J;lu!;JlgaON;<D7W7}t8~oM5z(115VgX4Hp#!$O
zB9p(X7(TlUg@3iUj%~JJzH<+n*xEw4mGPz~DEd<!k9bWi3i54j@mf)5QeO9ebA5P=
zU-knQ+7&e}W8r;K^QBA4;qPU`cNpBWqR?d~^4`O@OJ#g+Ot2<(21ZeICkdaP{rG4M
zu|%F3=Qw<@gYu(2UO$tO+SOFn!V5ho37@i;^(6_{XL`wsKoEF=EzHLz6mkhQJ8m{x
zt0gbgA`ojP+m1rAW<UM)`XCq2`yHdKL7HpoM)+I@`Vc~(uV)I(WJ{PG#!P-&A20?Z
zuz^C}`^r0y5jaR^PsS>W;~^Uufd(z9U!9-ee`g)a*m9La`hu;fVBWFJ@v9qxcD5t^
zd{XoFOL9o?78M#n7SPS$oxlhrkQV=RE(nb;yvIWm$O02ABb7O%+Sx_+SDS!8K*pcx
znoOi~1-N4aC87HMX#Kg_W5agPh2t4ekJ04`MS&7L^yJxPj*Prp1~h7vXS?k91P2gE
zV6VpAVL#C83XzAJb<I9CdoR<iCEzJ5l@EI9wQA?M7ViixVGEQp*U~pXy^USg%j7T1
zSZ!eo#NJpp$XK*hn!^UZ4&>*zD+K8n2;LzH`)<r_X??Q2vHI|@Kr?c!R(q{(Zk<Tx
z+REH`{8#cw1GAcmSVAFtI*;&aE305XSF?G)Y>Ca-3m#yUElBScod_}wc2_qyh}4bo
z;N_9g^@qr><C|;M7=d$JT&vXDM^1dJtZ&;G*?V}NTqfN3-Xe^-h`Pfka(Y0-=@p_8
zS@v@dhUfoq$K>1Q#`c|!9i%+t#<#Jf-wcr*t0=HM09nQIH_C6Bmu;_dC|hY%csv^x
z#o{*p#C@aj$oJo0bLPH=m<fK~5({^fCFgEVOnx7@^G%+EQ50C;3*LV6`kVTj?F1LT
zU#K7QTU-ZZ-dqaI#C$i1#A9-#RiE~Sn7#`mMIdSAC37#RBw@)HJ9ixs3BbCX&X*J4
zFbr9~2>hCh!1kfIufMjq)H#q<6f)`2_PI=fr9OBFem95$OJ>5$Gmm^X$zsdCP)7+K
zivwtxd_|jQ78_4|(_Uwz_O8dR$DWgAI6_-U{I1x&m~(rHxAx@A_Szrqg&6QAV}F_4
z{b9`EzCnfOVtK(id|lG7pS|7<eu1KV`n;(76NdU!!}%P47FN&swnNk2e%<vag8aMT
z)^F&$J&n72tC)~-Hq1B<R!!MTX2W_uarfUk7`_$A|ChoJ=KWp=0luGL<LO+#v~VcZ
zLbXJGnWC91c&_#&QLVFm1x}0BX)1UoAzMvYP>J}r318@Z(e9K3k`f+8vo=s_;mv9R
zhb%khYU!A2=6|z+SD25AP7psM%Tw;5<+p!SzdmUiukJ)IeCyqehlvo!C0#e%nlHZg
z;Ok#!f-Z2)A}7Ph-A7MKD60|Mwl>aoA<gJY*+XY#a!eyzV`@*SIB1kiza0vQs(O>u
z{x?=$a>3^4S!qH5-+w!!leLj3-Tja6a_b`Cg*AyXXIeRz!qt(`YhUuuB|<#P0(?R-
zgpT&d>0t+Fgm?tA4=Fzmm$=##x{`JGXW;hZa_zVR0u!^pe9mt=S6#4&u%CW+;@+<1
zL?|0{e^KgZAC5`psowuHRP9yw@FRD-RYQd5P;w3o$+{=Ok&RI`TDA+_H14Y`4zN_J
ze~f+pwOx@nF^q|@F!f54N)W0UFTP}ErF!Lr=IJ$e4Fp_c`20f^{9wonsklB>S=lFO
z3PuKrJ1>>~5sR|G{K=v8@ZNn+YT`SzlxZj6Fh6P{xGbS-8t1s7bF8MaV)#~F%Zy4g
z<a|`Nys#BJNjlbU-pTy$LQHdEn-cr}VDJ>UT0EVjP~k0o^mnTBGd1P9!*!n<CqEmD
zsUA5dt8<%YK;&|drjsm&z({E^u)hGUOG{BBf%fm@-juo46R<LB8tW-yIfc4ZIjDyO
z<nN?w<H`g(LrWhz@oIJI8EXVo<hl=^AA*^paY3rmq&M<M9PQBZJ}qMJ2@e%cu2~FP
zyB!(vnezC)api>1m&-q>Vkt`xEz)=0Qe_XVraQdv(M%Vqw#|DbG_LjQ*TRgW%=m7S
z&Yl|5{m3736Ti5(Pja#1yr=jKbE!#1;>;q~H0~^g2m92$Xwv^C<Sa>VnQA^xVIzfe
zcI@IczLHGNF3tN%re4ZRGA)*9N53}MBA>`Q;GF$)#Te<MN{2h{sQvQcX1N&~$O{k^
zpYDaTeHD@DaO_4G^u}Z(-N?ADGJbh({A)AuzurmhcH)zDJ^@MvSR(&JyF^apcPgaw
zx3e$b&Cta$w{#)*S5jwWKOuqxO210X+%<of@#C?oyK;)Qy|Uqx#cC7w-SCXIXd{ok
zc^f%wltF3zS*m-T)YCie8l`Sj6LNe+wBf5CUmE>axwx<*v%zKjiWQk_GJbQK=F2XE
z7yg@G#2HM(qJ5KQjOKkdH=iun(BnTA5foDN4$o8d({7y8T;*rnQHg>!vjWzF)rQWR
zAiJgHcW!Am5eGazvNEf)xG(9XjJc26WOBR$@!W-~@xP_p1OwZwV8P|Izk5l7_Vo!8
zvy$?ml<M-fawV#1H1l$eAM;BsG#Zh63+VuY<NHu5U(ns4_&rpYQIHx<@fA1EI9(tS
z6>j~JsB0;I8_yqa4U3xZS{fJ7?CDe7$K1@l8rq9-cF>S61DTBbcj~tiggb`Hr9grp
z#LgI42UtQhkgOBQ1m2K^!KWzshT4`*cVe=aMGf3iP-t6z)sm<NcTUj_R>BE4EtO~P
zARR}p*tx-zG=r6On%FSDEi{jeOHaS4hmxS$)&=bd@{n(M!gUYbTYLR)@1&6zKoSc~
z!Fa<=TaT>B@)lyypmpXsWzHo<!7Q*r*-+1c78ThTn8EK7AZ1p{C9Hs>Lb*Y=ECXwt
zTYTtJ8s~XDSH{7|lq$6gn#5catLR$o1Z7$JO=T>V5^6=~!?EMT;gyAXAFJ<=TB8gD
zx+SH4;VoyxoKg$q@2$t%$o!?*xn~NWj?slQ9R_%=ihyOea#xQX1wpU>>wo#Git3w9
z`DQy8MN$KO2=GfJ(G5%4rA!->)H0F|Yq9+Fl0U&M&yhZ;BSIX5pY1`vP4)4%kYM$h
z+pXv2^i=aABxyQ-<(aZCPb!|?QbZBSG&lgdt7}yu^m9Q(?3cwULSC{HqZ@TPo*)~a
zMdQ=P)6^})i#e@Z{T_GZGc9D8QIeoOk4-1t2G{t1U`Y+6qZ!gDog~a<M)iMXB&KIY
zh2F(-Nd~fPiWeqn|IN_cEot!D4v?UPRglxN?sQTgxHj2AQ@MQR{hsJ?3>SFPI<&H5
z^iq783d%Cz4}(X(fXeen1c51IXWC%B8zMS2epEZX5Xejrj5QHel%>nf3;k4RA`e`!
ztN7@5b?QQ=An}j?)z=?XYujO6$$<f1xTbfJ_=$<(6W3GW?~LL>HhTldj4DzOrf4tV
zzRCIvjN&-yW}cbJL0%*_Nt8bQl27g1HCiTo;<dll=htv$b}G!;r%?gsZ;36^^(<Jk
zl->5{d<uOw^J<A_iFlbsu})4vRCP`d-`%n_b78Uv^u+@u<}WLr%FBXvP)j4w&E<OI
zsrSxzH+_Jzz|iczx?reILUZUHnQS;_tEoW``C)qUV%Dr<TaSbwor1jL+xy^|LLd?*
z*2qKzQ_I3(Q(XEfKLz3g^%V<0l-xNM#H)F^@Rgd>00K$kO6_>6x6O|b?ut$xn3R{^
zpvqS&I|LZYkXbP6W9CzbQ{l4AbCOwB-!lv^`TltS#y$$l?9b{^#x33dd<`Oxe3<t}
z8xAdk2gq#KA-pbFNc5~l@Bv>Ju5VQf=KUG4#zs<aQ1ahbXh+BeZ7m-QT7<&}AF6Rw
zE#S56a-pNzuLAh@zfva4kq1#~>Iqprh7W(gyl}ZsdrBxow|{d^E(DI*4+II}i%%#+
zaf*G*r{4pvT+L;ohn#CKan)R(tX28&N(|qx%(E(sfwik?UP*}F{B1jxOc3GolC$3c
zbkxfdbp!7K<8#+%j9~eVdgl}CVY6QpRxb?Q`-8D-gj3+=8A>HxVh=9get-G|fks!J
zEqpuj#X>IHjE1!kIR*Z31JkV&qQs+u?f&|6*Kl5PEMm$1$L1|@qo5EES-LsDV2>)R
zN-j<@*TnmK*sb><>5x8MI9>iKh4$G&o?AT4jK|DB8Bq;f5TBmksr4Ha@nmr_m6YUn
z9~&lMF2((B`qCwDwq-`}#Be9VKke3q#BO@OK`jm3`6V!XUG8U>cwTCuyvy5z6}ic4
zC$L8qyCwd>VIV+`36Tv1@Jb&aL4l2)KPVLS_dJLy+!iMekRd-A=D!$8!T|7x0l-=2
zf5To70X(SQ{O1w;A7Owi+#Dd$xnuBAW#+#%m<M4mcz4YCG`Uai#W#HsFf3C;)Mz!S
z>ZO-slK}JYkZcZ^aeIh*cOv<-$DO~|pyKGFI8wZ~YPN!2kD^tNl2wm4g`2iT14w3^
z!J~-jE-U&YleMN4w?_~ZNb*3i?YhLR3Ai5i#pV?dPy<yy*~`)Q={1N!9K+Er&`_ee
zrXMcxS~CqS(T`Ia6ZLU`@K%o$&E&##TRJ(r^vhj03e1|)YaQNaquE2jTfm#3s+mnY
z(H5qATIpCNE8afXP#wOeKDxKw(&vs1nkyEQe7!9R<b8}7|I%$FJp@A)P8R06(5*p&
z?rlTd6y<MY%1+b^q-hwuepYhhm-wg=2r`&ND}bprra#HF4uH}ySeSdCb>I?6*)7+m
z;2%f~N&id_dX>z%gz?_EbpsDSu?PEA-keS{SaAZ&Vv-vQ`mg6&OP0atsx+Rh0iFU{
zpi**l8T|+fuC7WILJj_lGUQp0DxT`uLP&3G=UgHTEH>)4?!i95<I{WK;`H)?EEs(-
ziO^#c;|auJlK<i6aeRXb2T7j(wzQfgPds;l2>f?+CiXHU|40J*UY*2;<PMLD)U@<Z
z?y2}+hN+VI5ayAIn+fzb*lnC`jAk-el}az53E?31dSDtpQHW`m@Nw9aZATS>D;5Aw
zI0ldZEAZYh4?qP|j{8tv#qDu7*$)=C99KuZ;@RUi7=cL_bp4I8_+<Hf`tTF($8d`y
zsSbmT!Q7Fd%8}ugkym{qW_=a4!vJl%6oYL{b1ODplr|yJnbOI%CH;b^%-}u4fR5q(
z9UDgOacaq{kUj2vJ+OKKH7@fwr+(=*7;ayG08<C3LU<y;hA0;NJD97m68s4YD3V9#
za)-bLpl2~d`g&CEHG$J#Y|r(<{SbDkm*Eknz!7Y!DV%YX^5$p!o4wpOzbfDS(u>!I
zR~>B;r@5J~kHZhhcB6%00F`j6((akR>Ir}PaW~UxPuuq$uXqOSK93|EDR87`vZ7IN
zgg)4*jkGwD5Vyq=${d<YvjxiNLZa|zBV22yPQn*^FXp6QW>|#wCC6Ooc3Bj1FroG$
zQcc$wCsE__%Hs<9<BG?|6}_MbEtP$}jd3ho^y8-~nG!9ZW$Z{WNM66nUeflNe-jH9
z4dcjHN)po_U6Y1$c)V;kL`D~&RFsyJsM(lEsV#4WlhH+jjY~T1UW%p?V!OW1f1=_5
zhrl?D6OK(<IV33aD+j0-$FX6SV-p#6hi<INL}d;`_~YZYdUHC4!TwIgJFgGNx(Jj4
z{L2g{<zxwfx@bCR_y^`{1`&N|EAsj^xF#u@IULe9Vf@<VEhQyyVx*brBn6M(bE8@E
zJ0DYaCb&U;9h|L|l}bGj4npvZ9pV{F>xu4@T3!e<_T+=K*RG|u`c*8q(&Gzyr)gWH
z<(O0T^)C6EfN{FxQKsE&$%J?iVL!E}b6yK=Khg=9w5L$18VEwdlq!byWDrE4x+>;P
z9k#UNT#!oMBW9;#Rb5#_jkaL;;K_g(S{#;pE)&T4h@->biY>oF{ek(A-{&tgj<~tg
z+uqW!qpLCR3r4v3XWeOgiAOTu)7IV>bl4jBFt{nu$E+r6p%aUZ@p!f(0&CoicRQ9&
z4<84oT%Jyn8Bcy$p(PEX@0mV)1sA=bJNkM0R$jjm>O+7haphq6^lSGL&1~D(ypsQE
zN#*fNr2<lLlbqjU7f+oO!qaZxANa96l49K+=~qNw0n`5>^V6D6V29vSX9A=_ST}|W
zFp=}xTD=TBDdMEgBDL#VKA%mdY2eHgGGW5T6%&SCjGGS}CgEi?O4}2kOjw^8l>=wf
z{4Toor<Y&7kV((Hdz`7B#<qC%-_(QfGZP7CmBJHoWczfu>$mIKT7i!;rJjj}!|^p|
z6U)4;o_H0Z46mvt&N|3{;yP<3dKNa^k}nTGgwJMmB#&f&RC`hwER%dASztA<pU=O4
zO_>dvf0vFMaaa=mSafK*%JRJfO{9S6g8oF%I=5WIxMz26?&7(h7sns{M?g^!YZb6R
z5%3O-!&4)|Q;Zexcgj^H*|Y84buIFmXo74(Uy9qzo@IVmmYnNzxbes_e3@2i9b2iB
zU1wCnhfE@qKFy`m39+C4b{nZt5aCzsCL`dYCQSpjXKFVR^-+tuDvSEm1Wv3poDQA+
zBn`hEoBAwbQPR~?3;8&3;)7hF+mAqY^!7b?Tb-iyIO43XvTPv*Eg9xdgJ&)XWR$11
zOwozuz^S=#_4$GMbHtPJ&-k342cBw6vo$Dv1%A!N^K$rP-lAg52U3lxEMgk>xlj8a
zbAv_oOaXLI=ei%xcK?D!Z_(?9itO1*H>gPjkEO#!54hGU=*bAy1$o;iOKw*G3e~a@
zKy}Z1wHj!9lzb|oZ`f02!bLm#^Tm<PFGJp?x0{-X8B~qy&D3|mlA`DmjhNJ9RANtT
zhN${#?&}DJr4C0Aqz&E;9G9|4j(3}M)GcKl`TCZp%`xu4mom!Fxslf>`Bo~ny{Vpk
z;W`+s&%C((_9C4K6Igf@6TCD<Y50iC9)6vyzGc+u?oIr-q91!II(7`le<~U2r{88d
z6;V8BMBVxTS5Qz;#avP)(KA}vx9(K*hw^00mVX1~g48m(aG7ZZh9@3N=#s$17E&A3
zYrM+$vI;BVFD$?0loN?qay2!^jhn<moB7=7FdpcP@>5Lrvps()Cd1YGYFU$fHt2nN
z2MZo93AxBBK7N%DU*b*r18WK#J(1xk;X3G)e;R%2OB@bH%H$=H*mE>Zp7qrB;3=g!
z5a>!x$JO<}?h?ObGWWJlq`@=Zot5kxwLW{S=h@58t#^1iB)3GV(fNU2cVO^TB!wo6
zVwgw4#~ir`ga4*#kn0$p1n24r+0UK9o`%nEE2Md*zlI-FC1#e0)4Ku<M>fI+)3>#=
zK`KKR*R)93Z*e&CN>(*_DVZDd&Xpg4;y~ib;L6~sm9F$qGVC%d$=R+Z!7l0k_+_Qi
z1<50y9rSy|P-f4cC#N|F6kq%N{VajBmvNDjiWR)|<LWmW>#G4f=sz*I7E%f@qTU(j
zg>;03eg!hDombALVo;RB7F=MRs;UKm8z1yVR(=na;iE02^Jg=SZTu?Ri7FVvf3Ei;
zTu?v`PU5-plpG@LclqfJ$lNHu=((c04`<U+P|k-i8j$?m^%(G>j(v<xlX`O{Onxhi
zSda0ebot)#G6Jwf%MWdoR8r>LUi$mQP=nlUq&QsTO}gg0g4bucMIsT{6NP&YZ&Di>
z?~B2D0)Ptz^r!0^037ADUKfT_JYT_2V(Z-=Y?{bz@3~PEEiIK`AxUuL1IPYr<zFq$
zdmN0C%2l(D8Hx(u-&Qc1snjoxRx3S$V#qc!Y%r%y_88omW=X7_o{o#pTNfzU`6Si)
zUXKXnmthkY39<O(7n?u8$1}OcZs(3&@>)G1>kep9{{wv&5_+~xr+oQGfl$=kmAsb)
zC(;%SxPEg}XTxYxD8?t>WNsYoQv;cUL2!Gpl6<GHCQ-OTw~`$3X_K2W4S14%?tf{?
z$@4XPazhmU5NK4A^|MU+#bN$$@LNv@lVSvR4Whm&<nDNW@0Z0;A$Y2*GT>4`S3*My
z;GYs}*l;v0(m%ntjO!ZlY?>-}ESpQAEumU$d-F;{Xr^4)Y0D3Qa#|ar+p*9S=68Y`
ziDkliXShx&mJDTI6B5jNa`iH)@%Qs{i5J^`wJ%Q#W2kB<=)vX(HGJ^f8g`u*fQ?GB
zuVIi`Nj0}EV%xYBu!i0M=-6oViv0Fzzh10nf_hzYa%PZ^?r+Im=m+A#lSrXME3+T)
zi?l&l0Vks~>1D~!TWV`mj)xxCzZc#M!vvfv<k6N>`))`=UaAqbs{hd8+U%HNfux&^
z^BHl{c5x>S!iBR3;0JG^gXeO`Z_Q2IMm!NnI%CLX@Ppg%nlml=&(@aEOl03)Vy5|C
zyg8l<Oz%hm0F>I<bB@0O*7hDqHjQ-_)O5r0-h>FPFf~rzFYF+{+?iFNE0@%Z!xXmM
ze6|$3k9pZ=X$EX74d<$#Znihd=%?`={2i+g_@OcyjzEqG_8+z$39s=G(z4UzftJ|a
zJ{%N1k&^;JFxiOJl&U9j&iKiZpUPIra;tx1`Aw$OW{N7JO%Jb&Eu(F!Q2;<5a0H;*
zZq{L;cv|JtU@i{*0Ih5}LfBfL%n~0xZ{qG`6s>vSRLLGGa^b!Z!Dd#qI7|@#m8&Wx
zE?5ix!-lc4^H}pSLZ01Q^;hI=$Jt9g|J^;^c>Z#}%+cookKU=v-LyTwZZ#`hEvZM5
zzg?s4d-t~LIos*x?p|H}?pM|iN>xx&_fB$$pu&FcX*xZ0`LxjHd_w}+fgZ>n@|#>!
z_;h)T9a-kE(?ULT>h!}&gy{=ZH(kAJ44Ojm8x!$_pTpFg44vgU{PL{X<T0w6Svad#
zuCQGAEmsLDYCLjN5SkK&K|@lb1snYoiCeF6m1?oEz9UHndE14u1ND78u!CPVm1J&}
zn|IGe>kVdew3k#FTnKO1y$^?d=S51APLD6yOW*Z3uolwpJ0%XpP0#m;Xtn3tW9}AO
zDBJ3T3x^dJ9>RvpEHa=qF&*q}3G}6@rFY;Fz8WFPy8+I8_pII3YW)@Y=1<_7>P3#@
zmZ%cd1!Cis<<5;~YoP!g{oeq;%ttaWDB^2$uSjeEs-2OLG>UMauHxY@lC1K;|Nd-w
z_UH}u5vaQPdM##@qz=lXk;a;rz(CnBH<<tZr1uHjZ2poRZo7W?Qr(Nf;wg_HtyN2i
z>Kv+6?R@gQN|v=c@UQ=wJ#S36OsSJF0JNz~osVOtgfBg4+HJHuuX-iKW6hTV6-*dB
z@|r`caZ@}Yzte82GFXw|pN)V+vHfzu(tpW{7m|x-{Vc8OG<%PUFJT9Qzc(*|0{ZIT
z`Y}h+gs3pLB0amiM<3=65~CcThqg0&x8t=Z5I?3IxUv<zt_z~@kgEk1hX!hrh2KIB
zs|4zO`lglg#HlIj!ba?gA4lkxa|K00hvcLI@KfsT%7__*h_6rHMQpjWzW00X@yq;E
z^0t5?_u9cA4>TN`uylwAl6ZGPX!d6h@#!5Q^<|8<g<*jC;|avaw(H}v5BQrLzR<0}
z#*Viy1ap~|7N=hw=~c}>eiSsB_X>+H(BAl}@_pfblfWCt-_3DJceAr#QQ-DNnfsN_
zoVN@d5ANB>r=^Z}tmB;R)k&okE!73NY6u|u_X=29)l%m2rHOqz1>A)z_>eK@KH<YP
z-Ta}A4A}z={H=I*wg^G^?il@V%a(-e)_G;TJD{tbr+4e~o6yfao}7xG=B`dB)KUsS
zE|c=S>RW8NlQpTJzgM`GlY3|w$#OMPH-EY`Uy7@JkycGpj+iGR{J@P=<r5`j@5#QB
z)hoGN@a~B*N<PVC$r}h#;GN)MtE7>@-0Jgu#<3UBel_tU|7JdKeCAUU)ABXi%4O%?
zZpqDJUAgZx;c`X30Rs?ENsD(+?BnktiCdqf)I<j2aQC3$V5USAm8Oa&`EhYNWN&PX
zc7KoMc2DY1&e{+Y{i&a=(my=}kGFa8W;!HM?#uFWJu1zTx}9!z5+>j%Ap@YPdC&Ix
z>n}a&;*l+*w;ia^TIHcC|23=F-=i5M`elpvXI}V4SmA%a)=zQ{LCoZ+0B$_ZwYH8a
zC#}#p$iAe%=Y0Hfi|t(`6B<|(pT?`3h?c182)&vvygLXLEP6(0X)1@J+g8<%qmJA-
z&o4TLUIp>0vGRPa(P4Y`C}gzov<#Eyp)C&vjS{v!s+p7bTw3t36D<Ajqohkt@j@qW
z(y|hD&fk3xI(~0m%)4L<&|9mp4+xEaGksDyn8Xh+(6zPxr5AMYyOM(}HL_c2DhIs-
zN$VXrAFUnFQ$G1;1iqH_ws?yG^Xyc!W0e(=AA}M0;#UVL#FL*TPQ?YqULKFPD1y{8
z=@FfQwwwEHb6@iw-FT=*K9Qa9rUp}*7VW3_rhR%;-!)E2^!9Oc7x$6ze5E2Tke|ty
z_isGqTT~>zg5pu>Jwi40XIz3j4BK5-I$K?e{s1bMj(_;D;`;Qt8B?^;;^PCJ+il-<
zHzzWs?3`xmZolT547;Z>`-&GLbhrCqMB(_mH(2jBHFt2V!*Qjpe*2Cc&){W$t}cI>
zdk@5kebG9I^xMG(T@HmIlqd6LIl#*YGw91P=NWF&6%ic|xk@#?IVQ<(q;cKh$6gvN
zJ)o}}|HJ-PxD#!gA>(J$@sf^T`9+IAR)E_=SCvufjTSCQ%yggAu>^y}twOQ2ColaA
zHQ^oKXC8cB8z`LD89aDSP&lX<2zcDw(&nTuSo3aBBc02T916&g-wrth^!X_@rvAF=
zsxMT-Rr*{QnX<BX&E%^4(9D%&E*872H<NImRiAaieQJcgkzj~AJz?<tnOfEK5EzrS
zn%!n`AHnLY_EO{vT);Km_<K$s+Ig3cRDb&r9Jm+$ozIr=c1%OGUpwtdk)7NCdff;>
zw>r7ubH4*LYGUN<c5+Ox+dyeA{lSF_nBA9KLS}%7PFj;3Ct+rPDw7$GiAtB_;!2mg
zZ)B?=oirO-@<CslY^4(b&?Ct^lRNaQ(UlHgB|R8+HB@emv??I)>hIzjG|XXHa})BN
zz#A3IeZSuy+~KS^Nq--vs3V_eRCW&)6sXemHis7Q#h~JQ(=j97Xn?z{oXws*W<1%k
zkPt@{xH1(V>(Fyk;y9O3&((B|y{uc-`3mY1IH*aYWM}4=Gf%^EKcvN5@Y}`#W!f*6
zbqkulVm69bDhgk=mNGY)>yz1^vCo{2f<Rfj+d}Ig3$^KTfgR24rKxlRfT@!fiThof
z-eoM}rHd>+H}d6DiqT7g*3Fv(@e*P>!#s`{7qbn{Dp$Rmk7QAxS6qw9QS9mMVGeYU
zVCnH%Vme{oLjS#e*o7YDTFDdrW51s25vmUg7)?r<*I=oZg8rZQ)Z@$ldy|a8-g~j|
zg4PuA`u<r5GA9i=e8oIxqkLMYCaT$8h!<2cUv^M%?A^snfSchZnH)19G9&KT*-Ao!
zGf(7?ZwXNe_LjRB>bJn-s9R*86#-}g*rWy`JZ7b>N)whp<q!yxn(PCzvxSzx4#{-T
zc)UWO1z4MH4rj07%8ppEp?@J#ZWsp?%E2E4Qn!Hpg@DJc;D^beEFl4sC2ox_vo`Bn
zCZT;W18Jk}yJu-wL9_!uz*{^HW{)ebac2H=IA`nA4T-VlZlwPS;FkFZgY8)A*n<Fj
zx~OH6=q~tUxIC~!7484$p@|kHi|zK*Ma+xu_9(^AqrrIT5^pgNZwM5Sx<eK1Do39!
zmkyQ(!slh^<+APaz(z_8^qf)5R8y|IK*I^$T!ts;%$}%sc4e=h7FD*MVC4;d<DO>-
zC+vzQDDv^y9?;OaeQ3NF6OIV;Ou`f_eB9%+tyi#(p`+U>&}+vvh0<hL6>97etrZ2^
z+={NU^R@@)ZIeN>BSdT;L2{!H6vLD?U4ScRtE_n-Oc}~Ow@}7+j6vW<eFtN!68*$m
zS`>&zpcDk#ZDh^Tt>+L_MlB521<dTvOV$$*H(iDMtyIe(oKD55KCnR)M6sXxou_hX
zx`%D6$WOUoHbqh+O2XNeqj^vjIPH=&mA4U$SNCZ_`55bU``KU6rz^3ca{8J@P(4el
zd|`9eNryZ|JD`U**T<%xVN_8Wv({sf=40EccmnK*%_Znro-^*KwEx<peUYiWA!pat
zjiWPNHkU}35>Gf2P|#%|+`_4=b~<Sg4Wb8k$1Ug0x6(vKc+}F-qIju~OV_=6%#?an
zZ!Fu!SGndd{fp|;d*!S(upz)GdMomyw94MB*EL&AI}KtBvP^hsg<(Mq4(^;QqHE~&
z8pEs4ZgVbPRGBd#K@?k=n&@hV1VnKhzy>mgjC^hX;j`FYW7b8#Y^Y8k#0*NWlwoqA
zJ_ZWi)F2a#l~inslml9)HTir|q+WwQHwDubP#RwGW3NHWGO3?__~XAcJ7pURgzT=Q
zwSo2OA+}w&kBc38^tRtm+QJym_>vW`bkZU>cS(?KX=+bMGgD9(ff!cyq60si>totR
zuV$869?4~h5f=wfRa{%oKXfnyB6b^N&irG*@#W4g)>{~tG4x5kPhVOd4(vVZ309P)
z!hL9`dHrL`EDyIqHeb3+s;<%dPb&s~0Q=K?MrCa&mSV|x+fXGm7Gh2&=uRpJedf^h
z>j}nsmMG#P$drk6lSvUu)==#YTAw*7;+r-uZBCl=)5Hr$K@6cvc1m>A&V>?v3)PRk
zID1IOdDk1k5OXX9y;L0-;g=hICn$r~@X*@Xw^n)kUn<rj8!b%-SK>GEG5Je~5t?CN
zuYo;52lZL>v!$+EFYaTnvUK;I22Va83(L9M7?EBamT@&yH1$`2;5Gq+Q-$l%P4K<3
z*;WcCE%*YLuFG^w0|fJWh=CrY;7Nwo$#vWTMBkGxra5zU6HldIQZRs2E7U>#yK5^h
zndO5OtuGq~GV;p1ks@bqW#EOOVC+FJjtr>`RlV0|sRP$Ak0Pj2Io;&^N^l=uR7B#j
zP_h;oVn+FVoeP}ieEGnPA%YD+0lmh20mlKba38*6cMU<bXgCaUNbAM9G4!`AD|dZ#
z^cebqy;Xk+#z3!fJ%~SW-4Dy;)dWfIEO&NUV<`+nJy6a%UJcNEFy1STTZ5ZkJkqyr
zOQB0?)<4}{^J4-3{;Wu{!Pt)khkD4%qhAf&>L)$cC!FgYun;V?M-mF+-#av>PUV5q
zB&ILFvI{ue2hqSTfQj8LGl6Mmd&s^_>B?T565)Dtyi!@WP(70+q&1d79pl~<tOv~t
zHHblj+4~O{3~G5c@M8FY_h5J3X<x<02eRba56+xAT^uN<3$MuPHNe!9iFB!gZXr00
zCv9<|LHo;kHBTQ?$cH9{4_-prVySD&@cX9{tXFm$94ZNtxHS;8TY00`Ao=s<4Vsi@
zh^Qv*hw(RLWy4Mp^T*Lg5}J>sGK0R-l?}Ea8q%N~JE}0M{9C?`!w6ku<1<(qr17!W
zC-~d<_jLU}2(~ihmTb53LEW#J`a{$ZTVLkoe#YSzwFA4;n&fIjf7;eKb9M6(#N16W
zO%<L-Gpz5`E4vIr<Z9{l;wl-ktXkeRi@Qg$Jch@Np*`C3Z>33$-(tP9zF6&YODvgS
z8b!chzARRPtn#q}_l_A>f=Yey!k!$kng80O9xQvUN6%ATBk<TQF!tAOqlig@E)i6^
zU(*mwIE=yynWt&kYnzjLrP&mFoW*NLT}e3`LugO-?iv_sp{S>B0A*DE;|Xoi^~)e;
zJ`aZ0sj?dsN!Z~V8(?(h)^%Hp->#ZE9gQ-Ob2@Gi!ySmWKTY2JzF02(FK@Go&M{+8
zx^R?MoRXFqPQB6~)OXGD2)WmI2ZF7qA+fcV(iWJOuPX1hY3N?*w6*J877c$P#$>`_
zGL{ckSM?Wi1ZpYl`5n{(pv&%PnI9S4VjS}CrtdxEC0Zzw2<9gPv3r5<+rhH82+tFH
zn$&|4M35livGM6q?KKWfSoKIb4Wv=oYer${D-rtX>gx5E2l^pqZ17Og#v*&&zu~dP
zJJ!!C3luffevK)q*E61dc~Y!bu<oull%Y@V#qB^eZUv&?AthsY$=n{eT#M~(7vm^P
zNfw~_Q<a}DST#+<Jon2>-Z1+6f1Q<4)z8p<+#{(6I<6Cp@V8I|wr%Ai{LBc7^(}{=
zs_+vn#+`f3`yekpG%I)M4(9|NL+W3K_TtKV&7&aLk?wi=j<ER?SrI+wNBWN>dNnI)
zBDovu6$pM*a08felEWw(Z_$S`M5lCVZt}8cG+#DA9FilZgc^`6yz=w!$M4e))##r&
zarNMJkFqK!yrVgo8yzH!($)YN4GUIpU9}AC9|j!%>TmwgnQDN4)IC3rcPW01th7)Z
z0k1e41i!mrJVKYP1a%y~`lWdjfeB_?M$F4b&UYDH@w-a->5o7MNmg2TOoRrXj?CZO
z)zplTl%|dGhKI!&Mo9&stRgWZJ({^K5%(i8-{{w#{?r_?2p@<H5BnLaxEc5=GRCI$
z`iIu&pHJgBhE!M^RRBj5Z==cK=!e?qIyi=58^atIZ_^fk0+(>QE#Vw4(Qi*=6@1vg
zE$OreNQC<LA5dV=OuE~~NN98R%yGaFl0HEX<1vndQ4UMso5i@4)xEQ|Z4PLQWO3j_
zAx8*^j{-0EKo4+oXeZF#UgiWeM;w3iOIxm-$gPP!iLz|L@^L{2yfzvH{zFK9M=-0|
z6MPN)FXa*%?H^14Dj~y=D*_)x`INu8{#5xtp!o#UIRc?M1RfC;kaz*qIhg}Mo+FT+
z|HF;LxuI8%oTE7(*!VS}`RM5RjWc?n2RaoDdZ8aWrh^QTSNa)TIhW@Grw=)kClHjM
zK`w}bNF5QSi^7nLf|uiXrpLOP{CJ3q6q65m_xbn)m{O4+`H-796%;_87eE5dK&=D0
ztS9@^xHwJJ!=f8G03>;hqs2FnnzCQ}*5m?|4>{XmySK;JH`utfe>=ICySbk`x~IFk
z>;L#8fw#NAJG{rcyw5wm*So#nJHF?;zVG|I6Q`3M=ekdMbn_a(2fU6Ce5Dn<!J|0B
zyP3i-{D(LEzZV+BpSZ*uC&gF1hhMydJ-o(aILF7A$A7$qhrD%-yv>Talf8HiRlC4D
zO~PlqQr3A>bUIB`I)2!^5hV~>=zLQc`Aw7nkjMCsbNQ7hLY*Hu&&Lch01=^gJ8ql2
zZlOF{r~@Tj!`8%sGmC~O)cFP~1<vn0p~E;%uzc7zh0EXk($fUXvpvw?goqP*+@Arg
zxBWlZ{kTV<u+zjh@ccK}{oUV0+Sdf$6CkYH#NU^_;M=m)cNWzzh1COr1z5n=ga1ql
zSO5u3LFF^W40O8F=K|Y-J~GrgA5cLF_&GKid7T>pp(lL-D8lFidFk`~>C=3lAGwQ@
z{y)q>(qj`J-2UOyMBHn8O^CP=Bz=eTex0X&(mOp(l)&24g!1Ef3GjZO3%~WV{_gkw
zKb(1;pMlU<Kj=$;(m%iTQ-AH(a^vsS<J&~!Pd@x_zPVgJ{Aa%W+k}XJ!|>xc(1$%0
zI6Xkjpz?1*u73o-<tk9`AD;>Ts0@TSP~bs>2OG|qc#x0AjNcai%k>cB!2%Xf{yXz9
zB}b1P35q%>6Jx=WDm_xsIN^**g9QwN%;*v%!+*#|T6}mW=gyx0fF}L-?f+&~t5>mR
z)w-2y*Q{yMcojR=>MR;sDFLytmTg<NZ{fz3+m^(XYgHZQ8p%f_$)phv0-lJhKncT9
z{XP^7xB#+}d`e7^yzyUT!xKuZR9ZD<E&v4zJH~v*v1QAIui7kGf^T1f7j3pYX?k>t
zl2Vhh-mJPH$QgX7k`+Fjc=3{8jVHfqR_i@VQ{YaCGo5;M>({YYC-FAL6lYc=OUCTl
z^<s$;QQuBXnQ`!cq9#!ND^WK_&E!jVZi!Kpkphb9J1D)XN{|Sn`jX=9CyZum?I5Pq
z+YG^n6r8G~0^Czh!wro?jzbNZ<H|Yc*xKboj8b5$yYH~t4@0RmqyNH)z|I?J0!0q`
zrXJiBn{lIxM1oMI9yzjYrt}=*45gCl3C;*AAmcBlnMx7`sDtXELP(unJ18~=8#3~}
zq6Fj-r@(fCEf>eUyy(O?;l#?rIEM?-s}U_Q@y!%g+)BuUG9##f31+Yjq|D6g3$qE3
zGBOuK3p+!w@F<k5(5WK*#|ZH>nn5zdZYm)(g-Sw3Jd!rGR8c~2a!9fQC=w6Qi%M9~
zq=Qmr)m5GdBJ|ONJe{mET60-RRXUMHcFttQvU99^?t$~J<k<8o!{OY#s@kcp?dqFr
zx19>BZ%g_n+^)jy_9k<+I+xjZHCz_nt(=|L-h1)QSKod0mH(GtjOzVY;DHG)*x-Bp
z6*%C78E)9&hatWx;eQv7*y4*Z&N$AA`K?&vk3kMuWUDyd*W-~<PFZD!OV;<~m0^xq
z=674p_vM*!&RJ*TYR32Goq-No=;OjV_~)UKPCDkE?>#zZclE8uC~O<fmRYD_X4+n-
zANDP)8Q4@!EU;(gifpX}8*aa=J<@9J83yGGw788!CcFaLK2glIX)fAet{v8i?~*DE
z*J_b!I$T_gwiTP(a=%F%BXV!D+SYZirF?R0gOds)%b}`DwJQ}0&Ty^@aL~ZR4?n$J
zFs)+!CalHMdS1Za<3Rv8*)TwfVZ>^zKJ)k(v;<Q<9siUg@o=Q#?r)06%x;55vQ!~i
zqd&ga@%{-G)|&>MpfQM^7b$$c#WNCb@qNtI?oA78Ey}{!udFbQcE#~}@kPJr%GY+)
zll%cnR`wASMyMbjgE;S1R4GC7NHW0c5o!hi098s7D47M8&wU;8Tfv+r3f%#KguEjm
z0DQ-yte7fHG;$$to&uC_kYt7s@km7~Gy$5>1Xz4g%?zIMn<!BRFB;)e_iRLyw*^sd
zK{?3~b;PRokfa1Mxl%n|L_;l3DReg(9rZAznkH=#NZFFyQBndQ8v@HlG0a5`r$V6}
zb}@A6QR5LSGPvQ`4qi9Q#RyMWLQyC|32gX>BL4^}lPwT37wRCS64c=gLT=$bgft`@
zlz@RilF$HKP+?VOFay0{h&?t^Q=86En8TE^ORpJFU_|x3(HSN(&Z|+YC{@Y<txc7+
zq~mO!(x#dq1CA{z2#k8!7}@mCB%ryGrY1lIgQSv{CmCN=&iJR3BuYWlJj^S9d8S)&
zGc&a73LoEfGIdmNlPCO#5=e-F?vYRl{}2EP+2D*5IztpB+#NgtAWu!U^MnB~5ctGX
zfSz#kl&|@d3pb*mR~jKFrZh>03Ix%a#HTzp+9mj|wafsu5+^{sRhwXxw~u<!f0j$2
z5grN^b)DgW;tU-_QK?d1f=QdKe2;%{RR0`wGV5mFIKw~#`44`I!XU#Cg($vLiKl)e
zA5RrUKGgBlN+|WI)a%bC18@RG<l`!$5Yrufgu|dJ2qc|j<ukja!<p1at-$ipQH1oQ
zk_ahAx4e>2N-~4HI%b(rtcT-313OYlrL7i$iW8an*xMXL5%D1<;>rj<)!9)ow`A*O
z4I<a~K*cC0;cO|JgsX!JXQ;_?no*HzLI8wytXdgqV?gq$fheLdk0Mq>!q-_B^0rpB
zTGb4!q}xOGwld=B$*ES$Dcd9}dwio*PnHQy$xJV>Z95-LR299+RQD!un?Mr@r$FEq
zFqi6il@VXHz*`!3SnHk41U0fL+y7uNzPdbBa$1Wl+`$%3iV!PVjia~~3MWJ6Y%o?7
zJiDx@Yh9^v&q=0cm2jC8D;pMz>&B9<twcCS6dp@}>4ZC_t$2thUGc$C948gO7->?Q
zER78oV>rzi$36D(zjXX29{-rgMeZBJhHPXdFPTF@K2egH9Azn!#mOIn@|3Zh<*QVg
zLs!=Fm$l604SCr(%fL!L%nW8VgG|gIIt#zP5P~0^qblcsK?uIEW<6u9&B`G&apEjz
zI%CAnA;5Ep(d88z@0rnC{vg5rJe+(4dd>$a^r5pdx55Z>D~`*`8JTs4r~InXD(iD{
zA}#4382ShKxOAS~2Ak))>Hl!S@$};+7rE8us9fht7q}`+#9miL#HEJuqX(Ais(=C%
z%Rul|&arAaOZyAYZV_x`ViWjCrZw)f$q>^AtXHiTzujXm1Wl5>w2Fr+0R#<eNF6LH
zqPsHTF?NoTt*|%K2^4K;!yB4y?UF>>(1xxy>M*0cE?p5rhCL=pOxis@4DpPj6~&gE
z;uFaV1tuQ}$x#H86pRzZjf}l_!A@<QlP!bUEqD3LVgB+r_?zYccXplc90C{&dMj5#
zhGq&fpn?RdCij5~Eu)!HVZU-ht^CrhXp@-(hWsH-|Lku}d~$^4n_~O6O226ycCnA0
z>}3Z9&;OARX&byN|NjeJ(2e;h2W_u4mj%=<8Mhy+pHifAe<;-})0zaG5_)jUy4K;9
z^5UEf&C787;~^h;$v^%JVh{LDCT(aK<Q&$qUf#kDf<@>VDT;4QUH1l?*XZtW<P|FH
zS;+))ABnsvPG3{v5D#Rocg*W>0{i8wl6gVDy61D#o^iK*dhIgGxC$wabGH}G%5lov
z!lJKnvzsgYIrmU!h&OwQWh^P?eqV|wj<Rn8e5(k*(*GcSacZrV2ajvmWGVKz%*kQ$
zGt2yS>OH;!ZRZ9q=hAHd3{Y8i&t(4ZUgAsuZ(<qltn&_V0#Bs>gaiG?Vj0kG;0lle
zJ#a%TkSs9p1OG|z*pO@iOE3kOCIMXr1y%3`Q6>b(VgzBZ2JJ-#o5clfa0f322fcy@
zc`yj!#0R@#VOHS@kT40Aa0!{P37zl>ov;fwPzY_12)SZm2w@RYVGFsi3%&3Q!7vQP
z5Ddvc8b(ZH7EM5CO#i&%;;teM--N{Why`tC0kd!n@h}hd@C(cEYr>}lGE75|A#YA3
zZTR4>;Dyxo<<^EHl&D~8L`|c%f(pJzB*a8ma)eSuOF68NUhGf{_b?Pikq^!ADjo<U
z_<&7_33Jp?!mh$|9P12OG1t<DqhitiT+v&uLUS~%#2_aZ-NYt5Y%5mL#SrM0tj1jg
zXEUZ~6aUYPKjzMZPS7gua1^ak6#G!a_-2NVWqn}fRdD1oHZ7b)<rD{~1mLG6GDwQN
zaoxm6BH(D-o>3=6C0hy$`X*>b=+W(d#Z-=kL0%<X9!PvbseZP{HYP}+8i*hwV;tqp
zfzokusIP)fQ9#~}4;V;%<U>3VaU%3eDu9TuYO2ZT&}TmJ8c|XYv#}~*5m25&H?D-Y
z+Kob<;u)8Tv9@UZFk)&r>aU*2NCd+O>Mry!B!RkRnZ(HHBF7d#he#Huh`gvLut+9^
zBI15SAsB+9*ofr3L=-v>CUnvz0Yz@G={#=8q7XtI2O^7Z1+YL31WU4MPBJCwG7ML8
z`u{j1I2dC|TthYX@>Y<knn-GL3I#MSXEyMTB!n&(-g22XMVip4nizA}l7hF4fQL}A
zy>JgI*u<KUPMS!<d0yxuA|mPr^P*gcZxUrNlF5t)LMM_UFZO~mVrkcSCN8&TF6(kP
zx$rJag>NqFFG-~@Npmg1B&AqNbZYW2E8~_#!6O#4F%|2jzzNi(;^!ixN;s+|zvx!%
zjyw`*G-+g{PE)2*vn(MBJ@kk&{-f$n#WrY4E#Yz+tD+itlQ(^HHQGiI?B*rO(tLI!
z^caP--s2<~3$)6Ult6+xRj)Fth2eC~Dni0a5a*C6B&c-6Iv;{2uxPJ5!ss~dfB#NG
zuoy=w!ZV^^0~uN@+YX25U=o{rgqtul!vw=v=*T=3>KNzKXms;F>oPxAV^9iXjJlC8
ze?@#mMI!to;k-mwf~&r6f)W>nIirsX;Ao@7hcDi8Nkt|4sOM7{#X4<6-l9>uLZzin
z>bgixG&h1$+K2k+t6Zq>Msp-m5~X?~V_Rx5Gx8=-?B-N3QyO`c8bQ%Vf3y^{A{h^l
z(|)nTwt^S6#Xf@RbGQOh?~f}KOb#c^D~geExS~^sV^O<8Q>hF$Z>L8M6(xaGLm2U1
z2$2f$jXrO}K2udy5%oma5LSDv6SV>h3$<3SaaDD-1bH<pd=*$zQdqyi2>$?)Eb3uW
z1%^~1Vk_WqSm#hyOM+IB6&r6gRJ_kC0Iy(1@+$O*z9P|Dh00X>2vxUr4_8$oZm%KE
zz;vb}Ta3U6a$!f};|zERdZJN4z7=3Olp*qUYA)jEc*rsG^~T-<ICA6+9HcY&l`0O4
z4?@o<kbw#k)~EtiB=llo<&|D9&OI12R~fBXvEo?Ubre@Mm9*rro@785MNI0!Ff>*n
z(D8drMMg*hBPdEI2Erle5hBC`iXK8}FJ*rw^(1B}A~qCOHU%&X#6P~lN}eQ3UNf3P
z$$WD5ps<z_&j4l<NHi!YB^*)d4iIIRgI!k^4}}$jd?ZSEB}yeiD*x1|ig0C8;mS*l
zB22xDD)eds`W7iZE<f;tAcD%I_G1udEj3FEDM&(%ssch}q(~6AP3#6s*7M}lwk+7T
zZN>0yyD~u0lRT25m*$ou24x^{_A)ZoK=jH$Q5SM0v`J?GM_OVp{}eOOG9o<Z;h0f7
zN0&I;gc50KToJExs{#wTfDD}Xd7(FYrFVL%w|b{n3R?tNMvX!aCtOdLc5<Om082-6
z<VG}Ne1q3;bEJ3(gH84lNC3kxtu*e;L{8Zx;s&oxTFe8L_a+u5AEY6G1$cl7xPT4#
zfD!nBr%-(>iy?66a3DlqH^X@tLKK23FdoD<(2*lvH%Mt>gZ~?Xc9ldCWCDwjK`Up-
zicoKg27>6~moF%^erv)(8W@Re4=RGnHj`If(@6&}Mod<s0Mg1`41+YFGbcU;GvP-}
zf@KDtby5K&uq>q>1`#~oLsXtoQ|P8Lrb1K%q9;t{cp~u|u-G7~_$X8gGYo?-f_R95
z#WC!rFglX_`nM#25MA-uE9w|vd^nH&I9c}iAny2&3Ari)`5y+kkQMnK4mpt*nUEW~
zj~{uGZxdT7`I0%2hlxs(F}ahsB9c8hlq-2qMY)t~N0VKPlTF!_8yN(^;+0`JmSuUC
zX}Okd`Id1xmvwoUdAXN;`Imt?n1y+miMg1KnFdf9SsM6Z4ve{(o%xxeIhv(;nyI;(
Nt=X2lfnfpy06QRbT(tlI

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-domainnag.gif b/windows/keep-secure/images/wfas-domainnag.gif
new file mode 100644
index 0000000000000000000000000000000000000000..9e35fbc193b37fb4f3e85155e26f08ad2fe20b14
GIT binary patch
literal 17902
zcmWh!c{J4D8~)5<W{hFRnzhEhGu9+B_C1rG?7OmzH7bl{?8{J!qQ;tphLEpHV_y<u
zO_XE{NvI^L`Sp9xd+vSiKlh${&wI{u&ig#q)Z9etjCV1}3`7I~1>j%&A7}iVd4weZ
ztha=O1b{2W;36b&I#Bg;gjP91ryQeGj>1=9@Z~x>Iv9Kf!l(v^Ct!?fgpIQBcs##R
z1r8t2Z&o8=R*E6C2wOF2S$SivYOsVFCICnf>SYM^3J!$?0ztu{Ny4QC??A@6G|9NP
z0RBuS24mzNqwZeg;^KmHZwDe~&D`_Uy<4=rTXeiz)cw1>y}fn(TXcde@cu0k?%sr8
zvQ}shG=a$<!!!$R*NNyci>L>(_N`)?2oas}!SOCJ#bz-*gqY5}V1Gh<drVA>LwuJ*
zd=F5{Wa{X+#CN$QbXg^jc_&vO%9#Z6KhWi!+{07O^iS?_$eMJ|>d`7>24^+-XAO|a
zWNZ!7y>LDvZy+zLJf?7@g&gW%x)@Q~l~6oVTwI(`I+k2I=3T*zsF>YPmWZzy+ajwk
zXX%j3$Bf#U5jE@Nipji+$@u!kii(Qjny$i{$@r$N<fi%MVwd<P=2&@rano#R(`<74
z4l^rjpr(-AzEj>Z+f!dr-ZG!nxt`U|Y-wpJZ=dgMX^I(OW_2CZw9mJ+cNTW-)O0S^
zch2VZ95r>0wRDcucP*FpFl%}io4OX;yGCky*2!bcuCA`qfur(){fdFDrk>^E5oY-S
zv!!Rby=Sp>j9EU$tQlbz&oVnl)+;8NT_fuUU3oQ=%+9f`uCeu=vGw{{X3HdVY;26#
z+1WJ9te<E0Om5XIGCOCFTIQMiBQ;&KNA2^>k=d>GMdsM-*8J?`$ox+GGP7%u*|T`m
zv&fvB-<hAEA6eWVSY+<cc8)C`%q}iZ{(syVSZB^I?~koB=a&yA*N-OuE!Pib*N>R<
z^NZ{IlUvNi^@H{G^|2l1;?@Ckd1P_xXmN|Vymhd=bu_=jT;Doa++i;N13L%nJ4cKA
z{{VAq=U{8+h`IG|gQN9*=JEk^YoEEZf3&~9zjJW3bHHTo@9ZBO?H@1?4w(B#%!4E5
z(Z6K=KM+jd*NZcTG-`J$f?LjQh*r^?ff2VTGi$Ew&*4`SgdRMu8Z5vXW(%9QR1e>f
zv8&%M$x9x%jq@ETGk;S1x<qrV;ob0)2jlmpo`eDxt#uPsW;f*AN7N;|YYA0cymD>z
zGmo5~Tr&O@{pd}-{mX0-%l44BO#xGXQIFai7oHMrD)TH)ODuH8ecNeJ6HgPUF4L;0
zHhnDq;-zdM@ngMR_~NsCam$0b+fxk!?D;U0VgJ3Cy>dcCU!78=)ycZeNWtBSuX<|l
zwiHY>eN9BV%R17QQnsH67>QD%-@W_qo2OD6bCRw3F84+fJ@EVA!L^p}Nv&t^yw!DG
zeK#F!lgd1G|5gsMAVBqW5Vd51r2Qn;FvBzBhXP=>JWlP3yOngnTs`r@(`?mrT%ok)
zG@BSCSCft^!xp-DGY>T^MPhQli^Th84Svk<h&kX)VXBkNOj%+jmi69^_VfeH7^CHE
z<}_!D=?R~K`?*`MQ<i-iVtD*a*|8>*>DaI}?;<Nl|3%Z7?`GA3VirT>6p6oTRe>&%
zQ*@M5K)YC$VYb#P#Z?oBhn&0m#`%VaBI~Czi^kb`&ydQvd!_H2OV@7QU;8zm7`)?L
zN6r2dRcp2xd?;1!Jj}XTZR8zLnlIVDd6G*FMRO+J24Q?F#9BU`QhgM`<sWciECrQ?
zoMnEZng*p4H{(S`&4cZVcD6oyBnSk<$O?A~7ku7L4-C`BlTF+rlHLZvR5MGv$x)fc
zr^^GU6L=~v=l?~{5|(eV@m@zDrAnLD1!pcl+iglK&8le@`s%v6_$d6@!OpX(XMbVG
z-Y>ybP-3^F|F@Bz$CMt1FiKgcz~wtJqB2|D`sY-h2WKv^=T~CLq|RfWNEjN2q3(|;
zJl&3bg_vXX2~eK*6gWOX(dx`nj?w}gPv$60b{_>mh6SwWNc2~VYF@olHW|qSCkT2k
z)TiVJb<`x@nvt<32C-=<E>XXZJ3iyx>kENgVtmeF-=XG;i~?jM*Tgz_%9NW2$NZDb
z9`x=boA#+a$k@jW%POtqjGx~oG`og4)7gb^FF?ErI=wt85#w8uVtX_CHjrIexoTnn
z!fDmN=LI6*ox(wg10yym?Pt@|QBEjC(ay_|Kk~5UwcaL4JWsW=)plfm^z_%`Z?6U`
z+0-XVQ)7A)hpKJt&!1T7b4L-Qr*nTdJ5rM_1X!#plx^^Xf0vT~R8wBHW$}J#d&0B-
zVq>(scSe4J&Vy}czs`>q?962O&NoDdsXpfGbQadDynyJ^P(+YR_z5lQfFEt$l3{x)
zsruVFm5<pP>aN^_8@FB-zsooOwvo#2>Ijx6`JDVhg{kmt&`%!GGTLwh8qD2hb~CGr
zNQGW1EWSu`wFK?-`Njo=^UUoeqF7?BWkpPD%FE*y6vJbZ5$1Uy*?!4aSlhlI{bp$3
z<Uk7lbkLv<UWL5#uz{7*@z$cnUTn5w5OwCrG&JBs38-w)&Ir7Uavf~Mf;JLkE{hJ0
zlCz`$3dnJn<y_q!n_cVP4Qe!1ZfOWja8|t>H@#wh&)0aIXn6Yh1<n)5s`fY087D)9
z@;f_g#C#lTa@v0T1T*$n&Z>GLA1=W)qB%zbw4WsRb)=uO8dil}uekghT>CyvK){Ot
zDn7lssy1jo_Ni3t&LKwpRUNh~F4!*U-6)%E9ENVNu_D;F>v!hoFmv3tEGjc<<L*ct
z9(l#Ywn#in+8uczrT8J1_X{rl+;8&>iFXVHHjn8e76e412v0@q+fy0qoQz_YkNiuA
z#>P&awm#JmJ~jKduyyK)`wKfiWaum5&I~}Fx+2)-^^o8+&qg%zMaowJ5{WTW1#8m^
z)eIRB|89CT!7$$N^(EuW`s_X)?69Y_O;i0#XA5tw3w*bKdt$x<rLpskGbB@9Xf`ud
zH1`Hd3kxy6*qs}#?(J`l6|TOMO?!~&f6~)g0Nvi5o3+CY2Qou|S$+VbKw$@wNNCZV
z)Z+SO!9hau2!@z`M>UJaqPFcATi=4F`v~e(Z-`R?0Kyz?<B8`7bA(+)$}9oM(MQ|+
zbEMSgN(Jrh34Qy!NVj!;Z-gv>4|H*5Ba#fL7UkTRSZZAxj2!$?8;06fRqQpVW8){-
zNmnDh5D)+heAO_LP0MllaqmRe*Dnnqxkny`I^eE@@+LyoME>dP4p9$8<XwK87D$wE
zY~-A&k5@eV0T`XZ_%TS)mMTyn$g7Lzma@=0p*P=diFLYeG)7nb_8z<RqjH&F9E90T
zhbqSv6~?FAJJ6j6kug25Qb~TI3=d$Gcc|wz1iF3M4|}`k#g@BrmgPsE##@!VZ+2O@
z;<3&gp{Kpx=Vd25#KMSujy+O|P>=VIKtH#5nZvhuRf*=?exeWJ;tPms#iv8o);4>D
zK9tEx!D^RSGD>AP%;Z_}3v<sYha(8HA%HCjBD#WSYwJ(GmMrfkYA4tgGGv(8M%n~;
zPJm+)!jVhzOXu$P2o!Fd<h8o^*x<$whJ~o{&oWXzRr^ja4ACC2;P!U&lJ`p(?XoO(
z*IN>fhlGwnic>?K6czq!x$3R~wWVx(sul1rU=%^;Fpj&|-+FeOL+UjEi)Mu0!NvTi
z&r9DRi9_E08s}gC_p^AX(yyulO3+u&RQZ}BR2JW_HE`>8htkE=)(?14I{wx5_0)^+
z7TR{xx$PanA)3bn63HDlxMp=|Zso)Yrp<rPt@ZQH*5!h~M2~jm1UR;gf}Zyb8ISC_
zx(S<IyC07u1vqrkeR3;TE%Qc4ze?_x)2_W+*!|HjD&!BK%F7C5lqLj9*u0~aKU{UW
z`uxtlqWJ0=*cAQJh`ZY=kHYvo%q;o(lk+gME3-SV9<_qhiJv-erR-2*f6rQ8$O$!z
znf1P+WiXsrl=Ns6IZOK4{YYVJ*j8ku1{Xe4I=boA>-6}0LO2PYv=-bq4MP>=%zf-X
zOk@4dktcG!Sl-S1m&p~xddykB_b1<Pwt$egU=iz}rC2MwxZPUXz?3EB=xIZjd!tRz
znw1A?@@sr&@q<4<UN5+uh-!av{GQ0%IQ!Xe@@|U2PbuKr=l$zZ#(LFivE;GF@z|f8
zFJ4N+fSuFZ37ZEmpRAm|J{XwLPf7gz;A*zC`PZME-vHuMy4CE{K!=~+a*i%vHLkxO
zOqw*l_z_OJ)t><7Pe$BM#NjUoPb99jkVGa(a(1lWP9*C%x#>N13r&ZN7+<L&IbE$u
zeZc}Uq_PaGUC}Cu8Iek<A&?;cDS?F~#p;w}fT$FdW*bKwrLmZAT({aV){y2srZ`^E
zB713tkM2h6lgL=<go_hoIdS;RiS#i3aNjyr`z1aZ8Ktk%z9EO{S2sf65TKW4_+k#_
zC$2<6DH+$|G93>t8BtZu1NoAf8}f}mk#Z~0X;S8`L!U(k0YUPzj7v9sLbfbqPxuB}
z!N%W?%l<u$T%ey7Vq6!wLGFfTn|GsSdw~UNY+XstpK7+JR8{}Eta}J9zn{?$@gALV
zxqs5qpg@l0UgopOXfiE5G&6VF`Fuj1DvJi+n3=5D6*fyl=o>=bvf24s9J^pYaPnt%
zw@hw}GtW1|8KEWiTCM!=hlb4<c1t_3h1S_ogv}Q-9^W)z0vq$gnG!n9_K>RTjpbX=
zlKqp;D#y(V4WxKw!p~qKz64|u9ty_;Qk23!H&NbHRh2=5&l{YZ1L%Za$P~WNE)%W*
zc%1wX0G(#BOa*x`G05M3$W6i-$z5J{R@u#gFa(yPqa&sW1Gf->$KeYqun;*lmTx%p
zwh8DV7QIeDOSS<vbi`UUTNhQ;E3ioV7rJ9M2g-mC5F;XRFdHmHoKfifM3oZ<HX^b_
zEEV6LgFtC4-@G^)sYsV$H1|W~Bn3?&oPh&HE32pvX~1S2ufDl-#zETFX$}@?ga;O)
ze&+VQVO2N|Y=ePkXn}Q?(4Vj|FNqunxWd1Fs9zX%J`8BB8o9tYtx4m(@s@j>hSPY0
zD+}VwIDn~XQWm9HeHjq`CDo)<7<q|}k%bm3)a{}mgDC3C;&-eC(#5?X3;@1`=dfiu
zv8~h4Tn@;W0Q!I)_WLGV6;)Nl_*U2+>Y6wq>epGfDN$y}zXQ|*Ns$SfFjeer<<s~H
zyv~3xs*^@7g6ntgvP}}%mv+(LsJhE0w~ep}ySZ`(4QdJ8TQ(1$r=x$<*<6T7vwoW?
zybTY-|9FFsOgroRjm4a#fx@#q#z_DEk4vo;w23SDlLpsiltOoP$ppN%5v8IU$qD87
z1F(4mM7bLvCoJoqn-~3XS0ej$o)^czx&a@T^c?H0uw;Psb}K##*l#{$|BnckCRIY|
zHjP*g%PHvo8NOp2+^kwv1&3H5pz9^jzn3_V3253bOpLB7gn@N4&nQ`N=0TU(Fk1E=
z7?8pgluAOs@j~%Fz3~FezCz*%qCJ2!Ac7X>F<yWc?NX<M%Wuih8@z6%r-L8G296rm
zqG>=tcI_Xp%3v%q4Ef-XA1Z;AN3rMoMuZ)lL98vIkG(khsB9KTcupw#?-F`}08{XV
zNV4+Q*AzkVEMqwP3L?v`dQ~|B;?C9`*BK;(!7=E?5_=P}@Yaeks}oNRj+YL8&HZT9
zF4%Xg+;SHf$HF-oU~LA={!;Br!3NoRn-vB@Pqy?=CeLFm0f|HY0UE>lO{yf&e~GAI
z-X^6H`Lo$vr!#;}Ml+8?laV&d2Eg%2Hr$QZ<Qj7XTrFS$!qze^y#2gf{%U)U-2n5%
zJp%s*+||$)46r+ZMzJ-7AJLA#v$2{3sRxzT5o~Nz@IV5B{);n#rp`xX`$J_nWwofM
zqK+9HDmYi)VV-oBCQmv_K?7F))^3C7AZzMH!PY2HZ-?@<#s^*$4{*{KYAw-7eU<uX
z&K|+fXtnuFgD$b~@HTImHk<3;=S$O2;f5s-Kz?D_6)excq@xEZbx_jP#j7n+g)Q<I
zFC=+^tA4OJ#<cU9qE;wK;0j>7Yo221-!$)*@k-~*jN9wp4v~)?lxtx2Yv2qDGT{cu
zvD3!>k*bqC??N%Vx7U3IUy$eS3qIzqswV|q-f6?2qm@hnAx5L=o_(a{(?2{&8|-Zz
z3dbm}^Wsmo70hM1RM45<hA^+^sh@Rv&prZ&w2EYd6ev|ApIb-S+N5dlPnbL#pqVSD
zO;5!}Vd}xck`{9by^rbn%iv5uf+6w9eV}?Zj$;DnnpeVOv(|a|+bWJ$w)NXp&FU&N
zfGl?dqP=P8iUDK;5S=xTUq?Nzp@Qxh!$72K5gN6+baW1eMUe#3-DN5GOn?0d!gY*>
zQXqfqUpW4@<h{!-E(GafpvNsx?VoLCj=FzUJ1{8dx@#}Y3hllw*x2G+192YVafyQf
zk$)Gi=NDRB12S@J9c5O5wv3Z0d?5xWX!9iG7Ovl+tl#Dt<eC>p1`XnY8sNMB-`qlh
zuL<CfLmva|q0jN@Z_$4Mb~&r_Z4`894sZt9+i;dk^|?(E_Sp&_`!KGcKzLZM)elu2
zqnie)UB|cKI5w{UH-*CeTv=}F^jp%NU!$VRo<qWphIu3hVn=!CH`!$k0WlnU-z&G`
zJKH)Py)|mvOhJEq1#IUi8y60)rNPV1Syl*LuOY!-V`6k$JyF#jcl!f5>``4<!ny5G
zzpaXCw_z6meU^y$L`1&Zu9aSTU3{(k!i2Fwg=*H)SX*iDAA7a~DzNpeK&OJxU*972
z-sGB&Zy|FD)hwLS5fcidIvHa8r;Hi;4?I9+eT8jTYKS49i?2Amxx`-0wt%tYC)Ot%
zFiv(tr-jkuop6E1386pzypjV?-|-xBPeQRA>%^&FXVF#u5Pc#n0aMB>dL=qRh`M+_
z=kV3`7XEy@ry;;1xO=g*J=jLmC4TqK$nz(<p_lYFyhEto1j41_bcSv<@}O3gjquo2
z11yI@yDwGbFxZJSs0$sfO`i$tggn5pLm3cx|Nml<ysfDm#Z>@jZ00J4RoM<4NEp`_
zeRB$glJhNFxe1X=js1JwMGEFwClz`X<_9fLErwm1{}il6^)4*;dGgcH<f%IA?n@VD
z|847Cj&{ad7cVyI7rJ0V<tE7<PI`N6greYlo8ov{)eKu3Z8PhTe<|p63#2Eb9TW}w
zmY0q%be1HQj`JW@%mHIeeCVp5nTQJk=RX!2@AzQUq&DH;O_bi<k8l4N{<nmD{-nh5
z;N}I{#Z}#j&2qLCl06g$-U+>ML{pCf7P3vtpfvW&@mV7PnzNdHpZ>4V*ffwH;Co!}
z`q0nq5N8*yUL420A<d4eU2M~En&NdIZTA*A@P_L8+tqp$>>?D}-CU{O&!yj9u4bb%
zbSD}daPiA4?Ekq?*ru?)3YZlhWA<&$=H+c7ou;1U#Zgy>WD*0~u<XB?4D?e>mtD;2
z3wEBpJm4F4jlqrVQh@I+m{25Lc=`NC|9G@XdP1#Z4m6w$q}&Jtm*N4h20jaNhEeY3
zI@>vxuQ=2J6*cDdDXz<55MSi;h3LxzImT~_#c@mmx{X-&?6D0V%q(<=TTPv%c*CmC
z8py)sg+iS!W_u6x>*yTTJaxE|PJut?b<(?ivE!+Zkrj+s<5n?^oS>F0Dt<2bIjw6o
zlppY)<L+na<bSNjahR9=f`&%<Ax9F~<g5WUfyk~u=y9rQ(U#Sf1lZh8(eC1DR@!HS
zAM3gbGx;VBY6Fvc`nWz>aBpJnZ{oYZ(Ivqw5aMgEb1Frrm=un&XqJN8n@Yd%m(K&7
zOM3|ia33t}TP<>vroQ)(2WofbA(ee72o=w++eSlYVeOQe#!K4p5r&m7Rn^FA>I_q-
za|vmA1EhC+IgAQtxx${r0!cWhD%Xpavni<c;#kK25Y>oOJLsf-hl{v?_nj}K)1TOG
z+|v~f5A-Cy0NCWF>P#k-(KY}RzisXLb4#ey^SiZzfJFtZjEBaqB4Uy8e#omX*J<}h
z4TGcDZpF+qsM>4nuh-GIFY4w?kkXNHaTMGIZ839l?@yW=f#N+Fh;TnL48a~6vT&$P
zFTONEWP1^(N%k*Gc>e4=IeMXKr+(jL&f}QMa?B^}5iju`*gReqm(1KieLnxrH+=?A
zJ@;p(o}ci)Lw1q%8s+uBo4^g4y6m6fN!-<S5F6(PBGyOsQdro=R`f}9?6n%<b7}k+
zmW{G`6+QY&3M<<$B1L&e+q;*{iePM<bBy!8eR^=j9PrdOKvod|pa^O=K^6g;+l5l#
zgVqqibPid6EU7{ipq%tK<ms_0?Yu7Qr|<CD@buO8#Nr_2{T?UD*Y`wZ8454CkV0R6
z2O<?_?xR1C&1Cyl%3d=^5b&lriTNk?2&;-(jouHT^}CMKlT!gCTM)ocK$2cFI@7`Y
zyE-#;|51QwH1m7TN97E1ux@N91I^riyfV)rQFc}_tSFroP;>hHL3y5ER!>K%@U?yC
zsIpXnv;2K9*b|yFts4menf29qT!?FMjL7smS=2lVlNLJAJEON<3I=Xge_IeTuuc@y
z5`yxjO)Ap|tA8!mY;)M>RG;DLG`?$VwKpgXl1|y_xKE`%=8-{pi5J-F_^ohqiU>CI
zs8Z*GdpShJd^5|1xh!5}w+fH}*x|208ie(#iD<NIsd*6#f+(f}QaKwcGlB*1kb|=8
z<DxQQ+D)<?r_a7_Wj$3dDF{VieO_fCE*M$mCYqB0DDhn(4ayE)e|2Ul9wC^h-m_AW
zu{`vVRX?DfQ2}7hKq(KIwg@0Ybh<YLA#8hX8Us10LFF;xwU%QMM&ZH@h1E$)Vh%?Y
zO$EZu3lZI10~Pgfjj0GLypf{NwBfxVcD&4eY>#<r2Bth@!sxXExfG11_l`DYwhi$l
zbV<}$pN^N8L4f0iOqDXM-onjto@e4k1(tF8q7BQ=vW$_FoUJ^XaxtfYSj+h73eyi{
z#0T4Sv+jx^xoaxZnM?7hB(C$tv-8T;rL1W35iWi1*?vMqjZTPv>_V&z)(h(YVx&au
zZ~YCv#?!0@pI*ggrkY*MrvG_Fks1vZI~7q&kbx+x+MYf$@_pvEhuM!FD~RGd@(DFV
zQQ~A^PV__5ig;%9yFw7y);qqY-(q)Qjq);4;kF=aT&SgL_br5=I!ftR!wsejCF879
zWO0hYe)2$BP~F^su)`%4>HBI89!uGu;zFOgQ$O;~FHWP9#hel}@LQtel*<RFU=PPQ
z_{qC_f>kO!`^G0)Z3Zu|q6p}>at{}jHoyF}jUd)Q7#pU7p)nuf_x6NsjfE1CZ^J%i
ztM9h)u$M$>qvKDpUPX8gm)Ns?J2^ZP&pGjpfvMcgITlOwS;~)kk5wsgD0RkSGcP-5
zcs^2cU$AXIwBF3npEJMu`&InaLRQcs4iz6H?pSk3)>#7Km&$ujp@zDR@x|PS_6%FA
zSBCq-liW;%Og2ha1)q*wdo+YX%6>)SE0n|vR54i8`YUUG1S9QdW1lya!~$7)YM4hd
zWPv)rPrJqYGWt3RsGYyBe?Faq{Jr<0peP{7$4NHk*(G&qW$0#t*slp2oD|B$qM!QY
z>tjeroJ4NhDv<Z11|53mFii@qGH7e$lkXqdCoFOSX)vn7Ra4@N)e$w-wq4Gz8S=%-
zberm36{Dn<iHllz58-c`b4I!Ooq|-bn!-}h)pd0CKCHRL&R$VAbXE9_z>u~HSK(EK
ze%S>;_0ZkW+uUBPO}mnmG%Asu<J`kl7t|jbymIQnTsP}1$V4TKOrFsfcg;m0zXmZ^
z(a3JW`R{bNMML-9=I^ymhfA;Dc68tM-(MG0pLiV(6DzCX|0D>$fQ)L==e%R~N&Cen
z4BuskUMvgLl})w@S29HW-u@&Q@XaRvmRLE&T3YK3eLPM{z5GemeRaPfh#TLk-(xHu
zwccLj`F9DV$mqtkUC2`s6laqrNU7a5=Z)vtKux&i7*y^(%k8-2@ZfWrw2nS&<*j9I
zqdzN>nOC!Hty1dlmq=VlwU{<;y1`{GSub_xX!<-Mrv7G$k!-`!pqXFHqno=%PFZ)@
z2#$0PANNZluPtU;ZD;C?*dN)-c2Bq1_Hf>t6IH<{7v*!U`fYGORIZr=qeDJcGiAvp
z8b!l7w+Ga7)rwj5xK!a~xB8->8>Sm_T*%vmZ_(Kli2#3FBk*^8TmQp;6`md`w|m<X
zk#^f+uJn{7sxKS=VYk=;U^mheU3$B5C_rk~D#@7ykT(>}89$Sw8~mbCB^g1bHSokP
zNAVG72KYIfP_qn_pR6k&g}{Q7R%4&Cc<ZyJS-u-lQj;Inz{B;)Dsu{Og~p)|;gxr9
z9n9dw*9=fw9cLGFTT`<9e0P0!yPFH5zx&<Kvjk4Ox|q^;rAu0-Ni|O^#m~AAD3&LS
z&h_6!{by<T-8(z}oSzuahcyG?mYIN%nHOsYY5WT`&K?f+CpesfcrKP%zIi_ICBoCs
zZz#0Iv9^$cquzE!$5y7F*n_b7RrT(RC}qmuCC3cmKt+UnIwLiehklt5noa^K72m8R
z$wd@5+gDOjbcCaEvJtWQMngeVkWjTEIn&vsn#5IX^!8aF{sRbD4Qj;HB{-fOzP(l9
zCv)`igk?}S<R*n3opGj5ddNVlQXhymmIy+t&?jzY@WhMe85d{&fCcBBNmxrhGiQm+
z{@H`(#CT!JN<+8%stWtl^aUCW6>DUDvg5Bm44J%@rE-2BWF^#>NyDk~d|<H00BY0!
z*eu~f0y0WiOrXJ$V+Hp~OK0$v=;1QvMR~2VFzQmU`KF2ylPY=<428Wtvp>PDD25=1
zi1RgE#I;LC=9TKZET7n9QTRLgB_$-fTHu%e3BrXi0{qQ%uohX>;|}@CQ$ewN4@;;a
z4$5pUh&M6j-A%l3Wf`d860ZtNv$CS!d%voz`QpqI{Om6?J&#2xQg~=t6XzRF(h77F
z0Xpoq%RN>t5tIIP{RvPIY|l5Nc;D=<?!W8PL|M9uZpL3q40oG?>z-vL#UK5t_~c+R
zYsA)J*s72G=J5&d^3~rYlE^P!p)`-4NR#;DJnRJXDY$dIBF=io#$uWCMlQ-oLR;3%
zplF}+V6<A!^ed|^Z5ei&ZYb;f>lePMDF4Q7KQZe~=AeC8<hRD^=R5lMf1NRCp=4P3
zZ5e(wJ4Z7Bb9u4I$L<w`8zl)aolU;K+$(T5`XKT%^PK$7$NY_)kEofz{vWr!(}XYv
zLU&sK=tSt5KZZxKdNKQD<03AVv<NS93xI1%crx%eG4oh{?|jse+9;)Y=#0ube+Bv@
zHE{y?n}YCnZW92r+7Gi+Iyv(Yw|7b&Mr1>c;~r#JK8T8x37>ortF2G6(7z@o6XPSD
z82LbB7nzQf2~UyXQ}52|Oc83WOTStta8o8*?18P9O!TsTtScmo>w!drv{ZF>W@ood
zNS$n%K5HEieknD{i%dL%r~8nTf*|2Xuq$TL%qxfK3EHVRw^UU>8S$kIHMi80*LzO2
zb{}0#F&;|!Ee?;zoh?ausJnr<U6prT9PM8MC(D55wY7RIvvR#UQtY%^y;U<d(lnP+
zt2*m#8S=G}auy`H$Aa~hg7O6QM;DHvZIx+{k&o=R<r@Y2JB#XV=2&ob03S`R>yCV7
zOTY1c-}CH8U2?`=I>z2cat`kvJ<%R;vNGv7GI~*I+*Fxn<(&R$fvkQE*IYFTkIo1?
zP7m+MxW;c9sXiDEq^bdfVQw%k3dsxs^NQ|&29|H`1cc(?_H`+eq|`7PS>X_8pp&ew
z1$Uau*Aqn}5YK5tcLL621X1(Z5xGou9ZKjUrCdU%xnJkbRRp<6tIm>Sepfq(Aq<wu
znXlw4xTDzgDAU-Ggqs^oOoQ0-52d(eSl}w5xRcY#>GREq%?=3Ji}X!3GxaQM$%gDe
z&i&db1f@?CZkNd=Kb);KeABA(sVE{5S1B<E&*M++&m1n@?)^BKtUEOP#f&74S37(Q
zKYusVm6UPa3;`yAl!dZV&!*naWX*L(8Rgs`yoPx7tb;X`R^N~rJC~1qHBzjApoo!7
zC>R=#WvLO1y%x0fd+HY%;Ud3skHd})5<F3cpL__O*S6q@=C19_gwjPt3`RxvMR8fy
z*@V$gEx17iggh~4xY~-T!J3*d1lL<C8RMyn0!A_jEWUH_N%h<8nS4*Qv=*&sIe1lY
zNe09gS8&}Tw-TW*1As8&dlKXO>f_&x#=qN-|M0UpMQwe1J@uUt+Xu>MDZ&y=06t}t
z<abA1@!A0wSQ53cc34>4Zbr~98+ndofXz)+%N6TIWayI;=R_Yw%X}?EXkY*gkizkU
zfo7S&@J?__PH?e+6+1{^3c$^Bfj43NFT*-`Vx*8do<KC8P)X+8Fi%d+V5)ORc~v<R
zVDX0;kuugS{)~4-h79s)Hc)Wipxm4R(G5y<nXi>~hsd+bXE6v01VwdG5|qMvBBr%4
zYeKX10#nc-Q(_1nx;s%yfyc+$fjIM{mf(q6>3pguV6>ErS`<k#BZtT<=u>WOB^@r7
zX83yY{15@OYdf0Ff)xi$oLN=#RMm>d-z`~_`B@U<hL}eg2_<&>bu8B~87A0MQKg~-
z$96MDY+E7Evt>@G2iaQbOl!)poVDu7qC!j)8gEov<kF_4Qpc@cv)ke-e_Vnml3-un
zWjijxFT5^s9Ln&yc3z$ioqosp!p}N~9|U$5Kh#e%EYFMEmohp$57J6`vz4K&-<QKb
zi+J{0B6Jk;F#~s4MA>Ia(t^)TBYh9yXC(RDhv57Az{!%-K)Pg@!${7dBd3DBySoHa
zIs{@;j?l*d*to`p=bE{3=Pd3z`M%B%+(1YDmm0qdkEf)25*?|(SweUJy>Y6;QpTk_
zn9w@-<(fC-n3*SLBVDZs)Dp*C<MOy3hYXq_Di4u6<2=*(TI5A$K}_o-p0|*Am^@98
zOd~0i$g#WdBoaIrbJ3qcZc)7Gi-mUt!L4YsKjbp*uw&e584d&lbk6183o|fPDHm}&
zgzJqv`9V}8qBcQs0Soj_ARgwa);pNb37q67IFK>Pr%B`y-Sn$;x6!<G6Ei|oa`N@H
z<j`GsP@L9G9ZP&&hV>tyN<pFWGri_nCQ-KhP-WUUGBd1xuKV@e8^Kbhv@<KK3}9+U
zHjx0xq3<NF!psn<MS1Vm^W6C3Aj;R$JKdB$mogBd=@-f~*KWcS8Fp%uv-#RuXw>U0
zvlfx%)T#u;dAE-D4vmX{-Y?~;K9m5SH@uns1NV}F%F~knTF-uJO;*E_cVDnvRyo1R
zpB8xtzea+&m)O}cSb``S5Jik>?)hVl=i4~#N1wI9CGQXQp*3re=$ZGm{R)THZofiX
ze#v&!_b;^%!{p~U9NNI1bs0%!E}@tOkz261lBJ|NxM!Ugi~r1ta~<p)jXA{E==A&N
z=O!~spgGn~-1lU8#t=&}t@Y13Pn@p|*+|6>IYqs7wW@oknoee(K1}&%M3R#6Q97rU
zXx1_J!>i+_=1<*^e|O*W#J1+zWh$;O=Xa8EL2RESSGl}acK@uT{)YQMo5)1yS4!Rj
ze-Y8XhcNfRW?@Kzb92jCo~Cx`6|0&j{;tfvU@_BzoZR?e&#|Po0cj9kD<Z5KTDE4#
zIh*lu`)-+}(EKwgu#^tCdp-h0NVb*&>e>*zgpY_Pt=Qcar`YwtFvdOIoKhG5jD#i^
zP416$nA8R!b-3oPMD|!*5Bux?m~;J&>S+E8gkNl{Y*a-+`g+{0z&Ee+UaTeucOV43
zCUZs8lYlf1ASnDV{32f<53s=jq$MqNMmaX#xc<iXd;k-sHu{WQu3r8r=cK>!y{6m-
zgww--fL|<0=Yk?n1||Q7hu}6+Ygx$Yi1d38_r*wF?t!38)sh3d3j-Tvnm)mrIpY?~
zx1aM}hY^y988<mLJOikSCYyx;DFlsA-UAJDwutevO_>{)w$lR3XD{uoZ5EMy!E>@X
z{31wt1_d-%b1o=(hn(024?BOkIzJOk+A5vYWKvjpshd*V4SBD&8V@e>?`#z<@lVxf
z3LOOp$OhH^T}ukO+^@9Raqn}$qzo9B{A}#9|6<*2+s4cF?NIiRA~S?*TPA_=&}6Zw
zFY)t0;^)EikeQa6*_LgYYoVVvK99A32@1Ob7PV*QAWrmf2uyPXJw116Hvck)pg3#b
zmPh|A<Etpqv$>GI^Mv5n5h0#a;-Co@@~vd4I=RV#PxegI%+7ox63KV@MwVd5_Fm5^
za>vq2-p<c~FCxiSjAn#Wurp0GBWZ4D=O8TPFvB(PGAq5I{<38rkn;VYss1kf^*Ou4
z*xk+b4CTFx+595^^usSR1yPLf9TO1q{8$$M*TV}!*gIK}+df|f_foxy@W2S?zad2%
z1qHQ;$veKS4_T53UkcA}gf(YkGVT{fD3)pw$-<8dE56K!?JeBfNs=jf@ncq|XNU6N
zUJ_<!XK~Lm4ROk}eE-~NF@Gd%W&a@dt3>!7Q<B+msyS17>DA+4mL%$ap$TYbF{0Ye
z?WEW)*9kx@NfGDHef&N|_30N$Cj3#db9N>~<G<Zta*muS$aU^(>iM8+j3(_56`W`>
z(eWtQ6Llf_k{&#IjPHBt!?A3l^#{Hij?U3qp23B)dn~a6+8Ye842h!#a?+;}I~c9&
zq}Us}TeSDx=I3R7J=T`4%>HMAKKe0^@C_4YhJtM@DL*=Nb7sHc$KijMO2;yle>Q!T
z%sKxx#tVILLOP3`<8yW$(OHE%E-p4e4{o=V6KJ}Tgw4o6jPK<JO{?&M=|Cgn;7y7)
zEbgNx{7O0B_at29S;W_Dey&VT?vGR!rbBpaX#CHA)y{($bUw4YH@*7%EkAf@rIeUr
z^;78*T_E7#AUWe}iZaFbaX6R&qVi%$jr+x6KW{Z>1lj~i_Rj6ur;055f*CP+bTFtc
zHhR6}4B{}{^jDcuTu<-VEpnz%WQXD=%b)aUr`rez5?l6HQgNafD`xzfo=EoRl1Bcc
zdr6J=pMK!=yt<)un51=-_5e}w2OKb0bmajHemC6wL8jmM@8W~kwut!K0U{1&8OkaF
z6(@k!E1{P^ey<L{_VmQhxny_g1m3y_c~gp+cOGXtVr^5Fu4l}}$DAv_&O|@)Jbt5k
ztX#42DgS!y{o@F|4-<k#ou|3oaWLl8EyTNUKa32CTd#aZ@7-gq-)~gY&(S!IPJVlX
z{`to|^L_huDE?=_QEG+~ivn)vaQG*LYCj!#Jx7$Uw=G4FFK#_){V5avU7xhwf-oUw
zouOQ#?WLgTKrbisAgfbeX4iHjO|j#CJb-{fuilgk+Qs&y)zA<GJ2`t{6C`>)*^7<`
z*lV!Rjgm?pAq31&P*^Oovd480f$8}1RdTdMHE=RFe%<PInf8_a?agn}g!^wbp~b@m
z;ADdV0^hbi$>6M=)dSn|ElDs4CWJ83!efWZ8~-(r>MtE^+xsRUgejTrRH`ti77rmx
z67)(qjsPS1U`%Bpq*F`*QqKV0tWQX}vL=9x&#Kf5w`dCarMgZvR7pzK36m3l>{;?c
zv5{b#-Vn9__FFIBxHXEgUt?Q%<?-e_D~B3G94*@ImL$T=d3V|db4z?cLcNqg?B>zp
zkZuZ_y?O3Kl<KGI(LZMoclAzt!Uj}b8y^}Wu=vMke;!@<Rb8qonRn`?2P|uNVK!}z
z_bY20M&mqfZPvw>#*?OX5K;w(B(7GCp84kd@gmeCZU2N9Lf^E6Z<<#^%q-i%7$vb?
zA%4$VtNBnY_haD|0TeV>(?Mq7Eigt3&s$2?JHYr76ehRD^W<PNksNwD!i*|X=V4C~
zPq@lHulA>EryQp4-ym@Z*~Xx%aS=2BB|Z+3lW7-BNri{CS@wBqZWxunE9K?!TW3yQ
zC}||)waryEV3t*@;2Ib45Wwa{J0h4O%h)zNFJCL;Yok>ldgrd}A}XUhJ*Z!wuKqhn
zJV^HC9Hc;rVlai4g+iUPqfXYlRK|2T{;-r&@b;0ucMW;A!Ai|F_GVtSb$^fDg;4F{
z%3XzKqpAWvzigGi-+hNU9$4wqpVU0;=ZXr?yMq$W8H%dc@1%dLQ~G2-#R0P6pMK++
z{NB|92;r$tHW42fo-U)T2`DtPehqH$kD{H}uuq9=Be#5%<N3m+c#LnX>T|w?R(?=M
zOnJKG8sf-Qm^d6r3I5d6Y{awGa*<K=SLQ}P$L93iIb(s)R%ITLTlAz42u~Tbe|~h8
zmV-Q7F5O!!dTqtthQ>2Ykrq$egYbFLB2M%k_J#^p=DM}a+Lx-1!9$82?!3}#r5cWY
zuD4}7^Ks}&FYB4FxtK}2W^c1F7Sn<6Q(1%jG5#Eo>@A~;>RAtkV4=Pk%@V)em=n9X
zZU=8axQ^Xav!~p>`${oxm;O%Wx3~?TbV={i4+r^Slu77ucE|FIS95^@c22om;sXgd
zj*?*Czmo#|(SQGYE0L3U&7jYyhfBYXn-s<tNPWWc*>bLEVCc!u#wTB<g}S7Bx}JFo
ztmNsTeld-zxbS4PDrKgP=-9PH@J6*MAZC_w)yP%=q>8D(6^iC~e~nd}Z#Q+XxFB{z
z&1)xi@Y&A@g6iIl+}(N~4e+}P{#y&4%zJS9#+Pn^_AL5B*n{lgOv!ZAs>hT9PJe%R
zEQPi2^~UUAS8WU}(*ShxiZEQI9+v|YYu%jXku1n{p<<4|o%(JPo1$R9!uRsOa@htI
zVen1M(+^*L<dC0x8b$3s?ZNL3BhQ=@pDdI*1r@a|!{^mg({-DIW`+}2(e}|F;rui_
zH?5<m@XHcreP|FC377;nm^wlPdDWJ7Q{ghALQIAz%eA2)!&Y%txHGk1TcfO(y*a;$
zIXWyN`Q#r@80gt^LLK>m-0#i`t~ms_DEnJ5@2$qd^|@Y-S<c}Fl@%3F9!6cCe*Wz?
z(hV+D&9C;l+)MA00Zo*X$|}9c33WODakRgJq@8%3M1gD)osFe(BHKghlIu$eiMGE_
z;i1BIaB;g@2}P$|HJTBOp#4THWP<%tBKzI5W~r*@3(30F?z^s*rQvmWg{XTs@;4Pm
z)UF$9)c1AE3(dilPm`O26+hl1k_I`9BJy<)?Q(!NVYNPUfSbCnt8~$TkLO5rZ;x>D
z6UKP^JpMw?J(RF!+=z~*MPGi`ewDGP3@E>F@*ze}o(@P<I(DYX8CBHm?Pf5~#MSjD
zDSh*+?MPQsBhXVdDK+};8;1v894@=oIhKE<Dsu}FxA0=#!ZnxRje<Oht&Pydpik82
zJ%AIQ(?W_$(oILgV-&=Y?zBPIwi2>iox-(`s{QKObT01E;-(Fs;1i@vY>9I#m<0FF
zo{F`|2t*njc~-&a!-F|$Tp<ue7;sr8oq*c=$Pzlier_tSn=1`Ol-Wc1ZWiXQN-UxI
zE|WDv3<19H(fBwlNuGFt+#K7>=i=OhJHX6$iTH@vgnp?-_MNm5jIHn1SSF_K^N*CX
zpq)kWr<y=6?{z@Rl9ZiS_0%54^DBHdx_Ay?p~@q~Hy4!PD8t31lW@-=yr0R2r!_e(
zOk90LA~Bi4r;DF`Ii7vVv{vBiPi+vXFvjqEnR7mGp8083**#Id{%w-T;e`4G=;9f*
zR)x9t2tSf*Z!cob(1*J~<K}w{Q+{YsvZ~2{B4*zHN#VI;!Z~nm1#_q}LyVQ1<_GB^
zh81LQdpXtlp88y8w7|6sl?kusokBn?IdG3!`$hlR-XnPjey*``dYy5V7qKMmsV~)^
zi2x~$Bw?_*qISmm+nc@W8>W8Zj{xqAE+n4a-wHlDnUeg#@`hmJ+LgL0!OcU*niY!X
z=Vl31)=Kn)@`Ft()mNTpF1`Li3Va1af^QNAQevtCnP7z_<eIU)BAqi!?iGIa>68X|
zeaVV%Y2K#|lOFCxFYsN^di&y{W<-K7<g(vg*{A^X&Owl)Oxtf4+x+x6-cUSw;|_3U
zcW3xg1Ur$GD)KarMPW{*AaA8=;6O>ND^>LsPNG-+iuW-5`p4XOC7siKc(~&g<lZgm
zRrLCzy;A-JRA~44r*q+8*-F>3t4YVfqUh{RgqO?|P7JQ_-zn|7?#Mg$>qIDc<kMlR
z7)ZN;a96zcT<>}0L%#A<Q#exZ(mxe?NmN6j6s+B(zt!mZivN(*=SaH})p;?WpNcrU
zbpJ0o5%prb$N$?hv?Y0P%LF<7*FwFiP^0T9(?H<M24q&=o!Iq(!#Ejz%%iPjS}AnT
zIS@S}Pr9D>Gi@0O|BIA4)X)3xBFDugyeYrxc-UC@`)^)O-SQq2nzW3r-I|xDm%n_6
z-E#Jh`)@C0;fW8~w-qAT`r)QrW(50n9)ssB?{&UD49xwU`~t1)a&FJ~!^n#K&Ua&T
z4v^VmmC6vXErjn?IZ|Q&Y+A}cZ8oSw>Pgah52hF&PQ0H-%}$8|+JK>^pWz(uhmB^>
z-;(#s)mbfvl39Ns#NG72H^b3G`s%w7Ei;JvM$dF9SqYP>?$)cd1d(y>-j#Ia2zn1{
zFO${k73KlY{o)h6-mMpR3S_o)bb;F9!dzlG#|sKtsy)_6AM?+tkl3#$3m^7m6NLLO
zq^gH}<ns~LiY`+ofd!%6{JQR78Y%r9_LIgG&+gKc%LV@FVTBjvN1LoI0v~fa?)#1Q
z^8Wzc6Ge*Wc5^4*Lw<k9Lj{S6RgU|6%;k}INFO%vM#5HNl8%*<9%51fl~Q5L;thj5
zGT3XQLRM76BY{&VrE*X1eB{?HoP{oP)9CQT#ZQuS#44RTxBIDL8ILo7`d+F0R}2TM
z!f}YJaEY_m;aP72f+QdAV~Ff-*{?nN6laA<(V}dRnOwb?C2jf3vA(blNb8(FIu|&T
z53r@JC=Tc=O}^)LuKG&xJbuCK;RksJGAd*}s%U;ICpkV$KCI9aG&*~aTW6$F_dNC-
zN6xvc3`g7>*xxEa*s6RZSU=_c()$&C19mPkzr}Kp#`n91wjxHIT<36=3j4S9J*w|X
z`1w<N`OkE#$E}(wxtaC!DI9XB_Ce1|RG#1QJ2UOAQMuaVC(*nMIeti2ulBM^k>C{V
z2GsEo6y2JGWX}PdIEJXA@K)3Mi06F@UTaoqbb#1nNz`}fO0ye)N^7mzr31Q*KAE69
z%kM-99_bbyCc24$g{0(JO=}T#z=~*akppiX39<ic2+3TtOv8&D_o8$pt<?dpkTpHZ
znq~ExcUPao?5br6v)g(M%Ikc=t#ifA$Hd(uz1NS7v%lpr;x|Q1_8dv`y5nzsC)tlH
zz$&iBN}aCYCgrbMD^Svnk_d3w=?gr_cgwFenB<f?gn@Gnh8v|W_ds>EB)LjJr=J^z
z+(~wtU)KXZg`Qhis9y8CCFvOXAnd>>B3&v{DW7nT9q094fMmFa|MX>aRgVZhL8@`q
zT(k2C^if*(?}3I5^u^0b`5&w)Y)g?Yt=nI!wW^kW(I~Ci{$PUrREX8dgiCn|Jy0%a
zV2FW~RnVG4k5t@ZAcPQrsPl(}_#;pcytRX@@Ef&RwP}3D!I6VH5+Y!u9?O8bbWL_K
zY;E{o!w^B{x{uE%6c&^<))%k3p2f8p8VQk3leALbOic+$o2`p`w{Zn;P`n3d&lMG%
zvosR}CvlL9xE=<?)&z{vfkSEElp3EABSestcVzOF9wS6aw;nddl>@jqnU<^lI^t5W
z4RP}dHC6o_i-H8iDnB?l%@6m_q&f|%@sO(xsILu^dk`yE>nc~HnHuP`nJc*U75YZ#
zx;uYv?+^X0i)pJ!D^kOlT;ptg<Dy*CdVSL(y-rX%@6J|*?Z$7NUj78UI?k~5KRMTs
zAXE1GL6H0vY<<3{pk+w1me<{ub=Z@8H=fiAv<9TNwhSqvPC-WXwT}(jO|~8nKu=HW
zi$pU6QpQq}CJirkL0?z|zHl{pTJ-*DQ7uhyLipd0mTIt8>!nVyzV<CB7ryrL)jC&L
zV0gZ?)45Im?MKE3kMjOL;(TqW%SB=rzT9$hTVEo?`n#lS{iYrRVsE10KWUiQS?A}x
zZSE5i$@gAOK@Q|BuZFD|%HQr3+_d6(7}l~)Gzsw^3gMg#8Mt*)mh$;TUwOBj{O~QA
zklAj9l4MUVMJxW$(IUBuzYUW;Mjc2?`Z;%QBZwCD@;G>P-1Q+zdky9GU^ZWJl#gZd
zuiu=K;_uhJLVowys|~c{M(59eu^Pn_d!%wB_3!+JaPfq`7b|~r?(!nIe~!anbaV-h
zXBwQ9F&qkz`8Wdg-VeTiRVJ6K);YF@6506Pr0MB-rTa_bQZgUyM!R*aQkN_g=fn(s
zo9dj?@qs;Q_cbNOyaKYDg8EyOUUu$qy00ptu>b725=*J8y7h*MVVv*3z+{ze?8AOv
zn4e++$!w&q{@UOs=<k**AJslSYEu5){`hy-SNUCF-=pDR7W(smLk|x=2Dx$foz%cU
z#{c>XmjIx<0NZl_#ULS^Nf31+BplCrSO&Ghu{hCKJaOZ?sgGyFX%-tgJUxE{`g!nR
z?bcom{@&}_eu^@^8oRxk|706cJU0*DYrd`3#c+6q;i;jpat(da5QyGC&C7`S<;w<G
z-O5l;xK{+KUz`vwnprtHPh4E4ac<JsufLyC0i0J)X}P7UV|wZT%^=&cTF0r%Lm;%5
zie*s5sfNtY77=r{&GMjLVRewX7>QjSBuGk8K8CPf`l!4C=Cnyu%H8YxVW@WqmdF)F
zKY_BScMH?~|MWCZjzpOH8;TAseKP+jTAQLQoN5(UA(PsxHI$~DCMvjHCb)2l_j@ud
zikL&+Kkpn#d<~H;OXi&e%tw4g9f<<xt9fj@1-w$sM<Nx3p8UBK^0EsoRhBGgBccAd
znH`}fMd4Qc3YDBvQ2ZKt)YWZ$T}|r*_^5MF18%J8yRCWqo5ua9m$l3%+Cpk)lOCOY
zsirWf);gx9Yoj`MzFGCt6FsMNU5NZS=C@T?>q8E8{ftI^Avx_O6_}p7k!h=ujk>W@
ztFfoLNnoo<xVov+F6=o-9|AefS2w@iYJOkc;z6s$V|B}?t(GspTNp+djH_F}X|?{K
ze*RPI`LF6WKU-~>>I8Tj0j+W2MB9Z^8n)7Hw#piIr`zoGe%MHC-0NuAFlckQLb2Z&
zRsiUiJ=&appLcu(O+2|7a7RC7R{nGe=tQ)X>a?GT^C!<peG%dhr#EfOX)(o`HTIDZ
zZ!pOojCYs?C4osr=ho~df9R!=Jkfy9LYpr)n}?bbfcokd)r|s}Kp$AMuq(h(Pg3lA
zOkAXfZb*!iUVHE-bHCGcAIqA{;D1B{@(TZP$+yN=u=a9qtV7X3@YnWoqjn$k;}>!V
zKFgY_>aiDR+b@lSL*yTZeQS@(f&1zyh#hLUv~NUzZVPyHfRa%Pz2+Zz;`AN4*kHZW
z@t!7oJ)!qg{Oz(O#UwWUZ?E-e`V+@Uewypn$b&3R`o~+RlLj+)iX?s6f|JmPzungC
z&nYEKccdt5rJn9c)zeDuZB4V$B0F`EpFz`}jmw*Pn_lV2NYcto(t>!!rOS`W&*9@2
zNE)}}mdoO@A8X~D&C9v*G<z^Er%EfYw<C}HRqjs?ZYqFXWkRu3fV(3s?`ucT_qgSE
zhH&+G$~Y9O9uN2GT|IfG=$lsl?~eZkumw;0ls`F4M0t}Jd6nz<mFtO;FF6xzd6!E$
z6WoK5i}{$_Ntv5Dn$v=svpG$~>+hODzUl;m(*&hj25oWzH$)~q{4RJ{`J0n@mdD60
z?1DS+#66t3lcPYBqX3oPIajNtZ1%)}?gZC%dQMpOEYQQA&Vuf;2%;xCoG&_zu)-Rw
zfgU)zPTT{fOL+%adQNnufYxM_;-{hiIh1ncOSCIl|AV_WZcMOgP2MCo)a2C)ddfC{
z)w1bL{_ZT)0i0S!s;fGT#JNnk!#CW+J$wVXi#xeLI=FuWx}X31Kajhtzxu1k`lHhX
zHq`p9UwTdGx`}Rj2yC~sTP0*NWw8G{GMwnbnx((HsCH83imvD^v?x<bDVpLbRhso{
z>bGmcsAOzAx3h@1!^AGUy1K)=J1oPix4}QWJ1hKy9=!U>!#m8wydEsWOwfY8qW~@F
z#8!uZoXX~I4m(!Psem%(k%j<bR%f1mdX-i+X3hYgHmO(se4cU#$9H^qeEdt?11qqC
zJ81pZ--A1B{Vufo*3<klZ2dQ+JS(((%<BQy&qTf3`mN`DzT+lszNq33{hQvV;R-0v
zrzqBzrP6P@RTgiHz9@E1EYN;O)m!~{U_E%eJFLGwz1RObkXt^!%Y?rF!_VucR_eW>
z4*=F4X<@>|cGK;WB0ggZepN!f;yeAJySd{(KC8dT+Eac_#Qog=gUwfZ=F_BLCg_vu
zCSlIzR$BI0Lg`fwcc5|tBJ?FaaKqu>re-#2lA37iGpORH<#oO*W;FinV+Q1Zhn>&5
zq~knH^!~liM8T`&k<P$PrX`?mEp;X~R|cwU@-E{7YIVv)Uv4Ep%s}?<AGZ(#W^gg{
zPawe%1d+`kh$uvZ8T1Hd)VPsjMjNj>h7>uHWJ!}JQKnS6l4VPmE??PrIa4E(4mSa9
zq=n)p6PiDP2G#gcXi=j_ktS7oGUif~_ilE`$&vq7RBTSMA|;xYYgeydjWz|l5fBqv
zB55(1I+iWUt!?4PmCIG^T)TJOg2cO*Z{L!2{RY1KR&Zg%aRDDz?3M6h$B&UFhCJD5
zW6GB?r<9zTGfT^zL5JQPn)JxerBOp3otpK()2(3#ULBkCYudN%&c@Bz_HN%}bswIk
z(F{f|L5sKKh9m?%PBSiIEZX~bb-FS!n;CGNV1wZUf_mQw-ed?f-x19+vv9gz>+gYM
zzY9!dgF58@iO0{0%fNrb|Di`Z0Fg0+lZ?1AP`r$08DN&-hC>D!dS>AQzy@bQrVj4}
zl<pr+4y1`X_(%*(KD!DiKnqe#LZ*R#2Jrt+KZg>sFTa6ic!--9H{>G6e~=jf2_zgO
zZoA_Ks3@T&U(`+^BDvu2I2VV+&!rJd%<`w;zA8X~FI8kwBqSE{vAgg7d$Az!$jpyN
zB=VE40c1j`<IM3gDpI3a=7f<TJ_+LDxH^NvQp-bInhh2gNNCj2M<I<=(n%xr^2<xZ
z>_|v1h`bX#PV@XQ1Wtym0|`zV3_;a7^;|Gig78D60ac46572)Eg^`;=-9yyZpk}kf
z(o2ag*4Sf_P1e{7v}k4{P8txDivbRtv5tpe?M@&%U*yJ07y)!O+i_tGamF+QMbf{Y
z4E@zzlDPD0SOJ)Iwxb#BB*=`1X7tl`xP7}*a{x6%fb*X^B9e#`J@W(*zXlLFxYj?_
z%+*X>MeOz6jaQ1dD=+IM30r~;VrU?2p-nO)Gq}r@pcxvl2&03bTbG~>9~v3jXdA*d
zB7NE8B4&eMYM0}q3G$dLJM2YzD2<(tx+A5f2FvKGf2A7huCCttP_4bjs_U>z1e<K7
z#y<N!v(-K-?Y4ho8*ZWAo*TDUN_a)@z4`9j@4o>LT=2mOFWm6M5l=kvyzNFh8yg^x
fT=K~&uiWy>G0$A{%{lMf^Up!IA)CgJ4hR4{3uUAO

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-icon-checkbox.gif b/windows/keep-secure/images/wfas-icon-checkbox.gif
new file mode 100644
index 0000000000000000000000000000000000000000..5c7dfb0ebcd914f6210f28586eff8c84bedc97e1
GIT binary patch
literal 70
zcmZ?wbhEHb<YM4rn8*MEOiWCF|Ni~||G(l-7DfgJW(FOQC`g`xN!+EO((rBVJ?Bdo
Ut@5r4apv&M-=e}5z`$S)0E@sAdjJ3c

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfas-implement.gif b/windows/keep-secure/images/wfas-implement.gif
new file mode 100644
index 0000000000000000000000000000000000000000..5a90b2fb9763e929bc29a82ab94905f5edac6f32
GIT binary patch
literal 37159
zcmV(~K+nHNNk%w1VJHHm0&oBTEC2ui04M^a0*3$q02CY~Bpd)792_JhBrGf}05F*(
zFg!dk001<ZFfcF#G?@f6od`Ug3_P6>Je>?cp*%c1FhEdHKmZU#p%6r+6hx&MM4=c&
zr5H$|7)Yf=L_{1&p&U%ANJvOHOkp5QrD03}Bv7FwP^utRvQSV^ELEx~S+Xoys#R50
zFj=lFU9tdi!Yp03L|t_-U9L1;s&!oe1Zn>`U9vP`vN&O~JYlXpVX`!3x?y2q5N-cF
zWwJnJsz7D3P-%r_Wo3nF07PlBIBmX2X{tPJzEx?JJZ-{2ZMqnB|441NJaNKIZLWc3
zOl@s#AbI~lb;eb3szi0dB!$XZb(JK2|8a3~P<6VMbpR}V|8;eBU3so~d3jlVzFB?3
zOo7f_eZFCVp*V&A44wa>fdGAdeLRuQ&SfxFh0>*YIL>J_X@$B#mC`_s|6z&Bg@uJg
zk@jhgvUQ2FvW)<ViHTj2+HsA>P?i6Ejj~Xk){TvgagoY(k;ZwEzS?~#)_pW_nZ8+}
z*4lwIzL@}Jo!*s|m2I8keVNXMnZkjY&S9bdVXE4hnVET^&f<+Ajh(jIiB)l>=FXu2
z@{J6Qq0*tDp>eAJ=9w6crP6h>-hr;#|Cs>Vt^j?q>XoY2d9wd~w%-4p2+E~#rLMZJ
zuC9f;;-Rw2owC-Qvf7Ed=7qZQg}&m2y88d6AhNQu=DGm#vJ9cN+Ks~Ewzjs7zW<HF
z`jx`wrMl*k!t%Phx{1dB^1=ZBvN->;K$*h-zP`TZvYG$3OrggAp~~v6#^S!h&Y8~t
zzQ)r3&H%>7#+lat|H5Ie&j0_yZNARt!p`Q-&d#>d|Gv`ds^0(q&V9bx?#kBc?#{aZ
z(v8C2|JvHx#^UnQ-tNxg^8ebM&f@>_+Ro1A^8enY|K6_N=JM9+_TJ|9=H}+s>i^p6
z_V(i1-s=DV=DyzU_U7vL|LVr#?*I1c=H~MH=JNmQ^7iWT|MK$k?(+Zt^4{|H`ttVw
z|Mu$g`v3O&|N8p>|Nr*?|NjX80RIUbNU)&6g9sBUT*$DY!-o(fN}RaR+OLZkGiuz(
zv7^V2AVZ2A*)bi(lPFWFT*<Pf%a<@?%A844rWs2(bL!m5v!~CWK!XY$O0;LAM>Ufw
zUCOkn)2C3QJ~eZ!s@1DlvufSSwX4^!V8d#Cg;c89vuM+*UCS0NRk3j6%AHF$E7`Vq
z^XlEpx3AQ<bps0?O!uze!-x|rUVIoZ;m438TQ$tMvgON|GplqgxwB`vlr@VUO}eyV
z&Yx4O-WuAp>({VjFGan&_UhKMbL-yCn;~u6z&qpaO}w~q)4zi&Cp`SP^XJh0CSOjy
zaM|eCvujT~eXuTF)#XP2sye=F^X=%<t8Y0y#FeU75Lgv(Y(jaiK!7|Jz@L94`j7z#
zAXn$DXW)SdDm2{~6I3;U0InPpiF{bO5}{QV=4aI=7kbs<RRY}Cm4#r5D4<sbCaB_y
z>vabp0x^tnjE43dBR~iU2oOV6IOeFID+mM`!ZBkEX=8*jT(L=z2pBn^iB;(+K!Z#+
z7=ny~P>8@LKrm_KiRN9$;+SNn*WH$zgdoU}TONbJcp)C+3VjS#MdN$*jR7Q)2)u`Y
zD?schCsqP5`JRAyy2s-fMIIA^0GqgZ40u)jX=9Wqidp8SoF3O*l2^zm--~e0SD$_}
z>Ib2n`u%C2eDcZvp`##K2{1+^k$?xLjT7{W01$g3Fh&fK4CzV;55~DGYnpcI?6a|T
zm*oTzP9R5vZkCGa1gL7bYO0RP0jnHFZgRy06g~+ercr+ArW`x|Dk`3DUTQCa%|fg1
zzL|ArBZXbktL>#%7#V|p6W}?4jAQh9%oVmCL+hjiMhWG;AqaX*q&P<UV1%pAscpq$
z<;(BMC^z=i1V;WBX?+8~$mEY+&KKdF5%wr7p%+(-ZjkR~SyjV!7K-l3nWn7t(tY_$
z*UMLNSfXI=YDFSwCNr(|)>DP&wO}c7E%w+jIsNt7c4bZW+H9v}Hrj9>6L#Bl*S*l&
zUO{b@AQN-{m8({$t`@jhbK7nB;s4;>RR|uJry*CHOsN&gpHco*;fQC>w&GB~9BHJw
z2s>VWT<UFA2ta(hF%bVvN~we!3vxwy-<6Kxt$Sb5A(ySkg}LUybFFxiM7{`QB!cJ&
zgf6L15Q6}H+pH*`Ks-t$wtG4cg!3~_`8=%+S5M`^2!Q{q^}eee{Q6=mE=YsD3KHyi
z_0A~h!C1X7F@@g>h~(hOvtL#4_bpvqK~UE^61(8?JN7w{Uy8F)=+-2Nc+t;s-5Okd
zxRtt1^v+%cv=ahYMxV#!=Ywt<VXs2)LCYoWfiN6f1b^kH7|^O-^)sOc1(2WZ#b8dR
zk`n^|$R#HMP^yF(1mfxNR23!Oi*V|Tp%kGN!RO_SRQ17=4zJRvszlCB3>(mcXoa)x
zfeTy-lM@h<7b!r2v3OXUq8ybL!8BE6O+5PC2+f73D=^Vf(VKt=a})z?9V3B76IO%#
z2%kia@IBX>(t9SPBSS)Qj+lgC+&1~bOnS0Y5#%Iw8u-alW+#-QR1PUk$x7#-GL^tt
zWh-ad8>gKsNw2F5-!=voLG&<sUNN9&WJ$|n%En(!LLTY{v&;H*C3X2Z8d!uWoG2Re
zn!M=_3axU>3sumD52Mr-z_UC*@-2A>W8U86aFs4`lR}#)q>R*<MrvLwM&MCWA=xSa
zu^3$Ga@NGAK%?a$0qE{3{)`0C#Kku%m8V{X0>TyY6FS^2tWwc)=aYaWhe%vh038Lw
zAP-r-<k3%9V}MZPaOEU?4fLhP@z?wKBS;(JYC;o=Ui~0SDGk-HPD{dyMk^JG7!XUL
zqw3p)+%z#9J``7~>m*F4nwz&B%RW5pp)N?a(}DT)K7aaWJJV&OC7~`q?`fFimKvvQ
zxz(*P2$IHJO4Yg&R4lFIs!pGJudiBVdz2e0(Tutk)Gf7qM189>MJ83dI(9VL>=ROD
zR7jRaf}#2g0SiL_0I%vtvwxe@T#FXXHqB{vMJg7qhPYH&0rrAKJ)x|sh81G}KK8b4
zk?Ho<Xq6(x=#EC6*gnTOqrFXxqLr$eFY^;UKyfQlMG65ssad*u5jUI$be`!-hTHC9
z=9QAElVo%uh|7|-F1GcqdZPl~$f&6^x<FS=2b13Q+LtNqg{5lhd*A-jB)|Io41fJg
z;Fkb6z|}0Ug4J?h1V?7T3yv^F8tmZ5Kv=>Ueh7stOy7WJ_`{pw@Fp(|;u0HV!y-nn
zhfU044W}4xByO>ZQT*aK%J{}^tMS=ljN=T`SjU&_v5+H@hCmqk$Vg7Il9$ZnCOf$g
zeQ>grr%dH0`ymuV&ay+`@r^Ef`O9DqvzW(B<}!yu64ofQn%B%`GQ&gv%W!7QG&FIK
zINSMIbFTB9_gtnt^ZCy#@-v_ZeIP*-`q1bxG@=(B9Yr(x(Z+E!q$j-_NmKgLu(33z
zH%%H%bNbVm@ieGMjTnCbgBPsO#4dQj3{tzAF~HD-tYv+TSKAsf-I%qk^>OQ7^F<$^
zm^CkaO>Diyn%2cmHd}JNYh^ndEx^{qu%AtBsl>Y0)y}q4a?NXPds`{`0LHhurVm}4
z``qYGx4PHO?smKT-SCdLyys2tdfWTn_|CV!+0BYS-$T{Y2)MupPVj;o{NM;rxWX6C
z@P@}47!8lO#3xSiiWfZ97SFiGH_q{Zv!dU8{`WKvl<RdINEw>{AQLa9y=Re=ToWcY
z5Xx1~@;kfSKqWtU%Ez>Fe`{joIET5;Y3_5NuP5g+-#LqV9`c{RJm%|}InQfu=bIm0
z=t(Df(~Yhkq(@!pD`I-fogQ?kt4Hcfr+S>N-gT^hUF&1#dV0KmcCf2R>^3L+)y<wB
zw1-{oSw6O|yPX|>q*~V?*UrDqtqcS)Ti4ju^5bO<c<3<0+^t5>F3c?s1Vvldde-vi
zk&T{pnA;ucxrVMm;g19fUe$MgJ>j==cugdJJBycf;}bOb$iw;Zm5<KlWu5u-Y+lx#
zPtfQ?59iPOemka@HR{!)dQGr?MaSL+pN~Cz^rZUs=vn;#?o|{H(%(7P!N<<!i?5!|
zCtpSW2sZQM4D9EZUK7(_&o!>kB4B9$&%n@q#)lyHFn%i%4)#Y&lTZT;*nkfBfDjmg
z5;%bjSOgS!ff$&9H4p_0@dY;Ufgl)yA~=F1Sb`?_fkkkFD!76yXajqo5c3cOEjWWT
zh=MhEgDcnx3gHYm*n=&|11ac(LTG}{04+6e29S`1O1Okf*o02_gisiTQaFWFsDuWv
z5C-4~TDXN=*o9vBg<u$lVmO9mScY482OOXf<M04x*oJQShHz+xQ1Ar`aS9+1hj^HW
zdbo#<00O6Agpg1Sf;fnTScryrh=`boinxf3*ocGwc!dgK0KPDZlvs(Dc!`*piJG{H
zoY;w;NQt75h6yna8Ssgwc#5c)ik}z<beIsQFa)X?i?TS2wCD>%@Q2S*1A*v>yx5Dr
z_=}AQi3uTzwOEYCn2MpOhNXCn%-D>Y$cl9ci_SQW)Yyr)2#CO#joP@4j3|r<L5$TH
zj>VXaqqvOXc#g6Njjkw-=-7_Uc#XNZi`+Pm^q7s_co5*|j{4Y%<cJWYxQ_tIiRy?D
zuNaU9sfzIEEV@{a4B3#uh=m6kk)SAw{%DR8X^;bX5CwUW9GQs;*(nR@kRmyfj|h<+
z8Ib*W5dV0R0GW{nv5_pvk{`(_AxV-p$&mN|Xb|}rljxX|2C<Sn*^Vw*5HJ~(7dexg
zQj<5il-rn-1+kMxS&cqf5I`A~;W(58QIu9`kVsi3O39R9>5EQD5Ky_5%{Y|=QI%%t
zj957kTDg|`*p+1Rm0?+z-Dr|<>5OPO5Nes1#@Lnu@s@shj&eCBbjgsJzzB-Ti??tK
zb~%;<QI>-_i+d>$eQAu8u$F-N4}!^zi!hm$SePtwnDux70dN4O2?vch1yk^tcv*`P
zFaWX{0eMi2ix2_fSegHDnY6eC15f}3FaS+pm7Cd_zOV(sSpYxKiA^92lh_2qnFqhQ
z1-R*n%jt;`@R`Oq0GcS8D?*y|cmO{CAc#I70mX0&jNk)|K!|?;2B>hJj#&(-00!%M
zlaMJ8lBtTyIf-sC0B%5ulrRdGI0^#l3z=Do2a1UaYK*$co3c0x15lu&P@9vupq)sd
z=UANVXo)FM0GT-o9-y6?SOD573(gq<|LF@N%8A_Ri6nZAEsBZWsUqMxkK!qaAE25(
z@Buq|0P-oGKH#H1FrHu_o*!VIHhG`_ke{izpOc83zAy^FSpXg|i38vP!TAHg>7Tw3
z0b9BSDvFznFr{3|pcJW+7HOLU;GC5>rofp3zVHJc5SwF4i7z^(VoIe0aGl4fp_mAv
z1zL%*Spfe@2_Ar)P4Jr$Knc+Q>6-<Bo7G7PUP_xykep!Z0RRvI)j6msT8RbFp?f-s
zUizr~8JiK{oVPguiz=$B8l#suqX|-@+-RB-V47e+h>UOmiRq(*IHbi80PlI8_W7E$
z=%iNKrNh~!U^)Pw*`ERmrEE$G1)!qSx(I7}oYQKi%IJ)-=>b1*pfBnR1uzO)TA&3`
zo6_nF9+0euYONI7jDC8Fb!v$b0H#u^q5$v%iy#Z(`UA@ut}QwMwV4NQ5TH>Su#{M@
zQJSru>H!2g0GUalDFCO}ng`DLqHX}G!wI3?iHiy;k0N=a=NSN*00##k0TK`Z>xr5<
zS`0(V2muh5O3I|DXso{fz?~5~iT--ClW46yJFR&zs@z$p^E$8Nc&0y@rkE+GdrAqa
zs;SJnvrk&3hkCP`>ZSV1u<+W71i7J<Xta|Eq5k><%xbj#`mfr_olshdTcD-P%CiSM
zw#<s9R4T68nF7m6u5^2|-}<D=>8}wQqpoU+u!<nEx{V@R3<m(Se;|m9D~R(+vO|gr
zF$<P6dyK~F2Gg3eak`u>>a)~(vlKeC)taqfON$Mvw9MF_PHTx$Yo+{ZrGXl{(-^Oo
z2)bWOqKmM*v}?CIi?+x518|zKAu6q(`MJ8wyOglInR&KOy9JAo2h&Okph^jHy1Upb
zxE+g)BzXWXpqNwt5VHrMnqZ)^aL~B7Ai3iy0j-G&<C&zyI*U%)pS2kQ$*QoQi@dGt
z3(^_7MXR-_i?md!y0b_LVEUZ6NvL5f3$LrL5m2S-I=lvYx_!#E8tJumnygVO3!MA2
zcB-8_3$O+nqa4hpFDkgRYl-1Xn{vvZT8p>)ONrMCw=(LnAPKS#`2nbT03Yz4e}I}h
znhAf9vIlUhtcjy1+nVqjiN_e5vq_;+3Y-v}zdZ}7zv%%(E2h<Xo5z^C%_yb6NvhQP
zs2<wDPMe^kS^!PJ#kFg}FNwiDtExW`n+Ck6TDrRotEJx>!f88+b2`Uz8Ub$mnGX!7
zzUi;wYNvw#jHL&g0(3j3h@6>ND!km;p>Dgq@o1Nt{E$q1jt1+A7AlTjJdL58!WWvM
zZcLPL{I&W@iKDOuc~GDW%DX0NpkE81TX3LT0Hz7byHN_urc4QpdcaZIw;#I8fy$^N
zng_$VqJ(S1G>OBTJk5l7xuB`7<#^41naWwY%G&&n(43UgOwH76&EHI!0-Tlve9oq5
zyX-uTg?k`}OU{-Xzwc~{qkPY)=+63ljPYzB^W2EHFr);13rb9nneYL{aKt!i&!{L1
z%<GBG*@>Y{jrlB#%e$}E*@?A`j{Mxu#rV(b5zveXvjpt}2F;MU>ay=!kLE0kL2JJ*
z>de3YTcHqqju#z^iJAiMx`~5JiBb!lLdnf;>CKoZy*+J-vY^2~&CwcMot(JT2@B5L
zJC86+h$(H*?%TLiAOSA$p6~kyjq9=t?E(_;zANpk4c*DK__~YG1PQtYO<=B{NeRq+
zw<(~}aXr@+%D;SFi#Z*OiJS*pAfZh_%%8i<2RgC)+R>wM*tfjP+Z>IjIHyo8uMFGN
zoM^N(jftF1)tO9>FsqpBxzaFu)_>pvAHWDjs<`V}tHqEBLiz`cVAjQu)-6qsFD;8w
z`>AuhufFY}z8e8}OWd-csXvehb;_@JE8J3y#YelXwfLe^ipc!CryY8%;tIHKaNL6b
zoCiBAox+=~s+t0tT8tm<(;O?RQ*EkMDxAT2z{q)}qFSi~0H*HUrKL)xOKquLs;X65
zozknSer(?o?1>_+9wfbpi~s;TysNj(tG`Oxi|ebXi3(HjzC!E+F^k&`x!bWQwKE*2
z!%LmMONsp}wRI}IPny6fn#i&k*!uaIV5`9DI-IWh*tjXRA)KP?db4b**{GP_nYaZ3
ze!$vmw8H5N{mH)t;GB4Sv%}fsO77&(D$D}Pu~iPCpV<Tn?6448(H<GjUOCRdc-4bw
z+PrGg1)Zy4z?xIA+QopfK2W|9&e9+5(5NW2SS-`$>cKCnr4P)VDn6}$9=hTG3gfXT
z<4vlaQv9DWy0a}xw~Wl=o(t5MuHCdq<d}$}Oitc1+`HQA0p2>^G)%go?yZ*Cw!w+V
zp>E>Gn&_Q9=2gv&XfB9qK8Te|hyfr0sDKKn8QZ(w;X<0*^9bUq*uc`;1V4`GivXcP
z-nky!>~$*ZfSt~Kxz4AU$gd2s5L?q~yT#LL={I|zk{;@{$ms(ro9r&2NuJrEuEyA#
zneQI&o!X_vtGn>d;<4`NvtGlszKyqj=PNCUX04cV4%>>$s{sH8Lrm;=zShH7j5}+<
z1+KZysp=#OsBy}j%<c;iJ*^n8uE2ZZ=q%mE+N`z7!PHx&Qd*ng9;J-`{P7IDoQ}M(
zFput=PSk;E)Rou-60GVi%E6)@>K{Le&ROrrdi1b6iTWPu^UAT-{)q{m9t*CB1C7<K
znbLy@1|Q%8w^|HhEr??;_FnD2=h>QN@6vj1ipa^|bUVBT?#G!)wgmv|nhMttJooB)
zpdKLRr^x7){iv`!s0W+^)5+fIs;Wny_d@Lph=2Eruixp;^PK7PcAB95tEr%BrBSZE
z;_9t)dg`8^=~Q~hf86Rf`}v~kt&%_W2u|j6Y3B6onrscypD6gakBREurnmc~V5*&?
zun3tcqQ<|*J$uVhO8hGNwS^7*w!HkskK%nB{nj7*0bl!@jO@GrpNYEP{gv4J;7|3k
zZ<w^N{q=nN<L~|0ZkgJ?{=Ojo@V|*wj~-W#{&}wc^IwVIzy9*S{{Z1j;6PtPPW?le
zP~k#`4IMs&7*XOxiWF-=Dwa{>Mvfglegqj(<Vcbl4Ma3RP~}RNEnU8Z8B?Z9Q5+zS
z%P>>tPM$qy#`yyA)DWLVjUGi>@L)xzO`Sf4I`Lvjs#UFCEqM}R%A{Sr_N;j`=U1|2
zT>=$K)a+WeF%3qA8&~dJg;TNK#hX{8)`wi%{_Ps}Ax^-Bk)nM#)bQf9Z|OdU9ND2=
zy_GHB<?GNdW6m)JJ0#p$^h?AJ6^};U)3IdMt>sd_99wq($jl8lr%wI3VQAdAOE)~-
zTe!>Bu8kkJh;jCE<|a`N&uw$?Sm>gEGYno`dvWC5z1LOVTzu@>3~y^UteYWk^oy@A
z%-&u&_wV(O!yca>Z~2Ai<+oLDA@=_J>pg|yBM>$E>|;<e{PcscD*hDmFTt_`RA@j8
z%`z|{1UKYt!3Ia1>xd3kKruxXS7fn87hhaK1QcMTu|^vwOsGN-1CtIk>UJ!vLxesA
zvM>=zL=viYnqjg@C!d5eN-3voh8Q$Lp)yM?x2y&wExrUZOfknKvrIG3L^Dk_!Gxm6
zhT2)c06FKRvraqj#4}Gl_vEurI@=Hm1V;uXv`|C;4@ERlMHgkXQAZzj1carMq_k3~
z?$Kl#OC7Ss5Klh^HB?bYCACyjPenCVP@CDb)ry?4Ay!#urL|UDZ^boNU3cZRS6Q8L
zHCSO4!c@~?k3}|FWtU~PS!W$8_E~ACrM6mYuf_JCXtU+ETW`MwH(aK+6}Mb-&qX)g
zR>@VjU3cGwH{OcamA77d@5Q%Udh_MCUw{9tbYFl6Cb(dO;}ZB_g%@U6;e;E8IAV$8
zeRyJvFUFYLiZkZ8V~>ReMiY@m2F0I`PewUqB*Ph5WMEW=IcAwz^9Pic!<ji}op)v`
zWRgwhIcTAUX4&PTk49SNnnlJrX{Vp=IOLN5p{Ba(h*^HwYOS{>xaOw020QF~l>u68
zv#B=3Pqo)(yKT4Mh8u1}&ZZmOF6f9bZ@u>}hK?@k2Atcw`6j&Z<@^pjacc)Rym80x
zLR@jlpJn`U%P$Wp^2s+>wsOor2VHZ{M;F%fjKKIn0v|FdCUvY_-^le$4v^p@Mi>d{
z4<B~-;V#(4V}$i$ra0h(%0wqUc}q<{0Du6V51^O>qQ7c-j;z0B_m7?r$%g;{aQ-gq
zfd}A#jC7yk_`j8Bzf#YAC?Az#P^o=-MpB0(BUD@{{tu0aKS27%x4T;mFnz<5zyW-K
ziYYwL2kFxuM;KAQ^R145aJa<<i;=zmKM=2X(xcw~`j?Rh!a)MYGokTLm%sx~!3Xz~
zK>l3dJRkglgTs3v{`B_&1wIfY$ZKB^?c=%c`EMi5dtUf55dZ}?&wtH3fc32R0RXrF
zgc)ICF(d$h69&KsR4kwIxF<mh76X1v1YZ&ZfQkt+@q4|q-V&P#0RMeYjY%{f6<sjH
z`Z>>z(sNz_CkRJBhOZdki((l)0z@G;5;;T!0Pc<$fLj3aegFUiBc=cVAAkV>DrDXC
zHmSn#W$}4az+ENBXvPn2WP;{1BLMQ(yjezakn`i-6fvnuP9D;HuPg=};>X0>Ns*G4
z1ZFXAIlW3YkC(<v<|5bUNNPU+5^owQ;`ONKOejV%fbeT2AirnDEBdk+F8H4F>PS71
zBoltPb0#u-dC2HVv3%Z4UlxJ+$~Jnle%rKV8J7uAMu1b9itGp@tGUp}cy5LVkRScZ
z=}amfuo#)}Bq%}nhisPem&&AK?N%8<SC;XemXv4j{y;%pT9kGAq~I%2u}XLnG?@d<
zh%-G|J5Rz=nhXW1WSHm2ToQDN_w*tlqgc=A3DbNY_2u+rsZ^1&lZ5Gv-bv%>%zl1v
zmeD)vQhNu}Us8~YOf+UrBRSLZy|9<#+iD?wn$T$m)vj?dT`^FnI@Y-`BQC5Y10|q3
z`3*01>GLZNGm%&yf`NbkE-)f0b_c<57DIQuv#bv)30NH7VuByooe>i&Si+hyec3y$
z4=wvxFyQd7n$2ttZ<tul-r^5n=;;sZdRN{$C9j~X%q@Y7&81>ex4lKKZ?8Gr%goNA
z!{s0CT6^5&R(B%5Wo~x!rcmp47a`cyZg|JTUGG{KydB{oKB?lp+Jz*&QLL&YWy6T1
zdQZL=^=9!3+Y$QqP6A2I4|&U*-1A=Vp5S|KNIWY%kaUxF%DiuEZh2CTbk%wLEotvE
z!H7x*c(()guIGsNyaPlyo-^#-h>3a8|1$9p&b{jM@~4q_Y6NyCgu?+?_krh0AQL&(
z@ByqiI~UB3#I2qGa3o6#%M+70f43x_@OaEbR1_~G{4*ltJ`7^>E_Zk?@WDe3yvHnl
zIm|2#z!XsD*4{nzi{W&z@k;4OMobS5aG-J)XP8w?W&*U{TVs;%3(Q-5?~<T>9vge9
z)ld3B0(D*^J@q1BF5lI3VDJGF4ZPF<s1Vbd{vKZsI@V)u@QC-cGE^^0LqLPD&|5Te
z1^*k+-cdLs7B=4)!71oWAas+Ets+(EaE4THgwmA`s^_+dXse>M(9v6Vt8<*rO!jh>
z2EMPV+sM0G17MRJMW^}Tr#eFmx};3}zyWp5NkK;wi=B=%Nun?(Arw0!$3`|oi5R_S
z8#t4jj2`#@`u#yZF4MTEn6X;3O}#SHQ<56?qZSd2Qm!sq$rVN@ApJ+hYIhrV&%@n|
zTL-@OlB5G|;D<BhRPVlRIp4fhb|IVHJn%WMwOdppJ)yVZUeec(aK3m>8SYasKyQrS
zGoB|Sea0l-&f<g4IDL~?J98Jk>6QiGbV*WyPMjkc`LKnYo^S@2zuc~uMskEVe7pPN
z7Q*w>U6wgq;Tm#e!*-Ws@Hi6p!fv?3x6?=mQE_)=R?@TlW$;EYE#J8xUVpli<V>3_
zk_sRqAFBuhH0%-f1dN~^X0L96#Vg(!lCvZgsKY<_VUJb30UP#!g#j2)hk1a$x1t}t
zc6W#W;gO*J9NzfHD(uk<*W05L26%uWYH#~wdpY;d#|!G|fdxAt;T`>;hb`>j4dWwU
z`OMe1^YOA^=w}!8@8HKWWbg)Wcmf*v=tUy9zX#-Bf*;_g=KG8;fh>=Nz2#>v-*bXl
zK!RSt0xU>`f1rnV2!=#Z2YaBu3m69cYozz#qAvoUEMp_QvmM^MH2~xr)cXf{s011C
z1b(PKJAei!_=kN6hDvxqD`0@-qd@ktzz^CaSZc8Vu%e>#BUDPN*&(Xifj4ym!Ms5|
zY*>bWK!QYYf;aGlWxxU%06yUhhG3Wn17MXJv_UU3sCUz%0Kgqs136T{ty@~QIt!@(
z13(=vI>HD+y?n3(EYJaUkcTkPfmt{Q9iYB2z=jsg!Y$;&<hem?3OJ;SBqR!;QIoWk
zI;gpNL-7#7fA9twz=CD)gi5FcB+!BMlYuY*zIM>UK~$bX93Bb+IkuZ0{&}NY8l#Hq
z9e0bw=4b%}0G5Bi0%%CVf4~MA7{D;_1T3%xQ4~Z{<QxlBowM?vG`t^1;6Fx~p$|Yq
zE<z_-d&F7Hk5wQ60{{VFv4?+1gahmaCm=x?NCbZH24XZu($PQY@iC2<wdXN1=b<_P
z`>$Ce!dMJ|lEX&v7=#Wm02A1Te}D#0@P;>#fh7zBJ8%MMP{(yVM)3;?M!>ND2s@uY
zU<5piw|?ZCe+<Zh{D*fyf;q$jY><awcu0tx9Ne=C_(>zv<4D4xg9`Y_fA9oK)B!43
z!jx1=#bHUSSi6|C96E4-fE)*eV1r(;15e<|o(!Cy6v`uPgBQ2}1Gs^9kcV>!$)<G5
zx`E251VF#xhfAo+t3(K{?8>wGO0a~!$l(V=cmS(x2bH_Uv;>^BWXs$Woq2#uIRSzD
zv&*}b$h^cxAesk6Foe$wOu-~fu*A2;G#k8ZOznD1$P63FoJ{7bOv~gN&zZNl0nN~q
zJx<t&6A;bQe47T?h|T0ot??WpID~AF&Do^Q+O*Bv#Le8)&E2HU7YL94Vz2;X;LYJA
z&f+vq16a+nYfZKEGT1cE=Y-Da^v#V3&gitx>(ou;)CksGPO5p$*u>886wm3@i0TYa
zToBLe)XsZT&hEU-<^<2^#03SQ&-x?--rRsuNKe@$&x|ln+f0G_oP*q~0{TSH{d~^#
zY&rMzN%+LhQ5c0BPyh&h2Hu=d1np1Y6wcdJfE*YFN*I6vz0CorPy~fe1?5f#O`7i%
z&jOvz03Cn}&4vI~fGWs_3mt_GDADW8(EqH>8kNl|u+eOo0|gj>6qr!}*Z?Fg(j%44
z6d;5Y*Z?9mQY6iW4Il#}6;VRi00l^a3f+JhC4}ruP8EGh2MtgE7nMy)kWE5RfNZFO
z9B9)U9ffC*QS9u|4Yf@mwbKEm1O=$j9I(*=SW`gF20^`11)zivHB>|$fcqo_Lj6-@
zAW~e|fB{8@H_c5HZBH|`8Wv4cO_fbDkWfO+QZ|)MMa|Fj%v0Pn(l8y;6i5LfmC$S;
z)ES-CIDJzYl~r1O(_6LG86DDWK!yPj(kd7L{lra9^;EA!Q|wezTdjgoDArL8QzWI&
zWM$Rg^ikRb(j`q*GJw!gK+juM0C9y-^pw$a9oKT5O+r<GF_q0xn9y-0)9vikW`!D1
zg;q_aSJ`|9LM_pNy-`8{QDwzbZq?Ht9a04tP%^O6Y^c!xTZP!!tWX)PSbz;y*)-LN
zwN*;xO=i{C$b8o8j8-o#)hnG<S*24VCDHI~RSq3eTo`~c_0lSk(v7{*m7UT%z1f@v
zR&$-z37rFDEl`BDO_3eh_uL5Q49{mc&{1VmWgUfSmCdNdg&nodn6=HUolRso&`}WA
zd8JLURo1AT*Rjn8gk{?~09j<114;ndWi8XCWm=7JS`*dV-Q?Q6_1mPaTf6PdlKtDl
z&4#`;+`m;?!F5f-P29aj+{e}1#bw;8;aACpT!qD4#SPrbwOlU~f+gUC(Iwr|HQm!i
z-PBdx)n(n%1%cnB05xdc*`?juwOz{f+^6xJ765_&7x3NR1>WEl-r*(Q;x*pm1zrXy
z1nM*a<aOTXh2H38fX>Zb-Ssjfn3QRO4GlQTYQf#=MH<h+UTfLj?xmLRWeP;7f%RqI
z_I2O)h2Qv<-}$BA`nBKt#ozqZ-~FwDE&$9f+lcY4mh!b0^sNXD7z9XA;00#j26o^F
zhTsU6;0dPS3bx=2#^4Or;0G|@(7WF3l@<c_Ug~uU4Y0S&L}Bg?u@5HS-&Eld#@Dzo
zVHBp}7Y1OB5a5KMga{yj2yg?Zs0Tu*4-r0J5^jnars2%AVGj=A?9GA*$cBF~ha7l@
zrg(-37-ARhU}-U6ia_EdZp<YnFcwA#b07f!b65yMAOtsn;%6uU0w{qf&H)~dfGU3D
z63BsnaAP=*V%8wyY3bsL_+l{5OEE?+@tu?_W(YSR07|IhI{t@ND1m?Q1%zk?ELLQM
zfMiK-jX&mMBW8+0{(}~ap+n+Fs@O-4Nag?Q2-Fe@RG6|w#EQ7fi2tgrs!*{~CLBY)
zJu=o~EM5pV_~C!pVPR%ugdl_`CV*c?h+-DzW%gq&E?`hT;1d=mq{=l&EQyB0BJ&|X
z{>nIxU@JG8yps4rzY`zl`2Zf%<_O_snDgalfM$gdW`uA9Dt?B1{s#hZgJ&>fX8wnJ
z&S!m&=8bq~W(j18_~Pa{pzQG_bP9m~83VKfn6YW&L37G6F)|+*vuFt@pg@{}*-;@I
z`y`F%oz!tg2y(LFnI2*~DkfSi9n+!@fM|&(F<CyH^69YQVd+0u=iz~#AXA~iV(Afs
zNs>6|v-9PDhyWoj<9ev)f5?V;2IzWN=1iVy<nZKYN$7|`;$EA)P}?H&nITk~9)zPI
z7Z53kl1FnIB*_DVDR{I!t07r5Gy`*>vW7GU0<(v@g)LH@>`^kYrXZzrw0WxKURpcW
zVLA!usZ86YGUA?b^B&`(illD7CRPY}E&(@q<7|lPf0$!8$bw~#fE-X}gdl({_~Fqm
z?M{|v7-mlywzoFwh%)0I2Rdy3XPhciLn}J!=1~Ldbd#TG(z}hg>q+V`-QFVH`Lyu)
z!jr=7dYY;)R4YQFAo!UvCwjzWnrtOosZ$mS%myk%W{79#XN0JSdQgaLAcQJL=1PWd
zbEr^+aBui7XpJCmWa(;%_~Jy<2vvfm-1Z{g`RMzyqj`d<T2muMYiAm>Y#L)H-6o)D
z`|b~t?g6K6+_CO+azl*D?u&~jev)iH!yQ>1?=3#$r4HfPF5(!5i!UB)jLbB1lC<WT
zE-=W1X#6W*lDwBHtJP_(zxFml6KReBxJ)X#ass3rUm||{ZgR?SFf6z&3MaN&AYh^}
zDoU|WlDv%kZrrJ;s@U)Ug);8}c5y(aW-mTriL1G_21B2_IwUeB^T|QCW;eOQA{s*R
zYD^<0mvckIxj*74=P9Vc)^MRqqRR5Ysf#7~LZbKqB<F!{JtuP&?`6$KbA!h8X6f&T
z803pmGvPUIz`M0hVlYhtgW@Lj6DRdb!l)N=rMWw9agJ+AB0Rd&@zY5={Q*43EA_}j
zg<BZ&j?kT5-=GMiWsPt<z=I!*w8)Vt^J+Tt5y5Y$*lOcIhsgMJhX{2-E(xjoBk`~`
ztC;ruWAX2};wSFor^xoEkOFQ{2q|y~ZYTq8Uvoijb8x2$OzWil(4Cz&_fEI8bZ_^D
zxb}xgcr;#!2xx`>fF5RdPjje<_lJmwct8ky$9EWq2z~JHedqU>Ja<Q`c4F?~2$<w6
z&H;Y*g$QtYO3>p;j`@Igd6!4y5-0(eUx+No;}WQ3Y@hh2sQ84S_kWNAMJNL)z=VI$
z_<tw^VVH}AUI$Q6261SJZyyO@kM@$-zyP;M&l32M-_8mk0r4C83iM?&W^YB7=btBl
zDz<9+24+RRXN2JSOlEk6;NgdVdx__CxfptcDEf+z2YT0dMS%LK&-Z^=hmoOrt4|0S
zH@cDTh<B1Yte7_Ek@BFss$2euBhSlJFaRqs0RyOjLHPUbs&+z{drSuAtk&dwZheSH
zh$}YZ9H4~%yhjM1-(h(M`qYPuz&CoqCwitY14XC>hzN&iVE*QJ{^y?tCJ2S;r+(;%
zexGTX$Nz_gt|G`Txmqvx3QN3?SSc?8gXXcKliK==QoFoEs9eWJNHBnW;D>T3{SH9=
zVmNytTK(C_>Ujo;2+y8H`1g<CKR0d+A~Z)S2LW>i4H7U&i9o@L8aHzMR|8V9ki|5N
z>uB<%6mA-&7-ZS<A2$|?%AEWMN)yhUI(PEy>C-1GW+GCFJOF@EF-8Cm6!Q@Pz|u@j
zj}{9cA*73^03>_}0H#=`08B+n0N^7essI5{`2f&$X;Zal868mTHK|bm0m4EJ-~-H4
zwNpg@5-x1`Fyh3D7b}Kjz+R$N_R5(s&|whCnwmFr?(F$9=+L4^lit{c4q+pwCYp=*
zk5EB`6rcU87g09sgbV-WAe3#QK#c@^87x77cIc0UGnf9Ca^=gH+-PE=+1#K3!gRW9
zUbhpJvULVE5DjUR5vmVc|14!RW$RR=VvD^$!068h_E%j1_$u-#QXv7@mJ5uO<-;xf
zou$?-x2RPW08=pH10!Ix=U@Qnf#Dxx9eVg7h{ZV8Pd?bNA=x$*7{CB5*SYv2j4{eM
zqd}*ow%SCLL=Zt1v6V29FFO)Ii9r!yl*5m1U=%?PukFa>Mi=c!2|>SsrkqI3l_mxM
zmt1n=l1t9Pgoi<jDB@yvB5l_lPT+~N5qU-F_0$2Gv~^Zh0mN4oQ|A#@S6X@!2H<~3
zwS^RWOx>xJSaoFxmq<#DWt3Qhg?K5Zm^y}!LG(cLMlboKXh09m(0D4Usj7ONjUuVm
zQ7b=ogxo|{8l(_MwsJ)4Xjq1%<*GEM8Pb}XxueXR9mQ!L04`7%(wze8c_^R7_$ktR
z>bX$ZfoQ447FGI9MPYl4m@6q^=oW*D3w4>5DZKGEW&l2kEQ5_FCE5{cH3pDcO|StA
zJTR)QhV<%0B|NFCXSfRN>qsS)HV6w9TYNFb8Lx5Ou*DQh+OpPCB~qg9!AI@?eD&S;
zfq;6UQW$%Ffnn6PZAoa<SJ6Ht;U8D+JfXRIF_MV{e=x!y%knC{^rq+7K?N2DdE<>8
z!R+IVzg7TDFxOps-I>9~AUx4Pq}5Z;zz_rbHEA7xJX**SWLOwrdes@1d{-5dm0o(6
zrFUU)xEsK>aXDIev~&f=l;V0xCAVLL1HLrnnQm%}JiX|E#WGIFV-GfoSdFy-TC;sR
z>Rg9CcIwH2l%>S2hvqhSrG=~*dL3r+a!6%yXc#I1CdP<*c!nf=q{COfJiMC*<Afby
zP%T3*{{(Z6H=^5P%ZjGT{yq3Eu8!kI44Y(*`2?#Sd-$Bu-rViW2O6*cQZ6%pKmLeq
z+7Ca8$WVzqknjd9*ufM3pa;INVGk2np?wZ~AlOjjD)Jd53rmW?LX1NI0%U<9Pa;4o
zzP3IHZsvWqE6@FIF*JFZD}OG0p@`^Zhgm=)46|^846xx1EFfVS>aasT)FF>f^nip$
zJYtO`crXg)ph*TXM+Y%jn+OmIgbW!DYtr_*U$GB~8ZjZrPzb{@lCg}7*_1shfdne>
zgC9CTLM1AZ2s>aw2L|EC9*XG2J%(?5wW<h5r1+04xPcI|s$i2!ps<VtYlM9KqIPN*
zMl({fl9c3x0k&a~Wgx)`vp~W*W}$;H$O9TO;M_mzpvOnD@^pUx^k7G%SdR#_!eIsp
zl58XrFh{l$jBpd9C4(u<<yF7{i0B7B5+RRD$iNf)@WdOOkO(AD4I8R#B{skI%7bJ?
zNd)+jkv6yxTXM5CIiQ3t8@a`ZWz(0UiQh2eDbGu-LJ0mkra_R92q(P3nV$HcJo0hP
zY!Y-}+sp<aVJS$17*ZoyXp%!9l1^3el9lcZ4Ls+m(Tyr56)m`@_1+<mFz8?w=Rm>@
z&oR(~vQ$;u{6`6#$jyH&lp;hr$Z%{G9Ca?Ii+sE&Xfn#tp%OJDocO2#Okt2&#1RQP
zXyZFp+R~}c=%u{5U<P+Xwhs~sHan8(sw(<OpngWEMLp~PMvv+*rDEeB*pPuIQ@Kj2
z()C4FHAwn6g1+*pZ=GxVX(ZtXOtcb~qmUqh0Uj`nf8>Ldm9XYq>nd5&+;xv)1+1DR
z`AfoZ0urA6ENDY3+R>7>w5B~RYD2q<!gMyZu6-?RQA-QLP+$g$U93U+A=Sz97BrRh
z;$`<pR?pmy0WUZ%a+9mv<ubRq&V4R)qnlh1w1Be?kS=z!tKH~=;0Qf!h6)nv41?^p
zx8~i<Z;=>WFAldew=+OC;w#_z(zm|$y)S<AtKa?3w-hHJ3?yE_-vJZ2!23M}5qfG6
zTZ9(`wg5pA&MRTgr1yyHMPhq7^IijUxWgX4uYUpmEZ`55xWw{Bu!1MT;1%I^!Y=Me
zg^hUOBW8Fr8#Zx?M}cDy|5qdd-Z793jAGbvWE=B%F_JkFV-n8Th&9&Cjdxsy0Z_Th
zI@a$1f=u5K`*_48#zhs7q2&P&nTtt2b4|jA11nsj&2D}(oZ~F#In%k$c7AgQ)@gw~
z+_}$w{xhJTT$3mVSpij;FEYeDUtGvH%VUl&mqYU7`%an48(_43=U`|`Jo>;1CNi2s
zZ5kyOqXi(?E~-<l-3F`^113;4tYgjG1qAklgn{pv4c%x3C}04L&H=9#z-ULOAO~8G
zw1~W1-zq2|zB$;yqUEaqPRsYo_r<h)6HQ<LMaNg$_$@O#MJ?`sEE$4LCZV8DLTDiC
zn!a;LK{g!S=xmSy-pB5-q?JuyX2*9F&CW&&f{lzh3_t<U)-<nuvjJddIpDk&^8f-q
z0AptZ*t}+Ru%UflaQ}7ONG|sS&kezJn`GTPZg)23uz_G_!{B7V^Z>}9@q3FHzx+mq
zuHPMBohv}cIPZ3|6<}|jrySk`@OhS1-tA|kfDG|X!5lXJX)}8~)F5}D$R9{@Wr-2j
zT5dNb6d-1Q$M+!v@XY{LZfzhVd(!ru@&+az-<5BG?k(3b8PZ<&Ecblw2DiJsv%CSP
zH@faCKeT;0?$fHf`0DM;x&yb)5tHNpxZU-RFBuf@3`OVQ&{-zL(P`dgn>QQuV%|X1
z=iB$otNzNUr*Gi1@%lz{``c3wH{+A+`0zo#eUgV$*B`wB#J8N+DY$g7|Ltf^i$33^
z$9%JuUiQ0Z0~rHQw2u3p@|klw_R>cN(<z<}Y|~fqxj(a2b%YVEdZr$P&|->vS?fuP
z#Os~z_qJ<)|F-LUzEzm{@l{-~!P^F08Nsn!0m_%f30=I+n*d&%>;)U))tC95-^Y;}
z>-5NPm_rWm3TMd1F8S5svDf@<R{h-{3KAIqbr|{4R|~q}e(9h7mEY}koCWsQHnqk?
zy#^t;K?G#OGZ;q+{6-EKNpJ}NVUq;mH|5oJ^j`S<o<>k!3Ql2v;ajp%;r&(M4NllL
zf#5_a36;<kZN$ny5XV2XLToTnaF8L5I3f5z;Y3Iw7Ea*`&f%D8;TE1(7c$Zp?uL#i
zgpx2+k5q(g{Gmc5l#ICH_rT$J1fLx~VjVsrkl|q-;vfc+&odz6t?Y&ybl^bH1_8Li
zGqlD`C4?uIO&f|}JC)!&bsZnPA}q$DEY2b=)}k%mA};1)ELy<`02l}8A}|J{Fy`VC
z;6VJn2tPD~GA<)CHls5>BQ!>%G)^NmR--juBQ{neKWN5FMZo(#Q9U>eLTQ9-*hVRi
zBSonqHZkHq+|B~X8a&4T<8zHb2M|UfG=Mzj<91QkF}esMSilMdq(BZNK^CMz9wb60
zq(UwvLpG#CKBPig03vYXC6ePexq)$HgDn-I8(0uc<-j0P1R?PT26<#E_9JEyi)OXr
zt@TzjtN?)3KsKF%5ujvq7=jlRmQLP}7Z?IX-pH<qqCuREMq~pa&<Y_C2XdIhGgygH
zdSHwwqU^Bad$}Y``j|{&6HVG=Y2f5eekJAf<WEjeHc4gcP-WLyWlYXwO@bPXcqLfI
zCA^4bnpGq=nPuvrWlQqbORl9>wk6fQWlqW^VTK4@p2Y5f4_=~<Ue=#lVkKL0C27EA
zVOAz%9HvQt921WJ22_g1VuA)b$Vg*`gaL4b4`RekeTFZXVNJLnLmbkK^d)5erDTo<
zWuiq_R7$4&fe-w_(!c@a9Dt=*=4JY1T>|AqXyR7Mh;n+SI&O(dOhlM$#B_)zD`Hey
zY6O!=gfGBmXONRg$c7inh-^w)R<_bsy5)=9W?I<IgJ4Ru$P0g1MOFw3aV`dC!kArl
zggNLELNH8c?#f1hqKkaybC^Ut#DhUpXN-(yF_dPG@L_RuXOpO(6D`t@Ak;SzNsrVN
zOnp-a@(4y)Nr$qZXq2ajoF^-#XJD@9V1|TxBu!Hk16K%+R5*oLzyW<Yihb~fSlp;u
z9Dt4zMs8aFMPUSr@O;G-8~}c>%oNzgS!BWiB#i`Ig_Qb$+)NHf<)@PE=RW`v0Tdwz
z;gpbsP>@W?LC8uFCd4ASMkWeLfj%c`9B6b%!AwX2CcuPslz}jy$#n)*c5Wg^glSU-
z3EGUL8D>ETIZP)`C^=?CCWcTJB*}%c=80aVc}Avsy2x!3%Am~2(L{*ipu!Y53x6EI
zE&L6F@W;)p1(EuI55y>8)JHL>Pz$w%T1bF}9DontjJiAsqhP696cv|_8gf#^Z2SW$
zW+K|4;g`~eZ7?OI7DS`+#zI7Z88)Zu)MjVUshBv2O2h+8RHq{Jsh?(+VC|)#ZbU*g
zkwWzUh_ZI#j_5{_5E4eRpLk9yP1$P+m?&tVC?u%pBe5v%x#*`NPqj!3td<2*fI+Y7
z#keS}up(@!8pT*Z3tY4X#J0td8ij94%CG8)QsBvZ4pp&g#7lu`a+czkqN5n*E4}K5
z%WCVD$mwW!E0{>9o+?5uz=(rF=&gVivKGlv4n%wn$uk5=%nrvVqRn!aB0@0jKsfDa
z0Ib0B5y9HvWWK1#{7%B=39Q0us=5V^Ml9Hd?JW!n;hZXA#7wO+!h=wY$RGvCLJF|H
zOP&y`aU!Odsw}dCAOX0nK)@`cy1~rGDYtS4&PIor#KcVa?4OoZpepNekj<A)1R==(
zR5&`3vpP%(q$brut-gNlM1*c=SgoeED5rAmdw4~K=*fIAi+_MYSm+6cOhw_~Oi0jf
zq`(CnK#H7vfK<fo$P^EKxCN5J!QGz4duXXfo$N%U?9g5=Zv05)Mk{VmD<>{Q<&t6(
z+N@|S?zc8Bbyx?-L@sen?mt{a4)|a}AR?1=VhOayL(Qu%gkmco6e0C1yAl%2>hHal
z2I|u0re4Qw?u}MJZ0sgQU;s#2s0GCSL136m1CLD0K=8#LPhJGZo-hlYyvzneETaU5
zR1g*PCeg88t_oA{1^vdE4oQ(5Ns?^u`eKA}AZ`JNMwfU=&PoTF{DYaCt4gN-t7CG6
zFB~O93@8%E>u)&aGdQg;aGG8<<v-Yptwix=a>f9oCtw!r>H-fKNXYS&aHRZ232#VJ
z1W51*&xG)9VNAitl5x8DfEd3m%=9K<pm7V0Yzw8;6Oh0e<iZJ)o0o2e2YO%@;}wi7
zW;{@XBR?`EN3tZd!}+4CtrhWPZSjhBvDVrq*WM>%jO<WB0s}liWk5g+?7>(rQCWg7
zXkfw`#Ih{UGA-BgAXM@YUovSvW~LIb>KgDTgR)}W0v>NvE<k_@^us^2!wsy6Asks|
z7BU}wCfochFQ;hgdND8yvt=rQ0YI}sFmqz<K|APY3O^Dxe~mTMNFvw&L_2FSred?e
zgl3Fn?FeoyTJ`b$WCA0k?J%u^0dzt~%!3uINF9_j%1ZM|5Q6EVPC9$dI?Kp-e#Ur$
zXJ=^gXncuAkOC=~L>WZqi`cV_9B?t@Chx$Il*;IT%nf4%ib}t+aQ2R0#M2;r^GOi&
zitGV6U)@g0&O>)iL>Hyyl4Gtsk$)Bh!)&IN{O3soC`VwlXlV3Ffb>V#Gbi8kN!&wC
zkhE49&lsl*^62wo?9TB3FYX}5dq6B<@H57G^<u1$3q1kQo&-MBfdO2ACJ}N9(?)y|
zWo@9%P8lU@J|)-uG}i<*K?sRgxrUDHNC?H0ku;H!bkLg`NeCtXHji)<M0DiBRJIl2
ziu>-!4t4}ohlW%e1V{e^Dd0gFlz|i|XjKct4>yNMgN7!s!Zm0$M;x$)K#oZ84SduM
z#42xJe1+T~g;OlZ0Z__<^o3W;4FkVL0QhEM)P?V8a9_YJs5%Al+(lS01z-fJ950U$
z+(2jKg8`@j3X^4WDop#*aB%z~k_=M&wr^i0?#Q99drdC0(zijhuQ_ByfYa3b*#>be
zD*-fXLF`lnFeMhPFixS3j?inhKGbHEHfWr-YIig#oCy$j^hY!3b=3A}=mc)-wm}?l
zS@aA5_@>I>M<(b691u^Qz=87WiJ$09089a{7Q?Rg^Ph<S>{5V%dT42k7Y%$sh=foG
ze-uc3hzoxJJwU?0(C)B`3;vY%KiI=Ip2R*t!!Q^?Nu(@t6s{Q3l+*qoEqRS$6AWT^
zldLENA$*e}Rm4sO?%y&};KI3a41^k%fNzK{h402hKXp6@>~&~(YNz&w|3ewng880A
zH%tShN4lg-dMH%7rK3S8OuD9TdQY7AKd|S6SP08pi`gaxq?|{Nzf0`iZ3df%kk5r#
zmvn#RN${9;e4<PM+%B#zcdS>Am3Pi8WI0D*!75<Qm-lTS3hLnE`438ozlN17lb|Kj
z-!4C`4{l=SZp54;2O-+I%fb?nSWqhv?l=Lugp&54U#)3R|L381bfUL5pK1mx`~<z%
zyS?*7Q0T*LrZoiPxCO_jsZYvLq`GoTOTZgOU6?wow|WJOs;%QKwGha#w#5gW%Xs^`
zdH=&Qd6KXj#60xF0$sp*v+~NWE3OEH_YUZM!(R?ddoEM^gFfo5bdwwCU=nY8oih|T
zg^;q=Lpkb_|LQAf??!K2c)AxlyK}g^r}jsStGUwlRfon-1ci8{IM>n)tm4dz3$KjR
zxLVlwgYbt0JZ!<|Eu+A-t1JA$lgv`UD%<`Hg;0DyQ%j(<I9PN&k>`(<PsGLt`$T|%
z0W`Bf>ot2%Z?*@?wbDijbkO>0q|V=W%VU^+YZ!mG|9P7)gp|x{32-~Nlj)B9Mq(=r
z5Xwq6Jc*CICWSAF(3%8>f5w;WaJ!>+N8^D?d<i|528nwHPEh@Bzvy?11Yqn(U|dCb
zi|_{PsE^9cg6PeALe6uG>`cS$<j4(&)CE5e&h9wMgs`;STx{_Nz)NHNKd6H`@O>pX
zK`>wk2=u@uM6Z{^rVthqZ&*nYGD$rQqIdFC<kQ&X+nD-p20&!{H;`aKga4ixG<T4o
zxrGc1x^V*$VzU*+FcyPUgJMU6;HZTZIg(^aejZVtGLo^FhH)qlGFwN{kQbIWab`lr
z5>+OanS8Qjgp+7dqeqDjMOqY<(xp#{3c2ym|C^IU>IljUHqd|}gI(ybG;#`NS+i$R
z)_}y)C0e&{&l+G!rwd$y8d9+|V3)65iDxac+}L;C8pDSXCsw>>SYMTFU-mUv6KZA4
zmoaD7tXV3-U{<jf?D{oq#<7x7+f@rWb!)V8Gt%vgSFdZ^4C~bcd@<wT+rJ?`&e+y9
z<;};DCs&TVbHUG7363rZRxDZI*9)#59vM4!*cfH=rJZqack>+s_vUyWxNwZbTN__K
zpMHJit01+QifyZBCzZJJYP!-eI*q;Gw0n=c16}*BnDFcx52NxJWH3F9e5<fE_gY#I
zHTjCUg^>}RD#iyNZn00r73brm0Rs$}|4N-ikXXeYg1iZkwCXf;Ex`_ZY|TLk;gYZz
z3WMzKLXFl-(y^7cvkgQa0H_jx0DQnmf&+rO%m*x43{yoV9@xeTM6&V(3Fx8|kRa+z
zv(8DreuQsMxQ47tyu8Reh!RS2`$r&i68eV{LLL%mAVm}U^Ui;k%<xgSIJEOan=+!(
z1xCOK0Dviq$wVneQdA0+DSYViR3H8*#svU2#VC^#yCk(3MnuhML@{~Ase(G*QRk$B
z_{qfyJFwAlKprQ3t4<G_Ei2F2_?*z72y$>Ef{7w1q1$>Q$U<9zA}F-ne+US-gc9zI
zw8?1AsubG3rUW3%V&J&4m;(a1{}liU0_eBX0}g<-m`(!*fDumvX5`g`UGNv+0A2<4
zkAHj3ctTU85kne?mhnW{Hwi2T2P-Z~S>=^kZrSCRVUAhml|fi5BMbJJS?8U3?s?ih
zYa@t|90vL;0z!(;VjxP`J@=n;3D6B)MU!+FUbN(u5>t$*ytkNu_wAPv01i0u>jN+X
zyWwK~nAP55Pzm^!TLNy1>=WZg`vU-4)wtIN5IIMT!IPy(I+9sx0fZMAZ`|?6A&*@0
z$tkbg@dgTE$pRBB@7(jxLH{|zYL6^v+oHKO*O!5wiQs8-6C!{hr>o`-!*{Pv2}%XE
zW~pn8;_jDUfA1ap%76nH{~PU0-&P)@f=7H?ON9ei-fv!?FaVK#k{Mi#b09i=AUF$@
zGxxM?=KXw_L@$zbB(p{R^?`Cg8X?!6hI)3YgS2{m-C0wdt(i!Ady_!eh$kzuW#kr_
zSRnJV<h*?;Y;0Zw1KB=xy<X9x1uz;0J#yi_92Eo~2DrqI;`BfC1yF^Cn~R=C7qo%+
zf&jjt#Oa*YiU{Z?ekDK}B?u6^gb>1YbMjvcgR?sz3D9>};uqO=GQ0|Aq+lQLfeVBO
z04qv>5mUHZCJN?)SD|f+8DW?PHO7e!f*>092;tzsHxOqSpc*JF9}+3@EIfwqh18Pa
zKw43PEQsqLIiMO5{|TTpK}8^uhD4XQO7IXT9dVBZ$r=+gG6jMW3{)8TzyZP7NsPFF
zUkCVrCri1L4-m{J9|)KPb`naK?Cq3j)EFd4U;q<T!;KyzhzTxm5b_nnK$Xl+`j%+S
z==2e2eJaR9azKf<$gWwGROTh)GeBG7q+os9X2u}V0bTO)9Ropx358j*Vk+|=dSoY8
zm>EN7&W-?ygbOt%WldvZGc_Rkrmm{@&+84M0=nGBKhBv1h75C^hGOLD&{7ZkvB#b7
zY~Ndqgrs+($97EG=s);*DS?i3q;z-@jA}3}I}+1;S%|=(a!@F<w2na)W#>iRlF^T%
zM4y!msbu^~|5Bk|&kIQ~g!xulOmh%Gk^><GA;$HL5)hyS0?ENc6Ef8j5KXF7<)4p`
zX(?mk6fHX4DMtl^yL~EAtn||6P~qAuFSrRJ43!g24dMm@P$D7c3gkal_YWQ3Z*~d!
zD}us0uRW6WEM`4xMLH^}YqC|bb_r@+F}tF<dc>{-!D~b&;!ug`)u}F(9bRuZT725Z
zrpjcjSseS=gY<NdKXq$naT})1cBHecTdn;5;f9z#gShB&!!wpj*x(MgxQJ!pP2=f4
zz4VN_)wS--+CT!qfZ)2_^{&gTfP?3XG`Hog&u%Hw+kqUdA@%r+pjM05dYrb1+4!w<
zqqNc2|CS}Ap!4s40c^Pubbuv=Xh47woZ!fTpatUv>RZhlVa=eouIe=3GpOo@sb=H7
zh1^yaWQQ%&4kVEixvCpL44l@EHM$smpKKwU){okjFPD|@jVnXpg<AL^&p7Tt0!5H)
z5JIMeSY4qArKlmx^foK5<bGiiTNo3Bws@qmWw(|KNNkzQUH0;q!5n5WkD1J6HuIU$
zoaQaxM91l5);pcN*cRvX#Zxv&m63R5xX6bN4^Z%*0Uc;TSIz;*Y;#hPYRov}5y~i$
zvYqkVLOs8Q&q>I}r7@jpO>dgho%ZynK^<yQkDAn_eu1Isy5l#qbJ0j_v_~Foj<1?W
z|H)02Or%vfX}46m)V=oguYnzGVPpE#EIIVDQV5qIw`SHJY4vT;VVhTX<k7VA$WvLz
zF1VcQv#7!K|8$KOUJskxo+fU&M^SEd7ds=zMqIMZ;>h5JHZ|Rb$+KZ11#T2X3J~E&
z8Kgbuveua(9Tt?W9Rgg1%$k1*UvHrd-j{E$FWhGtx3H@)0F7@z-IuOH6^5OI0VqHL
z1HeT#INotzvl}Ds9v_bl!sLTE?JqKyIYhpi4STOJzkJa*MdA^Uf&4q*v4Np<=Skv+
zm?HvBC)y(!nFae&m9N^qYSRa@)rXR}=>#Abl8fl=$g0(+l<ggOEIsThDB#j5|40F+
zae)j?%N^6mp!=om{&7;DT+?%4`=$AsjR9zy@0m__rVCGQmKVe2|4?smn|`kMN(6}A
z;&9|6un=uEJt32yh}P4!v~*$pEciyr&k54+e@H<QWsm|U{z3GAltCD%nKngYn~kvh
zFzeC`;y>nVj`z}ZXhkC$d(p*YN*rINFHOzF&sTA?Ts+uozw{{BJ^+z#02w4#z}vIo
zcaoDK8{SWO3P?Txkn24gdfz|}N}dh$ll<=O|2w8r0Dui}9Q!0U<l4PY?%<E)5-->m
zukqB&zGldEJa2xMYaj+m0Rf8vL(6FFCy16xH+Ih15=$~rZy;3f=i;H?|A<ZzYR~or
zuCWMCxzOby{sN!MW%yjD1f+?u@~2U}1?y<X+V}$ca!2~gg8G2X`sB}$27vrf4hc74
z4v=90p5fAPAq9{y1?FH5QcmyKPw&3((&hmCx-iq8!T-pB?gsDD6yWd_02!(P{Bq#!
z%CO@OFxA`)-inXJ=1qQRF0@*w4$<Wf@9+kRh;_oQEKJWMK5+FwF!f@u3>2Xjgd_!F
zYXv`xspJO+eM}E$um)-B27Mv(Y_R!m4laD~YJd<Xgz(p@001-&{N8W?=<eglAmuJ?
z0QPSK6rc(=0OZ<l{d7?a56>3&PXS~R(<lKK2Y?a;4+?2<{{~<b|JV=v%5MY6pa2aJ
z)i?|0{(%o=rvdX&5Vg?{jRtlCkp&5{1N-6-Lr@X9fdyLc5sl7|l8)&Jg7^M`2Kx{p
zwo#FY@9Big0n4Qh191m!%`Qd}UP=)qPSMwh5Yt-m6{~;@z;71oFBd(I7b~*-esK;&
ztqqeg8*t$bFESgTF&ma|00^Pn;_w>ZOaePGxD+XVBA^w3tA1FL0beq89!>&p2rUY+
zBhWDs6OrgJ0pL*Z9h=EoOlRpL@99RbhW=rxd`PP3C-SncP)eY$oQ_?tav<dK`NnR>
z%np+tB<(Qn{$>%=r18?0unC{gBU8YTpb#Q2EeF;QE>i&H|IUyLWf2)MjS%=!{>aY>
z&G00%0U4fw{iN_2=#DN?(i(XS8zGO85@M;Et^_8c6{yO`Mo-%|@AoLPTRzV!6XNRD
zg(uC?=cFJt^(`HP5)TGK5fq^)!Q<#$?2oeX=@vzjWJhW`Le@MY6bq>a#ZJaH>L5KL
zA$tuMHSG<%kL0}2`^e80$FKan59FGV<S23j4lf%9a0~l#<Vp@M;gA2YQvq-x<DAnY
zz0WL#EhQgw)mSIydh@Gn4kaAUG#v~r;-Mt?vp>l}GHwqds!ccz;=XKSCtIT+qs2Ho
z0y$OABkQj)=MM2UZ96-S8Ziw+>kiY{FVpM}4jnVS{~%MDdJ-a3VKGotF#rKTA(6jU
z(6b-{I9o$TMe!?(Gc2<yHpucpd9+72twVj(Jw+5g740;k%P8duDea8PZ1kNNlqR-@
z4tCT>sgy_0txAQo!icnzO7v<1lp!8%Q65V{o8?I%!a=JvP1UqLLsU!Q4J8PHHz%b_
z;pIyYLdvos2MGW-%>vu<sY%(%Oc?@A*R)U#HPo_H)!x)2c<@f>G+OM`Af#-s3J&L<
zNs<iiJ`G~lH1*a1b+Yoa#<r#n9smYR^;A(cRaJFWS+!MN^;KatR%LZoX|>RdO%4&Q
zAQIxzf-F#+X2=3dP>4)J9<^B_wIE`P5VWlz{}PF+Jgn&!qA4$}p6oI5meseY5?!v!
zp1hJcofJp=X=~2F1Pq~E&GlT-HC@$pUD>r=-Su7JHD2X)UNvA4ZdE1Ul&Y|W8yjU?
za)4d3AY0<6ri|3JS~SX5Fyhd~ewJ@(__Sf)tA6N*Kno(8lJ6-Ev_`!(P{EbF9)vcR
z6kdJ=0U`7Ez!4{RXuWh#CVQk<C*@f0B4O!`An*y2Ajwd2kOE0;UA$#xgKMe?U?T7-
zW8Z>ICq+;Xg3mxUWSeDVaTVF_h-M3}0#gUWc=n|#&u7oWWgi7*2O?Ro)ed{FAUbg&
zXzINvks$)M5~a3V)q_Ez%{7pAGNN>8|C#ntoEBfBR%}o9b&{*c{<T85_D;O^A0|~e
zg_a<gh9G<aAZ?O<6iHAD!X67LarxF$Hx@3qLG=cL6i5Lg%3$9%q+=fpN$)mV^7cLR
zRcMH&6LC_ImWIQeDs0VTaOb3OrL1+jj%ZfPrJU|*vJzu?FJ~tTur||j?{PTawl6lf
zBSd%ho)<Odwjh+&E@<?0>7-2+b#Lo&ax)BR<n8KmpdL(%c5Am_S<G~6GwBMV*@R42
zJz^lmR7pPdEt;1gJog_+0T0T+^@J{T|3MgBQ!=KPAgb3O29_c~tm_2Ad>O)lmx@o@
z7dMHvg;IA&7qv)3mC+8?(OwkN|LWH*?zeM4mlR_29~9wpLs#|)m~?MzHrscqw6-7+
z6tHw-wK}zJ4??(p>mfFfA>4OPwRaA=mqgL`$vPO;K6uKEmLNu0e@pmtp?LOcfheWd
zg+*0;{SYFw1%UyeG^KU9rYZ-%n0CF6a&;G5w2F6cQ)<&Vaz%ECb9JL^*GX`9iD9gX
zhmLcnIDe<Oe`zl@3V0w67_>S9T*3uWF4tip?;#9S_i%Q-0?QXBQEZDZf8^Iu<rr#N
z>Z9s7N$%J-BdT~i;(CEYk7JLI^Vg5_H*`nv1fOJs_pEMrc!mwa7c|T%@rh}uvcn8C
z2ZoEOBv26B)?zcyzIfJT|Ks>xRkw&WxaW=(hL5sztalJQ!hz{GbM03(Q*)K2IDheA
z-!?aH`C^d&p^&H6EY_Bq%9gNvnIT4xkxnwc!j7F^id}|zeJ<EdotaCISkAO~;6%A`
z7or}h2FdtJxu{0Th7}<g*9{aUH#jVa2{MGyLL2%sqeo&MVi}q}mPi!NPYI$Gf>mOp
zrj4^vXGu&>0c%-XG6E*KlGlrJW0EUbT8Nn$gZp`pJ~>E2nSH}WTYO=u5@Kyr>tAUK
zuV^Y@h0AicN?W8!uLQ{{T|<xO;SEwWs|}+u${CBX%yjd#GP5phF|+Fw$)%bmcsmTO
zCzn9IE{%^5TauR$|L{q7y@jHaWS_U!WJX{I{Q9o}JFo?NunD`c4g0VG`vH)N0%`!U
z9s98%JF<UTNwZOr{z``sG;Ql4sf%b6S=J8mD!EV$0&TgXwYltMnbK$(E`r#U%OaC|
z^MCZ3h>M{GtYBVoJGXVaURi<y>Oi-FJGk3*vZ;B!x@BFSE(cB;!*tbkl-hN&)(%Ho
zx~bMSP}xb$8J)2gZ#Vhfb{da*x<`l`en=U3k>+oS`MEtSaAjw4saxUP_IAKBwRdf`
zw;QM1?P<Nclj-=MIXIwI@Q-L{P)saNe~<TskEZO)A+9R8X15QCIvd%g0jt`gt<0-u
z8NlzmWxM<3|F)E;{oB=&nA%=6kf@3fT0xO~!Ror@B%f}9i?4jMZULP&8|_D=<J+Td
zl)lByz6FK2m~7b?gvng{H+&&jC1bYd7|uexg~t1IuRBSy+s7Y@kwOc{VL~eVVznw5
zI}}zmI^6L_w3H75ug{mq*XPOaHp+u!%1sxdz-1x=B~S{*$Ed~}68eUoaE2fn$TV=-
zWRA<Zk`jUy&xKPUo<Rdo(jYeb$Kumb6qgbRDK(UwlN&06;W_54nOK`#h18sB*}O;G
zT$<O5-e~9!H}9o@S;HpcsHfTukmji)AgUwJy&;)dab1T{44*&DxkrzP#APcBPGF0O
zs<NOo|DPsXAPO}qeZL!uhvjp%bZ*lHx6}XU(?d4YHDuI3)^uie8z-V41x4HDs|A5f
zy)pIym9CITS<t6D>jEnai0q`%<))ikAn09o>hR0qqS-xsQO{Ttn^N?$HLtBb%|{&f
z@L0CAy+XL1NS3`1|6=l}if5VIvx?~5!M)&=X43`TzQP6Hua?NdPPyrEq>uaehW2Ty
zo6^Jl@gUi~VcHHekQ_N2&Cdthm$cy-<l&EQ*_9R5L(9FnlAf1lSvS7u#U0mmn8Rep
z>zezPk&nazOMmQeVENryULG=mnYe^`<;U@d4<x)bMCZ9PnpOu<C}ASFvjkW+PMu0O
z|J=YAfEl(Agy#>$=S?RIhzrCtFWl*k09f|(&KshmrXC_Z=nZbF1`?R*XTr^P8%sbp
ze4!QaiX`c$cxxJnVn=Fk2=OhmHT+%7S1q0iV4kHm?5Uk#aXxpjeW|LBTY}oYEWf62
zP+M_%^)1B0^9;jP+jOsP>ak6v^VHa<lJ}0ibs0(9aGdB7xSpO)Su?X}D$^IZ6UeR(
zjwjGx8+aZe(Adix%yXKb`MaeV*L6Hoc63trDeB;JKH&v)1qTTaS$5K28g`Obnfr(L
zCC&HiTf+h3pTL0x3mQC#a9{~v2^%_m2r;5Wfi)l%yI9PNA%|V)U@T_jltM}b{|RKH
zL?A*50s?bHP+4N4%!m~~Y8W>&r%s3lKGNy3Q=o=a9}N(U;6|XEq!FG8Y%1_sgnv+}
zI%WCPY0$0znyvT<sRq}vJ5L$0iIc2ALtZfcRI4-FRJe5M*2JihqeqM(A!aLR&RpG`
zcQ4)?jQC(rw?KmqElMy;7NtzJW=Z<b*VL*|u~HSB7@}9OVndrYi<T~1#->}lhFdt}
z#)cg~_I*7#_F>$07hinqm?%c01I-c0l7m2Hf!PSO(%kA_jvUW&0Juu1dJf(QM`H}j
zoi1vOyVb7#-8j7Z^#x<+rM>s!ZT4Grr==g%cQN2Q9}fpih%Zb1Lr6UX|7DXy3DF6Z
zg@OhCqg)n*;3trG7lB7%S!a=VA6e(^m)<~xl#m5UgK3pvc<#-XP;GpPlp<jkaTsGx
z`thfee-{xq5GBt@#n4QiWoThB7}hw^c!qU2)`vJYm&G%_lz<ssLn7JQih9`wBbGGH
zxTKd7-56p{Iu^rYOD`=rQ%o@yd8C*QDOpT;9=3%ZK~xfCAc6`CL`XIbW`kf3fBDkN
zh$cQrU_FE=hnX8COqiK30@mXTawf_-k(TgriQ6-7s%0Oi50SamnQ5Au6P%^7iV&T4
zHi;*QB^lIQD^f-G5+#o=l*LqT5D;JlBysj50Y6fe9diE+n}Zw8|NXcftPpwHVtgQV
z$s8qr{bLRxn>s}aN#O=rPd(YV0UC<rHudc@(lQ6GQ|3?-WJ9G|tC&w^&ZH{8t$y|0
zs{#)sE0bI~8RC`yTqclaRte-8O9TEx$!1!07I6tbK4bA@|9}kI!TN$J+m<g9l%S+;
z_!8k<1dymw1X(Ee?94YaRPn>gO*oy)RF$AoD@Zly(7q-Mglce*Egg}oPz#i>YPI6%
za8*)G453yQW41N25GqCGQb}F>@Jk|3O%S#SxhP+k%?(sf1PkUcApr(%otdyAk2p5P
zBhQtMoAt010i|xNoixg`9^7<)!tKcRLsCy&HCznqS>-?V|3KU~*UAchF(uoHjg`a%
zp)HVcC|2(FL2z$7kQ>zsPFdg}M<p!SQ}xXEuq6y1Q&r8`{B1%?FCBS~lcTvq^wLjH
zef8E~kA3#qZ$G^X9f0)!_u`LF{`MoZkecRKhX~~}rc3J_bfSCx>_RC0HC=VrG0Tw6
zQpR+#r97h*1SlEoQ1+f|fl45h7!`!RH6X0)Zg9`S%#;E*Hoi5mAXQ<`uo{=Xpm3ug
zBRt4HYC)Igndx~3FoX+V2*Vi4aE3Ijp$%_{Lm0MU1Rp7c2670*APNzORzM$()W;fv
zgo{Kb^3#GC<pu*i>sistLh>4vs6Jh6L@%q9KpaJ)|KwHfAF(sY?B)X@h9JsW=7<2#
zq9Q@Rfy-`b%-KJhlP(A?XgSXk%mkI^IEBqb3MCW>9uUHfGNjO7sbb+68*(|QWzIb7
zgA3~(X%_^t=xy3UW8qZ7keeAxAZ{ugbGGA#no$ZRiE~qfwo^ErN#|Q5n%V0PvOJv-
zk{~4<p)iCYkVFb39_Sd03IXOwOdceXOPl1Kl1LUpP)eDZ{73>hxj?R5(lxov$u0*X
z1%XHb517EiA%%&KG88gDjC9(6s96wZn#`HBf+jr0RK|jwky}C8W|jiUm2ZkuockE4
zF!8WXcG`1=PrGM@2zDWZ&2vLxLSmjAicd|d|1557>*gTW8P0!%RHXk%WEp@-mSf5!
zU<VQ7dTxo3Y#1<}5H*rS4@S?0RT86K$|phg*-?OQMW7@tDoME^1z`|Xp%;~0LzzRg
z2oT_Q5|QRs%n{X>@QeT{F%c_Y;?jqbhHW|B%I0{AC7%uir~`rNLGnnTX{yJgGD#{o
z?poB5hEteIEhbk~IuVu*gaDiB96`hwnA&wNu`NZ&C?iIa(UA;hph3wpYZ|AChVYq9
zMQe=IDiF5f&LIIbEO+QS5j>P(wPirZA^-7O*!}|@iV%n}YWvrAI`y4^av;TS7894e
zL@+6lDxtVqf@8hJw;+4TTtwtsifv3(|8jjSLF9>3iq=VxLHW=bC{Vueig&!^Ew6YX
zPzY;oQg)r}(xbL$vx3xPcrRPZh^9HBEX*`FLfr{Fr~%*r3wXc;21jleip-~OlUNL_
zmgxxc;EUm{C7UWp4l3+V$riAK4>K)x1y<JX*6Iu<7@~<!jN%ll_{16*gnBnhJ2);Y
ze}s50gQ8TAVFie=52H@T{<+zl#9|FZF0zr2jO0NaxU&r9Z3PYD8KMnOB^b-<lOaSr
zq!dI_T<zS&R)RCGri53o+vbP)72=(o)w7?~=%-dT*f?ipb&;xb*M7ud{stLxx^>=D
z0auVHS6DNC>>b7S%b;qp4$!$9|D8grTVb&ljI7#yoLP6u<`jYUAEMRWb2(gE%7Dyl
zQ8W!|VFg%;2$o`n#oz`bMu=+F_*o*$!P>-_+?E)Y!Hs?$%(P-zgPhq~Y1YY_GfkmQ
zce-bDR&4H`?6A<BnpLTe$f^hTlBr@aZ7(@pw_{?QN&O?Ma)sG)4f{#w^6Zvh&9kH<
zO6fgc8o|h3kFwi)lmJPGI;kv3#-6b*J2!}0ZiP*Mnb+qgQ?9WI5o5uN6H|vg{IH0A
zw@u@HL`ouf;slv^SmQ#?duQ{G@MWBcUS_F?1<7<J0&>O?PVc}b6Qje1Rk3q&?Bqz*
z<OLC>aS!6|gG6`S0|`1={}7ZAk5v;d>op_3r#5X<RU0DLhG)%Lb@Q1V8(jrN$d4l?
z#gP>qMIRsSt>)~~hZ|6)fN7VF8O!jt&P3#JhFa7)HT8#7otjrSRn}#4?2?qd-~M(k
znXw(;aXZ&K!($l$8Xp0dq=bQnFZ@dg(Z+65O!AXiNeQ-7T$7C3DW8|>Tr#$%aR)2f
zZF92%>%O$R%PH>;xwbE+lbDphrth5k`$Pf{C>zUHZJ3{9>omr-2$&;UQQ5YfnI+ve
z9$$%igDRzRJv!r1(BG$XO5&nF7wJd-TCT??>`f+nG10yu*LDua`)S(5@Lo>7mk97-
zR`!7iXeGY*)$kAp|8O(&e;^}9(dHS*;(sea5R3*Ppb<fF#y3^wToZ$U0;qsS*B<4^
zUL%Ko2WK+tmk_J=Zw3-BoAMXW5O&O=Z=NGBuX7TAu@vi)e`+y*Vp4w*5qK!^eglCV
zvBp6G7-$A$fMb^xK6nsDcxa6VfpbA<6a*CrNL5?|LQDr^Xw-r7#xEd<5UX}GC>Jv$
zQ(SVDF}4Fh(c%&<K_z9QGX#(?h*5)Ha)S_YY&DjGRz(ocF%WoT9PL7Z3t|rSz<gp?
zeSs!L$g+pcR~&;_IM)|hO9&{khJ1$Dbz+Bst@mPY#!+o0Rk(*B8H0H%0ToDhN83RN
z4Wex>S5Z)-|Ahy!YJ5XS(vcm5coc=0JW_F7bh9`N5`S><hFB7Z4{>Z_)@9@7TLhGC
zBGYc8hiydj7giQ5zV(dCsEo-7Va|nli#J+Wp?QlJ6H2Fa(^y<n@r_e>5!bYVu*ZfN
zGZoJO0B(SSqqIAGvo)!NKf7pfSZFP)Xb`O^Gl~^~ZDoNGkPSvNfVM+t&nADEbyFZ#
zY22k|m^Kq(Rdy8@6#2Jy6loAUcp!79flilAU$-@UqkUN+kA@aHrsjcs7IUgLbK56+
z74(m-b0z6$6|eSe{=|z4ITq`*4+V7)wcwLv@rw=teDyY09jQ-G_bhV}l1%w&c*Z+d
z7L$7R|8gIga0%vQe8Wa=G?l8yKyncsI#@@D5^AB*iwA*J1W^kpbP(zU7em<)MQN0$
zg_J*~lymbBMzehoB1I;_H+mUBJXaU#=Oy}B5UVDNJ~K**X<^-lDKB9=fAL8RVTX2@
zkYlwKX*m!*`42sb4y52$Zdp=e0hb9Omvf05beD;0QZsv*N|I77QzcwEgB%f%f`~zw
zSYnt2v3JUJmIk4j0znF-@DHRgPM9DC)bI~(sR+2W6{U#~r}+>9f+BF`Ik&kwAcrM0
zn1Pr0daKzw=D;^%v@ZE_E_Xz0Qt}$Pi6px@5WR^>zez$PRh-003YZ`em_VHBbX!8%
z|BzO*k_`be(b9NVW}w;l5aXDKGl-L0(V&L%CEjU%;CUIT#3mEbpj4TPFvnzAxo|Y6
zlbK1M!&#rgxu2MzNdAeB#s-ljmoF!ng0Hx52Ff}hvn+a3E^QScf>Ad<QV_}G3zRTZ
zl7WKYA}$EwKA=&a2XdYdgJUDJqx2$nIf@Xf8DkN%6m2*Wy0@MwDKPFS6fJpA^2tjh
zYM;beqGiyW&iS1GX;HRPJ4k_h&Gmh7)Nx<qY$5_FSk@phAu5YgKrnL|G5QQ`v=lZr
zUsPf#U&ukx(iE>br)wBR^yLeGdNYF286;Am24SUEcrff)BVhUu@JSXZ!YH^w|E2?h
zRCje(Bub)bIznnnnr^Cboi&JlDT`5gD`;~`71Ni8HDT`76kT~`uQ*{MLRGh#4SXXp
zmxLe_(iy*sOLe(cN*Q}znuS-nQes*co^h(X7otItPOOCoYxxi6dafv>2!4f7TmhX2
zv1SoCtirdKq*Eom`g|;rZhIoE-WPcndS#x$I@TqxP)R`-v#-m+Y@AB1p=GUCSd}W-
zq1*aYqxdHT@(c|UB!ZG_&*CTrA}LuA9q*MC4-zO?#DmEdX<L!10uc+J0JAYGvolMx
z?9iqwigTDYl2$R5#u0WumW#R=X!$A~cGj=0b3X_9KnMwoi8yv8d1Zk({~#P=c9uwm
zn0TevinCIutupsixw0!%VJs*S7<MBnk%bh2k{$SGqu%GQ<<fOXk+Jj|6fHXsG>f-+
z`w7Y!6z^&f$2LkZQ?ERze3{`K;F69Yqot14Gq%<@Ng-}Oh=+$GMn3pC+tEgC*o58^
zxGVv+mg~5hp|H=_omcyvAYlb7rn)Nz0*+G$s|&j)CaPR$LC9CMMCv}jlY-B{MHuvi
z)1^AZsuL}XAAVa9$A(oY;S`LyI;O`aMl)sxkulw<5a6;B(J~=&Q37IQC{xl^1~EJn
zB1$XU3Ph6w^^m-wSS_L$zR8QdvqW^HRHY5eY1+aGUVy*(tH1lp|G)j~zyAxs0ldFw
zkP9C%2m*}239P^i>;>9_BMOHmN1+vAqZNl5E%t>$1auk9cYto26@(|e1B028M5~+y
zr>JRf^gBBr!NM)<!Y>TNF)YI~Ov5#7!#9k>FZ{qB8o@kRyIgZ&k}<TTWFikZXUGz~
zbh{J8OCQEd5YmalC@G=mn8Q_U#aE2QS**n|yu%dhWVs?g{?l*9ksS{vupTokOrdYT
zd&IW(5;-}-%~ZnmG_g_4O)9J{Tdc=>%*TCf#a-;RPG+$Sax|p|E-nLutCL(Q7jTW@
z$d6nuszVk`%pOiW5KwH#xQWMp%*mbX$({_zELpJzQHf-s|0~sDk0Ly2m@~&Z6`+}{
z$y01bQ2+_GY|FQd%ekz}yUfeI?90Cl%)u<o!%WP%90mX4#UF|g5NaB!q-Ait$|StC
zfY+k1jEX7K5VlYQ+sw_~?9JZ{&fzT1<4n%wY|iJ5&grbq;cN?yG|GGzu5vuhzlUj#
zA|iiLzRY~Do`ZQ^6d5YZ&*soYH6}9l%+HyTC>{Gqn`X_ZNvdN+$?IXsYXOmy$PzU+
zKwSqsGvm)s;f}!qhKfpK>*$m@Q!FcMcl6uPbNSGuwG{^KhViUf5j$_4#e6<k6%YeF
z^qRzb*}+g-I!X+&<=Av9ZO1L$5UeK=A<PvKtsWEo{}0H!8N}smJ8cjkOwzi_vn72o
zOwBJ0ZPdtiZNeojx03_D5K9Zecy0oUBg<u3pc%(e5T18oRZ;?gm`XUKj;CljGM!!X
zY=15Kd2W)^NnzCm(bEz5(_D=i54O-M9oCt)YC#(vq9=aQVGeIZ#KuRDhm!+=@shea
zk`ESnplvC(*<qsL*9-~RIM||;002RP(PT>%FQb568F|5y)h)qqQ(+wC^2U-9q@jI4
zvK-kC-I6tyF9r!QpNAq?VH{?oEEn@w92SAO=0;qz!50kDeI3U$y`gk`!qYbp`TQ+~
zA}<Gh5Rp6;FijwdmzQBQA-1zP+$k_%ecWhu|82Dtn>(A=jW{?T;}q158P@$=Q=&Rm
zaj4nxBlg`DtBq!@T+`#-v|Mq@fhZFhn$pId-}Sa?Qgk?K5`}tMF$P57&8F25Qr%iX
znYV+Tm-XF$P17Q_P(zm!&Ya2(VVTN=-yQBytM+-eQ!Ty#0N-*PsYDW=HyJ2#sPa<a
z1%69Mt`rA|6a^Z2WT@IP&e}8nkgx3HI?>}_PEFU=g8Jt`{a1@xaWB5Wqf(R&Zf+3b
z2|-n2H<j9P*%37mPHYlR<8>_NI}zr8{zwn4(5*3vQaHSNZgYIz<$f;c9LeF2{^Q)b
zWw_zq->S;+#>%ZNht(|UG7{;ZKIW9}|C@@Ab&SrUUM}k7h|R0cQ%F5EP8}XljmfSK
zNTF`)l>_TgBkSBj>z<zL4-x3WZY{gMG`-Fnzpm=UZnZ?s?C_*2<|XaZo;}{vLl8ji
z*<L>9!|A{X?9V=}xDM_Dqbjj$?y<W=VDUre&h9p31vt>{MEULG-t4VT?`&i2CWGv_
zq3n)+?_>no|IR7-elYv~8vRb;0$=ausPN=Y>hWpneuwHgyX@dT><ynH1TQcK?-~dn
z$^w7!7*8R+>ENuw@vY(U$lUNDFY@$pZRy6>RV7#Waq_1z@me?U|IYF)zaH(^YH<fH
zCBr&!7albq8Y$271F`c-&mF7A|A4<WGt%K)#FcHwH8aXZW$Iz{iGlFnrR`r2_F*4h
z4v=1^%k-u)*`~#7j_ueD7PXXeVOk&Yy?67}j1eT(?s>2GdoM#8Q1;G#_N<cjP^J(t
zL1hgzffo~yIUdtm9^vsGmpOm$OCR{I;q=iZXav!O^N1OTz8+hT7)al79o-Q9SHXyg
z*jg%I%K{NO#`rRka@LuhTtWGjZyG*dJFYe={RfG())KcS_m02kkZ+n0NndA}5GX;Q
zzazg_oysKu07ae<T*Vw&uNDKc<D?7d0dM;~FQ!tFZJ-w!*vO5DD{kZ#{Lw7WT%PKk
z6?R7FI&vpL2jVSP_U2F)|NT@YAeaX-%5s9=0ubg1x$*VS;In$!2pVMA&|o%7+5Wk4
z^RHe#hQ12^Bf#*PLy#dE)__#ZWHB#>M6P7n(&bB-F=fuAS<_}r4XI8RGaypp%AW^Y
zn!8!lV6zoFA=NP2)aWTAJ2i}R+R%`flXSX-^c7*Hn;alJax|EugqyPz|55VlkPv_z
z1jhc006=bp5&-O$;OMoLTmk^RJ`)@m0Hu{?(Ne6aHd}-&Svro5fY>I<ohhqs=G@uy
z=c+k(_5@v8CQ_wLO|OP3l`7|}S+_bYLBMiIwGPL2%r>_k#b<m$Mj&7=$Kiij;2I>v
zaV`O`bqgM+L^y{)|G_?et5sX#HrX8CX<|O9dG&ep>D9LseUkM0^{7uSh2OdL$*G-V
zo75Vz9)XQO%B`W@CJKuou!;jI8^NA=i?6yqVo0tDy`pd;0Nfy~BEs4d@IZsOt4P5K
za{%$OlFC!5J{DVav8eV;dhf;3<THsr8jHHmr2JsRioe;0t0*M4#4@NON`wnB0zy1w
zNIAXq>L{;P48rKbzMKm&!wvuGP^2Uq5|N{zIBHV7naDHAyd2wfGshTtD(xZ~Z7c>y
zqqu2kpM6BCrO(ZFET+fJ_A918h6o|b7X?im?m92|Dv+asd}&3k9GrBnm1mwgj*wRD
zaw7{#0mx!R|F4wG!40|0>GI2eN~n^+N-u4!u>(i^r#CcXQWK>W-xPLO_2QhdGeVjx
zLBjg%#PcR@q-dy?T0|;C&p@NX@3lgIJT%COh>KuWM?uO$T*QPEE}IhY@+Db=vS{w1
z2te#AtX7C4Ad7$UtvA+O?<(lA<{k^noVgfc*Ijtw4HvRl4=Mqpnto-ISd267%vgua
zp(Ma;2np~Xjf65;B7`ogr?QWjP3SylRVymmJ^SPn9a7LS=vsrYeM(y%xvk1jL^ZC8
zk`rCDI9Q{bc6ug`8OnE5zSshbug4;rY(g)gW0E39PhEK<?_f@9KAEAFmLXC|`G*uK
z@W4b0|7!l>SrJ8?5|q%Py)F9bo7^Z<=@i#w8gRrDZz$>z`DG{qiX&k6yXU&5Sgi;o
zB;??PYdrhLv~8l9ZMR9m#2`%EzE+sL^#*!Sp`9WcT*YhuXKCAW2b}R;q01thX9y@^
zc*#jTlIv$Y#GKiV1~e_^rbaiY?YG^o-fm3F$ksLe{H9%Zz;OqEe2jU2h*gAjE3@+C
z5v(Y4hH{XMD6><Ge(mW?x1Rbk@NT`Sy~VC6vug<Of`Skh5rSg4;fw;k#FddXMSSF=
zpqqH-2BHKnR*s7ZSVBapiFBlWA*x6T=C!Nkpa*(+k^(ne$PMaI?|MAzpX<2iBiS^h
z|1JP1NSEpZKLT-WGw@TAn1)o9306>vF5(>_YO}1eM4(<6af1~3MG5FQaaSOM*JDcX
zlL$o6bM`X|I?8ayGT?z)|5zg%tEC8?{R0m^yGa1Mm&3>DWiS~sh(H8q5d?aPe$N;j
zL+bGi4Jk|@0a_#w4?=)WaikuU_|CiNClO1A<QbG83jCM_5sBm`8w<Qi5|?<&^_cHG
zT~W^pZ^92%d_tD9q-8B_367uLuv>UENL}ipAwFVJil*`f0IHT9N|;I{U;)cugeRGb
z^hRsU`UfEhpq6J2ua~C^BVFnhmq%4Gc^?^zV$xEPB1y1tz(Qp^Q>hd8z^82K|8b>F
zU};Ny<`b7XdL7?n=RF+);4cIS6{?OjnJH1|IE8db@_^SCR?gFr$2$_mIzkA?wE{x3
zn&{?qNY36F5;#RHiYeWB($A=JiS?|V9dQVxfFjZ^T#^!C{&Ae(u?mZwYe>F^2gwn(
z50bs4CRr#-7AX#|1YrT<L@V=AvUm_daiO0&GjlkUW_2?vRU%6j=h9umG>;$Iq2RJ(
zrL`EdI8r1)(r880pjt>m6E$jGJCcJF5>>D9%PahlRKzMa35n~xm{twj6t03ME_lU=
zaEiJauO<$xed8rv0PvAw^06+flFX5^1Eq~b#v$Wc3sBqAK1VUCs6(|Y|H%j-5p%q6
zuGH)bQ6l2kBh?C1nnKZ45Bpoh!c#`-K^k+ebkxp77IBmPXJs?>lXK1MT+lgCrV56a
z2}Q6g5dcdzvT>mA8l*NR8XQ~rq9oyHRCvwF!B5)j5RFdpz3XaM3Em~$y!KW_z~!$^
z%=g{!6hu*!h^AR)<-lrE(HADFszrw9hI%;gqSqXf6SJ@=jX>BJSqKkIlnXfK4iKQ7
zF$Zt^D-x5QSj8gY9m1+}7H^)aH=H7EQ^}bFUsTZ{ks&KcgBM8-Z_+EQT2*g4<yMh=
z_-P?F3IRLwt`)Z=#Zjj6KX@nFiM(%Cr!ojDZERO+<_5Q5?o{SR|MkcQyF|%OV{%cP
zT;=pk8O|!^9d}7cm)Ra9I(eSUM8ynJqvn(`zd7Q$Aoh|qH?7S#dGnlCBWFkR_sWi2
zUc83nWj;Ty!GAVt<&4-d*0v<kMq9K^8f_4yaaW9yt{7pl%If~Mcwcdm?L!FKl`5IY
zQ<pW9r;^5L%7`pE%kmT=hXkCzq&dl-yHn`C+D`#CdBpUx3vqZ2>r%QJ+fg>(BGrQ6
zEz0UivXbzq@=LOfIB-Y`84}X6fS8h5#KH^>$*46}>Y6k<FCa>!8x#fMYD#fl1Hnj+
z3*v8$BKgFS-gZ{aSDoao+9f=Fk-am9Z<@RrVH5|<W%Dvj{|NEg4SWoYwMnXChBy4A
z=F1dmYjX06Gy7RBh4vlA>Lt5$O)lgFDuXBkfX9fO<ZWqHl~b<rb|#jB7RMOIXQJ^|
z{U$KvJndN{6d?>5)UuE5@6nNdN~M#J>BMrnO!S>XtV8D^IkzmkkfR)f{)ggS*Y?+e
z8}{*yeOP6WNuzsH?Wt#}EP|;EU*6L35kV&~{QB{Vy>9mk;vIZ?7Z%@Pa_VZfYatWK
zYm!WuC=(jIF9Wg6Z%E1C$3vcclGh#O-(>lhV16@dk96u)5571#Km)tyeeZq$d*BCO
z_`@fD@q2%P4(y~54={f7o&WseQ=kR9r0mT-vs6~w|Ni#5GgdRa|9$X>U;N`IfBDUS
ze)NO?5+_i~2-5$4_{Sgpd%ywpn``~;x7xS)M=9%b=Xy7RJ(rL@{(}kaD?r5YKidJo
zHW9#<AV36^vbu{vuoEshIVlFr5eH-m2&6z1n?MhYJPSOQQ_4UZ*}#?Pzz}qZ16;w3
zQK@&~x~eFX1KO1`L7+~N!DS<(+(AK+P(c?oh!zaOVR^W=LJJdX3Fi?BE(;;9ArAV%
zqQ<zU(_;w}d=VcE38F~?`RhV2{6a7cLoY-D5F|qG8^MM^7-nf18|*SgIS5LEt}H+x
zk3kbwiWSKr83^I9URo98LNu9kHp!~FmnsG&|9F5NNJK?kL`G~xM|?y`j6_MCL`tkg
zOT5GeID`E&L*2O`w-TOzfs86D2<~E)R;Y&u^M%J472cu@e@l+$$eai;hXu=xxm$@V
zbdf9s2}2PAE8xVHPytQcFJL^w(fBmo(434?5`o~0+_0~B$*;_LhB<_gPI3^lh^-;H
z#T`T&@YzL&FqAgnf?^B_8YshZ+#NJ@A0z1{ycnLaXt_+uvLjI{CUJ;SSqR8!3%?2r
zTbzkpY!Ps@ifKznAw)-mY#QE4rywee&U36G+eUix66}f<kHWKlA&P%IjX?ZHLJX^K
zNyw2vNRfQOb$lF1368pA6xecuFfk6V|L~~am>80o6#{7sYqAVK+eU!wNTb*X>oEvw
zsGE?0BhDB|h5*7K9Kw=>4^^73rz#@#`n<R>p#vG7=BOff0SQ0cm02u{GJ%)+nn;i^
zLFxI2p|ln{0-%qqzK}GRb7Kg$_?MQb2dI3nC}YZ|ES8gOC$q#Kw5*$<tOYgN8Ehd1
zK;b9*6S2yQmuq5)B@79Ku?tdp%)BJYy%ZJ&tewAXh!~QBTA&6g5C*%^lQJMpwp>hU
zYfPkxOk~6>;&7b!Nuhr*hg@5h&yx)3sFEhRuCVCM*mR4^AP#i_4977GYqE{xv<z0+
z&Ck%w%sh|HRGiKvo$Hw)Zcqf&|4hwovAMVGvWSGtA*mO0K$!L6wH(BVx{wR7fQ#mg
zEk62^kvogP_>PgQm->tqil__3@TKDrjJ)Uw<sgLQF`mtU&ge9a=}esJ%%AJzpE3Z<
zT<Xq3EE;nV4%cKyjNDMqA}76g9|Ewbu^2guh|la8Im|L9F%i0oh^@HLtlfxF=b(tZ
z(7|lm!~`W4^U=zZc`vfmm<GKb8R8#m(H<M3P>?K|<oT(#`ik+)vpi}JYJ|}V8PN<O
zQJfnx^gOFA`3MqalxxZh5Ira|WzRwL3<S;5l<Lb8D>zc@G0ybKnUR9FsZ;%N(7Q3x
z2@M+W{2LARE&+Mcy+Sp+|3C~ZC5}9rj>AZ%WqAuN{fJLlQ7^qxK7u>CkWnq+PgIkL
zQ94k}RMQu^vTM?aHw_zrYXuW2hzN@<Ux=;G%MlX<N;^%<v<yr(0+d>aBgI5gxAfCH
z^CpMz1+3gqx{?gLV9!hSh>qin$rOweJytI5(yRkhxu8-l(URbSR&tU!{Ub(D)y%$R
z3xrsnm8p(?$(-5>p0i*SPWhuckyCq$rF@##St80hYRmik&W50qHr&@v;Z%i@Oag1w
zhbSrnW0pnol2GEINOFinvJyHJoI}D0;5i5hX;?3DNt8)K{W6?yEyBJWp-O8iPVp2C
z@elxc6BCRDdTrT#|GHPzbhCmq8We>Om*k8z{n*e5*|r#23865s8KJcx&Nc~17C}mb
zP|7yRu_|1RA03ZR)mf+H**k-urWzTcjh`cO5u>dSr2Pk_UBR4{TBG0{k*zgdtB1d6
z*ONVn94IrJ<XU*8xtL|NnH?X6P_{Q2Te7_g-ifd-6R^txxD8`0z(q9^iCeklLEHJ-
zM#D?nu^Mj85x(u)npjZ8>00=3+=8U51?d>QeV~;nszR#4hTytx@(7!-QKP6_%Y~Z0
zL?z8#56<N!VfrExS(V^nD~?Jke3T-(M38oYLOdi6#7G{tY7*j|OP516=x|2h^-{A4
zwRs8?t%RT4|LBhC>Q;|^T_%d%5}ey-t6Nj+TnWK45em_By{UQWFhkNbF{!SKpqR(7
zoaB(-66+&PfuG(0&u~ezJG8I<C7JM~$KZup9QEF*Jw^-^-$5kbd^6uZLXxl$+R3oT
ztu>C?2sL`7M`2|viVP79^*7=9snPm~i;SwReVlB_-xO}1W2?1}WhVt@5zGag*;S9)
zwLVAkjy$wrjtJd*<j@Yrri~Dxp6ywGQ#g!#;SP2S6KM`7&R!YjUK+091&*f%W?Z`E
z)qMS%=4BL!WDdTNpMaeZqEJI*q=*4#ln@RV5<-|kI^mEa;3w9Nv1sEVJI*RbU~k1@
zzGPr`|H|R?*kOJB3n=0U%h+8hqMzX%;t+Y>oxHQ!z|Tk#;X4y1DWVMt(aNF9&~ka0
zp+cCXDk0Wo3D*T=mbl@kA!PJ0WM5^7{M9py013S<&zN{xhtTCyri(Nys$Mq0s8!{S
zu|VB}K4ea2Wd=UvQ$FTfW@wIP-jhBE&bYhPT94pZ-3b%*NM&LUiS83aaUSRLTfg=r
zXLOdoJrIIwe!6RZh+Re{evPwX{^p$(WWRLa<-%9S#J_a(W_w;7@Lef=1~GnKO@A&&
zfDUMbU}dLq<@12$?@{P_W@s20=&ma0B|B)Dtt?D>!-H_wp9qRVq9i(@6A8(&pWs(I
z|M_TCT4;tgA8MLsw`f|0i9?9R*e*+?&wyyw;Ap$8EGaUPa#|G_+l}TZE*)AGJG)+X
zVQNE-VQ(VpQ-bM$Hrs@8nBmaDOxe#N^P1P{8l#4}(<N&w)Mz#X>hcw8jv^%C_z$}9
zu6DVpk-13jIFJ!aA1bDcS$Wk8vTA$A>V3tCi%<wKy4W2%kt)%#iP)(4!D~V&ugv)g
zN&snGL~BJ;>j)O=*<ux?;tP4ng4)_&sm@;6gyE{~<P{zt!2V{zW=GGKj5ochq%qJX
z0Z$E5R=PNqM0QMnTN!R5OP@9kiH0gX<K~Q*$AQq4t{juKP!iNO;PZ`3-Dz!N|9<T|
zJG11FEv0TqFNq{^N*)5$l*wpXk>wz>{)gc%jpBYBKAV+o<Q&=TG61of4pw6=@~EzO
zA9zy`zXl)cR%Ps_$GwIO6U$=|W)&$qUh=-F^=c@7+=#3#OUx!U&9-LeaxYGOqT}2M
z90LiBij0cT>aGwThIpb^#0x1R8|qe^00-m&cW%rv5x06Ou3_v6ULc0-io6;jyrSjH
z=Hl`7;(pfGs-PeDoe9tV>x#B${|Z^4>J%BTwFB-K+jt~6ZisVP6oP^Xhb*8FRa?lp
zsnu?XSPe>BElOQIQa-KFi8cy-nQxis?W%5aC#MPCc?{q+At@d>_WB7r|JTE$LW~qf
z5OJxJdT2R0AGY5N&a)PBnmEf^1qq(n9wJ9*BmZYRzjK*z=%xu$TBQcUtd`Q8p2URN
zOYi7}F2)zfVox`kApOkH9L-WcO*V&}J^{KAMeluqOW1W@?{#1Qbzl#6VIOv4FLq-;
zc4SX>5ZH81hly7Q(h6^hvy7qrQJw7E&OOETLOg>9cmZ$!c5n}OaUXYbFL!f4cXUs8
zbzgUOZ-7Eb;AVG<XU~{eztb6tP)l#~Bz<#WZ1o!cuZLh_meA^(h&Q9C_Xky-BCU${
z7D<0sV6#0fZFbV8F!-YQOFN}@Jk=9L(9>Pj_g>|9PJDRp6;*#ro)DLsRR3KN8n3WJ
zi!hBE@mIwt7(+L7bD|c1bZ`90j1P68teZbEh+O4PkpE(lH$#$t-G!WN!l*`kLD#R8
zW!ngjiqJK|YI@`)h$|-uYIMda6qzgUNl2H8dBB4;ID52Dd$nKtVaRrWD)Lxnb!Lxu
z_MqA~Zl7^EvaQ83Y;y1O{?%;AG1T5`vETWk7)r!Xe8pe<p^OK&k2Y1;SLGErFd1r>
zuuE})T$G!8x?hQi2XdiejLqw%7#7-TOkzqt3oIgVsV;ob@yK>IyMhewK*EhO2Q|v9
zjobgNq_^D9zx(KrxF+m-xI+Cb8(<YK;@uB&!*ARRcjwB&aq)CWNB^Hq5V6gh!p-K;
zP15R3uWa-t*_U13;BLwnx!{))Z_<DZ|BTX?<)7ig>imnwXM|}5Ux+I!XWNEgSNqmA
z9TQoAi16>98#n(5Q1VrR06~KV2R<AqaUw;D%~ll4SPW8)iXK0L3@LJ?$5Tc$7Sk|}
zB+G$@ylAA;WuhAb5pwtn8S$n$a|E(YBmm&qzh_44{fhvA00B2S0OY7iz?>TZ2A=^C
zShYk=0F)+1AV7#x)K*K~WGUgZ>C+qp0dN&c$!v~iPrtS#SpyPEFNX304lH;u;lhRw
z1J;lVr2&eq+z_fqXrSbQzOv+q?3in-oc{<#$U=GYKVPJM<^NQeg=*>4o>2$Bh>|1X
z+Ja4@RB78K%#1Q8)-y`!C&-;dlO7)^l&DavNeLi5$nb4J=UBB4Ee$s)TsJ^V0BA+I
zs%YtNiTZ*IK8sW5yZ83}yL&$U`u6XWRLmGZf0D8_($?R7xM`%@ZZE|&lSdI4^pSA`
zMUY%l08I8w7S4qw5mOLZRn=8lomUiy615T*0A4AToQKLWR25OzDaBqvp4kSUMt%vH
zqmDcBIFNoCHP)k!|78@QkcbhOk%6`$=$nF+Nfg0X*#Je+gUC%p$x>gfm?4A!<aC#o
zB|Jk2h%Wx~6lo9*bYTe>y7k$ZMcEXhns8bsUQxB#nEw%uM*<qCpe+5EQILb$N90Bw
zAv#!+DXny1Z^is3Q3+g?AW%}8N~BN;lSK%jg#TnA6jMz-C($#fZs*g9N@2&;h#H<s
zoKj2)^wg>1RVAyYw+iJ@34HQ(qkN4bn{1DT7IUbwwJB=kvm`ybWNl4S`lMxU&`2dk
z!94?1mH&)8kvWubYtBH~jEZh@<`9xoxNrGlR7K|a!tF$5Qlc)oZuHAxy%J_a2qDKw
zNo;)6GTiWd%sT7vV9_!vF-X-$%H*V#T8yS`9*4x~VSN_!r^P3uJQBny3q~=^6=6Id
zwj4{GZ*;ZUJW{!ak!<qIKc~Dh&@8z;^gl66n*X5DK=*v?(oZWZG}IpzJv7o9E8Wu0
z^lcs3Gyal0>O}04^vumX7wf0fQ?nf?vkqtwx7>5nUANtL<DIwOd(VAA2eUoEx8Q>l
zzBdIY<d*TZ8*4jKs3Q#vIZ-)O`FLRFEVL8>qItRCbRl8Y;K*s0yms5C^9XS>tFzv^
z>#xHeyX>>mUVH18AP(RNw)5V*@3rqCMB*|tUeV6uS}wMRAc_5Ws5>i9kx(U2LP@5n
zs){^A=9FviK%sjSeMn8CUjDL+0cpNP7y(!@&{r>>b(;~;4^$5HN1$$~l;E#tru0AM
zQWW7I{lr72;Y6SW*|<qqG)2G&@G1ujN&k+SBKJM)btNl62}|bOvZ@miz=Q7T6#lp*
zK>~>HALLUX3;828^HuGACn=EP5HmAveeNG*8ORPJWDZUJFij0&&b@#rkWe{~G$;(>
zKZ59n{82<H1|dX2K*f;sM5uz#Nyu{QL5XMhLMZGSp>l{)kEuKnY#>=-3)@Ja7nU!E
zKZBnQix;I&eJ6pL8deqwaH)kHq+B^12qFA<DTW{sVTvr|A6q24C^;u{M{JRMHsqxX
zImARm0iQ&&@wo^^L?mo<BPkIBN7TvjWpq5u4JmRN0<?m9Q7luOG^EBsex{b9!V)jD
zsLO^_#7vsHPO4U9o=Z~bDOq?%ivKvdu1`KAl;b0v&q`^{!MxBY+B92X%H#`wv1?uu
zITs<ic9>MMY?X#-C1w1@9_w`qIX>~%<c4^Vvo&!l7eu0-ocA?-?n#;&f=l&4lp!pZ
zX**$QMJt%{L$7?$C}cc{8PWL2HB!@b*W4(f&}XPl(hpY=SQAKaNv;H<<tER;9}hS8
z#PaM0ohegiVc2<6mXZp8ZXuHnZ9>0+{7)cRNZ<f{DiEGFluSJR2Tu|BQ-Q84b4=Ok
zbcVB(2z;kjUukGom|_%EO~e-=<<dnzGD?o3Rb?J+Rz;pTws>{&V07|clt?Nb1_6~2
z^NbQ+d=W6i$P{HXC5%l6(*F~RnA4mhQEW&UOOdZJPmLdOtf~TY*0f^QBd2sL4;dsu
zQbi>yg_P#17Stda>Cz2qVGw5v6WEgtb})s_Y>qBV+uLrIQxS*`Rv{RaiZGKhM%myp
z8=4K$Mo46UWnYopH<*2pVj|R_#zz!^j@`soFtfcae{9QL%;xrchRjqp5ZEAG2KO^8
zZD0v<B2BSwDhGOUEpr!j7;Z>Gy43YZ8MuMn87irUthD2I`{UgLb2Pm94BuyQx!3O<
z@sa$SNDj(#F5=L4HqI3ce)ap0>DB@dwHQc$2SSQ{945PgDJ<F6B|a+Bh(7hu*Xa(7
z;A<+FspX->aS1sr6#rIasGgZHUcnNlLYkv9|2QLMMe<sfbXX#!h%PClPz!2EK^Xri
zaT&CnVgN&mc=DSN!m{I$`;l}$&Saa7Z(Pb#5<-{vyGcEU>c`GnP$K-Z2~N_K<}`5-
zC<?I&UNYRi`{q~5RF3XHro3ftD8kEM9$wO%1Qs)=s3_Th7hZz1WNwCSU67$CP>xeD
zHykILG+y)6+U#aGp7L~0CP|b{yl7i*xeSR$5}2)3$1!J`%+hI&TU?Z$$ZhB;VS%M|
zQgoqHp_)|!VKvlT{puFRx^1%_Nv#`wYj1D47PTltZBz`H!Uj9jOvy$VDajm$XekTn
z5sfDW!jyuX5&y{eYGP5EInioo^xEKEYs64lUug{nzf)fLw;f$#MUZ>aG!(O?Az5bT
zXlg@fx{&qIs5z$mm{Z_cidwR<kmg9VtWUGHz|EI!wryJ^&}H~^KfK?X*8;`=sKs>+
zWA415J3PwCPMyqyCZ9C$GXQ|8x{AK!d?`hOULiC1f`iYYvApG|d->F24ibLgVGUv*
zJK4)__F?$E*8*NAf!`8BSScst?gr|KzTztO-0vWqaw&LJyY#N4oI0%zxYjqyb*OnA
zB-)rR;~Vez$5SI7X{R*SDz4{c=fGbjh?4+8Q>7AFFdI3*l|eQyk^9-iASMst{irlj
z_5PV@g#RzRH4p!^#6RojE!i&Z36u5SL(TR}!@aU}&l27P-?Fn$KDG(oLgFXO_#{C-
z^IP)!>H|&qMuR@Gq(2hsV}B&q4?oMaKQ!()%KIY0RvRv`gZINf{_>wc{p)Z4`{O_V
z`rkkQ`~QIDli%r>AJCv5qNra;V9ObpfFUqo13KUXLSO_+-~>`&1zO+*VqgYppau-W
z!USOX4B*cc;Gi5JNPyo5dc^plpu~jW%Z#9)l;B64;0jKJ3eq6Mv>?m8V4%dHN6g?2
zst^DI;m|Nk0~o*&B4H9L;Sw@o6FT7&LSYmtAr7DfCrIHHVqq3uVH8ka{8-))nw1cO
z;s47p3rd*b8KPkts^J>4VH>*P8^U26%HbRa7{z6aM@SY(j7tjD!_`rQIiwJqiQyOq
z&05jnAtGWTD&itCq8s|!fQ?yC{gfX5PY4}^a(Dz(k%)<G4n%-eSQOf4#Gb_1AR!`3
z88%`ns^TiLVk15x+l^U?_@VR^nn9S9zi6U%GzI@Go#27TFG&;kfP@+aBDvT{DVn07
zpkgaBV>3GAGrnR?wOs_n*hdgTo?+r8>Ja`=(N$p8MD(3uIh2Rs$=HD0SIn7mG1dPN
zgibM4UkwX0(GN`3$RH*o3l0J#=;J=}V?X-iKLTVx3gkc%WI-C_K_X;AD&zyKo&PkB
znN93bag^0`Y!7sZnn763&?U!mRK=}iVuQpPMCej_smsmek3s;|S2#}|qKyaMBg^PP
z4anq7(qv8A<W1saPU_@N@?=l?<WB-+Pzq%YL;*k8A<bB%5IM+1V&XN@#88RNatu^7
zoydvImqbK_EcKhYgiyek!wCUd{sfUHHBvDG1~R^6T2^0S0hDT4BQ|OyLxdz&`q3{j
zm3yoORV<yE02Ed>h*qZ8IFZFvydIXI1r?EtN!6oEs%2xEVqrzaKxBp}Rs=#|WnAV{
zbQ~8({!)7EVvGo$vRO%a%%xL|O_Z#Py7&Z9Af3PXRuj#l@7bec(&h)wmj64hBXHr5
zB~oN((N8x*NGSe8iI_@x)I@`X1wH!2rvTa{N(5*C5J5oX;|LIhCD1p%$86T-cCKaH
ztqV(fgkymx9-8GaCYHI3=Qtgsc5-KX(%ui=AX>WTd}0=S(x80OXMSFjeXbyW>gRv9
z5r3kfe*$QMmXCmbAb}d_f=&&KbrMo=T4i03F@o9!RZm#y)sjWWarEII#tS$#(Q!~h
zh8p9#Sg3FUih?reiVlrU`GhTnQA%awC9cYE2F06HXJ|YTY7C1{*iR^WQWlg7QCw#U
z)Ps(Gqd)0gTEL}{s3?m<Y04CqEWy)jPUhz@#Hw6fQp#m{#L^{RBmd`6gjOOEX`lrU
z@sT3klX5g!cd=)b!s+Q07JRjrHUbltZe?XI5B>a+TlCfs9jWxFsq=V7a49J?4a$?o
z>7qW%ZGr}yLWC_YPhkEQCQjx=u*a}`3O!QPE<Mhr8mgLpQk&w3qB82KBFbzP5?)|N
z6H((qxL1~{qn%z6aj-@heZ_E8qiU5&SRRKgDkXCc2Xhd`qbBN`qH3~Asdt_crV?69
zjnuG+o<~?v<iwI6kw&$8#5ID(<ctewbmB>E4&@xg9;K&_n5wd>>yFIUnI_ATp6f>_
zW{M)~y4q`_dS_n>iYGAzin7GK9!a|1>%i6rf(D?#5^TbH;r|^rCc-N0!xENv-lM}p
zY{ded#3m!fTI|NIAI6%Z#&T@PR)oQlAIOUA$^HY$hM&ozY{;rC_OWcsZtTleU(CvE
z#nLSE+3d|eY|bX%&hl)+`YiAPZO{(v(Dq)@8m+w|E$u1o(yD9I7T(iBZL-b`3TR-~
zYVFo?ZP$8j1A;)kR_)kI1h%At7oct0s_ojcZQHu-+rn+!%I)0JZQa@}+R_4JlI`9i
z;G{g`-vaL6RukV6E=6EV;396~rsCihZsQ)V;zDlZ$|2)6F5y0|<YI2-q9Ns0?%rOm
z=7MhKa&G62tsw}3LZWW!s_yEtZtDtxMv*SrR>M%zZVc_(?(O0(?N)<G1Oxy(n!yGQ

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/images/wfasdomainisoboundary.gif b/windows/keep-secure/images/wfasdomainisoboundary.gif
new file mode 100644
index 0000000000000000000000000000000000000000..3c4c855649e3c6509f6eb869b129658ebde1ff0c
GIT binary patch
literal 30054
zcmWhzc{J4D8~)5{Fk{BPWH;8(SVFRlHCwh2LSqd@ltkNihQU}HvWM&;G*m*;ShDY1
zl4S^q$d)8Ezkctz=iKML=brbEd*1WhbDrltXKt!>#&Z=E015#BMc`ljAIJUMd4#cm
zxF;5i1?27nitzw02aD4I)N=s!d>-{sgjPOOCm*AekHi;Y@cBAAIv9Kr!nh2Fx5XHj
z@fa5g{99&a!e;pxt6E{JGGVJ)Eh|qst7LJjGOTSG*0I*s))wj6g>|WybE(I<)VkOP
z0lrLQ_gm`j_3EBgIL~GvavmAP^z`(!^-RV4)<?Ry>jX5|2E=FuwF}&0YK3;01vQuj
zHJgQ22}d%4<Xzj)W|vzTwzrziBKv?0=B-<|93z{7943y$B!%9$A`Q9UZ*?TKdy<L}
z`Akec)05Qd`7e!W=P6=3#*g{NwBwVR0r9mlF)`w0%%J$L$oML&RHl3COlWdfXmVd@
zYCEoqc`LQ=erkhn&P-@dYesVZ{fxehjEtcCnfp0?_j86wIYan*re_gzmxPTh8Y1Nn
zZN<pV#~a7w4~3SkS~W0ZipEllT8oN`LaUghs;T6%vE;I;$l7&M?M!mjR98O9rIndl
zHRajLB-Jx>YNtpITQLpm2RXK+24+tEOn&`LeDi8d^KM4Nd~<D8eSLj?!%S!wv%R*g
zp}wK0VJ5zHH@@|twxKV%m6_arklMbxTNPT>I#t!WRNFd38e-<OGt1hSGP;gphM4*7
z%+}V{{I1>l_NAgOX6hI-XNcL=KGe{)nm@#B?V76UW7hYr7mYE?#+bE3%%j%i)}ht*
zq1B=pX4Mq4evCOZG*mmqY#&=c=*n-HI;xsy*3U3or;cjpnSE314fD*Qsjc>zqoJ9l
zzM0+Df9cHD%*;&R{BG+K^JuKTZ=N|ezcn;}G&aB6wZ!aOIvQI#>RV;bEbR`hGUu1p
zr&f=K)|oS_NAs(@^Q#A|tE*H0(skzi`qBJ4b7}o(b^Ty|>xj8JwY0@t-8xv^I-1}8
z2bk+y2kTo$OaJih(dsU9>43Su%iP*M+TGpV`Ueh<whoxgfAHXF_kj7Yz`+6Y;D~wj
z4>1292qwT}6*i+4wnZbj72JAgMICV%X8vQ7RLMLw0kwiuhtSMginvjNuz7uH?<2Vj
zRc^iYW&K%7sTtbi&@M1U>*o4w?~A7-F5D0!=M}1aw8ZR@f_vY~%JHYHuLs*d!(v&U
z=z03j^}T{l72t=Db8c}|eSG0RUgh4eQTamO(4KG~h-MXXZQH$Z5>fkn;oTCOcK?ZL
z9wAX&Yq@_^h5x5+s+47c)yL&a5`1^s8KiOt+Jj^I`4?UNSpk<S?4NlIHs4YnZ%uLO
zfNwo%Ay7tUxBJE+-rX4|rN+%#8h1YTJUV%KsHJJ|%Sg$oxQ<heE<O<vI@4cCti^=g
zza(ad-)8o6$C~kHm*4%(c<wv(5~jz0jl*y2UCp`JQR8MN6M)Mxh(IQh^1$-Uqq%VH
zTe7`pzFECUI`y1(WidveoF(zp1R)x&Ntyj1?(Hj)&4+xET_Nd^RC73{5ps_<&SIAi
zUR3X<r!A)F98eOJ`Xdm<lrwGH=OUCfV!YC<BqzNd$>#5|T-O?PPS9CnRFph)3y+te
z8pdY3SnG(}i=>+>#joZn==S;<?~30rigpcow4%a$r}9eye^fkL$qMIB2OFC0%2)<+
zkcTyT)YsQada7@(m4chhD-F{Sq1@Jd#*4_aQ-xh$DoR~@`qhuqivz6D>TSJc($dT$
zv|h-)_W|*=;(&l!h{QO#5REfn*Bf89U$5(_y^YlPZPp%boe%DQW>mkVR$g<{ihZTF
zDKkyLn(T1~b*eY>s`AxmiYLCj)?y_kHK2Nr9@d;uAq{)?GK#;qo=Y`&uR{&Bl$UhK
z6pz=L7LJ~8LTVoOsWS4SyB)RKY}s1adix*o`4<*NSs&=ZK>#)@$<oXLi8nEldUBji
zzqYFuYOM*CN@+)Zsa8{<8F!>$VPcdz1EDW3>2G$)-N8LUE0<UR%-V08)(gXGXk~yI
zZK(=gG=vGdv4HRxW#$DI-V)>lO7PZ8VcN)}zMHXyRt_b}r_O$PyQi`=@{dtiBJ$4c
z>zjNoeXpN(O%|GAr60>a0WrYg5rD0M$%?Cy-Yx(Eh?ZaSHu`_{V2;(;*05QFd;?a&
zCGX4G{X?zm?tExfJH>F2f<C*#V7tBuZ|PU=`Du6%@fDmb44uh(e(!i^E?duLuNMu_
z*b5%Ib?XPeLu%%JQcryZ3+dS#$ZUA}<fig;9yjcpt9Yf-_9W`^^_>(Wk3aYcF(!Hq
z64It$@lziNQ4Y(qEci0tAoC#4^MWWIdbYR@_rnEug_aH1X3z^+7>l>%B`MbS>Q4<u
zQU3+)Ec}JuXcG6S4cn_Q!f4;t82B@M2Wl?<lW$E|J=DvJj|x4@%(QD`7aH{(rJfTN
zaEQXJvPI||#;Iv*B$gFXl@yle0r+ks$c!Vfkw{!I)nHS_C$sfp9t%`rPWQzSVs);u
zZ&ZIy;!<WHziD-G{>*;uh>1S&=4#e=8JG@an=S|*jY$d_Yb-aw6TzVd2!yH;g1VTx
zhiF?9;xtF#iC43h-4H;zIe#PL5i%@Qrv?8a(5!@_lS@*(f{8_LE&{r?XqjmuD>9S;
z+;u)L;CCjPkhz}8jh{M6TSU$)61B4wuuei}v^EApRVf0GSp17ncDLjKEIS>k+6f1e
z)O6KwvauWhpiwQ852DBdY32%6J@sx)m^dkcWhN<+b1WWQ#4q*Sd9croTeXMUU${%;
zxUmzTzh!J9U>gE(U?omp$fkpAsR)Pkn|a*2bWm4(JnO(s_*<(e)0;U$88?7D&hzKB
zyK@lX#p0)RG4ht1g0Xoi<4;v5<ygwa$K7_-pK5N7DirKwwNkuAh6*Xz6k?C2<JHs#
zRR;skFx!S6DYi45U~LM>@|1x?F@OL}AVju^`bRZlLC?%So+0TH)d2c30N4_vB8!Vz
z0(1eZg-UCOZxS^XxJt7>u0s*?ym>&QoCl1Z=(;pn5|HubjM_`KU}MtB!pVd;4h&eE
zfw|KkL~P-`8xZp#M}2q4L}fXrC<2opWmBqsRa+JlYaFItAhLNCy_Aq(O!I{ATzjU?
zO}eN-GoV#ao}L}9%FU^gDTwnusW9CXcVk{XUvqQg%*R6eTOLzyDzd=<2fgHqzd<3N
zR<}*n9arMt60twdl;hmAq;tik?;iQ|NjJeCO&6CrvGcObQ*TY>#;WD?I&LAC5~3nn
z9ow_>zk$T7-PikG(mpE5-hKUPsL}Oy`RVs3wYnocZY5-&TPjSe=?cw&9fQvA7F+RI
zs=m!oS-DYlHJ(&-gCphvAk>Nb;PR6guZsocg`@BxAe`G?pk~vQZ*91)kh}aNt#W~I
z99#Wkp{-o!d^O#=$d4yJ@PDT;MR-a+Xh*4(pZIp$<cxLvyATO;>%ZQj21Gof;pao$
zpTETC5b6ii+vb*RK6iY1yo;oD=@^}{;mg0(W|Y6SN8PL8l)#8rNCaqDJ~9xG<uFi9
zlQ6G!59T2q?3J<%8mfkUzWkbRzfw@u=P8y$)(I0=*9UV6mAqZ|?Ytp@^Tfq)<;<GC
z;93va{;Afb3?D-5Q=KzZp|{E!Iafr#Se2Z2;d}A%{l*Gs-tDwvm+fWYZiXqV62pdn
zMNs-NBp<K+^L@t3CnAf4$k)FHXKcWPH238^&{-DZX5>y{z@FDChkpkN2wBYM7C(p*
zZ!rJ+c&Y479{<^H^Ikj9-IL6c!!O{9UU9L~50;B@hsbTfRi~u7Ow#ZA6&#6`=1~03
zSY9E*)r}*Bkp0CfO7X6sJ&)V|b8a(3G`Uu&w0|sHY4ewLfV^ET`bDO~W*bkV9;D>P
zT!DV~NOQL)_3GlXFfAfR<1ejpZ01v|LaH#`)z1_(Bt^QjAn`;up!X^3c0@05$gy|2
z0i@w^O|Q#DL@sN0Om`?IdF07^C3Mq(QQ--XiLB+92;7j15(%%Y4!98_-12I}ipH}*
z8`Pv~CFrWT9o9OSj*8pe`N{A0X7TTig3~&5t5U-BG@lFjNOEmnR`4x@6>+G<_BXv?
zpMSOB>AOtbVBd+W9!yQ_hwseL`N-S_%`YDoOxo|x9%&o@0Y8+z(avtW1RllqQg8qM
zUIXLMtOFtoQH`*BaR0OIR{*gcV5pG&Ea_gQC;JlNo<_Ok$Q7=!?%U6PUYUG~H<-G8
zDm`LKQ#Fa@LH4-LV%!<7pZ8BWU``^=jFcF;mYDp8|92_<j*?FVgfp~94Lvu4D#59~
zDaSOjaDUlWI+y9g(nv-KToEOl@ZaWi_60E6LeIoeFKw^fHWlP|<`QhgmyVzLs}U87
z#T2rfK0ZJvYN#S^M+KX~Y}9TjL_AQ+Hrn_QHN6*d344F%b~OCunNg__uDJi6d^Z2b
zV1K&#hVUwF8rQ6thm^BY_dIMd{vr3)N`zX(uWQ+X$J%2eo?g*gJ>_!KT$yp@Z&V=D
z3sb!c_IPpi5kL41JfJ*U<3+Z{qjT_Nd}5AF;<y_5Re8YEsYEd7Dh31nbTa|6?47BW
zc*O`t@z;1-nrLJOA3aPmUi;6li2YL?P!)2MdYG&&bx*AA#4ZDwnJs$bCyUl1=sTCN
z`=RTnsAQWqR?Qutjd7Qe{cyEDoSg_Kyf^a~mvfvJ>ZGy$IE;U|ld|1|HEHCEprwp3
zC`VeUJ!!<tD%6@b_8BcX*VBS*O;qJEs{D?Jej94uI91MEfkDuBmO#U@MO%qTo;?H6
zc&fPILqBF4nnZ@o5^u`?dgRv5UL|g8NJI&wv5(MC*x5ePG?$lj;o99+vLmAOSks+)
zr8;pYA}=!BBKaM1BxnF?p&e5Go=@y!x|{SvvpQ6Z3d?XvMo5!v69E<Gk`-<)WC25w
z(!rM^BsJo>ni=<SqeOER&ilPw$9Nv`opecwN741H76MsmP3NBBP*-fF^VhOYkq|sL
zGbQXyHYzgZIQ6u4fGZ){vJz_EW6+$)<ntutryZb{`0$a-V}4^~8Z9N7%vbOWlV^T2
zf)3@~%aR1;!s*Zmnh2*uri?)@9DqdGde^_;stN!^#Sz{gQ(9zlmFrL!cYq!m;fPtm
zauNsDz_T{=lHbu-A5(IzM;{}19*d@<r!XA5bf{)3`1uX4u3qRahGU9~j-U$iVYFly
z^Kbxa2ZQ=$%jUs(_KhId<VTxd7}O4c8ul`q$-yMCa?YQT<2;kP+!U{607;-0u=KEh
z`^7!L%DbI|*^Ot}Z^F?q96uN^&Cz>U5^`bb$s$eq8K&@~4`5)-wRJ&-O`)KhfNrJ=
zu;b#TREo-|=sW2`ts@+>;(4*l1tRO1U2!RP2HVoFWT`uOy9D%zt)Y4$iyYg%chtx5
z5Qx%ILFZSDigroO4%<8p{oe>+Bf!-|Ez-La?<9b#1cTw?*&Lx9&zXC9=DDKnAw@TD
zc#BJvIpm5q5uPkbL2KiAcDD<?av%C?S5z?Aztd5I&ERV@<#&ydH)(eRcZ#8*Pp51%
zp5ak{3RA>6E0Xq~ko$z%>F7xUFdK<U$}MTepuJ~=8n!w1#-N;b`Fupgfo<7(9ozgi
zT66m;Vzi9C4bAq7^<@*;w-54dyQDgm-T6q7l~z?9Xxtf+0|#naT%O`wy*-Fe`@GNv
z1l9}$XG@^jm!oITJgeRjVO{uYbZE7H5&MBS@>|i<RU&No2s4&|;0=5>K|qIZBb`Po
zacyX6Z0$k?;v|t<hmP6|N&6~<-X#DUxB}UJz%+#Qh<S))Hl|<MDSo0Y=V6PUx6P=)
zRMyx+WHAWlI)<5Df3jaR=Ll&W0=B2p-fLqh#A<ZEXoes<Fa#`XTZbYcp$T<7ouZ=z
zbmj<Hb_6NbU*vd|OM0IrwTYa7hsZsv=lUwNxQ*O1g!~d<VI`P(7`)J6PZ`IUU7@`=
z2*hNaVZr}StM;VXZM-tO3UDk2pCi8h24bJba5ytw*;~FswV~My!EMx68==pHpEY=}
zHz3;}C|sHEo96|Dmmd8Mvqv|sTXLysvfR8%%p$ywEp6HWu`e*1E?)&6u&1cgfZc5l
zEA7V9zmuN<C@ms)2!Zbu8$^tO-lkPQWA40s#NM2-fyv529}#LIwNdLMuL@5zv-M-P
z%Gr;pD7_}OD~}t#KW^FY!-(3tex=txlR$o_vuo4dHL}+m#&UazqZ&$BLJ6z_^`MSV
z9FhG(&vB@o?WUS%Ex)wDq6G9NhNB<z7LISEI=@}0f1_0QR&<-gor?NOechGV^84;f
z^L|X$R}S|P_9LL~S?IIx1eWUGtrt$bV_yt@yp4EBKu-Xc-5B(%yB)_Hn7L8*8vuHK
zJFS(#@ebGe{V_fGHy1hpu-neObD^Ar2#t9rnoa=9=xF@Cnh6X#oc8Yi@3vDq&<BNR
z?6r2e0rKSU!o)<m7%Pm^4u=sF2fab%SSXZwPDP!tdY}HdgT1c95eIdoA-D0$hbPcS
zmhaCUH&`GMMl@&<0qtu^uL+^2e`{tBeV>R#>`+m>Y3vKzNPB$m)lUs`eeIko?3xnL
zacY<BRkQ!7f}~lY1Oo6lgv}M%bePy+f^3dNrifSfyr@Rc<B>$2x0cf`7dbD7330`@
z^dx>`+4<MH1N|A-noy+PwOQC`A=>`hn{=H%lwIH2G4v^6`0}?Q$5~8$OOM4iVh4lP
z80hyp?pF%s$k_ociNEZ&uT`)_Ro>ub4JjD-Hc)QW|EfyJa-DVZxb?$v@<$!0pg0(h
zgFd7W&R4TXUxHgP{n;m}Pj0etD_0M$=|GvbV-9YuJJ*0MYOn5j)NRF)BgJ>3bK}bA
zk>I(uKPURFM%b<AU`LqAw|Q^ii!~G-xk+*Qiq|Ng;uvb3mz4mm9vyg0=rbyW<`?!E
zCk{K@8>42AaWSA=^f8ti^ol2Xs1Sq{Z?lX*hTPGzsvEc79CuZk(6*W|O&)s7Xx(a=
zFrS^!MImYmCu!9fSn`nLHizrnNOM0|*G0C^xr)&t16Ft2Drlw6+bS+Jp=+B{i7n86
z44QD<Cz>>PR}u7yp(jWOU;i_FOhvCp6kExmx;~_u7foCLK_>_GvPlf<>VC8f`pDKc
zob&dh9dqs@>(0kS;hB=n{<0dbJUX3Y0C(%|Yu~s3h!FjY00h<uz1p0}9sKw<dF<V$
zz$YTKV{@#<wy95KXmVSHy|6<2eh(ycXjFG@`*_-9b7Hz?qPTw|D0yLCX@rrCS*qzR
z7MU!ao1_n5KG8%JY*9QlvYYO0wKe~!5j9POt>G75CVyPZTUdCzaC>e6x`-5~gLBU_
zr~;Wei=eG0t^_3(8{*KI$Yjd>Ug{joUHoJEVE;@$rmO|pQ1e+>@41uPq!ECy#LY`6
zk4Sl7=GkhE*-+3oqS2T(!6@j~pQTEPx+l*dr#%)bLl@?17W(@a5|Fbn64Y>>&6t@Y
zA=Nx^<}-U6vEHI+I)KXYun?MrTA9elWV^veL)gxHEN0wa%$l3B2w@wwUGdl&5_y2B
zKSs<mSj0W%-D*~)t;t%PNX8pc-@di4J6$><9N+KPOwnHzKKr5(yr8Amf1-9>=PxB<
zE<RRoIm4Op%??iLhmL*fLKz{~{eh2(JR>#GqHRQ$@`#<s996fUhJzNStQ5D-WuG5*
zq^`HLti$a_Yyfs5eqJ(o9-G2NA#%4qmRMOYlpPpd=VXD~q8{9TcjW|P^4hn1DQvIa
zLg(>Y-mTw$%zv|tU_C+W78Hk!acxrcHU;XzVs!NC_TbC|<!J^)tBoPatXod~v%FgH
z6+!BCr^1~I=Dydihz_otsoiPOoh(pV^$A|Bucb?okeZ7S(?|)Kjd@z~lm>pYs%X1U
zoF!EEO_g1H(Qzx+f1d@nhCkxI8(;n)jJ}sefFcQid?DI*2+T!<N*nIR2TMo+kgtqx
zX~l6_<j@z%A$9&D3*|lXi|%A3(lK~%>)uwb-bz0eb%VZjv0zyLA?6at;Ij316R}mN
zIo9nEHcR?<|E=#YA8>grf^-8Ul;&ruB#>4|N-F(AuETqlA#4XUWTnLKa{LFccVB$2
ze{wH`7Cb*7akK<q&%bblI>NAJTK}{Q;fT1t%U}O<0=J4A+(k0I$2B=k0-_E%hI*E_
z4qK4F&OF&N8i5rNe(62z+%8x&+J@$DL%aX$IPk#0?vDfzj<)hvfgKyhI~fXG)HoX_
zAqs)#tr+s!Eg74r3+*zdIF>po?Mnu4JjL0&wczPxf@!<vO7{;QeAVK-uxcf;h7>6B
zCvX?ael^q;1XoO26{|4?3)}3z+Lxct*LdqgCV|jpyCR8=3XfaQSr92bA*7fQygyRz
zj!-BR87Lp8GxjApTi0D0iNoEH-}ET&#-3g-wcRGPGYJC<iUP55w}a>Yo)l`TCUt^`
z1wt;q-=TU0N^)m-4G`NpUxa~Y6!+CeOU^4W_vob`n5zokorbS9WQVkUh#pqL6|T69
zC-AEU`{ZuS+2wIt7R=u3o7l`geSLNI%yMr@n2o~){ZMuJ%eyOC7G;6FC%Z4sH*$QG
z@M3ZKC+gM)JvM-1q(f>%O8S-IeYod3Ap{&9{NRpvNMVN%kAGd4Ml`ae*W-=ii$QJ3
zsh6V)YD#CjTT5zReeilbST{pIE1`)FmqN9ZBFw1yj+qKWfI!Mkw#@78ZBb{^tPFeW
ztihn+=2c1i<(Ct&V4D{3Q|vHhzxKv@#`S#zr3xpR7vJTNW2tmj)`JU6Joo>;=oUl?
z7v4B^sS0GxE_nAY#*kI>M6uzza<!t-pzvp^Hk#>;RqRxrlibnZK53My@rizuv+FEu
zsZ_#|?4pnuOCZXKE@$5H&5fW@%+0<~X211dgIu{XWK4W``nXaP)IOAJ*e;4)Ka7$V
zzQ0`fz4~oeI^prnVk$94BGdNKlY4)0_zzDhIVBQ4%I6h_;Xg~MCU|b{Fr#54FKV=n
z=YHDzbKHpz@69Wph2iG6mb<}_2)bXTB^RbRH{xDsAaCGOT}Q=+Q_PSVw(<hk8<Pux
zVW;J5-fKy+5qeAo?rP1kXNK=D!UnuQO5Qv{8Zs#UC}CLVQ=gRMYLbUW%8@>`xA<b*
zx{q6eX50Iu_h&zGz(#vHgKkX#AH*}x+w(Cuc)xiFzQPeeVID43*o*tUt6gPI@m->p
zu7n`Z_yWrkHvQQfyk5@I!I~CsR~o`0=vmgX#Cn5pg{*Mv)4%l6AL;r(W((J{_iM@6
zmClac9*M*i?D!<v6kg=c#TCyf?5~AAD$npLR|-GstXRo+)x0~oiOPxn>l|B|rV+W!
zdAEY|QnBy19q4AUgZtwiX+nH?qQp|Gl2^Q6{<P)o?+<jW<&Y7Cl-r^^cNxnwDlF_G
zRt8VW(0$bwrB1X3DW+?%%A+zMx92FYkGJ{w^b;}e4~j^Y6Fh544ML?ErU9>V=f@eZ
zv|m?K>}#J1ee>|n;-Zwuzcw1=GW2}NoGEJeF0TNsd&RIdl$Em6ZNYm^pLJwJM#9EV
z*c?|t;cVD7%y+<8sAW+%9-(|s+aIP~{7>)GfVn7mKlu$_)DkpZ=A9kkM{i|Oj~)H~
zlm9q-MO!m_xC|Qx70w4)%Idz6r{Q)287;v^r(>Lx4Uj7M)264ft~I67r<x`a9~;Q8
z%Zy{5cotQ=nRQ)yPm90M7X{&Z8GrlGAWmpUf{zly9)>HDkfJ~?E7yV2eerNJ9<$%`
z7i)}6J5LdFmJF(<YX)KxwUrn#{BqoKKyJTb^C4BB<YHY9rbw(Z+BIPeQ6NM%f}Oe}
zLVm!Vx9Ao^9m^>YO=e+_&|!K-qOZ=+7HFDzn67%2<)uj%7Mh_emQLKD8d+j{69W-N
z5|Ta39>uB|Ql&<$Mg$U+N_h7l<wpE=f5u6-x-5vazd@xs(u>PJCI8j#mDd3z=?RrM
znD`^NSBf)16NM?~*ZKuZKdpSF7(&A(*U(kmeip)qIYJR&5holGqc|xp<U%*KZX-OS
zeN+$7xOUd^(Ax*h`nH*uE3c^@ddGs1aBZTUXRrdEjHH2e{p~B8X>qh>Rp<#bI@|8H
zEcf7NHq#bQR1%dtKPq~JtWb)%-UC(R`E2{wM5dVgK0d0!#1iGJuIfC}C8I+<&8k3l
zxBQJXFPWjr?ZcCq3XY$xToX7>0kW{&?0|3TFs)B0)rxtCOU4#!w2LvB6%<`pH8)S9
zn6TqTJ98q)fsP6mN60&7d~wuYHU8<mcan!d<a*!CU!Qvm)orrjL37k6JJn&j-63u(
zRTj-&b#h8HhzB=0E_(Mg(L<PE1#GarQN*(!Lj&x5i=8WX3D4y+gzRK4x#YphalzHd
zWQFX^ytJucT_vvBaJGNuZ%EQyQan$tClabcz|_9tlfH)e6gwhr6)>uFCBIR6qBAa(
ziS>0&V0Y*G3F5sU(Q!h7l)&?@jW^dURLrR^QGn^qA0tP0QzLo%%|g0k8qb{x$&3FF
z2kEXqWX36mxRG7HHDXq_LnUVMOP?(+il27|)X6*Ug`O8hqDHb{ji1Dg1qhrA2;3F8
z*8Fb4YlBZXfU6;HCY$zC^84m_Ry{__1x3$n)tply7KDXP#%o-?8om7RZmzWA`il;B
zC03V}g=@K)k0o_UQG(Zq&}kwUW=KFfiAZLD`W~*;Q5AcJtJ?DyXXjmz3HAu*tMI(7
zv&-aUn7&=SLWv}|qh9y(55(m!wIsn6V(=O2+gL;Fuf{>;a4|o-YrY?HJ7cIYqgx<h
ziN+E>{MQRsEy&f)@GOH}forVk2B?)vmzEjv>r=CeCAsr7%Z1T4CB8SObl$04^@unp
z$2|T<r`S7<kZY5QSW7OmE8md~=!08`=4${OFJIOblR+FHWXQV^nOsxbr~0VCw3}Fn
z>MJ;HW|ZShQoT-H!Rh!%Z?YU|Mwi2Li*G*94<d^jRXH*Cxc;ha;U507|1ts&!AmD8
zhncqBO4YpM+lkg$>xVqndTL9gaNOR#bR~~wdC=MR_V#Q>@sAj4J1pAY<ZO$jJEn_U
zrk0j);Z6)J#SG5JfQ6Em3dq>@sGyCnY5Wf)c?eOszg_%oU#0wj(`b2tQI_S*D}ocQ
z#EGV|J<aWVxMutac!rjDihpi)R-5I|fn#zw*?W9-^0@3UG`2<gw8(13a{h&0W_+6~
zBldV?tMGeicnmJ@l)$x@#F8_mvGSLLQ=K{yw5PgPt4!+}UeOj`iE(-a4PQSHpS}R)
zM@u3#caxk|A_E`n<(=e_D0prq-~N|n{KXHkA*zCK2<F!BeyOi2ry+AM^o>Wd&=~TJ
zQRB;#)nvk1$BpWIB45NB`Kqg4thpN7y;ey>7_J96aVPEq0~VfE_3cyZ<{Qz4y;c!6
z{W1zx5>d=WAf~<1S*^-*jKa*H)ck!G;e&V^Io|f4Gau;KplY0daa?f82=V!>UfHk8
zrbnzxoHgb*TP?=v6f<lU9v&&sW`EM4qeKEdP$VLh!RI4usS3!+HT}5sj42fM?sxoK
zF=+dEw9$iz4l!t%lp9@SR&jUjx%{&H>KnYQ4oDFbXZ9IkiI1wRz$t$-<aWTa6H0|G
zSj@m;id3-Iv}ToRi{OBc2D!rq`rekuB&w%Fuq`L{Qo9OQ=Qic#=x#^xi256W_@|9f
zEDmgXt&@vK_J$W$-%R!{trN!1S{i}dykL~~sYOHhy{}J~-#rwThXPl8s2BE%O|fA0
zSyvBm#`;;i+kV$uv#LtDr`OkFoJL~L8?m`z&sbL*>DZZGA$LcFnff2ING}@=3(<y&
zhUOin$YZUx&+6^JyGVIyk?n&1MED!CbJulD^Xm*E$vqUGlm0q!Ox--wdoQ~v0#FDg
z>dc-|n&CMTwkK7QYMD)o#hi)CGk}?!#)tK0<@MN;AytGpaFOYM$3`g_5IQ~j+RGO)
z*xtfCE(;<UD{v<29xMz<fgWexHkNZE_62Jp+_L*BOTksgaX!R89|5F-7A2BuL8A9n
z4_H*>#r;Qz)$$--4OplOz#5Dxb^<Umv9FG7?%yJ)UI>5O*~4^A2rXv2h<_pV%bbg+
zufy1Cj}8|~Ew+p_%Ws1LL}D)z^h%gm*JAaOOvDs|`2~nRL?S5L3SmpJLy)2cU}MIX
zfUPCM46Z6b6wmGl2@q*ypehW6D2x&p0G?Y>n0<K`y~sgrqPe|QdaM?UGsDtx;M_=6
zdq}6CFEK7;TC>AyV54)W90Pa6TX%<92ztsj3lm8d(L2X+13Z)gGN39z3C?Dj<Dp;(
zHslaelMZ696#UD|hSWH?j|B5GhF_}NkhCnxYw$^7gd1+yPQa$h3jV4ZqDt+HBv@7n
zTe6wRVN1mXfH?UkbA$A#%j>2NxZY_laCMHtY~K*CuU)*Yk=FK*d>?t+Y6SF$<&W|3
z9@*l=ip>HNyr6@CictO{LF30PQh(z9>J0x}?)zjFE9{6+$Q~9Fq3j3~F+_krVp#0f
zU~ta>)5`ug60~F`z4V!dK_xSP;2xrbtaC=xc`@-XdpOTu8`TaPy+Y4LQ%3umSTynV
zl`riSwk<}HBtsZb!DIgy33l@*4;xdo5m98!1Xg$WKLl9SacrkLdi<M>LgC;K2a2&t
ze}5;8AF$n@Jx`jR_|G4TsDMmjA;6EZY~du;OT_zY`H4P5onW&m$%mGBv9r8W-v(j=
z{SoeskGk)n{0JI5Iux<VQ3aC;GGcJ><*+!azp`b}ti}pKJ72ACgD@Mc>x{Vwvz^fS
zz{s;&5Vj5FwVd1^0M|^I501c$F*4b31<&zfae05b-YwxNBFZ_Gme`fX>05*JEE%<X
zYg0Qg+P^<`ZPSj~wiY|?K$*_7R4oKU2OS*W+rROdj;<Ic+uD)^Z27Zo+-wJX^X&N<
z=l`+9t7tU{B9>SEp^QOP-S4w`idIBk=RF1yqD5rQj(SNai~1)BW`j}?#J6Tq5Cjq8
zJhOhr74f)@g=%#2$Qu52{PWR;I_%`d<O%=tHdRRQhk-tm7@L?zhc*Og@7`G0=JX-f
zk)P2Q9O6R8Oj2vcNdA*A!a&cBKStt*eE?#Z(s+9_5?#@&b>{TK)i}L`#|3{}TFwAG
zglKsL5f{Oxp+zjsca8U-d5R}NrXdbyP!2-$`i>jI(n4K#x@HsQcfTPT80;1Pc<5uv
zIA&q0Ryeig+rJe_au%Ur{Gp_tL6x_oB(w9iI+sSF_M{Q#7&CaH(tPyx+_cYRoyi#P
zmHw*}if<<}6f25CuQlNdXZv2wR+^B?HbE68BnpEl&-nKiL?9dBz{jv+W>_f{!HNZ7
z<g$Z+yGG*ztCoAb85uBxmf=Yi=c6du#Gkr=Mg(Ep1jdmKs>pX`W-$J|zx?OED=72w
z(T|0~j2Sl<D@Y@0x<=UZY;DY+HaonV-Tsu|{HH!Ut#KT2`6XXyZUWax%+~>9<vehO
z?mr_M`a_AzGru6JwIn@7aKOyq2+>o?h#?ag4`l(R=gxtj8Lc5WWP{Nu2&Q5If@kEi
zl@>6B0!lYY0ENJ_y@0hQ!@|8sO<;-~(GcgQgR&(Jzi2_qW!0gK&2K~H6FIdpwa;TZ
zOo=YGd2tNilPiBbSZ78!1_h=Q<ax?2q#&XPP38p62r@Egtmq8VbVm2@tcss63{EIA
zft3v|4F}CUb(|3tm{a@fR(_t~s>}cfuT0J@mCdb`zxU!8AsC9TQX(!Z4Q238a(}Er
z&cxLEogBL6XKHlz0>o^*JCzoD=u<XLD8mts|9Ej*M~&nYrCS#uax<c9pi}b<to1;@
zZ!|R6+oRmet7}P@>aDT%*`;7+D##URT{>BS(3tks{d?J4&ztGF^(9V*pxd<sStF74
z+%KBOh&C>OQn+>A=LAd%O5d#&d*m796d<CmF4`66mM>_Da4HA<c@WX|qMubcd`|uw
z1F{A)^NEP9uPz+^iYbK7uqCF_@{@wKiv=qnJ+COI^#u4@Io%)T_qo_{C1Kt>K756>
z$J>Dp_1Rhx1-?p$uSoN4#1^FW1Rw_11p^<Td~PmhG+fP$&F`N+wP{HnOP(>N`<4Z{
zrocD;prT<zD}caqC2S4r&$!FsUe`LyGVkvt!#Hp!oX%W9$@sum*9$kVr4ZIwvq`__
zqHR-FC<wm?d^2MQgx^1|PQsV5aE7+b>M@K!El*=QPRErwEcX>{yx|LODKBQ2HJL6G
z4;<&n!GR8kUyBZA$sX>mDTt#C-_BXcs{#skjnu8|J2CjhPH%4fJz19#98deE+v8s@
z;L~qS7S&qUHN74`y(Ujv+DsvMS(CTtKmRa|`5t^dNnXxpLaa%23lewkc-_yH0o(i?
ztX#Vu&sgjC@Ey)XtWRyRUSYGqgHO<vcHb&pND)H~n*`z#^WrytH?bTVZS#rg-BL-u
z6cb>Z=#5&v{3~OIC3s6|eg%sF%4!Jf%0Ye)*jP(&rPD;HU>7F<;p~1aI<j?LaVoa4
zBUoj-6A{e+;Rei@($5&-n!V0ULHv+eWqudkiwC}S@Lk<>y6*3nAVyKL^^BuB13Eo%
zx2bUwssLLL*fL~S{~YW=&og_g_E_A$(YbwNn|%)FXaU>(b8-7-S^MTs_bp!UTXu(8
z+2Em^m+>}<8%-qJ9oVIaxX>P!tBssuALH}|6j>;;X&1<1G|)>#H?)xCwI9Y?&Z*{V
zD)zWmiRGXYl9D_4<0%G&I*bdqwZ3pC?zXc*bZ;CXg4_8uBK;-kM!iymLbyUaJg}~U
z!18l3CDd&$T*?cHr?6ai4tLm&xjn7q&=Ye#I}-zuwbXibzeouh2^japMKIuMvqTrg
z+g)l-kcu02`#(Z1Mz}VEf&?O%<pLxp!`rvMOL#`Ih^xGl(LODqmEyMj^ByIZ(i0QX
z6Q?$kg|r=wyUi9ZplJB|o#N%g?2CvuhtbrFktvkJu4#}sA|dSJP{ivvKT3R3RuR&F
z@j4@yBKJ7lx$R<4?7i$5_%!kHe+dD!(k>s<?5tlkOqNK0#F^rw_?}2rPvW1o$ol}-
zX-rH}oKDD0_O%FdL{Dt#IhaR8Tm&F^85eht0%k+}F4rn!3F+ds38=kzXw^3JE{jr^
z1-KJ3|5SkQQdnPIxqIhSS#m()U+UdvvB(FsxGU5sCj$80#d~GMm;`m=1GVEx{`Wb{
zS!3s5T^Dn1Zi6^O#QXF?%;JY)191-}Mvj}V+`ehc;zeN{mAyax1aWVK-`u~8eC1E}
zZCNF);P+YgNqFd|Cp@!Hk}kfxm#zY2eMR3NVHxSZ|M}d5l#y8Kc9h@5(HEB6Z}4P}
z;=cnfPd48Dd8H3J8xqsv3ex}nw*f#vK2gmGD#k;vxn(CP_R|ThFb6JK`)dCk$*v?J
z%^Tl(MsxWfhJRBP19q`}=?XTPm!z&r4`i!e8LJN1ld;ZYM{4!2?8uH38b+sVZwH&f
zg+Kk3;IdoEH;iSondW@`o|sx>AWtvU=mdI$<c&*H`Ccu?$8o-@58B{cQ#FQLELU6Z
zdNkb#|GB%l@$>pX5FE*5T>5c<TWXNfJA|l{W1!e8d4}$k11O)@AH@-~ywqnGX;|4T
z-3=;hv{u2z7k_&bGf6Pwm48y_@9-gexFX}~=I_^?#XHtzH<3B@0gA&B=5}9-)IuBz
z-(_Nhrs@rC(!ysbTlqguMn>l^T7TU2{k6aT;d!Sw9@hAMcaBfjHKy^ih)oICUA{z$
z;gA8#Y?z>N=#c(YPPid^CPj)2av9L{ymYKX0A#<Vh84t$+=;lv12<Md#Yq2kSis27
zUz~jqm~Dh4USM4lf$42av0x<4FeW@c?y?z%&V)U*6aBqsG%C9AMlTxq?<16y35TYz
z!5O0xabkf@D@+f0f$ekZ_O8aPT<Yl(oIE@Nw5Y)OqU_>?r}PdRt>QIYM$+&oB3hH~
z6J3Hp9{T4BEoK`+Q(az_cO#-vrVz;YIh?>_FF$n@x8#i``KS4{VG>F$&I+8;8dydJ
zLhxHxr}YUlgqz)gPO79hJxs+|=y*0>HadJ{k4}7d{zJ?YEwG)CW9LNE)#7UR`gVd<
zPsjNTz6!44v$H;d#AhW=#)HD}(h&)dJCS#ko4+8#ITTBTLaW$DmbsU}5zE}xx)E+`
z09V$b9~tD-c(bqihL87E-wUTJQpEWLLj1zU%gnw#@qI;z({A}zW&7gUC;`vCONLk~
z?}U^LGgY`&xUBU&+{{R#^A^}71-K5e%yMmgwo<w7hgu-t(mL0}Q_sn2LwZvJ2MMQ-
z&6Y?YR^sT4bh0wzJsoyCH3U^KqSoDi;rmzKJR{8S^E!*p_K@eYVc!H{=MO&*p5%5Z
zvC+~q-%rr|wI&laP%+&;*evANq_!mXS0ziU<iRmo=T6CufwKptilYks%h6VBNav+X
z!cN}jw;yO{N2T!BB>WM%xS*KoCHvGtrBmvFHh2}4S$JVNkOv1EklOLN@N?jx<#YeQ
z&i2g?SJj^{#ua0~<Z1m7ip4@TQlh2LX)l<y*6Z~PWcF+RLU`fR-^GZYn4(ROvuWE^
zST8cWZ?<svZ4gUuCJ28xKY3c4o=MF9k;3{`Ac`wWvnBp;N#vN;eTp)I6i^?&w020(
zs(RXnT7??=(_#<)rb=!_UYDe8cR@NxG5A8z{dt!K@DM#EC>ikLsmdMv7WYo#u;{-F
zqXs9}QniC$RT5d$&A>4iH9cF5MEr9IuybX}=J^IjKdCWIS{3g<(&@m>LQ_N>Em}ml
z^sb)7!rAsB3}5s1*^Ltehy=N^AG-KBOF0xL<8=+HI^}fh#(NGfTMSgsQ0$mO5C<1w
z<lr2<*<<NeeiFUr_VsC*)jkSS)OgDq^^XdUv2sT8eRgT}>1E5^`Z&4x{`jw<W=u{V
z!KQPvie`)aSFd><EtjxJVQl@vUWzHUwj~CR*rwF{`plt#qZ;(Jow(|-%qk$LMHL{j
zsJ2D35DEu_ZoGIrzwE~`H4=9{?M2?Ij;!{0<<PDA7x~|giF|)SuWVyfAZ6JQm@&TV
zKe^J(*VjtoaVpUynMK*V47|xSgAaF&?)M)9j+UFW1PkJFJO$b7xth$_G{%IK$Rw*F
z+xM-rC76L}NsC`m6d6psY}%u=lWG{<NMi|z5#tN%aU@t{wchv|f{s6fAx7OGqgX1;
z0FDmZbEAY}&S(CxDz%Dy!<$jakgDty306pic&XHRdFQ5=_B#SZ_a8~~OnpDk3wi75
z$+nnr8`<4)<3caATsC0GtrE?;5Ad31^zf9AKnjQOlDb*|8#XFl6zd6&F^Tc`bthE|
zU-Yy(y2?TApGmq*I;&ceGuX18l~$l$U0&8}0W%Wla8@YycicGtJHWE4vEB2;c9zW}
zZBC8>aZZ+O@QLk&1OT`Vzk9gBlX7%HLoOX6Oz80Z!v^rs+L}6)wnV{kRuBm@0|!U5
z=+00wBC?;qO(4nt_l?H!`is&h^I>=1u2^uEir=C6Zd|LBOnDExsu!BygSW%GYhV{E
zK!|8JG-ft_ExeK2Zu_#t;|YkSy(G_elpgS^L^Ob}B|PGsUIg<>WgE&*9>*zv*{3d+
z_r;;;=KVVJ`4bD6a4%NH9wKs^=Je4T#y-B*&0<O@W?GOTaVwkn->wY6ivApgz+aXw
z{)8w2x1Y;URmhz6*;F+Uc;A;=sD4-F6{qLzgnAyu32AC}VZ<pV&mAE)(C0I1Wvtux
z0sUq6OzYB;F3tH+>!3<F6VrCaaHz%&LPdbQ$**tf0(K{62`4Q(U-K*~WueVfgcsMf
zGi|44tP3G(cTWyV`|Vxa+=Xj>j~WWkVNqTkl^48A6uHB<$aQ#(kOm|g&b&9x_wrej
z;C8Bjork8g9?yOe;%)4c4$insBz&p&gb!OA3UG`>GuKsrzRrmqFYix#b339KrjPwm
zVfA*E`)RYXLU3Jd1rAW48qe=ro2!a5z;BlCE~plPfvvaluAj7%<Xyp`;eQ?`zV-K(
z6$p=qTG%ESPc^!PZ}HgHImdr1dVW`+!jtnPXUPx%6MUz|Vy*l_KXdRJ-7HSG-IL|!
z=YR=GzDLdHThcV%<h;L;a+|&(vY&=6If4DB?TCjw@?k8knQNMB=5qY-0o)i~K~Zjj
z_ct>2Nm@+X#~qMmlF>y06$j<BCUWA?z?NXdQyTB)lEGf?!cvPF)x~nOc`y8f@8nhg
z(<9&AfBc68z!-qu!iokuFBr`G{2TB6_6O~TWQs$X6&(OZA5irv*kK~t07Efo8c}q|
zNK9+0$#r`wYQ>4=*EptN`{Ad>N`u`9fHCqQJ9@oUa-{zAhUa2O?uJUB#jex5T@cqj
zEeLApKfV1?T->d~<vC@JmXWU_cT|CUK$gv&>Nn57w@JBwE$TMWTrYgEJq+1Dj|Ks0
z2Jmf`#r=y}{VXGkN^$}W_#~#Q#@33Lk>2hcrA<Ud{wM(7iIr4$5Sbg^C<WE$0i4@l
z?Q8vP!eYCq*!fE6@So^ltpr30gM|UH?97Qn&g&yR7E_Ja&d-n6hy!LKzjWsoc|`^3
zg=6vsi@u`D!XD$5;_JS1>+$i@(@Z*Ho6a1x=2rxP!UsQ)2f=rsPUja*6el4|Xi?M!
z;~I0`1oPdxOXdtC{**#NA-Yy!=Ltac;E&OtfCY|L!Y@`46nsuN+z5lmuiCW<bIk(`
zu(*Z@rmt`^sMmtild%SR>G0_6e*3p=ZUDt8=Hhvd7zMWVI!BPe-8WKmFybF0!r?;-
z`yGU}sNGbuPS~hmu7s+?!jAwm5phw$5K$lry!gK8r^K9?{Two_Qw~?auH%kK0xM5E
zVPBI}#zKxoq?Cod|HJ^w^ve=~tZk0jlBSkYe~mEaUSghJrs*W$UXi9flus{RVT|bO
zX)IkWB~NVEb^<FjGTYA<x64+4mMx5usV+HL*nTz*EI&}9;}j(`;w?SvJ(RzsUs_z^
z-?q0ykD(Aw7IdBrr?e<}EO8dB{F3+@<MH{Ar}=ClyTiQxn#7VXc1_yj-=S&}cIoS)
z`UA7mnRBOw0PX>d@W&CYKr$Nw&#{a>r|39=k3Y8$O60{R7J;Rzr%x1u?Gm^Z4n?F2
z4egxT?POMj6n!tKwi_f!C{!&q-;y?7w^FTM_Monqo6T7iJ~7WOd)hM%K2F*iECqF@
z+T0*Zv(creR!ln$_-w(p{{MP-RhDW<H~{IvWw3>YSg0RX+?T-N<N2UnmS@%Tz`#M-
zPt2j+X^ZJ@F1K9io4|%$wnmy7H|GXql9Nd9!5m;7ij*lMlQ*gaAeU%bM|pU4`rTn%
zj9kqPvfPjG4JarNsC5{wSPk-k%7p<kTg%rDurdl?LM_NATR>9FhNpQrF3OZ%RDR#!
zW0pZJ4`I6!h>F$0*o0Xd3(5i46d3M9ejctxq9cA`52Cbk`0q$yuitnIx(6uemV%&H
z*jjzu)eEX`_2}4=lrp<5b~>70_D5QGTF=k%^sQd&`@*vd*c8a#KWI}~i-nbDg=_cO
zYe8It*du~_+5eg#@W7>7mN8a2LiL3HH)EXmaCC9IyWtnG>XjJnFFXo>N5Rvx4-DNx
zn7owTa;%xXd?D##fxi`fMn4J6n=L(gUfvvEncg5bYG)u->aQ7cIm+5&G}S=lxFaj`
zt3K99#1<q-l^z$F%P#)vs^KoO%vkv-Z(bb`<t5K6ke@CzmuT;v{h%_VJYZZpy1G|P
zY>1p>n5=;4NG^`LR`rD^9M1w&g2RYx^eZvVt6F!`K}4Ph8ebK(<*fi=a}MI@<mELG
zeXS^PwNk+%>~i&AqpSu6<#3O$uzb;mK&hnCpT9i6{Q7h*&|^$Q6mS+@;hi6E3pAgq
z`gbSCt6;H7fo37~>_(|oPeoR>ed%rm*;;}N0az=G$7+0uOc+-uQ%)~_DNScqA=0|v
zfdIh)Biup2+F*wc*+Ua>dprLuUBiQ;;EAbdffC$1r^-i>gLtevXED@qET1phEZ&h~
znDAg3P&d>hdq_D~|NL514U<wn+|UvBczh&2mh7RJE2doUgAtc&3pdKHB_~<;vCR43
zWh162Ga56Wfx(q`%dd**a9K)}>gS<bIN;X@pmdlg{f7ibLrJ3V(wc!cvXzifUpO|n
zC~P0JYJQE@P-vRl*_om=6*&LPd{Z2}m}sv!R<zj--}vI<gAj1H>hb3mAo3GOqV458
zYOj3%p(x#TCC0VFBY|5hER~<=Z}_+E%p6f|A2NR6HEFPkw5Y*oGu`|Bf<|76e~@uk
z)tM8{teN&uG^Ykn-?`kHOP)E9`~;utQoV-!8(p2Dv}y5mk@MtWeLBCxg##VAheLji
z>-NH(AOQi;uH<t>60oOneJ`8{5Qux)-`TLIb~6ojVwdjaU43YJ#h@NCaSZzW7oy)2
z{j1>AQSSBg1m)+=fq&#hep`F5HsNu1o~YQ@j7HY3MJeNE2-6LUAIp{BH+znq7KJ8N
zZ^+=p`L-8FFKyWyU^;`$k@S9x&kgkxPAd!1tKY6|DSEAed<ENfQ}9O8N-bPOfQQJM
zwGPK!|6yn#9HDRt2#RTa>cNMV7s9iw%LMDpTj&+!$NH=YGV{?)2&SYHZ6AX0!A=_D
zqhjf;KQ862e`4bk<+ZJ2&n|tZv}5k0@-@fDRL^75P%-guG<*7v;KQ<3!2<e<=i=sL
z{zsjHmsCpXc~p_6`n0KNFFA>p7)kOrTM`jcy-lbfYN#0On><l~cJLzr5yb#W{U;dz
z@!Pc_;3OhK0L0aa^FjnS`?cT7oIH$`mA{Pp#R1oxHZ0w(vqiS=)Z$sQsx)-Pl%Phq
z5F>M9w6aa~>HYds%zE4*m>)qG7VbDD_Tn@lS~=RtJS6&`K)x4nVa%TXud+Z7&NSji
zSYTT4?0{UBs@79-(%<L~opl9vyx8?l@pKX=omsEgLEQVOYQ9!~YA@>4VUz-Uj0Tge
zG^=*%uwMBQS?TN(_2)})hwFl+-WrcKq66)}r}S&ay)b^%sb$m0pMO*PVy86iW=Wo>
zM$tdx?4<6c4&4`BdSYF=KX2ffMmRI@Bg14tk9y8@5W~LHd_hJ7Z^kpw$zuJ|=7XTQ
z+wk`-6>S@`qz?(zSzn?9AR|DMP$PXBM9aBDrG+PCHtgzQlu9(@?7k6BJc^%A{7<_N
zK8@$|Kjriri~VNE>db1hH)j*Kr}gF>tNKu~m%kvsjSX3kPzH2ZAbQ&!4yU3|t?iIY
zPlr@Tol=ZGO@!z(jBvQG{@QGiYJjVgiS&B-`Gilqb$a`y?ptmTZ)$$|80iWYz&~d@
zo4|r-6LT=qx4PwdiH(J&GFvX(`=`<AV-kk0?)x7R2rKajK8U!d;s1MI>zPaByv)@E
zI-xKGluqPJkJ6z*G>oGiAF}Q9ZK2fdm5m`9v}m35D884kKw3ZHZU>=$hGL!Y^ZQ|;
zS-V<HNCm~hI+KK|=(RVxu0nx0KECqN#9)!{^vv5RmBeTrGjQP91jq;=aL?M>v}0)m
z7W(eB8~>*M%hTBr-h%i9L?)463!-mD0u-ZoSF2G!MM>i%sk@*^v?;h62su@FC(-zB
z$LW|Se)l%i<E@HBr-94eaI`oxN@x4E4XvKn?=^5uQ#xfs#5tNI1x8yPJR-b!-O_eK
z01%!yOuiUlPB*CNI`>^Zit~RBo%cW0e-y_*_g?p2<6ie(d%M@(T~fBLnY{^7*T~M^
zq)T>W%P3tdiezV{Yh-5>->h_rQb|`D2>086a31g9&g(p1&v$)hHKUI74&=O?-aD~R
zwHvh$EpVh6FGE>!t^4DL{ew!xA?-qNvMMw5nDo2&evwCdagbX4WmU=H5pAB%DHkw@
z)HwtetW6wJ#H;7eJj`#Cd}y;#>n-(B0CJuR5mEMq5p>MsOci#LnBv8C`Ff(ARh<@m
zM5U9E`V+)>its&%YWj>W_wKzvLO;EZz#}nr&iWroLu$t$Sa+AzdA4MJ-^$*jhH`!G
zN)S(sDX(1Bt7wo4Sx;Hj$Iu0gd=UK|bnx^~MTS3voIV|*9(-$(oH=8{bl$N$<zjpL
z{>$@I;3OXR=MM(rNZo~wx?H)32_{LJMta&&4EZb?aj`V8NOz83vb@ny;+bAhVb3ko
zahb7OMczj3?|ZL~=@|{Da_#h{4M#a64c$r@#g#LvR{?plUM>7(*MypcP4^U9WBTc!
zA{ipz*8sv(PzSXcC3lM^^~}3e##Rit2S{S=zrcmZ<8L)C>?EsMG8Wu32@ps>Kl{uo
zUE}&iKkBM@cND`JpCPreoZEEDql@r!<V0{E$z1B>^@rphBk%>QTUy)Tc~h-8^6>?;
zOfK5DD3>J6Vh{8<QS;v^$={&)_Kg&spkX*v&WwIb^Eh#c;W?)Ld5~BWXxR4kifSMh
z3}XV3UY8OB2BoR5ly+`hzChu{K92>oT~{K)9l;#5Uyx0Z2JOg@=kyV2!yxNx_mE_}
zD&^zd-gU34$7b#yoArb=#UKQo5y{`$a-^b}=i6^#B7|3va2#p}pH<uM0qAN*LlnFE
zUkxY30;hsc9l|$HiJE{wGei-8WWbY9Q%K-$BH6lv3E_luxkQ~?aEydqS8!zoCk#Q8
zaw83(Oc07*^N#4kr0jZ10G>t~hd?-5$<78@f&v9F0Yb~qypM#d1Bkwu{Ty%02N&q~
z)gXmF*46srF+3TPS2beHu!AKLg>*mrhD$AhXPcR3a|KO=KJOb&RWxOwrpJbQiY2Qg
z2<9g04q+bm5NK{6H}314Bc_HtJW`dDS2O}Ov6<<%Rw&oe9447qp1jMwt?cZJU5uq?
z2S<4I6kc&F2n(@DUTex6v6uv>^G<|c@i8}@*7Z+mU3m3b&es2iTi)-Do?*Lpqj}!%
zn0+pSF;|6`+9G#aL8$3`+XxoBbdbawPvJg&$WyNHnIolR{^({cH%M5A2Yi8&KC`|j
zYo}ik+Uo*Ikv9F;GV2n10l_eT1HC_TepwceR+E<~s?e!B2S)0nIYT7)m{m}1XERmi
z63%XO27MVA68oSVps4?(%blLca7GFZN*A}7^X`f7^d+!xXDshZ>Nk482b2UzMk#(3
zF)z<h7({opZUr!XlFmH;2LIv&yHVLnN3cl<`4H<ZO&RnqQ&?h5<c!WSTHbOeU#fWI
zMJTaR59W-=Ce_?SB_8_@L-&2zagJ-BM*%eC`cD}ikQ*-L=4Oj7m_L;=_aOSm9##J0
z%F(>!6ND<9>sSf{s)C;aqg+{Xi6X`*yO5wtmmi5E0Dc;gGkHoe^C?aEh$p|LZSV{L
z=f3WZj3+xVjXr?uOO0^_pGF%e%UxqPEV{<hjci!u6AS^VGMigE#>pLeTU)KyGTRu(
zsl%C=9C^S(g7bTH<tw<GHq1FbgOeh7NFddV*YR3MQ(^o^8y`-;wHE!inmG|Wmw5VJ
z82?eYicqA-*#x<zYtMatFC{0()D=Z*@~o4ub#;TP7;-77^4&m2ZYykFY5G#Yynz(K
z)=zc7)$qghp1K&xU&h=_KeygqjRyT5XMt!F>e@^T&r!g}?M_ZOyw?p?cc1Ev(R{8N
z{0NX`dODU`PtK5ZOujNMAtYzP=(*YBZ=>(zb>DT2J1haWk(_W%dz<sRnA($m1n#nd
z&|CCgjLXBeHXx)8^<(S))o@jvU$yrGPd;yL3l@F3@t1R9t}!kYCgT0O$r#0q_1n1D
z!EG}PAm_d4+a=MO#z)CrpCpb&rO?wWcT)tiMp+ji!Y)VIg@SrpmtVvfGVkIpZI^_V
zk<yd?3S3SdgC5LfuX05wlDHBcnn`hoRjjM-N`G^0@)w*>Xw6=7dKH;H=xS+0BuSA*
z6^TZaRx!owDtR#$SZ<nDEVsnn+B<Qx)hmCvM8L>nQGuE;Tjd>0Iv2t!SWFLRh`_^d
zS`B%uF~X^^6739gJ+>xe(mf%_9nkX>-qr)B+g>e27d?kAz+0eW(<+n&&RNpl23(-H
z?G}Pc<hQ&`{C2uPsW^5M`>{wi+?D7g9&d;WhNlVl?Pc5Y4u@yI+1THV9OM`AWDtrT
z6{S;kvQ-9Y*KaniV?)wYZ8z(0GQ_-8-l$BypsnD=b7+8<^S)I&Kg_jC8naVsNtH~M
z%5>q?<$GN@sunXOKv)&~+QTT5P+}OciXLH0rGT0A*9GWS#D&@PbLW0|hQXwudrIKW
z`g@|uh!zjdRBT$b=Le^5#*2Uo)7Z9-4K5}A;zL~wDhZja{)*+3==dWvgj~t4S3jsk
z4bdvH(u-T)^xWjhza3UM4)9y)o7c3QL(#;F8m25{dzF#{Mn3Sbjn!Ou#@OTH<$brV
z1rYh6gY@72z+u9Z#3)9DdfwafBgYagqaSAH9J7jC0Y>>1L(MZ-*D-rzA5e;Z^ucI}
z;d>f4bniUeW4)3~yT8W&MdzcFWkw{9|MM8E*K6An=kCc#UF0*M-o?b<8`0}UzqQ{T
zo!Hv3s~XHTbWqHk%ucPZc85q`g>7JOXzDT%(1{So9y9Leg_5<TbWN8Mv=)OGs5Up%
zBfQ5}yj_oj$Ns+61Has=)(&Pm8f&;-x|F0}^h9s_-!b{|f<>S{Uu`fFGT4K@G7A>D
zrfK0U+~d$0DS|G3we6y3$DFhFD_ipQ#Y>U7XO=sDMkZ~I`@)LzUfyBg>x(w?j9O+f
zcjjuV5*+hdIzqjVoJn0Xfch?#!F;o#8u-?s%4Xop**jAJemlcSuuLGGUR?a_Ly>H7
zM4KAYNJKc=eoS_-5_Q2Syn7mnaf=CsHN|A(-rN9`9(QAQOze95zcob-^xEznop1kW
z@ZDlza%~|&jC(9SC;(NZHvOxn@&V*^Le$FT_ov(x|BNcx;}(l7hC0DepJ2WmU759W
zVtDT9=2Rq=HK4U)Xcbu#^TL1ZHLKfjv3yIErQ96H-_Ga!zI(TMMP6Kclv4S)z2!Fc
zak6x|!)WnVNY2yO6BmE#3eVaZDXgt8dG^c?(52omaJsu8qCS?H0upJ@_~&Iky6asT
zzem52bAIjYJoQz4KhrnVt64!m1BOnrEGxOXNoZ$T+fFwA+v}mQ!AqCz(Hqpzol61i
z^Mlr!({RoN)JOH^S^ZcNKc*^O;!N3`brV?bP(4}3H1^&{c|WPvJXl5~Z@a}gMXjP{
z1d$jvRV;t@wyRm*Es>f+w6sBF@Fcs_*oLL!(o;6|^=$Fs<>|JEzw85klhg!SS@839
z8S&TQg3-Eym-oT>IfJOT$8K)0mSm%QE_iS6FC3G(ku@iWZgYX1ER&4TyNchg<KNg;
zh0+YUC$i_ls#nDLd1`ektod1v^|=BK8w_o`Q&l{Zcpa9$vnv^R(~thXchE_;kqc%_
zy8M$W*_t+}mB@OgL<|}r5pEwoeFr(B$O8}REELpYD6r7jETDIG7UwlZ78W>em3gVX
zHs=dl0M9F`;Bq%-*ZDMQtDo$<(|Cqyb)j;nmO595KD;CRjN^e;*^@@4<z9X7QhNT`
z{*nLudr-P^bhTigkt)VnCuf}p3%wW2m;CkIUM8yMmYSGhLX)rO)XmkQKzK{BUf!LH
zK*7rCRJfNhf3}aD<M;J@YUb(IjeaPxPwov5EInHabT!v9R;~_h2-9zPX`Y_fx~eB}
zx_&}SqazI@neTuw*^)kM52AMa?7w_TH18Wih0@Z*tx$s7dNMBX-?1V)uRYKTj4;YN
zA)Hx`q{FnRa8F;M?R*2X?mFh<^yC-TL&reI9)RmL`H+78^Pvw|U_uPE`+*ZY1HisZ
zPE>A}rLUd3aesUwu<N$wxh^zO`L7$weOf8-@yWKp_r28VlT7evWajDM`04J9%;q}6
zEXko?M>t(aVEY!_u_gkMD><$6+iHMqcM#l#Yr%R9MbAt;4BBjOY|ni9Xu^N1hWVxD
zt5w1`#Vd*Y7Pr7kHAiyPBPwzmo3ou|@vOLc`n+Xz1x==ER?Gz8>k$>nb*t{ll|<+6
zOj&%WX>6AWE|8%;(hXR#QDFTR$f{xf@_<$8cpC5lI32BME@Eq^ICim_HH39l39VQ)
z2-C75pfC)S0U944v(eXCkW`e*deTSgZ!`mvuCbS+9a66w0_n}>(3<7A`iS+~E-Oy-
z2&;=aMx!BnBZ1bRJ<TyOE!^G%ouq#(xz4A65%92u-aX8w)a;){+P&3aj+OxIpd7z7
z=7K|_poIt2nFhVA&y}Oc6oSEg4dQ;ID3UlRn2iy!OMFYK7K#f($~Pm=WbZcaJvz-}
zppP+pPU1#P&NrfrIBZmSUJLw13W|qH&<6zHV?;~{0@M1U3s$*=IZ=Zw;lCkb9U<RY
zll2e)$OUiZoG*VxiJLyg<Qpn+J>LjH6^RP{P(LN4g%Q@U5x$TQ(F?6lSHkWOUB-%l
zhZXh9UXM;-WIBvw>XbyThl)f4{Pfrq$w#jwYcWy=7_q;5ecHLKuaqvd4|pk%t(RYO
zxk``5H$XQ-F$I;ZU$DI3YeHX0i-kkL<MnY*y)!3FEPX#D2b834OtPt4iNW_dZkR6G
zSf3BA<ionNIoU|OYgI&Hs+}pU^OcV1d<j<oTu)-g0^nQ^AR&o)jBxfT7?ru{NZ8Nu
z!+s5>09?0TALsLFweV&QKzOkDNw(^Ff*@BS=ecCT!ol<Q*KzM(<GQ_77Ie@S)eL=s
z61OPO_$th)o6yHZ$%6vP{6vIdr6ibx`xL|t1Go`|l34|6PpZuNs4YKiWZQ1b+Iy>a
zOrLXZ5w6=qnx<>m=ANOChn@o|-5UvGFH8dehZNOL#5nr<n~<b+Bw>=@&x^{abTDdf
z*#^*v^5UUD4@fGtKr*$RHTexxmnytl!0bX$gA<MDZXEgZI*)XPuvI(c0$rTBdRyQx
zL#n!(vW8Y6WAp$IV<yajV{*{;wuPOv`^HC(4R-80GC5GxAy06LEqvt6kCIBm1~6}E
zI^RcxgeBpk*5iwxS|xJ}Bst~@mElG>@&!5woDTy3w6(r52!$1z<Rlr%0m4c!1cJhu
zjN9!jjKj~H4k+U<Q9)mD%Vq^}W9@wCTbys&h1p5)Ou6Tot>$jJ5<I#Vp9@d4-5ZOQ
zxPFD79L!tNvvsATDT1-MUH4a3G4mJeLak*v!MXd^j{qG#>SgH;Rv1Aw#@(9t=hsHC
zV!x<|6b@fP5wuvJd)x?>!|AceoCmjI^?!kCb`5(29Q--W_dBp-9{BpiHxo#fd60qh
zAS3lBHaX&Ca0Z!$<~*YA9RZxF=RAfi5$f3EQ@7*)sOOVdPx_v252B8Rz9SSOJ-w~n
zi#oV&yYu_~a{W;BtbPHEK4*Os3|3;d?e5^8T96C|8Pf+`zLJ<{J7ipLaW%?%{G<l=
zQ3bD<_ioz@&Qi{uCtZU5hn+PHIKR%n32Xtygun=*`~V{tnlE{M=|2{h_5seqBv2L*
zM&}Y?J0d#1wUk`LdhqH<Vh7wK1`Q6m*wm@W_*C9O=*iS$G|7r<uy%W}7R?nDIzvDV
zzRcj`_PSUMd*seFp>MwC#v6^(w)D_xEb``e0}{A&=!png7{}N-h9r`tjIHlg6=U{7
zom=hQjT-{kK|97e1b!E_hT}JhV)eV@-}@Wuo}%TF$ak8^?ZYYJKn*D8=9I$Ssj%l6
z#05$w1%7i7r8xw>r-~9m(MST%K8KWk@v$bitjW5Zm=33fihT5MshW0GJ*u}J5zr;5
z#fYflDA12M#`Xx4Y-NUgH<KHGEO8scR*VSJC^%^yU91wvy>W(%hHvB^p({sY#ULWn
z0N>!VK(*@lnLnbdFM&?H+Q#)`W?VwfE%ripF`CNFFlokw--(Zs*oXgRf%R_8nK62f
zxK3^n1QAL&NM{o9!|BHFSF`yHI$}UhiSB#gS`M*F?TAHEv2AH%Qg$d?z8nbQu#j;Z
zj)3W8*UGYt{7KDaV{JaT{jF<M#(Hq~b@pLb4uqW_Ez11m;0}}8U73~}=vO(MF?r*@
zd{tNxSa&W28kM0e;!07v-!vON=rv2><2fwQ=?-jk^W2feE!gHSx%;I3X2KD58micY
zV_fxOihb2CJOs&DyehQrwzexZy8S!<PXU4tM+#HPDxHT8Msv^&6A`-DtZ^)3dZ}b;
zX_|OZ=`C_pU3bw_k({p$ApgVifl>vlSs+3GZVrSu)A#O;s=GN3wwMFLKkhBKQuPs$
z!|{?aXL~6<kr_rHeDAIZ0hQ4!F<3%r)F17T0V8-1`P))ahhBky=-@O1`y#mt17^o3
zN(_?WZ0m6{N7efus^!aYUVxHR5B4_^#l<VAO?6zkD-+2COD1rix^YQ}h^(34&xyQ0
z$!Ytk)W|>TL5ND_E!+AGj;I1Rj)NE*75j2_JDtnjWZwBo4bCd$SJ1(_nHLsdr2=3=
zElU+V7K;M|I8^}p5DTdH1TF$V&k-O&mRQ6#(NR@T-j_9TS2YTIG!ziAY>5r~5#U9v
z=mAbagjecEj%qQKwTg018^GA8=x-*TN2cF@#i@2P_5pvmYHuZ}=#6UkFX8?o=HXvH
z-0ek}aMiRhp~xtkN6S(&)=>yRIN0R87ZrfH!#132mw@WC&b2B%)k|2wunhb22!NG8
z`BjF6Y1CTdFtOyPaQEf{LQetEJy6ztHx7%BMR{R+pT~9KJYcH8Gwb!nkn$>TY`3)=
zimZX?Do6g;i%sHhWUuTg<>#dRea_^LiUs<uD|=sPP*7N=MSkal;S|)0WbV4MCe>|m
zz$=+7)Vj`ZGh985y?-eiP6Sx#2RcH2L+Uij?RBV8jIK{yPu<ya)f~P^Ue5NADAj`X
z*3#I=QOlC;OC8U6tDejQUF-JBo1JhGL~eNliVXK6*YuV_RLPBTSRj8DTN2M4{Ff4E
z(8nSINKgS)EP^Zmow__}O$2Z7LCNurEZ|8d_XbJI)cW6^@wi@pk#RNh(>(rX<K=w~
zE>o2PoIm>d;7Je(!n2S#6e|%%iN_8LG@&R{rhL=TcQc2Yh&}<R7q*(S>Ky{GbmI{;
zB|z*z?p7e{<8{G`ElwdZX~U!&H{`-EFGI|9p$t0GTv%q+ch>1)93R!{edAxM^j5%$
z99bMAIY&NU2`2Qsu!u+0n@El_&Ut8XqH6W?j;p*?bRB85+i%v*PT8ZeH2yc$$G}4(
zHkY4sGaj2y1cOOcGp?q~>Hzgdb4K~<=t<vb>^n|D&P7U}^m5fo+0^*zj5QG}_ipuV
z&pQ>7apVmcVzsaCFYufAK5cdVm*B=9!c*}CFdzWk)v6X3;!GFdWCh;fgyxv8j6V^;
z&F_Hx-bf(`=;HzY-;A8jBMv|Ocn>Q1;*;eMDjjTLx<V94xX%3_I^2vVEaeYb`#aL4
zoqRvxN(*8LMHL9JvWbd)X?0;_FX+)DvJH1Ts|zVDCaLr*2_e?8{B$Fa*UGfBr{V9>
zhZBJ<`nc;FN(2+E!36$i&pDmgitoOwF>%tr0oVP$?)-jBbK=95SC}iJRq>P12NUD>
zx-MMVz+HW}wbCbkWpey@?A47P#r`o+|E8(>u7UOz%KhGx=Q7SpkAZ<YueI`{08WJr
z+tepA_iR}<aUoSW;RCnp!^!+2dxbHPLgDwxY70^be^4$`C;48tp!RA(@9NCShrI-<
zso|@A*SP^cTJ~ky*CX1+3*+>jzkhma{s8@Fg(-P)KSDHs`3K0Rzw58GdfS92|J*oc
z0q<2lz<EvqVwGE<jR%xOFp~UP*^`kRy+*8zW&B$HB0kc&et$NZJdzDA=Q*hRzNlx{
zNpJo9&qCwb6nvO0M;%psI900bzbvMDh9Ma}9=N7oI4AJ}4l~IR$WVUty4KiRfH3j#
z^APV@D?#EuP3AG+n76y0DKiCnVm4VOKPf@5=|EWr6N<J8B~L^b5?&@t`#PVGZ?U=W
z{ENV5XS`S;|2N9huECZu%r(nzFL5NL1!lySI`oE@{YR?r)cJ2iFWId$%~~b*-ZN=U
z3&~z1CTc!Vp1GIj+x&(Vqrst++>u$P6%c80uZw5CZuF*oY>EJ{%T+zQ!L^iI9z_0c
z-&T9$-m}ivp&`1>g4$2pM_2OV{;U2nS2k3U_Jc{dBsY8_5eQleH$+iw;;3mHiPz~+
z?4llwEq#z-SF3&0(PJI{UXRm|lW+_4@GW0lP(}m=@uLI2p5~FEdNoc!3|D0P=am7K
zB>q~33tnP(aK#^Effu%2%!(R{;$KQ#(UHRwKtar(hjPT_)2mWL#;!ke(S0=_iU^;i
z4b7a<XGk)P)V*WuReC-psz3~;iJg(*?`QJ97dmb1eLpg=Bs~SS7PBVv1N|$ll#b@L
z4V0_F=5QO!gx?OaGReRc2_px<EPCNBh~oL@`%}sziP8_rRd-~>%Fd6skw7=)hP)e^
z`kDP3n?lh905&l(uXK}#NKs2-o5-t_W)wp)$^ox4tF48&rLWt21?#|`)7`%0+_gFW
z;ajqtH*x)$w}dx43g$?;Q{Gi^JFw?V6aQD49Y-R7ssi`sHA8BH16n0DCmNymR5g5I
zZBwm@?Rv)^s~t<JU#<_aqC6j)f2!$`>E*hb6*9v8bwXBYf6bvjZ-_bhOzQ;S+bl8t
zMAJ8IZH&nmVQ|T;Z%pLCzroY*3<C<dS}F_J9%xw^*z;&@+COm0Fbggn336A`%c(cB
zUa+x$|K+EVo3iSVi_@83%<7L?%_N@lZFTCwl%ic)`;RM#aIGsmv{rKk7UkPhj1S1o
zuiOk3%cqlWPlTDX^OIkmeX@43eJ&=?o(nFRfFwG@{+qB{NVV2}c`bnc6U(_}r1fDR
z+@FwDE_S3@#lYehl>2>L5{;QundKpknMctJ{!GQc&4Q}n8$a(+M{=B^&7+S6+VA5;
zBHHa;e_1(KID0#CN=OOJy78>d<lf!Rd!9alkgA79_+}T;XFp!O@L*mD$@=?>i1F0y
ztzTA_FUwMXUn*i?B~$!^m@hwWC&;v6hOu?32I`KVdIU=XuKIOxDK=xF9#o5{0yYrz
zBSqu++>~lt988%H`}D*0VP0zzNB~?nm@SqgaZKVyPzLHCWYU@axlD)EK^PYf%APd9
z{AUqM`LPF&-{8N>Lkk1U7Hi=FjC#PwA+A5yuE)8?7`Z&8KA;a|L7{ev=7(ls`p+B<
z(hfclIA0w|1S4j^b$YI2=pPL5RtwzG2K0OaE+yF)9~JqR5#Q5X&g`R;{Nk(y3wVGH
zMZu;rI8}hOn<X?U$@yr}mD1>QaQ9W;3+M7Hq=ngw6v}MmBGf$CIrllvzrLnC-(bRZ
zRqd8Dlq@5)=!W*_?$>YL0y3iAug)u#KHBls8!mx71s4%=p<l5~yt+cd2k8#PM4s3G
zvem=$My#iLtV^n!f%?>5{{;%$I%Bed*!cKO%0q^o^fU!cyn^QNzVO+`jEe{~;;QOX
zKPN?ztC7a-G|u^=Z?eKV<y|F%%I#sEn<RPuqlvU|x`HlOt%*NY1vEuXJFCxP#$8%W
zMjq;N_nEjU-%id=)*L9SBihKN)68`On{(+#jB1wFDakuXmXC}V4Y22oEgn+9o5AV$
zol55TSW>RyjwDj?5C~LFwxC_EcW75-d(zxmnGqxI8Cz4F3-&4|E|lm#$xpr_0S&d>
zq_~XmIoPMxKDm|%RY~6f@!T;<ggBA7sxb37iaW0_&!DJZ@jsH=Bapt~dyX@om3*oP
zFUF@8^vC4Yj93Y!YZ!0~?d5t5>#@<w{Oq-23a+CKpbPlB_j>#$ge^#C0`-}l?vxC-
z>MDnOzPqk)M%{EyO$rgPDC7bryadWx73isRZk&~iMVvS8bfq~NoU=poyGGw`26rcd
zN~m|PFq}h90wWB9ywA+3Z4Bi<Kh>~RC5sb(3mab7u_zUH=4`d&Ovsh?yM#f;$$_tk
z*Y8jpo!KpD6D+UEwkXDfiaz}uJh<k)(fLNLU9I6bUW1p}WrG){rfU6AC(a_V)Z%gR
zq?-MuX2ZAMl}zFCLuirDsWpl!knOO(*Q@E8!x3vgVI9ou0f~b1IL2rvLV<Qh66hx=
zJvn?m(S+t|kwIbck;57l+S#7#$pwjP>9E#2zEs*7fLAFW3^f1Bm_eW?*uKWh#A}<K
zjj{JWn-_&0BPhi#+?JEnbDFSwNY5_QY|e=CjA5!Yy2$<8P#1qm&xIwIL2@Q|OB_!{
zaax@%zl6)vL~p@V!+4UfyI;|~-8$3W6p=v>0FKlHW*MZFpU#>h1L{RlPikeNXuzV;
z<UpATrJbV;gcRE+M;CGoLVmVD;EW8I+TCn63mt@rqpqOC6;jLdUth{-qW{HocJ#i#
zujq1@(EM(r!!Z6jaK;DR{Au@&<}~1VDc)m=aY*-UmZBy^xpJW}S%;~A0L+U{UJ=<&
zQZrgiawI?=oJiRBEWFxv8j9N#%PH#n?D}0~h2eb|*ZhkuIoeGhJ#MC}2ikBEW4~sA
ziEsTP_;|KHh;5zsKrW?$4lyr}xMi~mxVw)}DtQRT9ejQk>D6Ri@ncu@)^c@hOjCq)
z(xOl09Toa0q-2%_Ls?(rRW%6dM`XhbsoP05J)mh4a-{+;XLl(R?~NXQ_xq%%fdZ?4
zs-PN|!$ozMj9WU)`)=z=dBc#W4@+KuMR#^bz=92jv=i8S|C0E-0rdNegQervsEZ=`
zt43g+j^mh?mtR6N7mm1#zvo5E@HJIr?7!`(w+y5K6Ht|SN<$3FVy|#>RIWK8%)9;z
zh8KNCXBwLnK>hh5(hB-cJ12aX=Aj9r0m{*d6>l!5Wco2w>07T)o_4>l`ic`BQBV8O
z*i4u2Zr^rv`b<x-bW?L>2Z$W!hT&MZRLf24tLj7X*WiiK9zYWoF0={7Cqv|jsB^Td
zjzm<m+YJr&gm-SnELO~%kvw(YX7D1HRE&OEp3BUF_J3iDayGKUt(WC|wB61L%eHdf
z2;t0a;p9mrrQwjZxiY#Bbx}Nt*U}haB-ZE6481xa?gNw<5ptAk%lizm1VB);Bq5cg
zcZw|fc|lZilxaw;n1OQDoK=XMHCZ(IXCA}rqH`D}WpzVk)?aQxm0Z5oHYM2P^Xcad
z>N%bQtUAAeh%ikvRd%htbaO|E$q%geb6M}>Q@F-}^EBjpeY+eQ!*6nM_*?mvTyP&4
zvJ*__Fsn>jy~g8LDOA13u?rE=?@|a77m4n0h`?Opfts4QS*MP1jAAv%M}sHpLIp5j
zJ3M<A08+As<IoH<^%y%m@HRcW%ZeRm6-n+?cO_;tw(;{~;los;mS)6RafFc-N6n)A
zG4Yze$iI%LroWD%osPc7PkmaQhgsVtH;Ra*;!URk*PTIL<7QW_njFzzR_*Ru$id6;
zI8Gz6yhF*XdK&XGS*cHi!OcfA6AqfH$K)QMrvE*hF&ctJqsiF<n0&sue27lIOiY-=
zZxo5>Yf8Sz<finX1f4+rx0ZWR|KM-tCaaKG&C+5M4}{b|o--6Rs~g~po2BEL-->G2
zEB>kWP<AwpN^!Hx-~c6qZ-uzm4S)oQd4ooXZL~iN-t$3m7XMy8q>>$t2O_NUApj_H
ziIEQk^2DR&xAR2~Q4!5|(X)3`yYG5Z!2lY(%42Cx1Rc#n55;X+85r*qnV#j|apsCb
zQKMJEvAV6u>!olik%fQI<$-Ow8K#Jvsoczsg_;XDE&*3Ov&0&g(D5j69%3e)1u|Qn
zjV%EyGQV9!4ycuY=aBP@_vn;-@LaiaX}PWwa(>ov!46tSLH*9Xrp*}zBgE_;;M0kz
z?czvZA1-XG*|m@hEldw)ame>CWl?~+N?kdFB6Gx}d<khfdcHe<p9;p|nO~}*!;E1N
zS_zJv|HcR^&qThboKRnnSS&@CiX(Dz(WU^RCs#&LvdqIr;u9f(B^b8TjQGO)K-Nz(
zaD>%6xUiDx?m5M~bTwwWQ+^T?`Sddwf@YXJL}hhjx(HA-ts28;IYzU@TUGj!8FF%w
z*}oV!h}TfWaP_lgUN+1$C54+L)`qdF=2Dh^!ozER4=<+(jgnYzQfj&I73h)&{l*2O
zrPW{^SgtgBV5vOOmn<ut{|*nl%dHcaMh_pN2A7gonrkNT!896U1N4jvwt8Els!9a4
z=a`UBVs&DBn7Yk!Kt&8-A6J_^{)9)$l+if`Nv!$JBp9HYuPPPt2!qJXwxf{Iv(+&%
zB~pi|H(htT(AoSgSrBV@Z1>&Sn384H>}cl1Ph{vL8*md1^{3Eyw4k=Cs=hDO_%W6h
zyzuDO-GBDn+GUfb<;T!BM6P};>tm9!KulJ!OoQ@3!!17ceVM1CObr6-jr!K0mJrzN
z#R{3^pl&V%6?phwJ#>-exi!%Y!=iqvvW)_)1L(-UP>2h>;ZDiZ{DUA(0A5gb_U(lH
zSZ*+k46Y@i=75&rQEtX`)^E$rTYOeViNpgdW@<`iR#!_)Pn*_Co5+fMn^miAD(f4o
zSlA;|#;Qx<NowJP%EqQ~p9krzPh^bo#14c;o0uZ<2MPXRIaGVHjVRlRVQgQsVcz8C
zH?u;*dKJzBfO;eVpw%-dFy&~j*q1Py%_P$}Aw3Um5C9Ym!EDa5We~dZ+@1w1bu4GX
z7;q>&i&Z}sL8Tzga+7sG6WtqHJSMwE7#mioP%od>TFO74ZrP`ePJ2aYkf|`qUp8;A
z=W-=icepk{;kxh9+u5KG5PNUsaUlnV&G$K>zMMd_Q1@^z94~C9C)>z!vuC~xXzl8I
z-4zT#&aiv-DIpHX%;LR(HL3i5Z})xE{v?}D)DS8iXcHnsS4pgMq=!#8IvH(b_t!fE
zhyP6-9lAo-Zu9SxW9zz%>GG}QS{s7h-%soOE7Euy4B#Vv4!m%~J$o?J6QWT}GA#n_
zbPhekz41rWiO<KVh!1{152;g#rn@DJ{?ITeza#jm;cOeJ^KLTy6Tmvz+#0dbsb2g7
zgysfFoB{X&OqN>USMDR(VVgv?3^H#MKkpI0gZ65>n{TgHe$R<N=Mckih%C-ZKvHP6
zYnm3nLV6T_RufNqC^I#vpo#V*lvD>-uPCBCXGfBbP{Ep`=hnf$O(gJgsw)6Iw*j1v
zMJ)y+>X{`kx%63shArbc^><!e?0aF7Wma)ZP1npyi`WMM7pp;C3^ijVZNg41FIiXV
z+!_2>;xWoB*qGjo+%#cHLiY#sjRa&hiWozCKeNxP0V1El5xJwvnEURF-P2^K*c2q6
zgrX9V7d0d`0<=3dJVtKoTe-;235;)fyt-@6<7X`kj~~CXs{Oi;E7Vk(`}{x|!ob;V
zKu5|&aP{#53#7YRVmY&=UEpb_S#>s{pgW+>Q0BhpEaU6?EERQT1wuA@78#>C3OT7x
zk;$G@L%lH?rDOAh<^J`+ke$wRO6#MF$}HyC9tjQj0txjdcq}B}w5QN)#=rNgj%=sR
zFfqjC&R%Cpn6}bMTCW{;`ZkC0W!VF39_GHjfB|Jk>)y`E0boONPZRxvLTBP!Q9RN_
zcTA1Q8AC68nfa$8=pw)<On?rF1xE$*>%cDXF@zu8lgMCk)B5k4`MqFGVEN!~7ZrSg
z@4k9S{){S+O{j_QyI#cHkWXdX^aGiZT9?tt=>W;tBF6eDj<mmv-ijbr0c=E^P+V}=
zb{@+d8F_$3+4*;fn>PK~8FctIILBLmYIa}l^8<;`BX)$*7fk;?E&@}IssqfkC73`V
zQ~6MJw9Mz3xFuv@e0_)+yYP*$S~T>DU&~D^<S`lfAC)Ejp7r4HrLV2b{Y2#QKMOMr
z{&5SD%im^ezTg(O){ePvM+JB9JebX3d3uu7;yMS(MXWl)cW%(Dd+yi8zsq+#nN2IJ
zjv&CGYYQp9cc&&W6UfAA61?T%6I3w72aPxZSpN$~sIBTJbuE4Q!8}StQfE;EB$x{R
zbvk8Y%e?6zcdh>2;E*QpO`a;t`@Z*GU8nqqSH2%2oa=^;SJaOl;AWBPO&F!!xg@R5
zV+zx&SIshHXe}1CLqg6!S!evqyqb;N!J=x(P*wj$a|+W51$pJl+QjO{;k`A5rTmu@
zSuW-^l<p7w)^Gr*)KGZOmAw##yzfbTi+b{Q%sJonTh@)3P2XwEG>Op~yRiHPq)S-;
zL0o@BKrXzhS}{ky!EXE@Z0J%~`+k6|NsMjBs2?OcYK-`$?#>rFHSZu`TN_jY(Se2>
zFQ5dc1{yK@gc7jeY@gHIKztoTe;tPwn&-x7hzs1sd^=_Bi{b#PHW-Ev?q2Qz@Mvfl
z8gW2Daa+7wGl}r@L*k}U2WUjttnOUX6Fe1a)xWd0zVUT;5Mj|jMuY1HXCnUscruhj
z2muDME?Yc|{rC;X$_mCk_8~*B^0bLlTX5UEJ9j=Jzwgp^2gfK(-ocPf*CvPCup<TZ
z_U!jJC*MX153_DadVFEQo_<@N{k~10iQR!+y1XVF4DrS?Jw)!ko7+`+-_3S&t&PNZ
z1%U9(Gz$|u*!%Ztv5%`xQCw@^&A-!sT3(>ZiaoAv-V+b((7oCujo;6w(A3ZPpuYd|
zo!*~JU~RM7gTL68S!;fyy?p)q@9HPN{jP!!5@7f6EDb`xUx0tdST1;c|Mdfpk0$cN
zgE~Y7|D*}GRlj5C41qx)t?@JRYN$hvuYU?=Fr*9k((gN2Gl%zQ4k8~MLiU@AUnIv_
z9?7^I);&GiRXA)wB|iFo)N*s}$(g@<41YUv{`v(Rbz2@9P5*uI{)_i4L#5^M%b?@Y
zoa6DQ$CES1uf8A8pibtV9$%sUr39VW$+rhRJz1GKdH4O~J?eD*%;^Wq)2*OWhw_oP
zPfx$joPPU$`W;2zJ44^Mr2h({|H+}#51-Qi&d^W3)9ENQoq<)%ah9r+%*3hSxj4J7
zmyQuvM_}Bm^j#owS2h>tK3vSj8Qc+bdcA2}C~eOwfG2KUZ~?G=HBN6nn%`54*xfX4
zy*6NocDBJ7)rvDPdNTC*@QN&5P(puUe8&?GFqCR_1a2)ae7)3s{w8a{zsiRKH}GX1
zgeRFW0{SWE{lb3<bC#MdMDhbzqufR}C`!U*k+y!<13HM*6_@91%-$U_|F1aH`fhZH
z`9s~2GgFjwgB%Ih<#5NB^yc&Zn#^Cl`t00$o}1a7{j^B-uK4(F<xdcm`|^fJ1)`ZH
zv6>IWn#iIsw{9RgbZ7EEkrn#8fsUY0Yl0zHfpu^9>%5mDCj0fjlIbxTDu?|`&u8kc
zzCShDIDBwwYM46p@n+9wuZs3UlRKH#J%`>x0Pnqv<PPHUcWq|bcA9RklFW=aLgOb*
z53Td~L#w*3@}542tzC!#*X8g%10IjU5JNuy_7LruXp-ASp}3!W7qPcELXAXjEB`PO
zE3gYSmM9PZVJuwU6*A#uQnF<t*ESz&s?huMhbexDBg{-`QhDD@`HfwexjeGu$A}X#
zI?N(}wI*yt_51uAQH?+Gik253DfN~*ml)cu^w~v}=h#u#ep)ATrTjB?NSfQ(m?}0Z
z+v+H8wGWzKc=yKE`WwpvjvjB}d{N}Bp|Ot;<bDC8Lt?(p9h@`oMlksimM{&i(aoI_
z9cz-=6RRpN3l_66t^ID7lG&}BC~HxrmniKRGnSIcHhAq>km5w3Q_z;F&)Y-=cE%)Z
z@S{olJMs3xh1q7yMJ{<|5&voUAoCqSAaK)vV(MTn;PQ2DKGM^~FC9`0+0*WS9-kx;
zWR}oXd}RG}z2E_dL_Vg0OW>3wV%wd(FpKIFb;D=%o;ah<7Ekrah--D3x-yJO50&cq
z(=9*Fq+q2^N1@p<sgFLKU_Dfx1YS5DJ(tZO^5My2I>xCQ&iy*->h2Ne_SIX+T`F_?
z8;7{-ohuH1Q(7U0Je73yT$c4kS6624hafSQL6K3eun3^`OA^y+sf%s%9ZxFq3oS93
z>+nGqB>u3eMDdPEYoJS!0PS)?$`ba`!N--L+nZZoAI*GcK6&73`O*KZ5|BoHGy#te
zE^OjF`lsg}{>VV>x~*~=y;*SPGDw}3&Ef02AF1(2!AsBO7`7d&5+u0wpDnvTk1BuM
znNoYk=-qx&?Xeu=wf?DE5TN-!Zc<c|HDm$Mj5+?}c2_v^??UC3Qsd&D)uc1Y$E?v5
zOgW(`<VhE@Q4D%{jWaV5-QRps=k>~ExVI9?dh?Txz_2hwsyO-?HOVb5%q$_@LpzC_
z<JwhX)nXW4d<@X&*hJB>wI81bj-Rk_%TKLOx~u5dg3vd<DBZC_JEEZqvnoijF-V4_
zPQF#HGq)WhZ~mf|;IwEw7_{*Yrlk7~l!tg$R>4zu7a<z?EmW!I>R8|(rL(7U36Q0%
zU8@oVmRbI0u$+;Qwa<&^iUApG{s_G)DT6huIV>um!dTT!Cv7zlTODj{KuH@M0Wf#6
z2P#-2R7qC5BbRayx#p6=CRM;~W`n<JFEj1YvGx{T3_9YTCSs<}61QC2cb0&jw8Gx8
zDUTHvcXZ-sHn-E-0)3XM(fACtk{e%@%6{^RnTyx09it@BG8j^ij@~K4Q@5HZz<Vf_
z8>W3tw~JnXD~TL>HoB_d0)45*W_TPME>RsdjvGoo+J9k9nZ#C8y`P|KEYkVx?jz0b
z=w=j5L%w+nxvuz-{&SxRjNNyla(vDfa(X>y#8xY<{@DaoZF9G*zE)8jVdi^OS-Pey
zcYZ-SHFVkbDUG9^^XRkHGZDM$<+^&~Ehd{%^#`@u=OitPWTL8^?aQq=8wR?+I9#o=
ze|q$=!Ofh>aXhxHrD8$MYs*-f|9sw+C8V^CXz}=+Yix6KMcTghvc`)&1wryVx$HXc
zM}l=yCk^zk*fv};-i;9M|7|a3B%dZ{HkjpF_yM=v$C;Mtpg!Td)1+wjpAg))t+vI?
zd*@3jy&KG-yzF*e)QCOvb?|@f_jO*0*i<hYHvQL<8xcTG&1m%0aep(>?}qg6+6iUJ
zb4s-f3hvOK*2Lnw2E{v@%Q4k>wNKrz%<iPE=?UwY+|Bdcu#kSt4}2YDQU5Fu5^2?P
zKi2J8?>g7Ru908qVg<b}fXY8KG`h(P!=?ZNH$Sf~xMGKG&Knd-=@5dT=~){u1YhU4
z>AHBH{qw1xr986v(3FPLh^M^Xx%)x@v!dl$xe9_fa!sFHlqmLJ(v`c*y9ETRMVnD?
zPVtPX-Pt3t3}oHf`PM@-z4V)v$qL}?WR)?yYZbVyYg>_%?Kw3)t}bVE<^!$Du>HMU
z2mS53go2~8%#}TTzUUlRwAx5f5j4LP$KvD@$sMhbc6%=#rT%?GIJ~n>E<oUeiYIv7
zcrDxB?yOu*sZDP!XPqFEF<Ot!vw!!e=uZCLwUaq?PPLZ12$O10qH^e~>${o%Fct5Q
z#mT&Y#m}nAf6;XCYsI-YLJG1~9GIad#o9QDo2iGbzXZZ0a${IR3G&0$<8mdVSA=Jh
zy<WYRw<*t!sUj{;`K8l-F0@E6o%K7(Wm06U@a$?hmO;+e*_BnoYPaV(GEFlR_^t@L
z&fXGpZitmE%qe%0<W!!RgGYR*t~os4CAcvkS0c8-iZULO?$3R3WmT5zt*Wll+Mel?
zV1Z5O;lWspNN52|&8GAW(}Zn*Xz}~uEs3<4DSxH?yr2&t7&T_*#%UNC?z*if89SGq
c5MCqc`q|Vw_Ram%@Ot_x<UF@A0RS}q2kup0sQ>@~

literal 0
HcmV?d00001

diff --git a/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
new file mode 100644
index 0000000000..7521ff29ba
--- /dev/null
+++ b/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -0,0 +1,49 @@
+---
+title: Implementing Your Windows Firewall with Advanced Security Design Plan (Windows 10)
+description: Implementing Your Windows Firewall with Advanced Security Design Plan
+ms.assetid: 15f609d5-5e4e-4a71-9eff-493a2e3e40f9
+author: brianlic-msft
+---
+
+# Implementing Your Windows Firewall with Advanced Security Design Plan
+
+
+The following are important factors in the implementation of your Windows Firewall with Advanced Security design plan:
+
+-   **Group Policy**. The Windows Firewall with Advanced Security designs make extensive use of Group Policy deployed by Active Directory Domain Services (AD DS). A sound Group Policy infrastructure is required to successfully deploy the firewall and IPsec settings and rules to the computers on your network. [Group Policy Analysis and Troubleshooting Overview](http://technet.microsoft.com/library/jj134223.aspx) (http://technet.microsoft.com/library/jj134223.aspx) can help you review and change, if necessary, your Group Policy infrastructure.
+
+-   **Perimeter firewall**. Most organizations use a perimeter firewall to help protect the computers on the network from potentially malicious network traffic from outside of the organization's network boundaries. If you plan a deployment that includes a boundary zone to enable external computers to connect to computers in that zone, then you must allow that traffic through the perimeter firewall to the computers in the boundary zone.
+
+-   **Computers running operating systems other than Windows**. If your network includes computers that are not running the Windows operating system, then you must make sure that required communication with those computers is not blocked by the restrictions put in place by your design. You must do one of the following:
+
+    -   Include those computers in the isolated domain or zone by adding certificate-based authentication to your design. Many other operating systems can participate in an isolated domain or isolated server scenario, as long as certificate-based authentication is used.
+
+    -   Include the computer in the authentication exemption list included in your design. You can choose this option if for any reason the computer cannot participate in the isolated domain design.
+
+## How to implement your Windows Firewall with Advanced Security design using this guide
+
+
+The next step in implementing your design is to determine in what order each of the deployment steps must be performed. This guide uses checklists to help you accomplish the various deployment tasks that are required to implement your design plan. As the following diagram shows, checklists and subchecklists are used as necessary to provide the end-to-end procedure for deploying a design.
+
+![wfas implementation](images/wfas-implement.gif)
+
+Use the following parent checklists in this section of the guide to become familiar with the deployment tasks for implementing your organization's Windows Firewall with Advanced Security design.
+
+-   [Checklist: Implementing a Basic Firewall Policy Design](../p_server_archive/checklist-implementing-a-basic-firewall-policy-design.md)
+
+-   [Checklist: Implementing a Domain Isolation Policy Design](../p_server_archive/checklist-implementing-a-domain-isolation-policy-design.md)
+
+-   [Checklist: Implementing a Domain Isolation Policy Design](../p_server_archive/checklist-implementing-a-domain-isolation-policy-design.md)
+
+-   [Checklist: Implementing a Certificate-based Isolation Policy Design](../p_server_archive/checklist-implementing-a-certificate-based-isolation-policy-design.md)
+
+The procedures in these checklists use the Group Policy MMC snap-in interfaces to configure firewall and connection security rules in GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](../p_server_archive/windows-firewall-with-advanced-security-administration-with-windows-powershell.md). This guide recommends using GPOs in a specific way to deploy the rules and settings for your design. For information about deploying your GPOs, see [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) and the checklist [Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md).
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/install-active-directory-certificate-services.md b/windows/keep-secure/install-active-directory-certificate-services.md
new file mode 100644
index 0000000000..a7a4ace49e
--- /dev/null
+++ b/windows/keep-secure/install-active-directory-certificate-services.md
@@ -0,0 +1,77 @@
+---
+title: Install Active Directory Certificate Services (Windows 10)
+description: Install Active Directory Certificate Services
+ms.assetid: 6f2ed8ac-b8a6-4819-9c21-be91dedfd619
+author: brianlic-msft
+---
+
+# Install Active Directory Certificate Services
+
+
+To use certificates in a server isolation or domain isolation design, you must first set up the infrastructure to deploy the certificates. This is called a public key infrastructure (PKI). The services required for a PKI are available in Windows Server 2012 in the form of the Active Directory Certificate Services (AD CS) role.
+
+**Caution**  
+Creation of a full PKI for an enterprise environment with all of the appropriate security considerations included in the design is beyond the scope of this guide. The following procedure shows you only the basics of installing an issuing certificate server; it is appropriate for a test lab environment only. For more information about deploying AD CS in a production environment, see [Active Directory Certificate Services Overview](e37b2335-0796-449f-aaf4-0520e508f47d) in the Windows Server 2012 Technical Library (http://technet.microsoft.com/library/hh831740.aspx).
+
+ 
+
+To perform this procedure, the computer on which you are installing AD CS must be joined to an Active Directory domain.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of both the Domain Admins group in the root domain of your forest, and a member of the Enterprise Admins group.
+
+**To install AD CS**
+
+1.  Log on as a member of both the Enterprise Admins group and the root domain's Domain Admins group.
+
+2.  Click **Server Manager** in the taskbar. The Server Manager console opens. Click **Add roles and features**.
+
+3.  On the **Before you begin** page, click **Next**.
+
+4.  On the **Select installation type** page, ensure **Role-based or feature-based installation** is selected and click **Next**.
+
+5.  On the **Select destination server** page, ensure your server is selected and click **Next**.
+
+6.  On the **Select Server Roles** page, select **Active Directory Certificate Services**, and then click **Add Features** and then click **Next**.
+
+7.  On the **Select features** page, click **Next**.
+
+8.  On the **Active Directory Certificate Services** page, click **Next**.
+
+9.  On the **Select role services** page, ensure **Certification Authority** is selected and click **Next**.
+
+10. On the **Confirm installation selections** page, click **Install**.
+
+    After installation completes, click close.
+
+11. On the Server Manager Dashboard, click the Notifications flag icon and then click **Configure Active Directory Certificate Services on the destination server**.
+
+12. On the **Credentials** page, ensure the default user account is a member of both the local Administrators group and the Enterprise Admins group and then click **Next**.
+
+13. On the **Role Services** page, click **Certification Authority**, and click **Next**.
+
+14. On the **Setup Type** page, ensure **Enterprise CA** is selected, and click **Next**.
+
+15. On the **CA Type** page, ensure **Root CA** is selected, and then click **Next**.
+
+16. On the **Private Key** page, ensure **Create a new private key** is selected, and then click **Next**.
+
+17. On the **Cryptography for CA** page, keep the default settings for CSP (**RSA\#Microsoft Software Key Storage Provider**) and hash algorithm (**sha1**), and determine the best key character length for your deployment. Large key character lengths provide optimal security, but they can affect server performance. It is recommended that you keep the default setting of 2048 or, if appropriate for your deployment, reduce key character length to 1024. Click **Next**.
+
+18. On the **CA Name** page, keep the suggested common name for the CA or change the name according to your requirements, and then click **Next**.
+
+19. On the **Validity Period** page, in **Specify the validity period**, type the number and select a time value (Years, Months, Weeks, or Days). The default setting of five years is recommended. Click **Next**.
+
+20. On the **CA Database** page, in **Certificate database location** and **Certificate database log location**, specify the folder location for these items. If you specify locations other than the default locations, make sure that the folders are secured with access control lists (ACLs) that prevent unauthorized users or computers from accessing the CA database and log files.
+
+21. Click **Next**, click **Configure**, and then click **Close**.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/isolated-domain-gpos.md b/windows/keep-secure/isolated-domain-gpos.md
new file mode 100644
index 0000000000..0b6a5cf020
--- /dev/null
+++ b/windows/keep-secure/isolated-domain-gpos.md
@@ -0,0 +1,28 @@
+---
+title: Isolated Domain GPOs (Windows 10)
+description: Isolated Domain GPOs
+ms.assetid: e254ce4a-18c6-4868-8179-4078d9de215f
+author: brianlic-msft
+---
+
+# Isolated Domain GPOs
+
+
+All of the computers in the isolated domain are added to the group CG\_DOMISO\_IsolatedDomain. You must create multiple GPOs to align with this group, one for each Windows operating system that must have different rules or settings to implement the basic isolated domain functionality that you have in your isolated domain. This group is granted Read and Apply Group Policy permissions on all the GPOs described in this section.
+
+Each GPO has a security group filter that prevents the GPO from applying to members of the group GP\_DOMISO\_No\_IPsec. A WMI filter is attached to each GPO to ensure that the GPO is applied to only the specified version of Windows. For more information, see the [Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md) section.
+
+The GPOs created for the Woodgrove Bank isolated domain include the following:
+
+-   [GPO\_DOMISO\_IsolatedDomain\_Clients](../p_server_archive/gpo-domiso-isolateddomain-clients.md)
+
+-   [GPO\_DOMISO\_IsolatedDomain\_Servers](../p_server_archive/gpo-domiso-isolateddomain-servers.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/isolated-domain.md b/windows/keep-secure/isolated-domain.md
new file mode 100644
index 0000000000..498d66aac0
--- /dev/null
+++ b/windows/keep-secure/isolated-domain.md
@@ -0,0 +1,67 @@
+---
+title: Isolated Domain (Windows 10)
+description: Isolated Domain
+ms.assetid: d6fa8d67-0078-49f6-9bcc-db1f24816c5e
+author: brianlic-msft
+---
+
+# Isolated Domain
+
+
+The isolated domain is the primary zone for trusted computers. The computers in this zone use connection security and firewall rules to control the communications that can be sent between computers in the zone.
+
+The term *domain* in this context means a boundary of communications trust instead of an Active Directory domain. In this solution the two constructs are very similar because Active Directory domain authentication (Kerberos V5) is required for accepting inbound connections from trusted computers. However, many Active Directory domains (or forests) can be linked with trust relationships to provide a single, logical, isolated domain. In addition, computers that authenticate by using certificates can also be included in an isolated domain without joining the Active Directory domain.
+
+For most implementations, an isolated domain will contain the largest number of computers. Other isolation zones can be created for the solution if their communication requirements differ from those of the isolated domain. Examples of these differences are what result in the boundary and encryption zones described in this guide. Conceptually, the isolated domain is just the largest isolation zone, and a superset to the other zones.
+
+You must create a group in Active Directory to contain members of the isolated domain. You then apply one of several GPOs that contain connection security and firewall rules to the group so that authentication on all inbound network connections is enforced. Creation of the group and how to link the GPOs that apply the rules to its members are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](cdbe81c3-6dbf-41c2-b003-3ac4fd4e67dd) section.
+
+The GPOs for the isolated domain should contain the following connection security rules and settings.
+
+## GPO settings for isolated domain members running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008
+
+
+GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 should include the following:
+
+-   IPsec default settings that specify the following options:
+
+    1.  Exempt all ICMP traffic from IPsec.
+
+    2.  Key exchange (main mode) security methods and algorithm. We recommend that you use at least DH4, AES and SHA2 in your settings. Use the strongest algorithm combinations that are common to all your supported operating systems.
+
+    3.  Data protection (quick mode) algorithm combinations. We recommend that you do not include DES, or MD5 in any setting. They are included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems.
+
+        If any NAT devices are present on your networks, use ESP encapsulation. If isolated domain members must communicate with hosts in the encryption zone, ensure that you include algorithms that are compatible with the requirements of the encryption mode policies.
+
+    4.  Authentication methods. Include at least computer-based Kerberos V5 authentication. If you want to use user-based access to isolated servers, then also include user-based Kerberos V5 as an optional authentication method. Likewise, if any of your isolated domain members cannot use Kerberos V5 authentication, then include certificate-based authentication as an optional authentication method.
+
+-   The following connection security rules:
+
+    -   A connection security rule that exempts all computers on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, where possible, instead of discrete addresses, if applicable in your environment.
+
+    -   A connection security rule, from any IP address to any, that requires inbound and requests outbound authentication by using Kerberos V5 authentication.
+
+        **Important**  
+        Be sure to begin operations by using request in and request out behavior until you are sure that all the computers in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the policy to require in, request out.
+
+         
+
+-   A registry policy that includes the following values:
+
+    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
+
+    **Note**  
+    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
+
+     
+
+**Next: **[Boundary Zone](../p_server_archive/boundary-zone.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/isolating-windows-store-apps-on-your-network.md b/windows/keep-secure/isolating-windows-store-apps-on-your-network.md
new file mode 100644
index 0000000000..019fcfc553
--- /dev/null
+++ b/windows/keep-secure/isolating-windows-store-apps-on-your-network.md
@@ -0,0 +1,343 @@
+---
+title: Isolating Windows Store Apps on Your Network (Windows 10)
+description: Isolating Windows Store Apps on Your Network
+ms.assetid: fee4cf1b-6dee-4911-a426-f678a70f4c6f
+author: brianlic-msft
+---
+
+# Isolating Windows Store Apps on Your Network
+
+
+When you add new computers and devices that are running Windows 8 to your network, you may want to customize your Windows Firewall configuration to isolate the network access of the new Windows Store apps that run on them. Developers who build Windows Store apps can declare certain app capabilities that enable different classes of network access. A developer can decide what kind of network access the app requires and configure this capability for the app. When the app is installed on a computer running Windows 8, appropriate firewall rules are automatically created to enable access. Administrators can then customize the firewall configuration to further fine-tune this access if they desire more control over the network access for the app.
+
+For example, a developer can decide that their app should only connect to trusted local networks (such as at home or work), and not to the Internet. In this way, developers can define the scope of network access for their app. This network isolation prevents an app from accessing a network and a connection type (inbound or outbound) if the connection has not been configured for the app. Then the network administrator can customize the firewall to further restrict the resources that the app can access.
+
+The ability to set and enforce these network boundaries ensures that apps that get compromised can only access networks where they have been explicitly granted access. This significantly reduces the scope of their impact on other apps, the computer, and the network. In addition, apps can be isolated and protected from malicious access from the network.
+
+When creating new Windows Store apps, a developer can define the following network capabilities for their app:
+
+-   **Home\\Work Networking**
+
+    Provides inbound and outbound access to intranet networks that the user has designated as a home or a work network, or if the network has an authenticated domain controller.
+
+-   **Internet (Client)**
+
+    Provides outbound access to the Internet and untrusted networks, such as airports and coffee shops (for example, intranet networks where the user has designated the network as Public). Most apps that require Internet access should use this capability.
+
+-   **Internet (Client and Server)**
+
+    Provides inbound and outbound access to the Internet and untrusted networks, such as airports and coffee shops. This capability is a superset of the **Internet (Client)** capability, and **Internet (Client)** does not need to be enabled if this capability is enabled.
+
+-   **Proximity**
+
+    Provides near-field communication (NFC) with devices that are in close proximity to the computer. Proximity may be used to send files or connect with an application on a proximate device.
+
+**In this document**
+
+To isolate Windows Store apps on your network, you need to use Group Policy to define your network isolation settings and create custom Windows Store app firewall rules.
+
+-   [Prerequisites](#bkmk-prereq)
+
+-   [Step 1: Define your network](#bkmk-step1)
+
+-   [Step 2: Create custom firewall rules](#bkmk-step2)
+
+## Prerequisites
+
+
+-   A domain controller is installed on your network, and your computers are joined to the Windows domain.
+
+-   Your Windows Store app is installed on your client computer.
+
+-   The Remote Server Administration Tools (RSAT) are installed on your client computer. When you perform the following steps from your client computer, you can select your Windows Store app when you create Windows Firewall rules.
+
+    **Note**  
+    You can install the RSAT on your computer running Windows 8 from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkID=238560).
+
+     
+
+## <a href="" id="bkmk-step1"></a>Step 1: Define your network
+
+
+The **Home\\Work Networking** capability enables access to intranet resources. Administrators can use Group Policy settings to define the scope of the intranet. This ensures that Windows Store apps can access intranet resources appropriately.
+
+The Windows Store Internet Explorer app that is included with Windows 8 uses the network capabilities to detect which zone it should use. The browser uses the network capabilities to ensure that it operates in the correct security zone.
+
+A network endpoint is considered part of the **Home\\Work Network** if:
+
+-   It is part of the local subnet of a trusted network.
+
+    For example, home users generally flag their network as Trusted. Local computers will be designated as such.
+
+-   A computer is on a network, and it is authenticated to a domain controller.
+
+    -   Endpoints within the intranet address space are considered private.
+
+    -   Endpoints within the local subnet are considered private.
+
+-   The computer is configured for DirectAccess, and the endpoint is part of the intranet address space.
+
+The intranet address space is composed of configured Active Directory sites and subnets, and it is configured for Windows network isolation specifically by using Group Policy. You can disable the usage of Active Directory sites and subnets by using Group Policy by declaring that your subnet definitions are authoritative.
+
+Any proxies that you configure or that are automatically configured with proxy autoconfiguration (by using Web Proxy Auto-Discovery (WPAD) protocol) are exempt from the intranet zone. You can add proxy addresses by using Group Policy.
+
+All other endpoints that do not meet the previously stated criteria are considered endpoints on the Internet.
+
+**To configure a GPO that defines your intranet address space**
+
+1.  Open the Group Policy Management snap-in (gpmc.msc) and edit the Default Domain Policy.
+
+2.  From the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Administrative Templates**, expand **Network**, and click **Network Isolation**.
+
+3.  In the right pane, double-click **Private network ranges for apps**.
+
+4.  In the **Private network ranges for apps** dialog box, click **Enabled**. In the **Private subnets** text box, type the private subnets for your intranet, separated by commas if necessary.
+
+    For example, if the Contoso intranet is defined as 10.0.0.0 with a subnet mask of 255.255.255.0, you would type 10.0.0.0/24 in the **Private subnets** text box.
+
+5.  Double-click **Subnet definitions are authoritative**.
+
+    If you want the subnet definitions that you previously created to be the single source for your subnet definition, click **Enabled**. Otherwise, leave the **Not Configured** default so that you can add additional subnets by using local settings or network isolation heuristics.
+
+**To configure the proxy addresses for the intranet and Internet**
+
+1.  Double-click **Internet proxy servers for apps**. Click **Enabled**, and then in the **Domain Proxies** text box, type the IP addresses of your Internet proxy servers, separated by semicolons.
+
+2.  Double-click **Intranet proxy servers for apps**. Click **Enabled**, and then in the IP address text box, type the IP addresses of your intranet proxy servers, separated by semicolons.
+
+3.  Double-click **Proxy definitions are authoritative**.
+
+    If you want the proxy definitions that you previously created to be the single source for your proxy definition, click **Enabled**. Otherwise, leave the **Not Configured** default so that you can add additional proxies by using local settings or network isolation heuristics.
+
+## <a href="" id="bkmk-step2"></a>Step 2: Create custom firewall rules
+
+
+Windows Store apps can declare many capabilities in addition to the network capabilities discussed previously. For example, apps can declare capabilities to access user identity, the local file system, and certain hardware devices.
+
+The following table provides a complete list of the possible app capabilities.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Capability</th>
+<th>Name</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><strong>Internet (Client)</strong></p></td>
+<td><p>internetClient</p></td>
+<td><p>Your outgoing Internet connection.</p></td>
+</tr>
+<tr class="even">
+<td><p><strong>Internet (Client &amp; Server)</strong></p></td>
+<td><p>internetClientServer</p></td>
+<td><p>Your Internet connection, including incoming unsolicited connections from the Internet The app can send information to or from your computer through a firewall. You do not need to declare <strong>internetClient</strong> if this capability is declared.</p></td>
+</tr>
+<tr class="odd">
+<td><p><strong>Home\Work Networking</strong></p></td>
+<td><p>privateNetworkClientServer</p></td>
+<td><p>A home or work network. The app can send information to or from your computer and other computers on the same network.</p></td>
+</tr>
+<tr class="even">
+<td><p><strong>Document Library Access</strong></p></td>
+<td><p>documentsLibrary</p></td>
+<td><p>Your Documents library, including the capability to add, change, or delete files. The package can only access file types that are declared in the manifest. The app cannot access document libraries on HomeGroup computers.</p></td>
+</tr>
+<tr class="odd">
+<td><p><strong>Picture Library Access</strong></p></td>
+<td><p>picturesLibrary</p></td>
+<td><p>Your Pictures library, including the capability to add, change, or delete files. This capability also includes Picture libraries on HomeGroup computers and picture file types on locally connected media servers.</p></td>
+</tr>
+<tr class="even">
+<td><p><strong>Video Library Access</strong></p></td>
+<td><p>videosLibrary</p></td>
+<td><p>Your Videos library, including the capability to add, change, or delete files. This capability also includes Video libraries on HomeGroup computers and video file types on locally connected media servers.</p></td>
+</tr>
+<tr class="odd">
+<td><p><strong>Music Library Access</strong></p></td>
+<td><p>musicLibrary</p></td>
+<td><p>Your Music library, including the capability to add, change, or delete files. This capability also includes Music libraries on HomeGroup computers and music file types on locally connected media servers.</p></td>
+</tr>
+<tr class="even">
+<td><p><strong>Default Windows Credentials</strong></p></td>
+<td><p>defaultWindowsCredentials</p></td>
+<td><p>Your Windows credentials for access to a corporate intranet. This application can impersonate you on the network.</p></td>
+</tr>
+<tr class="odd">
+<td><p><strong>Removable Storage</strong></p></td>
+<td><p>removableStorage</p></td>
+<td><p>A removable storage device, such as an external hard disk, USB flash drive, or MTP portable device, including the capability to add, change, or delete specific files. This package can only access file types that are declared in the manifest.</p></td>
+</tr>
+<tr class="even">
+<td><p><strong>Shared User Certificates</strong></p></td>
+<td><p>sharedUserCertificates</p></td>
+<td><p>Software and hardware certificates or a smart card, which the app uses to identify you. This capability can be used by an employer, a bank, or government services to identify you.</p></td>
+</tr>
+<tr class="odd">
+<td><p><strong>Location</strong></p></td>
+<td><p>location</p></td>
+<td><p>Provides access to the user's current location.</p></td>
+</tr>
+<tr class="even">
+<td><p><strong>Microphone</strong></p></td>
+<td><p>microphone</p></td>
+<td><p>Provides access to the microphone's audio feed.</p></td>
+</tr>
+<tr class="odd">
+<td><p><strong>Near-field Proximity</strong></p></td>
+<td><p>proximity</p></td>
+<td><p>Required for near-field communication (NFC) between devices in close proximity. NFC can be used to send files or connect with an app on a proximate device.</p></td>
+</tr>
+<tr class="even">
+<td><p><strong>Text Messaging</strong></p></td>
+<td><p>sms</p></td>
+<td><p>Provides access to computer text messaging functionality.</p></td>
+</tr>
+<tr class="odd">
+<td><p><strong>Webcam</strong></p></td>
+<td><p>webcam</p></td>
+<td><p>Provides access to the webcam's video feed.</p></td>
+</tr>
+<tr class="even">
+<td><p><strong>Other devices (represented by GUIDs)</strong></p></td>
+<td><p>&lt;GUID&gt;</p></td>
+<td><p>Includes specialized devices and Windows Portable Devices.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+In Windows Server 2012, it is possible to create a Windows Firewall policy that is scoped to a set of apps that use a specified capability or scoped to a specific Windows Store app.
+
+For example, you could create a Windows Firewall policy to block Internet access for any apps on your network that have the Documents Library capability.
+
+**To block Internet access for any apps on your network that have the Documents Library capability**
+
+1.  Open the Group Policy Management snap-in (gpmc.msc).
+
+2.  In the left pane, right-click your domain name and click **Create a GPO in this domain, and link it here**.
+
+3.  Type a name for the GPO in the **Name** text box, and then click **OK**.
+
+4.  Right-click the new GPO, and then click **Edit**.
+
+5.  In the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Windows Settings**, expand **Security Settings**, expand **Windows Firewall with Advanced Security**, and click **Windows Firewall with Advanced Security – LDAP://…**
+
+6.  Right-click **Outbound Rules**, and then click **New Rule**.
+
+7.  Click **Custom**, and then click **Next**.
+
+8.  Click **Next** on the **Program** page, the **Protocols and Ports** page, and the **Scope** page.
+
+9.  On the **Action** page, ensure that **Block the Connection** is selected, and then click **Next**.
+
+10. On the **Profile** page, click **Next**.
+
+11. On the **Name** page, type a name for your rule, and then click **Finish**.
+
+12. In the right pane, right-click your new rule and click **Properties**.
+
+13. Click the **Local Principals** tab, select the **Only allow connections from these users** check box, and then click **Add**.
+
+14. Click **Application Package Properties**, and then click **OK**.
+
+15. In the **Choose Capabilities** dialog box, click **APPLICATION PACKAGE AUTHORITY\\Your documents library**, and then click **OK**.
+
+16. Click the **Scope** tab under **Remote IP addresses**, and then click **Add**.
+
+17. Click **Predefined set of computers**, select **Internet**, and click **OK**.
+
+    This scopes the rule to block traffic to Internet computers.
+
+18. Click the **Programs and Services** tab, and in the **Application Packages** area, click **Settings**.
+
+19. Click **Apply to application packages only**, and then click **OK**.
+
+    **Important**  
+    You must do this to ensure that the rule applies only to Windows Store apps and not to other applications and programs. Non-Windows Store applications and programs declare all capabilities by default, and this rule would apply to them if you do not configure it this way.
+
+     
+
+20. Click **OK** to close the **Properties** dialog box.
+
+21. Close the Group Policy Management Editor.
+
+22. In the Group Policy Management snap-in, ensure that your new GPO is selected, and in the right pane under **Security Filtering**, select **Authenticated Users**. Click **Remove**, and then click **OK**.
+
+23. Under **Security Filtering**, click **Add**.
+
+24. Type **domain computers** in the text box, and then click **OK**.
+
+25. Close the Group Policy Management snap-in.
+
+Use the following procedure if you want to block intranet access for a specific media sharing app on your network.
+
+**To block intranet access for a specific media sharing app on your network**
+
+1.  Open the Group Policy Management snap-in (gpmc.msc).
+
+2.  In the left pane, right-click your domain name, and then click **Create a GPO in this domain, and link it here**.
+
+3.  Type a name for your GPO in the **Name** text box, and then click **OK**.
+
+4.  Right-click your new GPO, and then click **Edit**.
+
+5.  From the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Windows Settings**, expand **Security Settings**, expand **Windows Firewall with Advanced Security**, and then click **Windows Firewall with Advanced Security – LDAP://**…
+
+6.  Right-click **Outbound Rules**, and then click **New Rule**.
+
+7.  Click **Custom**, and then click **Next**.
+
+8.  Click **Next** on the **Program** page, the **Protocols and Ports** page, and the **Scope** page.
+
+9.  On the **Action** page, ensure **Block the Connection** is selected, and then click **Next**.
+
+10. On the **Profile** page, click **Next**.
+
+11. On the **Name** page, type a name for your rule, and then click **Finish**.
+
+12. In the right pane, right-click your new rule, and then click **Properties**.
+
+13. Click the **Local Principals** tab, select the **Only allow connections from these users** check box, and then click **Add**.
+
+14. Click **Application Package Properties**, and then click **OK**.
+
+15. In the **Choose Capabilities** dialog box, click **APPLICATION PACKAGE AUTHORITY\\A home or work network**, and then click **OK**.
+
+16. Click the **Programs and Services** tab under **Application Packages**, and then click **Settings**.
+
+17. Click **Apply to this application package**, select the app in the text box, and then click **OK**.
+
+18. Click **OK** to close the **Properties** dialog box.
+
+19. Close the Group Policy Management Editor.
+
+20. In Group Policy Management, ensure that your new GPO is selected, and in the right pane under **Security Filtering**, select **Authenticated Users**, click **Remove**, and then click **OK**.
+
+21. Under **Security Filtering**, click **Add**.
+
+22. Type **domain computers** in the text box and click **OK**.
+
+23. Close Group Policy Management.
+
+## <a href="" id="bkmk-links"></a>See also
+
+
+-   [Windows Firewall with Advanced Security Overview](../p_server_archive/windows-firewall-with-advanced-security-overview-win8.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/link-the-gpo-to-the-domain.md b/windows/keep-secure/link-the-gpo-to-the-domain.md
new file mode 100644
index 0000000000..d912164e47
--- /dev/null
+++ b/windows/keep-secure/link-the-gpo-to-the-domain.md
@@ -0,0 +1,40 @@
+---
+title: Link the GPO to the Domain (Windows 10)
+description: Link the GPO to the Domain
+ms.assetid: 746d4553-b1a6-4954-9770-a948926b1165
+author: brianlic-msft
+---
+
+# Link the GPO to the Domain
+
+
+After you create the GPO and configure it with security group filters and WMI filters, you must link the GPO to the container in Active Directory that contains all of the target computers.
+
+If the filters comprehensively control the application of the GPO to only the correct computers, then you can link the GPO to the domain container. Alternatively, you can link the GPO to a site container or organizational unit if you want to limit application of the GPO to that subset of computers.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Domain Admins group, or otherwise be delegated permissions to modify the GPOs.
+
+**To link the GPO to the domain container in Active Directory**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+
+2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, and then expand *YourDomainName*.
+
+3.  Right-click *YourDomainName*, and then click **Link an Existing GPO**.
+
+4.  In the **Select GPO** dialog box, select the GPO that you want to deploy, and then click **OK**.
+
+5.  The GPO appears in the **Linked Group Policy Objects** tab in the details pane and as a linked item under the domain container in the navigation pane.
+
+6.  You can adjust the order of the linked GPOs to ensure that the higher priority GPOs are processed last. Select a GPO and click the up or down arrows to move it. The GPOs are processed by the client computer from the highest link order number to the lowest.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
new file mode 100644
index 0000000000..f062e68961
--- /dev/null
+++ b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -0,0 +1,82 @@
+---
+title: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design (Windows 10)
+description: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
+ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22
+author: brianlic-msft
+---
+
+# Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
+
+
+After you finish reviewing the existing Windows Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
+
+**Important**  
+The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
+
+ 
+
+Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security deployment goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security deployment goals to meet the needs of your organization.
+
+<table>
+<colgroup>
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Deployment Goals</th>
+<th>[Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md)</th>
+<th>[Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md)</th>
+<th>[Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md)</th>
+<th>[Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p>[Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md)</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+</tr>
+<tr class="even">
+<td><p>[Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md)</p></td>
+<td><p>-</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+</tr>
+<tr class="odd">
+<td><p>[Restrict Access to Only Specified Users or Computers](../p_server_archive/restrict-access-to-only-specified-users-or-computers.md)</p></td>
+<td><p>-</p></td>
+<td><p>-</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+</tr>
+<tr class="even">
+<td><p>[Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md)</p></td>
+<td><p>-</p></td>
+<td><p>Optional</p></td>
+<td><p>Optional</p></td>
+<td><p>Optional</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+To examine details for a specific design, click the design title at the top of the column in the preceding table.
+
+**Next: **[Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
new file mode 100644
index 0000000000..f003cb6ee2
--- /dev/null
+++ b/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -0,0 +1,91 @@
+---
+title: Modify GPO Filters to Apply to a Different Zone or Version of Windows (Windows 10)
+description: Modify GPO Filters to Apply to a Different Zone or Version of Windows
+ms.assetid: 24ede9ca-a501-4025-9020-1129e2cdde80
+author: brianlic-msft
+---
+
+# Modify GPO Filters to Apply to a Different Zone or Version of Windows
+
+
+You must reconfigure your copied GPO so that it contains the correct security group and WMI filters for its new role. If you are creating the GPO for the isolated domain, use the [Block members of a group from applying a GPO](#bkmk-topreventmembersofgroupfromapplyingagpo) procedure to prevent members of the boundary and encryption zones from incorrectly applying the GPOs for the main isolated domain.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+In this topic:
+
+-   [Change the security group filter for a GPO](#bkmk-toallowmembersofagrouptoapplyagpo)
+
+-   [Block members of a group from applying a GPO](#bkmk-topreventmembersofgroupfromapplyingagpo)
+
+-   [Remove a block for members of a group from applying a GPO](#bkmk-toremoveablockformembersofgroupfromapplyingagpo)
+
+## <a href="" id="bkmk-toallowmembersofagrouptoapplyagpo"></a>
+
+
+Use the following procedure to change a group to the security filter on the GPO that allows group members to apply the GPO. You must remove the reference to the original group, and add the group appropriate for this GPO.
+
+**To change the security group filter for a GPO**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+
+2.  In the navigation pane, find and then click the GPO that you want to modify.
+
+3.  In the details pane, under **Security Filtering**, click the currently assigned security group, and then click **Remove**.
+
+4.  Now you can add the appropriate security group to this GPO. Under **Security Filtering**, click **Add**.
+
+5.  In the **Select User, Computer, or Group** dialog box, type the name of the group whose members are to apply the GPO, and then click **OK**. If you do not know the name, you can click **Advanced** to browse the list of groups available in the domain.
+
+## <a href="" id="bkmk-topreventmembersofgroupfromapplyingagpo"></a>
+
+
+Use the following procedure if you need to add a group to the security filter on the GPO that blocks group members from applying the GPO. This can be used on the GPOs for the main isolated domain to prevent members of the boundary and encryption zones from incorrectly applying the GPOs for the main isolated domain.
+
+**To block members of group from applying a GPO**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+
+2.  In the navigation pane, find and then click the GPO that you want to modify.
+
+3.  In the details pane, click the **Delegation** tab.
+
+4.  Click **Advanced**.
+
+5.  Under the **Group or user names** list, click **Add**.
+
+6.  In the **Select User, Computer, or Group** dialog box, type the name of the group whose members are to be prevented from applying the GPO, and then click **OK**. If you do not know the name, you can click **Advanced** to browse the list of groups available in the domain.
+
+7.  Select the group in the **Group or user names** list, and then select the boxes in the **Deny** column for both **Read** and **Apply group policy**.
+
+8.  Click **OK**, and then in the **Windows Security** dialog box, click **Yes**.
+
+9.  The group appears in the list with custom permissions.
+
+## <a href="" id="bkmk-toremoveablockformembersofgroupfromapplyingagpo"></a>
+
+
+**To remove a block for members of group from applying a GPO**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+
+2.  In the navigation pane, find and then click the GPO that you want to modify.
+
+3.  In the details pane, click the **Delegation** tab.
+
+4.  In the **Groups and users** list, select the group that should no longer be blocked, and then click **Remove**.
+
+5.  In the message box, click **OK**.
+
+If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md
new file mode 100644
index 0000000000..729e906fcc
--- /dev/null
+++ b/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -0,0 +1,28 @@
+---
+title: Open the Group Policy Management Console to IP Security Policies (Windows 10)
+description: Open the Group Policy Management Console to IP Security Policies
+ms.assetid: 235f73e4-37b7-40f4-a35e-3e7238bbef43
+author: brianlic-msft
+---
+
+# Open the Group Policy Management Console to IP Security Policies
+
+
+Procedures in this guide that refer to GPOs for earlier versions of the Windows operating system instruct you to work with the IP Security Policy section in the Group Policy Management Console (GPMC).
+
+**To open a GPO to the IP Security Policies section**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+
+2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**.
+
+3.  In the navigation pane of the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Windows Settings**, expand **Security Settings**, and then click **IP Security Policies on Active Directory (***YourDomainName***)**.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
new file mode 100644
index 0000000000..5d720ae16f
--- /dev/null
+++ b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -0,0 +1,28 @@
+---
+title: Open the Group Policy Management Console to Windows Firewall with Advanced Security (Windows 10)
+description: Open the Group Policy Management Console to Windows Firewall with Advanced Security
+ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98
+author: brianlic-msft
+---
+
+# Open the Group Policy Management Console to Windows Firewall with Advanced Security
+
+
+Most of the procedures in this guide instruct you to use Group Policy settings for Windows Firewall with Advanced Security.
+
+**To open a GPO to Windows Firewall with Advanced Security**
+
+1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+
+2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**.
+
+3.  In the navigation pane of the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Windows Settings**, expand **Security Settings**, expand **Windows Firewall with Advanced Security**, and then expand **Windows Firewall with Advanced Security - LDAP://cn={***GUID***},cn=…**.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md
new file mode 100644
index 0000000000..02b493283f
--- /dev/null
+++ b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md
@@ -0,0 +1,28 @@
+---
+title: Open the Group Policy Management Console to Windows Firewall (Windows 10)
+description: Open the Group Policy Management Console to Windows Firewall
+ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760
+author: brianlic-msft
+---
+
+# Open the Group Policy Management Console to Windows Firewall
+
+
+**To open a GPO to Windows Firewall**
+
+1.  Open **Active Directory Users and Computers**.
+
+2.  In the navigation pane, expand *YourDomainName*, right-click the container that your GPO is linked to, and then click **Properties**.
+
+3.  Click the **Group Policy** tab, select your GPO, and then click **Edit**.
+
+4.  In the navigation pane of the Group Policy Object Editor, expand **Computer Configuration**, expand **Administrative Templates**, expand **Network**, expand **Network Connections**, and then expand **Windows Firewall**.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/open-windows-firewall-with-advanced-security.md b/windows/keep-secure/open-windows-firewall-with-advanced-security.md
new file mode 100644
index 0000000000..5387c113a1
--- /dev/null
+++ b/windows/keep-secure/open-windows-firewall-with-advanced-security.md
@@ -0,0 +1,55 @@
+---
+title: Open Windows Firewall with Advanced Security (Windows 10)
+description: Open Windows Firewall with Advanced Security
+ms.assetid: 788faff2-0f50-4e43-91f2-3e2595c0b6a1
+author: brianlic-msft
+---
+
+# Open Windows Firewall with Advanced Security
+
+
+This procedure shows you how to open the Windows Firewall with Advanced Security MMC snap-in.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Administrators group. For more information, see Additional considerations.
+
+## Opening Windows Firewall with Advanced Security
+
+
+-   [Using the Windows interface](#bkmk-proc1)
+
+-   [Using a command line](#bkmk-proc2)
+
+## <a href="" id="bkmk-proc1"></a>
+
+
+**To open Windows Firewall with Advanced Security by using the Windows interface**
+
+-   Click the **Start** charm, right-click the Start page, click **All Apps**, and then click the **Windows Firewall with Advanced Security** tile.
+
+## <a href="" id="bkmk-proc2"></a>
+
+
+**To open Windows Firewall with Advanced Security from a command prompt**
+
+1.  Open a command prompt window.
+
+2.  At the command prompt, type:
+
+    ``` syntax
+    wf.msc
+    ```
+
+**Additional considerations**
+
+Although standard users can start the Windows Firewall with Advanced Security MMC snap-in, to change most settings the user must be a member of a group with the permissions to modify those settings, such as Administrators.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-certificate-based-authentication.md b/windows/keep-secure/planning-certificate-based-authentication.md
new file mode 100644
index 0000000000..414b5e373d
--- /dev/null
+++ b/windows/keep-secure/planning-certificate-based-authentication.md
@@ -0,0 +1,58 @@
+---
+title: Planning Certificate-based Authentication (Windows 10)
+description: Planning Certificate-based Authentication
+ms.assetid: a55344e6-d0df-4ad5-a6f5-67ccb6397dec
+author: brianlic-msft
+---
+
+# Planning Certificate-based Authentication
+
+
+Sometimes a computer cannot join an Active Directory domain, and therefore cannot use Kerberos V5 authentication with domain credentials. However, the computer can still participate in the isolated domain by using certificate-based authentication.
+
+The non-domain member server, and the clients that must be able to communicate with it, must be configured to use cryptographic certificates based on the X.509 standard. These certificates can be used as an alternate set of credentials. During IKE negotiation, each computer sends a copy of its certificate to the other computer. Each computer examines the received certificate, and then validates its authenticity. To be considered authentic, the received certificate must be validated by a certification authority certificate in the recipient's Trusted Root Certification Authorities store on the local computer.
+
+Certificates can be acquired from commercial firms, or by an internal certificate server set up as part of the organization's public key infrastructure (PKI). Microsoft provides a complete PKI and certification authority solution with Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008 Active Directory Certificate Services (AD CS). For more information about creating and maintaining a PKI in your organization, see [Active Directory Certificate Services Overview](http://technet.microsoft.com/library/hh831740.aspx) at http://technet.microsoft.com/library/hh831740.aspx.
+
+## Deploying certificates
+
+
+No matter how you acquire your certificates, you must deploy them to clients and servers that require them in order to communicate.
+
+### Using Active Directory Certificate Services
+
+If you use AD CS to create your own user and computer certificates in-house, then the servers designated as certification authorities (CAs) create the certificates based on administrator-designed templates. AD CS then uses Group Policy to deploy the certificates to domain member computers. Computer certificates are deployed when a domain member computer starts. User certificates are deployed when a user logs on.
+
+If you want non-domain member computers to be part of a server isolation zone that requires access by only authorized users, make sure to include certificate mapping to associate the certificates with specific user accounts. When certificate mapping is enabled, the certificate issued to each computer or user includes enough identification information to enable IPsec to match the certificate to both user and computer accounts.
+
+AD CS automatically ensures that certificates issued by the CAs are trusted by the client computers by putting the CA certificates in the correct store on each domain member computer.
+
+### Using a commercially purchased certificate for computers running Windows
+
+You can import the certificates manually onto each computer if the number of computers is relatively small. For a deployment to more than a handful of computers, use Group Policy.
+
+You must first download the vendor's root CA certificate, and then import it to a GPO that deploys it to the Local Computer\\Trusted Root Certification Authorities store on each computer that applies the GPO.
+
+You must also import the purchased certificate into a GPO that deploys it to the Local Computer\\Personal store on each computer that applies the GPO.
+
+### Using a commercially purchased certificate for computers running a non-Windows operating system
+
+If you are installing the certificates on an operating system other than Windows, see the documentation for that operating system.
+
+## Configuring IPsec to use the certificates
+
+
+When the clients and servers have the certificates available, you can configure the IPsec and connection security rules to include those certificates as a valid authentication method. The authentication method requires the subject name of the certificate, for example: **DC=com,DC=woodgrovebank,CN=CorporateCertServer**. Optionally, select **Enable certificate to account mapping** to support using these credentials for restricting access to users or computers that are members of authorized groups in a server isolation solution.
+
+Starting in Windows Server 2012, the Administrator can configure certificate selection criteria so the desired certificate is selected and/or validated. Enhanced Key Usage (EKU) criteria can be configured, as well as name restrictions and certificate thumbprints. This is configured using the **Advanced** button when choosing certificates for the authentication method in the user interface, or through Windows PowerShell.
+
+**Next: **[Documenting the Zones](../p_server_archive/documenting-the-zones.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-domain-isolation-zones.md b/windows/keep-secure/planning-domain-isolation-zones.md
new file mode 100644
index 0000000000..f2d1bfb04c
--- /dev/null
+++ b/windows/keep-secure/planning-domain-isolation-zones.md
@@ -0,0 +1,32 @@
+---
+title: Planning Domain Isolation Zones (Windows 10)
+description: Planning Domain Isolation Zones
+ms.assetid: 70bc7c52-91f0-4a0d-a64a-69d3ea1c6d05
+author: brianlic-msft
+---
+
+# Planning Domain Isolation Zones
+
+
+After you have the required information about your network, Active Directory, and client and server computers, you can use that information to make decisions about the isolation zones you want to use in your environment.
+
+The bulk of the work in planning server and domain isolation is determining which computers to assign to each isolation zone. Correctly choosing the zone for each computer is important to providing the correct level of security without compromising performance or the ability a computer to send or receive required network traffic.
+
+The zones described in this guide include the following:
+
+-   [Exemption List](../p_server_archive/exemption-list.md)
+
+-   [Isolated Domain](../p_server_archive/isolated-domain.md)
+
+-   [Boundary Zone](../p_server_archive/boundary-zone.md)
+
+-   [Encryption Zone](../p_server_archive/encryption-zone.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-gpo-deployment.md b/windows/keep-secure/planning-gpo-deployment.md
new file mode 100644
index 0000000000..9346df25bc
--- /dev/null
+++ b/windows/keep-secure/planning-gpo-deployment.md
@@ -0,0 +1,134 @@
+---
+title: Planning GPO Deployment (Windows 10)
+description: Planning GPO Deployment
+ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1
+author: brianlic-msft
+---
+
+# Planning GPO Deployment
+
+
+You can control which GPOs are applied to computers in Active Directory in a combination of three ways:
+
+-   **Active Directory organizational unit hierarchy**. This involves linking the GPO to a specific OU in the Active Directory OU hierarchy. All computers in the OU and its subordinate containers receive and apply the GPO.
+
+    Controlling GPO application through linking to OUs is typically used when you can organize the OU hierarchy according to your domain isolation zone requirements. GPOs can apply settings to computers based on their location within Active Directory. If a computer is moved from one OU to another, the policy linked to the second OU will eventually take effect when Group Policy detects the change during polling.
+
+-   **Security group filtering**. This involves linking the GPOs to the domain level (or other parent OU) in the OU hierarchy, and then selecting which computers receive the GPO by using permissions that only allow correct group members to apply the GPO.
+
+    The security group filters are attached to the GPOs themselves. A group is added to the security group filter of the GPO in Active Directory, and then assigned Read and Apply Group Policy permissions. Other groups can be explicitly denied Read and Apply Group Policy permissions. Only those computers whose group membership are granted Read and Apply Group Policy permissions without any explicit deny permissions can apply the GPO.
+
+-   **WMI filtering**. A WMI filter is a query that is run dynamically when the GPO is evaluated. If a computer is a member of the result set when the WMI filter query runs, the GPO is applied to the computer.
+
+    A WMI filter consists of one or more conditions that are evaluated against the local computer. You can check almost any characteristic of the computer, its operating system, and its installed programs. If all of the specified conditions are true for the computer, the GPO is applied; otherwise the GPO is ignored.
+
+This guide uses a combination of security group filtering and WMI filtering to provide the most flexible options. If you follow this guidance, even though there might be five different GPOs linked to a specific group because of operating system version differences, only the correct GPO is applied.
+
+## General considerations
+
+
+-   Deploy your GPOs before you add any computer accounts to the groups that receive the GPOs. That way you can add your computers to the groups in a controlled manner. Be sure to add only a few test computers at first. Before adding many group members, examine the results on the test computers and verify that the configured firewall and connection security rules have the effect that you want. See the following sections for some suggestions on what to test before you continue.
+
+## Test your deployed groups and GPOs
+
+
+After you have deployed your GPOs and added some test computers to the groups, confirm the following before you continue with more group members:
+
+-   Examine the GPOs that are both assigned to and filtered from the computer. Run the **gpresult** tool at a command prompt.
+
+-   Examine the rules deployed to the computer. Open the Windows Firewall with Advanced Security MMC snap-in, expand the **Monitoring** node, and then expand the **Firewall** and **Connection Security** nodes.
+
+-   Verify that communications are authenticated. Open the Windows Firewall with Advanced Security MMC snap-in, expand the **Monitoring** node, expand the **Security Associations** node, and then click **Main Mode**.
+
+-   Verify that communications are encrypted when the computers require it. Open the Windows Firewall with Advanced Security MMC snap-in, expand the **Monitoring** node, expand the **Security Associations** node, and then select **Quick Mode**. Encrypted connections display a value other than **None** in the **ESP Confidentiality** column.
+
+-   Verify that your programs are unaffected. Run them and confirm that they still work as expected.
+
+After you have confirmed that the GPOs have been correctly applied, and that the computers are now communicating by using IPsec network traffic in request mode, you can begin to add more computers to the group accounts, in manageable numbers at a time. Continue to monitor and confirm the correct application of the GPOs to the computers.
+
+## Do not enable require mode until deployment is complete
+
+
+If you deploy a GPO that requires authentication to a computer before the other computers have a GPO deployed, communication between them might not be possible. Wait until you have all the zones and their GPOs deployed in request mode and confirm (as described in the previous section) that the computers are successfully communicating by using IPsec.
+
+If there are problems with GPO deployment, or errors in configuration of one or more of the IPsec GPOs, computers can continue to operate, because request mode enables any computer to fall back to clear communications.
+
+Only after you have added all of the computers to their zones, and you have confirmed that communications are working as expected, you can start changing the request mode rules to require mode rules where it is required in the zones. We recommend that you enable require mode in the zones one zone at a time, pausing to confirm that they are functioning properly before you continue. Turn the required mode setting on for the server isolation zones first, then the encryption zone, and then the isolated domain.
+
+Do not change the boundary zone GPO, because it must stay in request mode for both inbound and outbound connections.
+
+If you create other zones that require either inbound or outbound require mode, make the setting change in a manner that applies the setting in stages from the smaller groups of computers to the larger groups.
+
+## Example Woodgrove Bank deployment plans
+
+
+Woodgrove Bank links all its GPOs to the domain level container in the Active Directory OU hierarchy. It then uses the following WMI filters and security group filters to control the application of the GPOs to the correct subset of computers. All of the GPOs have the User Configuration section disabled to improve performance.
+
+### <a href="" id="gpo-domiso-firewall-2008-win7-vista"></a>GPO\_DOMISO\_Firewall\_2008\_Win7-Vista
+
+-   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+
+    `select * from Win32_OperatingSystem where Version like "6.%" and ProductType <> "2"`
+
+    **Note**  
+    This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are computers running versions of Windows earlier than Windows Vista and Windows Server 2008.
+
+     
+
+-   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to computers that are members of the group CG\_DOMISO\_IsolatedDomain. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the CG\_DOMISO\_NO\_IPSEC.
+
+### <a href="" id="gpo-domiso-isolateddomain-clients-win7vista"></a>GPO\_DOMISO\_IsolatedDomain\_Clients\_Win7Vista
+
+-   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+
+    `select * from Win32_OperatingSystem where Version like "6.%" and ProductType = "1"`
+
+-   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to computers that are members of the group CG\_DOMISO\_IsolatedDomain. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the group CG\_DOMISO\_NO\_IPSEC.
+
+### <a href="" id="gpo-domiso-isolateddomain-servers-ws2008"></a>GPO\_DOMISO\_IsolatedDomain\_Servers\_WS2008
+
+-   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+
+    `select * from Win32_OperatingSystem where Version like "6.%" and ProductType = "3"`
+
+    **Note**  
+    This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are computers that are running versions of Windows earlier than Windows Vista and Windows Server 2008.
+
+     
+
+-   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to computers that are members of the group CG\_DOMISO\_IsolatedDomain. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the group CG\_DOMISO\_NO\_IPSEC.
+
+### <a href="" id="gpo-domiso-boundary-ws2008"></a>GPO\_DOMISO\_Boundary\_WS2008
+
+-   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+
+    `select * from Win32_OperatingSystem where Version like "6.%" and ProductType = "3"`
+
+    **Note**  
+    This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are computers that are running versions of Windows earlier than Windows Vista and Windows Server 2008.
+
+     
+
+-   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to computers that are members of the group CG\_DOMISO\_Boundary. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the group CG\_DOMISO\_NO\_IPSEC.
+
+### <a href="" id="gpo-domiso-encryption-ws2008"></a>GPO\_DOMISO\_Encryption\_WS2008
+
+-   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+
+    `select * from Win32_OperatingSystem where Version like "6.%" and ProductType = "3"`
+
+    **Note**  
+    This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are computers that are running versions of Windows earlier than Windows Vista and Windows Server 2008.
+
+     
+
+-   **Security filter**. This GPO grants Read and Apply permissions in Group Policy only to computers that are members of the group CG\_DOMISO\_Encryption. The GPO also explicitly denies Read and Apply permissions in Group Policy to members of the group CG\_DOMISO\_NO\_IPSEC.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
new file mode 100644
index 0000000000..0100f63ad7
--- /dev/null
+++ b/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -0,0 +1,30 @@
+---
+title: Planning Group Policy Deployment for Your Isolation Zones (Windows 10)
+description: Planning Group Policy Deployment for Your Isolation Zones
+ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c
+author: brianlic-msft
+---
+
+# Planning Group Policy Deployment for Your Isolation Zones
+
+
+After you have decided on the best logical design of your isolation environment for the network and computer security requirements, you can start the implementation plan.
+
+You have a list of isolation zones with the security requirements of each. For implementation, you must plan the groups that will hold the computer accounts in each zone, the network access groups that will be used to determine who can access an isolated server, and the GPOs with the connection security and firewall rules to apply to corresponding groups. Finally you must determine how you will ensure that the policies will only apply to the correct computers within each group.
+
+-   [Planning Isolation Groups for the Zones](../p_server_archive/planning-isolation-groups-for-the-zones.md)
+
+-   [Planning Network Access Groups](../p_server_archive/planning-network-access-groups.md)
+
+-   [Planning the GPOs](../p_server_archive/planning-the-gpos.md)
+
+-   [Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-isolation-groups-for-the-zones.md b/windows/keep-secure/planning-isolation-groups-for-the-zones.md
new file mode 100644
index 0000000000..73063b68ef
--- /dev/null
+++ b/windows/keep-secure/planning-isolation-groups-for-the-zones.md
@@ -0,0 +1,79 @@
+---
+title: Planning Isolation Groups for the Zones (Windows 10)
+description: Planning Isolation Groups for the Zones
+ms.assetid: be4b662d-c1ce-441e-b462-b140469a5695
+author: brianlic-msft
+---
+
+# Planning Isolation Groups for the Zones
+
+
+Isolation groups in Active Directory are how you implement the various domain and server isolation zones. A computer is assigned to a zone by adding its computer account to the group which represents that zone.
+
+**Caution**  
+Do not add computers to your groups yet. If a computer is in a group when the GPO is activated then that GPO is applied to the computer. If the GPO is one that requires authentication, and the other computers have not yet received their GPOs, the computer that uses the new GPO might not be able to communicate with the others.
+
+ 
+
+Universal groups are the best option to use for GPO assignment because they apply to the whole forest and reduce the number of groups that must be managed. However, if universal groups are unavailable, you can use domain global groups instead.
+
+The following table lists typical groups that can be used to manage the domain isolation zones discussed in the Woodgrove Bank example in this guide:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Group name</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p>CG_DOMISO_No_IPsec</p></td>
+<td><p>A universal group of computer accounts that do not participate in the IPsec environment. Typically consists of infrastructure computer accounts that will also be included in exemption lists.</p>
+<p>This group is used in security group filters to ensure that GPOs with IPsec rules are not applied to group members.</p></td>
+</tr>
+<tr class="even">
+<td><p>CG_DOMISO_IsolatedDomain</p></td>
+<td><p>A universal group of computer accounts that contains the members of the isolated domain.</p>
+<p>During the early days of testing, this group might contain only a very small number of computers. During production, it might contain the built-in <strong>Domain Computers</strong> group to ensure that every computer in the domain participates.</p>
+<p>Members of this group receive the domain isolation GPO that requires authentication for inbound connections.</p></td>
+</tr>
+<tr class="odd">
+<td><p>CG_DOMISO_Boundary</p></td>
+<td><p>A universal group of computer accounts that contains the members of the boundary zone.</p>
+<p>Members of this group receive a GPO that specifies that authentication is requested, but not required.</p></td>
+</tr>
+<tr class="even">
+<td><p>CG_DOMISO_Encryption</p></td>
+<td><p>A universal group of computer accounts that contains the members of the encryption zone.</p>
+<p>Members of this group receive a GPO that specifies that both authentication and encryption are required for all inbound connections.</p></td>
+</tr>
+<tr class="odd">
+<td><p>CG_SRVISO_<em>ServerRole</em></p></td>
+<td><p>A universal group of computer accounts that contains the members of the server isolation group.</p>
+<p>Members of this group receive the server isolation GPO that requires membership in a network access group in order to connect.</p>
+<p>There will be one group for each set of servers that have different user and computer restriction requirements.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Multiple GPOs might be delivered to each group. Which one actually becomes applied depends on the security group filters assigned to the GPOs in addition to the results of any WMI filtering assigned to the GPOs. Details of the GPO layout are discussed in the section [Planning the GPOs](../p_server_archive/planning-the-gpos.md).
+
+If multiple GPOs are assigned to a group, and similar rules are applied, the rule that most specifically matches the network traffic is the one that is used by the computer. For example, if one IPsec rule says to request authentication for all IP traffic, and a second rule from a different GPO says to require authentication for IP traffic to and from a specific IP address, then the second rule takes precedence because it is more specific.
+
+**Next: **[Planning Network Access Groups](../p_server_archive/planning-network-access-groups.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-network-access-groups.md b/windows/keep-secure/planning-network-access-groups.md
new file mode 100644
index 0000000000..dc94283493
--- /dev/null
+++ b/windows/keep-secure/planning-network-access-groups.md
@@ -0,0 +1,68 @@
+---
+title: Planning Network Access Groups (Windows 10)
+description: Planning Network Access Groups
+ms.assetid: 56ea1717-1731-4a5d-b277-5a73eb86feb0
+author: brianlic-msft
+---
+
+# Planning Network Access Groups
+
+
+A network access group (NAG) is used to identify users and computers that have permission to access an isolated server. The server is configured with firewall rules that allow only network connections that are authenticated as originating from a computer, and optionally a user, whose accounts are members of its NAG. A member of the isolated domain can belong to as many NAGs as required.
+
+Minimize the number of NAGs to limit the complexity of the solution. You need one NAG for each server isolation group to restrict the computers or users that are granted access. You can optionally split the NAG into two different groups: one for authorized computers and one for authorized users.
+
+The NAGs that you create and populate become active by referencing them in the **Users and Computers** tab of the firewall rules in the GPO assigned to the isolated servers. The GPO must also contain connection security rules that require authentication to supply the credentials checked for NAG membership.
+
+For the Woodgrove Bank scenario, access to the computers running SQL Server that support the WGBank application are restricted to the WGBank front-end servers and to approved administrative users logged on to specific authorized administrative computers. They are also only accessed by the approved admin users and the service account that is used to the run the WGBank front end service.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>NAG Name</th>
+<th>NAG Member Users, Computers, or Groups</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p>CG_NAG_<em>ServerRole</em>_Users</p></td>
+<td><p>Svr1AdminA</p>
+<p>Svr1AdminB</p>
+<p>Group_AppUsers</p>
+<p>AppSvcAccount</p></td>
+<td><p>This group is for all users who are authorized to make inbound IPsec connections to the isolated servers in this zone.</p></td>
+</tr>
+<tr class="even">
+<td><p>CG_NAG_<em>ServerRole</em>_Computers</p></td>
+<td><p>Desktop1</p>
+<p>Desktop2</p>
+<p>AdminDT1</p>
+<p>AppAdminDT1</p></td>
+<td><p>This group contains all computers that are authorized to make inbound IPsec connections to the isolated servers in this zone.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Note**  
+Membership in a NAG does not control the level of IPsec traffic protection. The IKE negotiation is only aware of whether the computer or user passed or failed the Kerberos V5 authentication process. The connection security rules in the applied GPO control the security methods that are used for protecting traffic and are independent of the identity being authenticated by Kerberos V5.
+
+ 
+
+**Next: **[Planning the GPOs](../p_server_archive/planning-the-gpos.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-server-isolation-zones.md b/windows/keep-secure/planning-server-isolation-zones.md
new file mode 100644
index 0000000000..6394f51aa0
--- /dev/null
+++ b/windows/keep-secure/planning-server-isolation-zones.md
@@ -0,0 +1,88 @@
+---
+title: Planning Server Isolation Zones (Windows 10)
+description: Planning Server Isolation Zones
+ms.assetid: 5f63c929-589e-4b64-82ea-515d62765b7b
+author: brianlic-msft
+---
+
+# Planning Server Isolation Zones
+
+
+Sometimes a server hosts data that is sensitive. If your servers host data that must not be compromised, you have several options to help protect that data. One was already addressed: adding the server to the encryption zone. Membership in that zone prevents the server from being accessed by any computers that are outside the isolated domain, and encrypts all network connections to server.
+
+The second option is to additionally restrict access to the server, not just to members of the isolated domain, but to only those users or computers who have business reasons to access the resources on the server. You can specify only approved users, or you can additionally specify that the approved users can only access the server from approved computers.
+
+To grant access, you add the approved user and computer accounts to network access groups (NAGs) that are referenced in a firewall rule on this server. When the user sends a request to the server, the standard domain isolation rules are invoked. This causes IKE to use Kerberos V5 to exchange credentials with the server. The additional firewall rule on the server causes Windows to check the provided computer and user accounts for group membership in the NAGs. If either the user or computer is not a member of a required NAG then the network connection is refused.
+
+## Isolated domains and isolated servers
+
+
+If you are using an isolated domain, the client computers already have the IPsec rules to enable them to authenticate traffic when the server requires it. If you add an isolated server, it must have a GPO applied to its group with the appropriate connection security and firewall rules. The rules enforce authentication and restrict access to only connections that are authenticated as coming from an authorized computer or user.
+
+If you are not using an isolated domain, but still want to isolate a server that uses IPsec, you must configure the client computers that you want to access the server to use the appropriate IPsec rules. If the client computers are members of an Active Directory domain, you can still use Group Policy to configure the clients. Instead of applying the GPO to the whole domain, you apply the GPO to only members of the NAG.
+
+## Creating multiple isolated server zones
+
+
+Each set of servers that must be accessed by different sets of users should be set up in its own isolated server zone. After one set of GPOs for one isolated server zone has been successfully created and verified, you can copy the GPOs to a new set. You must change the GPO names to reflect the new zone, the name and membership of the isolated server zone group to which the GPOs are applied, and the names and membership of the NAG groups that determine which clients can access the servers in the isolated server zone.
+
+## Creating the GPOs
+
+
+Creation of the groups and how to link them to the GPOs that apply the rules to members of the groups are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) section.
+
+An isolated server is often a member of the encryption zone. Therefore, copying that GPO set serves as a good starting point. You then modify the rules to additionally restrict access to only NAG members.
+
+### GPO settings for isolated servers running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008
+
+GPOs for computers running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008 should include the following:
+
+**Note**  
+The connection security rules described here are identical to the ones for the encryption zone. If you do not want to encrypt access and also restrict access to NAG members, you can use connection security rules identical to the main isolated domain. You must still add the firewall rule described at the end of this list to change it into an isolated server zone.
+
+ 
+
+-   IPsec default settings that specify the following options:
+
+    1.  Exempt all ICMP traffic from IPsec.
+
+    2.  Key exchange (main mode) security methods and algorithm. We recommend that you do not include Diffie-Hellman Group 1, DES, or MD5 in any setting. They are included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems.
+
+    3.  Data protection (quick mode) algorithm combinations. Check **Require encryption for all connection security rules that use these settings**, and then specify one or more integrity and encryption combinations. We recommend that you do not include DES or MD5 in any setting. They are included only for compatibility with previous versions of Windows. Use the strongest algorithm combinations that are common to all your supported operating systems.
+
+        If any NAT devices are present on your networks, do not use AH because it cannot traverse NAT devices. If isolated servers must communicate with hosts in the encryption zone, include an algorithm that is compatible with the requirements of the encryption zone GPOs.
+
+    4.  Authentication methods. Include at least computer-based Kerberos V5 authentication for compatibility with the rest of the isolated domain. If you want to restrict access to specific user accounts, also include user-based Kerberos V5 authentication as an optional authentication method. Do not make the user-based authentication method mandatory, or else computers that cannot use AuthIP instead of IKE, including Windows XP and Windows Server 2003, cannot communicate. Likewise, if any of your domain isolation members cannot use Kerberos V5, include certificate-based authentication as an optional authentication method.
+
+-   The following connection security and firewall rules:
+
+    -   A connection security rule that exempts all computers on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, if applicable in your environment.
+
+    -   A connection security rule, from **Any IP address** to **Any IP address**, that requires inbound and requests outbound authentication by using Kerberos V5 authentication.
+
+        **Important**  
+        Be sure to begin operations by using request in and request out behavior until you are sure that all the computers in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the GPO to require in, request out.
+
+         
+
+    -   A firewall rule that specifies **Allow only secure connections**, **Require encryption**, and on the **Users and Computers** tab includes references to both computer and user network access groups.
+
+-   A registry policy that includes the following values:
+
+    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
+
+    **Note**  
+    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
+
+     
+
+**Next: **[Planning Certificate-based Authentication](../p_server_archive/planning-certificate-based-authentication.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md b/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
new file mode 100644
index 0000000000..783b92991e
--- /dev/null
+++ b/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
@@ -0,0 +1,58 @@
+---
+title: Planning Settings for a Basic Firewall Policy (Windows 10)
+description: Planning Settings for a Basic Firewall Policy
+ms.assetid: 4c90df5a-3cbc-4b85-924b-537c2422d735
+author: brianlic-msft
+---
+
+# Planning Settings for a Basic Firewall Policy
+
+
+After you have identified your requirements, and have the information about the network layout and computers available, you can begin to design the GPO settings and rules that will enable you to enforce your requirements on the computers.
+
+The following is a list of the firewall settings that you might consider for inclusion in a basic firewall design, together with recommendations to serve as a starting point for your analysis:
+
+-   **Profile selection**. The firewall rules can be configured for any of the network location profiles that you see in the Network and Sharing Center: **Domain**, **Public**, and **Private** (on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2). Most settings are enforced in the Domain profile, without an option for the user to change them. However, you might want to leave the profile settings configurable by the user on computers that can be taken from the organization's physical network and joined to a public or home network. If you lock down the public and private profiles, you might prevent a user from accessing a required network program or service. Because they are not on the organization's network, you cannot fix a connectivity problem by deploying rule changes in a GPO. For each section that follows, consider each profile and apply the rules to those profiles that make sense for your organization.
+
+    **Important**  
+    We recommend that on server computers that you set all rules for all profiles to prevent any unexpected profile switch from disrupting network connectivity. You might consider a similar practice for your desktop computers, and only support different profiles on portable computers.
+
+     
+
+-   **Firewall state: On**. We recommend that you prevent the user from turning it off.
+
+-   **Default behavior for Inbound connections: Block**. We recommend that you enforce the default behavior of blocking unsolicited inbound connections. To allow network traffic for a specific program, create an inbound rule that serves as an exception to this default behavior.
+
+-   **Default behavior for Outbound connections: Allow**. We recommend that you enforce the default behavior of allowing outbound connections.
+
+-   **Allow unicast response: Yes**. We recommend that you use the default setting of **Yes** unless you have specific requirements to do otherwise.
+
+-   **Apply local firewall rules: Yes**. We recommend that you allow users to create and use local firewall rules. If you set this to **No**, then when a user clicks **Allow** on the notification message to allow traffic for a new program, Windows does not create a new firewall rule and the traffic remains blocked.
+
+    If you and the IT staff can create and maintain the list of firewall rules for all permitted applications and deploy them by using GPOs then you can set this value to **No**.
+
+-   **Apply local connection security rules: No**. We recommend that you prevent users from creating and using their own connection security rules. Connection failures caused by conflicting rules can be difficult to troubleshoot.
+
+-   **Logging**. We recommend that you enable logging to a file on the local hard disk. Be sure to limit the size, such as 4096 KB, to avoid causing performance problems by filling the user's hard disk. Be sure to specify a folder to which the Windows Firewall service account has write permissions.
+
+-   **Inbound rules**. Create inbound rules for programs that must be able to receive unsolicited inbound network packets from another computer on the network. Make the rules as specific as possible to reduce the risk of malicious programs exploiting the rules. For example, specify both program and port numbers. Specifying a program ensures that the rule is only active when the program is actually running, and specifying the port number ensures that the program cannot receive unexpected traffic on a different port.
+
+    Inbound rules are common on servers, because they host services to which client computers connect. When you install programs and services on a server, the installation program typically creates and enables the rules for you. Examine the rules to ensure that they do not open up more ports than are required.
+
+    **Important**  
+    If you create inbound rules that permit RPC network traffic by using the **RPC Endpoint Mapper** and **Dynamic RPC** rule options, then all inbound RPC network traffic is permitted because the firewall cannot filter network traffic based on the UUID of the destination application.
+
+     
+
+-   **Outbound rules**. Only create outbound rules to block network traffic that must be prevented in all cases. If your organization prohibits the use of certain network programs, you can support that policy by blocking the known network traffic used by the program. Be sure to test the restrictions before you deploy them to avoid interfering with traffic for needed and authorized programs.
+
+**Next: **[Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-the-gpos.md b/windows/keep-secure/planning-the-gpos.md
new file mode 100644
index 0000000000..e970a3c826
--- /dev/null
+++ b/windows/keep-secure/planning-the-gpos.md
@@ -0,0 +1,64 @@
+---
+title: Planning the GPOs (Windows 10)
+description: Planning the GPOs
+ms.assetid: 11949ca3-a11c-4a16-b297-0862432eb5b4
+author: brianlic-msft
+---
+
+# Planning the GPOs
+
+
+When you plan the GPOs for your different isolation zones, you must complete the layout of the required zones and their mappings to the groups that link the computers to the zones.
+
+## General considerations
+
+
+A few things to consider as you plan the GPOs:
+
+-   Do not allow a computer to be a member of more than one isolation zone. A computer in more than one zone receives multiple and possibly contradictory GPOs. This can result in unexpected, and difficult to troubleshoot behavior.
+
+    The examples in this guide show GPOs that are designed to prevent the requirement to belong to multiple zones.
+
+-   Ensure that the IPsec algorithms you specify in your GPOs are compatible across all the versions of Windows. The same principle applies to the data integrity and encryption algorithms. We recommend that you include the more advanced algorithms when you have the option of selecting several in an ordered list. The computers will negotiate down from the top of their lists, selecting one that is configured on both computers. So a computer that is running Windows Vista that is connected to a server that is running Windows Server 2012 can communicate by using a much more secure algorithm.
+
+-   The primary difference in your domain isolation GPOs is whether the rules request or require authentication.
+
+    **Caution**  
+    It is **critical** that you begin with all your GPOs set to request authentication instead of requiring it. Since the GPOs are delivered to the computers over time, applying a require policy to one computer breaks its ability to communicate with another computer that has not yet received its policy. Using request mode at the beginning enables computers to continue communicating by using plaintext connections if required. After you confirm that your computers are using IPsec where expected, you can schedule a conversion of the rules in the GPOs from requesting to requiring authentication, as required by each zone.
+
+     
+
+-   Windows Firewall with Advanced Security in Windows Vista and Windows Server 2008 only support one network location profile at a time. If you add a second network adapter that is connected to a different network, or not connected at all, you could unintentionally change the profile that is currently active on the computer. If your GPO specifies different firewall and connection security rules based on the current network location profile, the behavior of how the computer handles network traffic will change accordingly. We recommend for stationary computers, such as desktops and servers, that you assign any rule for the computer to all profiles. Apply GPOs that change rules per network location to computers that must move between networks, such as your portable computers. Consider creating a separate domain isolation GPO for your servers that uses the same settings as the GPO for the clients, except that the server GPO specifies the same rules for all network location profiles. For more information, see Network Location Types at <http://go.microsoft.com/fwlink/?linkid=110826>.
+
+    **Note**  
+    Computers running Windows 8, Windows 7, Windows Server 2012, and Windows Server 2008 R2 support different network location types, and therefore profiles, for each network adapter at the same time. Each network adapter is assigned the network location appropriate for the network to which it is connected. Windows Firewall then enforces only those rules that apply to that network type’s profile. So certain types of traffic are blocked when coming from a network adapter connected to a public network, but those same types might be permitted when coming from a private or domain network.
+
+     
+
+After considering these issues, document each GPO that you require, and the details about the connection security and firewall rules that it needs.
+
+## Woodgrove Bank example GPOs
+
+
+The Woodgrove Bank example uses the following set of GPOs to support its domain isolation requirements. This section only discusses the rules and settings for server and domain isolation. GPO settings that affect which computers receive the GPO, such as security group filtering and WMI filtering, are discussed in the [Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md) section.
+
+In this section you can find information about the following:
+
+-   [Firewall GPOs](../p_server_archive/firewall-gpos.md)
+
+-   [Isolated Domain GPOs](../p_server_archive/isolated-domain-gpos.md)
+
+-   [Boundary Zone GPOs](../p_server_archive/boundary-zone-gpos.md)
+
+-   [Encryption Zone GPOs](../p_server_archive/encryption-zone-gpos.md)
+
+-   [Server Isolation GPOs](../p_server_archive/server-isolation-gpos.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
new file mode 100644
index 0000000000..a517124934
--- /dev/null
+++ b/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -0,0 +1,51 @@
+---
+title: Planning to Deploy Windows Firewall with Advanced Security (Windows 10)
+description: Planning to Deploy Windows Firewall with Advanced Security
+ms.assetid: 891a30c9-dbf5-4a88-a279-00662b9da48e
+author: brianlic-msft
+---
+
+# Planning to Deploy Windows Firewall with Advanced Security
+
+
+After you collect information about your environment and decide on a design by following the guidance in the [Windows Firewall with Advanced Security Design Guide](../p_server_archive/windows-firewall-with-advanced-security-design-guide.md), you can begin to plan the deployment of your design. With the completed design and the information in this topic, you can determine which tasks to perform to deploy Windows Firewall with Advanced Security in your organization.
+
+## Reviewing your Windows Firewall with Advanced Security Design
+
+
+If the design team that created the Windows Firewall with Advanced Security design for your organization is different from the deployment team that will implement it, make sure that the deployment team reviews the final design with the design team. Review the following points:
+
+-   The design team's strategy for determining how WMI and security group filters attached to the GPOs will determine which computers apply to which GPO. The deployment team can refer to the following topics in the Windows Firewall with Advanced Security Design Guide:
+
+    -   [Planning Isolation Groups for the Zones](../p_server_archive/planning-isolation-groups-for-the-zones.md)
+
+    -   [Planning the GPOs](../p_server_archive/planning-the-gpos.md)
+
+    -   [Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md)
+
+-   The communication to be allowed between members of each of the zones in the isolated domain and computers that are not part of the isolated domain or members of the isolated domain's exemption list.
+
+-   The recommendation that domain controllers are exempted from IPsec authentication requirements. If they are not exempt and authentication fails, then domain clients might not be able to receive Group Policy updates to the IPsec connection security rules from the domain controllers.
+
+-   The rationale for configuring all IPsec authentication rules to request, not require, authentication until the successful negotiation of IPsec has been confirmed. If the rules are set to require authentication before confirming that authentication is working correctly, then communications between computers might fail. If the rules are set to request authentication only, then an IPsec authentication failure results in fall-back-to-clear behavior, so communications can continue while the authentication failures are investigated.
+
+-   The requirement that all computers that must communicate with each other share a common set of:
+
+    -   Authentication methods
+
+    -   Main mode key exchange algorithms
+
+    -   Quick mode data integrity algorithms
+
+    If at least one set of each does not match between two computers, then the computers cannot successfully communicate.
+
+After the design and deployment teams agree on these issues, they can proceed with the deployment of the Windows Firewall with Advanced Security design. For more information, see [Implementing Your Windows Firewall with Advanced Security Design Plan](../p_server_archive/implementing-your-windows-firewall-with-advanced-security-design-plan.md).
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md b/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
new file mode 100644
index 0000000000..9efd46604f
--- /dev/null
+++ b/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
@@ -0,0 +1,96 @@
+---
+title: Planning Your Windows Firewall with Advanced Security Design (Windows 10)
+description: Planning Your Windows Firewall with Advanced Security Design
+ms.assetid: f3ac3d49-ef4c-4f3c-a16c-e107284e169f
+author: brianlic-msft
+---
+
+# Planning Your Windows Firewall with Advanced Security Design
+
+
+After you have gathered the relevant information in the previous sections, and understand the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs.
+
+## Basic firewall design
+
+
+We recommend that you deploy at least the basic firewall design. As discussed in the [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md) section, host-based firewalls are an important element in a defense-in-depth strategy and complement most other security measures you put in place in your organization.
+
+When you are ready to examine the options for firewall policy settings, see the [Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md) section.
+
+## Algorithm and method support and selection
+
+
+To create a domain isolation or server isolation design, you must understand the algorithms available in each version of Windows, as well as their relative strengths. To review the algorithms and methods supported in versions of the Windows operating system, see IPsec Algorithms and Methods Supported in Windows (<http://go.microsoft.com/fwlink/?linkid=129230>).
+
+## IPsec performance considerations
+
+
+Although IPsec is critically important in securing network traffic going to and from your computers, there are costs associated with its use. The mathematically intensive cryptographic algorithms require a significant amount of computing power, which can prevent your computer from making use of all of the available bandwidth. For example, an IPsec-enabled computer using the AES encryption protocols on a 10 gigabits per second (Gbps) network link might see a throughput of 4.5 Gbps. This is due to the demands placed on the CPU to perform the cryptographic functions required by the IPsec integrity and encryption algorithms.
+
+IPsec task offload is a Windows technology that supports network adapters equipped with dedicated cryptographic processors to perform the computationally intensive work required by IPsec. This frees up a computer’s CPU and can dramatically increase network throughput. For the same network link as above, the throughput with IPsec task offload enabled improves to about 9.2 Gbps. For more information, see Improving Network Performance by Using IPsec Task Offload (<http://go.microsoft.com/fwlink/?linkid=129229>).
+
+## Domain isolation design
+
+
+Include this design in your plans:
+
+-   If you have an Active Directory domain of which most of the computers are members.
+
+-   If you want to prevent the computers in your organization from accepting any unsolicited network traffic from computers that are not part of the domain.
+
+If you plan on including the basic firewall design as part of your deployment, we recommend that you deploy the firewall policies first to confirm that they work properly. Also plan to enable your connection security rules in request mode at first, instead of the more restrictive require mode, until you are sure that the computers are all correctly protecting network traffic with IPsec. If something is wrong, request mode still allows communications to continue while you are troubleshooting.
+
+When you are ready to examine the options for creating an isolated domain, see the [Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md) section.
+
+## Server isolation design
+
+
+Include this design in your plans:
+
+-   If you have an isolated domain and you want to additionally restrict access to specific servers to only authorized users and computers.
+
+-   You are not deploying an isolated domain, but want to take advantage of similar benefits for a few specific servers. You can restrict access to the isolated servers to only authorized users and computers.
+
+If you plan to include domain isolation in your deployment, we recommend that you complete that layer and confirm its correct operation before you implement the additional server isolation elements.
+
+When you are ready to examine the options for isolating servers, see the [Planning Server Isolation Zones](../p_server_archive/planning-server-isolation-zones.md) section.
+
+## Certificate-based authentication design
+
+
+Include this design in your plans:
+
+-   If you want to implement some of the elements of domain or server isolation on computers that are not joined to an Active Directory domain, or do not want to use domain membership as an authentication mechanism.
+
+-   You have an isolated domain and want to include a server that is not a member of the Active Directory domain because the computer is not running Windows, or for any other reason.
+
+-   You must enable external computers that are not managed by your organization to access information on one of your servers, and want to do this in a secure way.
+
+If you plan to include domain or server isolation in your deployment, we recommend that you complete those elements and confirm their correct operation before you add certificate-based authentication to the computers that require it.
+
+When you are ready to examine the options for using certificate-based authentication, see the [Planning Certificate-based Authentication](../p_server_archive/planning-certificate-based-authentication.md) section.
+
+## Documenting your design
+
+
+After you finish selecting the designs that you will use, you must assign each of your computers to the appropriate isolation zone and document the assignment for use by the deployment team.
+
+-   [Documenting the Zones](../p_server_archive/documenting-the-zones.md)
+
+## Designing groups and GPOs
+
+
+After you have selected a design and assigned your computers to zones, you can begin laying out the isolation groups for each zone, the network access groups for isolated server access, and the GPOs that you will use to apply the settings and rules to your computers.
+
+When you are ready to examine the options for the groups, filters, and GPOs, see the [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) section.
+
+**Next: **[Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/procedures-used-in-this-guide.md b/windows/keep-secure/procedures-used-in-this-guide.md
new file mode 100644
index 0000000000..733ca019e5
--- /dev/null
+++ b/windows/keep-secure/procedures-used-in-this-guide.md
@@ -0,0 +1,98 @@
+---
+title: Procedures Used in This Guide (Windows 10)
+description: Procedures Used in This Guide
+ms.assetid: 45c0f549-e4d8-45a3-a600-63e2a449e178
+author: brianlic-msft
+---
+
+# Procedures Used in This Guide
+
+
+The procedures in this section appear in the checklists found earlier in this document. They should be used only in the context of the checklists in which they appear. They are presented here in alphabetical order.
+
+[Add Production Computers to the Membership Group for a Zone](../p_server_archive/add-production-computers-to-the-membership-group-for-a-zone.md)
+
+[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)
+
+[Assign Security Group Filters to the GPO](../p_server_archive/assign-security-group-filters-to-the-gpo.md)
+
+[Change Rules from Request to Require Mode](../p_server_archive/change-rules-from-request-to-require-mode.md)
+
+[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+
+[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+
+[Configure Group Policy to Autoenroll and Deploy Certificates](../p_server_archive/configure-group-policy-to-autoenroll-and-deploy-certificates.md)
+
+[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+
+[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+
+[Configure the Windows Firewall Log](../p_server_archive/configure-the-windows-firewall-log.md)
+
+[Configure the Workstation Authentication Certificate Template](../p_server_archive/configure-the-workstation-authentication-certificate-templatewfas-dep.md)
+
+[Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](../p_server_archive/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
+
+[Confirm That Certificates Are Deployed Correctly](../p_server_archive/confirm-that-certificates-are-deployed-correctly.md)
+
+[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)
+
+[Create a Group Account in Active Directory](../p_server_archive/create-a-group-account-in-active-directory.md)
+
+[Create a Group Policy Object](../p_server_archive/create-a-group-policy-object.md)
+
+[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+
+[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+
+[Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+[Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+[Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+[Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+[Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+[Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+[Create WMI Filters for the GPO](../p_server_archive/create-wmi-filters-for-the-gpo.md)
+
+[Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+[Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+
+[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+
+[Install Active Directory Certificate Services](../p_server_archive/install-active-directory-certificate-services.md)
+
+[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)
+
+[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
+
+[Open the Group Policy Management Console to IP Security Policies](../p_server_archive/open-the-group-policy-management-console-to-ip-security-policies.md)
+
+[Open the Group Policy Management Console to Windows Firewall](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall.md)
+
+[Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
+
+[Open Windows Firewall with Advanced Security](../p_server_archive/open-windows-firewall-with-advanced-security.md)
+
+[Restrict Server Access to Members of a Group Only](../p_server_archive/restrict-server-access-to-members-of-a-group-only.md)
+
+[Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md)
+
+[Turn on Windows Firewall and Configure Default Behavior](../p_server_archive/turn-on-windows-firewall-and-configure-default-behavior.md)
+
+[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md b/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
new file mode 100644
index 0000000000..156362cc19
--- /dev/null
+++ b/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
@@ -0,0 +1,44 @@
+---
+title: Protect Computers from Unwanted Network Traffic (Windows 10)
+description: Protect Computers from Unwanted Network Traffic
+ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc
+author: brianlic-msft
+---
+
+# Protect Computers from Unwanted Network Traffic
+
+
+Although network perimeter firewalls provide important protection to network resources from external threats, there are network threats that a perimeter firewall cannot protect against. Some attacks might successfully penetrate the perimeter firewall, and at that point what can stop it? Other attacks might originate from inside the network, such as a computer virus that is brought in on portable media and run on a trusted computer. Portable computers are often taken outside the network and connected directly to the Internet, without adequate protection between the computer and security threats.
+
+Reports of targeted attacks against organizations, governments, and individuals have become more widespread in recent years. For a general overview of these threats, also known as advanced persistent threats (APT), see the [Microsoft Security Intelligence Report](http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_Key_Findings_Summary_English.pdf) at http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft\_Security\_Intelligence\_Report\_Volume\_12\_Key\_Findings\_Summary\_English.pdf.
+
+Running a host-based firewall on every computer that your organization manages is an important layer in a "defense-in-depth" security strategy. A host-based firewall can help protect against attacks that originate from inside the network and also provide additional protection against attacks from outside the network that manage to penetrate the perimeter firewall. It also travels with a portable computer to provide protection when it is away from the organization's network.
+
+A host-based firewall helps secure a computer by dropping all network traffic that does not match the administrator-designed rule set for permitted network traffic. This design, which corresponds to [Basic Firewall Policy Design](0c75637e-86b7-4fb3-9910-04c5cf186305), provides the following benefits:
+
+-   Network traffic that is a reply to a request from the local computer is permitted into the computer from the network.
+
+-   Network traffic that is unsolicited, but that matches a rule for allowed network traffic, is permitted into the computer from the network.
+
+    For example, Woodgrove Bank wants a computer that is running SQL Server to be able to receive the SQL queries sent to it by client computers. The firewall policy deployed to the computer that is running SQL Server includes firewall rules that specifically allow inbound network traffic for the SQL Server program.
+
+-   Outbound network traffic that is not specifically blocked is allowed on the network.
+
+    For example, Woodgrove Bank has a corporate policy that prohibits the use of certain peer-to-peer file sharing programs. The firewall policy deployed to the computers on the network includes firewall rules that block both inbound and outbound network traffic for the prohibited programs. All other outbound traffic is permitted.
+
+The following component is recommended for this deployment goal:
+
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more Group Policy objects (GPOs) that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources \[lhs\]](508b3d05-e9c9-4df9-bae4-750d4ad03302).
+
+Other means of deploying a firewall policy are available, such as creating scripts that use the **netsh** command-line tool, and then running those scripts on each computer in the organization. This guide uses Active Directory as a recommended means of deployment because of its ability to scale to very large organizations.
+
+**Next: **[Restrict Access to Only Trusted Computers](29805c5c-a8e4-4600-86b9-7abb9a068919)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
new file mode 100644
index 0000000000..29dfe483a0
--- /dev/null
+++ b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
@@ -0,0 +1,42 @@
+---
+title: Require Encryption When Accessing Sensitive Network Resources (Windows 10)
+description: Require Encryption When Accessing Sensitive Network Resources
+ms.assetid: da980d30-a68b-4e2a-ba63-94726355ce6f
+author: brianlic-msft
+---
+
+# Require Encryption When Accessing Sensitive Network Resources
+
+
+The use of authentication in the previously described goal ([Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md)) enables a computer in the isolated domain to block traffic from untrusted computers. However, it does not prevent an untrusted computer from eavesdropping on the network traffic shared between two trusted computers, because by default network packets are not encrypted.
+
+For computers that share sensitive information over the network, Windows Firewall with Advanced Security allows you to require that all such network traffic be encrypted. Using encryption can help you comply with regulatory and legislative requirements such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations. By creating connection security rules that apply to computers that host and exchange sensitive data, you can help protect the confidentiality of that data by encrypting it.
+
+The following illustration shows an encryption zone in an isolated domain. The rules that implement both the isolated domain and the different zones are deployed by using Group Policy and Active Directory.
+
+![encryption zone in an isolated domain](images/wfas-domainisoencrypt.gif)
+
+This goal provides the following benefits:
+
+-   Computers in the encryption zone require authentication to communicate with other computers. This works no differently from the domain isolation goal and design. For more information, see [Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md).
+
+-   Computers in the encryption zone require that all inbound and outbound network traffic be encrypted.
+
+    For example, Woodgrove Bank processes sensitive customer data on a computer that must be protected from eavesdropping by computers on the network. Connection security rules specify that all traffic must be encrypted by a sufficiently complex encryption algorithm to help protect the data.
+
+-   Computers in the encryption zone are often good candidates for server isolation, where access is limited to only computer accounts and user accounts that are members of an authorized access group. In many organizations, the encryption zone and the server isolation zone are one and the same. For more information, see [Restrict Access to Only Specified Users or Computers](../p_server_archive/restrict-access-to-only-specified-users-or-computers.md).
+
+The following components are required for this deployment goal:
+
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](../p_server_archive/additional-resources-wfasdesign.md).
+
+**Next: **[Restrict Access to Only Specified Users or Computers](../p_server_archive/restrict-access-to-only-specified-users-or-computers.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md b/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
new file mode 100644
index 0000000000..1e565f2c6b
--- /dev/null
+++ b/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
@@ -0,0 +1,46 @@
+---
+title: Restrict Access to Only Specified Users or Computers (Windows 10)
+description: Restrict Access to Only Specified Users or Computers
+ms.assetid: a6106a07-f9e5-430f-8dbd-06d3bf7406df
+author: brianlic-msft
+---
+
+# Restrict Access to Only Specified Users or Computers
+
+
+Domain isolation (as described in the previous goal [Restrict Access to Only Trusted Computers](29805c5c-a8e4-4600-86b9-7abb9a068919)) prevents computers that are members of the isolated domain from accepting network traffic from untrusted computers. However, some computers on the network might host sensitive data that must be additionally restricted to only those users and computers that have a business requirement to access the data.
+
+Windows Firewall with Advanced Security enables you to restrict access to computers and users that are members of domain groups authorized to access that computer. These groups are called *network access groups (NAGs)*. When a computer authenticates to a server, the server checks the group membership of the computer account and the user account, and grants access only if membership in the NAG is confirmed. Adding this check creates a virtual "secure zone" within the domain isolation zone. You can have multiple computers in a single secure zone, and it is likely that you will create a separate zone for each set of servers that have specific security access needs. Computers that are part of this server isolation zone are often also part of the encryption zone (see [Require Encryption When Accessing Sensitive Network Resources](261bd90d-5a8a-4de1-98c7-6d07e5d81267)).
+
+Restricting access to only users and computers that have a business requirement can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
+
+Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista enable you to restrict access by specifying either computer or user credentials.
+
+The following illustration shows an isolated server, and examples of computers that can and cannot communicate with it. Computers that are outside the Woodgrove corporate network, or computers that are in the isolated domain but are not members of the required NAG, cannot communicate with the isolated server.
+
+![isolated domain with network access groups](images/wfas-domainnag.gif)
+
+This goal, which corresponds to [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md), provides the following features:
+
+-   Isolated servers accept unsolicited inbound network traffic only from computers or users that are members of the NAG.
+
+-   Isolated servers can be implemented as part of an isolated domain, and treated as another zone. Members of the zone group receive a GPO with rules that require authentication, and that specify that only network traffic authenticated as coming from a member of the NAG is allowed.
+
+-   Server isolation can also be configured independently of an isolated domain. To do so, configure only the computers that must communicate with the isolated server with connection security rules to implement authentication and check NAG membership.
+
+-   A server isolation zone can be simultaneously configured as an encryption zone. To do this, configure the GPO with rules that force encryption in addition to requiring authentication and restricting access to NAG members. For more information, see [Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md).
+
+The following components are required for this deployment goal:
+
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](../p_server_archive/additional-resources-wfasdesign.md).
+
+**Next: **[Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](../p_server_archive/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/restrict-access-to-only-trusted-computers.md b/windows/keep-secure/restrict-access-to-only-trusted-computers.md
new file mode 100644
index 0000000000..aa3e530671
--- /dev/null
+++ b/windows/keep-secure/restrict-access-to-only-trusted-computers.md
@@ -0,0 +1,59 @@
+---
+title: Restrict Access to Only Trusted Computers (Windows 10)
+description: Restrict Access to Only Trusted Computers
+ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
+author: brianlic-msft
+---
+
+# Restrict Access to Only Trusted Computers
+
+
+Your organizational network likely has a connection to the Internet. You also likely have partners, vendors, or contractors who attach computers that are not owned by your organization to your network. Because you do not manage those computers, you cannot trust them to be free of malicious software, maintained with the latest security updates, or in any way in compliance with your organization's security policies. These untrustworthy computers both on and outside of your physical network must not be permitted to access your organization's computers except where it is truly required.
+
+To mitigate this risk, you must be able to isolate the computers you trust, and restrict their ability to receive unsolicited network traffic from untrusted computers. By using connection security and firewall rules available in Windows Firewall with Advanced Security, you can logically isolate the computers that you trust by requiring that all unsolicited inbound network traffic be authenticated. Authentication ensures that each computer or user can positively identify itself by using credentials that are trusted by the other computer. Connection security rules can be configured to use IPsec with the Kerberos V5 protocol available in Active Directory, or certificates issued by a trusted certification authority as the authentication method.
+
+**Note**  
+Because the primary authentication method recommended for computers that are running Windows is to use the Kerberos V5 protocol with membership in an Active Directory domain, this guide refers to this logical separation of computers as *domain isolation*, even when certificates are used to extend the protection to computers that are not part of an Active Directory domain.
+
+ 
+
+The protection provided by domain isolation can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
+
+The following illustration shows an isolated domain, with one of the zones that are optionally part of the design. The rules that implement both the isolated domain and the different zones are deployed by using Group Policy and Active Directory.
+
+![domain isolation](images/wfas-domainiso.gif)
+
+These goals, which correspond to [Domain Isolation Policy Design](3aa75a74-adef-41e4-bf2d-afccf2c47d46) and [Certificate-based Isolation Policy Design](a706e809-ddf3-42a4-9991-6e5d987ebf38), provide the following benefits:
+
+-   Computers in the isolated domain accept unsolicited inbound network traffic only when it can be authenticated as coming from another computer in the isolated domain. Exemption rules can be defined to allow inbound traffic from trusted computers that for some reason cannot perform IPsec authentication.
+
+    For example, Woodgrove Bank wants all of its computers to block all unsolicited inbound network traffic from any computer that it does not manage. The connection security rules deployed to domain member computers require authentication as a domain member or by using a certificate before an unsolicited inbound network packet is accepted.
+
+-   Computers in the isolated domain can still send outbound network traffic to untrusted computers and receive the responses to the outbound requests.
+
+    For example, Woodgrove Bank wants its users at client computers to be able to access Web sites on the Internet. The default Windows Firewall with Advanced Security settings for outbound network traffic allow this. No additional rules are required.
+
+These goals also support optional zones that can be created to add customized protection to meet the needs of subsets of an organization's computers:
+
+-   Computers in the "boundary zone" are configured to use connection security rules that request but do not require authentication. This enables them to receive unsolicited inbound network traffic from untrusted computers, and also to receive traffic from the other members of the isolated domain.
+
+    For example, Woodgrove Bank has a server that must be accessed by its partners' computers through the Internet. The rules applied to computers in the boundary zone use authentication when the client computer can support it, but do not block the connection if the client computer cannot authenticate.
+
+-   Computers in the "encryption zone" require that all network traffic in and out must be encrypted to secure potentially sensitive material when it is sent over the network.
+
+    For example, Woodgrove Bank wants the computers running SQL Server to only transmit data that is encrypted to help protect the sensitive data stored on those computers.
+
+The following components are required for this deployment goal:
+
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources \[lhs\]](508b3d05-e9c9-4df9-bae4-750d4ad03302).
+
+**Next: **[Require Encryption When Accessing Sensitive Network Resources](261bd90d-5a8a-4de1-98c7-6d07e5d81267)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md b/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
new file mode 100644
index 0000000000..437e25bce5
--- /dev/null
+++ b/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
@@ -0,0 +1,58 @@
+---
+title: Restrict Server Access to Members of a Group Only (Windows 10)
+description: Restrict Server Access to Members of a Group Only
+ms.assetid: ea51c55b-e1ed-44b4-82e3-3c4287a8628b
+author: brianlic-msft
+---
+
+# Restrict Server Access to Members of a Group Only
+
+
+After you have configured the IPsec connection security rules that force client computers to authenticate their connections to the isolated server, you must configure the rules that restrict access to only those computers or users who have been identified through the authentication process as members of the isolated server’s access group.
+
+The way in which you restrict access to the isolated server depends on which version of the Windows operating system the server is running.
+
+-   If the server is running Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012, then you create a firewall rule that specifies the user and computer accounts that are allowed. The authentication method used in the connection must support the account type specified. Remember that only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 support user-based authentication.
+
+In this topic:
+
+-   [Create a firewall rule to access isolated servers running Windows Server 2008 or later](#bkmk-section1)
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+## <a href="" id="bkmk-section1"></a>
+
+
+**To create a firewall rule that grants access to an isolated server running Windows Server 2008 or later**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](75ccea22-f225-40be-94a9-d0b17170d4fe). You must edit the GPO that applies settings to servers in the isolated server zone.
+
+2.  In the navigation pane, right-click **Inbound Rules**, and then click **New Rule**.
+
+3.  On the **Rule Type** page, click **Custom**, and then click **Next**.
+
+4.  If you must restrict access to a single network program, then you can select **This program path**, and specify the program or service to which to grant access. Otherwise, click **All programs**, and then click **Next**.
+
+5.  If you must restrict access to only some TCP or UDP port numbers, then enter the port numbers on the **Protocol and Ports** page. Otherwise, set **Protocol type** to **Any**, and then click **Next**.
+
+6.  On the **Scope** page, select **Any IP address** for both local and remote addresses, and then click **Next**.
+
+7.  On the **Action** page, click **Allow the connection if it is secure**. If required by your design, you can also click **Customize** and select **Require the connections to be encrypted**. Click **Next**.
+
+8.  On the **Users and Computers** page, select the check box for the type of accounts (computer or user) you want to allow, click **Add**, and then enter the group account that contains the computer and user accounts permitted to access the server.
+
+    **Caution**  
+    Remember that if you specify a user group on the Users page, your authentication scheme must include a method that uses user-based credentials. User-based credentials are only supported on versions of Windows that support AuthIP, such as Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. Earlier versions of Windows and other operating systems that support IKE v1 only do not support user-based authentication; computers running those versions or other operating systems will not be able to connect to the isolated server through this firewall rule.
+
+     
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
new file mode 100644
index 0000000000..acdb18d98f
--- /dev/null
+++ b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
@@ -0,0 +1,203 @@
+---
+title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows 10)
+description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
+ms.assetid: 290d61e6-ec8c-48b9-8dcd-d0df6df24181
+author: brianlic-msft
+---
+
+# Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
+
+
+In Windows Server 2012, Internet Key Exchange version 2 (IKEv2) support is broadened from previous Windows versions.
+
+For example, in Windows Server 2012, IKEv2 does the following:
+
+-   Supports additional scenarios, including IPsec end-to-end transport mode connections
+
+-   Provides interoperability for Windows with other operating systems that use IKEv2 for end-to-end security
+
+-   Supports Suite B (RFC 4869) requirements
+
+-   Coexists with existing policies that deploy AuthIP/IKEv1
+
+-   Uses the Windows PowerShell interface exclusively for configuration. You cannot configure IKEv2 through the user interface.
+
+-   Uses certificates for the authentication mechanism
+
+In Windows Server 2008 R2, IKEv2 is available as a virtual private network (VPN) tunneling protocol that supports automatic VPN reconnection. IKEv2 allows the security association to remain unchanged despite changes in the underlying connection.
+
+**In this document**
+
+-   [Prerequisites](#bkmk-prereqs)
+
+-   [Computers joined to a domain](#bkmk-step1)
+
+-   [Computers not joined to a domain](#bkmk-step2)
+
+-   [Troubleshooting](#bkmk-troubleshooting)
+
+**Note**  
+This topic includes sample Windows PowerShell cmdlets. For more information, see [How to Run a Windows PowerShell Cmdlet](http://go.microsoft.com/fwlink/p/?linkid=230693).
+
+ 
+
+## Prerequisites
+
+
+These procedures assume that you already have a public key infrastructure (PKI) in place for computer authentication.
+
+## <a href="" id="bkmk-step1"></a>Computers joined to a domain
+
+
+The following Windows PowerShell script establishes a connection security rule that uses IKEv2 for communication between two computers (CLIENT1 and SERVER1) that are joined to the corp.contoso.com domain as shown in Figure 1.
+
+![the contoso corporate network](images/corpnet.gif)
+
+**Figure 1** The Contoso corporate network
+
+This script does the following:
+
+-   Creates a security group called **IPsec client and servers** and adds CLIENT1 and SERVER1 as members.
+
+-   Creates a Group Policy Object (GPO) called **IPsecRequireInRequestOut** and links it to the corp.contoso.com domain.
+
+-   Sets the permissions to the GPO so that they apply only to the computers in **IPsec client and servers** and not to **Authenticated Users**.
+
+-   Indicates the certificate to use for authentication.
+
+    **Important**  
+    The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
+
+     
+
+-   Creates the IKEv2 connection security rule called **My IKEv2 Rule**.
+
+![powershell logo](images/powershelllogosmall.gif)**Windows PowerShell commands**
+
+Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints.
+
+``` syntax
+# Create a Security Group for the computers that will get the policy
+$pathname = (Get-ADDomain).distinguishedname
+New-ADGroup -name "IPsec client and servers" -SamAccountName "IPsec client and servers" `
+-GroupCategory security -GroupScope Global -path $pathname
+
+# Add test computers to the Security Group
+$computer = Get-ADComputer -LDAPFilter "(name=client1)"
+Add-ADGroupMember -Identity "IPsec client and servers" -Members $computer
+$computer = Get-ADComputer -LDAPFilter "(name=server1)"
+Add-ADGroupMember -Identity "IPsec client and servers" -Members $computer
+
+# Create and link the GPO to the domain 
+$gpo = New-gpo IPsecRequireInRequestOut
+$gpo | new-gplink -target "dc=corp,dc=contoso,dc=com" -LinkEnabled Yes
+
+# Set permissions to security group for the GPO
+$gpo | Set-GPPermissions -TargetName "IPsec client and servers" -TargetType Group -PermissionLevel GpoApply -Replace
+$gpo | Set-GPPermissions -TargetName "Authenticated Users" -TargetType Group -PermissionLevel None -Replace
+
+#Set up the certificate for authentication
+$gponame = "corp.contoso.com\IPsecRequireInRequestOut" 
+$certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA"
+$myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop –PolicyStore GPO:$gponame
+
+#Create the IKEv2 Connection Security rule
+New-NetIPsecRule  -DisplayName "My IKEv2 Rule" -RemoteAddress any -Phase1AuthSet $myauth.InstanceID `
+-InboundSecurity Require -OutboundSecurity Request -KeyModule IKEv2 -PolicyStore GPO:$gponame
+```
+
+## <a href="" id="bkmk-step2"></a>Computers not joined to a domain
+
+
+Use a Windows PowerShell script similar to the following to create a local IPsec policy on the computers that you want to include in the secure connection.
+
+**Important**  
+The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
+
+ 
+
+![powershell logo](images/powershelllogosmall.gif)**Windows PowerShell commands**
+
+Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints.
+
+``` syntax
+#Set up the certificate
+$certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA"
+$myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop
+
+#Create the IKEv2 Connection Security rule
+New-NetIPsecRule  -DisplayName "My IKEv2 Rule" -RemoteAddress any -Phase1AuthSet $myauth.InstanceID `
+-InboundSecurity Require -OutboundSecurity Request -KeyModule IKEv2
+```
+
+Make sure that you install the required certificates on the participating computers.
+
+**Note**  
+-   For local computers, you can import the certificates manually if you have administrator access to the computer. For more information, see [Import or export certificates and private keys](http://windows.microsoft.com/windows-vista/Import-or-export-certificates-and-private-keys).
+
+-   You need a root certificate and a computer certificate on all computers that participate in the secure connection. Save the computer certificate in the **Personal/Certificates** folder.
+
+-   For remote computers, you can create a secure website to facilitate access to the script and certificates.
+
+ 
+
+## <a href="" id="bkmk-troubleshooting"></a>Troubleshooting
+
+
+Follow these procedures to verify and troubleshoot your IKEv2 IPsec connections:
+
+**Use the Windows Firewall with Advanced Security snap-in to verify that a connection security rule is enabled.**
+
+1.  On the **Start** screen, type **wf.msc**, and then press ENTER.
+
+2.  In the left pane of the Windows Firewall with Advanced Security snap-in, click **Connection Security Rules**, and then verify that there is an enabled connection security rule.
+
+3.  Expand **Monitoring**, and then click **Connection Security Rules** to verify that your IKEv2 rule is active for your currently active profile.
+
+**Use Windows PowerShell cmdlets to display the security associations.**
+
+1.  Open a Windows PowerShell command prompt.
+
+2.  Type **get-NetIPsecQuickModeSA** to display the Quick Mode security associations.
+
+3.  Type **get-NetIPsecMainModeSA** to display the Main Mode security associations.
+
+**Use netsh to capture IPsec events.**
+
+1.  Open an elevated command prompt.
+
+2.  At the command prompt, type **netsh wfp capture start**.
+
+3.  Reproduce the error event so that it can be captured.
+
+4.  At the command prompt, type **netsh wfp capture stop**.
+
+    A wfpdiag.cab file is created in the current folder.
+
+5.  Open the cab file, and then extract the wfpdiag.xml file.
+
+6.  Open the wfpdiag.xml file with your an XML viewer program or Notepad, and then examine the contents. There will be a lot of data in this file. One way to narrow down where to start looking is to search the last “errorFrequencyTable” at the end of the file. There might be many instances of this table, so make sure that you look at the last table in the file. For example, if you have a certificate problem, you might see the following entry in the last table at the end of the file:
+
+    ``` syntax
+    <item><error>ERROR_IPSEC_IKE_NO_CERT</error>
+    <frequency>32</frequency>
+    </item>
+    ```
+
+    In this example, there are 32 instances of the **ERROR\_IPSEC\_IKE\_NO\_CERT** error. So now you can search for **ERROR\_IPSEC\_IKE\_NO\_CERT** to get more details regarding this error.
+
+You might not find the exact answer for the issue, but you can find good hints. For example, you might find that there seems to be an issue with the certificates, so you can look at your certificates and the related cmdlets for possible issues.
+
+## <a href="" id="bkmk-links"></a>See also
+
+
+-   [Windows Firewall with Advanced Security Overview](../p_server_archive/windows-firewall-with-advanced-security-overview-win8.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/server-isolation-gpos.md b/windows/keep-secure/server-isolation-gpos.md
new file mode 100644
index 0000000000..aa7a7f109b
--- /dev/null
+++ b/windows/keep-secure/server-isolation-gpos.md
@@ -0,0 +1,36 @@
+---
+title: Server Isolation GPOs (Windows 10)
+description: Server Isolation GPOs
+ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4
+author: brianlic-msft
+---
+
+# Server Isolation GPOs
+
+
+Each set of computers that have different users or computers accessing them require a separate server isolation zone. Each zone requires one GPO for each version of Windows running on computers in the zone. The Woodgrove Bank example has an isolation zone for their computers that run SQL Server. The server isolation zone is logically considered part of the encryption zone. Therefore, server isolation zone GPOs must also include rules for encrypting all isolated server traffic. Woodgrove Bank copied the encryption zone GPOs to serve as a starting point, and renamed them to reflect their new purpose.
+
+All of the computer accounts for computers in the SQL Server server isolation zone are added to the group CG\_SRVISO\_WGBANK\_SQL. This group is granted Read and Apply Group Policy permissions in on the GPOs described in this section. The GPOs are only for server versions of Windows. Client computers are not expected to be members of the server isolation zone, although they can access the servers in the zone by being a member of a network access group (NAG) for the zone.
+
+## <a href="" id="gpo-srviso-ws2008"></a>GPO\_SRVISO\_WS2008
+
+
+This GPO is identical to the GPO\_DOMISO\_Encryption\_WS2008 GPO with the following changes:
+
+-   The firewall rule that enforces encryption is modified to include the NAGs on the **Users and Computers** tab of the rule. The NAGs granted permission include CG\_NAG\_SQL\_Users and CG\_NAG\_SQL\_Computers.
+
+    **Important**  
+    Earlier versions of Windows support only computer-based authentication. If you specify that user authentication is mandatory, only users on computers that are running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008 can connect.
+
+     
+
+**Next: **[Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/server-isolation-policy-design-example.md b/windows/keep-secure/server-isolation-policy-design-example.md
new file mode 100644
index 0000000000..1666f22af8
--- /dev/null
+++ b/windows/keep-secure/server-isolation-policy-design-example.md
@@ -0,0 +1,87 @@
+---
+title: Server Isolation Policy Design Example (Windows 10)
+description: Server Isolation Policy Design Example
+ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6
+author: brianlic-msft
+---
+
+# Server Isolation Policy Design Example
+
+
+This design example continues to use the fictitious company Woodgrove Bank, as described in the [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md) section and the [Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md) section.
+
+In addition to the protections provided by the firewall and domain isolation, Woodgrove Bank wants to provide additional protection to the computers that are running Microsoft SQL Server for the WGBank program. They contain personal data, including each customer's financial history. Government and industry rules and regulations specify that access to this information must be restricted to only those users who have a legitimate business need. This includes a requirement to prevent interception of and access to the information when it is in transit over the network.
+
+The information presented by the WGBank front-end servers to the client computers, and the information presented by the WGPartner servers to the remote partner computers, are not considered sensitive for the purposes of the government regulations, because they are processed to remove sensitive elements before transmitting the data to the client computers.
+
+In this guide, the examples show server isolation layered on top of a domain isolation design. If you have an isolated domain, the client computers are already equipped with GPOs that require authentication. You only have to add settings to the isolated server(s) to require authentication on inbound connections, and to check for membership in the NAG. The connection attempt succeeds only if NAG membership is confirmed.
+
+## Server isolation without domain isolation
+
+
+Server isolation can also be deployed by itself, to only the computers that must participate. The GPO on the server is no different from the one discussed in the previous paragraph for a server in an existing isolated domain. The difference is that you must also deploy a GPO with supporting connection security rules to the clients that must be able to communicate with the isolated server. Because those computers must be members of the NAG, that group can also be used in a security group filter on the client GPO. That GPO must contain rules that support the authentication requirements of the isolated server.
+
+In short, instead of applying the client GPO to all clients in the domain, you apply the GPO to only the members of the NAG.
+
+If you do not have an Active Directory domain then you can manually apply the connection security rules to the client computers, or you can use a netsh command-line script (or Windows PowerShell in Windows 8 and Windows Server 2012) to help automate the configuration of the rules on larger numbers of computers. If you do not have an Active Directory domain, you cannot use the Kerberos V5 protocol, but instead must provide the clients and the isolated servers with certificates that are referenced in the connection security rules.
+
+## Design requirements
+
+
+In addition to the protection provided by the firewall rules and domain isolation described in the previous design examples, the network administrators want to implement server isolation to help protect the sensitive data stored on the computers that run SQL Server.
+
+The following illustration shows the traffic protection needs for this design example.
+
+![isolated server example](images/wfas-design3example1.gif)
+
+1.  Access to the SQL Server computers must be restricted to only those computer or user accounts that have a business requirement to access the data. This includes the service accounts that are used by the WGBank front-end servers, and administrators of the SQL Server computers. In addition, access is only granted when it is sent from an authorized computer. Authorization is determined by membership in a network access group (NAG).
+
+2.  All network traffic to and from the SQL Server computers must be encrypted.
+
+3.  Client computers or users whose accounts are not members of the NAG cannot access the isolated servers.
+
+**Other traffic notes:**
+
+-   All of the design requirements shown in the [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md) section are still enforced.
+
+-   All of the design requirements shown in the [Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md) section are still enforced.
+
+## Design details
+
+
+Woodgrove Bank uses Active Directory groups and GPOs to deploy the server isolation settings and rules to the computers on its network.
+
+As in the previously described policy design examples, GPOs to implement the domain isolation environment are linked to the domain container in Active Directory, and then WMI filters and security group filters are attached to GPOs to ensure that the correct GPO is applied to each computer. The following groups were created by using the Active Directory Users and Computers snap-in, and all computers that run Windows were added to the correct groups.
+
+-   **CG\_SRVISO\_WGBANK\_SQL**. This group contains the computer accounts for the computers that run SQL Server. Members of this group receive a GPO with firewall and connections security rules that require that only users who are members of the group CG\_NAG\_SQL\_USERS can access the server, and only when they are using a computer that is a member of the group CG\_NAG\_SQL\_COMPUTERS.
+
+**Note**  
+If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. However, computers that are running older versions of Windows can only support a single IPsec policy being active at a time. The policies for each GPO must be complete (and to a great extent redundant with each other), because you cannot layer them as you can in the newer versions of Windows. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any computers that are incorrectly assigned to more than one group.
+
+ 
+
+Network access groups (NAGs) are not used to determine which GPOs are applied to a computer. Instead, these groups determine which users and computers can access the services on the isolated server.
+
+-   **CG\_NAG\_SQL\_COMPUTERS**. This network access group contains the computer accounts that are able to access the computers running SQL Server hosting the WGBank data. Members of this group include the WGBank front-end servers, and some client computers from which SQL Server administrators are permitted to work on the servers.
+
+-   **CG\_NAG\_SQL\_USERS**. This network access group contains the user accounts of users who are permitted to access the SQL Server computers that host the WGBank data. Members of this group include the service account that the WGBank front-end program uses to run on its computers, and the user accounts for the SQL Server administration team members.
+
+**Note**  
+You can use a single group for both user and computer accounts. Woodgrove Bank chose to keep them separate for clarity.
+
+ 
+
+If Woodgrove Bank wants to implement server isolation without domain isolation, the CG\_NAG\_SQL\_COMPUTERS group can also be attached as a security group filter on the GPOs that apply connection security rules to the client computers. By doing this, all the computers that are authorized to access the isolated server also have the required connection security rules.
+
+You do not have to include the encryption-capable rules on all computers. Instead, you can create GPOs that are applied only to members of the NAG, in addition to the standard domain isolation GPO, that contain connection security rules to support encryption.
+
+**Next: **[Certificate-based Isolation Policy Design Example](../p_server_archive/certificate-based-isolation-policy-design-example.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/server-isolation-policy-design.md b/windows/keep-secure/server-isolation-policy-design.md
new file mode 100644
index 0000000000..798292f552
--- /dev/null
+++ b/windows/keep-secure/server-isolation-policy-design.md
@@ -0,0 +1,59 @@
+---
+title: Server Isolation Policy Design (Windows 10)
+description: Server Isolation Policy Design
+ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a
+author: brianlic-msft
+---
+
+# Server Isolation Policy Design
+
+
+In the server isolation policy design, you assign servers to a zone that allows access only to users and computers that authenticate as members of an approved network access group (NAG).
+
+This design typically begins with a network configured as described in the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md) section. For this design, you then create zones for servers that have additional security requirements. The zones can limit access to the server to only members of authorized groups, and can optionally require the encryption of all traffic in or out of these servers. This can be done on a per server basis, or for a group of servers that share common security requirements.
+
+You can implement a server isolation design without using domain isolation. To do this, you use the same principles as domain isolation, but instead of applying them to an Active Directory domain, you apply them only to the computers that must be able to access the isolated servers. The GPO contains connection security and firewall rules that require authentication when communicating with the isolated servers. In this case, the NAGs that determine which users and computers can access the isolated server are also used to determine which computers receive the GPO.
+
+The design is shown in the following illustration, with arrows that show the permitted communication paths.
+
+![isolated domain with isolated server](images/wfas-domainisohighsec.gif)
+
+Characteristics of this design include the following:
+
+-   Isolated domain (area A) - The same isolated domain described in the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md) section. If the isolated domain includes a boundary zone, then computers in the boundary zone behave just like other members of the isolated domain in the way that they interact with computers in server isolation zones.
+
+-   Isolated servers (area B) - Computers in the server isolation zones restrict access to computers, and optionally users, that authenticate as a member of a network access group (NAG) authorized to gain access.
+
+-   Encryption zone (area C) - If the data being exchanged is sufficiently sensitive, the connection security rules for the zone can also require that the network traffic be encrypted. Encryption zones are most often implemented as rules that are part of a server isolation zone, instead of as a separate zone. The diagram illustrates the concept as a subset for conceptual purposes only.
+
+To add support for server isolation, you must ensure that the authentication methods are compatible with the requirements of the isolated server. For example, if you want to authorize user accounts that are members of a NAG in addition to authorizing computer accounts, you must enable both user and computer authentication in your connection security rules.
+
+**Important**  
+This design builds on the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
+
+ 
+
+This design can be applied to computers that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
+
+For more information about this design:
+
+-   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md), [Restrict Access to Only Specified Users or Computers](../p_server_archive/restrict-access-to-only-specified-users-or-computers.md), and [Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md).
+
+-   To learn more about this design, see [Server Isolation Policy Design Example](../p_server_archive/server-isolation-policy-design-example.md).
+
+-   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md).
+
+-   To help you make the decisions required in this design, see [Planning Server Isolation Zones](../p_server_archive/planning-server-isolation-zones.md) and [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md).
+
+-   For a list of tasks that you can use to deploy your server isolation policy design, see "Checklist: Implementing a Standalone Server Isolation Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=xxxxx) at http://go.microsoft.com/fwlink/?linkid=xxxx.
+
+**Next: **[Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/start-a-command-prompt-as-an-administrator.md b/windows/keep-secure/start-a-command-prompt-as-an-administrator.md
new file mode 100644
index 0000000000..55bd05b936
--- /dev/null
+++ b/windows/keep-secure/start-a-command-prompt-as-an-administrator.md
@@ -0,0 +1,34 @@
+---
+title: Start a Command Prompt as an Administrator (Windows 10)
+description: Start a Command Prompt as an Administrator
+ms.assetid: 82615224-39df-458f-b165-48af77721527
+author: brianlic-msft
+---
+
+# Start a Command Prompt as an Administrator
+
+
+This topic describes how to open a command prompt with full administrator permissions. If your user account is a member of the Administrators group, but is not the Administrator account itself, then, by default, the programs that you run only have standard user permissions. You must explicitly specify that you require the use of your administrative permissions by using one of the procedures in this topic.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Administrators group.
+
+**To start a command prompt as an administrator**
+
+-   Right-click the **Start** charm, and then click **Command Prompt (Admin)**.
+
+**To start a command prompt as an administrator (alternative method)**
+
+1.  Click the **Start** charm.
+
+2.  Type **cmd**, right-click the **Command Prompt** tile, and then click **Run as administrator**.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
new file mode 100644
index 0000000000..0e12364aa9
--- /dev/null
+++ b/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -0,0 +1,48 @@
+---
+title: Turn on Windows Firewall and Configure Default Behavior (Windows 10)
+description: Turn on Windows Firewall and Configure Default Behavior
+ms.assetid: 3c3fe832-ea81-4227-98d7-857a3129db74
+author: brianlic-msft
+---
+
+# Turn on Windows Firewall and Configure Default Behavior
+
+
+To enable Windows Firewall and configure its default behavior, use the Windows Firewall with Advanced Security node (for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2) in the Group Policy Management MMC snap-in.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+## <a href="" id="bkmk-1"></a>
+
+
+**To enable Windows Firewall and configure the default behavior on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the details pane, in the **Overview** section, click **Windows Firewall Properties**.
+
+3.  For each network location type (Domain, Private, Public), perform the following steps.
+
+    **Note**  
+    The steps shown here indicate the recommended values for a typical deployment. Use the settings that are appropriate for your firewall design.
+
+     
+
+    1.  Click the tab that corresponds to the network location type.
+
+    2.  Change **Firewall state** to **On (recommended)**.
+
+    3.  Change **Inbound connections** to **Block (default)**.
+
+    4.  Change **Outbound connections** to **Allow (default)**.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md
new file mode 100644
index 0000000000..5088fc9668
--- /dev/null
+++ b/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -0,0 +1,34 @@
+---
+title: Understanding the Windows Firewall with Advanced Security Design Process (Windows 10)
+description: Understanding the Windows Firewall with Advanced Security Design Process
+ms.assetid: ab7db2bf-38c8-48eb-82e0-3d284055e7bb
+author: brianlic-msft
+---
+
+# Understanding the Windows Firewall with Advanced Security Design Process
+
+
+Designing any deployment starts by performing several important tasks:
+
+-   [Identifying Your Windows Firewall with Advanced Security Design Goals](bba6fa3a-2318-4cb7-aa75-f2910d9c406d)
+
+-   [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](39bb8fa5-4601-45ae-83c5-121d42f7f82c)
+
+-   [Evaluating Windows Firewall with Advanced Security Design Examples](6da09290-8cda-4731-8fce-07fc030f9f4f)
+
+After you identify your deployment goals and map them to a Windows Firewall with Advanced Security design, you can begin documenting the design based on the processes that are described in the following topics:
+
+-   [Designing A Windows Firewall with Advanced Security Strategy](36230ca4-ee8d-4b2c-ab4f-5492b4400340)
+
+-   [Planning Your Windows Firewall with Advanced Security Design](6622d31d-a62c-4506-8cea-275bf42e755f)
+
+**Next:**[Identifying Your Windows Firewall with Advanced Security Design Goals](bba6fa3a-2318-4cb7-aa75-f2910d9c406d)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/verify-that-network-traffic-is-authenticated.md b/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
new file mode 100644
index 0000000000..40056df757
--- /dev/null
+++ b/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
@@ -0,0 +1,77 @@
+---
+title: Verify That Network Traffic Is Authenticated (Windows 10)
+description: Verify That Network Traffic Is Authenticated
+ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2
+author: brianlic-msft
+---
+
+# Verify That Network Traffic Is Authenticated
+
+
+After you have configured your domain isolation rule to request, rather than require, authentication, you must confirm that the network traffic sent by the computers on the network is being protected by IPsec authentication as expected. If you switch your rules to require authentication before all of the computers have received and applied the correct GPOs, or if there are any errors in your rules, then communications on the network can fail. By first setting the rules to request authentication, any network connections that fail authentication can continue in clear text while you diagnose and troubleshoot.
+
+In these procedures, you confirm that the rules you deployed are working correctly. Your next steps depend on which zone you are working on:
+
+-   **Main domain isolation zone.** Before you convert your main domain isolation IPsec rule from request mode to require mode, you must make sure that the network traffic is protected according to your design. By configuring your rules to request and not require authentication at the beginning of operations, computers on the network can continue to communicate even when the main mode authentication or quick mode integrity and encryption rules are not working correctly. For example, if your encryption zone contains rules that require a certain encryption algorithm, but that algorithm is not included in a security method combination on the clients, then those clients cannot successfully negotiate a quick mode security association, and the server refuses to accept network traffic from the client. By first using request mode only, you have the opportunity to deploy your rules and then examine the network traffic to see if they are working as expected without risking a loss of communications.
+
+-   **Boundary zone.** Confirming correct operation of IPsec is the last step if you are working on the boundary zone GPO. You do not convert the GPO to require mode at any time.
+
+-   **Encryption zone.** Similar to the main isolation zone, after you confirm that the network traffic to zone members is properly authenticated and encrypted, you must convert your zone rules from request mode to require mode.
+
+**Note**  
+In addition to the steps shown in this procedure, you can also use network traffic capture tools such as Microsoft Network Monitor, which can be downloaded from <http://go.microsoft.com/fwlink/?linkid=94770>. Network Monitor and similar tools allow you to capture, parse, and display the network packets received by the network adapter on your computer. Current versions of these tools include full support for IPsec. They can identify encrypted network packets, but they cannot decrypt them.
+
+ 
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+## <a href="" id="bkmk-proceduresforcomputersthatarerunningwindowsvistaorwindowsserver2008"></a>For computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+
+
+**To verify that network connections are authenticated by using the Windows Firewall with Advanced Security MMC snap-in**
+
+1.  Click the **Start** charm, type **wf.msc**, and then press ENTER.
+
+    Windows Firewall with Advanced Security opens.
+
+2.  In the navigation pane, expand **Monitoring**, and then click **Connection Security Rules**.
+
+    The details pane displays the rules currently in effect on the computer.
+
+3.  **To display the Rule Source column**
+
+    1.  In the **Actions** pane, click **View**, and then click **Add/Remove Columns**.
+
+    2.  In the **Available columns** list, select **Rule Source**, and then click **Add**.
+
+    3.  Use the **Move up** and **Move down** buttons to rearrange the order. Click **OK** when you are finished.
+
+        It can take a few moments for the list to be refreshed with the newly added column.
+
+4.  Examine the list for the rules from GPOs that you expect to be applied to this computer.
+
+    **Note**  
+    If the rules do not appear in the list, then troubleshoot the GPO security group and the WMI filters that are applied to the GPO. Make sure that the local computer is a member of the appropriate groups and meets the requirements of the WMI filters.
+
+     
+
+5.  In the navigation pane, expand **Security Associations**, and then click **Main Mode**.
+
+    The current list of main mode associations that have been negotiated with other computers appears in the details column.
+
+6.  Examine the list of main mode security associations for sessions between the local computer and the remote computer. Make sure that the **1st Authentication Method** and **2nd Authentication Method** columns contain expected values. If your rules specify only a first authentication method, then the **2nd Authentication Method** column displays **No authentication**. If you double-click the row, then the **Properties** dialog box appears with additional details about the security association.
+
+7.  In the navigation pane, click **Quick mode**.
+
+8.  Examine the list of quick mode security associations for sessions between the local computer and the remote computer. Make sure that the **AH Integrity**, **ESP integrity**, and **ESP Confidentiality** columns contain expected values.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
new file mode 100644
index 0000000000..bf8243fdb9
--- /dev/null
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -0,0 +1,734 @@
+---
+title: Windows Firewall with Advanced Security Administration with Windows PowerShell (Windows 10)
+description: Windows Firewall with Advanced Security Administration with Windows PowerShell
+ms.assetid: 3e1e53af-015e-427d-a027-c2e8ceee799d
+author: brianlic-msft
+---
+
+# Windows Firewall with Advanced Security Administration with Windows PowerShell
+
+
+The Windows Firewall with Advanced Security Administration with Windows PowerShell Guide provides essential scriptlets for automating Windows Firewall with Advanced Security management in Windows Server 2012. It is designed for IT pros, system administrators, IT managers, and others who use and need to automate Windows Firewall with Advanced Security management in Windows.
+
+In Windows Server 2012 and Windows 8, administrators can use Windows PowerShell to manage their firewall and IPsec deployments. This object-oriented scripting environment will make it easier for administrators to manage policies and monitor network conditions than was possible in Netsh. Windows PowerShell allows network settings to be self-discoverable through the syntax and parameters in each of the cmdlets. This guide demonstrates how common tasks were performed in Netsh and how you can use Windows PowerShell to accomplish them.
+
+**Important**  
+The netsh commands for Windows Firewall with Advanced Security have not changed since the previous operating system version. The netsh commands for Windows Firewall with Advanced Security in Windows Server 2012 are identical to the commands that are provided in Windows Server 2008 R2.
+
+ 
+
+In future versions of Windows, Microsoft might remove the netsh functionality for Windows Firewall with Advanced Security. Microsoft recommends that you transition to Windows PowerShell if you currently use netsh to configure and manage Windows Firewall with Advanced Security.
+
+Windows PowerShell and netsh command references are at the following locations.
+
+-   [Netsh Commands for Windows Firewall with Advanced Security](http://technet.microsoft.com/library/cc771920)
+
+## Scope
+
+
+This guide does not teach you the fundamentals of Windows Firewall with Advanced Security, which can be found in [Windows Firewall with Advanced Security Overview](../p_server_archive/windows-firewall-with-advanced-security-overview-win8.md). It does not teach the fundamentals of Windows PowerShell, and it assumes that you are familiar with the Windows PowerShell language and the basic concepts of Windows PowerShell. For more information about Windows PowerShell concepts and usage, see the reference topics in the [Additional resources](#bkmk-additionalresources) section of this guide.
+
+## Audience and user requirements
+
+
+This guide is intended for IT pros, system administrators, and IT managers, and it assumes that you are familiar with Windows Firewall with Advanced Security, the Windows PowerShell language, and the basic concepts of Windows PowerShell.
+
+## System requirements
+
+
+To run the scripts and scriptlets in this guide, install and configure your system as follows:
+
+-   Windows Server 2012
+
+-   Windows PowerShell 3.0 (included in Windows Server 2012)
+
+-   Windows NetSecurity Module for Windows PowerShell (included in Windows Server 2012)
+
+-   Windows PowerShell ISE (optional feature in Windows PowerShell 3.0, which is installed by using Server Manager)
+
+**Note**  
+In Windows PowerShell 3.0, modules are imported automatically when you get or use any cmdlet in the module. You can still use the **Import-Module** cmdlet to import a module.
+
+Use **Import-Module** if you are using Windows PowerShell 2.0, or if you need to use a feature of the module before you use any of its cmdlets. For more information, see [Import-Module](http://go.microsoft.com/fwlink/p/?linkid=141553).
+
+Use **Import-PSSnapIn** to use cmdlets in a Windows PowerShell snap-in, regardless of the version of Windows PowerShell that you are running.
+
+ 
+
+## In this guide
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p>[Set profile global defaults](#bkmk-profileglobaldefaults)</p></td>
+<td><p>Enable and control firewall behavior</p></td>
+</tr>
+<tr class="even">
+<td><p>[Deploy basic firewall rules](#bkmk-deploying)</p></td>
+<td><p>How to create, modify, and delete firewall rules</p></td>
+</tr>
+<tr class="odd">
+<td><p>[Manage Remotely](#bkmk-remote)</p></td>
+<td><p>Remote management by using <code>-CimSession</code></p></td>
+</tr>
+<tr class="even">
+<td><p>[Deploy basic IPsec rule settings](#bkmk-deployingipsec)</p></td>
+<td><p>IPsec rules and associated parameters</p></td>
+</tr>
+<tr class="odd">
+<td><p>[Deploy secure firewall rules with IPsec](#bkmk-deploysecurerules)</p></td>
+<td><p>Domain and server isolation</p></td>
+</tr>
+<tr class="even">
+<td><p>[Additional resources](#bkmk-additionalresources)</p></td>
+<td><p>More information about Windows PowerShell</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-profileglobaldefaults"></a>Set profile global defaults
+
+
+Global defaults set the system behavior in a per profile basis. Windows Firewall with Advanced Security supports Domain, Private, and Public profiles.
+
+### Enable Windows Firewall
+
+Windows Firewall drops traffic that does not correspond to allowed unsolicited traffic, or traffic that is sent in response to a request by the computer. If you find that the rules you create are not being enforced, you may need to enable Windows Firewall. Here is how to do this on a local domain computer:
+
+**Netsh**
+
+``` syntax
+netsh advfirewall set allprofiles state on
+```
+
+Windows PowerShell
+
+The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.
+
+``` syntax
+Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
+```
+
+### Control firewall behavior
+
+The global default settings can be defined through the command-line interface. These modifications are also available through the Windows Firewall with Advanced Security MMC snap-in.
+
+The following scriptlets set the default inbound and outbound actions, specifies protected network connections, and allows notifications to be displayed to the user when a program is blocked from receiving inbound connections. It allows unicast response to multicast or broadcast network traffic, and it specifies logging settings for troubleshooting.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound 
+netsh advfirewall set allprofiles settings inboundusernotification enable
+netsh advfirewall set allprofiles settings unicastresponsetomulticast enable
+netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log
+```
+
+Windows PowerShell
+
+``` syntax
+Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow –NotifyOnListen True -AllowUnicastResponseToMulticast True –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log
+
+```
+
+## <a href="" id="bkmk-deploying"></a>Deploy basic firewall rules
+
+
+This section provides scriptlet examples for creating, modifying, and deleting firewall rules.
+
+### Create firewall rules
+
+Adding a firewall rule in Windows PowerShell looks a lot like it did in Netsh, but the parameters and values are specified differently.
+
+Here is an example of how to allow the Telnet application to listen on the network. This firewall rule is scoped to the local subnet by using a keyword instead of an IP address. Just like in Netsh, the rule is created on the local computer, and it becomes effective immediately.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall firewall add rule name="Allow Inbound Telnet" dir=in program= %SystemRoot%\System32\tlntsvr.exe remoteip=localsubnet action=allow
+```
+
+Windows PowerShell
+
+``` syntax
+New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow
+```
+
+The following scriptlet shows how to add a basic firewall rule that blocks outbound traffic from a specific application and local port to a Group Policy Object (GPO) in Active Directory. In Windows PowerShell, the policy store is specified as a parameter within the **New-NetFirewall** cmdlet. In Netsh, you must first specify the GPO that the commands in a Netsh session should modify. The commands you enter are run against the contents of the GPO, and this remains in effect until the Netsh session is ended or until another set store command is executed.
+
+Here, **domain.contoso.com** is the name of your Active Directory Domain Services (AD DS), and **gpo\_name** is the name of the GPO that you want to modify. Quotation marks are required if there are any spaces in the GPO name.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall set store gpo=domain.contoso.com\gpo_name
+netsh advfirewall firewall add rule name="Block Outbound Telnet" dir=out program=%SystemRoot%\System32\telnet.exe protocol=tcp localport=23 action=block 
+```
+
+Windows PowerShell
+
+``` syntax
+New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\tlntsvr.exe –Protocol TCP –LocalPort 23 -Action Block –PolicyStore domain.contoso.com\gpo_name 
+```
+
+### GPO Caching
+
+To reduce the burden on busy domain controllers, Windows PowerShell allows you to load a GPO to your local session, make all your changes in that session, and then save it back at all once.
+
+The following performs the same actions as the previous example (by adding a Telnet rule to a GPO), but we do so leveraging GPO caching in PowerShell. Changing the GPO by loading it onto your local session and using the *-GPOSession* parameter are not supported in Netsh
+
+Windows PowerShell
+
+``` syntax
+$gpo = Open-NetGPO –PolicyStore domain.contoso.com\gpo_name
+New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Outbound -Program %SystemRoot%\System32\telnet.exe –Protocol TCP –LocalPort 23 -Action Block –GPOSession $gpo
+Save-NetGPO –GPOSession $gpo 
+```
+
+Note that this does not batch your individual changes, it loads and saves the entire GPO at once. So if any other changes are made by other administrators, or in a different Windows PowerShell window, saving the GPO overwrites those changes.
+
+### Modify an existing firewall rule
+
+When a rule is created, Netsh and Windows PowerShell allow the administrator to change rule properties and influence, but the rule maintains its unique identifier (in Windows PowerShell this is specified with the *-Name* parameter).
+
+For example, you could have a rule **Allow Web 80** that enables TCP port 80 for inbound unsolicited traffic. You can change the rule to match a different remote IP address of a Web server whose traffic will be allowed by specifying the human-readable, localized name of the rule.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall firewall set rule name="Allow Web 80" new remoteip=192.168.0.2
+```
+
+Windows PowerShell
+
+``` syntax
+Set-NetFirewallRule –DisplayName “Allow Web 80” -RemoteAddress 192.168.0.2
+```
+
+Netsh requires you to provide the name of the rule for it to be changed and we do not have an alternate way of getting the firewall rule. In Windows PowerShell, you can query for the rule using its known properties.
+
+When you run `Get-NetFirewallRule`, you may notice that common conditions like addresses and ports do not appear. These conditions are represented in separate objects called Filters. As shown before, you can set all the conditions in New-NetFirewallRule and Set-NetFirewallRule. If you want to query for firewall rules based on these fields (ports, addresses, security, interfaces, services), you will need to get the filter objects themselves.
+
+You can change the remote endpoint of the **Allow Web 80** rule (as done previously) using filter objects. Using Windows PowerShell you query by port using the port filter, then assuming additional rules exist affecting the local port, you build with further queries until your desired rule is retrieved.
+
+In the following example, we assume the query returns a single firewall rule, which is then piped to the `Set-NetFirewallRule` cmdlet utilizing Windows PowerShell’s ability to pipeline inputs.
+
+Windows PowerShell
+
+``` syntax
+Get-NetFirewallPortFilter | ?{$_.LocalPort -eq 80} | Get-NetFirewallRule | ?{ $_.Direction –eq “Inbound” -and $_.Action –eq “Allow”} | Set-NetFirewallRule -RemoteAddress 192.168.0.2
+```
+
+You can also query for rules using the wildcard character. The following example returns an array of firewall rules associated with a particular program. The elements of the array can be modified in subsequent `Set-NetFirewallRule` cmdlets.
+
+Windows PowerShell
+
+``` syntax
+Get-NetFirewallApplicationFilter -Program "*svchost*" | Get-NetFirewallRule
+```
+
+Multiple rules in a group can be simultaneously modified when the associated group name is specified in a Set command. You can add firewall rules to specified management groups in order to manage multiple rules that share the same influences.
+
+In the following example, we add both inbound and outbound Telnet firewall rules to the group **Telnet Management**. In Windows PowerShell, group membership is specified when the rules are first created so we re-create the previous example rules. Adding rules to a custom rule group is not possible in Netsh.
+
+Windows PowerShell
+
+``` syntax
+New-NetFirewallRule -DisplayName “Allow Inbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management”
+New-NetFirewallRule -DisplayName “Block Outbound Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -RemoteAddress LocalSubnet -Action Allow –Group “Telnet Management”
+```
+
+If the group is not specified at rule creation time, the rule can be added to the rule group using dot notation in Windows PowerShell. You cannot specify the group using `Set-NetFirewallRule` since the command allows querying by rule group.
+
+Windows PowerShell
+
+``` syntax
+$rule = Get-NetFirewallRule -DisplayName “Allow Inbound Telnet” 
+$rule.Group = “Telnet Management”
+$rule | Set-NetFirewallRule
+```
+
+Using the `Set` command, if the rule group name is specified, the group membership is not modified but rather all rules of the group receive the same modifications indicated by the given parameters.
+
+The following scriptlet enables all rules in a predefined group containing remote management influencing firewall rules.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall firewall set rule group="windows firewall remote management" new enable=yes
+```
+
+Windows PowerShell
+
+``` syntax
+Set-NetFirewallRule -DisplayGroup “Windows Firewall Remote Management” –Enabled True
+```
+
+There is also a separate `Enable-NetFirewallRule` cmdlet for enabling rules by group or by other properties of the rule.
+
+Windows PowerShell
+
+``` syntax
+Enable-NetFirewallRule -DisplayGroup “Windows Firewall Remote Management” -Verbose
+```
+
+### Delete a firewall rule
+
+Rule objects can be disabled so that they are no longer active. In Windows PowerShell, the **Disable-NetFirewallRule** cmdlet will leave the rule on the system, but put it in a disabled state so the rule no longer is applied and impacts traffic. A disabled firewall rule can be re-enabled by **Enable-NetFirewallRule**. This is different from the **Remove-NetFirewallRule**, which permanently removes the rule definition from the system.
+
+The following cmdlet deletes the specified existing firewall rule from the local policy store.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall firewall delete rule name=“Allow Web 80”
+```
+
+Windows PowerShell
+
+``` syntax
+Remove-NetFirewallRule –DisplayName “Allow Web 80”
+```
+
+Like with other cmdlets, you can also query for rules to be removed. Here, all blocking firewall rules are deleted from the system.
+
+Windows PowerShell
+
+``` syntax
+Remove-NetFirewallRule –Action Block
+```
+
+Note that it may be safer to query the rules with the **Get** command and save it in a variable, observe the rules to be affected, then pipe them to the **Remove** command, just as we did for the **Set** commands. The following example shows how the administrator can view all the blocking firewall rules, and then delete the first four rules.
+
+Windows PowerShell
+
+``` syntax
+$x = Get-NetFirewallRule –Action Block
+$x
+$x[0-3] | Remove-NetFirewallRule
+```
+
+## <a href="" id="bkmk-remote"></a>Manage remotely
+
+
+Remote management using WinRM is enabled by default on Windows Server 2012. The cmdlets that support the *CimSession* parameter use WinRM and can be managed remotely by default. This is important because the default and recommended installation mode for Windows Server 2012 is Server Core which does not include a graphical user interface.
+
+The following example returns all firewall rules of the persistent store on a computer named **RemoteComputer**.
+
+Windows PowerShell
+
+``` syntax
+Get-NetFirewallRule –CimSession RemoteComputer
+```
+
+We can perform any modifications or view rules on remote computers by simply using the *–CimSession* parameter. Here we remove a specific firewall rule from a remote computer.
+
+Windows PowerShell
+
+``` syntax
+$RemoteSession = New-CimSession –ComputerName RemoteComputer
+Remove-NetFirewallRule –DisplayName “AllowWeb80” –CimSession $RemoteSession -Confirm
+```
+
+## <a href="" id="bkmk-deployingipsec"></a>Deploy basic IPsec rule settings
+
+
+An Internet Protocol security (IPsec) policy consists of rules that determine IPsec behavior. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. For more information about IPsec, see [Windows Firewall with Advanced Security Learning Roadmap](http://technet.microsoft.com/library/dd772715(WS.10).aspx).
+
+Windows PowerShell can create powerful, complex IPsec policies like in Netsh and the Windows Firewall with Advanced Security MMC snap-in. However, because Windows PowerShell is object-based rather than string token-based, configuration in Windows PowerShell offers greater control and flexibility.
+
+In Netsh, the authentication and cryptographic sets were specified as a list of comma-separated tokens in a specific format. In Windows PowerShell, rather than using default settings, you first create your desired authentication or cryptographic proposal objects and bundle them into lists in your preferred order. Then, you create one or more IPsec rules that reference these sets. The benefit of this model is that programmatic access to the information in the rules is much easier. See the following sections for clarifying examples.
+
+![object model for creating a single ipsec rule](images/createipsecrule.gif)
+
+### Create IPsec rules
+
+The following cmdlet creates basic IPsec transport mode rule in a Group Policy Object. An IPsec rule is simple to create; all that is required is the display name, and the remaining properties use default values. Inbound traffic is authenticated and integrity checked using the default quick mode and main mode settings. These default settings can be found in the MMC snap-in under Customize IPsec Defaults.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall set store gpo=domain.contoso.com\gpo_name
+netsh advfirewall consec add rule name="Require Inbound Authentication" endpoint1=any endpoint2=any action=requireinrequestout
+```
+
+Windows PowerShell
+
+``` syntax
+New-NetIPsecRule -DisplayName “Require Inbound Authentication” -PolicyStore domain.contoso.com\gpo_name
+```
+
+### Add custom authentication methods to an IPsec rule
+
+If you want to create a custom set of quick-mode proposals that includes both AH and ESP in an IPsec rule object, you create the associated objects separately and link their associations. For more information about authentication methods, see [Choosing the IPsec Protocol](http://technet.microsoft.com/library/cc757847(WS.10).aspx) .
+
+You can then use the newly created custom quick-mode policies when you create IPsec rules. The cryptography set object is linked to an IPsec rule object.
+
+![crypto set object](images/qmcryptoset.gif)
+
+In this example, we build on the previously created IPsec rule by specifying a custom quick-mode crypto set. The final IPsec rule requires outbound traffic to be authenticated by the specified cryptography method.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall set store gpo=domain.contoso.com\gpo_name
+netsh advfirewall consec add rule name="Require Outbound Authentication" endpoint1=any endpoint2=any action=requireinrequestout qmsecmethods=ah:sha1+esp:sha1-3des
+```
+
+Windows PowerShell
+
+``` syntax
+$AHandESPQM = New-NetIPsecQuickModeCryptoProposal -Encapsulation AH,ESP –AHHash SHA1 -ESPHash SHA1 -Encryption DES3
+$QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “ah:sha1+esp:sha1-des3” -Proposal $AHandESPQM –PolicyStore domain.contoso.com\gpo_name
+New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request -QuickModeCryptoSet $QMCryptoSet.Name –PolicyStore domain.contoso.com\gpo_name
+```
+
+### IKEv2 IPsec transport rules
+
+A corporate network may need to secure communications with another agency. But, you discover the agency runs non-Windows operating systems and requires the use of the Internet Key Exchange Version 2 (IKEv2) standard.
+
+You can leverage IKEv2 capabilities in Windows Server 2012 by simply specifying IKEv2 as the key module in an IPsec rule. This can only be done using computer certificate authentication and cannot be used with phase 2 authentication.
+
+Windows PowerShell
+
+``` syntax
+New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request –Phase1AuthSet MyCertAuthSet -KeyModule IKEv2 –RemoteAddress $nonWindowsGateway
+```
+
+For more information about IKEv2, including scenarios, see [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](../p_server_archive/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md).
+
+### Copy an IPsec rule from one policy to another
+
+Firewall and IPsec rules with the same rule properties can be duplicated to simplify the task of re-creating them within different policy stores.
+
+To copy the previously created rule from one policy store to another, the associated objects must be also be copied separately. Note that there is no need to copy associated firewall filters. You can query rules to be copied in the same way as other cmdlets.
+
+Copying individual rules is a task that is not possible through the Netsh interface. Here is how you can accomplish it with Windows PowerShell.
+
+Windows PowerShell
+
+``` syntax
+$Rule = Get-NetIPsecRule –DisplayName “Require Inbound Authentication”
+$Rule | Copy-NetIPsecRule –NewPolicyStore domain.costoso.com\new_gpo_name
+$Rule | Copy-NetPhase1AuthSet –NewPolicyStore domain.costoso.com\new_gpo_name
+```
+
+### Handling Windows PowerShell errors
+
+****
+
+To handle errors in your Windows PowerShell scripts, you can use the *–ErrorAction* parameter. This is especially useful with the **Remove** cmdlets. If you want to remove a particular rule, you will notice that it fails if the rule is not found. When removing rules, if the rule isn’t already there, it is generally acceptable to ignore that error. In this case, you can do the following to suppress any “rule not found” errors during the remove operation.
+
+Windows PowerShell
+
+``` syntax
+Remove-NetFirewallRule –DisplayName “Contoso Messenger 98” –ErrorAction SilentlyContinue
+```
+
+Note that the use of wildcards can also suppress errors, but they could potentially match rules that you did not intend to remove. This can be a useful shortcut, but should only be used if you know there aren’t any extra rules that will be accidentally deleted. So the following cmdlet will also remove the rule, suppressing any “not found” errors.
+
+Windows PowerShell
+
+``` syntax
+Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*”
+```
+
+When using wildcards, if you want to double-check the set of rules that is matched, you can use the *–WhatIf* parameter.
+
+Windows PowerShell
+
+``` syntax
+Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –WhatIf
+```
+
+If you only want to delete some of the matched rules, you can use the *–Confirm* parameter to get a rule-by-rule confirmation prompt.
+
+Windows PowerShell
+
+``` syntax
+Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Confirm
+```
+
+You can also just perform the whole operation, displaying the name of each rule as the operation is performed.
+
+Windows PowerShell
+
+``` syntax
+Remove-NetFirewallRule –DisplayName “Contoso Messenger 98*” –Verbose
+```
+
+### Monitor
+
+The following Windows PowerShell commands are useful in the update cycle of a deployment phase.
+
+To allow you to view all the IPsec rules in a particular store, you can use the following commands. In Netsh, this command does not show rules where profile=domain,public or profile=domain,private. It only shows rules that have the single entry domain that is included in the rule. The following command examples will show the IPsec rules in all profiles.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall consec show rule name=all
+```
+
+Windows PowerShell
+
+``` syntax
+Show-NetIPsecRule –PolicyStore ActiveStore
+```
+
+You can monitor main mode security associations for information such as which peers are currently connected to the computer and which protection suite is used to form the security associations.
+
+Use the following cmdlet to view existing main mode rules and their security associations:
+
+**Netsh**
+
+``` syntax
+netsh advfirewall monitor show mmsa all
+```
+
+Windows PowerShell
+
+``` syntax
+Get-NetIPsecMainModeSA
+```
+
+### Find the source GPO of a rule
+
+To view the properties of a particular rule or group of rules, you query for the rule. When a query returns fields that are specified as **NotConfigured**, you can to determine which policy store a rule originates from.
+
+For objects that come from a GPO (the *–PolicyStoreSourceType* parameter is specified as **GroupPolicy** in the **Show** command), if *–TracePolicyStore* is passed, the name of the GPO is found and returned in the **PolicyStoreSource** field.
+
+Windows PowerShell
+
+``` syntax
+Get-NetIPsecRule –DisplayName “Require Inbound Authentication” –TracePolicyStore 
+```
+
+It is important to note that the revealed sources do not contain a domain name.
+
+### Deploy a basic domain isolation policy
+
+IPsec can be used to isolate domain members from non-domain members. Domain isolation uses IPsec authentication to require that the domain computer members positively establish the identities of the communicating computers to improve security of an organization. One or more features of IPsec can be used to secure traffic with an IPsec rule object.
+
+To implement domain isolation on your network, the computers in the domain receive IPsec rules that block unsolicited inbound network traffic that is not protected by IPsec. Here we create an IPsec rule that requires authentication by domain members. Through this, you can isolate domain member computers from computers that are non-domain members. In the following examples, Kerberos authentication is required for inbound traffic and requested for outbound traffic.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall set store gpo=domain.contoso.com\domain_isolation
+netsh advfirewall consec add rule name=“Basic Domain Isolation Policy” profile=domain endpoint1=”any” endpoint2=”any” action=requireinrequestout auth1=”computerkerb”
+```
+
+Windows PowerShell
+
+``` syntax
+$kerbprop = New-NetIPsecAuthProposal –Machine –Kerberos
+
+$Phase1AuthSet = New-NetIPsecPhase1AuthSet -DisplayName "Kerberos Auth Phase1" -Proposal $kerbprop –PolicyStore domain.contoso.com\domain_isolation
+
+New-NetIPsecRule –DisplayName “Basic Domain Isolation Policy” –Profile Domain –Phase1AuthSet $Phase1AuthSet.Name –InboundSecurity Require –OutboundSecurity Request –PolicyStore domain.contoso.com\domain_isolation 
+```
+
+### Configure IPsec tunnel mode
+
+The following command creates an IPsec tunnel that routes traffic from a private network (192.168.0.0/16) through an interface on the local computer (1.1.1.1) attached to a public network to a second computer through its public interface (2.2.2.2) to another private network (192.157.0.0/16). All traffic through the tunnel is checked for integrity by using ESP/SHA1, and it is encrypted by using ESP/DES3.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall consec add rule name="Tunnel from 192.168.0.0/16 to 192.157.0.0/16" mode=tunnel endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16 localtunnelendpoint=1.1.1.1 remotetunnelendpoint=2.2.2.2 action=requireinrequireout qmsecmethods=esp:sha1-3des
+```
+
+Windows PowerShell
+
+``` syntax
+$QMProposal = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash SHA1 -Encryption DES3
+$QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “esp:sha1-des3” -Proposal $QMProposal
+New-NetIPSecRule -DisplayName “Tunnel from HQ to Dallas Branch” -Mode Tunnel -LocalAddress 192.168.0.0/16 -RemoteAddress 192.157.0.0/16 -LocalTunnelEndpoint 1.1.1.1 -RemoteTunnelEndpoint 2.2.2.2 -InboundSecurity Require -OutboundSecurity Require -QuickModeCryptoSet $QMCryptoSet.Name
+```
+
+## <a href="" id="bkmk-deploysecurerules"></a>Deploy secure firewall rules with IPsec
+
+
+In situations where only secure traffic can be allowed through the Windows Firewall, a combination of manually configured firewall and IPsec rules are necessary. The firewall rules determine the level of security for allowed packets, and the underlying IPsec rules secure the traffic. The scenarios can be accomplished in Windows PowerShell and in Netsh, with many similarities in deployment.
+
+### Create a secure firewall rule (allow if secure)
+
+Configuring firewalls rule to allow connections if they are secure requires the corresponding traffic to be authenticated and integrity protected, and then optionally encrypted by IPsec.
+
+The following example creates a firewall rule that requires traffic to be authenticated. The command permits inbound Telnet network traffic only if the connection from the remote computer is authenticated by using a separate IPsec rule.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall firewall add rule name="Allow Authenticated Telnet" dir=in program=%SystemRoot%\System32\tlntsvr.exe security=authenticate action=allow
+```
+
+Windows PowerShell
+
+``` syntax
+New-NetFirewallRule -DisplayName “Allow Authenticated Telnet” -Direction Inbound -Program %SystemRoot%\System32\tlntsvr.exe -Authentication Required -Action Allow
+```
+
+The following command creates an IPsec rule that requires a first (computer) authentication and then attempts an optional second (user) authentication. Creating this rule secures and allows the traffic through the firewall rule requirements for the messenger program.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall consec add rule name="Authenticate Both Computer and User" endpoint1=any endpoint2=any action=requireinrequireout auth1=computerkerb,computerntlm auth2=userkerb,userntlm,anonymous
+```
+
+Windows PowerShell
+
+``` syntax
+$mkerbauthprop = New-NetIPsecAuthProposal -Machine –Kerberos
+$mntlmauthprop = New-NetIPsecAuthProposal -Machine -NTLM
+$P1Auth = New-NetIPsecPhase1AuthSet -DisplayName “Machine Auth” –Proposal $mkerbauthprop,$mntlmauthprop
+$ukerbauthprop = New-NetIPsecAuthProposal -User -Kerberos
+$unentlmauthprop = New-NetIPsecAuthProposal -User -NTLM
+$anonyauthprop = New-NetIPsecAuthProposal -Anonymous
+$P2Auth = New-NetIPsecPhase2AuthSet -DisplayName “User Auth” -Proposal $ukerbauthprop,$unentlmauthprop,$anonyauthprop
+New-NetIPSecRule -DisplayName “Authenticate Both Computer and User” -InboundSecurity Require -OutboundSecurity Require -Phase1AuthSet $P1Auth.Name –Phase2AuthSet $P2Auth.Name
+```
+
+### Isolate a server by requiring encryption and group membership
+
+To improve the security of the computers in an organization, an administrator can deploy domain isolation in which domain-members are restricted. They require authentication when communicating among each other and reject non-authenticated inbound connections. To improve the security of servers with sensitive data, this data must be protected by allowing access only to a subset of computers within the enterprise domain.
+
+IPsec can provide this additional layer of protection by isolating the server. In server isolation, sensitive data access is restricted to users and computers with legitimate business need, and the data is additionally encrypted to prevent eavesdropping.
+
+### Create a firewall rule that requires group membership and encryption
+
+To deploy server isolation, we layer a firewall rule that restricts traffic to authorized users or computers on the IPsec rule that enforces authentication.
+
+The following firewall rule allows Telnet traffic from user accounts that are members of a custom group created by an administrator called “Authorized to Access Server.” This access can additionally be restricted based on the computer, user, or both by specifying the restriction parameters.
+
+A Security Descriptor Definition Language (SDDL) string is created by extending a user or group’s security identifier (SID). For more information about finding a group’s SID, see: [Finding the SID for a group account](http://technet.microsoft.com/library/cc753463(WS.10).aspx#bkmk_FINDSID).
+
+Restricting access to a group allows administrations to extend strong authentication support through Windows Firewall/and or IPsec policies.
+
+The following example shows you how to create an SDDL string that represents security groups.
+
+Windows PowerShell
+
+``` syntax
+$user = new-object System.Security.Principal.NTAccount (“corp.contoso.com\Administrators”)
+$SIDofSecureUserGroup = $user.Translate([System.Security.Principal.SecurityIdentifier]).Value
+$secureUserGroup = "D:(A;;CC;;;$SIDofSecureUserGroup)"
+```
+
+By using the previous scriptlet, you can also get the SDDL string for a secure computer group as shown here:
+
+Windows PowerShell
+
+``` syntax
+$secureMachineGroup = "D:(A;;CC;;;$SIDofSecureMachineGroup)"
+```
+
+For more information about how to create security groups or how to determine the SDDL string, see [Working with SIDs](http://technet.microsoft.com/library/ff730940.aspx).
+
+Telnet is an application that does not provide encryption. This application can send data, such as names and passwords, over the network. This data can be intercepted by malicious users. If an administrator would like to allow the use of Telnet, but protect the traffic, a firewall rule that requires IPsec encryption can be created. This is necessary so that the administrator can be certain that when this application is used, all of the traffic sent or received by this port is encrypted. If IPsec fails to authorize the connection, no traffic is allowed from this application.
+
+In this example, we allow only authenticated and encrypted inbound Telnet traffic from a specified secure user group through the creation of the following firewall rule.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall set store gpo=domain.contoso.com\Server_Isolation
+netsh advfirewall firewall add rule name=“Allow Encrypted Inbound Telnet to Group Members Only” program=%SystemRoot%\System32\tlntsvr.exe protocol=TCP dir=in action=allow localport=23 security=authenc rmtusrgrp ="D:(A;;CC;;; S-1-5-21-2329867823-2610410949-1491576313-1735)"
+```
+
+Windows PowerShell
+
+``` syntax
+New-NetFirewallRule -DisplayName "Allow Encrypted Inbound Telnet to Group Members Only" -Program %SystemRoot%\System32\tlntsvr.exe -Protocol TCP -Direction Inbound -Action Allow -LocalPort 23 -Authentication Required -Encryption Required –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\Server_Isolation
+```
+
+### Endpoint security enforcement
+
+The previous example showed end to end security for a particular application. In situations where endpoint security is required for many applications, having a firewall rule per application can be cumbersome and difficult to manage. Authorization can override the per-rule basis and be done at the IPsec layer.
+
+In this example, we set the global IPsec setting to only allow transport mode traffic to come from an authorized user group with the following cmdlet. Consult the previous examples for working with security groups.
+
+Windows PowerShell
+
+``` syntax
+Set-NetFirewallSetting -RemoteMachineTransportAuthorizationList $secureMachineGroup
+```
+
+### Create firewall rules that allow IPsec-protected network traffic (authenticated bypass)
+
+Authenticated bypass allows traffic from a specified trusted computer or user to override firewall block rules. This is helpful when an administrator wants to use scanning servers to monitor and update computers without the need to use port-level exceptions. For more information, see [How to enable authenticated firewall bypass](http://technet.microsoft.com/library/cc753463(WS.10).aspx).
+
+In this example, we assume that a blocking firewall rule exists. This example permits any network traffic on any port from any IP address to override the block rule, if the traffic is authenticated as originating from a computer or user account that is a member of the specified computer or user security group.
+
+**Netsh**
+
+``` syntax
+netsh advfirewall set store gpo=domain.contoso.com\domain_isolation
+netsh advfirewall firewall add rule name="Inbound Secure Bypass Rule" dir=in security=authenticate action="bypass" rmtcomputergrp="D:(A;;CC;;;S-1-5-21-2329867823-2610410949-1491576313-1114)" rmtusrgrp="D:(A;;CC;;; S-1-5-21-2329867823-2610410949-1491576313-1735)"
+```
+
+Windows PowerShell
+
+``` syntax
+New-NetFirewallRule –DisplayName “Inbound Secure Bypass Rule" –Direction Inbound –Authentication Required –OverrideBlockRules $true -RemoteMachine $secureMachineGroup –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\domain_isolation
+```
+
+## <a href="" id="bkmk-additionalresources"></a>Additional resources
+
+
+For more information about Windows PowerShell concepts, see the following topics.
+
+-   [Windows PowerShell Getting Started Guide](http://go.microsoft.com/fwlink/p/?linkid=113440)
+
+-   [Windows PowerShell User Guide](http://go.microsoft.com/fwlink/p/?linkid=113441)
+
+-   [Windows PowerShell About Help Topics](http://go.microsoft.com/fwlink/p/?linkid=113206)
+
+-   [about\_Functions](http://go.microsoft.com/fwlink/p/?linkid=113231)
+
+-   [about\_Functions\_Advanced](http://go.microsoft.com/fwlink/p/?linkid=144511)
+
+-   [about\_Execution\_Policies](http://go.microsoft.com/fwlink/p/?linkid=135170)
+
+-   [about\_Foreach](http://go.microsoft.com/fwlink/p/?linkid=113229)
+
+-   [about\_Objects](http://go.microsoft.com/fwlink/p/?linkid=113241)
+
+-   [about\_Properties](http://go.microsoft.com/fwlink/p/?linkid=113249)
+
+-   [about\_While](http://go.microsoft.com/fwlink/p/?linkid=113275)
+
+-   [about\_Scripts](http://go.microsoft.com/fwlink/p/?linkid=144310)
+
+-   [about\_Signing](http://go.microsoft.com/fwlink/p/?linkid=113268)
+
+-   [about\_Throw](http://go.microsoft.com/fwlink/p/?linkid=145153)
+
+-   [about\_PSSessions](http://go.microsoft.com/fwlink/p/?linkid=135181)
+
+-   [about\_Modules](http://go.microsoft.com/fwlink/p/?linkid=144311)
+
+-   [about\_Command\_Precedence](http://go.microsoft.com/fwlink/p/?linkid=113214)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md b/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
new file mode 100644
index 0000000000..91b5066a6b
--- /dev/null
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
@@ -0,0 +1,76 @@
+---
+title: Windows Firewall with Advanced Security Deployment Guide (Windows 10)
+description: Windows Firewall with Advanced Security Deployment Guide
+ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
+author: brianlic-msft
+---
+
+# Windows Firewall with Advanced Security Deployment Guide
+
+
+You can use the Windows Firewall with Advanced Security MMC snap-in in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 to help protect the computers and the data that they share across a network.
+
+You can use Windows Firewall to control access to the computer from the network. You can create rules that allow or block network traffic in either direction based on your business requirements. You can also create IPsec connection security rules to help protect your data as it travels across the network from computer to computer.
+
+## About this guide
+
+
+This guide is intended for use by system administrators and system engineers. It provides detailed guidance for deploying a Windows Firewall with Advanced Security design that you or an infrastructure specialist or system architect in your organization has selected.
+
+Begin by reviewing the information in [Planning to Deploy Windows Firewall with Advanced Security](../p_server_archive/planning-to-deploy-windows-firewall-with-advanced-security.md).
+
+If you have not yet selected a design, we recommend that you wait to follow the instructions in this guide until after you have reviewed the design options in the [Windows Firewall with Advanced Security Design Guide](../p_server_archive/windows-firewall-with-advanced-security-design-guide.md) and selected the one most appropriate for your organization.
+
+After you select your design and gather the required information about the zones (isolation, boundary, and encryption), operating systems to support, and other details, you can then use this guide to deploy your Windows Firewall with Advanced Security design in your production environment. This guide provides steps for deploying any of the following primary designs that are described in the Design Guide:
+
+-   [Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md)
+
+-   [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md)
+
+-   [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md)
+
+-   [Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md)
+
+Use the checklists in [Implementing Your Windows Firewall with Advanced Security Design Plan](../p_server_archive/implementing-your-windows-firewall-with-advanced-security-design-plan.md) to determine how best to use the instructions in this guide to deploy your particular design.
+
+**Caution**  
+We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the computers in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
+
+In a large enterprise environment with hundreds or thousands of GPOs, using this technique with too many GPOs can result in user or computer accounts that are members of an excessive number of groups; this can result in network connectivity problems if network protocol limits are exceeded. For more information about the problems associated with excessive group membership, see the following articles in the Microsoft Knowledge Base:
+
+-   Article 327825, “New resolution for problems with Kerberos authentication when users belong to many groups” (<http://go.microsoft.com/fwlink/?linkid=128367>)
+
+-   Article 263693 “Group Policy may not be applied to users belonging to many groups” (<http://go.microsoft.com/fwlink/?linkid=128368>)
+
+-   Article 328889 “Users who are members of more than 1,015 groups may fail logon authentication” (<http://go.microsoft.com/fwlink/?linkid=128369>)
+
+ 
+
+## What this guide does not provide
+
+
+This guide does not provide:
+
+-   Guidance for creating firewall rules for specific network applications. For this information, see [Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md) in the Windows Firewall with Advanced Security Design Guide.
+
+-   Guidance for setting up Active Directory Domain Services (AD DS) to support Group Policy. For more information, see Active Directory Domain Services (<http://go.microsoft.com/fwlink/?linkid=102573>) and Group Policy (<http://go.microsoft.com/fwlink/?linkid=93542>).
+
+-   Guidance for setting up certification authorities (CAs) to create certificates for certificate-based authentication. For this information, see Active Directory Certificate Services (<http://go.microsoft.com/fwlink/?linkid=110820>).
+
+## Overview of Windows Firewall with Advanced Security
+
+
+Windows Firewall with Advanced Security in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the computer by allowing you to create rules that determine which network traffic is permitted to enter the computer from the network and which network traffic the computer is allowed to send to the network. Windows Firewall with Advanced Security also supports Internet Protocol security (IPsec), which you can use to require authentication from any computer that is attempting to communicate with your computer. When authentication is required, computers that cannot be authenticated as a trusted computer cannot communicate with your computer. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
+
+The Windows Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Firewall Control Panel program can protect a single computer in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
+
+For more information about Windows Firewall with Advanced Security, see [Windows Firewall with Advanced Security Overview](http://technet.microsoft.com/library/hh831365.aspx) at http://technet.microsoft.com/library/hh831365.aspx.
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md b/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
new file mode 100644
index 0000000000..cd839d055f
--- /dev/null
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
@@ -0,0 +1,144 @@
+---
+title: Windows Firewall with Advanced Security Design Guide (Windows 10)
+description: Windows Firewall with Advanced Security Design Guide
+ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
+author: brianlic-msft
+---
+
+# Windows Firewall with Advanced Security Design Guide
+
+
+Windows Firewall with Advanced Security in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista is a host firewall that helps secure the computer in two ways. First, it can filter the network traffic permitted to enter the computer from the network, and also control what network traffic the computer is allowed to send to the network. Second, Windows Firewall with Advanced Security supports IPsec, which enables you to require authentication from any computer that is attempting to communicate with your computer. When authentication is required, computers that cannot authenticate cannot communicate with your computer. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between computers.
+
+The interface for Windows Firewall with Advanced Security is much more capable and flexible than the consumer-friendly interface found in the Windows Firewall Control Panel. They both interact with the same underlying services, but provide different levels of control over those services. While the Windows Firewall Control Panel meets the needs for protecting a single computer in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
+
+For more overview information about Windows Firewall with Advanced Security and see [Windows Firewall with Advanced Security Overview](9ae80ae1-a693-48ed-917a-f03ea92b550d).
+
+## About this guide
+
+
+This guide provides recommendations to help you to choose or create a design for deploying Windows Firewall with Advanced Security in your enterprise environment. The guide describes some of the common goals for using Windows Firewall with Advanced Security, and then helps you map the goals that apply to your scenario to the designs that are presented in this guide.
+
+This guide is intended for the IT professional who has been assigned the task of deploying firewall and IPsec technologies on an organization's network to help meet the organization's security goals.
+
+Windows Firewall with Advanced Security should be part of a comprehensive security solution that implements a variety of security technologies, such as perimeter firewalls, intrusion detection systems, virtual private networking (VPN), IEEE 802.1X authentication for wireless and wired connections, and IPsec connection security rules.
+
+To successfully use this guide, you need a good understanding of both the capabilities provided by Windows Firewall with Advanced Security, and how to deliver configuration settings to your managed computers by using Group Policy in Active Directory.
+
+You can use the deployment goals to form one of these Windows Firewall with Advanced Security designs, or a custom design that combines elements from those presented here:
+
+-   **Basic firewall policy design**. Restricts network traffic in and out of your computers to only that which is needed and authorized.
+
+-   **Domain isolation policy design**. Prevents computers that are domain members from receiving unsolicited network traffic from computers that are not domain members. Additional "zones" can be established to support the special requirements of some computers, such as:
+
+    -   A "boundary zone" for computers that must be able to receive requests from non-isolated computers.
+
+    -   An "encryption zone" for computers that store sensitive data that must be protected during network transmission.
+
+-   **Server isolation policy design**. Restricts access to a server to only a limited group of authorized users and computers. Commonly configured as a zone in a domain isolation design, but can also be configured as a stand-alone design, providing many of the benefits of domain isolation to a small set of computers.
+
+-   **Certificate-based isolation policy design**. This design is a complement to either of the previous two designs, and supports any of their capabilities. It uses cryptographic certificates that are deployed to clients and servers for authentication, instead of the Kerberos V5 authentication used by default in Active Directory. This enables computers that are not part of an Active Directory domain, such as computers running operating systems other than Windows, to participate in your isolation solution.
+
+In addition to descriptions and example for each design, you will find guidelines for gathering required data about your environment. You can then use these guidelines to plan and design your Windows Firewall with Advanced Security deployment. After you read this guide, and finish gathering, documenting, and mapping your organization's requirements, you have the information that you need to begin deploying Windows Firewall with Advanced Security using the guidance in the Windows Firewall with Advanced Security Deployment Guide.
+
+You can find the Windows Firewall with Advanced Security Deployment Guide at these locations:
+
+-   (Web page)
+
+-   (Downloadable Word document)
+
+## Terminology used in this guide
+
+
+The following table identifies and defines terms used throughout this guide.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Term</th>
+<th>Definition</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p>Active Directory domain</p></td>
+<td><p>A group of computers and users managed by an administrator by using Active Directory Domain Services (AD DS). Computers in a domain share a common directory database and security policies. Multiple domains can co-exist in a &quot;forest,&quot; with trust relationships that establish the forest as the security boundary.</p></td>
+</tr>
+<tr class="even">
+<td><p>Authentication</p></td>
+<td><p>A process that enables the sender of a message to prove its identity to the receiver. For connection security in Windows, authentication is implemented by the IPsec protocol suite.</p></td>
+</tr>
+<tr class="odd">
+<td><p>Boundary zone</p></td>
+<td><p>A subset of the computers in an isolated domain that must be able to receive unsolicited and non-authenticated network traffic from computers that are not members of the isolated domain. Computers in the boundary zone request but do not require authentication. They use IPsec to communicate with other computers in the isolated domain.</p></td>
+</tr>
+<tr class="even">
+<td><p>Connection security rule</p></td>
+<td><p>A rule in Windows Firewall with Advanced Security that contains a set of conditions and an action to be applied to network packets that match the conditions. The action can allow the packet, block the packet, or require the packet to be protected by IPsec. In previous versions of Windows, this was called an <em>IPsec rule</em>.</p></td>
+</tr>
+<tr class="odd">
+<td><p>Certificate-based isolation</p></td>
+<td><p>A way to add computers that cannot use Kerberos V5 authentication to an isolated domain, by using an alternate authentication technique. Every computer in the isolated domain and the computers that cannot use Kerberos V5 are provided with a computer certificate that can be used to authenticate with each other. Certificate-based isolation requires a way to create and distribute an appropriate certificate (if you choose not to purchase one from a commercial certificate provider).</p></td>
+</tr>
+<tr class="even">
+<td><p>Domain isolation</p></td>
+<td><p>A technique for helping protect the computers in an organization by requiring that the computers authenticate each other's identity before exchanging information, and refusing connection requests from computers that cannot authenticate. Domain isolation takes advantage of Active Directory domain membership and the Kerberos V5 authentication protocol available to all members of the domain. Also see &quot;Isolated domain&quot; in this table.</p></td>
+</tr>
+<tr class="odd">
+<td><p>Encryption zone</p></td>
+<td><p>A subset of the computers in an isolated domain that process sensitive data. Computers that are part of the encryption zone have all network traffic encrypted to prevent viewing by non-authorized users. Computers that are part of the encryption zone also typically are subject to the access control restrictions of server isolation.</p></td>
+</tr>
+<tr class="even">
+<td><p>Firewall rule</p></td>
+<td><p>A rule in Windows Firewall with Advanced Security that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.</p>
+<p>By default, the firewall rules in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic.</p></td>
+</tr>
+<tr class="odd">
+<td><p>Internet Protocol security (IPsec)</p></td>
+<td><p>A set of industry-standard, cryptography-based protection services and protocols. IPsec protects all protocols in the TCP/IP protocol suite except Address Resolution Protocol (ARP).</p></td>
+</tr>
+<tr class="even">
+<td><p>IPsec policy</p></td>
+<td><p>A collection of connection security rules that provide the required protection to network traffic entering and leaving the computer. The protection includes authentication of both the sending and receiving computer, integrity protection of the network traffic exchanged between them, and can include encryption.</p></td>
+</tr>
+<tr class="odd">
+<td><p>Isolated domain</p></td>
+<td><p>An Active Directory domain (or an Active Directory forest, or set of domains with two-way trust relationships) that has Group Policy settings applied to help protect its member computers by using IPsec connection security rules. Members of the isolated domain require authentication on all unsolicited inbound connections (with exceptions handled by the other zones).</p>
+<p>In this guide, the term <em>isolated domain</em> refers to the IPsec concept of a group of computers that can share authentication. The term <em>Active Directory domain</em> refers to the group of computers that share a security database by using Active Directory.</p></td>
+</tr>
+<tr class="even">
+<td><p>Server isolation</p></td>
+<td><p>A technique for using group membership to restrict access to a server that is typically already a member of an isolated domain. The additional protection comes from using the authentication credentials of the requesting computer to determine its group membership, and then only allowing access if the computer account (and optionally the user account) is a member of an authorized group.</p></td>
+</tr>
+<tr class="odd">
+<td><p>Solicited network traffic</p></td>
+<td><p>Network traffic that is sent in response to a request. By default, Windows Firewall with Advanced Security allows all solicited network traffic through.</p></td>
+</tr>
+<tr class="even">
+<td><p>Unsolicited network traffic</p></td>
+<td><p>Network traffic that is not a response to an earlier request, and that the receiving computer cannot necessarily anticipate. By default, Windows Firewall with Advanced Security blocks all unsolicited network traffic.</p></td>
+</tr>
+<tr class="odd">
+<td><p>Zone</p></td>
+<td><p>A zone is a logical grouping of computers that share common IPsec policies because of their communications requirements. For example, the boundary zone permits inbound connections from non-trusted computers. The encryption zone requires that all connections be encrypted.</p>
+<p>This is not related to the term zone as used by Domain Name System (DNS).</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Next:**[Understanding the Windows Firewall with Advanced Security Design Process](b9774295-8dd3-47e3-9f5a-7fa748ae9fba)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security.md b/windows/keep-secure/windows-firewall-with-advanced-security.md
new file mode 100644
index 0000000000..bb9128372e
--- /dev/null
+++ b/windows/keep-secure/windows-firewall-with-advanced-security.md
@@ -0,0 +1,147 @@
+---
+title: Windows Firewall with Advanced Security Overview (Windows 10)
+description: Windows Firewall with Advanced Security Overview
+ms.assetid: 596d4c24-4984-4c14-b104-e2c4c7d0b108
+author: brianlic-msft
+---
+
+# Windows Firewall with Advanced Security Overview
+
+
+This is an overview of the Windows Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features in Windows Server 2012.
+
+**Did you mean…**
+
+-   [Windows Firewall with Advanced Security in Windows Server 2008 R2](http://technet.microsoft.com/library/cc732283(WS.10).aspx)
+
+## <a href="" id="bkmk-over"></a>Feature description
+
+
+Windows Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a computer, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local computer. Windows Firewall with Advanced Security also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the computer is connected. Windows Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Firewall with Advanced Security, so Windows Firewall is also an important part of your network’s isolation strategy.
+
+## <a href="" id="bkmk-app"></a>Practical applications
+
+
+To help address your organizational network security challenges, Windows Firewall with Advanced Security offers the following benefits:
+
+-   **Reduces the risk of network security threats.**  Windows Firewall with Advanced Security reduces the attack surface of a computer, providing an additional layer to the defense-in-depth model. Reducing the attack surface of a computer increases manageability and decreases the likelihood of a successful attack. Network Access Protection (NAP), a feature of Windows Server 2012, also helps ensure client computers comply with policies that define the required software and system configurations for computers that connect to your network. The integration of NAP helps prevent communications between compliant and noncompliant computers.
+
+-   **Safeguards sensitive data and intellectual property.**  With its integration with IPsec, Windows Firewall with Advanced Security provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data.
+
+-   **Extends the value of existing investments.**  Because Windows Firewall with Advanced Security is a host-based firewall that is included with Windows Server 2012, and prior Windows operating systems and because it is tightly integrated with Active Directory® Domain Services (AD DS) and Group Policy, there is no additional hardware or software required. Windows Firewall with Advanced Security is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).
+
+## <a href="" id="bkmk-new"></a>New and changed functionality
+
+
+The following table lists some of the new features for Windows Firewall with Advanced Security in Windows Server 2012.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Feature/functionality</th>
+<th>Windows Server 2008 R2</th>
+<th>Windows Server 2012</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p>Internet Key Exchange version 2 (IKEv2) for IPsec transport mode</p></td>
+<td><p></p></td>
+<td><p>X</p></td>
+</tr>
+<tr class="even">
+<td><p>Windows Store app network isolation</p></td>
+<td><p></p></td>
+<td><p>X</p></td>
+</tr>
+<tr class="odd">
+<td><p>Windows PowerShell cmdlets for Windows Firewall</p></td>
+<td><p></p></td>
+<td><p>X</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="ikev2-for-ipsec-transport-mode-"></a>IKEv2 for IPsec transport mode
+
+In Windows Server 2012, IKEv2 supports additional scenarios including IPsec end-to-end transport mode connections.
+
+**What value does this change add?**
+
+Windows Server 2012 IKEv2 support provides interoperability for Windows with other operating systems using IKEv2 for end-to-end security, and Supports Suite B (RFC 4869) requirements.
+
+**What works differently?**
+
+In Windows Server 2008 R2, IKEv2 is available as a virtual private network (VPN) tunneling protocol that supports automatic VPN reconnection. IKEv2 allows the security association to remain unchanged despite changes in the underlying connection.
+
+In Windows Server 2012, IKEv2 support has been expanded.
+
+### Windows Store app network isolation
+
+Administrators can custom configure Windows Firewall to fine tune network access if they desire more control of their Windows Store apps.
+
+**What value does this change add?**
+
+The feature adds the ability to set and enforce network boundaries ensure that apps that get compromised can only access networks where they have been explicitly granted access. This significantly reduces the scope of their impact to other apps, the system, and the network. In addition, apps can be isolated and protected from malicious access from the network.
+
+**What works differently?**
+
+In addition to firewall rules that you can create for program and services, you can also create firewall rules for Windows Store apps and their various capabilities.
+
+### Windows PowerShell cmdlets for Windows Firewall
+
+Windows PowerShell has extensive cmdlets to allow Windows Firewall configuration and management.
+
+**What value does this change add?**
+
+You can now fully configure and manage Windows Firewall, IPsec, and related features using the very powerful and scriptable Windows PowerShell.
+
+**What works differently?**
+
+In previous Windows versions, you could use Netsh to perform many configuration and management functions. This capability has been greatly expanded using the more powerful Windows PowerShell scripting language.
+
+## <a href="" id="bkmk-links"></a>See also
+
+
+See the following topics for more information about Windows Firewall with Advanced Security in Windows Server 2012.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Content type</th>
+<th>References</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td><p><strong>Deployment</strong></p></td>
+<td><p>[Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](../p_server_archive/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md) | [Isolating Windows Store Apps on Your Network](../p_server_archive/isolating-windows-store-apps-on-your-network.md) | [Windows Firewall with Advanced Security Administration with Windows PowerShell](../p_server_archive/windows-firewall-with-advanced-security-administration-with-windows-powershell.md)</p></td>
+</tr>
+<tr class="even">
+<td><p><strong>Troubleshooting</strong></p></td>
+<td><p>[Troubleshooting Windows Firewall with Advanced Security in Windows Server 2012](http://social.technet.microsoft.com/wiki/contents/articles/13894.troubleshooting-windows-firewall-with-advanced-security-in-windows-server-2012.aspx)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+ 
+
+
+
+
+

From 269f8756c023bc0003c5b4d300cad4e2478c7006 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 28 Apr 2016 16:24:23 -0700
Subject: [PATCH 02/92] Update TOC.md

---
 windows/keep-secure/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 09e5265e8a..988164c94a 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -459,7 +459,7 @@
 ######## [Server Isolation GPOs](server-isolation-gpos.md)
 ####### [Planning GPO Deployment](planning-gpo-deployment.md)
 ##### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
-##### [Additional Resources [WFASDesign]](additional-resources-wfasdesign.md)
+##### [Additional Resources](additional-resources-wfasdesign.md)
 #### [Windows Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
 ##### [Planning to Deploy Windows Firewall with Advanced Security](planning-to-deploy-windows-firewall-with-advanced-security.md)
 ##### [Implementing Your Windows Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)

From 69a5e703f5f3e1365e4e35c2f248fc3b86a1aae4 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 28 Apr 2016 16:29:11 -0700
Subject: [PATCH 03/92] fixing links

---
 ...ters-to-the-membership-group-for-a-zone.md |  6 +-
 ...ters-to-the-membership-group-for-a-zone.md |  4 +-
 .../basic-firewall-policy-design.md           | 12 +--
 windows/keep-secure/boundary-zone-gpos.md     |  2 +-
 windows/keep-secure/boundary-zone.md          |  8 +-
 ...e-based-isolation-policy-design-example.md |  4 +-
 ...rtificate-based-isolation-policy-design.md | 12 +--
 ...ange-rules-from-request-to-require-mode.md |  4 +-
 ...ist-configuring-basic-firewall-settings.md |  6 +-
 ...uring-rules-for-an-isolated-server-zone.md | 26 +++----
 ...rs-in-a-standalone-isolated-server-zone.md | 30 +++----
 ...configuring-rules-for-the-boundary-zone.md | 12 +--
 ...nfiguring-rules-for-the-encryption-zone.md | 14 ++--
 ...nfiguring-rules-for-the-isolated-domain.md | 24 +++---
 ...checklist-creating-group-policy-objects.md | 18 ++---
 ...ecklist-creating-inbound-firewall-rules.md | 10 +--
 ...cklist-creating-outbound-firewall-rules.md |  6 +-
 ...ts-of-a-standalone-isolated-server-zone.md | 22 +++---
 ...ementing-a-basic-firewall-policy-design.md | 26 +++----
 ...rtificate-based-isolation-policy-design.md | 16 ++--
 ...enting-a-domain-isolation-policy-design.md | 20 ++---
 ...andalone-server-isolation-policy-design.md | 20 ++---
 ...-server-2008-and-windows-server-2008-r2.md |  2 +-
 ...-server-2008-and-windows-server-2008-r2.md |  2 +-
 ...-server-2008-and-windows-server-2008-r2.md |  2 +-
 ...-server-2008-and-windows-server-2008-r2.md |  6 +-
 .../configure-the-windows-firewall-log.md     |  2 +-
 ...notifications-when-a-program-is-blocked.md |  2 +-
 ...hat-certificates-are-deployed-correctly.md |  2 +-
 ...-server-2008-and-windows-server-2008-r2.md |  2 +-
 ...-server-2008-and-windows-server-2008-r2.md |  4 +-
 ...s-server-2008-or-windows-server-2008-r2.md |  6 +-
 ...s-server-2008-or-windows-server-2008-r2.md |  8 +-
 ...s-server-2008-or-windows-server-2008-r2.md |  6 +-
 ...s-server-2008-or-windows-server-2008-r2.md |  2 +-
 ...s-server-2008-or-windows-server-2008-r2.md |  4 +-
 ...s-server-2008-or-windows-server-2008-r2.md |  6 +-
 ...irewall-with-advanced-security-strategy.md |  8 +-
 ...ing-the-trusted-state-of-your-computers.md |  6 +-
 windows/keep-secure/documenting-the-zones.md  |  4 +-
 .../domain-isolation-policy-design-example.md |  6 +-
 .../domain-isolation-policy-design.md         | 18 ++---
 ...s-server-2008-or-windows-server-2008-r2.md |  2 +-
 ...s-server-2008-or-windows-server-2008-r2.md |  2 +-
 windows/keep-secure/encryption-zone-gpos.md   |  2 +-
 windows/keep-secure/encryption-zone.md        |  8 +-
 ...-server-2008-and-windows-server-2008-r2.md |  2 +-
 windows/keep-secure/exemption-list.md         |  4 +-
 windows/keep-secure/firewall-gpos.md          |  2 +-
 .../firewall-policy-design-example.md         |  2 +-
 ...-about-your-active-directory-deployment.md |  2 +-
 ...hering-information-about-your-computers.md |  2 +-
 ...out-your-current-network-infrastructure.md |  2 +-
 .../gathering-other-relevant-information.md   |  2 +-
 .../gathering-the-information-you-need.md     |  8 +-
 .../keep-secure/gpo-domiso-boundary-ws2008.md |  4 +-
 .../gpo-domiso-encryption-ws2008.md           |  4 +-
 windows/keep-secure/gpo-domiso-firewall.md    |  2 +-
 .../gpo-domiso-isolateddomain-clients.md      |  6 +-
 .../gpo-domiso-isolateddomain-servers.md      |  2 +-
 ...wall-with-advanced-security-design-plan.md | 10 +--
 windows/keep-secure/isolated-domain-gpos.md   |  6 +-
 windows/keep-secure/isolated-domain.md        |  6 +-
 ...ting-windows-store-apps-on-your-network.md |  2 +-
 ...-firewall-with-advanced-security-design.md | 18 ++---
 ...anning-certificate-based-authentication.md |  2 +-
 .../planning-domain-isolation-zones.md        |  8 +-
 ...icy-deployment-for-your-isolation-zones.md |  8 +-
 ...planning-isolation-groups-for-the-zones.md |  4 +-
 .../planning-network-access-groups.md         |  2 +-
 .../planning-server-isolation-zones.md        |  8 +-
 ...ng-settings-for-a-basic-firewall-policy.md |  2 +-
 windows/keep-secure/planning-the-gpos.md      | 12 +--
 ...windows-firewall-with-advanced-security.md | 10 +--
 ...-firewall-with-advanced-security-design.md | 16 ++--
 .../procedures-used-in-this-guide.md          | 78 +++++++++----------
 ...n-accessing-sensitive-network-resources.md | 10 +--
 ...ss-to-only-specified-users-or-computers.md |  8 +-
 ...s-by-using-ikev2-in-windows-server-2012.md |  2 +-
 windows/keep-secure/server-isolation-gpos.md  |  2 +-
 .../server-isolation-policy-design-example.md |  8 +-
 .../server-isolation-policy-design.md         | 16 ++--
 ...firewall-and-configure-default-behavior.md |  2 +-
 ...-administration-with-windows-powershell.md |  4 +-
 ...with-advanced-security-deployment-guide.md | 16 ++--
 ...windows-firewall-with-advanced-security.md |  2 +-
 86 files changed, 360 insertions(+), 360 deletions(-)

diff --git a/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md
index cad68e2a55..cacc2910f5 100644
--- a/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md
+++ b/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md
@@ -15,7 +15,7 @@ For GPOs that contain connection security rules that prevent unauthenticated con
 
  
 
-The method discussed in this guide uses the **Domain Computers** built-in group. The advantage of this method is that all new computers that are joined to the domain automatically receive the isolated domain GPO. To do this successfully, you must make sure that the WMI filters and security group filters exclude computers that must not receive the GPOs. Use computer groups that deny both read and apply Group Policy permissions to the GPOs, such as a group used in the CG\_DOMISO\_NOIPSEC example design. Computers that are members of some zones must also be excluded from applying the GPOs for the main isolated domain. For more information, see the "Prevent members of a group from applying a GPO" section in [Assign Security Group Filters to the GPO](../p_server_archive/assign-security-group-filters-to-the-gpo.md).
+The method discussed in this guide uses the **Domain Computers** built-in group. The advantage of this method is that all new computers that are joined to the domain automatically receive the isolated domain GPO. To do this successfully, you must make sure that the WMI filters and security group filters exclude computers that must not receive the GPOs. Use computer groups that deny both read and apply Group Policy permissions to the GPOs, such as a group used in the CG\_DOMISO\_NOIPSEC example design. Computers that are members of some zones must also be excluded from applying the GPOs for the main isolated domain. For more information, see the "Prevent members of a group from applying a GPO" section in [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md).
 
 Without such a group (or groups), you must either add computers individually or use the groups containing computer accounts that are available to you.
 
@@ -55,7 +55,7 @@ After a computer is a member of the group, you can force a Group Policy refresh
 
 **To refresh Group Policy on a computer**
 
--   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+-   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
 
     ``` syntax
     gpupdate /target:computer /force
@@ -68,7 +68,7 @@ After Group Policy is refreshed, you can see which GPOs are currently applied to
 
 **To see which GPOs are applied to a computer**
 
--   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+-   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
 
     ``` syntax
     gpresult /r /scope:computer
diff --git a/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md
index f297cfd705..c14ecf58eb 100644
--- a/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md
+++ b/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md
@@ -50,7 +50,7 @@ After a computer is a member of the group, you can force a Group Policy refresh
 
 **To refresh Group Policy on a computer**
 
--   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+-   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
 
     ``` syntax
     gpupdate /target:computer /force
@@ -63,7 +63,7 @@ After Group Policy is refreshed, you can see which GPOs are currently applied to
 
 **To see which GPOs are applied to a computer**
 
--   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+-   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
 
     ``` syntax
     gpresult /r /scope:computer
diff --git a/windows/keep-secure/basic-firewall-policy-design.md b/windows/keep-secure/basic-firewall-policy-design.md
index 0c1698eb75..d5020e47c8 100644
--- a/windows/keep-secure/basic-firewall-policy-design.md
+++ b/windows/keep-secure/basic-firewall-policy-design.md
@@ -44,7 +44,7 @@ An organization typically uses this design as a first step toward a more compreh
 After implementing this design, your administrative team will have centralized management of the firewall rules applied to all computers that are running Windows in your organization.
 
 **Important**  
-If you also intend to deploy the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md), or the [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md), we recommend that you do the design work for all three designs together, and then deploy in layers that correspond with each design.
+If you also intend to deploy the [Domain Isolation Policy Design](domain-isolation-policy-design.md), or the [Server Isolation Policy Design](server-isolation-policy-design.md), we recommend that you do the design work for all three designs together, and then deploy in layers that correspond with each design.
 
  
 
@@ -52,17 +52,17 @@ The basic firewall design can be applied to computers that are part of an Active
 
 For more information about this design:
 
--   This design coincides with the deployment goal to [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md).
+-   This design coincides with the deployment goal to [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md).
 
--   To learn more about this design, see [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md).
+-   To learn more about this design, see [Firewall Policy Design Example](firewall-policy-design-example.md).
 
--   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md).
+-   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md).
 
--   To help you make the decisions required in this design, see [Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md).
+-   To help you make the decisions required in this design, see [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md).
 
 -   For a list of detailed tasks that you can use to deploy your basic firewall policy design, see "Checklist: Implementing a Basic Firewall Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=98308) at http://go.microsoft.com/fwlink/?linkid=98308.
 
-**Next: **[Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md)
+**Next: **[Domain Isolation Policy Design](domain-isolation-policy-design.md)
 
  
 
diff --git a/windows/keep-secure/boundary-zone-gpos.md b/windows/keep-secure/boundary-zone-gpos.md
index b987d99a53..e8e136ef00 100644
--- a/windows/keep-secure/boundary-zone-gpos.md
+++ b/windows/keep-secure/boundary-zone-gpos.md
@@ -21,7 +21,7 @@ The boundary zone GPOs discussed in this guide are only for server versions of W
 
 In the Woodgrove Bank example, only the GPO settings for a Web service on Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 are discussed.
 
--   [GPO\_DOMISO\_Boundary\_WS2008](../p_server_archive/gpo-domiso-boundary-ws2008.md)
+-   [GPO\_DOMISO\_Boundary\_WS2008](gpo-domiso-boundary-ws2008.md)
 
  
 
diff --git a/windows/keep-secure/boundary-zone.md b/windows/keep-secure/boundary-zone.md
index 4aa10f7795..e6e1d51bec 100644
--- a/windows/keep-secure/boundary-zone.md
+++ b/windows/keep-secure/boundary-zone.md
@@ -22,7 +22,7 @@ The goal of this process is to determine whether the risk of adding a computer t
 
 You must create a group in Active Directory to contain the members of the boundary zones. The settings and rules for the boundary zone are typically very similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. The primary difference is that the authentication connection security rule must be set to request authentication for both inbound and outbound traffic, instead of requiring inbound authentication and requesting outbound authentication as used by the isolated domain.
 
-Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) section.
+Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
 ## GPO settings for boundary zone servers running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
 
@@ -49,14 +49,14 @@ The boundary zone GPO for computers running Windows Server 2012, Windows Server
 
 -   A registry policy that includes the following values:
 
-    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
+    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
 
     **Note**  
-    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
+    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
 
      
 
-**Next: **[Encryption Zone](../p_server_archive/encryption-zone.md)
+**Next: **[Encryption Zone](encryption-zone.md)
 
  
 
diff --git a/windows/keep-secure/certificate-based-isolation-policy-design-example.md b/windows/keep-secure/certificate-based-isolation-policy-design-example.md
index 765f3010c9..2a59f16587 100644
--- a/windows/keep-secure/certificate-based-isolation-policy-design-example.md
+++ b/windows/keep-secure/certificate-based-isolation-policy-design-example.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Certificate-based Isolation Policy Design Example
 
 
-This design example continues to use the fictitious company Woodgrove Bank, as described in the sections [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md), [Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md), and [Server Isolation Policy Design Example](../p_server_archive/server-isolation-policy-design-example.md).
+This design example continues to use the fictitious company Woodgrove Bank, as described in the sections [Firewall Policy Design Example](firewall-policy-design-example.md), [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md), and [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
 
 One of the servers that must be included in the domain isolation environment is a computer running UNIX that supplies other information to the WGBank dashboard program running on the client computers. This computer sends updated information to the WGBank front-end servers as it becomes available, so it is considered unsolicited inbound traffic to the computers that receive this information.
 
@@ -44,7 +44,7 @@ By using the Active Directory Users and Computers snap-in, Woodgrove Bank create
 
 Woodgrove Bank then created a GPO that contains the certificate, and then attached security group filters to the GPO that allow read and apply permissions to only members of the NAG\_COMPUTER\_WGBUNIX group. The GPO places the certificate in the **Local Computer / Personal / Certificates** certificate store. The certificate used must chain back to a certificate that is in the **Trusted Root Certification Authorities** store on the local computer.
 
-**Next: **[Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md)
+**Next: **[Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
 
  
 
diff --git a/windows/keep-secure/certificate-based-isolation-policy-design.md b/windows/keep-secure/certificate-based-isolation-policy-design.md
index a59802bd5c..3c24ba8f07 100644
--- a/windows/keep-secure/certificate-based-isolation-policy-design.md
+++ b/windows/keep-secure/certificate-based-isolation-policy-design.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Certificate-based Isolation Policy Design
 
 
-In the certificate-based isolation policy design, you provide the same types of protections to your network traffic as described in the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md) and [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md) sections. The only difference is the method used to share identification credentials during the authentication of your network traffic.
+In the certificate-based isolation policy design, you provide the same types of protections to your network traffic as described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Server Isolation Policy Design](server-isolation-policy-design.md) sections. The only difference is the method used to share identification credentials during the authentication of your network traffic.
 
 Domain isolation and server isolation help provide security for the computers on the network that run Windows and that can be joined to an Active Directory domain. However, in most corporate environments there are typically some computers that must run another operating system, such as Linux or UNIX. These computers cannot join an Active Directory domain, without a third-party package being installed. Also, some computers that do run Windows cannot join a domain for a variety of reasons. To rely on Kerberos V5 as the authentication protocol, the computer needs to be joined to the Active Directory and (for non-windows computers) support Kerberos as an authentication protocol.
 
@@ -20,17 +20,17 @@ For computers that run Windows and that are part of an Active Directory domain,
 
 For more information about this design:
 
--   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
--   To learn more about this design, see [Certificate-based Isolation Policy Design Example](../p_server_archive/certificate-based-isolation-policy-design-example.md).
+-   To learn more about this design, see [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md).
 
--   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md).
+-   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md).
 
--   To help you make the decisions required in this design, see [Planning Certificate-based Authentication](../p_server_archive/planning-certificate-based-authentication.md).
+-   To help you make the decisions required in this design, see [Planning Certificate-based Authentication](planning-certificate-based-authentication.md).
 
 -   For a list of tasks that you can use to deploy your certificate-based policy design, see "Checklist: Implementing a Certificate-based Isolation Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=98308) at http://go.microsoft.com/fwlink/?linkid=98308.
 
-**Next: **[Evaluating Windows Firewall with Advanced Security Design Examples](../p_server_archive/evaluating-windows-firewall-with-advanced-security-design-examples.md)
+**Next: **[Evaluating Windows Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
 
  
 
diff --git a/windows/keep-secure/change-rules-from-request-to-require-mode.md b/windows/keep-secure/change-rules-from-request-to-require-mode.md
index 3f8a49404e..36c2306bb2 100644
--- a/windows/keep-secure/change-rules-from-request-to-require-mode.md
+++ b/windows/keep-secure/change-rules-from-request-to-require-mode.md
@@ -27,7 +27,7 @@ In this topic:
 
 **To convert a rule from request to require mode for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Connection Security Rules**.
 
@@ -42,7 +42,7 @@ In this topic:
 
 **To apply the modified GPOs to the client computers**
 
-1.  The next time each computer refreshes its Group Policy, it will receive the updated GPO and apply the modified rule. To force an immediate refresh, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md) and run the following command:
+1.  The next time each computer refreshes its Group Policy, it will receive the updated GPO and apply the modified rule. To force an immediate refresh, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md) and run the following command:
 
     ``` syntax
     gpupdate /force
diff --git a/windows/keep-secure/checklist-configuring-basic-firewall-settings.md b/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
index c4c624a4b7..93ba95bbff 100644
--- a/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
+++ b/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
@@ -32,17 +32,17 @@ This checklist includes tasks for configuring a GPO with firewall defaults and s
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Turn the firewall on and set the default inbound and outbound behavior.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Turn on Windows Firewall and Configure Default Behavior](../p_server_archive/turn-on-windows-firewall-and-configure-default-behavior.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the firewall to not display notifications to the user when a program is blocked, and to ignore locally defined firewall and connection security rules.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](../p_server_archive/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the firewall to record a log file.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Windows Firewall Log](../p_server_archive/configure-the-windows-firewall-log.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
index 4fe0df466c..3fe907d8cd 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Checklist: Configuring Rules for an Isolated Server Zone
 
 
-The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs for servers in an isolated server zone that are part of an isolated domain. For information about creating a standalone isolated server zone that is not part of an isolated domain, see [Checklist: Implementing a Standalone Server Isolation Policy Design](../p_server_archive/checklist-implementing-a-standalone-server-isolation-policy-design.md).
+The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs for servers in an isolated server zone that are part of an isolated domain. For information about creating a standalone isolated server zone that is not part of an isolated domain, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md).
 
 In addition to requiring authentication and optionally encryption, servers in an isolated server zone can be accessed only by users or computers who are authenticated members of a network access group (NAG). Computers that are running Windows 2000, Windows XP, or Windows Server 2003 can restrict access in IPsec only to computers that are members of the NAG, because IPsec and IKE in those versions of Windows do not support user-based authentication. If you include user accounts in the NAG, then the restrictions can still apply; they are just enforced at the application layer, rather than the IP layer.
 
@@ -44,37 +44,37 @@ The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Se
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a GPO for the computers that need to have access restricted to the same set of client computers. If there are multiple servers and they run different versions of the Windows operating system, then start by creating the GPO for one version of Windows. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.</p>
 <p>Copy the GPO from the isolated domain or from the encryption zone to serve as a starting point. Where your copy already contains elements listed in the following checklist, review the relevant procedures and compare them to your copied GPO’s element to make sure it is constructed in a way that meets the needs of the server isolation zone.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the security group filters and WMI filters on the GPO so that only members of the isolated server zone’s membership group that are running the specified version of Windows can read and apply it.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the data protection (quick mode) algorithm combinations to be used. If you require encryption for the isolated server zone, then make sure that you choose only algorithm combinations that include encryption.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the authentication methods to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
@@ -86,27 +86,27 @@ The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Se
 <div>
  
 </div></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the NAG to contain the computer or user accounts that are allowed to access the servers in the isolated server zone.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](../p_server_archive/create-a-group-account-in-active-directory.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a firewall rule that permits inbound network traffic only if authenticated as a member of the NAG.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Restrict Server Access to Members of a Group Only](../p_server_archive/restrict-server-access-to-members-of-a-group-only.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Add your test server to the membership group for the isolated server zone. Be sure to add at least one server for each operating system supported by a GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
index aaccf455e0..6d2a88909f 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone
 
 
-This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that is not part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or computers that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client computers that connect to them. For the GPOs for the client computers, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](../p_server_archive/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md).
+This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that is not part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or computers that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client computers that connect to them. For the GPOs for the client computers, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md).
 
 The GPOs for isolated servers are similar to those for an isolated domain. This checklist refers you to those procedures for the creation of some of the rules. The other procedures in this checklist are for creating the restrictions that allow only members of the server access group to connect to the server.
 
@@ -39,38 +39,38 @@ The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Se
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a GPO for the computers that need to have access restricted to the same set of client computers. If there are multiple servers running different versions of the Windows operating system, start by creating the GPO for one version of Windows. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md)</p>
-<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)</p>
+<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the computers for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the data protection (quick mode) algorithm combinations to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the authentication methods to be used. This procedure sets the default settings for the computer. If you want to set authentication on a per-rule basis, this procedure is optional.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
@@ -82,32 +82,32 @@ The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Se
 <div>
  
 </div></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>If your design requires encryption in addition to authentication for access to the isolated servers, then modify the rule to require it.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the NAG to contain the computer or user accounts that are allowed to access the isolated servers. If you have multiple groups of isolated servers that are accessed by different client computers, then create a NAG for each set of servers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](../p_server_archive/create-a-group-account-in-active-directory.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a firewall rule that allows inbound network traffic only if it is authenticated from a user or computer that is a member of the zone’s NAG.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Restrict Server Access to Members of a Group Only](../p_server_archive/restrict-server-access-to-members-of-a-group-only.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Add your test server to the membership group for the isolated server zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
index 92853aab0f..bd93a5e321 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
@@ -17,7 +17,7 @@ Rules for the boundary zone are typically the same as those for the isolated dom
 
 ![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring boundary zone rules for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
 
-A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 can simply be copied and then customized. This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](../p_server_archive/checklist-implementing-a-domain-isolation-policy-design.md). After you create a copy for the boundary zone, make sure that you do not change the rule from request authentication to require authentication when you create the other GPOs.
+A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 can simply be copied and then customized. This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md). After you create a copy for the boundary zone, make sure that you do not change the rule from request authentication to require authentication when you create the other GPOs.
 
 <table>
 <colgroup>
@@ -36,27 +36,27 @@ A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Se
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Make a copy of the domain isolation GPO for this version of Windows to serve as a starting point for the GPO for the boundary zone. Unlike the GPO for the main isolated domain zone, this copy is not changed after deployment to require authentication.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the boundary zone and version of Windows for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Add your test computers to the membership group for the boundary zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Verify that the connection security configuration is protecting network traffic with authentication when it can, and that unauthenticated traffic is accepted.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
index 6f79c81796..c90e28f60a 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
@@ -14,7 +14,7 @@ Rules for the encryption zone are typically the same as those for the isolated d
 
 ![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring encryption zone rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
 
-A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 can simply be copied and then customized. This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](../p_server_archive/checklist-implementing-a-domain-isolation-policy-design.md). You can then copy those GPOs for use with the encryption zone. After you create the copies, modify the main rule to require encryption in addition to the authentication required by the rest of the isolated domain.
+A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 can simply be copied and then customized. This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md). You can then copy those GPOs for use with the encryption zone. After you create the copies, modify the main rule to require encryption in addition to the authentication required by the rest of the isolated domain.
 
 <table>
 <colgroup>
@@ -33,32 +33,32 @@ A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Se
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Make a copy of the domain isolation GPOs to serve as a starting point for the GPOs for the encryption zone.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Modify the group memberships and WMI filters so that they are correct for the encryption zone and the version of Windows for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Add the encryption requirements for the zone.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Add your test computers to the membership group for the encryption zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Verify that the connection security rules are protecting network traffic.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
index e88f33cec8..84b4f69a88 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
@@ -37,58 +37,58 @@ The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Se
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a GPO for the computers in the isolated domain running one of the operating systems. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md)</p>
-<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)</p>
+<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>If you are working on a GPO that was copied from another GPO, modify the group memberships and WMI filters so that they are correct for the isolated domain zone and the version of Windows for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the data protection (quick mode) algorithm combinations to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the authentication methods to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the rule that requests authentication for all inbound network traffic.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Link the GPO to the domain level of the AD DS organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Verify that the connection security rules are protecting network traffic to and from the test computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-creating-group-policy-objects.md b/windows/keep-secure/checklist-creating-group-policy-objects.md
index 5264c7d2c6..698ddd1336 100644
--- a/windows/keep-secure/checklist-creating-group-policy-objects.md
+++ b/windows/keep-secure/checklist-creating-group-policy-objects.md
@@ -43,44 +43,44 @@ You can also use a membership group for one zone as an exclusion group for anoth
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Review important concepts and examples for deploying GPOs in a way that best meets the needs of your organization.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the membership group in AD DS that will be used to contain computer accounts that must receive the GPO.</p>
 <p>If some computers in the membership group are running an operating system that does not support WMI filters, such as Windows 2000, create an exclusion group to contain the computer accounts for the computers that cannot be blocked by using a WMI filter.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](../p_server_archive/create-a-group-account-in-active-directory.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a GPO for each version of Windows that has different implementation requirements.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Policy Object](../p_server_archive/create-a-group-policy-object.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Policy Object](create-a-group-policy-object.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create security group filters to limit the GPO to only computers that are members of the membership group and to exclude computers that are members of the exclusion group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Assign Security Group Filters to the GPO](../p_server_archive/assign-security-group-filters-to-the-gpo.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create WMI filters to limit each GPO to only the computers that match the criteria in the filter.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create WMI Filters for the GPO](../p_server_archive/create-wmi-filters-for-the-gpo.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>If you are working on a GPO that was copied from another, modify the group memberships and WMI filters so that they are correct for the new zone or version of Windows for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Before adding any rules or configuring the GPO, add a few test computers to the membership group, and make sure that the correct GPO is received and applied to each member of the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-creating-inbound-firewall-rules.md b/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
index 65a3c463b5..c62910188e 100644
--- a/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
+++ b/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
@@ -32,27 +32,27 @@ This checklist includes tasks for creating firewall rules in your GPOs.
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that allows a program to listen for and accept inbound network traffic on any ports it requires.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that allows inbound network traffic on a specified port number.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that allows inbound ICMP network traffic.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create rules that allow inbound RPC network traffic.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Enable a predefined rule or a group of predefined rules. Some predefined rules for basic network services are included as part of the installation of Windows; others can be created when you install a new application or network service.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-creating-outbound-firewall-rules.md b/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
index 61e94ff601..0e6115009a 100644
--- a/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
+++ b/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
@@ -34,17 +34,17 @@ By default, in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windo
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that allows a program to send any outbound network traffic on any port it requires.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that allows outbound network traffic on a specified port number.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Enable a predefined rule or a group of predefined rules. Some predefined rules for basic network services are included as part of the installation of Windows; others can be created when you install a new application or network service.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index 251866927c..843f11e525 100644
--- a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -37,53 +37,53 @@ The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Se
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a GPO for the client computers that must connect to servers in the isolated server zone, and that are running one of the versions of Windows. After you have finished the tasks in this checklist, you can make a copy of it.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md)</p>
-<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)</p>
+<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>To determine which computers receive the GPO, assign the NAG for the isolated servers to the security group filter for the GPO. Make sure that each GPO has the WMI filter for the correct version of Windows.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the data protection (quick mode) algorithm combinations to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the authentication methods to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create a rule that requests authentication for network traffic. Because fallback-to-clear behavior in Windows Vista and Windows Server 2008 has no delay when communicating with computers that cannot use IPsec, you can use the same any-to-any rule used in an isolated domain.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Add your test computers to the NAG for the isolated server zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md b/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
index d6ff2cb7f5..1c3c8530e2 100644
--- a/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
@@ -36,51 +36,51 @@ The procedures in this section use the Group Policy MMC snap-in interfaces to co
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Review important concepts and examples for the basic firewall policy design to determine if this design meets the needs of your organization.</p></td>
-<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md)</p></td>
+<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Basic Firewall Policy Design](basic-firewall-policy-design.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Firewall Policy Design Example](firewall-policy-design-example.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the membership group and a GPO for each set of computers that require different firewall rules. Where GPOs will be similar, such as for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md)</p>
-<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)</p>
+<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>If you are working on a GPO that was copied from another, modify the group membership and WMI filters so that they are correct for the computers for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the GPO with firewall default settings appropriate for your design.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Basic Firewall Settings](../p_server_archive/checklist-configuring-basic-firewall-settings.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create one or more inbound firewall rules to allow unsolicited inbound network traffic.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Inbound Firewall Rules](../p_server_archive/checklist-creating-inbound-firewall-rules.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create one or more outbound firewall rules to block unwanted outbound network traffic.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Outbound Firewall Rules](../p_server_archive/checklist-creating-outbound-firewall-rules.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Add test computers to the membership group, and then confirm that the computers receive the firewall rules from the GPOs as expected.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy the completed firewall policy settings to your computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](../p_server_archive/add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 59ca82798d..67dfdd611b 100644
--- a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -36,30 +36,30 @@ The procedures in this section use the Group Policy MMC snap-in interfaces to co
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.</p></td>
-<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Certificate-based Isolation Policy Design Example](../p_server_archive/certificate-based-isolation-policy-design-example.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Certificate-based Authentication](../p_server_archive/planning-certificate-based-authentication.md)</p></td>
+<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Certificate-based Authentication](planning-certificate-based-authentication.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Install Active Directory Certificate Services](../p_server_archive/install-active-directory-certificate-services.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Install Active Directory Certificate Services](install-active-directory-certificate-services.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure the certificate template for workstation authentication certificates.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Workstation Authentication Certificate Template](../p_server_archive/configure-the-workstation-authentication-certificate-templatewfas-dep.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Configure Group Policy to automatically deploy certificates based on your template to workstation computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Group Policy to Autoenroll and Deploy Certificates](../p_server_archive/configure-group-policy-to-autoenroll-and-deploy-certificates.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>On a test computer, refresh Group Policy and confirm that the certificate is installed.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Confirm That Certificates Are Deployed Correctly](../p_server_archive/confirm-that-certificates-are-deployed-correctly.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
index 6febf014de..1bb54f22dd 100644
--- a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
@@ -38,40 +38,40 @@ For more information about the security algorithms and authentication methods av
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Review important concepts and examples for the domain isolation policy design, determine your Windows Firewall with Advanced Security deployment goals, and customize this design to meet the needs of your organization.</p></td>
-<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md)</p></td>
+<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Domain Isolation Policy Design](domain-isolation-policy-design.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Domain Isolation Zones](planning-domain-isolation-zones.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the GPOs and connection security rules for the isolated domain.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Isolated Domain](../p_server_archive/checklist-configuring-rules-for-the-isolated-domain.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the GPOs and connection security rules for the boundary zone.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Boundary Zone](../p_server_archive/checklist-configuring-rules-for-the-boundary-zone.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the GPOs and connection security rules for the encryption zone.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Encryption Zone](../p_server_archive/checklist-configuring-rules-for-the-encryption-zone.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the GPOs and connection security rules for the isolated server zone.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for an Isolated Server Zone](../p_server_archive/checklist-configuring-rules-for-an-isolated-server-zone.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy rules and settings to your computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](../p_server_archive/add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>After you confirm that network traffic is authenticated by IPsec, you can change authentication rules for the isolated domain and encryption zone from request to require mode.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Change Rules from Request to Require Mode](../p_server_archive/change-rules-from-request-to-require-mode.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
index 92a7ec6199..be94daaa5c 100644
--- a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Checklist: Implementing a Standalone Server Isolation Policy Design
 
 
-This checklist contains procedures for creating a server isolation policy design that is not part of an isolated domain. For the steps required to create an isolated server zone within an isolated domain, see [Checklist: Configuring Rules for an Isolated Server Zone](../p_server_archive/checklist-configuring-rules-for-an-isolated-server-zone.md).
+This checklist contains procedures for creating a server isolation policy design that is not part of an isolated domain. For the steps required to create an isolated server zone within an isolated domain, see [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md).
 
 This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
@@ -38,35 +38,35 @@ The procedures in this section use the Group Policy MMC snap-in interfaces to co
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Review important concepts and examples for the server isolation policy design to determine if this design meets your deployment goals and the needs of your organization.</p></td>
-<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](../p_server_archive/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Server Isolation Policy Design Example](../p_server_archive/server-isolation-policy-design-example.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Server Isolation Zones](../p_server_archive/planning-server-isolation-zones.md)</p></td>
+<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Server Isolation Policy Design](server-isolation-policy-design.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)</p>
+<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Server Isolation Zones](planning-server-isolation-zones.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the GPOs and connection security rules for isolated servers.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](../p_server_archive/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Create the GPOs and connection security rules for the client computers that must connect to the isolated servers.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](../p_server_archive/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)</p></td>
+<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>Verify that the connection security rules are protecting network traffic on your test computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)</p></td>
 </tr>
 <tr class="odd">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>After you confirm that network traffic is authenticated by IPsec as expected, you can change authentication rules for the isolated server zone to require authentication instead of requesting it.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Change Rules from Request to Require Mode](../p_server_archive/change-rules-from-request-to-require-mode.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
 <td><p>According to the testing and roll-out schedule in your design plan, add computer accounts for the client computers to the membership group so that you can deploy the settings.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](../p_server_archive/add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
+<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
index 6cd45af6d4..6569e0cab2 100644
--- a/windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -21,7 +21,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To configure authentication methods**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the details pane on the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
 
diff --git a/windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
index 19af4227c6..41a78a8639 100644
--- a/windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -16,7 +16,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To configure quick mode settings**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the details pane on the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
 
diff --git a/windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
index 98b44775c3..dfb5e88e6c 100644
--- a/windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -16,7 +16,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To configure key exchange settings**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the details pane on the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
 
diff --git a/windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
index d01116f6b5..2ffedaee22 100644
--- a/windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -16,7 +16,7 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 **To modify an authentication request rule to also require encryption**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Connection Security Rules**.
 
@@ -36,14 +36,14 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
     This disables the data integrity rules section. Make sure the **Data integrity and encryption** list contains all of the combinations that your client computers will use to connect to members of the encryption zone. The client computers receive their rules through the GPO for the zone to which they reside. You must make sure that those rules contain at least one of the data integrity and encryption algorithms that are configured in this rule, or the client computers in that zone will not be able to connect to computers in this zone.
 
-10. If you need to add an algorithm combination, click **Add**, and then select the combination of encryption and integrity algorithms. The options are described in [Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md).
+10. If you need to add an algorithm combination, click **Add**, and then select the combination of encryption and integrity algorithms. The options are described in [Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md).
 
     **Note**  
     Not all of the algorithms available in Windows 8 or Windows Server 2012 can be selected in the Windows Firewall with Advanced Security user interface. To select them, you can use Windows PowerShell.
 
     Quick mode settings can also be configured on a per-rule basis, but not by using the Windows Firewall with Advanced Security user interface. Instead, you can create or modify the rules by using Windows PowerShell.
 
-    For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](../p_server_archive/windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
+    For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
 
      
 
diff --git a/windows/keep-secure/configure-the-windows-firewall-log.md b/windows/keep-secure/configure-the-windows-firewall-log.md
index 0bd77d8930..cb025368ae 100644
--- a/windows/keep-secure/configure-the-windows-firewall-log.md
+++ b/windows/keep-secure/configure-the-windows-firewall-log.md
@@ -23,7 +23,7 @@ In this topic:
 
 **To configure Windows Firewall logging for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the details pane, in the **Overview** section, click **Windows Firewall Properties**.
 
diff --git a/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
index e8fdd8d249..b494eb1f78 100644
--- a/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+++ b/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -30,7 +30,7 @@ In this topic:
 
 **To configure Windows Firewall to suppress the display of a notification for a blocked program and to ignore locally defined rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the details pane, in the **Overview** section, click **Windows Firewall Properties**.
 
diff --git a/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md b/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
index 16224c9683..efb2cee353 100644
--- a/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
@@ -27,7 +27,7 @@ In this topic:
 
 **To refresh Group Policy on a computer**
 
--   On a computer running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md), and then type the following command:
+-   On a computer running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
 
     ``` syntax
     gpupdate /target:computer /force
diff --git a/windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
index 93b8e8fa26..2f1df0c3a9 100644
--- a/windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -21,7 +21,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To create a rule that exempts specified hosts from authentication**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Connection Security Rules**.
 
diff --git a/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
index d3c1139e03..f2168bbc7d 100644
--- a/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -16,7 +16,7 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 **To create the authentication request rule**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, right-click **Connection Security Rules**, and then click **New Rule**.
 
@@ -31,7 +31,7 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 5.  On the **Authentication Method** page, select the authentication option you want to use on your network. To select multiple methods that are tried in order until one succeeds, click **Advanced**, click **Customize**, and then click **Add** to add methods to the list. Second authentication methods require Authenticated IP (AuthIP), which is supported only on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2.
 
-    1.  **Default**. Selecting this option tells the computer to request authentication by using the method currently defined as the default on the computer. This default might have been configured when the operating system was installed or it might have been configured by Group Policy. Selecting this option is appropriate when you have configured system-wide settings by using the [Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md) procedure.
+    1.  **Default**. Selecting this option tells the computer to request authentication by using the method currently defined as the default on the computer. This default might have been configured when the operating system was installed or it might have been configured by Group Policy. Selecting this option is appropriate when you have configured system-wide settings by using the [Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md) procedure.
 
     2.  **Computer and User (Kerberos V5)**. Selecting this option tells the computer to request authentication of both the computer and the currently logged-on user by using their domain credentials. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
 
diff --git a/windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
index 08aecf9783..edbbf0d6e5 100644
--- a/windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -16,13 +16,13 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 This topic describes how to create a port rule that allows inbound ICMP network traffic. For other inbound port rule types, see:
 
--   [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
--   [Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
 **To create an inbound ICMP rule**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Inbound Rules**.
 
diff --git a/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
index 6644cd06b4..49f4b7d7ba 100644
--- a/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -16,13 +16,13 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 This topic describes how to create a standard port rule for a specified protocol or TCP or UDP port number. For other inbound port rule types, see:
 
--   [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
--   [Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
 **To create an inbound port rule**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Inbound Rules**.
 
@@ -38,7 +38,7 @@ This topic describes how to create a standard port rule for a specified protocol
 5.  On the **Program** page, click **All programs**, and then click **Next**.
 
     **Note**  
-    This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The specified program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. If you choose to do this, follow the steps in the [Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md) procedure in addition to the steps in this procedure to create a single rule that filters network traffic using both program and port criteria.
+    This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The specified program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. If you choose to do this, follow the steps in the [Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md) procedure in addition to the steps in this procedure to create a single rule that filters network traffic using both program and port criteria.
 
      
 
diff --git a/windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
index b254db6e7c..83fa805eef 100644
--- a/windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -11,7 +11,7 @@ author: brianlic-msft
 To allow inbound network traffic to a specified program or service, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows the program to listen and receive inbound network traffic on any port.
 
 **Note**  
-This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. To combine the program and port rule types into a single rule, follow the steps in the [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md) procedure in addition to the steps in this procedure.
+This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. To combine the program and port rule types into a single rule, follow the steps in the [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md) procedure in addition to the steps in this procedure.
 
  
 
@@ -21,7 +21,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To create an inbound firewall rule for a program or service**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Inbound Rules**.
 
@@ -61,7 +61,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
      
 
-8.  It is a best practice to restrict the firewall rule for the program to only the ports it needs to operate. On the **Protocols and Ports** page, you can specify the port numbers for the allowed traffic. If the program tries to listen on a port different from the one specified here, it is blocked. For more information about protocol and port options, see [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md). After you have configured the protocol and port options, click **Next**.
+8.  It is a best practice to restrict the firewall rule for the program to only the ports it needs to operate. On the **Protocols and Ports** page, you can specify the port numbers for the allowed traffic. If the program tries to listen on a port different from the one specified here, it is blocked. For more information about protocol and port options, see [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md). After you have configured the protocol and port options, click **Next**.
 
 9.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
 
diff --git a/windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
index acc279e9e1..d91a6e972b 100644
--- a/windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -16,7 +16,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To create an outbound port rule**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Outbound Rules**.
 
diff --git a/windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
index 6a9f0d3b2f..8552952fbd 100644
--- a/windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -16,7 +16,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To create an outbound firewall rule for a program or service**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Outbound Rules**.
 
@@ -41,7 +41,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
     -   If the executable file is a container for a single service or contains multiple services but the rule only applies to one of them, click **Customize**, select **Apply to this service**, and then select the service from the list. If the service does not appear in the list, then click **Apply to service with this service short name**, and type the short name for the service in the text box. Click **OK**, and then click **Next**.
 
-8.  If you want the program to be allowed to send on some ports, but blocked from sending on others, then you can restrict the firewall rule to block only the specified ports or protocols. On the **Protocols and Ports** page, you can specify the port numbers or protocol numbers for the blocked traffic. If the program tries to send to or from a port number different from the one specified here, or by using a protocol number different from the one specified here, then the default outbound firewall behavior allows the traffic. For more information about the protocol and port options, see [Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md). When you have configured the protocol and port options, click **Next**.
+8.  If you want the program to be allowed to send on some ports, but blocked from sending on others, then you can restrict the firewall rule to block only the specified ports or protocols. On the **Protocols and Ports** page, you can specify the port numbers or protocol numbers for the blocked traffic. If the program tries to send to or from a port number different from the one specified here, or by using a protocol number different from the one specified here, then the default outbound firewall behavior allows the traffic. For more information about the protocol and port options, see [Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md). When you have configured the protocol and port options, click **Next**.
 
 9.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
 
diff --git a/windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
index c18b3e488e..1c41bd67ec 100644
--- a/windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -16,9 +16,9 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 This topic describes how to create rules that allow inbound RPC network traffic. For other inbound port rule types, see:
 
--   [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
--   [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
 In this topic:
 
@@ -31,7 +31,7 @@ In this topic:
 
 **To create a rule to allow inbound network traffic to the RPC Endpoint Mapper service**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Inbound Rules**.
 
diff --git a/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
index 7f5556412d..6e3d38e38b 100644
--- a/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
+++ b/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -10,9 +10,9 @@ author: brianlic-msft
 
 To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. You must have a good understanding of what tasks the computers on the network perform, and how they use the network to accomplish those tasks. You must understand the network traffic generated by the programs running on the computers.
 
--   [Gathering the Information You Need](../p_server_archive/gathering-the-information-you-need.md)
+-   [Gathering the Information You Need](gathering-the-information-you-need.md)
 
--   [Determining the Trusted State of Your Computers](../p_server_archive/determining-the-trusted-state-of-your-computers.md)
+-   [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-computers.md)
 
 The information that you gather will help you answer the following questions. The answers will help you understand your security requirements and select the design that best matches those requirements. The information will also help you when it comes time to deploy your design, by helping you to build a deployment strategy that is cost effective and resource efficient. It will help you project and justify the expected costs associated with implementing the design.
 
@@ -46,9 +46,9 @@ Computers running Windows XP and Windows Server 2003 will not be able to partici
 
  
 
-This guide describes how to plan your groups and GPOs for an environment with a mix of operating systems, starting with Windows Vista and Windows Server 2008. Windows XP and Windows Server 2003 are not discussed in this guide. Details can be found in the section [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) later in this guide.
+This guide describes how to plan your groups and GPOs for an environment with a mix of operating systems, starting with Windows Vista and Windows Server 2008. Windows XP and Windows Server 2003 are not discussed in this guide. Details can be found in the section [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) later in this guide.
 
-**Next: **[Gathering the Information You Need](../p_server_archive/gathering-the-information-you-need.md)
+**Next: **[Gathering the Information You Need](gathering-the-information-you-need.md)
 
  
 
diff --git a/windows/keep-secure/determining-the-trusted-state-of-your-computers.md b/windows/keep-secure/determining-the-trusted-state-of-your-computers.md
index c1812d4311..4e2b3f8fd2 100644
--- a/windows/keep-secure/determining-the-trusted-state-of-your-computers.md
+++ b/windows/keep-secure/determining-the-trusted-state-of-your-computers.md
@@ -115,7 +115,7 @@ The final step in this part of the process is to record the approximate cost of
 
 -   What is the projected cost or impact of making the proposed changes to enable the computer to achieve a trusted state?
 
-By answering these questions, you can quickly determine the level of effort and approximate cost of bringing a particular computer or group of computers into the scope of the project. It is important to remember that the state of a computer is transitive, and that by performing the listed remedial actions you can change the state of a computer from untrusted to trusted. After you decide whether to place a computer in a trusted state, you are ready to begin planning and designing the isolation groups, which the next section [Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md) discusses.
+By answering these questions, you can quickly determine the level of effort and approximate cost of bringing a particular computer or group of computers into the scope of the project. It is important to remember that the state of a computer is transitive, and that by performing the listed remedial actions you can change the state of a computer from untrusted to trusted. After you decide whether to place a computer in a trusted state, you are ready to begin planning and designing the isolation groups, which the next section [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) discusses.
 
 The following table is an example of a data sheet that you could use to help capture the current state of a computer and what would be required for the computer to achieve a trusted state.
 
@@ -164,7 +164,7 @@ In the previous table, the computer CLIENT001 is currently "known, untrusted" be
 
 The computer SERVER001 is "trustworthy" because it meets the hardware requirements but its operating system must be upgraded. It also requires antivirus software. The projected cost is the amount of effort that is required to upgrade the operating system and install antivirus software, along with their purchase costs.
 
-With the other information that you have gathered in this section, this information will be the foundation of the efforts performed later in the [Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md) section.
+With the other information that you have gathered in this section, this information will be the foundation of the efforts performed later in the [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) section.
 
 The costs identified in this section only capture the projected cost of the computer upgrades. Many additional design, support, test, and training costs should be accounted for in the overall project plan.
 
@@ -172,7 +172,7 @@ For more information about how to configure firewalls to support IPsec, see "Con
 
 For more information about WMI, see "Windows Management Instrumentation" at <http://go.microsoft.com/fwlink/?linkid=110483>.
 
-**Next: **[Planning Your Windows Firewall with Advanced Security Design](../p_server_archive/planning-your-windows-firewall-with-advanced-security-design.md)
+**Next: **[Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md)
 
  
 
diff --git a/windows/keep-secure/documenting-the-zones.md b/windows/keep-secure/documenting-the-zones.md
index 30d08b26eb..d15b2fd6c4 100644
--- a/windows/keep-secure/documenting-the-zones.md
+++ b/windows/keep-secure/documenting-the-zones.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Documenting the Zones
 
 
-Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md) section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Firewall with Advanced Security Strategy section. A sample is shown here:
+Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Firewall with Advanced Security Strategy section. A sample is shown here:
 
 <table style="width:100%;">
 <colgroup>
@@ -73,7 +73,7 @@ Generally, the task of determining zone membership is not complex, but it can be
 
  
 
-**Next: **[Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md)
+**Next: **[Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
 
  
 
diff --git a/windows/keep-secure/domain-isolation-policy-design-example.md b/windows/keep-secure/domain-isolation-policy-design-example.md
index 9d43df0cc7..3e58a40369 100644
--- a/windows/keep-secure/domain-isolation-policy-design-example.md
+++ b/windows/keep-secure/domain-isolation-policy-design-example.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Domain Isolation Policy Design Example
 
 
-This design example continues to use the fictitious company Woodgrove Bank, and builds on the example described in the [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md) section. See that example for an explanation of the basic corporate network infrastructure at Woodgrove Bank with diagrams.
+This design example continues to use the fictitious company Woodgrove Bank, and builds on the example described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section. See that example for an explanation of the basic corporate network infrastructure at Woodgrove Bank with diagrams.
 
 ## Design Requirements
 
@@ -29,7 +29,7 @@ The following illustration shows the traffic protection needed for this design e
 
 **Other traffic notes:**
 
--   All of the design requirements described in the [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md) section are still enforced.
+-   All of the design requirements described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section are still enforced.
 
 ## Design Details
 
@@ -53,7 +53,7 @@ If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Window
 
  
 
-**Next: **[Server Isolation Policy Design Example](../p_server_archive/server-isolation-policy-design-example.md)
+**Next: **[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)
 
  
 
diff --git a/windows/keep-secure/domain-isolation-policy-design.md b/windows/keep-secure/domain-isolation-policy-design.md
index 7156c376c5..4300787f6c 100644
--- a/windows/keep-secure/domain-isolation-policy-design.md
+++ b/windows/keep-secure/domain-isolation-policy-design.md
@@ -10,7 +10,7 @@ author: brianlic-msft
 
 In the domain isolation policy design, you configure the computers on your network to accept only connections coming from computers that are authenticated as members of the same isolated domain.
 
-This design typically begins with a network configured as described in the [Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md) section. For this design, you then add connection security and IPsec rules to configure computers in the isolated domain to accept only network traffic from other computers that can authenticate as a member of the isolated domain. After implementing the new rules, your computers reject unsolicited network traffic from computers that are not members of the isolated domain.
+This design typically begins with a network configured as described in the [Basic Firewall Policy Design](basic-firewall-policy-design.md) section. For this design, you then add connection security and IPsec rules to configure computers in the isolated domain to accept only network traffic from other computers that can authenticate as a member of the isolated domain. After implementing the new rules, your computers reject unsolicited network traffic from computers that are not members of the isolated domain.
 
 The isolated domain might not be a single Active Directory domain. It can consist of all the domains in a forest, or domains in separate forests that have two-way trust relationships configured between them.
 
@@ -22,7 +22,7 @@ The design is shown in the following illustration, with the arrows that show the
 
 Characteristics of this design, as shown in the diagram, include the following:
 
--   Isolated domain (area A) - Computers in the isolated domain receive unsolicited inbound traffic only from other members of the isolated domain or from computers referenced in authentication exemption rules. Computers in the isolated domain can send traffic to any computer. This includes unauthenticated traffic to computers that are not in the isolated domain. Computers that cannot join an Active Directory domain, but that can use certificates for authentication, can be part of the isolated domain. For more information, see the [Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md).
+-   Isolated domain (area A) - Computers in the isolated domain receive unsolicited inbound traffic only from other members of the isolated domain or from computers referenced in authentication exemption rules. Computers in the isolated domain can send traffic to any computer. This includes unauthenticated traffic to computers that are not in the isolated domain. Computers that cannot join an Active Directory domain, but that can use certificates for authentication, can be part of the isolated domain. For more information, see the [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md).
 
 -   Boundary zone (area B) - Computers in the boundary zone are part of the isolated domain but are allowed to accept inbound connections from untrusted computers, such as clients on the Internet.
 
@@ -37,27 +37,27 @@ Characteristics of this design, as shown in the diagram, include the following:
 After implementing this design, your administrative team will have centralized management of the firewall and connection security rules applied to the computers that are running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista in your organization.
 
 **Important**  
-This design builds on the [Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
+This design builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
 
  
 
 This design can be applied to computers that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
 
-In order to expand the isolated domain to include computers that cannot be part of an Active Directory domain, see the [Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md).
+In order to expand the isolated domain to include computers that cannot be part of an Active Directory domain, see the [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md).
 
 For more information about this design:
 
--   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
--   To learn more about this design, see the [Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md).
+-   To learn more about this design, see the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md).
 
--   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md).
+-   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md).
 
--   To help you make the decisions required in this design, see [Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md) and [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md).
+-   To help you make the decisions required in this design, see [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) and [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md).
 
 -   For a list of tasks that you can use to deploy your domain isolation policy design, see "Checklist: Implementing a Domain Isolation Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=xxxxx) at http://go.microsoft.com/fwlink/?linkid=xxxxx.
 
-**Next:** [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md)
+**Next:** [Server Isolation Policy Design](server-isolation-policy-design.md)
 
  
 
diff --git a/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
index 430a558adb..7f8e8b4d05 100644
--- a/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -16,7 +16,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To deploy predefined firewall rules that allow inbound network traffic for common network functions**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Inbound Rules**.
 
diff --git a/windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
index c82d0ba984..b37bf8b4c4 100644
--- a/windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
@@ -16,7 +16,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To deploy predefined firewall rules that block outbound network traffic for common network functions**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the navigation pane, click **Outbound Rules**.
 
diff --git a/windows/keep-secure/encryption-zone-gpos.md b/windows/keep-secure/encryption-zone-gpos.md
index d8eddfb597..a02f4037c8 100644
--- a/windows/keep-secure/encryption-zone-gpos.md
+++ b/windows/keep-secure/encryption-zone-gpos.md
@@ -12,7 +12,7 @@ Handle encryption zones in a similar manner to the boundary zones. A computer is
 
 The GPO is only for server versions of Windows. Client computers are not expected to participate in the encryption zone. If the need for one occurs, either create a new GPO for that version of Windows, or expand the WMI filter attached to one of the existing encryption zone GPOs to make it apply to the client version of Windows.
 
--   [GPO\_DOMISO\_Encryption\_WS2008](../p_server_archive/gpo-domiso-encryption-ws2008.md)
+-   [GPO\_DOMISO\_Encryption\_WS2008](gpo-domiso-encryption-ws2008.md)
 
  
 
diff --git a/windows/keep-secure/encryption-zone.md b/windows/keep-secure/encryption-zone.md
index 324c6f3514..54a7dfeb35 100644
--- a/windows/keep-secure/encryption-zone.md
+++ b/windows/keep-secure/encryption-zone.md
@@ -14,7 +14,7 @@ To support the additional security requirements of these servers, we recommend t
 
 You must create a group in Active Directory to contain members of the encryption zone. The settings and rules for the encryption zone are typically similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. You then modify the security methods list to include only algorithm combinations that include encryption protocols.
 
-Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) section.
+Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
 ## GPO settings for encryption zone servers running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
 
@@ -46,16 +46,16 @@ The GPO for computers that are running Windows Server 2012, Windows Server 2008
 
 -   A registry policy that includes the following values:
 
-    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
+    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
 
     **Note**  
-    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
+    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
 
      
 
 -   If domain member computers must communicate with computers in the encryption zone, ensure that you include in the isolated domain GPOs quick mode combinations that are compatible with the requirements of the encryption zone GPOs.
 
-**Next: **[Planning Server Isolation Zones](../p_server_archive/planning-server-isolation-zones.md)
+**Next: **[Planning Server Isolation Zones](planning-server-isolation-zones.md)
 
  
 
diff --git a/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
index cfc0b71639..a431459419 100644
--- a/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
@@ -21,7 +21,7 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 **To exempt ICMP network traffic from authentication**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  On the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
 
diff --git a/windows/keep-secure/exemption-list.md b/windows/keep-secure/exemption-list.md
index a74d5b6f83..0a1aea9187 100644
--- a/windows/keep-secure/exemption-list.md
+++ b/windows/keep-secure/exemption-list.md
@@ -40,9 +40,9 @@ To keep the number of exemptions as small as possible, you have several options:
 
 -   Consolidate exempted hosts on the same subnet. Where network traffic volume allows, you might be able to locate the servers on a subnet that is exempted, instead of using exemptions for each IP address.
 
-As with defining the boundary zone, create a formal process to approve hosts being added to the exemption list. For a model of processing requests for exemptions, see the decision flowchart in the [Boundary Zone](../p_server_archive/boundary-zone.md) section.
+As with defining the boundary zone, create a formal process to approve hosts being added to the exemption list. For a model of processing requests for exemptions, see the decision flowchart in the [Boundary Zone](boundary-zone.md) section.
 
-**Next: **[Isolated Domain](../p_server_archive/isolated-domain.md)
+**Next: **[Isolated Domain](isolated-domain.md)
 
  
 
diff --git a/windows/keep-secure/firewall-gpos.md b/windows/keep-secure/firewall-gpos.md
index e370430566..95375afd70 100644
--- a/windows/keep-secure/firewall-gpos.md
+++ b/windows/keep-secure/firewall-gpos.md
@@ -12,7 +12,7 @@ All the computers on Woodgrove Bank's network that run Windows are part of the i
 
 The GPO created for the example Woodgrove Bank scenario include the following:
 
--   [GPO\_DOMISO\_Firewall](../p_server_archive/gpo-domiso-firewall.md)
+-   [GPO\_DOMISO\_Firewall](gpo-domiso-firewall.md)
 
  
 
diff --git a/windows/keep-secure/firewall-policy-design-example.md b/windows/keep-secure/firewall-policy-design-example.md
index 5caed1a7d4..07adcdb285 100644
--- a/windows/keep-secure/firewall-policy-design-example.md
+++ b/windows/keep-secure/firewall-policy-design-example.md
@@ -96,7 +96,7 @@ The following groups were created by using the Active Directory Users and Comput
 
 In your own design, create a group for each computer role in your organization that requires different or additional firewall rules. For example, file servers and print servers require additional rules to allow the incoming network traffic for those functions. If a function is ordinarily performed on most computers on the network, you might consider adding computers performing those roles to the common default firewall GPO set, unless there is a security reason not to include it there.
 
-**Next: **[Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md)
+**Next: **[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)
 
  
 
diff --git a/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md b/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
index 7aacef01e4..de3c494963 100644
--- a/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
@@ -22,7 +22,7 @@ Active Directory is another important item about which you must gather informati
 
 -   **Existing IPsec policy**. Because this project culminates in the implementation of IPsec policy, you must understand how the network currently uses IPsec (if at all). Windows Firewall with Advanced Security connection security rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are not compatible with earlier versions of Windows. If you already have IPsec policies deployed to computers running Windows XP and Windows Server 2003 in your organization, you must ensure that the new IPsec policies you deploy enable computers using either the old or new IPsec policies to communicate with each other.
 
-**Next: **[Gathering Information about Your Computers](../p_server_archive/gathering-information-about-your-computers.md)
+**Next: **[Gathering Information about Your Computers](gathering-information-about-your-computers.md)
 
  
 
diff --git a/windows/keep-secure/gathering-information-about-your-computers.md b/windows/keep-secure/gathering-information-about-your-computers.md
index 16e161b101..e0eb0f0b44 100644
--- a/windows/keep-secure/gathering-information-about-your-computers.md
+++ b/windows/keep-secure/gathering-information-about-your-computers.md
@@ -46,7 +46,7 @@ Whether you use an automatic, manual, or hybrid option to gather the information
 
 This inventory will be critical for planning and implementing your Windows Firewall with Advanced Security design.
 
-**Next: **[Gathering Other Relevant Information](../p_server_archive/gathering-other-relevant-information.md)
+**Next: **[Gathering Other Relevant Information](gathering-other-relevant-information.md)
 
  
 
diff --git a/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md b/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
index 1668112a6d..ba38d968e5 100644
--- a/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
+++ b/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
@@ -116,7 +116,7 @@ Some of the more common applications and protocols are as follows:
 
 -   **Other traffic**. Windows Firewall with Advanced Security can help secure transmissions between computers by providing authentication of the packets in addition to encrypting the data that they contain. The important thing to do is to identify what must be protected, and the threats that must be mitigated. Examine and model other traffic or traffic types that must be secured.
 
-**Next: **[Gathering Information about Your Active Directory Deployment](../p_server_archive/gathering-information-about-your-active-directory-deployment.md)
+**Next: **[Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md)
 
  
 
diff --git a/windows/keep-secure/gathering-other-relevant-information.md b/windows/keep-secure/gathering-other-relevant-information.md
index d92519121f..b224e74fa6 100644
--- a/windows/keep-secure/gathering-other-relevant-information.md
+++ b/windows/keep-secure/gathering-other-relevant-information.md
@@ -79,7 +79,7 @@ Network Monitor includes parsers for the ISAKMP (IKE), AH, and ESP protocols. Ne
 
 Network Monitor is available as a free download from Microsoft at <http://go.microsoft.com/fwlink/?linkid=94770>.
 
-**Next: **[Determining the Trusted State of Your Computers](../p_server_archive/determining-the-trusted-state-of-your-computers.md)
+**Next: **[Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-computers.md)
 
  
 
diff --git a/windows/keep-secure/gathering-the-information-you-need.md b/windows/keep-secure/gathering-the-information-you-need.md
index 1ff777de17..c4bcf27cfe 100644
--- a/windows/keep-secure/gathering-the-information-you-need.md
+++ b/windows/keep-secure/gathering-the-information-you-need.md
@@ -12,13 +12,13 @@ Before starting the planning process for a Windows Firewall with Advanced Securi
 
 Review each of the following topics for guidance about the kinds of information that you must gather:
 
--   [Gathering Information about Your Current Network Infrastructure](../p_server_archive/gathering-information-about-your-current-network-infrastructure.md)
+-   [Gathering Information about Your Current Network Infrastructure](gathering-information-about-your-current-network-infrastructure.md)
 
--   [Gathering Information about Your Active Directory Deployment](../p_server_archive/gathering-information-about-your-active-directory-deployment.md)
+-   [Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md)
 
--   [Gathering Information about Your Computers](../p_server_archive/gathering-information-about-your-computers.md)
+-   [Gathering Information about Your Computers](gathering-information-about-your-computers.md)
 
--   [Gathering Other Relevant Information](../p_server_archive/gathering-other-relevant-information.md)
+-   [Gathering Other Relevant Information](gathering-other-relevant-information.md)
 
  
 
diff --git a/windows/keep-secure/gpo-domiso-boundary-ws2008.md b/windows/keep-secure/gpo-domiso-boundary-ws2008.md
index 4c2140385f..feafd79586 100644
--- a/windows/keep-secure/gpo-domiso-boundary-ws2008.md
+++ b/windows/keep-secure/gpo-domiso-boundary-ws2008.md
@@ -25,7 +25,7 @@ Rename the **Isolated Domain Rule** to **Boundary Zone Rule**. Change the authen
 ## Registry settings
 
 
-The boundary zone uses the same registry settings as the isolated domain to optimize IPsec operation. For more information, see the description of the registry settings in [Isolated Domain](../p_server_archive/isolated-domain.md).
+The boundary zone uses the same registry settings as the isolated domain to optimize IPsec operation. For more information, see the description of the registry settings in [Isolated Domain](isolated-domain.md).
 
 ## Firewall rules
 
@@ -34,7 +34,7 @@ Copy the firewall rules for the boundary zone from the GPO that contains the fir
 
 Make sure that the GPO that contains firewall rules for the isolated domain does not also apply to the boundary zone to prevent overlapping, and possibly conflicting rules.
 
-**Next: **[Encryption Zone GPOs](../p_server_archive/encryption-zone-gpos.md)
+**Next: **[Encryption Zone GPOs](encryption-zone-gpos.md)
 
  
 
diff --git a/windows/keep-secure/gpo-domiso-encryption-ws2008.md b/windows/keep-secure/gpo-domiso-encryption-ws2008.md
index c5ec2d8c7a..dac33f72d4 100644
--- a/windows/keep-secure/gpo-domiso-encryption-ws2008.md
+++ b/windows/keep-secure/gpo-domiso-encryption-ws2008.md
@@ -27,7 +27,7 @@ Rename the **Isolated Domain Rule** to **Encryption Zone Rule**. Leave the authe
 ## Registry settings
 
 
-The encryption zone uses the same registry settings as the isolated domain to optimize IPsec operation. For more information, see the description of the registry settings in [Isolated Domain](../p_server_archive/isolated-domain.md).
+The encryption zone uses the same registry settings as the isolated domain to optimize IPsec operation. For more information, see the description of the registry settings in [Isolated Domain](isolated-domain.md).
 
 ## Firewall rules
 
@@ -38,7 +38,7 @@ Change the action for every inbound firewall rule from **Allow the connection**
 
 Make sure that the GPO that contains firewall rules for the isolated domain does not also apply to the boundary zone to prevent overlapping, and possibly conflicting rules.
 
-**Next: **[Server Isolation GPOs](../p_server_archive/server-isolation-gpos.md)
+**Next: **[Server Isolation GPOs](server-isolation-gpos.md)
 
  
 
diff --git a/windows/keep-secure/gpo-domiso-firewall.md b/windows/keep-secure/gpo-domiso-firewall.md
index 78e4c0281a..5ffd27f985 100644
--- a/windows/keep-secure/gpo-domiso-firewall.md
+++ b/windows/keep-secure/gpo-domiso-firewall.md
@@ -59,7 +59,7 @@ This GPO provides the following rules:
 
 -   A firewall exception rule to allow required network traffic for the WGBank dashboard program. This inbound rule allows network traffic for the program Dashboard.exe in the %ProgramFiles%\\WGBank folder. The rule is also filtered to only allow traffic on port 1551. This rule is applied only to the domain profile.
 
-**Next: **[Isolated Domain GPOs](../p_server_archive/isolated-domain-gpos.md)
+**Next: **[Isolated Domain GPOs](isolated-domain-gpos.md)
 
  
 
diff --git a/windows/keep-secure/gpo-domiso-isolateddomain-clients.md b/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
index e03f882634..0b881a5231 100644
--- a/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
+++ b/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
@@ -17,13 +17,13 @@ Because client computers can sometimes be portable, the settings and rules for t
 
 This GPO provides the following settings:
 
--   No firewall settings are included in this GPO. Woodgrove Bank created separate GPOs for firewall settings (see the [Firewall GPOs](../p_server_archive/firewall-gpos.md) section) in order to share them with all clients in all isolation zones with minimum redundancy.
+-   No firewall settings are included in this GPO. Woodgrove Bank created separate GPOs for firewall settings (see the [Firewall GPOs](firewall-gpos.md) section) in order to share them with all clients in all isolation zones with minimum redundancy.
 
 -   The ICMP protocol is exempted from authentication requirements to support easier network troubleshooting.
 
 -   Diffie-Hellman Group 2 is specified as the key exchange algorithm. This is the strongest algorithm available that is supported by all the operating systems that are being used at Woodgrove Bank. After Woodgrove Bank has completed the upgrade to versions of Windows that support stronger algorithms, such as Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2, they can remove the weaker key exchange algorithms, and use only the stronger ones.
 
--   The registry settings shown in the following table. For more information, see the description of the registry settings in [Isolated Domain](../p_server_archive/isolated-domain.md).
+-   The registry settings shown in the following table. For more information, see the description of the registry settings in [Isolated Domain](isolated-domain.md).
 
     <table>
     <colgroup>
@@ -169,7 +169,7 @@ This GPO provides the following rules:
 
     -   Authentication mode is set to **Do not authenticate**.
 
-**Next: **[GPO\_DOMISO\_IsolatedDomain\_Servers](../p_server_archive/gpo-domiso-isolateddomain-servers.md)
+**Next: **[GPO\_DOMISO\_IsolatedDomain\_Servers](gpo-domiso-isolateddomain-servers.md)
 
  
 
diff --git a/windows/keep-secure/gpo-domiso-isolateddomain-servers.md b/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
index d179b62321..20491ecac5 100644
--- a/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
+++ b/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
@@ -19,7 +19,7 @@ Because so many of the settings and rules for this GPO are common to those in th
 
      
 
-**Next: **[Boundary Zone GPOs](../p_server_archive/boundary-zone-gpos.md)
+**Next: **[Boundary Zone GPOs](boundary-zone-gpos.md)
 
  
 
diff --git a/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index 7521ff29ba..acd8702deb 100644
--- a/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -29,15 +29,15 @@ The next step in implementing your design is to determine in what order each of
 
 Use the following parent checklists in this section of the guide to become familiar with the deployment tasks for implementing your organization's Windows Firewall with Advanced Security design.
 
--   [Checklist: Implementing a Basic Firewall Policy Design](../p_server_archive/checklist-implementing-a-basic-firewall-policy-design.md)
+-   [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md)
 
--   [Checklist: Implementing a Domain Isolation Policy Design](../p_server_archive/checklist-implementing-a-domain-isolation-policy-design.md)
+-   [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
 
--   [Checklist: Implementing a Domain Isolation Policy Design](../p_server_archive/checklist-implementing-a-domain-isolation-policy-design.md)
+-   [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md)
 
--   [Checklist: Implementing a Certificate-based Isolation Policy Design](../p_server_archive/checklist-implementing-a-certificate-based-isolation-policy-design.md)
+-   [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 
-The procedures in these checklists use the Group Policy MMC snap-in interfaces to configure firewall and connection security rules in GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](../p_server_archive/windows-firewall-with-advanced-security-administration-with-windows-powershell.md). This guide recommends using GPOs in a specific way to deploy the rules and settings for your design. For information about deploying your GPOs, see [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) and the checklist [Checklist: Creating Group Policy Objects](../p_server_archive/checklist-creating-group-policy-objects.md).
+The procedures in these checklists use the Group Policy MMC snap-in interfaces to configure firewall and connection security rules in GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md). This guide recommends using GPOs in a specific way to deploy the rules and settings for your design. For information about deploying your GPOs, see [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) and the checklist [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md).
 
  
 
diff --git a/windows/keep-secure/isolated-domain-gpos.md b/windows/keep-secure/isolated-domain-gpos.md
index 0b6a5cf020..022c062ce6 100644
--- a/windows/keep-secure/isolated-domain-gpos.md
+++ b/windows/keep-secure/isolated-domain-gpos.md
@@ -10,13 +10,13 @@ author: brianlic-msft
 
 All of the computers in the isolated domain are added to the group CG\_DOMISO\_IsolatedDomain. You must create multiple GPOs to align with this group, one for each Windows operating system that must have different rules or settings to implement the basic isolated domain functionality that you have in your isolated domain. This group is granted Read and Apply Group Policy permissions on all the GPOs described in this section.
 
-Each GPO has a security group filter that prevents the GPO from applying to members of the group GP\_DOMISO\_No\_IPsec. A WMI filter is attached to each GPO to ensure that the GPO is applied to only the specified version of Windows. For more information, see the [Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md) section.
+Each GPO has a security group filter that prevents the GPO from applying to members of the group GP\_DOMISO\_No\_IPsec. A WMI filter is attached to each GPO to ensure that the GPO is applied to only the specified version of Windows. For more information, see the [Planning GPO Deployment](planning-gpo-deployment.md) section.
 
 The GPOs created for the Woodgrove Bank isolated domain include the following:
 
--   [GPO\_DOMISO\_IsolatedDomain\_Clients](../p_server_archive/gpo-domiso-isolateddomain-clients.md)
+-   [GPO\_DOMISO\_IsolatedDomain\_Clients](gpo-domiso-isolateddomain-clients.md)
 
--   [GPO\_DOMISO\_IsolatedDomain\_Servers](../p_server_archive/gpo-domiso-isolateddomain-servers.md)
+-   [GPO\_DOMISO\_IsolatedDomain\_Servers](gpo-domiso-isolateddomain-servers.md)
 
  
 
diff --git a/windows/keep-secure/isolated-domain.md b/windows/keep-secure/isolated-domain.md
index 498d66aac0..8c1163d07c 100644
--- a/windows/keep-secure/isolated-domain.md
+++ b/windows/keep-secure/isolated-domain.md
@@ -48,14 +48,14 @@ GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server
 
 -   A registry policy that includes the following values:
 
-    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
+    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
 
     **Note**  
-    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
+    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
 
      
 
-**Next: **[Boundary Zone](../p_server_archive/boundary-zone.md)
+**Next: **[Boundary Zone](boundary-zone.md)
 
  
 
diff --git a/windows/keep-secure/isolating-windows-store-apps-on-your-network.md b/windows/keep-secure/isolating-windows-store-apps-on-your-network.md
index 019fcfc553..6d4410b869 100644
--- a/windows/keep-secure/isolating-windows-store-apps-on-your-network.md
+++ b/windows/keep-secure/isolating-windows-store-apps-on-your-network.md
@@ -331,7 +331,7 @@ Use the following procedure if you want to block intranet access for a specific
 ## <a href="" id="bkmk-links"></a>See also
 
 
--   [Windows Firewall with Advanced Security Overview](../p_server_archive/windows-firewall-with-advanced-security-overview-win8.md)
+-   [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security-overview-win8.md)
 
  
 
diff --git a/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index f062e68961..6972acc8cd 100644
--- a/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -28,36 +28,36 @@ Use the following table to determine which Windows Firewall with Advanced Securi
 <thead>
 <tr class="header">
 <th>Deployment Goals</th>
-<th>[Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md)</th>
-<th>[Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md)</th>
-<th>[Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md)</th>
-<th>[Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md)</th>
+<th>[Basic Firewall Policy Design](basic-firewall-policy-design.md)</th>
+<th>[Domain Isolation Policy Design](domain-isolation-policy-design.md)</th>
+<th>[Server Isolation Policy Design](server-isolation-policy-design.md)</th>
+<th>[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
-<td><p>[Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md)</p></td>
+<td><p>[Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
-<td><p>[Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md)</p></td>
+<td><p>[Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)</p></td>
 <td><p>-</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="odd">
-<td><p>[Restrict Access to Only Specified Users or Computers](../p_server_archive/restrict-access-to-only-specified-users-or-computers.md)</p></td>
+<td><p>[Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)</p></td>
 <td><p>-</p></td>
 <td><p>-</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
-<td><p>[Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md)</p></td>
+<td><p>[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)</p></td>
 <td><p>-</p></td>
 <td><p>Optional</p></td>
 <td><p>Optional</p></td>
@@ -70,7 +70,7 @@ Use the following table to determine which Windows Firewall with Advanced Securi
 
 To examine details for a specific design, click the design title at the top of the column in the preceding table.
 
-**Next: **[Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md)
+**Next: **[Basic Firewall Policy Design](basic-firewall-policy-design.md)
 
  
 
diff --git a/windows/keep-secure/planning-certificate-based-authentication.md b/windows/keep-secure/planning-certificate-based-authentication.md
index 414b5e373d..5882c9fec7 100644
--- a/windows/keep-secure/planning-certificate-based-authentication.md
+++ b/windows/keep-secure/planning-certificate-based-authentication.md
@@ -46,7 +46,7 @@ When the clients and servers have the certificates available, you can configure
 
 Starting in Windows Server 2012, the Administrator can configure certificate selection criteria so the desired certificate is selected and/or validated. Enhanced Key Usage (EKU) criteria can be configured, as well as name restrictions and certificate thumbprints. This is configured using the **Advanced** button when choosing certificates for the authentication method in the user interface, or through Windows PowerShell.
 
-**Next: **[Documenting the Zones](../p_server_archive/documenting-the-zones.md)
+**Next: **[Documenting the Zones](documenting-the-zones.md)
 
  
 
diff --git a/windows/keep-secure/planning-domain-isolation-zones.md b/windows/keep-secure/planning-domain-isolation-zones.md
index f2d1bfb04c..79003e56ed 100644
--- a/windows/keep-secure/planning-domain-isolation-zones.md
+++ b/windows/keep-secure/planning-domain-isolation-zones.md
@@ -14,13 +14,13 @@ The bulk of the work in planning server and domain isolation is determining whic
 
 The zones described in this guide include the following:
 
--   [Exemption List](../p_server_archive/exemption-list.md)
+-   [Exemption List](exemption-list.md)
 
--   [Isolated Domain](../p_server_archive/isolated-domain.md)
+-   [Isolated Domain](isolated-domain.md)
 
--   [Boundary Zone](../p_server_archive/boundary-zone.md)
+-   [Boundary Zone](boundary-zone.md)
 
--   [Encryption Zone](../p_server_archive/encryption-zone.md)
+-   [Encryption Zone](encryption-zone.md)
 
  
 
diff --git a/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
index 0100f63ad7..83dd7f12ae 100644
--- a/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -12,13 +12,13 @@ After you have decided on the best logical design of your isolation environment
 
 You have a list of isolation zones with the security requirements of each. For implementation, you must plan the groups that will hold the computer accounts in each zone, the network access groups that will be used to determine who can access an isolated server, and the GPOs with the connection security and firewall rules to apply to corresponding groups. Finally you must determine how you will ensure that the policies will only apply to the correct computers within each group.
 
--   [Planning Isolation Groups for the Zones](../p_server_archive/planning-isolation-groups-for-the-zones.md)
+-   [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
 
--   [Planning Network Access Groups](../p_server_archive/planning-network-access-groups.md)
+-   [Planning Network Access Groups](planning-network-access-groups.md)
 
--   [Planning the GPOs](../p_server_archive/planning-the-gpos.md)
+-   [Planning the GPOs](planning-the-gpos.md)
 
--   [Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md)
+-   [Planning GPO Deployment](planning-gpo-deployment.md)
 
  
 
diff --git a/windows/keep-secure/planning-isolation-groups-for-the-zones.md b/windows/keep-secure/planning-isolation-groups-for-the-zones.md
index 73063b68ef..209c9c78e2 100644
--- a/windows/keep-secure/planning-isolation-groups-for-the-zones.md
+++ b/windows/keep-secure/planning-isolation-groups-for-the-zones.md
@@ -63,11 +63,11 @@ The following table lists typical groups that can be used to manage the domain i
 
  
 
-Multiple GPOs might be delivered to each group. Which one actually becomes applied depends on the security group filters assigned to the GPOs in addition to the results of any WMI filtering assigned to the GPOs. Details of the GPO layout are discussed in the section [Planning the GPOs](../p_server_archive/planning-the-gpos.md).
+Multiple GPOs might be delivered to each group. Which one actually becomes applied depends on the security group filters assigned to the GPOs in addition to the results of any WMI filtering assigned to the GPOs. Details of the GPO layout are discussed in the section [Planning the GPOs](planning-the-gpos.md).
 
 If multiple GPOs are assigned to a group, and similar rules are applied, the rule that most specifically matches the network traffic is the one that is used by the computer. For example, if one IPsec rule says to request authentication for all IP traffic, and a second rule from a different GPO says to require authentication for IP traffic to and from a specific IP address, then the second rule takes precedence because it is more specific.
 
-**Next: **[Planning Network Access Groups](../p_server_archive/planning-network-access-groups.md)
+**Next: **[Planning Network Access Groups](planning-network-access-groups.md)
 
  
 
diff --git a/windows/keep-secure/planning-network-access-groups.md b/windows/keep-secure/planning-network-access-groups.md
index dc94283493..e96e8d26f2 100644
--- a/windows/keep-secure/planning-network-access-groups.md
+++ b/windows/keep-secure/planning-network-access-groups.md
@@ -56,7 +56,7 @@ Membership in a NAG does not control the level of IPsec traffic protection. The
 
  
 
-**Next: **[Planning the GPOs](../p_server_archive/planning-the-gpos.md)
+**Next: **[Planning the GPOs](planning-the-gpos.md)
 
  
 
diff --git a/windows/keep-secure/planning-server-isolation-zones.md b/windows/keep-secure/planning-server-isolation-zones.md
index 6394f51aa0..dc95031002 100644
--- a/windows/keep-secure/planning-server-isolation-zones.md
+++ b/windows/keep-secure/planning-server-isolation-zones.md
@@ -29,7 +29,7 @@ Each set of servers that must be accessed by different sets of users should be s
 ## Creating the GPOs
 
 
-Creation of the groups and how to link them to the GPOs that apply the rules to members of the groups are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) section.
+Creation of the groups and how to link them to the GPOs that apply the rules to members of the groups are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
 An isolated server is often a member of the encryption zone. Therefore, copying that GPO set serves as a good starting point. You then modify the rules to additionally restrict access to only NAG members.
 
@@ -69,14 +69,14 @@ The connection security rules described here are identical to the ones for the e
 
 -   A registry policy that includes the following values:
 
-    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
+    -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
 
     **Note**  
-    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](../p_server_archive/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
+    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
 
      
 
-**Next: **[Planning Certificate-based Authentication](../p_server_archive/planning-certificate-based-authentication.md)
+**Next: **[Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
 
  
 
diff --git a/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md b/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
index 783b92991e..4609526945 100644
--- a/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
@@ -46,7 +46,7 @@ The following is a list of the firewall settings that you might consider for inc
 
 -   **Outbound rules**. Only create outbound rules to block network traffic that must be prevented in all cases. If your organization prohibits the use of certain network programs, you can support that policy by blocking the known network traffic used by the program. Be sure to test the restrictions before you deploy them to avoid interfering with traffic for needed and authorized programs.
 
-**Next: **[Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md)
+**Next: **[Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
 
  
 
diff --git a/windows/keep-secure/planning-the-gpos.md b/windows/keep-secure/planning-the-gpos.md
index e970a3c826..e2809e0d05 100644
--- a/windows/keep-secure/planning-the-gpos.md
+++ b/windows/keep-secure/planning-the-gpos.md
@@ -40,19 +40,19 @@ After considering these issues, document each GPO that you require, and the deta
 ## Woodgrove Bank example GPOs
 
 
-The Woodgrove Bank example uses the following set of GPOs to support its domain isolation requirements. This section only discusses the rules and settings for server and domain isolation. GPO settings that affect which computers receive the GPO, such as security group filtering and WMI filtering, are discussed in the [Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md) section.
+The Woodgrove Bank example uses the following set of GPOs to support its domain isolation requirements. This section only discusses the rules and settings for server and domain isolation. GPO settings that affect which computers receive the GPO, such as security group filtering and WMI filtering, are discussed in the [Planning GPO Deployment](planning-gpo-deployment.md) section.
 
 In this section you can find information about the following:
 
--   [Firewall GPOs](../p_server_archive/firewall-gpos.md)
+-   [Firewall GPOs](firewall-gpos.md)
 
--   [Isolated Domain GPOs](../p_server_archive/isolated-domain-gpos.md)
+-   [Isolated Domain GPOs](isolated-domain-gpos.md)
 
--   [Boundary Zone GPOs](../p_server_archive/boundary-zone-gpos.md)
+-   [Boundary Zone GPOs](boundary-zone-gpos.md)
 
--   [Encryption Zone GPOs](../p_server_archive/encryption-zone-gpos.md)
+-   [Encryption Zone GPOs](encryption-zone-gpos.md)
 
--   [Server Isolation GPOs](../p_server_archive/server-isolation-gpos.md)
+-   [Server Isolation GPOs](server-isolation-gpos.md)
 
  
 
diff --git a/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
index a517124934..e044483cf2 100644
--- a/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Planning to Deploy Windows Firewall with Advanced Security
 
 
-After you collect information about your environment and decide on a design by following the guidance in the [Windows Firewall with Advanced Security Design Guide](../p_server_archive/windows-firewall-with-advanced-security-design-guide.md), you can begin to plan the deployment of your design. With the completed design and the information in this topic, you can determine which tasks to perform to deploy Windows Firewall with Advanced Security in your organization.
+After you collect information about your environment and decide on a design by following the guidance in the [Windows Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md), you can begin to plan the deployment of your design. With the completed design and the information in this topic, you can determine which tasks to perform to deploy Windows Firewall with Advanced Security in your organization.
 
 ## Reviewing your Windows Firewall with Advanced Security Design
 
@@ -17,11 +17,11 @@ If the design team that created the Windows Firewall with Advanced Security desi
 
 -   The design team's strategy for determining how WMI and security group filters attached to the GPOs will determine which computers apply to which GPO. The deployment team can refer to the following topics in the Windows Firewall with Advanced Security Design Guide:
 
-    -   [Planning Isolation Groups for the Zones](../p_server_archive/planning-isolation-groups-for-the-zones.md)
+    -   [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
 
-    -   [Planning the GPOs](../p_server_archive/planning-the-gpos.md)
+    -   [Planning the GPOs](planning-the-gpos.md)
 
-    -   [Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md)
+    -   [Planning GPO Deployment](planning-gpo-deployment.md)
 
 -   The communication to be allowed between members of each of the zones in the isolated domain and computers that are not part of the isolated domain or members of the isolated domain's exemption list.
 
@@ -39,7 +39,7 @@ If the design team that created the Windows Firewall with Advanced Security desi
 
     If at least one set of each does not match between two computers, then the computers cannot successfully communicate.
 
-After the design and deployment teams agree on these issues, they can proceed with the deployment of the Windows Firewall with Advanced Security design. For more information, see [Implementing Your Windows Firewall with Advanced Security Design Plan](../p_server_archive/implementing-your-windows-firewall-with-advanced-security-design-plan.md).
+After the design and deployment teams agree on these issues, they can proceed with the deployment of the Windows Firewall with Advanced Security design. For more information, see [Implementing Your Windows Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md).
 
  
 
diff --git a/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md b/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
index 9efd46604f..4c5d9ec780 100644
--- a/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
@@ -13,9 +13,9 @@ After you have gathered the relevant information in the previous sections, and u
 ## Basic firewall design
 
 
-We recommend that you deploy at least the basic firewall design. As discussed in the [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md) section, host-based firewalls are an important element in a defense-in-depth strategy and complement most other security measures you put in place in your organization.
+We recommend that you deploy at least the basic firewall design. As discussed in the [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md) section, host-based firewalls are an important element in a defense-in-depth strategy and complement most other security measures you put in place in your organization.
 
-When you are ready to examine the options for firewall policy settings, see the [Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md) section.
+When you are ready to examine the options for firewall policy settings, see the [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md) section.
 
 ## Algorithm and method support and selection
 
@@ -40,7 +40,7 @@ Include this design in your plans:
 
 If you plan on including the basic firewall design as part of your deployment, we recommend that you deploy the firewall policies first to confirm that they work properly. Also plan to enable your connection security rules in request mode at first, instead of the more restrictive require mode, until you are sure that the computers are all correctly protecting network traffic with IPsec. If something is wrong, request mode still allows communications to continue while you are troubleshooting.
 
-When you are ready to examine the options for creating an isolated domain, see the [Planning Domain Isolation Zones](../p_server_archive/planning-domain-isolation-zones.md) section.
+When you are ready to examine the options for creating an isolated domain, see the [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) section.
 
 ## Server isolation design
 
@@ -53,7 +53,7 @@ Include this design in your plans:
 
 If you plan to include domain isolation in your deployment, we recommend that you complete that layer and confirm its correct operation before you implement the additional server isolation elements.
 
-When you are ready to examine the options for isolating servers, see the [Planning Server Isolation Zones](../p_server_archive/planning-server-isolation-zones.md) section.
+When you are ready to examine the options for isolating servers, see the [Planning Server Isolation Zones](planning-server-isolation-zones.md) section.
 
 ## Certificate-based authentication design
 
@@ -68,23 +68,23 @@ Include this design in your plans:
 
 If you plan to include domain or server isolation in your deployment, we recommend that you complete those elements and confirm their correct operation before you add certificate-based authentication to the computers that require it.
 
-When you are ready to examine the options for using certificate-based authentication, see the [Planning Certificate-based Authentication](../p_server_archive/planning-certificate-based-authentication.md) section.
+When you are ready to examine the options for using certificate-based authentication, see the [Planning Certificate-based Authentication](planning-certificate-based-authentication.md) section.
 
 ## Documenting your design
 
 
 After you finish selecting the designs that you will use, you must assign each of your computers to the appropriate isolation zone and document the assignment for use by the deployment team.
 
--   [Documenting the Zones](../p_server_archive/documenting-the-zones.md)
+-   [Documenting the Zones](documenting-the-zones.md)
 
 ## Designing groups and GPOs
 
 
 After you have selected a design and assigned your computers to zones, you can begin laying out the isolation groups for each zone, the network access groups for isolated server access, and the GPOs that you will use to apply the settings and rules to your computers.
 
-When you are ready to examine the options for the groups, filters, and GPOs, see the [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md) section.
+When you are ready to examine the options for the groups, filters, and GPOs, see the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
-**Next: **[Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md)
+**Next: **[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
 
  
 
diff --git a/windows/keep-secure/procedures-used-in-this-guide.md b/windows/keep-secure/procedures-used-in-this-guide.md
index 733ca019e5..9793debf2a 100644
--- a/windows/keep-secure/procedures-used-in-this-guide.md
+++ b/windows/keep-secure/procedures-used-in-this-guide.md
@@ -10,83 +10,83 @@ author: brianlic-msft
 
 The procedures in this section appear in the checklists found earlier in this document. They should be used only in the context of the checklists in which they appear. They are presented here in alphabetical order.
 
-[Add Production Computers to the Membership Group for a Zone](../p_server_archive/add-production-computers-to-the-membership-group-for-a-zone.md)
+[Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)
 
-[Add Test Computers to the Membership Group for a Zone](../p_server_archive/add-test-computers-to-the-membership-group-for-a-zone.md)
+[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)
 
-[Assign Security Group Filters to the GPO](../p_server_archive/assign-security-group-filters-to-the-gpo.md)
+[Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
 
-[Change Rules from Request to Require Mode](../p_server_archive/change-rules-from-request-to-require-mode.md)
+[Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
 
-[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
 
-[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
 
-[Configure Group Policy to Autoenroll and Deploy Certificates](../p_server_archive/configure-group-policy-to-autoenroll-and-deploy-certificates.md)
+[Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
 
-[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
 
-[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
 
-[Configure the Windows Firewall Log](../p_server_archive/configure-the-windows-firewall-log.md)
+[Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
 
-[Configure the Workstation Authentication Certificate Template](../p_server_archive/configure-the-workstation-authentication-certificate-templatewfas-dep.md)
+[Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)
 
-[Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](../p_server_archive/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
+[Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
 
-[Confirm That Certificates Are Deployed Correctly](../p_server_archive/confirm-that-certificates-are-deployed-correctly.md)
+[Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
 
-[Copy a GPO to Create a New GPO](../p_server_archive/copy-a-gpo-to-create-a-new-gpo.md)
+[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
 
-[Create a Group Account in Active Directory](../p_server_archive/create-a-group-account-in-active-directory.md)
+[Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
 
-[Create a Group Policy Object](../p_server_archive/create-a-group-policy-object.md)
+[Create a Group Policy Object](create-a-group-policy-object.md)
 
-[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
 
-[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
 
-[Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+[Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
-[Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+[Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
-[Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+[Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
-[Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+[Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
-[Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](../p_server_archive/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+[Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
-[Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+[Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
-[Create WMI Filters for the GPO](../p_server_archive/create-wmi-filters-for-the-gpo.md)
+[Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
 
-[Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+[Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
-[Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](../p_server_archive/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+[Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
-[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](../p_server_archive/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
 
-[Install Active Directory Certificate Services](../p_server_archive/install-active-directory-certificate-services.md)
+[Install Active Directory Certificate Services](install-active-directory-certificate-services.md)
 
-[Link the GPO to the Domain](../p_server_archive/link-the-gpo-to-the-domain.md)
+[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
 
-[Modify GPO Filters to Apply to a Different Zone or Version of Windows](../p_server_archive/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
+[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
 
-[Open the Group Policy Management Console to IP Security Policies](../p_server_archive/open-the-group-policy-management-console-to-ip-security-policies.md)
+[Open the Group Policy Management Console to IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
 
-[Open the Group Policy Management Console to Windows Firewall](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall.md)
+[Open the Group Policy Management Console to Windows Firewall](open-the-group-policy-management-console-to-windows-firewall.md)
 
-[Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
+[Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
 
-[Open Windows Firewall with Advanced Security](../p_server_archive/open-windows-firewall-with-advanced-security.md)
+[Open Windows Firewall with Advanced Security](open-windows-firewall-with-advanced-security.md)
 
-[Restrict Server Access to Members of a Group Only](../p_server_archive/restrict-server-access-to-members-of-a-group-only.md)
+[Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)
 
-[Start a Command Prompt as an Administrator](../p_server_archive/start-a-command-prompt-as-an-administrator.md)
+[Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md)
 
-[Turn on Windows Firewall and Configure Default Behavior](../p_server_archive/turn-on-windows-firewall-and-configure-default-behavior.md)
+[Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)
 
-[Verify That Network Traffic Is Authenticated](../p_server_archive/verify-that-network-traffic-is-authenticated.md)
+[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
 
  
 
diff --git a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
index 29dfe483a0..ca133f5f86 100644
--- a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Require Encryption When Accessing Sensitive Network Resources
 
 
-The use of authentication in the previously described goal ([Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md)) enables a computer in the isolated domain to block traffic from untrusted computers. However, it does not prevent an untrusted computer from eavesdropping on the network traffic shared between two trusted computers, because by default network packets are not encrypted.
+The use of authentication in the previously described goal ([Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)) enables a computer in the isolated domain to block traffic from untrusted computers. However, it does not prevent an untrusted computer from eavesdropping on the network traffic shared between two trusted computers, because by default network packets are not encrypted.
 
 For computers that share sensitive information over the network, Windows Firewall with Advanced Security allows you to require that all such network traffic be encrypted. Using encryption can help you comply with regulatory and legislative requirements such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations. By creating connection security rules that apply to computers that host and exchange sensitive data, you can help protect the confidentiality of that data by encrypting it.
 
@@ -18,19 +18,19 @@ The following illustration shows an encryption zone in an isolated domain. The r
 
 This goal provides the following benefits:
 
--   Computers in the encryption zone require authentication to communicate with other computers. This works no differently from the domain isolation goal and design. For more information, see [Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md).
+-   Computers in the encryption zone require authentication to communicate with other computers. This works no differently from the domain isolation goal and design. For more information, see [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md).
 
 -   Computers in the encryption zone require that all inbound and outbound network traffic be encrypted.
 
     For example, Woodgrove Bank processes sensitive customer data on a computer that must be protected from eavesdropping by computers on the network. Connection security rules specify that all traffic must be encrypted by a sufficiently complex encryption algorithm to help protect the data.
 
--   Computers in the encryption zone are often good candidates for server isolation, where access is limited to only computer accounts and user accounts that are members of an authorized access group. In many organizations, the encryption zone and the server isolation zone are one and the same. For more information, see [Restrict Access to Only Specified Users or Computers](../p_server_archive/restrict-access-to-only-specified-users-or-computers.md).
+-   Computers in the encryption zone are often good candidates for server isolation, where access is limited to only computer accounts and user accounts that are members of an authorized access group. In many organizations, the encryption zone and the server isolation zone are one and the same. For more information, see [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md).
 
 The following components are required for this deployment goal:
 
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](../p_server_archive/additional-resources-wfasdesign.md).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
 
-**Next: **[Restrict Access to Only Specified Users or Computers](../p_server_archive/restrict-access-to-only-specified-users-or-computers.md)
+**Next: **[Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)
 
  
 
diff --git a/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md b/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
index 1e565f2c6b..b6fc24fa0c 100644
--- a/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
+++ b/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
@@ -20,7 +20,7 @@ The following illustration shows an isolated server, and examples of computers t
 
 ![isolated domain with network access groups](images/wfas-domainnag.gif)
 
-This goal, which corresponds to [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md), provides the following features:
+This goal, which corresponds to [Server Isolation Policy Design](server-isolation-policy-design.md), provides the following features:
 
 -   Isolated servers accept unsolicited inbound network traffic only from computers or users that are members of the NAG.
 
@@ -28,13 +28,13 @@ This goal, which corresponds to [Server Isolation Policy Design](../p_server_arc
 
 -   Server isolation can also be configured independently of an isolated domain. To do so, configure only the computers that must communicate with the isolated server with connection security rules to implement authentication and check NAG membership.
 
--   A server isolation zone can be simultaneously configured as an encryption zone. To do this, configure the GPO with rules that force encryption in addition to requiring authentication and restricting access to NAG members. For more information, see [Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md).
+-   A server isolation zone can be simultaneously configured as an encryption zone. To do this, configure the GPO with rules that force encryption in addition to requiring authentication and restricting access to NAG members. For more information, see [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 The following components are required for this deployment goal:
 
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](../p_server_archive/additional-resources-wfasdesign.md).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
 
-**Next: **[Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](../p_server_archive/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
+**Next: **[Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 
  
 
diff --git a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
index acdb18d98f..a6194dff0b 100644
--- a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
+++ b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
@@ -191,7 +191,7 @@ You might not find the exact answer for the issue, but you can find good hints.
 ## <a href="" id="bkmk-links"></a>See also
 
 
--   [Windows Firewall with Advanced Security Overview](../p_server_archive/windows-firewall-with-advanced-security-overview-win8.md)
+-   [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security-overview-win8.md)
 
  
 
diff --git a/windows/keep-secure/server-isolation-gpos.md b/windows/keep-secure/server-isolation-gpos.md
index aa7a7f109b..acfe57e0bb 100644
--- a/windows/keep-secure/server-isolation-gpos.md
+++ b/windows/keep-secure/server-isolation-gpos.md
@@ -24,7 +24,7 @@ This GPO is identical to the GPO\_DOMISO\_Encryption\_WS2008 GPO with the follow
 
      
 
-**Next: **[Planning GPO Deployment](../p_server_archive/planning-gpo-deployment.md)
+**Next: **[Planning GPO Deployment](planning-gpo-deployment.md)
 
  
 
diff --git a/windows/keep-secure/server-isolation-policy-design-example.md b/windows/keep-secure/server-isolation-policy-design-example.md
index 1666f22af8..d6c1c4c7af 100644
--- a/windows/keep-secure/server-isolation-policy-design-example.md
+++ b/windows/keep-secure/server-isolation-policy-design-example.md
@@ -8,7 +8,7 @@ author: brianlic-msft
 # Server Isolation Policy Design Example
 
 
-This design example continues to use the fictitious company Woodgrove Bank, as described in the [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md) section and the [Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md) section.
+This design example continues to use the fictitious company Woodgrove Bank, as described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section and the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) section.
 
 In addition to the protections provided by the firewall and domain isolation, Woodgrove Bank wants to provide additional protection to the computers that are running Microsoft SQL Server for the WGBank program. They contain personal data, including each customer's financial history. Government and industry rules and regulations specify that access to this information must be restricted to only those users who have a legitimate business need. This includes a requirement to prevent interception of and access to the information when it is in transit over the network.
 
@@ -42,9 +42,9 @@ The following illustration shows the traffic protection needs for this design ex
 
 **Other traffic notes:**
 
--   All of the design requirements shown in the [Firewall Policy Design Example](../p_server_archive/firewall-policy-design-example.md) section are still enforced.
+-   All of the design requirements shown in the [Firewall Policy Design Example](firewall-policy-design-example.md) section are still enforced.
 
--   All of the design requirements shown in the [Domain Isolation Policy Design Example](../p_server_archive/domain-isolation-policy-design-example.md) section are still enforced.
+-   All of the design requirements shown in the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) section are still enforced.
 
 ## Design details
 
@@ -75,7 +75,7 @@ If Woodgrove Bank wants to implement server isolation without domain isolation,
 
 You do not have to include the encryption-capable rules on all computers. Instead, you can create GPOs that are applied only to members of the NAG, in addition to the standard domain isolation GPO, that contain connection security rules to support encryption.
 
-**Next: **[Certificate-based Isolation Policy Design Example](../p_server_archive/certificate-based-isolation-policy-design-example.md)
+**Next: **[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)
 
  
 
diff --git a/windows/keep-secure/server-isolation-policy-design.md b/windows/keep-secure/server-isolation-policy-design.md
index 798292f552..c8671321c0 100644
--- a/windows/keep-secure/server-isolation-policy-design.md
+++ b/windows/keep-secure/server-isolation-policy-design.md
@@ -10,7 +10,7 @@ author: brianlic-msft
 
 In the server isolation policy design, you assign servers to a zone that allows access only to users and computers that authenticate as members of an approved network access group (NAG).
 
-This design typically begins with a network configured as described in the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md) section. For this design, you then create zones for servers that have additional security requirements. The zones can limit access to the server to only members of authorized groups, and can optionally require the encryption of all traffic in or out of these servers. This can be done on a per server basis, or for a group of servers that share common security requirements.
+This design typically begins with a network configured as described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) section. For this design, you then create zones for servers that have additional security requirements. The zones can limit access to the server to only members of authorized groups, and can optionally require the encryption of all traffic in or out of these servers. This can be done on a per server basis, or for a group of servers that share common security requirements.
 
 You can implement a server isolation design without using domain isolation. To do this, you use the same principles as domain isolation, but instead of applying them to an Active Directory domain, you apply them only to the computers that must be able to access the isolated servers. The GPO contains connection security and firewall rules that require authentication when communicating with the isolated servers. In this case, the NAGs that determine which users and computers can access the isolated server are also used to determine which computers receive the GPO.
 
@@ -20,7 +20,7 @@ The design is shown in the following illustration, with arrows that show the per
 
 Characteristics of this design include the following:
 
--   Isolated domain (area A) - The same isolated domain described in the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md) section. If the isolated domain includes a boundary zone, then computers in the boundary zone behave just like other members of the isolated domain in the way that they interact with computers in server isolation zones.
+-   Isolated domain (area A) - The same isolated domain described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) section. If the isolated domain includes a boundary zone, then computers in the boundary zone behave just like other members of the isolated domain in the way that they interact with computers in server isolation zones.
 
 -   Isolated servers (area B) - Computers in the server isolation zones restrict access to computers, and optionally users, that authenticate as a member of a network access group (NAG) authorized to gain access.
 
@@ -29,7 +29,7 @@ Characteristics of this design include the following:
 To add support for server isolation, you must ensure that the authentication methods are compatible with the requirements of the isolated server. For example, if you want to authorize user accounts that are members of a NAG in addition to authorizing computer accounts, you must enable both user and computer authentication in your connection security rules.
 
 **Important**  
-This design builds on the [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
+This design builds on the [Domain Isolation Policy Design](domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
 
  
 
@@ -37,17 +37,17 @@ This design can be applied to computers that are part of an Active Directory for
 
 For more information about this design:
 
--   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](../p_server_archive/protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](../p_server_archive/restrict-access-to-only-trusted-computers.md), [Restrict Access to Only Specified Users or Computers](../p_server_archive/restrict-access-to-only-specified-users-or-computers.md), and [Require Encryption When Accessing Sensitive Network Resources](../p_server_archive/require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md), [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md), and [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
--   To learn more about this design, see [Server Isolation Policy Design Example](../p_server_archive/server-isolation-policy-design-example.md).
+-   To learn more about this design, see [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
 
--   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](../p_server_archive/designing-a-windows-firewall-with-advanced-security-strategy.md).
+-   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md).
 
--   To help you make the decisions required in this design, see [Planning Server Isolation Zones](../p_server_archive/planning-server-isolation-zones.md) and [Planning Group Policy Deployment for Your Isolation Zones](../p_server_archive/planning-group-policy-deployment-for-your-isolation-zones.md).
+-   To help you make the decisions required in this design, see [Planning Server Isolation Zones](planning-server-isolation-zones.md) and [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md).
 
 -   For a list of tasks that you can use to deploy your server isolation policy design, see "Checklist: Implementing a Standalone Server Isolation Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=xxxxx) at http://go.microsoft.com/fwlink/?linkid=xxxx.
 
-**Next: **[Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md)
+**Next: **[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)
 
  
 
diff --git a/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
index 0e12364aa9..f796faa837 100644
--- a/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
+++ b/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -19,7 +19,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To enable Windows Firewall and configure the default behavior on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](../p_server_archive/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
 2.  In the details pane, in the **Overview** section, click **Windows Firewall Properties**.
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index bf8243fdb9..1dd93d35df 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -26,7 +26,7 @@ Windows PowerShell and netsh command references are at the following locations.
 ## Scope
 
 
-This guide does not teach you the fundamentals of Windows Firewall with Advanced Security, which can be found in [Windows Firewall with Advanced Security Overview](../p_server_archive/windows-firewall-with-advanced-security-overview-win8.md). It does not teach the fundamentals of Windows PowerShell, and it assumes that you are familiar with the Windows PowerShell language and the basic concepts of Windows PowerShell. For more information about Windows PowerShell concepts and usage, see the reference topics in the [Additional resources](#bkmk-additionalresources) section of this guide.
+This guide does not teach you the fundamentals of Windows Firewall with Advanced Security, which can be found in [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security-overview-win8.md). It does not teach the fundamentals of Windows PowerShell, and it assumes that you are familiar with the Windows PowerShell language and the basic concepts of Windows PowerShell. For more information about Windows PowerShell concepts and usage, see the reference topics in the [Additional resources](#bkmk-additionalresources) section of this guide.
 
 ## Audience and user requirements
 
@@ -408,7 +408,7 @@ Windows PowerShell
 New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request –Phase1AuthSet MyCertAuthSet -KeyModule IKEv2 –RemoteAddress $nonWindowsGateway
 ```
 
-For more information about IKEv2, including scenarios, see [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](../p_server_archive/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md).
+For more information about IKEv2, including scenarios, see [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md).
 
 ### Copy an IPsec rule from one policy to another
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md b/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
index 91b5066a6b..915d050d9a 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
@@ -17,21 +17,21 @@ You can use Windows Firewall to control access to the computer from the network.
 
 This guide is intended for use by system administrators and system engineers. It provides detailed guidance for deploying a Windows Firewall with Advanced Security design that you or an infrastructure specialist or system architect in your organization has selected.
 
-Begin by reviewing the information in [Planning to Deploy Windows Firewall with Advanced Security](../p_server_archive/planning-to-deploy-windows-firewall-with-advanced-security.md).
+Begin by reviewing the information in [Planning to Deploy Windows Firewall with Advanced Security](planning-to-deploy-windows-firewall-with-advanced-security.md).
 
-If you have not yet selected a design, we recommend that you wait to follow the instructions in this guide until after you have reviewed the design options in the [Windows Firewall with Advanced Security Design Guide](../p_server_archive/windows-firewall-with-advanced-security-design-guide.md) and selected the one most appropriate for your organization.
+If you have not yet selected a design, we recommend that you wait to follow the instructions in this guide until after you have reviewed the design options in the [Windows Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md) and selected the one most appropriate for your organization.
 
 After you select your design and gather the required information about the zones (isolation, boundary, and encryption), operating systems to support, and other details, you can then use this guide to deploy your Windows Firewall with Advanced Security design in your production environment. This guide provides steps for deploying any of the following primary designs that are described in the Design Guide:
 
--   [Basic Firewall Policy Design](../p_server_archive/basic-firewall-policy-design.md)
+-   [Basic Firewall Policy Design](basic-firewall-policy-design.md)
 
--   [Domain Isolation Policy Design](../p_server_archive/domain-isolation-policy-design.md)
+-   [Domain Isolation Policy Design](domain-isolation-policy-design.md)
 
--   [Server Isolation Policy Design](../p_server_archive/server-isolation-policy-design.md)
+-   [Server Isolation Policy Design](server-isolation-policy-design.md)
 
--   [Certificate-based Isolation Policy Design](../p_server_archive/certificate-based-isolation-policy-design.md)
+-   [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)
 
-Use the checklists in [Implementing Your Windows Firewall with Advanced Security Design Plan](../p_server_archive/implementing-your-windows-firewall-with-advanced-security-design-plan.md) to determine how best to use the instructions in this guide to deploy your particular design.
+Use the checklists in [Implementing Your Windows Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md) to determine how best to use the instructions in this guide to deploy your particular design.
 
 **Caution**  
 We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the computers in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
@@ -51,7 +51,7 @@ In a large enterprise environment with hundreds or thousands of GPOs, using this
 
 This guide does not provide:
 
--   Guidance for creating firewall rules for specific network applications. For this information, see [Planning Settings for a Basic Firewall Policy](../p_server_archive/planning-settings-for-a-basic-firewall-policy.md) in the Windows Firewall with Advanced Security Design Guide.
+-   Guidance for creating firewall rules for specific network applications. For this information, see [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md) in the Windows Firewall with Advanced Security Design Guide.
 
 -   Guidance for setting up Active Directory Domain Services (AD DS) to support Group Policy. For more information, see Active Directory Domain Services (<http://go.microsoft.com/fwlink/?linkid=102573>) and Group Policy (<http://go.microsoft.com/fwlink/?linkid=93542>).
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security.md b/windows/keep-secure/windows-firewall-with-advanced-security.md
index bb9128372e..199b30568c 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security.md
@@ -126,7 +126,7 @@ See the following topics for more information about Windows Firewall with Advanc
 <tbody>
 <tr class="odd">
 <td><p><strong>Deployment</strong></p></td>
-<td><p>[Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](../p_server_archive/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md) | [Isolating Windows Store Apps on Your Network](../p_server_archive/isolating-windows-store-apps-on-your-network.md) | [Windows Firewall with Advanced Security Administration with Windows PowerShell](../p_server_archive/windows-firewall-with-advanced-security-administration-with-windows-powershell.md)</p></td>
+<td><p>[Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md) | [Isolating Windows Store Apps on Your Network](isolating-windows-store-apps-on-your-network.md) | [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)</p></td>
 </tr>
 <tr class="even">
 <td><p><strong>Troubleshooting</strong></p></td>

From 3c8bc2cbfd984078371f41d7533fd49a7c297d60 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Fri, 29 Apr 2016 09:17:15 -0700
Subject: [PATCH 04/92] fixing links

---
 ...ewall-with-advanced-security-design-examples.md |  8 ++++----
 ...wall-with-advanced-security-deployment-goals.md | 14 +++++++-------
 ...nstall-active-directory-certificate-services.md |  2 +-
 windows/keep-secure/isolated-domain.md             |  2 +-
 ...isolating-windows-store-apps-on-your-network.md |  2 +-
 ...tect-computers-from-unwanted-network-traffic.md |  4 ++--
 ...-access-to-only-specified-users-or-computers.md |  4 ++--
 .../restrict-access-to-only-trusted-computers.md   |  6 +++---
 ...ict-server-access-to-members-of-a-group-only.md |  2 +-
 ...ctions-by-using-ikev2-in-windows-server-2012.md |  2 +-
 ...rewall-with-advanced-security-design-process.md | 12 ++++++------
 ...urity-administration-with-windows-powershell.md |  2 +-
 ...firewall-with-advanced-security-design-guide.md |  4 ++--
 13 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
index 030fbafc71..139c0affde 100644
--- a/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
+++ b/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
@@ -10,13 +10,13 @@ author: brianlic-msft
 
 The following Windows Firewall with Advanced Security design examples illustrate how you can use Windows Firewall with Advanced Security to improve the security of the computers connected to the network. You can use these topics to evaluate how the firewall and connection security rules work across all Windows Firewall with Advanced Security designs and to determine which design or combination of designs best suits the goals of your organization.
 
--   [Firewall Policy Design Example](91fc4c4c-dca9-422e-be05-42a5e14f5e4a)
+-   [Firewall Policy Design Example](firewall-policy-design-example.md)
 
--   [Domain Isolation Policy Design Example](d918816a-52be-4266-9027-7bc3c36f4916)
+-   [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)
 
--   [Server Isolation Policy Design Example](c275b916-56cf-4863-9900-e50193cd77ed)
+-   [Server Isolation Policy Design Example](server-isolation-policy-design-example.md)
 
--   [Certificate-based Isolation Policy Design Example](85a83c33-358b-4b73-9b08-ef7589d01f91)
+-   [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)
 
  
 
diff --git a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 995905d641..1dbe198a85 100644
--- a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -28,23 +28,23 @@ The following table lists the three main tasks for articulating, refining, and s
 <td><p>Evaluate predefined Windows Firewall with Advanced Security deployment goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives.</p></td>
 <td><p>Predefined deployment goals:</p>
 <ul>
-<li><p>[Protect Computers from Unwanted Network Traffic](fe94e9b8-c456-4343-af5f-5511b8047d29)</p></li>
-<li><p>[Restrict Access to Only Trusted Computers](29805c5c-a8e4-4600-86b9-7abb9a068919)</p></li>
-<li><p>[Require Encryption When Accessing Sensitive Network Resources](261bd90d-5a8a-4de1-98c7-6d07e5d81267)</p></li>
-<li><p>[Restrict Access to Sensitive Resources to Only Specified Users or Computers](09cd6d03-c1ce-45ed-a894-d7f7aaa9b6f0)</p></li>
+<li><p>[Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)</p></li>
+<li><p>[Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)</p></li>
+<li><p>[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)</p></li>
+<li><p>[Restrict Access to Sensitive Resources to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td><p>Map one goal or a combination of the predefined deployment goals to an existing Windows Firewall with Advanced Security design.</p></td>
 <td><ul>
-<li><p>[Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](39bb8fa5-4601-45ae-83c5-121d42f7f82c)</p></li>
+<li><p>[Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td><p>Based on the status of your current infrastructure, document your deployment goals for your Windows Firewall with Advanced Security design into a deployment plan.</p></td>
 <td><ul>
-<li><p>[Designing A Windows Firewall with Advanced Security Strategy](36230ca4-ee8d-4b2c-ab4f-5492b4400340)</p></li>
-<li><p>[Planning Your Windows Firewall with Advanced Security Design](6622d31d-a62c-4506-8cea-275bf42e755f)</p></li>
+<li><p>[Designing A Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)</p></li>
+<li><p>[Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md)</p></li>
 </ul></td>
 </tr>
 </tbody>
diff --git a/windows/keep-secure/install-active-directory-certificate-services.md b/windows/keep-secure/install-active-directory-certificate-services.md
index a7a4ace49e..5fc8bd6b1c 100644
--- a/windows/keep-secure/install-active-directory-certificate-services.md
+++ b/windows/keep-secure/install-active-directory-certificate-services.md
@@ -11,7 +11,7 @@ author: brianlic-msft
 To use certificates in a server isolation or domain isolation design, you must first set up the infrastructure to deploy the certificates. This is called a public key infrastructure (PKI). The services required for a PKI are available in Windows Server 2012 in the form of the Active Directory Certificate Services (AD CS) role.
 
 **Caution**  
-Creation of a full PKI for an enterprise environment with all of the appropriate security considerations included in the design is beyond the scope of this guide. The following procedure shows you only the basics of installing an issuing certificate server; it is appropriate for a test lab environment only. For more information about deploying AD CS in a production environment, see [Active Directory Certificate Services Overview](e37b2335-0796-449f-aaf4-0520e508f47d) in the Windows Server 2012 Technical Library (http://technet.microsoft.com/library/hh831740.aspx).
+Creation of a full PKI for an enterprise environment with all of the appropriate security considerations included in the design is beyond the scope of this guide. The following procedure shows you only the basics of installing an issuing certificate server; it is appropriate for a test lab environment only. For more information about deploying AD CS in a production environment, see [Active Directory Certificate Services Overview](http://technet.microsoft.com/library/hh831740.aspx).
 
  
 
diff --git a/windows/keep-secure/isolated-domain.md b/windows/keep-secure/isolated-domain.md
index 8c1163d07c..9e52a463a4 100644
--- a/windows/keep-secure/isolated-domain.md
+++ b/windows/keep-secure/isolated-domain.md
@@ -14,7 +14,7 @@ The term *domain* in this context means a boundary of communications trust inste
 
 For most implementations, an isolated domain will contain the largest number of computers. Other isolation zones can be created for the solution if their communication requirements differ from those of the isolated domain. Examples of these differences are what result in the boundary and encryption zones described in this guide. Conceptually, the isolated domain is just the largest isolation zone, and a superset to the other zones.
 
-You must create a group in Active Directory to contain members of the isolated domain. You then apply one of several GPOs that contain connection security and firewall rules to the group so that authentication on all inbound network connections is enforced. Creation of the group and how to link the GPOs that apply the rules to its members are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](cdbe81c3-6dbf-41c2-b003-3ac4fd4e67dd) section.
+You must create a group in Active Directory to contain members of the isolated domain. You then apply one of several GPOs that contain connection security and firewall rules to the group so that authentication on all inbound network connections is enforced. Creation of the group and how to link the GPOs that apply the rules to its members are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
 The GPOs for the isolated domain should contain the following connection security rules and settings.
 
diff --git a/windows/keep-secure/isolating-windows-store-apps-on-your-network.md b/windows/keep-secure/isolating-windows-store-apps-on-your-network.md
index 6d4410b869..8da591bc98 100644
--- a/windows/keep-secure/isolating-windows-store-apps-on-your-network.md
+++ b/windows/keep-secure/isolating-windows-store-apps-on-your-network.md
@@ -331,7 +331,7 @@ Use the following procedure if you want to block intranet access for a specific
 ## <a href="" id="bkmk-links"></a>See also
 
 
--   [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security-overview-win8.md)
+-   [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md)
 
  
 
diff --git a/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md b/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
index 156362cc19..4ce8c89c1d 100644
--- a/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
+++ b/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
@@ -14,7 +14,7 @@ Reports of targeted attacks against organizations, governments, and individuals
 
 Running a host-based firewall on every computer that your organization manages is an important layer in a "defense-in-depth" security strategy. A host-based firewall can help protect against attacks that originate from inside the network and also provide additional protection against attacks from outside the network that manage to penetrate the perimeter firewall. It also travels with a portable computer to provide protection when it is away from the organization's network.
 
-A host-based firewall helps secure a computer by dropping all network traffic that does not match the administrator-designed rule set for permitted network traffic. This design, which corresponds to [Basic Firewall Policy Design](0c75637e-86b7-4fb3-9910-04c5cf186305), provides the following benefits:
+A host-based firewall helps secure a computer by dropping all network traffic that does not match the administrator-designed rule set for permitted network traffic. This design, which corresponds to [Basic Firewall Policy Design](basic-firewall-policy-design.md), provides the following benefits:
 
 -   Network traffic that is a reply to a request from the local computer is permitted into the computer from the network.
 
@@ -32,7 +32,7 @@ The following component is recommended for this deployment goal:
 
 Other means of deploying a firewall policy are available, such as creating scripts that use the **netsh** command-line tool, and then running those scripts on each computer in the organization. This guide uses Active Directory as a recommended means of deployment because of its ability to scale to very large organizations.
 
-**Next: **[Restrict Access to Only Trusted Computers](29805c5c-a8e4-4600-86b9-7abb9a068919)
+**Next: **[Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)
 
  
 
diff --git a/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md b/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
index b6fc24fa0c..5ec1556728 100644
--- a/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
+++ b/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
@@ -8,9 +8,9 @@ author: brianlic-msft
 # Restrict Access to Only Specified Users or Computers
 
 
-Domain isolation (as described in the previous goal [Restrict Access to Only Trusted Computers](29805c5c-a8e4-4600-86b9-7abb9a068919)) prevents computers that are members of the isolated domain from accepting network traffic from untrusted computers. However, some computers on the network might host sensitive data that must be additionally restricted to only those users and computers that have a business requirement to access the data.
+Domain isolation (as described in the previous goal [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)) prevents computers that are members of the isolated domain from accepting network traffic from untrusted computers. However, some computers on the network might host sensitive data that must be additionally restricted to only those users and computers that have a business requirement to access the data.
 
-Windows Firewall with Advanced Security enables you to restrict access to computers and users that are members of domain groups authorized to access that computer. These groups are called *network access groups (NAGs)*. When a computer authenticates to a server, the server checks the group membership of the computer account and the user account, and grants access only if membership in the NAG is confirmed. Adding this check creates a virtual "secure zone" within the domain isolation zone. You can have multiple computers in a single secure zone, and it is likely that you will create a separate zone for each set of servers that have specific security access needs. Computers that are part of this server isolation zone are often also part of the encryption zone (see [Require Encryption When Accessing Sensitive Network Resources](261bd90d-5a8a-4de1-98c7-6d07e5d81267)).
+Windows Firewall with Advanced Security enables you to restrict access to computers and users that are members of domain groups authorized to access that computer. These groups are called *network access groups (NAGs)*. When a computer authenticates to a server, the server checks the group membership of the computer account and the user account, and grants access only if membership in the NAG is confirmed. Adding this check creates a virtual "secure zone" within the domain isolation zone. You can have multiple computers in a single secure zone, and it is likely that you will create a separate zone for each set of servers that have specific security access needs. Computers that are part of this server isolation zone are often also part of the encryption zone (see [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)).
 
 Restricting access to only users and computers that have a business requirement can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
 
diff --git a/windows/keep-secure/restrict-access-to-only-trusted-computers.md b/windows/keep-secure/restrict-access-to-only-trusted-computers.md
index aa3e530671..89288e3473 100644
--- a/windows/keep-secure/restrict-access-to-only-trusted-computers.md
+++ b/windows/keep-secure/restrict-access-to-only-trusted-computers.md
@@ -23,7 +23,7 @@ The following illustration shows an isolated domain, with one of the zones that
 
 ![domain isolation](images/wfas-domainiso.gif)
 
-These goals, which correspond to [Domain Isolation Policy Design](3aa75a74-adef-41e4-bf2d-afccf2c47d46) and [Certificate-based Isolation Policy Design](a706e809-ddf3-42a4-9991-6e5d987ebf38), provide the following benefits:
+These goals, which correspond to [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md), provide the following benefits:
 
 -   Computers in the isolated domain accept unsolicited inbound network traffic only when it can be authenticated as coming from another computer in the isolated domain. Exemption rules can be defined to allow inbound traffic from trusted computers that for some reason cannot perform IPsec authentication.
 
@@ -45,9 +45,9 @@ These goals also support optional zones that can be created to add customized pr
 
 The following components are required for this deployment goal:
 
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources \[lhs\]](508b3d05-e9c9-4df9-bae4-750d4ad03302).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
 
-**Next: **[Require Encryption When Accessing Sensitive Network Resources](261bd90d-5a8a-4de1-98c7-6d07e5d81267)
+**Next: **[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)
 
  
 
diff --git a/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md b/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
index 437e25bce5..17df17ac12 100644
--- a/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
+++ b/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
@@ -27,7 +27,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 **To create a firewall rule that grants access to an isolated server running Windows Server 2008 or later**
 
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](75ccea22-f225-40be-94a9-d0b17170d4fe). You must edit the GPO that applies settings to servers in the isolated server zone.
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md). You must edit the GPO that applies settings to servers in the isolated server zone.
 
 2.  In the navigation pane, right-click **Inbound Rules**, and then click **New Rule**.
 
diff --git a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
index a6194dff0b..95639e5917 100644
--- a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
+++ b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
@@ -191,7 +191,7 @@ You might not find the exact answer for the issue, but you can find good hints.
 ## <a href="" id="bkmk-links"></a>See also
 
 
--   [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security-overview-win8.md)
+-   [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md)
 
  
 
diff --git a/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md
index 5088fc9668..ccf6d3f7f8 100644
--- a/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -10,19 +10,19 @@ author: brianlic-msft
 
 Designing any deployment starts by performing several important tasks:
 
--   [Identifying Your Windows Firewall with Advanced Security Design Goals](bba6fa3a-2318-4cb7-aa75-f2910d9c406d)
+-   [Identifying Your Windows Firewall with Advanced Security Design Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 
--   [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](39bb8fa5-4601-45ae-83c5-121d42f7f82c)
+-   [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 
--   [Evaluating Windows Firewall with Advanced Security Design Examples](6da09290-8cda-4731-8fce-07fc030f9f4f)
+-   [Evaluating Windows Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
 
 After you identify your deployment goals and map them to a Windows Firewall with Advanced Security design, you can begin documenting the design based on the processes that are described in the following topics:
 
--   [Designing A Windows Firewall with Advanced Security Strategy](36230ca4-ee8d-4b2c-ab4f-5492b4400340)
+-   [Designing A Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
 
--   [Planning Your Windows Firewall with Advanced Security Design](6622d31d-a62c-4506-8cea-275bf42e755f)
+-   [Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md)
 
-**Next:**[Identifying Your Windows Firewall with Advanced Security Design Goals](bba6fa3a-2318-4cb7-aa75-f2910d9c406d)
+**Next:**[Identifying Your Windows Firewall with Advanced Security Design Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
 
  
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index 1dd93d35df..05bbcfd63d 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -26,7 +26,7 @@ Windows PowerShell and netsh command references are at the following locations.
 ## Scope
 
 
-This guide does not teach you the fundamentals of Windows Firewall with Advanced Security, which can be found in [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security-overview-win8.md). It does not teach the fundamentals of Windows PowerShell, and it assumes that you are familiar with the Windows PowerShell language and the basic concepts of Windows PowerShell. For more information about Windows PowerShell concepts and usage, see the reference topics in the [Additional resources](#bkmk-additionalresources) section of this guide.
+This guide does not teach you the fundamentals of Windows Firewall with Advanced Security, which can be found in [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md). It does not teach the fundamentals of Windows PowerShell, and it assumes that you are familiar with the Windows PowerShell language and the basic concepts of Windows PowerShell. For more information about Windows PowerShell concepts and usage, see the reference topics in the [Additional resources](#bkmk-additionalresources) section of this guide.
 
 ## Audience and user requirements
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md b/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
index cd839d055f..e191dcbf2b 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
@@ -12,7 +12,7 @@ Windows Firewall with Advanced Security in Windows Server 2012, Windows Server 
 
 The interface for Windows Firewall with Advanced Security is much more capable and flexible than the consumer-friendly interface found in the Windows Firewall Control Panel. They both interact with the same underlying services, but provide different levels of control over those services. While the Windows Firewall Control Panel meets the needs for protecting a single computer in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
 
-For more overview information about Windows Firewall with Advanced Security and see [Windows Firewall with Advanced Security Overview](9ae80ae1-a693-48ed-917a-f03ea92b550d).
+For more overview information about Windows Firewall with Advanced Security and see [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md).
 
 ## About this guide
 
@@ -132,7 +132,7 @@ The following table identifies and defines terms used throughout this guide.
 
  
 
-**Next:**[Understanding the Windows Firewall with Advanced Security Design Process](b9774295-8dd3-47e3-9f5a-7fa748ae9fba)
+**Next:**[Understanding the Windows Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
 
  
 

From 1e07e3ab8ebeeab71ec727801eee809fff8c1100 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Fri, 29 Apr 2016 09:27:12 -0700
Subject: [PATCH 05/92] fixing more links

---
 ...-windows-firewall-with-advanced-security-deployment-goals.md | 2 +-
 .../protect-computers-from-unwanted-network-traffic.md          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 1dbe198a85..8f50949a9a 100644
--- a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -52,7 +52,7 @@ The following table lists the three main tasks for articulating, refining, and s
 
  
 
-**Next:**[Protect Computers from Unwanted Network Traffic](fe94e9b8-c456-4343-af5f-5511b8047d29)
+**Next:**[Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)
 
  
 
diff --git a/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md b/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
index 4ce8c89c1d..5230ec4e6d 100644
--- a/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
+++ b/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
@@ -28,7 +28,7 @@ A host-based firewall helps secure a computer by dropping all network traffic th
 
 The following component is recommended for this deployment goal:
 
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more Group Policy objects (GPOs) that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources \[lhs\]](508b3d05-e9c9-4df9-bae4-750d4ad03302).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more Group Policy objects (GPOs) that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
 
 Other means of deploying a firewall policy are available, such as creating scripts that use the **netsh** command-line tool, and then running those scripts on each computer in the organization. This guide uses Active Directory as a recommended means of deployment because of its ability to scale to very large organizations.
 

From 7963ced4f2d5ae5555c612f6fc8e139b710abc9b Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 26 May 2016 07:33:45 -0700
Subject: [PATCH 06/92] minor text corrections

---
 education/windows/TOC.md                       |  8 ++++----
 education/windows/take-a-test-app-technical.md | 12 ++++++------
 education/windows/take-a-test-multiple-pcs.md  |  2 +-
 education/windows/take-a-test-single-pc.md     |  2 +-
 education/windows/take-tests-in-windows-10.md  |  6 +++---
 5 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/education/windows/TOC.md b/education/windows/TOC.md
index 4bc5d61f86..fe182ab2d6 100644
--- a/education/windows/TOC.md
+++ b/education/windows/TOC.md
@@ -1,8 +1,8 @@
 # [Windows 10 for education](index.md)
 ## [Change history for Windows 10 for Education](change-history-edu.md)
-## [Take tests in Windows 10](take-tests-in-windows-10.md)
-### [Set up Take a Test on a single PC](take-a-test-single-pc.md)
-### [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
-### [Take a Test app technical reference](take-a-test-app-technical.md) 
+## [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md)
+### [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md)
+### [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md)
+### [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) 
 ## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
 ## [Chromebook migration guide](chromebook-migration-guide.md)
\ No newline at end of file
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index 3245416d58..149c29d066 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 author: jdeckerMS
 ---
 
-# Take a Test app technical reference
+# Take a Test app technical reference (Preview)
 **Applies to:**
 
 -   Windows 10 Insider Preview 
@@ -46,11 +46,11 @@ When Take a Test is running, the following MDM policies are applied to lock down
 | Policy | Description | Value |
 |---|---|---|
 | AllowToasts | Disables toast notifications from being shown | 0 |
-| AllAppStoreAutoUpdate | Disables automatic updates for Windows Store apps that are installed on the PC | 0 |
+| AllowAppStoreAutoUpdate | Disables automatic updates for Windows Store apps that are installed on the PC | 0 |
 | AllowDeviceDiscovery | Disables UI for screen sharing | 0 |
 | AllowInput Panel | Disables the onscreen keyboard which will disable auto-fill | 0 |
 | AllowCortana | Disables Cortana functionality | 0 |
-| AllAutoupdate | Disables Windows Update from starting OS updates | 5 |
+| AllowAutoupdate | Disables Windows Update from starting OS updates | 5 |
 
 ## Allowed functionality
 
@@ -62,20 +62,20 @@ When Take a Test is running, the following functionality is available to student
 
 - Magnifier is available through Windows key + "+" key 
 
-- Full screen mode is compatible  
+    - Full screen mode is compatible  
 
 - The student can press Alt+Tab when locked down. This results in the student being able to switch between the following:
 
     - Take a Test 
     - Assistive technology that may be running 
-    - Lock Screen
+    - Lock Screen (not available if student is using a dedicated test account)
     > **Note** The app will exit if the student signs in to an account from the lock screen. Progress made in the test may be lost or invalidated. 
 
 - The student can exit the test by pressing one of the following key combinations: 
 
     - Ctrl+Alt+Del 
 
-    - Alt+F4
+    - Alt+F4 (**Take a Test** will restart if the student is using a dedicated test account)
 
 
 
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index 116da7017f..742aed682d 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 author: jdeckerMS
 ---
 
-# Set up Take a Test on multiple PCs
+# Set up Take a Test on multiple PCs (Preview)
 **Applies to:**
 
 -   Windows 10 Insider Preview 
diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md
index 724aa1066b..f62fa9805b 100644
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 author: jdeckerMS
 ---
 
-# Set up Take a Test on a single PC
+# Set up Take a Test on a single PC (Preview)
 **Applies to:**
 
 -   Windows 10 Insider Preview 
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index 09ed708476..1360d736f4 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 author: jdeckerMS
 ---
 
-# Take tests in Windows 10
+# Take tests in Windows 10 (Preview)
 **Applies to:**
 
 -   Windows 10 Insider Preview 
@@ -18,7 +18,7 @@ author: jdeckerMS
 
 Many schools use online testing for formative and summative assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. The **Take a Test** app in Windows 10, Version 1607, creates the right environment for taking a test:
 
-- A Microsoft Edge browser window opens, showing just the test and nothing else.
+- **Take a Test** shows just the test and nothing else.
 - Students aren’t able to go to other websites.
 - Students can’t open or access other apps.
 - Students can't share, print, or record their screens.
@@ -33,7 +33,7 @@ Many schools use online testing for formative and summative assessments. It's cr
 
 ![Use test account or test url in Take a Test](images/take-a-test-flow.png)
 
-- **Use a test URL and a dedicated testing account** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
+- **Use a test URL and a dedicated testing account** - A user signs in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing.
 - **Put a test URL with an included prefix on a web page or OneNote for students to click** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments.
 
 [Learn how to set up Take a Test on a single PC](take-a-test-single-pc.md)

From 14c33eb6545a2c151c3027151de48a4992772131 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 26 May 2016 08:22:28 -0700
Subject: [PATCH 07/92] add steps to apply task

---
 education/windows/TOC.md                      |   2 +
 education/windows/change-history-edu.md       |   4 +-
 education/windows/images/choose-package.png   | Bin 0 -> 23200 bytes
 education/windows/images/connect-aad.png      | Bin 0 -> 71209 bytes
 education/windows/images/express-settings.png | Bin 0 -> 110041 bytes
 education/windows/images/sign-in-prov.png     | Bin 0 -> 50574 bytes
 education/windows/images/signinprov.jpg       | Bin 22869 -> 0 bytes
 education/windows/images/trust-package.png    | Bin 0 -> 43329 bytes
 education/windows/images/who-owns-pc.png      | Bin 0 -> 38019 bytes
 education/windows/index.md                    |   2 +
 .../windows/set-up-school-pcs-technical.md    | 262 ++++++++++++++++++
 education/windows/take-a-test-multiple-pcs.md |   2 +-
 education/windows/take-a-test-single-pc.md    |   2 +-
 education/windows/take-tests-in-windows-10.md |   2 +-
 .../windows/use-set-up-school-pcs-app.md      | 142 ++++++++++
 15 files changed, 414 insertions(+), 4 deletions(-)
 create mode 100644 education/windows/images/choose-package.png
 create mode 100644 education/windows/images/connect-aad.png
 create mode 100644 education/windows/images/express-settings.png
 create mode 100644 education/windows/images/sign-in-prov.png
 delete mode 100644 education/windows/images/signinprov.jpg
 create mode 100644 education/windows/images/trust-package.png
 create mode 100644 education/windows/images/who-owns-pc.png
 create mode 100644 education/windows/set-up-school-pcs-technical.md
 create mode 100644 education/windows/use-set-up-school-pcs-app.md

diff --git a/education/windows/TOC.md b/education/windows/TOC.md
index fe182ab2d6..56f2f7ffd2 100644
--- a/education/windows/TOC.md
+++ b/education/windows/TOC.md
@@ -1,5 +1,7 @@
 # [Windows 10 for education](index.md)
 ## [Change history for Windows 10 for Education](change-history-edu.md)
+## [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md)
+## [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md)
 ## [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md)
 ### [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md)
 ### [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md)
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index 7926bc8c25..49e7b6303a 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -15,6 +15,8 @@ This topic lists new and updated topics in the [Windows 10 for Education](index.
 
 | New or changed topic | Description |
 |----------------------|-------------|
-| [Take tests in Windows 10](take-tests-in-windows-10.md) </br> [Set up Take a Test on a single PC](take-a-test-single-pc.md) </br> [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) </br> [Take a Test app technical reference](take-a-test-app-technical.md) | New |
+| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New  |
+| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New  |
+| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md) </br> [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md) </br> [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md) </br> [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New |
 | [Chromebook migration guide](chromebook-migration-guide.md)  | Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in November 2015 |
 | [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)  |  Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in May 2016 |
\ No newline at end of file
diff --git a/education/windows/images/choose-package.png b/education/windows/images/choose-package.png
new file mode 100644
index 0000000000000000000000000000000000000000..868407df56b3ae221af81788c9a1abb32b27f598
GIT binary patch
literal 23200
zcmeEt<x^Zw6lEX;2u^VK;4;D8-3jjQu7kT<kO0AhyE_8}7(BRp7~C1$S$<pl7wm_v
zt*!m=>b>rIuex8$y|?c<Ct5{G8Wo8U>BEN)sIoE=Y9Btp48LFOi16<<&DSYx?>87X
zHEFRAH50^#?*%w3QAN=YAL<j4pG`i!mp?np=(v6OfY$fl1%pE;7xZ3<?=GqB{@uya
z-OI$);)An^jiWn@qlG&;2MZeuuRVK!(uWVan6eV0>OjNOoKMCYyH7(s$7l7JtJYF+
zXO2IbL`1MfvDs7rDiYW@VDSARnX0-12Bs<;oWzf_w6itibuW*%Nw>2uwtWhTxcGB~
zMA}WEyNB*c-wn6DFqqjY@-Pgs;dAGf+RqeW7;1<})bBS_*iXqAVu*lXSXo4hundu4
z>i3rv@<qOgAyRx*A^-19EV>`>by1(OW!~$+aR2|a|2ZUbqA)*F5O#J~(J@@Z4+IPE
z5;nxceteM}!5)TXG{!9a`SYW>HVf0QhP)i)ofy@|QO?2UPly*#iO9#KvM-ooNz_^i
zYm7dV2VI4C7?R09lEbm!6&e{OKZ{CEtq-v2a*n|l>i-z>W>)w++}~crR3+?+>#Iz?
z+<`!umP4riC%LrKbR}lH?e4}qs1~1Jj78dqOUMs|cV>eXKEcY|H>sB}+O=;hEQ?5g
zmP(ASrokqJ>d(K}JNlX1<S@hWe$zk^(BUh%w%(0P+Vz{%u(J!ZM0ko2IqxI_UZZc|
zW8KX?^R0(ZOB5qTAncIfc3UJO1x;i!#g7Nm>=~vEt{MbO!Kp7AeIKXK$8nrHUZ~pE
z0I0>0{z#LZCB5Zu9AWYIUwTgXSZdfK)!tW;el~>l2Sb9AQpSTiI*Nk<&UVjo%(sui
zeN{L;%M-nTkSaUI2^ve|1HB&OtJlV$tk_fR|5j-jg!u<w6$6Clu_WSPu>#ic)sZ&$
z?Vr}4Mbryd1pOl5L<i6EVnbUD-6K$i_`imd-@ka!y!Y`nHtl)TuG_{Q{Hu=;cE1D%
zwN;&--<KQt#aB7hLOoKD63D_SuiAg;{+3#WycJjXMY&_(7BmacE2Hz#x7x5J44<8s
z+@Af_>JzVXA6s1c)b0wROE~@>t6%%X7rMw4Kla;XPH*v7pXH4wr;DYW{^u`-{kH4Y
zB-qtiP4=t2jrSy5e=k#6wm5q5#?na_e@zhf7#i_Zk#;7(KSoXzEjVXJ_SqcX&M%}#
zF#6>2j27Kx>?xk}I&2qMgM5UVW!kR|r;k~GvQR8i4EW+!;>Qd<a)Xawvhr8QVxhAU
z{XvnHTN;J{Q+(aU=)M@M&aL=7w13c6Jjg96Dpaipp3Z1=tc{v}AVwCs<zI8VUYvhF
zJ98W%Gob7zLpUUIh_6sCidA6Ef%Iq@8@XFM5OH#1Ei4WjpwBl}@BB(Us1|pa5v+J2
zldg-1+*Dlo>`D2VHJ}yM=&fN<lM5$M8i>l+H(jSm01|E@A=E(OK--sd*F&Q<-WfWs
zhyM8tO*>_0JQbUzD`DE`s^mS=L<ud;R_p9Abz*u{FbtvQ%m^$&JAJsjz6Mu*BrJ4l
zyrd)9ambzt=#AZU_)}@*@Fmd@^jL7?36LPB-B^cLzDo%HUfTLW7#-z6n`H9NA*N!h
zrH$RKO1o(r&XGWP61TMyY|v(SV&NZP?Yp*6#8eUSAb+VOlLGN?-}^xN;L6Fwz>!(n
zXEE>WsvMS%`e$cVFJG@q2F`o+GAC6vX!l9!-)rI`<*j`M=35rJ=TEN65H40G@F>ZU
z!)fKAm8{?*b8P(NW>jJTZ;-E$J`G?g{KocJUQ%!LL8O%rcoKoHj?%a&=?T-l;f!(@
zaL?HHBItb71!K+lptCicSm2%P%cOlaPC&I<=siDkan-P1n3X_n25#D20zIMpqdzpX
zS;bQ8qu+p~9~7{Am9ZC04q{0O5cBD{4y&C*<gY{CxpY})+j`o>!2K74d0GhY>i>Mg
zn`65aBlQz@s@xOK(vc?yhLxoWb&D@9>UKCM2k_GC*;c86Q?-#7L?S&&LBXy}ti)*h
z^Gb5^QMEvo<=}cojA_*!4x@HaBtEU|`^y2_Ge-wr-?IUm-8v?5g0gf#E_=4Y<unD~
z7sbj?CcP80ZHMy%!{eCBqpDI+Lek?^l-kW@3`WU+n&<KuSoV_ifm+wLDlkSh{K2#(
zO!dX3HWqu3@_=!`;jPb-3zI6`*M$s!f`ii-A|h$ZZ%YWMgMWt>1WmQO)*Wp0(d1bi
zZE)h9q?_@EXb^-QdE?FYXHas=b+{1yGbR63;zR<RM_H2*+F#{BzR)Ve_Er+9yQ<Hn
z0c57TVH;&6m@(m5O8-Rs2=&1=>FCh@pgkN3b|j1|us*Q>PM|1tvEph}-OIDPS9>oq
zn^QjlakR3ikCITu&r8X-1)Ta@6#+hF?Wi~fXbJI+4PMfalTFy-nRVFqXB}<O3%=?1
zOX_1yb*9}&B|tIs5@Y~;>Wr6KeGw)1I53<k$Hoj1ce?9s=yEw=GwDvEH3PoAuMY6E
zfrQ)JPB$IdQ7jF=lIhqqHm|+pk3=Fzd+cCDhn~`&p|o^I3B7h@Eqhk#rQ}knd8&FB
zQ!nD5Pj;_q-zo3gT~|J@AE${bsIy50w&T?LHxnYZO^H(N_>=&Vi=L;dW61{jV?DRG
zyukVT<LIj_KVox_Vm`Wzl;INxp<&?}&niJd*+sTZp5OyT?8M_kqT_;o<k&j<&Zz9j
zs3KiXfH4`GL#QvG<^Y(N|KcyL9d!`Cxc^3Z6lQz{b_7}8LD-6ESV+XUh^uSnxOPli
z#HS~-)k<y(AsPfKA;VD4%DZI{!T{-8-G&Fi!&=_2`G^Nz=^hR7w%I#}5`N*=o$=sN
zVcQEcW}m%_D2G8bH%A4wpP+&BwR(dhkAwn(drYqudh@^)BuVIP+)~>^TVp^p&PhfB
zW1-6#OYB8Z^`%}XN?xXQ7wQ_7e{H9S!yQd7{LSnm1TC-YUvrVg)_i0qB$~)<YWpXR
zHhFH-)^B|@%wgHPrh)HWwp&-6(yGjB=&cH`1f_{No#d8~uK8*s(pAIm&z(xt+Y#w_
z+jG3kl{-2UsK+{F4i#wwmB?JCLz*`74y-sx4^GbKEB8AaT=-8nnjj9d({MC-T`tn|
zO_W+x`>4D0vjM7E?mx*HuD?l(a{Cz5lDk8R60(&zge0K+!Rn%4Y}HYQF0DE!Sg4TW
zhXN4fJAf4leC?T!$t|AAzRn{VL{s&eI!$@^SZPjt3`50kB_yym=lKo6z?T}!wnlG_
z_TsDQ)1L!)0=gqs$n8T~!kZt-ss(~*h4dneW^X%Y+IGFJ*2`EZ8<NT%515EkA9vV&
z#K74rivw7kK(P+V1qRr_;I$Cgxo8wzaau^5JW6aWQ01}rgRl<uS-nw>v{=U{<qiEs
zHdlDlDBCnt02tc7yn6B1YUb${vmZh$R*e<xj@io_@C`=L=w*3o#S5Wz24%G`7U6xW
z?clt9AvJee#^Ve9Emma-b(t;r!{`BP!HWUUsI9FrV$CZ!G>ysKMeFUN7F3x(A;o_v
zrIwN$gSa7Bvn)}C`g(i}C}b#h!A1f6vCzEgaE*lC%>e&=?k`1+)6OUQ{aK*e@2Hpr
zz67k1_%okYm5it6cB5jk0G}CB-&BM__n{8j9VS23T0l#yCvrBb?bs^<!sw-DDfTy8
zQT$-M)j<Ae(pnZ#1#@yjt<L}u^+zu}zs56i_^vm0&l5b=d9?6|>09i{dwJ-T<~e_?
zbmu~{Ph;dXTI5`4%r-Y<V3YRLWCZtI?dZ}k(^W_bBq&ZiF2zt}K-m{sZ|jGituQXK
zC@b8X{MF$ULuA+XNFFZGdet_9=Qaa`J+?^Pgc@q+&5^wWpr=O`-_$leSUI=V9^EB6
ziIi>S<|6&Qd9^n=*t|bRa~Gs>wlC!L#`F>@@Vtr9E`0OAN>OAELhz<3^i1zJK-qv6
zDcFBcQtRKs7t?4eW!@O*UP75;!XuX&atr}GD|WWxK-9hs#PS=nTcb@*2M<zFdOZ*8
z_%)xgIojys20*IIt;?r2=Gusb?!CEN&Uh@dy!ChtBvI?NyQYooe=zMpZn{z9-ETVP
zn4p(%R@@_rK3U-d()~68*wEz2mMY5IIn+?$=lQguf{owV@`3?q4+V{=1M(rIbHRh&
zyhWF@-`tWa(S<Y+IpSjC)07tok{53fAXEAvUT)^iJnUhcF)u1<+SD=x?IuU?)sx4h
z4LGKkY^DZRU*kgKQ<0x+`7b&Zbop?JS@#{;%XD8BoMZG{NtyheAplekRFxRf%oSlD
zsc2+|Y_=z9lam=$=;Lryd>*i?Nu2V$!Dd4-0gm~Aiz~f5xsXomh6U&>^su0oiL~u4
zFpw%eM(6Glx|(Q&94=@5J65IJ{Nhx}U}B9$645D~hL*k2dAq;8pX9egQ)IGR!^5Fr
za*H$FJr~9yR)h6=FV7nB%$s7DP@2Wwt?Q=71-8cF1jpcykw{}n@+0S9Q7sDaVY_jW
z3<Y=92XaK9aR>qCuDD6V)4^_TFLdNo2nKx8M5T))3UvgAjqW%&jj0?bLcikpaKPWc
z#bq-t)bd!n-;y1uA)_A4W;0~tKE-JvbTGHn_@wsK`<iySf0!dbhWl9%yL9j?D>2_v
zoozJzGsu;yeAyFB&;J{Oqmg<6fV^;)>k>}Xkj_YHEy}S5)@$%FQDR%lbo`oum-oyQ
z-_P8F{5xc;c**vJ<#>A(G#tsQ1?u69!Tq)zz?h4okDL*OXy8imG3HcAo1O-{$p}%N
zy41IDPz(VRj)T`{&n10=CBZI$iGku}xP>akHwFJg_M^*QYgHOz*1r$qT+adZPZE5*
zd9RctoCt*B)K~<zjK^_CcSZ%L)ibw|1HawHQwS~M-9NW)&||_L9u*B<9HBUys8h3s
zSK_a4@`~K%>?o+F6?9z|L=BJ6TbYFPqys<9G&&iy$JO`nYsQr?|1dD2evZCZxc8CI
zOb~$cF1!gl$E1^Tm<`*=aJFJ>s@5`;pqK<2T9V&DhzNs_e!o(F^~U!I)D!TP#+u!Y
z_SMbLjFQPuuQaf)$yd?{V|pkv6vC$RneV-RS~Z)$-&o=*NB0EzFb4Q{AP{PyV867>
zg=W!gn5ovT1tW%Q_#hJ9=C#;}Zc*<557mP4H>z1SFj?P90qb@9@!i_OP~4M%7tL!Y
z-QIxT<ON&bS>TFc_3MmQA+8QOh+U`p#iv4K)3_$0xz=}(L>^yVI8E@V`tYm0zbp~l
z6R=m2Po;731arEp$=MfYqO&D$jp&9UN{bFO)e4hKF!#6VbO^;J*wJHW19S9{>B#QF
zm$InsJLuDlV-UmfTwsnhRQav!6xKEA_4yq0W4gyhcD+vi7Fb0p3=ThH{YGvuYB%}5
zNk9juLsKA?*>`*D;PCw746=^zEAL>&btYZNM@6n8v2>;w@d-$f;v}H257--w02b*9
z&RYD9kH?@X@V&54Q?D*@`{hTlTW2cMif`|?^;Mz0lcwV5&4BdSUH+t=yaW?&K|lCm
z@I)7V$oV{P*K|XTLSI6p*>J)r(^0hZD^A_s11T_28@Z`ggLKSuu;6V~erkI+Jc{6j
zq@?zX@=7qGc~{I9B}>ilqI7M#@}<B^z=~fn?0P)f-0P_eS8($tQP1|fr40eDMk=h2
zNBFUZmZp}Q9)2+MwSLmYpYQ6nSrwkHgyEZKpdtxV&|7_r<|8jEQUiTb6X<r3PM+@Y
z;jxui&O3fdS&EMW5PR~vOpHjMF0{yUPS^&4Gf3l<IST4B31$m+^i=8pZr_bq3z*6%
z=PC9NCu;VWpR0qOu1wa}TfQlQy!k^yUr-AD?%ls7<SGu--!p}wK7aV#FVuCQb{5P!
z<+s+VR%?2|N^1*AYAM4EPds;sM%OwE-v4)K4LCyp-JWVPE&IVSwvY}Sz0}K0Of>#{
zux(TCl3UjI7o6_)q)ujUP|5F)gz$2gY2XUS9fiax9ICAG;WU%wMY|YP53F%U)|ozi
zes0-@Grh@CN0`CwRL&D`*?w&g*>lc^WaQ`tJqhU`aJvvLDie@P4~)&W#k3sH&!tyg
zUh7m`@S{Ia?%>t1j_XALmwYG5IoZiLr6<LPyYezxI$4U(pNKh&Yxb)6FG?daKGT<D
zI|X064&}VvG0Hu7L(&E*g>1=dCG2Z(OtswxFa}evnib*OQvrC}z(Raii__Oxsg2Uw
zC8rawGEz&0qINpnuXwcTh*v|u+uXA>Jo6*e1(5~6J`g+%CPtCoFt34Qb*@ZVw{=SC
zK1~#v=c|>a1Fp+bv{+hp<h_xI#awt*$Nmm*qqh!3^nV5(RgTx;8^tAUGgR@F501|R
zOEfyGxGz~2gWK?f(=*s8Rej`jPb(u$w`zE(Eux2*n&Rn^g;}*Y2=8(zzDNPJmQ@OC
zJ$4UcX85QUg274d2gHzMc2()Td0WHU3!#|<!J@(zS7jz2Pz$1BMVRr6JU8W^&GW>&
z?f21Z67};*z?|<FbYD27Im5E)+0(G^zlC23m`RJ=PT4v?4H3w}rzSyc^z>p{d6g<*
zS-cI?M|dAT?EVH;E*NAluxX#e4V#FO^3<f|%l9a{?q=gWs9L}*p=k!oS65r=fwQ%>
zBBX>o`Jp|7`oYHE-+M-MtqGW6%LARYs`Cj<v9soCgKRCHp*Ms5TvSHboYs%T>{CQf
z=z}J=5#muS%!7v8?jF5o-^-=!o>J4Bt}~*_4+}hX(is6iz9=snv!3vHqVc+naKWhk
z_6)-@LAr#BsnZMB&*IUqTHp)UwV%#fTgv#imZ>Vm^$_7YCi%!tMsy+?J!QB?DUXM@
zdg?YQHR)&48c2Mgq!gQK=s0a(^OoSyiW=suCXC3?ok?m}k1R&iT`@L7XEJIb6BpLD
ziP}k2c5f-xYBO`@yrFs6WLc~g#E5-b8Nff6GfYjj7g#K<Sz`&GNo~lJZ3(yeo#G?`
z7r3|)jwg9_Jd94U$a`xf36KmJZeR8WKF2omWTl1Hl3GWSo>qL^pNY$DfSP#$KPEW%
zvy^UDyDOMJFh;?=ZbA$O_m;Abi0p2#CrfRL7$cMfQnFU03q^}X1nwXB06wnz@jvnq
zNT2-J9c{5`C>crXe6V|v8Dj};p`>{y^n<EEw+YSu3?iP<g25(d9>DUW{)C7_4#f`t
zk0gtMMRZRbWhuxUki^8jIu^Wpz8xPkSjnVCZf&~ek!<bWZrm1$V2H0d*T(U@%;CpZ
z5bsi+R9*S6mu0$4v+Mf&SZXmdQ1+=3VI?-G$oQ8hS5Y?aFWx2KKVq?$^&i#el6-v!
z?@0r*&{Zu-_g_I*PRIDb4k9vJl`fyhv<@y4k2UcG4v%SqJiIFiEa(EN++#94hht3x
zD{u~VR702nxM07&o5~d-Dxr_^f$y=(>iqfMV9R+KE=#)OnBYR89ZJC%yv#gyM{6;A
zvC+B?=mo_x@r2wv-HdOw-5NNq9gKXWk&+<3brGgNgzX!w&gy!%)p&3*lPDv@{3o%H
z-)ws4wX8tOFz}i|+g4$I$wJpz{A%>x)1H;1hV*q&QZ4QvnmxMhCCB1mp6yFd7xxFH
zn%faTW(lEMeIGiyeat!Oag@f>Hk;F-Az;w4<)R@M<jimB#1}%AYaI!_bN}Kr^7`9`
z%8x~$OR&xsGTv6~;(hJ+fCn%%mC<<KS#vl&{x?SJD<>EweJJxC1vpfK1IU-85fIh_
zt4E$u=Xu-UUIX1Id^qUB!&4sfn+UC6=sH!o8=`m;jutUw$<QRuA0GiBjAcY4Z{jn&
zHU`WnUabjfZPamTI>M0%cuYRNA1dVenN~c-8ld~M8FWPGgJ!efEEQ!zcL(M1T6|z0
zxs$z5YaTRbuHL9tTnvPm6qD&L!$sDh81V?{ZQ(kfRn2R7SvJc76ghBcp72|(3GF96
z(S7IBoRrN$wbq0|9`uZ?^vO@~X<nRe>s&Eap*;-y6<s7nXSj9!sq<o{m4B+y1y0EK
z)^as+K;uJgOShi@+v}{xlDEKTb~4-0UT#i~OV@7w2LH)%)Og>w_H)mEt*cWJ9HSZU
zdwI;jXxB+;uL4I@=#QHha%tf5*?I+%TIptdQVx<oV(5?KY{*MFFTx5kS6l|WrO+%v
z*OAmp#A2A+A#VLICB!Q)?reIC{@=hgs;=i8>FxLpx5!7FI(K_5P|pe7nXg;-DKd>D
zCe`)8LGHn96|sP?BEYboZK`SDVq>a?PzZkoHmSE;MrlmC1z#ekT9<417Hu<f?AC1Q
zjk%S8iE{@{J!&ln;B9OdcjV~HdTDN&;QpMW@=rbJ+avUF$A0bROpa;YZ|ZA}ZB#Lc
z*;eb%(LR_8+x?4F1Pz(cM$N^Y^I$3Co!Nyi<4)Yp<d$NI<!|37+l(7y+WPhh8HGtK
zJ?rqS9s0RV9Ndws)I3kKIa<iB?Tw8gYj{*rN(%dX+8aJpSA#Q|FDLsWI=xX8xb@tf
zp+fkYIUt}uJ#~m6hjv0dApkm*lov~}QLz2p?XmvSXrrCv)GmTTu=RsYveipj=pY&E
zsz2>p*e+25!A6@Z>tL7hfOyyOzthf4!s#5P2EqPV6qg|i=u8Kw2_tlM{!d$$ZGZXk
z>Y$c4%3MnFZCj}?Gias<5F(iY*?FzslMTqJrenTSX>b>T?|x#$J&1%Bqn5-S1!JBv
z=5K=~?=6m1SL@36C@4tG5L$b~R*8&XOTM?=<j~Z~M1n^Kc8`waBc&RP`Y$|<I4bbX
zfj#?bZq#}ch{&leDXW2hwT>?Wh0jHAt;7S~pze~FB$^XsokoYW10FxSBQ!>n83oO)
z!sLM#^Be5ef}X*^oLeRQcOy(APEJyWgMCifq07TJA0r|W#qB5IH}|*HYM(+f4xCmf
zs}1^&5_!8Z58T-;G+icNV>Rp@eSzMK_Jmg$YN>)#4pvL}OetTWYx~FXvRpk>R0ywI
zLTx<`%y18#y{qez_HiiyH+Sf5%F@?CX{N37f$88qy|4-$1p@b4Ez(y*mO+a&Vp>4v
z$i2_DYSEFG6z6!KV`7wN<)FrNxg{O!K*q6t;v9+$uaensp~^WKq|(v|JtiCTU&d>5
zMX(IvzVi4aw~Y`5xv!Sh!Xe*}{14&M#-a;9-dIcib+T8-WG?70?#?OtT(#uSKtRU2
zW+7nLRVuEyJ)@j<-mD1QuD=%kso}+(CmmTVZ}8`InQPr#WeUX+E!H>a7VA?|&1N(6
z3a(Ts4YEU)rc|pB=FFx`(w>`GGH@Cz0J~N<l4?~$dPsNo;$Y6AMJtTBOh)bzhvBE#
zIee0uG>n=+Wzk_+SSpiW`zu`nS!`o?l5c_6m^BnpTr%SpGJHtA?S1YoK|LhT+XpKM
z@HjNIUp%ilS_d}Y6jRb$^n5>?KeB+0kCx&4_~@QIa6kN#^wA0f3oAIMb|cP{^)<|>
zReq?K;z!KR;_BkiJ%jSknO8LjCD$kUdvj#mbH3nHekIxVB9`$pRk0dzxik?5TjF`^
zN)teC<5FT}ysFDISx*2)zB9T`twt|)zXd}AntPk#Hk0iS66=nm5nEE?!wQ$#>p5p!
z+|~kX{F|>H^x0OZwdeDPd39{!v$O7;Mllhp#dCP0<6$zhs-g?-#5aZMHX9r{eekbx
z(?EAbwX3Zt<>O_OY|g}(Gb1J9pM9{)56r7~HqHJVn+f;vK1ug17JoSnr2TF2nF|w`
ztnmvscJxhLnBsCfllf+R#n#(n=W~P_=lB-gN%r65{B5)ajoMg<ACe~~w_o%i;d*uj
z^Y;%+t|D;l2U9H(vlo(M7HjOT)s9$VC~~<X$q;4LV5VIwVNsTt7-uo~gh|4P6lnPY
z50uutoX4o*qbOoK_45se8nH^EW|sy|U%^4W0&;<!B*nKWWH+u{skGPjZ!uI9fuCPP
z5Fcu(AljX#^w)M;ABVsEo+GH@L)O51nYCH=w$`RaI;Qm;It;T{Fz9&dQ?L;m*663u
zyxgSf4@p0Fh^6&)jhZLt$D{I@>rMUrcqd?1{~$v-u`HbX@Ax$AF^S^cp^h%qK2I?b
z3;mJ_rrsfZ2XEg5CCE2HJyfKJgs7z~P9JZD7v0wjuxzt~EICJwj|`YqOa1a+!chI=
zcLU`;O-CVuGO`M#JYQVn^F@;1zEUPnIaL~-Lk|9AJY+fnQ(6eB!UI|o2<kcx?A67F
zIsX?*{O9cJ|0U2d-3F{p^GaGDPXdmh;aZzI!E2?(bLpjf^DZm#nQb55uI_+1;)Al9
z-zT+rwT@3R<FH64@S`pYc!KKssOfwB{CF}G&t?Sf!nEizNp26H-g3U#3MCgaGbOjm
z@5)|Pjm;Oh?C;5UTFDDE_!sXk`br!t9;;vdqPDBv9t)pLX(GN$hb%2R>wFPXyxdx%
z4NIkqsTGMqtnq#F1dkJ&u)Et9NigjzwxM<k<0GP@YXNj`?P7`4a_c{4_I6xQWKpoj
z;XkadNc4C7qmT$kc;>8cPm4Ox#!CQ`7!WN<%%F_eS?8nog?7~nZBizz6KREbyoQz$
zVp?O3jQzfgNWtRcDz~1qIZH(U^EfLGY%;=H?Q#Q1pj1l2^^O~y(Zq}2R;D6Hw3eP&
z?frW};HNswGC}-&Tc7j4y6V$exV+?qxwjvox4M|T;fMBbH^Grp-ek&`(M0wy2G!Tx
zqT360^J>As0ZRD#I#qQiiT+Fi9!?0MVY>T`_Q^(~BYy(#6mY)KIUDPvEumF#*y1w}
zgqaCDlhqfr4;E)|AKZJfUYh|#rQ6M@AyXgsboNCIR`0riYrUsH_|VbzKAxG`fh41w
zuqLLC+QnntX|n`7kJT^~d9-gN9(wmaL-j={AU`WRKLHS@GuOE0ZS4HegTOGrfIlHt
zn_1fnL+Nz$Pw;j$rJt)pKR;yZxVZ+2>gh#KYI~oyv#)$oz0D&48Bo|W0Ck&ra8Ak#
zN?TR6O1SVb%2w*_9`RSL)~DyCHQYZmCk8g6cg#hzO(ebtj3FI8v2b0B9DzPPyqCZ2
zn6oZB?|0kMhFm6Xcob)oxF~jnL*Ehm6eAmeq`+We-a&+l5%)Feo#5d5JfVN4mdN_5
zut>@+C);gF$HlF4?_m*>0IwOAsWRA1WfK14>chs9Nu&v}-eSDS6JarQX6<zNd*MM9
zuGW+TR4g!{qH>9iQLXXH<!;U>DJLcIoa`70FCErA%D-#(&?!iS73EN$DD7GQ+D2b;
z22S%daiCK8L_%qcXTaFUw`2Q-f?1VsNxo?~#<7-FG}uSql*j25J2Z(~f=Y-}`nvZs
zH)nK+^0}7;w*FMTi$&a#4l?h<1ErWqq^-r2^D}XFG~RC)kNN>tsfW<WPU9yi(7l%E
zv(-MVyYGpf0{$`@b4A1!P>c&+IpZB$Cp6_eDUmwZ><GCgsnYHeMw^^mGvDzLS+%9x
zJ`c9k=yT?xAw%!JrSkEt3`O9Rl>f=Q6<UnI=KKC9d8Nz-k^<}3?frm*m-vjU*{^Fe
z&1h#1MmUZvO84%&Fn+J6TmmjyjB(xV2~o~MTqJUXIo|_BK~ZCGXAYr97B48($Je8#
z;!KZT711*=8`cKZ9Hz71E<j<zS#%aS1${4U9n$^+{JvC|MGk`-Ybq-==%|eF(StjX
zz}Q>Un~Ck20LQ@_1{o~)X7IM)@t?-iF%d~j0SCNOl(q^H*u=4}8O1PGW`6X^$>j*Y
z^8HfBs!$ka2DAPxxWAjO>LCv%b#voqDY6;2$0k+$_=)_w5|Ci-bVvyrr)rO1nR+y%
zDFZx2LjS9jUjtG*FXi>b1h7pS#b-V-_3`iEAl1HcIOB#c-Ch0~RwL<QoQM;ixlXq8
zHnJPcrr3=f;=>|cH)#<i={C4sZ@NlNhr>pffc3gEvIBimqJLpp`%R415A^)u?8O+z
zG=;tX?12b|485raGx+Sro-{~XYc2*ws%P(~#6=UsiT|g=d4AvattmbKB)UP5sZ^ul
zf^11vgNx-C2g#r>Q_^v!+qNe6Jwu%^^g7n`Ave1pPuVOUNd4*`$qi3d5qrDOB47j(
zi<V0zao~J?w-#ChBGR*H1H3D^fBZ<$;~O%*E%Q9MT2S-rIAY6`jI2np2dXI^NkH~p
zxQ&ly{DF!RtsdhlsYuRm26OO`pKGhXk>Hy#0WYQ`6|wtnmbcESP-yRXO5mVDHKWNz
z^-Zvw4X`edU4di+_Ty_S%A|iM&WoOU-w=8WJGjWZ*%{;_&8}eNq5?Lh%9PEu5?-3d
zcuwCt`(xF=`rBYut|Yg}r`ZIj4<HA3GEe4Z+UK<j@QBjiWFb6fSq?Y48!&sShg*9a
zkpmBv{7Z+n=F63ftTEgW(Dt=C6wFEMGh}L_4rO_94K84n10S9oWEAkwmG}uMql%ve
z0afB0&qXhS#aC<{R*LR5dZdYg%`m~QulSp-xr)T|;@>5ja(~sMk*eiY3X!15JVvBj
z0~7yz_b2+-f;$b|8AGLf^}U!)G5B|M6!s)+Xa*Ok2Y1(Rbi4IA+UUW20LJg)ibW#g
z(M+QBNNT9aBwP*HQtLh}aX|WH`f+8EKEBk^!BpVtWS$MlX?+<5t7kJfG3|WFynL1D
z=qLAz-4M82Mt)MV$1Cl(r}=QW0G8ORM@*}T-1*y7v;?Tr4{t$uk>rXi2eUstR+W3<
z9rX0tdYVUYz6Mg3yf)y$7?L91+~H=W(s~+zrxOU>Z;<A*_!EH?PPcaOWVFg_x8T;O
z*vUWDSo;))pc)v~2|U#e${auLzxs`M4k!H%gaMNyC`>v{SVn&Dl#yteZr-Ao^GLUK
z1L!iS`ru&@HtZe<iPkxmh=WBnAf2v98k}5@2SSzhUO-sianD-9F~#400EKG*Ziai?
zp_!hhnc?5|67J~c{4@7bm^2e+vw#YnZ2F+ozO-qKo&^7%)uP<BhFu_)kr+BsMXbS2
zkbNPda9_fUid7s~QIwXv_cVzDN;42wh`Y6B_lArQ{U9HFi|1c8J>e#*KQ@O=0GC3B
z42Ia63K2s)qg1whu=FL}Cvtfr7Ye(<-QP!|6vqck%;?JqNrS3pqod^OqpmVTsh&*Z
z6J(xre*^6obm8RpEv9_ORJj@8xHlIt$|*@@=|5#$oQXjP)sjlZcWy7srSpE7{X`2X
zVt(6=UWk7%<-C3MB=iC`A~G|iOU^PtX!s)L2SP)E4NBF9l0Q1Rt16|p2YRdHug9Xb
z?iCUvfG?5NQ7N~IKR^#Y-UXKJ#?<FO1(14j6b65>(?<!rPb>+OuM$`#Cow{gUy62Q
z^)quYxA#r<Z?Q7kZ}HC@zJF5s@}`CEA-X90j{lESF#Y7qx$pOE_b6tX5v}}!6LkOA
zo_e6PaOMwv&)w)}iZ_M<J@R?u7@}rJr|f#){U`Z<*gLV`UW1pssYe!w@Xog`mfeYE
z6+*INSLA4Ut0FXTDc;Z>GsySFp1aum`vFl6eTZde*@#=i0gCmSplS3ohj1Z9#=iDH
zd)`M=+apET{gpV27&^FCsnGA}18E7t_}@ulo?gp|F6M`CfyG8t)02J@3-J<%<Yazr
zz^tNe3U5zw%YfXkRw!4t-kv1Q>C(3bMQglieptax)oKk5@dDWjqudds@%#P_c?_mF
zJG%^AOR^FSTFGC6XB%XFRwdww(VAirN9mbki}o2wGi$9_B3f!0Hr)9AfXa;b?Yw5W
z_>WgGNJ+Fehd7YfH^DW6ylCl{iTo04Rc4V2^&=g~yw8jzyHT-}4%J_`u472QNp&4i
zfm`9tL)cTMbkG2F<F>4ZR*g;~_9|}TaImE?PZ$6FvVzni*xskJ^2q=ZXJpuTj_~z!
zfmA>|0>9Q!>JuM1{Vc4@4pgR<aPZ&{vj36UMjF);6{N<ay6k{xqXcaTcLi^R^A@M8
zc1EqZ*N>*>3kxkjdN)h5)8TMY@h-U@SY=g2^5NnTTaVaP`NrFh;E}U7h*#N5`i+Qa
zDc9hO*eljj0Ca!=pkV8#*5D2|kE(e%PitO8#qf8?a_+L44(}v>CLq8EkU(2RE&{@-
zFLGre+ky!wp|nYIiyuWWxcH!9J;My#ulb4(9nrn+2!t2X36N>p6~n2h<5BTtZn?NK
z-!oq5C#lmBNWw+``{xJxVy|+XrM_zk6T!hkUGn%brp4Tr_&m#cg0gbsPifSq)OlI;
z-qqRSvMWzgtImwFbW?j<K}4m7T9a?!r%R}_Xo*>rI;4vD$k)&qr;zCjk5<hjv-7~V
zk)uefYU9-IVf(@DoL5Hk0rzV7Z4+^s*G8e?r?r`~FMNvnK`fIK{g2{MO2k_MS;M)H
zb4_S5ceU5PcD#IvxuFSP&M}}<=%=yl5sf6fZN$2ZEsU%(3+GaB*bdUCE>XZd9#=H8
z?u|H6#Y%G8RuMQRbg!NsByIsNB7>p7l5Z}XW>>kh`=6!{RB#Fox<mUO=DB9ZsxBuD
z;ARb0MOHOensb2{e6Cwxhwz@8P^S|o1}i>V0nE(xB&4O63?%_yA2Leck0w@iIzgrh
zKI%s(1X6<h2v^)Bz2I)tf93reF6Gt+%*3x76N7LG-b84H->Y5Aj5vuQrdzw+9!WG2
zjdk4lqa41oF78zXAwG%)6csU;>&Gy~>gEHU7O_yIyP>i(PDwp`DTOY|NJKixJJcPu
z`Pq9g@jrbA%V>lYDoAQd7A>hMQVFU9e3W%+3}RnY!o0nSgnIfZpGm58q&25g%DFwu
z;JoJwO5|@%Q4RqdeufOgFVfGwJWMaAD7Rg_BBNg^X)N&PnF)m*g{{DW8)GRnj5Jt{
z3&exZ(+2<4zhbP&9;|f`KDw8gU}cM0>oTBZM#QF+b-FWvo&~21<jV9J!qab;-HwPy
z!^@V&9vaJ~+Puz^T#rvC=9r#&%4;!|X1y5aw&>z;m1*A&bn&u6ZCD$tkk5%^I)xc?
z10$ty;-6sXm#uX<;iSK-{Yd{Ai`DQ3jnW)sx4k(sBwYTi!8rP2a?bO~+CZM4huG2x
zo%cts!wKKf;=%^rW#tp;N`KO$UduVP;gOLMBqiY2S{YTR1QAKJe)QGxzGK9$2=Ujz
z&H+Tcf5!>vxd#c#7OE!2GG8vwO&o(`uuKs=GA@UgQS>Ga<E~1D9s4iJ?S8yYlWS`U
zB)D)dO2-dbQ7OjF=bAx*_JdOPzuc*+^m2Qr61m7n@D~`&qo@<Y89fUR?<JS`eiKzy
zN^NgB0wShgdh+g!kL9_0FUS2e8q8UhXf5yyTs7mKZ2YZM<BRZzHc$C4T%`B4aJRaA
zvwAx`h&PPt(TBEYG06=F%0^<@%uWH?-0=ew=}*S<8^9AGW*7O4yPoARD=UY{o66rZ
zul9&s(b6peP9e-g;o%}Pd|BD7E&3pX<%y=9e=_=+_G6rsTvlNA=y`OMs70UEjAiYP
zV~(oh+>o2dr+QW{qOPxgR#6guwk`Ge{_y3oTEYe<MMf99>vb%?*sRx1aq|e<4p6=y
z4vLle<Yb!;yb-6gW+pj;#GOXxp(Dblc){3!8~6Sp`MZ4ELu0D(sLb7eb8l2@`mG_;
zN()A0Llf+j#>sbKP4>j{Qy{!{NtzM;Lv>=IEK6WPg~`gT54v^NasAa(c!QVNsF0I7
zf_8dBh{x_W9nns>E~LFzH;8L8Fj2vUt=jE8^d`&1xrJ}*4-AxC@^9KnTz`XA$M!D5
z3em%x@v@<xXP}**P<fua2pBox=d;|?v7oyIpP*C#4OvH^f)##jDR6R5qu>Q1FZYXE
z=_H=k%Av2f4Q_ir3GIf;#Ndg#Y7;H}$(5hWUf42@^Z=u=`olX<{*^iA&W;of{E>Y_
zR2^LeH5I8Ct(?HfBk9U^_+~lZfB0|P0`yyFBtGS7@iF^gA8G91Z?VF(@6$XS0jS4p
z-L~NC<;=WveOk&&n?p{yX@7)-yC)7<MSiWmV>d=X#b90LncbQ$+IYIq$9d3!uN$s!
zN5VJ0Q9XR|55-KB_IxIvm(}0{qs0Myup#d$u7qoB4~J$nb?4@|7$NrAm%c;B%#y^8
z6I(DcMGmb0p50tw+Vlk>4QL_9=ljuKY+Fv?rt(-d^tfA)NGj*RO<Ga8mNToVK>R0R
z4^_{5yOmi*)!QrKcO(Zd`LX6BBIln9$7w(jE<0M&0@ft9Yr0<rYc{e6e^D&jJlXl%
z5c4)v-()clk*vm;8C}&{OxNC7^YHdS-_F2Kv0jkEJWqo*X&gl@i6zfKM9Fhmv0-7k
z5sde7jI|yTlen$%oOhPKk}L4_E=VLDo^%uK@xr4JCCkP;{f8m;%Kk1>c<59K#vTp7
zFVO$d3V5y@>t?4PR%6xbvK1Q+#C=yR1ky4j^QqUwek5_-o1&+9^S)=K**TZUGdp6d
z@QF<bhsem(2lc4`pBFfUz0=|~8I4CiCbI{JxvwUt!t4y!&oQmKymw_s8S*aMkT8j%
zXGmCXw_dCh5bCTYp%e$5(gsB+zXf?kG)bHy8o{kS!e9Wmh~HCkuDmg=2=tJpR(}sB
z-x7YcZ<iO4yH$YW0+(O=CAk`VV^Wrtq^DB%c>mwJr8E$%uW@g(?-tM!O-1EEzb0%X
zb^Gwv&HGEDnlaYy)fNXDjZvTFh)2S)+pZ7JMZtlKVC^E#L}G~*xb$$;d;L9mYyFt8
z-LY`}E**Jxz&1ix3uj<QUm%k*p6>>_=Wvkyg4zVdT6d?(fGu`Az4GNU@En02m}fS4
z@gRLG&_%x#HI0S5HnO8NN&Ex=)7h&LA|b|QnA53a2S(Iu_0d^dDf%Y%tnb1#5OSAx
zBIW1D@NX}MUsp>ig~8;@1P*d*Zr>f_Z6D(jk@)JO$ojBIw(LmXJ|o)JpAm_XM2Ul<
zBqU1vX1i3Ww-Ox8o#TX}I6n|qAW`!6%oNDb``XD6X0u8-<m`s>-|=p6^E(P@c1U_S
z$Wy3qBTO&OoQewl^Lt6b52SyYl1l&JQa_;hJ}H@ykd>~X)z(-%h)c7LHjem;dfz)=
zz5nra2u7Io&-#4J@Iz+@nEWf{hjE6VlEpKx2kUgO?`iCd@n@2Q#b%an-zqBGpJ<}X
z#>&@NE)`ns*xk6SO@^m*Og<e%9gED!R+w$8dYWR#nHCq*m;P;C4mf@;fxboi9prP9
zsDekS{ZC&uv-($!pT}?NPR-%Zl8-wV62Wntk;bZtQ#x>J0z(bS={c--l352c7p@+X
zd6v7=MYcA6EvCYbj=BWfPjk}e5jYro=kXI?oZj|upwDsDh{$)nRgtTOR-tk{NvZEd
zNa;d_e7rpe;ph;*LsTBPjCbh}XW>0sJ?@9!uepPJduAhCs!Sm%h>`QUL6O3G(JNjG
z{e$A4t-lMRT-<=gyKE`h3qJ(6g5oR0OU(M#a@xv8vDf6%`|=a!G0x6|^G%HMr(cYI
z@7oC%dhe=mRO+GuR4wA$^0L}-Ne2Il&RXI9i%8Re8V?;E+>El~KkmT_@c1(yNx{Y3
z(LcDMG+OTeOX)o|=SJ`D7m{3m>Jb@|?a3Fvab8;$gqP*pVfef3ij4{%7$;p)%YDnw
zRm%{fi&i~Q=y1D6jN<1{Dkb;q)lw64@!@<E9T`guvE35eC>Xnxo}PVmsfuI^;h=Gl
zvMpxc^D8ehqbBhO(7MTp*B9xU4`(pl?_MU-iF?dNnfp&a&d_8rk%^;|7RgVs(0bQ%
z0`r|6{CzA*&?Rye{!%yJ*T7bSA*_bFqla7`zEhUAj@>a+qP=H(b0YJ<#KG?ySVY%T
z$Q4QWJoQ3U)Nsk4@>3d?tVj@Ez^~S69*vbv^aoFhoUXH`qC+Gt5(ZqPownG<)3tZH
zxaeTq7O>mN>_j-rBsF}4>U{$W{`Uu}x-B<#^}KZ!IDaPlZ*?PmOl>H$`3R((r?(Vu
zSS*UO7-)Il$vacK1&-$Q?S?huqrr*kh{bge#>5R*%w>eQQ6K@#uh8dgn*71WV`~A(
zWJ&%Jl~LiMoxJ4sTAjH)cab%5Ul&=mWIKWtrRB9(*(=!VJx<G73ZIZ^Cnx(2ldMeU
zHDbs0Y$ruv)!^oa;-m$2$E*M85P3$>QBHuDDa=iVLz)|&`6aM&zk5i>KYSn{;eBy6
z7vCclHJS^uBh)f2#j`Yz84nd@L06*CfM!5nrc7rl(<8|k4BRESnFOSq&Pv3oU*=WI
zc(ENnLjYU9YudWJ%;FAl%oI@8n;*ynmR*R8#X%R_W$)~2MTh6jd`qc&R;|;4Rx{u2
z>9ZS*tmJ57C{iITY&|U(D!q<3&`#ugQ>`iziCubs8<82t0lnA(z9|mt&A24L3dI~=
zp76rQkG^2z<t0NtwK)3N+do<pj0tOeaI^CRpZC=q`fJZoZ4#t*UjS{A-YDlPM5LsY
zN4E$6$&vKl@c;%PQs7bH&$i>PdAe=9s3G44aG_vDEaC%EEzo>-Cpy$RkD5xpga(~}
z&qfL~=_{-qs;o)+XGza?`wEje>4#>})Rxf)nB05gdg3=r#+3!e(7Yjckso=ix(RuS
z*WYDj8qFcauQzorVyxO%SJOM;?NP!%qx5K5r95*#xk-8S(cZO$m6mcd@y#v-BmRr~
z)U!2kewT05DD!Sv_$A=l^P_<whb|-gpXx>WWel%QYF&U)`EL!j!V$`PvG3e=?F)5o
z0be_+9V!G|f6kqd*Z;Om1ok=lCprc?-uA&tf(ZVSgSwJdpwlvMiy4ez%eIXU-mQnL
zd_;CD`T$|AS=7InF-!hZXnBV1Y1tniSwFsKn=pF!HAJezLv|H^bhWF(g5pUUPV}Qg
zJ{2dmO_RCWXP&-ePM_-S7ip3JjY*YRuajep`m^JLEp-LK-3%dNkGO$%nPPhhcHsY1
zExy9X++i@jd%;U?(f=1^jJ=;fmgt<W4kV^Bk@x)R7Jv6eM!l;f7w(Pcsl@-GPCSlT
z-#$zie=Ncn(Axe?QPieJUa~mWkNR=bAfYy3Sq~!7aF1lJ_Ejmsn|t)rlkpfm@|r=;
z3GIL0dtJL)v#pbdq9c|6EFh3ZNas4MjONp2PcY(6d2IwaUT)dNKczpL^8q36dv#MO
z7pJ>;J?Yle10}ZsHjiaPG5C4X7*D1R_<POzu>C$A1a%Tae3+z!)#*+pN=PWzHT{&_
zsQtgGCdH|ozg6u8g&@bCy?w`4<TtwIRJJ^Tjv2UdTKf^!s&NQ+9Mtz6{xWc5zWScp
z_dpf)Bk%)K5urzY=Q~{>ie)=`1=Da4!uXVqEi0H#1>^QsFs<2tei9aAk{cCWS4@Tj
zL8IlpMd(fP7p!@ROSQWemsylZrA9A)URUV>wW^Y`dRbA$>+W(W8<w%Gk~+FpTB~vj
zVlr@Z)2bu2?s7}jR8p=gDJ{|oOVVcx$52!3kcGS}xVXQ8KMJpZhw;rTiz7+Y{Fb(Q
z{3%LXAG{RH)6w3ZuUu%{6noq0lava~*3Y>xU34Z6sQBh7WGf#yT{jwqba`JWBLA(}
zPe0x-z+2io%h~{0uwiGrou#;bcPmCjjYU`U8ZfhTld)I+<#za%+e@N%SrSg=2)wxZ
ziR^|sR$O`Ivh#ZlKlv(Vup<{{*8=v0k#6n_`TJ~l>2Jc8ZzSNqM6SRUdV8Z^zd^7G
zyZo`&h4`ZLZi_!Y;)$sjeH)-F-CIdJ@q-dy4HQDbalsZ6GND1{ytx)VQWFGGs=__B
zxg}KgnN=Qo+t@A%h|c}&B%#p97;28xrq$<7m$(dnB<P`QypK6yVuWmx<ie2%jfHMf
z#xHdFh!T4F4yFW(iTAt-o9nvw@A)g8TfakIR4d_h%l3TxG=WOY^|;etWv@pj0-XoM
zKJ%A@Q<lXjr8mdHNo|dyAEYMY#Z$Zz3QkkE53ZI8MjFATIpJatFCTpru1<#wk#ZxZ
zL5D8uUOTFIzW%rqdCaKoO0|p5QZJ(|B{p->5sdDF@5cGlHMwNi^O{GS8p>OXy8T8@
zNL~x=Hc%{q0)BKql#%jyeMQEnl1r+IHPjY!W9i$snW;(NtOt|n*?B;X7q;3)ML3Ix
zgoMNzd@ED<-?xE$k9drx%B{%1UdR6;B1Cy!T^)+LNJ5q2HP|9FNdm`QSLu;kPGkl~
z1<UU}oRGe$D@f8g;;8ZoP{8Y)50D?`bjV<vs3?w&kMyJ8X@*<Kp=id{#4uP0pq?ug
zJ^@uEsk;e6*XWy}TO^p2xyh;|qc||$4}*x=S;V3C(N06`8V>u!u)2s^?d(d$xW=2W
z>YyGW9O>js)y5{YR-Zy&R5Fx2tXQu=q1gCH_Bzu*!tV9tC??Edy{y&CEXD`ES2dC>
za=ss@jZSmDrQ(Gbk3pAerGO>A8oo?*3|4(U0yomKkkd)cfjXt)q-ReDusnfd4Uy@w
zHV?*DCCOoYA?y5~+<jY_Hi7FhlAx4Yb?%vGA8nd!zh<sSZnS)v_blX>#a5Au$gfh@
zv#3y+u`dqZUGTY}Vpx!$fkSRIke5hGQ*y|f_4?_ESV%i7ik>?%Uq}4|>92HiiF#vY
zc&We9DHrV*ckY1P%|o`r+N!R#>@5npZF;#Q8dVlzb+qpbCB{$~WO#09KUU7@7SNP5
z?PPKg@1vYqBK|`VIrksMOBzG9#?0Rtg5<>I5Xr7K4j4V<n5DKT!>Gu`(u7(b`Sy$^
zCd_I^psDt@@rV<QXJUB>g`yw8!3=3bKPk>P^ONbqx@tu0{p}Arfn|COw}7!fm18NA
z7Xr?Y14op(6-j~Evh(W9@}aJ|W%xTG{hycH^x)VyiL~A3C?8TAY`sbBFx|(`H{5vJ
zpoQA9YLp9np81nsx`IU^{+dY6L-#c0Wm*fUvybU8umYGnyCHm(*WyPAkX;M<x*ctR
zl?(x#Bz%;X9UecKmmh#_6yLT6x&otK0f{Axlp>cD*quh+RxNCz9ev>MebPl0#uBU1
z1IOs^N0}IPvf?<Dk`8e5f4gv9{9x}>#88ojE1&Bixqa!l#ITW*Sow)D(Gp*@BD}-&
z2FkJRvN{d+BVJCSE3jbyhh|lEu~P5fgLqivlu$5fC0)NKgG=f_W2n>+HF9l+-$RFK
z;lKXlS*$7Q2T;-b&++=lq#qhVgXg3J@|!~i{l~r-C#OhWm?Js$?f4hV08kq>X*6XV
zV3)dw63i*K4scY3l?wDBE-WP*P=0co5?molQWZMDIgKnvXk>d{4+VPeeHIWB{%rA_
zJyj@+_$^jIx>@E?k#da<WW^)YU0t<>`0DgPu#H~yHC8&kL_9CNsg})~GK{{x-THoy
z;?Hqn>(Xey&cV}zD(Kr2oz&k1@l$7RaH@-Vjl?e#dXY&R>5I#3GwZ7j!1g1N9kAE5
zjFYX!i$Ef>BY#Yq7A3Jsd0j;u5#cXSJokRCXrmVz{-REKLfDTU#7}C1w9w}kQpF*M
zyj*aOsWs!LPGi?vHLhBjD5Ps}{@@n=d<#nVdQQAY={K;rJAh$Q11vX0l|z!7Y?59*
z%uUdeT`vw&3gp&izjP6x(F&75iz%~+CKT-XheFun1}A(n22LgFR{_jmJt)=iq@^aV
zX=7TF$;yDf4$LoqM%ZmDIX*sQ;@b@qP@K#)4*@&rv*upx&GKGAF%n1DWx?YNAuMvG
zqz&1d-kRzvh)@q+RtTCptDa=L$qcGR-H|c;N)M~4MLk5qHFqu&nG%*d0BRop=*Fa$
z*xwT`e$0@o?Gfnxx2F?yx}3ia%IVr~NMa@VSRK0?$sTX^kesWurijbRu@#o8H9^An
z9_sZS8ta!DpCq>a69Ki=f3Z@}XH=rurxGs+ZH-OUAlfNdc|T5T{k>uS5wVrlEVMl%
zOMbX~Z|XtGMLH&Rb=e)!tF?EoDA}rYSFpYMG`;^Ke(&N&`7B_skzPFcLJd;7P*;lw
zUP`*#2l6!4(XxZQZO8!#7Nb7-iWW}U|D&C&jEb`D)&dd&(%l0BqJV^S3JzT&-RYnr
zFyzok4U$8Hv~-trGjt>E(A_Y=D9xGo#9HUyx7K(5p8xmS&$^$z_TKlt_O-91i^wVQ
zSOv+NyO#HSewM9k`9SPOHkr96y1m9{+%K1NGy*2SNw{Co=6pIk3GU3)v4P=bYgmzj
z_svGhxl;8=nNTDdS`B4|>OVJq`orr%m7L_~&mKCGDbR#uXj%=4fL{y*#94Kv)XbkC
z?g0t}-(QWbH+`g0S3Ku9$hIK%VUc6L*mRJrV_`Zfg=EW5Io)j1a^-$_Q)E1go0((w
zV^fS~j=krUNDv4Ry6IwFCY}5m5Vo4Z*c(r!&E2#k!NRyK17Iq|W%`u6hsFD&WGm2w
zWSvJsyTZxQI92VM6aCOFY#hTTJ0**;?vfXRp&S?)Qg!ILD$!-gR<pHAr&UT-+HWyF
zgcE^nb#VDT1+0&q?p=)YeFm>D)S5O-eYjt~9E)#jZRnB*z>G}AzVx&cO_DLj8h6JN
zh|_W$@4AfsY9Lx6?k;6SX?te^-bt<w<34$MkRXmOY=lH@@2HKLzIFd*TbTEr4a8Vs
z2+D#~8@|$m$FP-liP!Ox0iXHy&|i>+OsD9IFx-%6BF}jYX{MxUjLjmu#`Hhs`Wfm+
zn#Kh*TJJ&Dc5GgUJN19_IIu=F8qrJvNTwQWR+EK5q}<ENSfjNc5HGk4*xN95>5nkN
z8oYPyg+oV`W&2-9SGAiG;Bxk{AW`B9w8suiL<fo}zI<~}LOVP126<$Y!h*nZu`Q%x
zpHTRlYkvvuu=P^#ZyJMf=95bGuIivvR`*{_aecpXVh#AEak7^5a6U(aHu{CQ@M?%>
zDi+cMsFT<&?GY@J5P7jhk()5E&(c8n<yESky{B5M-j-Y)IhwV%_CJ8oLKEb0_L>#x
zkkY!D9tOw8dH_vWjy)!=_d!}{6dF}22Jb~B7GFZFCCjXAK=!Is@T0&*Ok|BoSxOrl
z!TFy&mRF;JQ|pO)+|%+%v6OaRjQ+SYn7&rPMsd?6<b4U`i|3`E2ad{>xV43^zx8E(
zB;Llo%L3$sGV3g(h7bjBC!DcRyOuOLiER$Fwif~dzW~tFu6ve8@yI%uVWelABM)*I
zxaZ?vAe*d?klgm7nOu7kfQjMW`4tEU!O9m^xeDF=ZZ2Yw;MwVN$y+r;fLT^0f$)ij
z0{$W_F+M`a5M4|=u>>_~$DjDVWpSf%?@OX+RP`})&@k|OPTtY`fznz3OG)jPlelnZ
zJ&W>CR!VBb%G=i<hw;vxv^bz$25_WIG}fkzoFKjmr6eFJl~KL+mMZB)1%58oU2W%x
z^WlqT@&W$o)vTJDksnbLZBt|67n*4#6H1<e6)U6a%q}_%No%8Qe4~;Yb*oI*(nFw+
zTWy#?{UNNs<HDvQfotV?W%$u3fBP?uy?IY<Nmo)6biX2tL9)9MsAvSWI4-cB_ftBo
zLd-0zJ-pDM;VXv_DX`nFPwUISU2oHJxNz(fEG?CT8oH%SLt?c4%w(1{<khmwL}{NW
zL)96_CoWQ?)28c~=A69Rn5G~XmfsbA5XCsC<cWwp=}UjJrRCo3mky@+Ldlp>UNX7g
z65Tut+?d($GMgOa>#LQP;*4;A{MvMB_I1=L@DB=w(@&Gj=I9O<42?&nlV&kY<ye`1
zrs0WbDE)F>a(vKMAs86$+&=c2$?)~3DEZ<1wM`g!<ei38fz1~D+S1gAmDS^Kf^`7i
z&Q<f+2z;Mk=pFw=cnz_t_r9PG@Vu}h-|*gsk!C;oUAY{eqj?g)_2okJ8#}{E1SHFK
zc=EOJVleD;%<cVfvNL>=UzZ;;gzwV~X>hHt{6+Mjn1j+<)53TMFO9cwEoaTcF`umS
zbJvJD_%Y7TxHAp;Ow-T5BvKLYD^>8B|9F|MW7Yq@m78c%V7-BPs_``sRP@CQt)20~
z^?{geq|YVmjlyr|a^C0-B8DA?k9(-_Tp|ie9w`t<^w5=f{CTwa6hvqxy3wtCjqz%-
zH&Z7iQy=_#*4bo=T&`D@JC`w|8<n?Sl(MBs<;b<t$eS}SDnM3x{1Qr}+lHJ-7qu7r
z@Gyaee$%sGusl4OhEKifzf@+b^vEr*)t@PS59SVUSN-9!k@Zm(#eq5ybLX5Pv7|It
z#6@S(zp}(}Cgjs>_|Ao*FTQFMe^@WF!(AVDcb!g~=DTJzFvYat+86pK(*LzQQn1y-
zcj(Ll0cp%h&1e8xOzCVK<_K)!^GIhfb~ZnMK8xvjHVkkApUZ_P<7y2dw<ys-zrTbS
zD=bldv3mO}KE=QT11s!XEfg@&5BCc|ciSCZVINER-R?E;H~n!`d9NEH6apF~&IlN?
z-u(l1Xs+*VhXW-v);kBE&ELy94CbJLG*;F@nOj9Xz=OcGzNAWu=sz?LboUMGc+$T8
z=KqDB{tXc;b~HnH5c7=S5EuRXOioPv|C4x(Y5JA~$k6hdJLZmg>D#X^X$obuKXK-g
zWlJu%wy`{G^u7ki+wZUm^ib=n;&u)%&G@CGU5Xk*0bu+5A9lKzrWnf)-dfF)o5l*B
zn;C$Xv7Xt4Dg18j!)!yNqIje#?Xq<8B^q{GxrFVIY%D!V1fy?SLVr^pAveMW=ai%}
z7JZ6KZjgE)UGfsrvX;@s1EgWAUb7%;ZvXlCh=W_UL7xgkn&}V0Kkg?;u>bmV^M^vn
zuOgk_#KivfIPk*CH&cb}UF)Mz@Tv_N_d=64*4&)60s0pD3WK`1z7@NNflH2y!IjMW
z!SZ0PON%k#PTlasW6Z`uXQA~XL36hs#AwT8>VuR6gal^IrFGR!4iAQTw%;0dk9gVL
zG1G0D=-x75`AAJR>xr=l_WQv|<dl?q&|p?#YjN7Tl-Eu3#%bE!>fUy!QH*cIdr*9j
z3%3A3k@GaniD+M&AZvLAXG?Lc2Pw!Ue4-7UPFc0?&>I|9OdPN{Oqs?N%Dlws*Wh?$
z#@ZZwJGHB%FnF^?#a!_-Hv?4d2=m9D>k#hGv%$B~BMSXn7V{S>48M&koN&2i=v+DY
zEAlfu>$uQ%<4;B1=~mE@)}MP?QSz6V#e&8tQ|128%+YjYYdprnB!%~mkK(kQwYHFs
zu#`AJ6icAWfJ{i3bx{ZLt)$e|r(Ycb5%W=vKM8GYA}&o;p6N1_x)mth8yATlo1Z1W
ztwDd^OSnMt7dD%?POo}=^6HH)l%*o?E-yokV3~0lgV?pyLB{Fp+WR?+>k?nlQ!oFw
zArVz(n1%Gq7#9SR!ME?jWRuSRCQ377pRLGZ3kVCDj*M(Q7N9R$UaIGKkgUk;T*j_P
z>Hha<N|ne;u(j1BADSHDk#tz+izf?xi@&iQj;-ne=j<frDTOW&V=i&>^v$WdugxaS
z#3p71QF@PCpxQ;tmYF#b)&H!%M7;>1n`^(?aNz#!cN-($5PX{v_T0<65iZY+4fAK<
zB<)2rw4Kk+Uh%-NJ!S1E4PCTXIs$8NrPqmvuJ?~z1}|6=^9Yg8@}bn*{>T`NUC@^E
z+37Dv9=`1)@x~4Rm#16ZM@|GtV8xiu=uq|3+7H`wm65y8va~7X!0!99YM1U3eZEbz
z9MQnuWLO8eb(pS{Qp~v~#()g8Hq2^~(i^rU+H>ugBVX!Gea}u@V>4zoTD9t*D-Lfy
zdlH=Z1V(?sDkVxO>_IIl^;zmR)F<?n{vkGIE9~<H;a2OI7wS*vB`$&<oLJ1j(c*CF
zx&Vm0v9CLFBSmj-1Scq|9DZghUcm0VUQSBvy%`p)SD*9%<Wr|)a<xhNDr$QNM*}6*
z%pFB8ikUyQ=n*kWB!+c4^3-$)XgjaOp(ElTBktoGaCi1l#@hbRr{|c(MxMph&ne}p
zTSTc8pfx_eTBSaGvy9=2CGD!kf_kWPS70SOTJh}1^HfZ9M!z~Bvh=qXr_+C`04>ms
z?AS&YD%V<ce~F439oIWlRQQxMO%oCe>o&+gFRuMafPWZaf52~g&%LwJJaoD#V3#3I
zh5MmD?9CvB5@mI(Ph?sfeBS4{{u+;a%X=#;Y>K`&4(b)f%3r1H$sn2bH3ZSa=0?~?
zCP!!=$Z<EG?qjpP2~hR3HmoU+2;a&g6;m{!`o_lD(0NI#{j3sTlq`l_&%RP*g80E^
z-}DDHGu<F;wDz}8m4y8-;Cln^hf&iQbN7A#FZ<MlkcXp48mDJ*=m<4wB92GwXF;AT
zrI8`{d%?Ml-B<$zwL2bQXOLXpn0*nqWo0*{mia<{aT*b6JGODOx^ocfBb2EhW=6k#
z@=fq$B^0RX0n4h2u=E}jVilvF6|suUcX7>Dr^sg$sInv}tDKW_ZESfRc=!7ykZu40
zr$w=~^-6}v@>sGOI%8`;K>;iEsW#R$^*4^)XOKtMrW1J|9>Y>WH%TS%+-dWi3qMq;
zxPt=|%}fi^c2qk$b2=1Bc?q|hx+M5hMZh9pY32dXuB0;5Yb*v5W>T6j9vSI8h4ZMh
z=F7ZT&W2DA(uygmHLxfrao?3Myc-wff(Jg9;+!i|+Bd44$+9hAAD`E&j5Co?5GJlt
zSE1;C^<GK^pxCAYoHNv3q5Z^ZOG-LZ8Agj(_~Sld{pVbr)u+nV2Kd<P8&<4g&F^9x
zg1lNmf!Z1v?0XPLB7Cw|Lu@bAy>};ODZp~+Guw}{iyxc)`-l61eL^Z5sfaY|t6C}a
zYNfSnsVS9icc9ZXgmv|q2o_ZDNz?Odw^SWfqJmco&?fpA+Ke%L%Vk!3?4oyL%*=$2
zAwX;KjZ!Eg$NC5_FFd=zcKe5$8W(z6WX$bT!iFAUw*jJwE{F*U?MOq+``myn-}AZR
z=EB$pv3GT+s6B-6>z+2C<wOKAq$?nIvv_5YJThr!6AV<Y4=L?o6tjX(kBih0#xK%+
z8uaP{Yq;<C#6HD_Q2IC2MA4lGzPY?%c2Ba=mt9|vWFYPGi>F>YCKh3tKs@#MSsYLd
zH(KjKG+-e28gp%J?IB2oR?%z>BOQXSP`2WthYLxc+D}<WZbaxfPVOmrn8pBmygB%u
z-%}&HHkGfqwX+i(nh2lx>HHiWn^6_~wx_?3P-xOFO}^X`5*2hbQRim}HcFq!QJ~%2
zujPINb;wvOhk%q^z$#_)uCJLY#HZ44Z9g2T^^Y)qOj%a^%_Vhm%U3TRtzlM?vLJ&Q
zwEyi96L)9S<nm>SzZjDDob+%l7|9r<m7~pvBSa{>^P(Ny?vZ+Ld|7MAz!6R#;(b@5
zeRd*BDI&j;emZ!o?zDf!dwu69)^6s3$w^ilIVT*KFVccCz%SsDiF76&m7QA4vPip4
z$v0L5KikCDvMe>~Bc4t5Sle56L*CWL4-AY7Nkjjlz6b51`mB7a&mJp`n#2gaF*_vz
z_&PeN8l0U?-lj57*mko*h_5g$F|K_L5xHecua+a*K);+;ekLl7j|lc8-MR@lpYiYa
zi&}e+ZA>cF&r@ha8-}l&Rzp86Lmc)D)esQ6wsy&{`}ro50z>rWW)k)$4fkEoFN%+1
zgr}^47CaD89Zv;+gr>!8b8S6wQ36Rt3~y?9`h8=o)FX4v5u<wQJ5IltB8fr_OTSCY
zQNZiQ2bV<&Pk_cSv38azT^1}Cy_yDW4D;~d9SpQ&F6$LEcYIS?l7G5)Iy+FcX=O2t
zZy;IlvfcY9Bh!h|RO9jr{As(!*t`b^xp7QEn4K3rxhn-FVtaD!^sfh8ll3RAM!|VY
z?Hq}t2&jii89t?|?c@?k>`+Q?C1XwhL@U#QK6-|&WIfmTN7cOz)0pknn+~p<(J}jA
zPYiD>m#SmC8bByr*7^bO0okm^98{J{Aw>J32AcKLIiTSv#jjLI_76}}?0q6kCPq3)
zZKQq`?%BczJ|?<t{!91?h&?nu#7KTE)J;sUk$s-W4)MP-+wig$ogKu^$1)-1qSEJF
z-+jy2tKQ=d&#4tHi;*$Xmn+@3?6YBPKLbBSy7%UV6h=0EW20NRw~8%y|Dw^AOJMcx
zstzm6^MK^Hnp9*Wbn2<ZLVFypv-8*QYsX=D6NZ&!L&r+b4(5ir)AP_X!<~0GMXJ3l
zGCp^%AZ}(4EQgN<7{l&a=nb(WV(izIRN?KTY)IDzoWAx-S8a3CpX#j&uSWc9(vba_
z_3f_lfCQ%fSPBC$;voqzJ%?4fyzt2KD^ni{3-GKmH(vkg@QF!4=m{gg4-QbKJ2TZ<
zXgT=ibXI@{kwek<^GVl^?-1Qe_Pv)9<>MRCoGnF=lPDK%+VM-r5%<wr|AT7;1|?sK
zs=+rhWi)APv*exS^xqH>MwQO5mlV@H%)u<?nypQ%B8wNlozs<vx>x_|cWDwH`kEfB
zW{&Hz2=gN#LYp^kg?#SY3XO*6V2?DF&`0|<H#+zloS-!wG-#x09u=PRhGx1#z{E}C
zQIl6smqctFbP3e^o*FRi!Q{a>-2Fa+3@j;zW>H~q^xLv+AIZ=A2+;o(Lc%+*@8_A4
zWBw%GY03PejrWi0FBk<w+&m@m)A1+jfV3kru&)hs1=)HZLDNL%g5o0VA#pc56?k05
zx6u2=MCn&$l%!$xLh#tk3=qTnNmptS_D;kS<N<tkyJRI;-nW|30DURI?Rk3c98{PV
zLCPU9CmgShdNt9{$d%gE7tA1o6hKL-v@IKFxhWgm8Am<{_oDg6TNJA~^?*KHN6Do;
z2b5<{_EFp?E?M_XN=xYq*0?JOXip3QDcyKV(zNW9ucK2Jd*Q42#JZJros07#<ye(r
z0t4$6qNuBb=wXo(Jy8bQ=XwQQ^FK<{t$P}@k5*;-xS%vr6;{=hozPJj)?5g1ZZ2Oh
zy7X#hogSY`$tGw0Obr4(zVV`2-{)rCYg|_BIqP7F?xiYjcA>rc;i;Dwk&>Z2ESS`I
z;bXJ)+iX%SITd7r#kfvY9h~KhOsM~rTHIcPwg?#z^3tfB;Wv`1xOt!iw<=5oJ<DrE
zGT#IZQa?V6p{ail3QlGTKVnv!tz1bFnZlm7tr=J0`GY<de2dsEd(Vu#7)grbi0-AM
zlt$h1)+JD&jZ_JvyS4wVU>pv(-W(phl({Ora&ZZ<=jq*AF}kNiM}`tOw=<l@{MDrw
zgl6huP$pumLS1S6Z2`L?_bz*+Q)YVQH2%PN9W%?rb6$teHQj*Hmb=a@D5kO!xCcU;
zCbQ)Kl(O$7m|geTU`M|>iDJlq2`YDj{tx2G1I&-^nQzk`w+C;|>Y)XsA1MPh-d4z2
G1pWtt-=N3<

literal 0
HcmV?d00001

diff --git a/education/windows/images/connect-aad.png b/education/windows/images/connect-aad.png
new file mode 100644
index 0000000000000000000000000000000000000000..8583866165fa3065700b9a0a1a946dfa3e043ce7
GIT binary patch
literal 71209
zcmcfn^;4Wr(+3JCAwVEVfZ*;HY_Y|IJ0!Tf`{IkcyKM*-Jh&|G?(Xi3yE`Y}`}qUj
zdaF*IAFi62uIe7?zIuAPKjA+VBvFwGkl(#~hbk>4ru6RJ2mE*M-s^ut_($2kS~LIG
zymwNP6nR%ZMs)CR@X=gYUijU+s@TuZhVcK!NDfk(PVe5Kb^Z6f$EK6<`$xoc7T0iA
zwl{NjGjue4=U`}Q=ge$p>P*JL%*xDT!|tQ-?%kWew3x7pyWVjIyn#ypT)%H~T6D80
zrc}Vk&!?w9=-_3v^Jf13<UW*GUDZC!Kh4h%z;$y&4{Gq_T0BdaPk~(isfguDJ{zrA
zIX!K4k{lm-7}p684rfotLqQ1aG+=%1)UXyp{a+XF^+(hI>;LFKSn%Qv|JTjdW2NXe
z_^&J4Y9JQ!j{^@S#G^9|<v(UTl$!ty{QqM<gr@}jpU9cd5+?sA{V(qS{{p-8SpY<6
zbVW(yOY0%}N<}xy?^SEtQGEqfYi&3Fmamel$Oa}2wMFng{WshB=U1)x><^Sx^s$-C
z@u#R!6ZhO=1|RFB3?9L{``9Kyefj~&QE~34SyRbvNNb!TqVOSZc;;D?kwpR@q9^{_
z4AwbfBuXL55MU!ETy%sn<d|Z>(LVT6`xZNCKIo?oMJ^I|=32bZBn2P}>xDXoK_p?T
z(bL8p0YT;kPhag#B^+ZnGGjLqm9IBb^~cA4rzgt{yp(-vTZ*UjsV{5UI$jdmcK>&V
z3In9H0O#+_Sd$wt(eccT`_0i3(5nOL80qSA?d6lzt$^S!yX;Jtpb&;gnW5+oAhT-u
zBj|_Sv&KvAhi>k;(6ukiFO|4SVFHnw%|Rh_8vtxPJ28u-B;hIyyc^ltnF<B1;-i_?
zPJ{dY^ZqatY&>jLF>d=l#%bDW6D{*^+FYRN<>6nKLq^O=CjsgZ&@gS<A`D;VO)B*z
zRk-`yP4swSoZC-1cVkuE)i2Z;UG{{nJ1Z6$rTzODu$8g!(c>3ex4}K)Wq(-IC8otn
zxG6gNR>J-ZN3#u0x1P?3aaP6N=o$A#h>iWI-Z<si%gDK>`Bhh2%kTFq2KRiMf2kTk
zh)XJkms_18mH5FI5GB=UH<M5Gil;s9|BNTZm#TezT3ywzl^R~rmBwJ((QE82a}_@y
zc;cEG>>i+)F*>i{qKPk_tO^k2fNR)13j$VFGdwEV4YXz5R&wU+h=pKu`Eue!PP>$-
zrDEVAbPFY{b4MJaI`p=syXc~Sh=B6EG~NL4!hW4s6YGoZ3zkrUMf|fbl7;o8M^p5X
z^F4H*)e-PoWAv!@cIGp4wf&#VC$bObe-u*0h)w@Z(*wc6r=3>al<tTgz9rQh3NE>S
zMba)dwBDX8`{AQ5v!G8uR<TulwmqwOa<QF#hh_27Fh0rOe7N_E-+IL(Q8+%VZ#%oc
zwzR)QU3YHI3tLuCA&4<5PnYWE$y#OT;scU8NG`i3gEQKAS<`;^q5g6>#<9$k$0w)G
zd9SeH)~nEK>G!3WsJq+Id*p8br*anJQcG)H(s8rc(ee<N#rU0B;@kNp-K>zwZHApy
z+e1NhAw`q*M_~C{Qkex&u*=l+EznM2K3i$L!ZW7XR>3*pSV%9e=_%}J_X1M}R=-=U
zVLMK|JAXX#&oh)&vV!_5P>I`P(7r_{YCH{mFW&PK-ZP&jAJFqW=l($h*T1m|WU=p1
zb!#8EitK8*zujD!Vg6#DmKZT5)AnYFukKabZbsdsWj^DEIs^C%?sr(7$&^z-ChO7;
zVaBgV{(K2OJ%Mkj2H*ym7G~}Vsv-)6qSP!VJLAn~(JDq$u8qeGP^f#Paod=TToHEY
zk3mZ`ih0T;MpPy)XUJOwtKWlO)h<F+cg##cSB#OViR3QX5I+td;yfs$1-l^~OBSYN
zY5jC^a1C713h%c0E=kI@cYfyK*S&@?r*L8czoe@)P&c;X#ZIPFfgX1dA>YSM`Wt0c
zts&a=vW>oqTVX%NjK_HX{Sn2Z{-wAy`@_zl9<nZ~K?ZtB1qF<X@#k<{bsX6jcWFFS
z(hk!-^o^mva5Zh#s2^p#n}3?C?)Ij|Mr|y|?p+={dQrh~_SX=f@2xl?fOPN8c=;PX
zKlcdFi+8&tI>C~%b+(&R&8E3u0Y2Q=N};1^7pvH<i_epuD>W*&MLd=~Ufn#tBKCGC
zI05y?$}Z`N$>SxYEStg9R&Gi@^DtC;*~VmHxaO;+hA#;E*YKWjRAo(FYFEZr+s9W5
zn*_@rngp}x9}>4`U!5&Zdtc!+chsbiwX%}8wlE*Jy*R>~_3o3Nc4Zb%9DOQxt|o;!
zbnci=viPY~9pqADLzg6q7FuSrru*(-oozprP!+zZ;!IUffe#`%TdMSI=0uOwx~#mV
zTG2CS()c{Y67i^>dQoJDWPWkFQBMo5P@bGJKE!)jJ@lM<J*S;-!)4q*KV-REsR|bA
zu>N{_3X)#0RHDAH)oBf%WRZR;X>DLZ4DZ<Iu45U$zJ%pO3K_fTU@GdbW>iIc=Od?o
z-Nn9m9s##BFenab)-%uA<uPANSJ$oHKW?ejpj|pFnt@zNDtwv(Xdz}Z=~wpN>W7`Q
z5sWOyoiJO`PjOr>YFfYqa1fuqo|wW@j2Dm@NzpPSq*GAE1Q#TBIKF%;Jy&O1<7v^~
zzMT5cmo8@;-$+xy$>nD#FZE0dBP1hc%EkL1necj#euvGLQZlwR`$=l^rq)_8y7|@x
zW;vBKSPXqiM|bXqo<@YADP2}99vD0L@W+HEoaCMIbinD`Z}y7Q+mxJd=0A<myi5vm
zK&>=*6ct^N-r?sH)|;%&t3z)iQr!1;E_Tz)_^(&F%t#pu#ov5@?O9#P7l2Pkk(Jl{
zx~P9|x3h68OpZ*Wi=?Do@^AWn6ERQ_UL6KsY@tv^@xA(e6ifqirZL;dP5KA6aClP2
zK70Kd8W7uUaVIB5LwTz(Ge#>6?3g>zeC`GFPmPV0X4N~+mkN9vy4-k_RiM7QwfnfQ
zOjk~Ax_Av8lBh>2+<v}9IknjuZY%QyU#E?>)NHWQtLf`CoOxA~97rV9=#F|gV<1K_
zTFh3#<qGsPO4kzilDA{=I{92V6i^3kmnkAxDm@B4*u^4kO~uEXFkzefwmjj@bnfg{
z(NjkjWO%am%5J-fpR=e8sDRnZofs9uLFZfFFmPOvly$@_;=3JuSmU`7AE7?W?=v49
zv8MM(Hoo}qd+%ui^+{#?#CyK0+NN*Sh>8YChsAX4iIvDvFy<PI>|>S;$@-T3r88Q+
z<^8Z7D>h7PYPnp&LY<X0u1+bsQ2js_E2~MOUk&kkLs)UK!aRYqTCSQ3XKG{8T-O^=
zH19PU9NGn2woC4vm`MLlyc!q6-ZRI-!)58}zR@U45&jrC8p=FL9)!qcFo%nKwR&z)
zXS*;Q2(7z(@ImyJ2={Im3K_5}VsRss@<m2N&(Zbz)QX5ob#(GG9p^_EpOEcFIq6+>
z_vZL#H+iGUM(KnKExrm{&tmU}=Tmx$E{`wzDg7g0?Z&sXRvQO|iym9^I4AXL*>Cd;
zk$=3UZJ^!wMrouOy)T2ArK>fN1ARNwzM*avagLps>E(oa`ry#Er5@$a%2LVGDPyb5
z7j`hiqQF92llf1K|6-{6y&ZLc^TfBi1pH&XH4^Oz(;ah8=roodG7nl)0-FWh7~}7s
z32EJsVQ$bZl+YyQ8(jOyA37&Yb|bRo3cJCPr!|8^5Bxv;)IJwK<vs4qo?Mvj4_hB}
zo@dP*Wlbw*{UzbUP<Gi0uXp+hd9f<p@uM>nQq#s-T>P%0wi3<z9kk{I`}o`a7WpDf
za7wnMrlw^-0R~pRrw`;}g}VF*+s%aw!rp_btBe(?VJiqao-fP%P*nu^v!(m=_caNN
zXLCs+AUWRi$IJ7V#KuV{(m;|&e|UP#KH2n?2=r!_LLE2W^_wd8#|XCvUgfEq`{c)|
z<f!RK=uv=L5;48eT5*1qr%Pd8uELKP2u~O(d(x`1_WAL3eWMRlC2Gz;ESCl@r1~mC
zOz_?r3DR1hA|jdbNMAqM;46u<I+dIb{=9!)Jc2w6rgEdS^`LF@grOEZleL@P9u-5n
z08Q%-T*Hr{aqVsbqo<nEW~oGpbo6d<Nh?{l)5dtf8z-C{DUujB<qG8FeKi~JCQ?M9
zxAe_3vq3o(%D>`Aw5&n+=;?zGo_pIDeml})A+6qS45x=3&sjdZBlu~9%qh>y)ILm-
z$;n}^85)=0)%hVWa{ZEA3ESJ$H)f_Q4cT5E3Lnct+WYFhoary+*QGJVS=;~aFeX_y
zXjfhNH5L&&|J8RuCS=CY5_^)k$>F>_=G(&~twc+6+LV%;=1v3EDF%L6SwoOxm1z5d
z*@&+VSvaBk<P+@12KW7OHIK_VObHTR_Hdm-9(A=UJ1y&D6kFaDj(3A(G1`Xjt)m!X
z?p+^7epU*pOK53a8j^M>%*<O^_a`+Q+lq=spHFITh>BO109ZR4qmd36&m9NLy~qsh
zXq6@K^YR1Fn%Lc~D-lJ<UV?ZMupuwf6fff>{m*P9I<FfxdcU*iFAk;>)0Hi$+t$C|
zt|awDnG0@A!A}V}*Gkz`yo3ptHveTC7kc8H9})UqyHs!sr=I5V1#eGQSfVPZEGSPb
zMTjkd6Sr*;8=so9&NT7-G@0YSUt$-yw!xjVodYy~!}Fz!>x7w@`;=>9?3@96YSg(S
zb1#zpWqKkifRP61Xyfahxb&=MDmh{A@OfOwkSm?8z)a^0l?m*EOETrNl4FVI9@4#v
zL^44vp}1vR&)lwG=9>wXy{S=o<i+K?LEb=0s!%8WwEp8jfJUg4N89Q3&Poo)Dfm{_
z?16KmRyl{tH=*G92>ZmJoi+`9e(-ytg6#MO#QBBM>SG9+kB5-(eCA5J%7D22D6T)n
z6Ndt7$?!A@Y{bV5Tf5|?!Nk1<B?t4uw}bvo8pWjWWH*5OS}ExH64GMjlRxsLe!PKt
z5sw=aQ5HU4OR>?91))(ozj7>Ssm~OtFg~R1>GP*9NxdJ^TS7k``l!EH*k!s(J~vEN
zr5kC6seU38nbJ-XbEE|iH9ztgBIM4`ukXn}DUhc<!Qje+PkCux)GCIUD;OYhfy_Mb
zE?=1u1NrI;8kG;*3J%~Olwf4cf3a~T)SNCLThCM_z#Q=D7TV6)(#QZVSKP^0L>xM>
z3xu*GaAdT^(&vqY;BLP&h`Ezf<l-y@`R@h-KUXa!H6Jd!L7&2;u*-1HiDmy!x(}jI
z`zw=u%hdxTA+b<ewJHJ0+h8d|D-B47OqT3wFMb8Hv8)Egc<g23ts|s)S7PwjkS>as
zIaVr8)!Dmf{qZX*dzezDVkm|!megfRTy5bjM{uw$A2;BJkL@qnVA`$dXqp?R{kZP9
zOh7|PeNDw0i!#%#p=DPT+vdox3wD;Wfj|d0{i(XDD&JSHQ%FHNYb9K?_`9OG+J4E4
z=cK+ouN!Q2?<|pj7P)(7k+wuP5I-0SnTb8Vy1o7mODlvt>v!*)eGKV5kKNo64?&aN
z`eDP1HO=jo`3+}O1be(}tqa42!UeKCd!f1uz5PL+9WQVBC(y-(IvxYA0a)`(c`Z@1
zwcLZKS*!x8mdaVC)sU8ouU4RoL&+|U@h+cjgaE6rS~KmzBykMIbmOtN=(1ZGq3Zfu
zrVo2!K`!smFM4n#a4`Yafl1H_9t6Z$>73?+N87D;ncHQV_}zplJaO%ISAzlDv;GZY
zQ}pGlCN$E!1SCtR1{Na53A4mA5>6D~YVn^P)*O+)CDb>W&N{P4EY#-4b%<f$H+hwb
z6w3Nacz$*4T**+;h~<%-<bTr8Y%-*@|N3}&{Sl<(5&p-6^v;gHz_>&VAxK(BO9I=K
zatohWvok-|)>JK6D7Fs6e8Yn+*#^y?<On|NIY~I=J{2nhMSi;Z*VFn!IFn!|hIimA
z43D!IK<iy$5p8^>)s}KQR~>|6I|7fo(YV)^J0m*9?>Z~FJ>#jp``R<V6;W<Ms2EqS
z^jtQ<TQgB6%T6QN)pIm2y&9=3kU3i18Yy*+hPKt_-!=j^;-sgpR<x~TW`0U>tXLV;
zmPN+*u|hxQJ*wadYp`we1@rN!ZbcmxY+KzioNB50DYmdo{!FM}qN!|JDocnJ)Tcz#
zv)Q%a8!EiLNHS782`<PWY*u5XE1}xz(&HFh9G(`6yjS&{Xg}Mkb7^hSRP9;SH~q4}
z5aue4shS@xNbE5k8A#QZrAEmdQ;W-#1}^S5xcBWIyfY(4VJImYNc8WOG*hc(#C+o{
zXDbM(=1&!QTi&2(FMA+Lz^_&|pNYt`JfqKbv83U_rluu{bM`f3Lqt!;!l6OafE;xj
zNhOI|J5`$?xRiGM6~EKG*&PtQq>fVfjhL!x`|8Rxo~Hrc2}k1hmXM`T`M#g=D0#*d
z_pC}g!TH_GFgIiceDjW^@h^8Q33S!>=F3>vMF%r<sH4&s^^#WXNE6|WUzb^E&Gb`R
zpop$u#n-}IH2Fi?x=7%83y};!e4pryNSs)!ATW@x1jz=I>4p;j;@0G#5RsfBiKa}{
zDqT7lJu#2JjxsIPbD*=%1?G&e*=&`=J<;cuLrd)i@exa(^!;VH)C;y<>EL!}E7C08
z|6U|oCRjGyu{$E=2f@jY)6E0dO$*R{Q6ze<(fk;qN5e<Loc*(J`H7rf;&4Wi!kK$;
z{rw59n*DDM8!B69?Bb)v9n$Zf;DyF|Ni3~Mfz~XRo17Cj9lqq3HTZ8sBk$Y4JT|OL
zFc{8aawSW77M~D#mS2C)QnBPlRVi%zMxZ9v>96a!vG7E!@@Yp+DNZ?BzBihN`aoW8
z=95T+tDG-M`r}#M>p2V#+~WBsZ#%NSA_@buB{gDL{wYrbbFd1`j)(Ggc3-=BDnuDm
zKv(u%OhR-^;jwj|lTyBRc$vh0rfSHf)U4eaFL|++Q%RzvTB&$uFvB4);ib+oRYmp7
zm#-2*ypwoBsW2Y;inuEU=ieliD#|-_c|Rn!-V=;b9H{1jPFAxVFOD(GQ&+Mm*~fMt
z*tW25*ret$TX)9j1B>n_4c^{))J0{RD~Wm#L2qR3<Q%Mc&nm_@!t^2q4FwO4;<bRF
z?<K>jGraf@7T6S{3@1N-`g}mlw-|<~DgV~@S9FKtQ4|Z*n*uh(+bYRY22$kdZ0&Rf
zTCP(E2soJ#SkoH}wtX!PFO!}~Egs3llIZJ*|5j&T+G=uLG5|WWA$cfBU>3#vgcd)f
z6tAWhb2nhpBCGshm>-7S8Y+G$IB-gvg@*Q4nD*SWc{-MS%w4k$D?Itp{3dix82BQ{
zfuRUGo@@h5LwFx!Ps$W2!j-T$y){@+UkQ{>DLuNYfUgCkROAnbecKDz0Zl~B5nB?+
z1ELl3MCkwS#)+*=xdF+j2pN5QEza2dd5}%3dWnSd4bw&_ER-jX)-?V~J4D#0yxT>!
zLgG6iO32&zGi`-~ku!}clabyM$>ljLT-hW<+2gXi?y0)NR}7J+m8O*2*OEkGhryY(
zv~Ck-nA<=Gkt24NE$%Uumf_XP{K7MCiP646pI>YgE>WR5t?3RTVK?&%GTm9$siuG+
z;i7auj5c1!q_n8Wd{0e1>L!5hRhSLH&L;OB(PNu$+Apxid~D%78S}<`tUo{FZiC8q
z#fPjX7jt&s-1mLZKfBta4>?X-A1ZNcb3w}d*b0L%HqNM;4C!!tQyedHFwg6&ZB%iZ
zk<7Gw!~gLAMqCbtI(NIKKwd+tE%5n|ZPMHQGTJWqzcR+Cvz)nez)F;JG+(Z8+D51N
zEjp|iN*H&hBkG@~X2Rp@&~8%3uVolyc61>7#YL4^O_rz>XgBq0Z_>Go6J`@!KQZn|
zBXWScjVX@v&;0KR=s)h~qhL&Vx=D)|h4>OA=oBqzto0E`HE!uX>biMppYfd-hX_^r
zVTa~1i3c6FmP-bY*#G_fFMJ!{y^F2_B=S^~2a?`MRD)VA|Hjh1(uSUU#%tR4CJ=p!
zB9mg7CTi6Iq40i2`CO0+tX^qB;ZaQAC|5BNRDga@RXCXb+TV?xk%1781TfpHYCJV1
z!{&MgG^5e&MVq(NJXeFC<FI=I2zev?;;&1e7E=&22obQ#=hJS?#yhZVJaB!y-GN0}
zs@5ibL>N-v8}giT7Axx#N1oH_&i~whUzJtms>VHbZhgyZEJQaPO}JQt29`Zi#TB}T
z64RF^9onqZ|6~B9*r9IhftO9WymROsbZ0QM=;X#XSLGdE!Bv2=GP1vJD6OKKWh_)A
z-rhAK(3C1(A#Jg2+CajHFFe9djV5A^-0IYwrz(izFvs%zgy$h69y8h*Z~Sa#EoviP
zB({VRr0o|t`ieXU`;@#zzrV)%fLnWasq+k?p2(_KBYUg$egSb;H3ZggS`6hiL8I-r
zNlM;iAGW(iO+V7gkXq9l{j^`=&&)U~@b0|1{`3ukwm;7i#V~(3<6Hcn9u)WP8hKor
z!1Qt+ZbClM+E;7)1wW|R^;$W8&hs=+dY79Y`Sx!ZK@)u);I)x9H(ddKjccYL8?Q_4
z0=aDYF8or3^T<F>ZYcP4Z}7#zDi-)VNER<c_w~a=88>99cwdMDnaiG5*Z0U>gL_?#
z-pvoC7_t8HIpM2KbQ-H%>~ch-xjK(LF9#KyLf3xU=cAklmBI?{gIS0ZG%``IE?P$<
zHG#}@LRR!mO>Xh$CfQI0IaZHk>z%F7C^a%uq1W-iQa|9ifeS4J4b}AZ5~Vs4Mx=XC
zS?DxhXXHV}wOy+AN(F?1EfSC4$`ll~>BeBqoXtJMZrQd)8OmB*o%I%!EXVP@PW_b7
zHMq2h1?Is_7c<5x=;d#(d2wGz<bC*A&jIGid?@>1Q38t^qISe3ePS1ib<SPMOo$u#
zo(j*oO9)`*hINPy^g6j85mB2StobBf9pa#GFRe)0Eug146O!j6GgJ*0P!(JFX!)+y
z#HEGbs<|&@s=}76Xqh|Cwd;uJCTL-Jj0Hf>A7b~@NbK!4FKI`!B79#a`N%P6Ch$7H
zhT4;?iFnWY%L!>e&ZsVWZ39mJ4s?w9p9;}MBzD#VoqhEci+8<bu2`z^SS|4+?M{UA
z+LC0mIwqP&Z(Mqt4wP}W?!86fKF!a^WF2oXv!7O%eq;9FOJ+_S-w4V3v&7-dTGFWa
zT|d^wb}9_l{#fR|E;${ldwVo8I6jo-#$w<m$G)p*rx+$a#+V{cIzLk;Hdc0NFd)7M
z@)YChUW<EQrBy6dw;x9KLENihXa|`k3x_nP`-6!-8s9Z$)J*SgKMu5)B}LP`j&@0O
zi;tjvF4V@Al=n{B%sr?;Rl7h4vt-755e>mNet17J)ahsFz;AUih_pxfWBl`1RU_*!
z{hqNd`8GF7<+Aab?MIlwHkX=U*4RbHVLYd`ALU4+dx5K47b+SDVQ03c<4=6_a#nr0
zSXz~C7l2EFW6sQt`ahtsHSK11A=!u)@WBCBIy=yhn`Dg&y2cx$lwmeRqu?u)oSCbz
zIml+n>7rksQ7Z`d`+R#kgI=fJf6t8gujWrsS*0oT&pYO(>QEp%28BmvU0_}4EQHaH
zQ0B9=gjGT2<fYc2MoStWE-vVzY|p8v?YpdPo!n)v>EziZ3vdR#l{7WLXwAcgNAp5g
z)6F&aH=#}K@u?%Oba^X9<5hrR)a|&@Mqp^qE!CJ17P?|Fy3aTq;t4-b+2<1@>g`7@
z$1>y5!n){giO5|h{AKx>bYu^7TE@AG?f4fQJx?bT`5TY8n9t>}**9eCj5bq+USfOm
ze<Nfth^rx=*tUOj&6Kr$ZTgoo&8>>}TDo33qYX#N(bL<pSsQ&GdPfs2w_8qrA@=k%
z1!RumlBYOW;D}JLC15L7XUxo4%9tRgACbrEFJRB;DUdtE>_Cs4tLB$aS0xtO7C|WG
z5?Es8DorSCUzCoI<>f#OMI$w|m!i~bYQQS<F1v^K+$7#myy}}oIh~5yt2pc5IM#J;
z_vI|&r8$7T%Me#Lxqumh0ExVgV0QhXXD=k=OKJu{7|BVR<7SY5%R>LyORUd$6ceC(
zz8_Kcx#6iv8C<DON8+>g5#bSYwer1r^g&lH93}WFI?LU@9r%9!bA0u$WRecm?PU<i
z$@fyA^%L4<wy+9N)RPwU(irIen)E~P&5L;XZCU_7hT(%Ym4o*a>+W-91U39thVQ1V
z$wrEBqwGAD1Q*?QCW~8OtjZtYC1tbnK$QFr47xnIpeO$$jOEq;l_U8Pf3BI6WpyFc
z4zYgfrRZj#FD7QKrikKC4a)d0DdxlZUo8TN;N4u?yk#m|Y)lV+?pR^-+T7f%V2GaP
zXp2|T2G**aJHL)%-A-kprqk*1WV%FAGmr5c^ChEc`x@W2h@b$|PU(`QxX1^$^tJF?
z3|IaZuROv0RswNAxguj`V>S0nY3KpFH?ww$H7V*W@UmJ{3$HUHHvxa5Ln40_>ulpY
zFE#gO2&1B*$eNm-5RnA;_$oiJzOo=AR{f(l6&F?JfoNB1yA@;PZTRpsp?ym?&{K-y
zy=AjIIQ4I;F)4dl<Wfd{Q1THV>}*kOXe!F$CswA>uz#npvkgAwO93VNb*xG6p#V|Q
zEtwEg*2Ci33THm8dEb)}`gz~swrtCFksdK-!^JbXPMXe0ji=d#eED2^9{I~4^VW9X
zG(lw8awmF`_?wkFHyWazd}3p*H;?`3YOlXY6@&p%IwRrN!boH)J9oAA(*ny6zAMvn
zKb)F7V8^yob>4U+xlA=9H*CsNik5_6ChpRT@V&oaP$>K))L6MM_He8pw`S}7@aEb5
zdyoH`kdj7EdKu3({z6QlLU^z8$6^SCI~!GGpTfAOk+R9ry8gRhR(+NdlD_Vtuw$B<
z&cu8uOp>UF({|*q8JF7WD-$=tzu2+;_xfGE?BSM2XmIjG7^_6qS|Wa6?(3@WF78E-
zxvaa%t0BOps73_gSXpvA9dmd!R-nIi*xU5H81+cP%vSjnm^H7BJ-uJ5C_M?$rhl|U
zOXJRHrn#CjB|h*P(RCype~u{<%8xIpIGbyS-*hGOXcVa?_<}v!s-DqRE8VWb3D4&S
z*vaQCO<HU@%D{h|3F)TC>KAMCG58`HXa&a*BXa6)DTqEYPfNjpDlN9{ruE5UA}G}j
z%^*px<LL5*yQIN%42>&q$VLTmaGQsV8vvC}XH6H_#sZ%gm^XT7WueT}_UlM#iLb4A
zP2=;ga3T)>Vlm|{#U=;OJz`(X*XaVXRu|$6IBAJYcSpcF57T;=5md)jXiCe}jf5~a
zH>2(JMQ8Bt9~BK-fkx(^NltUy>gPYV3=^0iGBX~k&)PBYBg&bBu6rJ=5Zj*InG3xe
z5*b?aTx>WV-Alqk^G=D~_i|jFQA=0Pasm_u^~YABZdFW@!`g*J3<k2cTko3LuOieq
zidV}@A6?m21qC~9+%iYE^`KQc^ss49;h2Axy={J#4J5S~O04khLS5gLA(UD%WYT;v
z653LG`yS|dca`?)8a`+JgUTH3tf$1BhV1GoS7q0P?It+O-P$SJnG(CiC=VOwcb!$&
zwJbu;X9AbSMk^*t{ndY^GHd}W$%KbunGYgM%IA)5YaW-{%o>hThdaN#l9MsH9!09h
zhG9vB?Hf;UMl3MXsP<hsK_a{!{BC_1^v6MH`}a#Fyuo3`m`$Y$Y7ORjRa!Q&TKE&f
z_nkVv$zkVcg0-90z)DL*Wiva21AqScd`5MWSuWX<bE_|XGZ%2~P3tUtQlLY@KEak>
zSyMfNGX*^{t%UVPi`}i3`qodDvU^h-h8Q#L`D3UE-TFiSunk}5Z&dK(oGsUGZU>iM
z>}HCJDSw6@XI34e275#=y#YUTM>C`IQMG6rH2e%LpD(xp4K+dZomr>rm5Qe)HJxmg
zBtfV#2|~IBg12o*t%btojxNFBIAY?_ufa;K@e{53+jHDsn&3kS)t@o-AiGB)^Q@0F
zqOJayLP#jwO+h*oAb1i+))lGONUD+c+1R`imo2TP6t98#+=fHRE2alvJa9s2OqDLJ
zz6X3vnlp8Y{Z&?b`1Q}yY~WjpqvdqnR?At8*<~3iyAz}boHP5*jqeB++{BG@gzP_8
zIQMp8R?EOKgX5B_o2Cgpu!9qje3OC@WFY_5XAD4&{vfSwZ#Sdv$+$J43qd^oXMiBr
zB_ZcQ{b8kg`Ri92Z|#EekjAT=o6<X?q6`vGxDsRo-P)<93Tw~bEUmucZyoDZ|BmPr
zsy8V8sExwy%Zv5jN4&@Oe|ux#po&tSQuW{Lo85!`Qx#g72{&f@E%iK%vG#@+?0iFO
zOGrOo1rfXkq_$bktY((CQJGG)uN|Fk>%Ey~{O3=igw+1Qa@yftULP`7o<~gVKsFQ?
zyVN_ya1}?P|HIP6?tN6249sr(B41KMWxJKSG}4E@UO_f5YE~{`@DI_`{l@nX&-2W)
zUtO<vIZ=pIEc#2ZobQ4f@z;6uvC~Vf`u_k$zTHu$A&-*qA)|@68QPAU^n)udFtXFr
z-9gcD76k9whW~&=ulhz}A=$5!o~$-L>6~?>?93;_0)bubhqWvXwx$>1_O~4WO(;a-
zv|YG4F1*gY=@B42GWwztBUp41S%~((^}ZpoM{_*$H0br7B5uBN#!An%ar^@={7aMg
zvi*MxTKaz-1@-?!pikBSU76od@e-*>t=GJ_>ev!-$Q!aGbrMe=iM6l#Fa%IE9>IHa
zfTql>9q#pJ|2OH}BXe`SbCq;x71aY1n13=%9iwE){qpMhH{m%+N++fr^fm)flOl;6
z_O-l22;3wc9E?Q4=Vt*HqMO$vLxg`Iun_+^$(GBcdLkHdqvTMKt3}BXub#aTpdhi4
zPfQi$jR&G*z^OV;kaUE_w>FeQiRRy{!%Nu6p5i4A?6-}&-$szsyp{a}U`aG{t?>V0
z)4QSPAey=r-y-99dmFa!J&!avd<bmxb{O!b<xtVVNuK@W9+`0}`gGZsw9AQhZxS5x
z2_@?n-D!&lt8$vgYo>_ku$rp0N%L5XdpGOp@!kVVc6NV6z5+v@!hfa{l8B2Bz}xAq
z-Hc}6viPG=Rg=(A7Y#m&`h;V$@5c}rfR=#0HE|8qLi|iDw$qH}@TmM&sBqvOAcnXk
z!!z&QX8kU~`%xQ_pdQP~3i#m7!SvvrzOS=qt>tp1?6z(nuH1bjC?I*Y8`CeI(cok2
z8;p{ase6C1Mp9D+nWJy^!nt?61F!BAoT(;eZM+-HoJhf?buHDb{To+iu3g|3x!tj=
zvZh;|73k`MhdGxGo^u>fs~4<obI}h6zSfmBR`?owaoD+OUjHgN_K2||P`Bl57!#;F
z)+%p;O}^L>RkHxn-A)OmbHAe_DHF!?p*L9y`ueAz)gf`0uh(v_ST>H8p>9{BE}lvF
zHh0bM%5w|&l<H>uZC$-+<Q5psFn>9TfGTLX`RKS%`mgSh{(J6f<>@j+XjD4VLS1F}
zw5igc_~#ojCC1A<V|FEb!y(+UYwRg)7e3|5rK^0mmva$v(mGo+BL|JAz!lfsvA|}p
z)B9B^ABIch2eU~99FwEhC3l6duXO(w19mPf1Pk1HahJd5ZpJR^LyWrz6e0HoSXXv7
zGP~u`UQNm|iyWnS^mQB?zd`&{Oj<o5<$e1+zi}69#$xJ%Z9GO^UKThGw}t{U3)eYI
zgFuTxnT+eTqq<K=J=y(-ONBXm4P8S8hAW1v?Xlc#_$Y6b3sQo%9w&EiXeH4Z+OBN7
z$A&v6OWjTU_NS>_Nhj#O!=6QlQmqzi{1J6kojsu*)k4i;ylKI4m8@Dpd{V=Z7!BK8
zLmS}FTO-FERyAU=U<Mwui+tr0iv$9MDd57Ge-!3(K*0VKe*g{Yhx2$%Z#7|joQf}6
z{q93m@0NN)F%ER)e~-AQD@-cZPBtPK$d~;5nz2nSw7Ir3WYereRPXBr=RqA5_XQ>?
zZiyc(j;+BTXi2;mt^Y^JmU@hil=eWJ8eq0)u>wTlZ`n`BlMu;6r+$DX{dFp<{IbTH
zP%bZ;*P^G?2DoVC-O%_HjaH~V{X=>_)CgU%iNmtjwh#ey?jVSmUykguQLO<=$)7Sc
zQDopIHrhPppZtiVLlZzTG#+`@w(#AmF<PDZNW3pZmA|nq$Y7EJ(TPZ`F9>TJM#j)a
zUX}}YUd%w&EY=$umhk7tBel5HL(AVNtC5FScz)={AGy*JBzpqU`o2yov8PQsrW~?$
z2`J6xJufodmv$+sPrA9S1B~C2s}>UH<OAqO7|B(J7F(t1qPz0=!KO(>F8rC-r;ABP
zh_neFKt-DEUK8_hCb1AUR{He5Nq;eSwYcBp57i}Yv+tKBR7^gG`{$c{9k4gYCc!YI
zLiCKw)C-Hvn{C&`i_ZCgRQEL@h0^xmOg4>%90-V@o8`Ji%M&f-Uc`rqaV1o~lJwAs
zO)V((ZHidJ)iOe$e`)?0eihhR38M2&&xh^csvBM17OF;(zTfPuvEG*zRwK!OPkwEQ
zFFnm_&%p0ZrSLgbN$nZ#V3|Q_4E<}fg9A{OD6;~ci2%{C>^xi4T3UaJhb7<7u}ZkP
z9??`BUgarxs#Uxp9rt_S51}oJmqBU9K1N`AIa8O^*C%LFq{Fz&RGl(qIsPJnxvQXM
zu+r{_N#YdDYUJ8+_b-WLuHQ~@NH=AF+Ewk3Tk*p^TVS2YX8W?fU<QUERf1TRgYwm&
z$Rzabw@57Zj9|<Bq^GBeI)6SdRyKbEy`ep{Gm*n`ysb3OKe<ccJO7e{SzcABu@m35
zB>&Z238lu(I)fe-q~swA$K*FUc7?i*qFS6N6ie$v*_4>!y0aoo3iOhx8FjUWHSIfQ
zFr`zB?+`BAhH}~wEeF43&mp?GXDOiwDT@J~T)xTnrZ8fobnK~h0n;31t=*1(+Mv4V
zlf1p;?d$72Q=Ly>_}(e~vKm`_N?XPo3=3+?c8zQQoo-VP2ILQx>oaK-RR_rUX*rm=
zVOUSYm}%#isQIdJpYe_CZMFIb@UX;e8fXumkddtL6owsu35>3#uGHH~d!H1QoJyo^
z2;>o~f`5?_((~jTrG*;C`)H`BS%>}$Snz0B0M086MHK8c<Q4UdTmCITvl=>BfadbR
z)w#jFX(2!vK}WVy2!eVvurKzReb3ZstS8)yk2%n@Z7`*i&QG#1YjF0p1Z*39?Uj*y
zgwjPBwz(H$*a?)Xh%)R8GF!R2@fpkF&`7s?7hV<5?_wp}rri{s(9xO4zZ!^Cg;V--
zlHVCb>otF3=+6t#9^H_sO_q2;gx(edQ-3@HYVBoji3Fwe((1gNUCo=^)uwaAtw{)0
z{oK@#yA97I51m?5X9fb8_!FL3PG!zRR!2sw&M&X9z&Z8-DD7O#cq?foT1glG&;nh?
z&FpU}G(ql9tZn9!eKb738mTfWLv%H7e&7b=+fX)B$9=(+I11^!j_Z`aa&xdHXm&2h
zh4ai0UKvnZ!FLEMoQK7K1D_@*$Vl7Jr3A{RYR8SNVr^^QPU4oHa76`j*KQ~8-8uA*
zZa<jhd;;hbmW8_R!TeqIJndP6L8y(ex~i7A9}2?XF{gROHsZ57+1Jnh+zgzy_*%03
z=3$f$JL_`7@&X$R^FpL_<`GY~%d((ItvlabbqR(KgG&}N=Q0KCU2`aMlM2i6qM$hm
zj0*Olrn<<(Vm}%YP8oced0RPOjNz(ynZBAAR4%gz)Su#aJDBtMqiUT$ic6O+R)y*w
zOpPrGnsU)7@CPqq9j{ys3PS>adpwDeM6Qi5TgE>>Zy0!)(kzzh^6BxhhvYNPSFsde
zJ)IJZEgi{fz~~RSNIT*W!o4211j{{4D9+Lu#waGR#?$3+h%qt#93(*uNhe~n#%)E1
z4HyTRwi}F1KC3aUh+B#wx(czyIbrha1kl$uq?eo#jc3du6OCducsRP9T4{|2W}Q$x
zEU|elb|^?kQkm&Y1Yir58Y;>$rU(MluW|{$P>emT$$Cr*ynH#cKZli>_dCXWqh^_L
z?oPc2QT!IoN59@(BXP}q<c*eAMsO0>W|ZGvx*RxXHG54Tn;<XasRh#sD%DJ-^XDW;
zUR;5}D_6ESNX8*hXPu~h9Ttfj`%X^cocoP_-JTnp(cR{d#FehljXx424V8pNeCkjx
z)uD2jI{6AP9vmB!H)&q7I3pOIF|C-b%cvjl!3YfNI^8+e93J{AJtNw6RMWnYHYVW7
zdRMSZA!5rxIu{LD_B`+1(sj=Sgz3)T(Wv!k<tg&p>n>&{)uw6GuMhP|i~eG(dXJr)
zx#ITIzS#BDJopo#4Kt;Gi$Ov9ax8?Fqet^V7;^EFN)p$ZhG-i_IuW3phr)%<ctAL{
zSk8z_0cg6h>IM_%hS#bMr)Q@xR28z$#&;GTK@Ye*Fd55ZVF#MpRsFryx34~4=kmzY
z%xA;FtJ|M$Zns7zTk%O<<6^ny!_dDapi6QP>fsM<a;7afG$hTh^T*P9BfA?7k}t*l
z9tiNsZ>gk>!M>vj|4{?loAIHtS?qruTh(yVrMMeeptwkyKHP$8Ow4w<<uhqG*iunr
z|6Bo3#f+;LRy`Jh#J-xbS|`$>K`OcMUh9G25=bid7O?Fe#J!xrdpX_X>eXyS`BXg|
z9<kpa>dnxw8?C8xcdc0C>j5VX#|J3QiLk*xj*QF?Z2nvDH;*9I@A)%`E}D;HH&76s
zqsbMmzU?0FXZ>ir|9EG={`0`Or9J@GmgU}sIhGnuu5u`El;qG~Skkc7#v}K%Hnek!
zk-(i%G(Zj_zySd((r5i7^|FRxilf=v-s|T##jJwOrEo<;UIUhjV|y*MZF^<K5-nuV
z(L=}4AM|%#Z6U*FS>3biK>T$|nOoJLe<oiWB92JkGCS>AXj^o#K3#9dSSPseC5r1f
z4nwYeJn%7ec_)MxB9AI;yVdnyMv^4=0N1Zs?)Tg9I&ZfafUD`omqoDGQRZetp9^g-
zA$!=t>~}NCiS|PDtP1_{?kD0cl;5J$2EVmsAH1T8)4~FWwvZX}<9hSAP=+1xE;rES
z8jRQoMVB4aqLN<&Jul+k&;sl;hUFE#y5XBYBgFw!#A<eCi*y$Sw{`o3pmD=l_hN@o
zPDN+5jq>P4K%jk~ex}eoX9^ed1vNhdW=M}xEp<lqL>~v!T2Hi_m+X_JJ{zT|S<zw7
z3`r@^3a1n2vI!2jJL;i@@}cE0Cq8P07eXF8zSl=9NNtrFt=Lyz(aIt=22Ex)KC%N{
zpX?VZ?}WLJNmpMSk9;d{v88)u-*dW|zH0P&M3h@0>_x#~^Jo`|Nz%sE))|ni5;+vv
ztpY&HsGQy~B-XCr?kX5QC~|^|wx=9?8cMOXQ%3f#L-zm=YvL`51btA-0D8KTxO5fi
z=5NMJSK47V+yQB}!_skFX}1Gz{FPjxMy)Cvrh5bCLKy7cIQ2SjoUwN3Tf2Hn2&wW%
z6eFGT(1!b}vrnE!WZh#HlwAb@Iz^dV#SDNtJJ@epGpE%O#81^Yph2kYKtWW!(EV@W
z={DGkWSgOj28wQ4XQVxg8OV+&*1P5xuJ1sPs8-{j$`95C%4UiYJCmtbJu!QL=RVl6
z<x2X~vi2aOs}zeLyyD1a!IRMTbJkU(w?*kr=j!~&LCLn6pYc1j)m{EGXpvb-=jdKz
z;LnZ?rW!<&ETC|wdg{TCTOld@Zg)22-ahZ=b+4G6ws`?%`kx*=6ys|;0%*-Z)5cj2
zurVu|+X(-iIey<_p+MU9arrwh@vh~E6(0IjjaHCqyem4vQiytAFlY^y<+K|4xp6;b
z{G5a<t_s7F|8Ynd5CLd-dT8|0q}sDskMqcSgDH_L>JL`)95rr6kCwg^CB?sZU0j#^
zkyls!{hF?AOFL8oZ?i0=mNmAr*p=99_mXa%mD>GlUTw<myRT6Ib!iN$2XTQ1`g+pi
zL_3J%Yh6z0@r`s?2m6A=TU%yJb9P);=?RtoH3s+E6X(TQ0jN_9V=(d-I#19oAFj0B
z7~RmE@n3Y7yrxT_3~(domVXOSGtv)@aJ2NjQkT<r7dx&TlZoj(7wY-<F7H+5J+4b$
zY3dr>h!f?%Ymy5z=_3LB#h632v>8ceCC4;#N*STEmD{(^)-gMhWHJ8KG;z+7ccl&w
zAZue!5n$xeA=^V(92j6o^21(et}#Cfolkrke2|NcmtvT$*QEa@ZRo9)xzn#8EWwFt
zYUW;J;;8p)+yLSJ#CX$n@P{9FGBx0mmOIZ|_5D@K;CBoPr@msPloyTfv3i;Ak;X$T
zLL(s@sow6MN^xr9Dun3s4LkJ4M}<$9rW}_)?i32#=n_prrUcg_4<J#L#%ri10xO9F
z5fn{}+HBNSevR5_ffe=EapQ@?bEilCp(BUSUdKxB+)M`w%Ob=Nv^9ul(o0%++3A7N
z@<n`LYZtb%Z36Z(Wjb)PdS%m8j9Uh84R~P@YFPV;O$gMX`gQ06!S=)cSNy>g)sj4B
z6JG;rzUn-*+AeLei7vICW@tW1&9Pwbx78ogp$PsOnad;o68_h`g-nHyyP&xdM}&Sc
zC!g`}DR!Ep?89j6p=v;%wxkl#<DDbw>|BkD>&p&i)2q9r$B5f}O)PZ5SGp3Kj17kB
z6cf?FAG`<D-^9DvpWdAnEH*xVP;5fC5@}wI1P|g2ESy`BtdO4&Q0*---rKk!TvUZ?
zq^mLzz6OV}*W)i<1J<%vm2e$nWDV#rmlmT=>%4Gmc;ERbk=7y4oeWWAXYdl2?5Chq
z%>xFt$;$W;q1(;QMeMq^#RiJP;AkGOyOJ7?<n314V7fs3vX&NIN-C$qXT21wwujPp
zT|H7V43+Rt()bxxIRSNLHYEQ1cektnA>A%(+1Y|JXX2UY7pNWi(+fKf^`GBU4AO(k
z%z}dfSzb-U8%cos<unZCrYvg2e1#9*y@q?$M)o`>O&a1@8W&8Xup$o7h~DhiueezF
zYbuAkxSTgEdF%HnyB7l(ZugiJUE-S!-Lh+GlJ3(56p@JN(ybq5y(8q?6O|-H<kGLT
zX|Z|WM}`tGBW#Ho%4j-SlEy|~KB1u)E+VQYw4O^SjbEDS`@o|T$UM{z5-T8ZeE!2L
z{%G8G{5gSlY|zxTiu<P_g_!`;RLBx{p6;QZ-WR@$t2hswPXCHv`A{4OvKpjl<0iJ*
zgf35~7}nF7?^~YYm#^rW*S7e5{<@MHG@7&%kqI?&Z7iR6ZHS>OeH2~y$@ZW3F%QI_
zU2GSiuEck$VsXdVgRF1-DaQ-n>WnszLo50k&k?4^?Y^r8qb`RKw^Y_9uoY5ca1`;F
zS4GO=m{dBvC^<f6DR!FYTI?{w1uyirwH^=+R_Lm7;=Lk*V!LQ#fw!#y;}SaOxLroL
zQs;uh7g$pG!rzIX;s}fZ0-sQ-6WS_%Gnl7Z<G>CNV6Mj`3BgS=-4yI6Lm%+rM0MIa
zvCB)-<Mz>P+JTw)^=%3RLEOKpr~TWlHPw*~p^Zdoyf*k*I`z&(#8M`HZoEz)pqS1E
zbvw*&%mgh-i6Sscl&G1pw8zw%E`Xx<peeYUVQi>8e(*t!X?ikE)up9m(SGup>dfOw
z6qKBJbovlAFv)@;XowIk(LPL>e?U>pPbFA{E1+)wB~iY;2}jFnn=c~8(4KnuPL0h&
zjFJHjx0*%!@;MjSH#geYp!kt+FU;U#>e@GalzB|6L=?e{zG_FkLLFDOHE763`ma)u
zl3!VY%;%m|RgDWPvUV!cM<LliVVr{{)7F$ixFJrjf88(V%gol+;5ckkduna@HCr{r
z=F6F)(l3!Sga)@B`T9Vf=AeasK`T0VWhUuHjtn5?IG*Jfc}YgD5x8*xEd`%dd=nC|
zr*^#%bKd7mcbYi6^_=khlw<MEq9Wu0yNKJmGNXD3ke=TZ@l!rnu<9pMKV057tt?J*
z@eXO-=MSTD{x$7Dx)NV`n0h!~wddwY38<JsO_xhWO<vP1|5t&T#up51rW4)#2aCCM
z0hXJs>L)!~qYl26Hmz?m<DhJ`%06bDu8Y4N|H?zbYD*a)0%h5H$H`;jsgQ}vc`_d&
zg5DYW3QX7A<(6d2?tbD7u0@t&Rqfh$=E>-25MtR^BE1}4TVQntr<Ur_pSr_C#A?+n
zDT9XibG_5^1iRX~e8NRtGE*tYc)@9ulx`1rk*<irb+Jv{X4Iwa;~aY7%#i}<5Su#H
z8SkFM(7a8irw8A;(TS}DS(T$9Ac5v0$-1?1I~k48(oIQ^31ORI0O?D!<EkiqILurP
z+VU;T39*L4`izTtUFmzIoph8`se!By0;B2ahP9KC(`p?3o;xr+o@;gI)R}XU#=aZp
z_=NDnhQ;1&R6{;w;fRU&5mTN1gPkmpMTkG1UbejxurHmXCm@wnkNEyQJpaS3kI3&D
zSV#}voDURD#Cws~jY(I*H_)=V_5LDT87QE0EKk~7=9&2S-@O>(DfOhgAYkJ@v`esL
z>xy=)Az@Xbz&{846r&QiQb=tKr_^xsgZ?2o^po8x<UC5`gD2O{Gmc{nG6wF{k*#S<
zyBkZ)j^N6yoJ52ui4I>|q@2SuQW?We33BRtgqy90-OTc21AG!{TYMesewqw;@LU8s
zE)IHiWc_(c8Cw?0=g=snraDVSrTzDr!{{3q;lx!$@u}GYF@=h?SI2eVhG0Zz+r9K}
zGmz%odH*@tA>E%l8z*NBU|7i97JuG1|LBIJx>t7%DA>-P>`XoegEmo7!-ykssc&=h
zoQz@yF0{5r!o6WKzU}x^iJLi_g$`Bd9jqFvf?&SvisSh(#XmJz<ASLNFi5Usn5cO#
zU@~#T&wG@3=D0FW8LN4q$w9gld)q{TwG^Q#+D%s*ro7&e!V>8Pwv)lNB;`?C$*gbU
zySI5`=2=Ztbae-?kw;wfJec5;m>7#tE-hX)dbYCcDG+s3hP*F*Gr(toxr0QVisE?P
z#<i(!#|?aWA;WFmMI+j7zplzjV`2*uC*ulfIL$^Qz{fSRjVtb8rN<jC3clK{+Z1?y
zW{Tt*irsShz2Iff2-KYbU#vE~Wxp&Rja^KmMi`fZkmSc1f2q^7nVw|CviImkiN5-&
zDf}|TdYOmA!`oU$OiW)kk9q}iMH)eN^nw%?DnPATH1Q3)MJK;HtdKA9%&r*g>4+YZ
z;iO5I12#+Dhg2tND0ovrSA5IjCNiF3#0%6ekapD?VqII~_~(IfhIm3-ta}foPsSC$
zhu?eu$ordg$?rS3h%pC|@oH7re5Nbe=L{E9xI?)p2waQ(p#-zC)^E-bsV7E{j%)hX
z(XRZpzShNY?b#}zWrtsSI$AZop*-X{V9Co$Xtr95x@Ec0njljWK9TIi-Cdp}@~Z3M
zvRVU3XFE|vh+bcFdGqviev2JXQ+KA&Nweqiv_OCF!|mxs>Aqjh6*h#exE>i=A@8b7
z10ts|edxDL>aE+k_~{=<agoUz#m+dT(X5kKxVmc<X$&oQEu(-oBJUc7%MP_WNy58D
zAyL34xR8B^Hh-89j=7jXU5qgrvuvnyWNF6^s1lQ}jkIowJK|P|OJ|PM%iAc@yiOU0
zOiUd<ONcK#_;{1A+sc}DVE-gqs>x{WeWeOZJ!Me9ZMNux7WRfCVDn*th6=KH(!Y#n
zw3e-q86|c&lsEiE@2m=Ld0e7!h36()JRF=>%;@Lz&dGaz6F&c!m{%-fFHWZd0FzB&
z)t3f>Xv8}vDojExX}9&yQad#lUq>6$A99B+fiS*wa=mX)27L45jOJ%umZd<>Uw05v
zBkQ(uKMRwoi&@c94T=5Ll7{EklEEw|G;Wv5xc`T_w~C5$3)(PGLJ|@*xI=Jvf=hw~
z3+~cDaCg@b+?~cPK;!NjoThPicbBH2(IMyjGi%nGi_wd@?bYA@q_(_OyXx7#_VfrH
zP=o6Tjq1m0#nmjISTPPUd-c6qL$_BFXwo{SEDIhB@pul(wjis7Tcp~i%f-r+m0fHZ
z-=>TOU_a(z>X;8+TlbU$fI4PQ`Bqya%NvTIr=>-;WkAm8wx_Zlj^%h&Yq^Q-dNvZ*
zCHanzK(!R|QiaNspse$j%<rLK*nm*wwht%Kn=P`?O2uJ2>AY8n?83mo4XLv^c{<%I
zP9N}93ml`{P9B+UrrVYI;){^r5XPIO#*gV%XPY3_zzzG5=5`2)aRkW`u10MH_=>KK
zq;<$7b(?85XlmurKqfUTfK5f(4W-dtp@n>P4~O&XG4neMG)VHQ_zov{`C`MD+azgo
z?`XS5dh8rfn}z-8&fKT(x}MsawFgd$e`|-F-k}9fZbxit`ZAQN(sgJ9AAZ_JJTEnt
zRU%+*a~JMglQV|SE(CTkld70bvGi&IZNNLDJm?q0R(lt)w@Tiy@q3i#+>DGM9!1_~
z=N1;P5L;G_(5qr2Pl`i2z`#|W*zD-yP@2zXhPRBzQ<g%rVX4RtawTX#vrALoGh}L4
zngo8Dvxjwr&*4B(z!<D@0k$;-VJp%bJ$EI3=Qc6FpKj<xhLai??Yh{p7nG1lWb2C^
zL{Pe)!WBHMJfh#vD_flDhC3g0jrA|zbmk7+6C7g^F}JdZ%{AbxkEh22nark#SG<|8
zJ#O<%nO0N4yMkaZ69OVM69@6WAltWa>lgi5?1pm>+pDSIO;LI0oX-FX1?qLAELRq8
z-dZs9xO$J~$W<TT@8dQ^xt?F<sfN$sazL8SF4}dSpWQpMamP+oQ&Y*}hjC1tu3ZcV
zz&-R&Puewh=F%ahYkOZhzRyC2G+PC9!~?cfjz7_I#^BIX46byG-Ds#*x%lDIPx27=
znNXP4n#Aj43G>KylTDvr>QtBT%WRZgtW{OR{|VpIlYJ@Z)D?iK>AAUYYJGw=vW6gO
zWCNkfwVJeWSoH~LWZ#5JpDps2T_yE%`I`pc+Kz9Tj2s`js?!GJWbqw$sF3z_B}eH5
zNEDt!cQzBNajPvAI-m(HF!J=!<|GBC-`{)nS0Q2&-X`alEhoyXA?`<Fs9q^#+$NVh
zLja~e^qM&g&zFqI)@!D4-<CAHbh1zIS&#e(ULk&N^Hn#zixoFX&3f;*It8q!D@lEm
ziPpk!L!Lko`|;_FbE>=W4&%FoYO0`}VhPoQ6hqd{#d7)ZIa>pp;LwQ&$JAjigBv2C
z%H5qsnb)z^=|WmiXX_Jc@Us%r_l%25i+!*%16q?de?>M5rY$rRt)Rx@Sp6We!*TfY
z&#=6?^nPd4qD(ae_i(rIR80Uhcr<=-AqMR`$L)~`*4$*<s&SD~GKj@b)|>hgu!R@r
zzgl+?`{;R4Xq(uwTz-}|u7;)I3)NkygrxFg&3&EMxgr-R<+9;(<&qz%%-CWcfJTLR
z0yO(#g+(gu)}W<;4&gg)i7?r*8MYSVlhsQ2tn<vPmdT`?SB@3o0WIb$7HzAZ`u-2I
z)OyUV;iMuXjTx05lP&LK*9bc$UboCH?g;u!Pe59CmoWjI$!!*kn5vki;DCND&BGyA
zIbW-(N!U1^Thh=g8-+~1Lmfuucm<qyX%)M2uC1rw3w5*nz2>+pUAyMQe;8s_e>Pp^
znCn<A5lg`Eq)iaHOnL-*Jf2f;JdDEv-2k4kMtAaWGAFD^S1#z&(C0=1TlBfhiTuD3
z!HqI-@54f+2)&Alo1mt}JZ|Astya?Onah?%9hlW)#3%a&eNAlEPM25Ze(o{C*$3r?
zj^E7+7-;G+>$0xn(}QOk%3O9UE)koqDDN}lPgz+QrFl^+eI&28FzITRWG{1meLK;-
zddaa$Xj<VepL@OHdR#+`%9`!@LHVk{rVzGqm{6mC(ic^VKDf(zpf0W1esF8<4hE?^
ztq32BcH>PKf;?vLRhMBPpa2((#FC~47%EKZvlfJ;Dsi<>yEkna`CC;sgRnC12Xqxh
z;sz+y=Bd!nnx+UV23S6+{quJ4!Vz9>GAr18EHybJYa*PcnR%Y(vT|mrA63fYn3W75
zv$+PgwOZ?MPJ0z`rOEIWCLl4lHbij8H%Q8hnLe>a=QVb0OrEJ&-DN>e>oKV_W&>b;
zKE-Jbxr?bUI&+ZhFRCO#6w%$U@H=5Ir`flft5&yzOZl+lqzOR(apxNhe3JY6y&if%
z81B~%>{lM^D}B&=TdZbz2jWw$stv!71Pl;C-Xmy7n;>~y8#A)`<seH2e;0@A4>n@F
zm&X0r>p7(})x3s|l{7v*G5Bv3o-$<E-X(?zzcnHb>!RkG)*~^vdLv?l_pYb%$N$FU
z*{ICoB>b1abL$uW|2388|0Eyf|32pDf7c)~mKm>A=kpD3sa5CSq@V04i6^k>OO8-O
zM%$pG|Bsubv4lCg7ub)za#2%JNuXs22I0G&wUn3q4mF&QQ*y$k+kbxv*ih)T40s4o
zOr!su;?0AP;wSr(CSyL{Y)bPNW#mW0z=VYMRV(@B)AX$2zvLDDA6Q1+`ivaVLM6%1
zs!v1eHm5f)SG}~FJ*e-d5R8OU8g(m0CVD*TH-(7{SI9P4NLT;vFV>+mLbClXAQ#t3
z;cv0#Ix8kYe167ip2}-kR@*O9C#zc*Pm<|;X12mJtGh$dT?R#cFYKfZvadp3wis9g
zt#9&lnv)uSd}Z;!_ye#qcYfyACSIBS=y3IwV@Gpt|BEO@Vvv{>ZDrVt|3BO6D92E|
zK#VfE<zDZ9JX2`Zw|+%MeV6c2H{l`7_*aL2&(xayK<^jrXC2}vXIsKAf%_<wT>o8q
zuM`866{pzlRld*@ge?kPcVz;ZcYV`Cah%3p9=<c6S=W&5fwIUfZX$O029sVpbx2|j
zlyGXY6N8U7#88&8*iIjVez6f;9N{t9^Y=CUkpAWNyt!uKsF5(vA6=Cla6?ljc#tf!
zka9(4Mj>5|&ZfENloRjA>Xa~6JrW{ztN;ZHZLIOfZsEk+z0?|gg)YTi5!YBecm^D1
zKQ?05S>x0!7+2NL6_&>wnQK8E<B0$l@X8?*wg<VtNnN*+if5#f%fwOIf%ZOUU+8A_
zH{YDZAA_wAMIsn1#_7Ya1U#*vv~Ag2ctuz+=#TEfZ_qj3XfN~-eiPPyRNEmH%AVY|
z3b&`v+kzPQ?5Ltme%{0v^3v;LZIa@U-JP)+BTW1i)pt5L{0wZ~?f9RW;`YYu`ekd{
z9e+64p6wvOX|K3q|Lr=@LYvJ;crF(HAIJs0B@nrnCo{gr)lh=+cEKO#Ane8hurQ39
z!cpy>edN~5p-+E+k`-seqep3uu8inWPmN(HQIg{QK@=Rpt>WKKI`s3Y@2%0)&xSX9
z%KI(>zE&-2F5SfU9O!*Gz$6$T&HjG9e>t`2VwU)>5id#&%pRqnA+)@2w^E5=;eNw+
zS~Dkf<F2Z{F+~$D`K|ZTppuQLpv9B?$D>cvZDR1e>(0gQA&Q>1W?%iD>vrwMgyz5W
ztC!LCr9A?r{Y#CF5w{&Pgfdr+%jxtW>?$nTIsCGJiD9&M@LOrGpWo{OCl$ZfkX{0Q
z=D-lot9^ivz3`-eI{$68jTr733kLb8BGX&B&?y%B$~@i9Qlm;(j+inVg7({~%4QL6
zK(oEN5|za+cEtOdMRQ`jFTY}VGPMz>c<4iUTeI9EYc<%{Px|s_cLZywfj^9la>R+-
zLxTcuKfSYfU`9BYr24u2o;B}Rn+4gH8YLGMS(nl)E@Yf8RomZM86qQ;-upA$Deh5A
z44VZWYzWlRFpR9{j+RYKiq++L@}GA4LXkqv<i9ryq}5`jgh`T;$`-Q*hRWZTt#w9(
zI?YZxi(}ay9O*cD^!-OS%U_iUX7sP~W^wmMWzJse`_1S`A02Ld4V8az_BHy(6S1{N
zv{VDzbuFu`EpN#snM#**7~qpWZtuk6;l4IlSX8ZWH$ec9EsuI3T4g-i;S$(FFMnn8
zfaJ^v+NLOY3)J3^>Ayq|f+fF12U(5TLJq-SF{{ZG^k<SufDN0;xL*ZbEr`^=hxRLb
zMmpiLZ_F?xcSuMqKgp9e1oBpd;W$vq3-ZxNf-}VkChIU5LG?S=r>@^%cHJ$E;-dTE
zV#NVU@v8%rzo<_>b#&B|9F0nEFQVnv)$umlI%39T;6mo3H@xiu96<4i@o@;bt$6-C
z5uB5&A^bo9c2(R1<V+8oE%R=wGMKwp(*>rBpTd*uAMY%K-@=WACWb=)?frfqUj{vP
z>4=PRC|(E;$l<DWNxI1hRpG2O&uxIWqpkkcChkH#MN)@b1r4l1PWQ&B_^6H1PHMB`
zH200M@%Tx{XB1B>GS&+E;4cDCq|fzj_DXsd<hg1n`Y@*7E1XMB2P-60YfKi|tAW)R
zXf+We+sQL!Z?L7g(Qr?<hc#TsPvBziF6L6tMjBW{49(W|_>4D&D)mA^*)>egXE-c~
zW!{e~wk+<h$d!f3%1S8;bLgB>xr8AV&eO^)7CX(G&Utqxr>EGX-i}1I=`@ZibqVxt
zWxFK<+)fL`$c-6<>a}-UlZcm{49J-jM3Y<sAtN4W9k&&~CMb*_ytn5sxB^cZe{PE_
zyl%7fBl<hTDk?nCQ*6=cd6ESs3}<juw0dDA>&#vZws6elZb=6ZXC9!Wc3?xUmo!tg
zY2-CUo3mDnP|w$LeCG~&H=sFMioEbvbf>E2cdxQy6Tq_+w9IM#Tl!CA=&28O+T?jO
zQr)3!_KQCI%c2yHYm<u1{yvx~$p(~+B>d3#+fkG=-=)HH>g6coBOC07jw8BLU8iW^
z2VpU@?wJpB0L3C#)!N4|$%zxe<#O*QqD1G<9rbJ0&LH<<ROzY)No7sF{<g}Q0C{xN
zxv%@POey^^$~RoHImH#)`vr+c)w~~&s;Z1S12EfdojI<}|E`TacH3h(1mVJ#C9=0&
zs~n{)+sR(&39PN@u2zG2_xw)#tHxP`hg(Q@>pn{<2{fY|s)D5~@a*GOw&^ubt#cUc
zkAenf$xxLRwa;8$AaNNKxBN#RdF_Kyws5^wOSo_7Rz;cDn6VblhS<Z0(J|`ZN?dq1
z;ikH-@0JXI9jtXDKi)GbL`9mN{W=i@U4$2cOX{TV;tMTfhZrahpB#9lmw&_h3`yV4
zsGf~{f?vK31T-WD16gygu2K_KWvD9Jq;^YxHFM;LdyAmcT!-g*RpCJ#Gujpbhn1%$
zI0Z5sdbr&uBxS>pq2H6H*#EK*4}sd~cX%7*Di`~@o<bdQ(J|IJKAGhZETUUF&Az@f
zm*CAvWQGrs&^&z?QdS*?R5#v)2h%XYMRCE$I1c^{46(hM*Q86P)QY{qfNUlV=+(X&
z0meUBn-4K}rtOWCpHl9<zExchWG=&DEG&Ljv>NS=Kw30+Cly8!{DpXkcWu*t{dc<f
zx}j3dw1Yna+!<4^Wk1np?ZuZRwnBgQvW7KtMN#Q?c+(b#De2BJW6NZ6S*?Xy_;gq8
z%azJB2iR^Ugf3=xZ3EpLqVh#f%1?BwihfoYL9@_5(85_+D#|=K1{i;lWmyOKoN(Lf
zvv#WO6a3q^V;=glz6mz8$1{5&X*G6+qPjH9v_=e0E<aY_>4g1ezT7A^yN?s$%Q(F`
z+Yaq$GLuDeh&kDcWb{lBar#v1$ycRYJK>T_AygY$PeAd$Z01;o-lWz1)f|$H$=gyi
z?6^WdSG`)*6DqdZ^uQ9)3hhq^Z^8^N6Xc%CAAX3m682Z;bfP1^e$aZhB)c?&Zu~hZ
zx2Sg)!U85;j$(-w3690YMTF01vmSWx&(rO!>NCZa)`02r?!~+a_zQ&Ip218uw0xO_
zGJ>W`k|;{@`F}<j4!PSdkY9R>N5W;g<3mUw9Jd@J>GX2M4{b|bQ|PYLH}xHfBB_JR
zUchl!GckQk;Ag^rQJB}m+0gzmp*pXte`Y%BW#4ongKbk01LSSSGS;B|3NO(dNgwIt
z7#6u{&p8=zw(v%7(bjC+L9Q}$jQ1Q7<#iK?*BBsIJb8`@jA`E`Aq-#rqeOE*-9;v+
ze+g1>+o#MM5bnwaih5I7YZYWL4lrFV(PXQKDXuXWmXhdUc0LFYDy#?|HlNmAyH{_|
zh+UNsRQ6>mC@fUYxmqf?(Np4l-Q@_|ct+Tb%6>_N{^f~Bz(>I$Iz)UtRBXS3s5n59
zMI~QS!W{VScKi>SEoR)sd}a6x(DVEm?LRr!xwiLANSahO%3@-5N=D6wjm%w|kkO3^
z+s1Qx37<^hy-ap5fWVWYfh3dy8B-$3xuc_3N_ekGFMp`M2uYD3E%1wc$C$4DixUm@
z{PUmUebi%N|Es89{t)qh)jxR<j@$5bp0+mSOka4~9uaJ?eG#a<a7oSUiJ9}{ORem)
zuD`d~%BkFD9sPOPmUi}{*zNx2uJ^T3z8LF4t*D9Z^^0uOxw`)!Pw8FH2ezqy{s&+B
zmo}O)qp182UJ$FHTzha6FH^)F!Svtzslbm|fJIGo%przEkE2B0&{J~p`$Z^gvx=5F
zc=kFyh0Tc4{qASXF^}KS%D>XV58E&5#br@4&FwkY^Y*fkB^+dtl>Xp##bD3N{N~NO
zk9au|O!BL~cDQ?faY(NJt1zd%zzao@W|`|MqNlt)9{x7Z=+u0_ay_gE>@I1CJI;rf
zI}rCI5ZOO&v!I{^z7=6H`BO_YlI`;1<or$54~*KLDxC9ucA{ep8eN%p@Q}4mrO$x>
zL2s+ue_w1uA?$s;e&S!-^b@e8?C$166IY(*WD4TV<KVeGsbHu|_fq>80DDV&zUOJ}
zQyHxBnoNJ5pahBUYN8VEtV3`c(WH2hQ;OZ<;r`_(-e|ym(?j*bLn1m5;K<+O&9KuZ
z@_hK>+59!cbC!sbaVT$*Gv*?FWL9;RPamQ13KjT%LEip@I1KLIvnsY+O$X>eWH<l9
zrK&nd`tK`roxANS=z-7kCCw2Gw~sdAIuZu+R<P`k7=#@-WxDY@cdOL=NN1KWz4NbS
z{yu1hG4IJ6ub}3RN=>>>A*<*IhAeK)Wbi9^+WwJP;1v}su!xtwG%?@r#QTGa9{I-M
zmCJ#eVhPa4(r*@V2eUJ|YoGn!P8{^m%t)}Q1u2o)o)UFNaDa98eK<sJ&hvhsT<MX7
zCSwJAax40Cj%3=Mnt4#EVH(ZIrE2ho?X<2#(8YAh6O)jEt-IM+RMHc1E@Awm|HNjZ
zZ5wy<XKCSY=Kor!a!Uc5U~`2TCqK!w=|L~#X?1hZucst%bjT|hlS-clCpp%I<7{aB
z#xZoT>AY+dWe(G-hCxugPLW)vz}*YfYsF}Gy({G1BrMwju?sn_jF;<C9o%zR`%-c-
z9qiC|W%VPUN#chtPX}edukBX#z}*oXzZ1AEm(63j$FxHGhT4q<Z%7uM`AgY?2KBv-
z`eXyi`pJwWuQGkm%vOavm#z)|zk}iF&6952hSEqp;DCuScuF$*6Zm&qzeiRmgG1J=
zxgO!Hly72<anEQPt%CeJhh1tDw4oVx0V+KZI>}-$dyWtBqqc;BQ@O6HvZ}JYyhAas
zl>*^FNWwbN7f`eVR4$rkR3!t-8W_xbtjwz25E|!hctCmKu0GVE{~nbOG$>!Yi;6#=
zixCzjNY7B3^W9aY9QfJ$V6r2Qk*qylv>H#XsaM?DnwNR=m&KIwq%DT@PYs-ns62vk
z^59vej=YdMlyxFfX)->yFZb`b&|ry9ncLFD%@Rr2iK-a%7hF*v@};kWQ7nn%wm!0A
z5dCMJ+$XrxT0(B=N6B#Mu*j_pm=cwz+2zwAF}Tkmi*16ySNb#a=sqMOpc|~)o<>iW
zzj;1`=QtA#FQ2Y3{!W}FwWwjGwN5r@u@|!mS#?DcL}=PQK7~3ZpMxhwZCh<#SGqxV
zHnQ72j;g2J8*ET8TxreZPa&ui1%l0N?YqJledHA6xp?WeD4=|fcrTipe3yw=9n16#
zLt@wI`8vmPAW{TPUo#4L5b1Zq`Pi2-i4-0$90-G9lf$JwDcO(QNrK))*?SJCB7e5E
z)Lz8^==>=~%G(-uloup2#s6-y^{Y|5A<@MUoLRHQ8Qm*9Q<u|*c#gY-im8MsCgy4*
zfKP{xSR^a5I=Ag{^&N}%wy3ZOBW`OpEg0Z+G4x4c70{CY%dvPsM9J`PY-z(UMr3Y8
zlZtPR!`IV?RCaqWbb?aL&&5iLHGZLEczp$k>P)?%h#^!MX*jd}#v5!je?>%h4NSfB
zV`TI7pK`gT&b5*3AXfa|>gBsxh_@T-4gPkQwG>o6fn$u9l%SKxh>I33vu^P8deqw)
zZH06>P@~cK4tN+Y$*hh+^p?ontB=Vx?TMa5WC@Z=8UICtAaTgjdW4A0NSl(hV@Ib@
zh$m!1;gq_5^4IUYU#2~a7yCakH!C0fEm((5*5!x@1nVhR3>oRL{p)SvwuOQ)p-0<!
zv8i6Ej?~A`dqVsXOO634<J^<fj(T2Clr3uyB)}Dc1fSe66dS@%*BYmH2u{kXG7##D
zlY`~wb97zLImu(B7&CVj5vPUTzcb+VXtoHjenEoHc=En1#@#Z6_s;*(el&Xsq_Q|s
z>Op0b#%(Z}ud=}X%%2<`mg~GG9}n^#+7$(t44f(A%ft7aH;Z6-TINQVjg@-_sl&Sg
z-sDyyI#)s#<erjtUPWEMLX2IeHm%=Z;0^$Srlt}`PoRzwq`)x-M&CT`3h!Od4CG4F
zd%m!FsPKE98Tm9x_XOS4zQ>T>3q)DL1DtI&wXmo6Kiq$tqn+x8)QV>KR<Z7cXjFG$
zepUURlA$A^?w?_F-Jh!RRa*~jDO#%AcjlP6<Xe8=`wy(|ptd6&e2uX}R+vJ^IEi_s
zOwTR4zttLqsiRawu>0c_iu*#oh(xXZ2M3>K_3Ie4C(o*^2^<5G{m>73f|)L-WHI^L
zGo_OXN2P9US>!hAscLYzJ(8p0L^wSP2`in&oi}Wr7!AZQ5J!tz&l-fONJJ20(UPqL
zq9_#{T_dBbTlI}9$S_sUdYp6R7dazAq$$0{BFw!U>mR!H*S@9J%O}a`zKyn=+_plN
zlO6j26qLe`81ye2QWh*J$U(z-Tf-;%p*~qrOOIlJIbM=a@;S`53d~39$ysu&xUpXJ
z@ztc&NBxY|&^Q%6%HwG~c;UEC1l-Pj-WbHlBBxQ43yk@92`Vy+-iklOaDnypt<QvN
zjmdBBU8TjZe~^TcZS-sS<y@6#$9cb`#d?|Yja7`qFE6CBxqd2UmD_GHzNqualk#;?
z*|E!&8D*qqTMY3Xb=GT0<UCuqeW8x8PvBze%e*2PwG!K#L?P9&qaKHZ1KOL4P+M>P
z=E`xxdCe6Zpe!P1cg%1)oUZk{IF%YwiZlniXWTb4KAkDNu$~aeyeabDOkAEknl_(}
zp_8`9;zfhTc~>46p)0{~5D7B01qHxL`h9c5*>_brI;Ig3wn%Hil-95fzE<H*Hy*0c
zr|>2h37LdC=jY+S6v+WgWLn}az(wzF&Z{<xDa7JPv}u6u|BAWXEclgpaCkttjOZO~
z>)eZyfWXXT<A(7A@eMI5$aiR~_NLlY12^3bRBOJ$U(tN!!_=b>I$LT5qo8bpy;!%~
z!Kjv`eS)XI^9RJbaRV=ByfhO0JUCnQpD87oHcjTrX-=a}G8~RnFZXl@O1f|~N1q72
z1*H|n3~fq6(PgPyVLMgrQtd6ODkd1EFypx0*t5gmpGl8=M}1vB#BH&F9s<bSK_sTD
zrw@LB*$LVoldkOBlg){!?Xfilc=i_Z@5ro$z9-Kh&OQb1z-*TN#;&o4TcgJaL0GO}
zH*Al4M=I)oaxIhihEPT`^3oezMMXe@tGWzLD`W>!hTcR)nH;6RBBMPfda9Q!@uT2)
zY{X<GSCpY$keBHPkIDWNM~(iI&0;1bE>8yd5653kkSh$odYbm~pl{$_(ehF-TZ|u*
zK=&Ct5-}6~=@x|`NGgx>LG8A|a<sJ(brTxPk>z`6RiTrCn009H7x8<V*ZHk@_nqg{
zQDu|*pm2NG)aNTa$qJq%?H$RmW656s#z0mKv*QEmbniJ@X&Gu3{gFz>U_$5$-rYNe
z>-EDX7o0AI&60?$QlK{%Gb>*OP!f7pBgL_Ag5Ex%s`M4((*b=S1zQ>BA4zVX>3Z?e
ziH9R3nXn9_MhF}e7(6xbvmV8BSf^W6`j!D4vHROrkO3OL-3UB(6CpQxnE~I430>^H
zz~_;*guS6)z6_j<v80%h-5?1H?1#RKN6Fkz3ydrSwH~s#!rZZ^qu=?XpHf^pHX}!@
zm;aTJoy_%9cX#4uV>5N_yVw}`=c_uh?mxbc+F|2|j}EpM&37a?ku7}pr~b9zMteY#
zR6p?F@dXbg#eQ+QmGx+0d!w+8*zB%!WZ0~3+O6D6Np;|LeU;Uf{OS@wTGi2QG!i%N
z!paW$^Iv0hodcDhDSDJ7>>WP>jD8%=jtoQ2c`t<UJA+p%W8DII8jpy09;Hr6{XK*l
z{)>F+A8Hx%=Dv(u42OMvGA;NO%{gwIgK{X_MMITmRwxQwIOm6;@Jv0=_y5_CSyFnr
z!@<`gzoMhLE>sG(!w$*KPKoToc`f;7ZyTIrxu#}q!@r-dXD!*&w?#a!qUIwp=J#52
zA}?;Uc%#M#;EmCA0U?98`3l27j^XohTEBW8^XUKcVf+}M0wp!o%tLv{8Hw(q!xM1v
zZK+s%$_s=$Ug)6zJ+aQy8`g5eKk8SPpfzSTY;X-=ljFrJ`m5MGKliKr8@)34e{x#G
z|85)Sf5bW4^#7~lAO3&aV0SOU=nK$B!Q*Wrzop-MVPVYL2bRirehP5gVxe<96>YSc
zywZo`dI8Jg*ax7ro=@9GikP2ZynOC<PmkE-eP)=NlwiT6cZc$TYq1ftq;!%uaLpI<
z`PnQ(`LvtkJdq#zL}J3MlpfonBJc>xan)rxITpPnrE|3^KQWpy)YqmtiSDQ&`=G(#
z`U9i2Q7Y3zim%<KVoE+dPdQ8{1SRaxob2J6kV2e~?fsOI-Xx3gBun4qx1@MliGf!n
zL{Gyd6=jK+vRQS}zO3?LAjQqA<k!T^H_|yLdzNIyA{OC(*f`qR@gC)4BA&V$OUhRc
zQD)bw?9q!)1~~VEu94F<Nni)NdYng=9q3cSi5h*JunPI3^kcxBAO6x%J`>Jl=Q6B(
z%P@5ws4_a`aA8*!d46A$^LB_i5Vk@GzjJgHX%3uZW!;;|lHfWX4`z-*ue6{;z0pvl
zw%AJ^{KI%4J3uPv%N9{_Mu(7%A4^1n?**ed>$ysqRYL4teDtH*ncVl7^w)h&nG&Pd
zmJ$SX{geZBqoR4;Gi&l@Cp){3z$Tv(TkYeT^Ls=yKwpJ`jue3l_Pt;DqKXn9r<opj
zvQ`_jkQ=7sAeFg?JJ(A->fW6MO1K_oYmt3?JaGtrG~StTa2BZ%?u=|xU@3qefg{K8
zUP#Beuf?o=#!>eaA6HD;#%KM_erx*ro*|)i3I@Anb%d7VeePDK{-IDPi;Ls1bCOVe
zYghukq8FTy*;I0<h?9Q&Y$ueFSjmc&-WJG1`#I>?&{NNmP>W1g^b`bChJu5ZX8?C!
z+tus0L7J0v@omL_%ol>;tkEX!{?L=P0Hnwox(>e|#8^wxepCLB#<31X*Ka{ed`48D
zAaK*Ci6^6vv>D5_%pslai4YRyClN>8vB908*3lmL4ECul9=(kQI?nIczrP}o`rQip
zwo!ev&L3^c#p13`!eRZsemHwL)#7;D6VcSVdUB0_i6oW5`+C4l1@5YeHJI3jot?uX
zZUE)07g)*`h&pEigBn8WlxnNZs!kV^#XY6q@{`}6rR067#gMn{?eF+{ZjbBUp`6{k
z7I6=&v004)zRN$~&ee3)Tfm0U+s)B&l<pI#sk2-&QnSV(*%K5$z>>EbwAIQG0$LH4
z#7A1pid(cd)4qPlDsiT6%lC8sW~MSjYcc(8%aNu-PV;>BV{+CLW+RS<{q9JDd!qx*
zD)2#*)5&E(p9VFN)!{AT;P*;ydAXsI0h9Y6Lm&bUX8&h_gvXL5m(pY>24j_l-K+zP
zW?2(^BHlN9CQ4kycQld|K7Fyh^z$aTSXAj*dzglv;Tc;6@c6Txc)t~pOFjiy%$2m%
z5<;CN2$sy5wUP}NIqN@|YX_sJQ)6LZHZn%`{`PRlWV|rXR0BI?hFJhKEGd2o__`RE
z?4De%h>e!UuW73*@KtPlZo&oh9CfsqYxCdIk=CE&qRAbp1gJ}UYp=<J10Z}ByyaDk
z59WZTqtzAeiU%q8aw3;JZCpV6_$>!=ezZiF6_LeC>x5S8Xntv(x69@4QY-TE1(>$J
z9wC%!EckY=PNATefaN5wNxjvwgS4I#r_?f`MLTClMQ8T*^O0m6RCXr?0JBnSJ^qTc
zSuC>M+8PzJSQj`$klRq6EN3GjOb7Hy3x?oQWt4Mcl!wR&OtJ8V3<TrGay<ZChkkDI
zdHzE^=e!MW)!!>Ld3&qSmeT#o>wWXS&gCzn^Mw$+s*8%7W;2JDUfPTO;bHwre(kyV
zj>Tq(@Zq)!<TfISdqF?GS77eW@$}>>=SGo%)B=KorMLO{AT3HKtLyYW+`?}|!&*8i
z(0fN$^6j3mGX^D(H~4mr!+4kOfY^>&>?)^LR!##_eqFIJk!q53I{g?=cB8posC=0}
zDitulodU{8x7#WqqIL9J*Lbt?$%J$jn5U!TwDD&TPM6~fE9W$kn3_q=Q9YS>JoTKg
z1ftK)=buz?>kv!s&h<3kOx(EJcFbo16D5~423ST)XMab(T~xP>S(M}=C1G{`Zl5H#
z$(ZC@nntU7C<@8(=K?T?EXH^xiPL^LeL7gJY$$qEafne^1Obc+`}Na9TFeOm*K`9b
zM&-LV`}i~__E8|r%3zgrXYzaJ&oWmhhX|hEM<<fz2Y;q{^4SX3!zZo|qhp?D5iRNI
z3NNV5sydwrl2t^4oBpIZ)e|}=DP84kh0Ye=duw#YlT}>E*<Vxgef5d0$g$#eTdaWu
z&AM#4cQhH{8~u{yGh1eCGXpwmQh67P+$?j*h*yck2*H_nMv|_Es7^oeRYbgzgwPk2
zdq}-r<gR$4Jh1eg-Xlg;0Y$ou&8V5yt7!O`dvL8?>MTjn{$9CP^l?&YY4D1ld6l*N
z_#}t2@W9uejiZB>>|`a^6VxF61xvkyBV{C}y+6?;K3M<L(kg#I$XO<MX{pYZDssur
z^1jHYX=(CvFc|dYYEED*aOh?{HRIaI{DfvrmCfA_yY~xGH8;1$6Yea0g{KE2uVvz>
zdLsp*7aVMaT!q<@3>1vCdDL=5f+V?3-1E@aDn=8(%l4UiID)C$Qx|#Ss#lEY7n;-C
z`;>Dy4!q?A&WHKR`P#j(7DKeO>hu^IwfUuQSlT>2k-xbqd}?wQA%a0Vn%-mycT$4f
zWb=&-Xpr5cDGzeWP-#a!kF{3#Iz2w2Qa;dQ@>!zV{mH39+I`Et*|i~OeyZOWKf;%1
zi`C@e&B=gHvd&h$?5JlpdX(_zk2|Bt@n9)^CE>5=Z$a{lE(*I@4&{91I+XDxj+&l1
zZ(@QmbcO5an|)C|Hiy+Ck8$Ph@_dY`xz>ZLPY5t~<U|9})2Ey)gmSRjDKo6UgOmEv
zHVTV{_$tj_Q!WN4)cCL-NZ`i5YcNv1Vq0vm8=Vo`3j6q5w^QMA)Ag8te<9s*$%FlP
zWzTpr5G~UBRMOh`<CBC|*-)%!^609eJ>sZ^x!F#ZU^NkPHG6q;U3wDEQtf;5wM^Q6
zTJ~>;b=CFpNdmQ0qxOYz*3w#f+>(wYZ^VNg7h?OZSAi0`ozan@G20nmnJuu64dA2%
z<^XxcLxIkeWQ3OU+j;fK{j@LfCm&@SBf7XP2S0;oFmb0-?j=7PcfooRy{InE3vBpg
zC!^y0YgFRVm(aF1NU#S^_FQ+5^}_0q>#JOh_^AW!X9AOZ#S!gc<7gQ(G%1N?){|3=
z`y$O`K7uj}__$;Ddv!+kd;KVuc(R?dKd?b(wB^!7dg=4YahX`=M=pWcwQVVE9gGQS
zcT=B+6dpVX2pleSmxMAtFL4wla%8xUD%uj_v$`gSQacd|L`%W*Hk&=%jW!V|o7RVo
z-*H`TtatPn3*;xXykjdqnxretoYS?wXQPL2R{k<<a&&)lk8Yx<N&vRObJ=NImD|U*
zFq@fmmWHI$<3TqspXBgoxFh>y(ZgA*rkdS2rWEW(isVu01>y%*MXQ}ihD|=bN0Ht9
zUHpX7bjiuBCcXGoSk-2=3#ew}zN;#tr_gvlScF^m0aGUeiK@iKsh>7zlZ-&hUFvOf
z`I3Fh^jsR00z;=umm@bF+C_sR1vOa8rQF5~c7PNJQDuigLoZCbN+@|<e!7ug8;os7
zWXFX5Oj2@-KnG=|OZ9c^cz05#-RPMQL>>umlnP;v>Tu&+a7blywlHQPHk|M9A1rx#
z{E<8<Kx+~Gg!L1=hq`<C^dV!hn%tvUfG>sI<a9cXsD&ps##DECBHL~@Owl1sxw<i)
zqg$Km@{bk?!5n3r?T?`0B_%1{Gty;Fs&IUaSYHa~S$@G3ij!8CgdhjJx{buy+~XH~
zgf6qjS9+|MO%<2;({r>9Yq$lE2S&B7AVb)8EFFtTJ3){DC*L||bG)g^M~w^ui2pIB
zC(Inuyh0%z_mq*WC-XqhG5dyB)2k_#p|x_DG5#P82uU`i|F*`m?4pecYCxwH5DE}u
zXLdJNq&k|#8TS&G4CZzm&$V-_IGuVwc8StJoD5}<t!g|Rno7{N4~|5AGO@5;q;<ic
zPmyFf7*1W;>O(7qJGhWW#iu#U^}1%zZz<VJ5TwUoZ#YLx{i4v0Iqi7_aV0o#L=Pb#
z&L=5FmjjUXvc{t)09#T_a%O!S3~BY2{clM`%~wFo3H)3J_DA+$BSLC*f}7Wb4)^o@
zdE^<9qzlQEI?7;HdfJ!6Zb<omGaFH#ByZOm+kL1WS#&sSF6R@oZsO|v*)ExnX^pY$
zsKhghw{$r9CqYezqj<al`v+Fie5{T_(jC&ppGtoooky{ze2p>`lCWhVu6PA?5(-}a
zxPyd(XIX$Va=B?=788SwUL@&E7H(8tv$v)!!E;+m=i5<{Mr0r?3{)IB0*MJ#um><C
zwkY~z6A$;o;*14+ERKBwV`gPm^S$*(44Zz~XP9F$rfV>p$tzLJWv^f!#fjw`%Mza~
zULM{Wf4i2-G5NwyBumj$W5>nZQoq?f+hM)bmfePX;^E`SLD@n*&N$S){MoP)mjFSh
zVPhr?oI$e%z*@pcK1-G^*PsGsucXS}QHKM>YfP@mtJ@U|BTokRgI90Ag-9)bFsz)Q
zdI!ha)$bn)c$=qT1<5OF0`v7Utf>nMQ>6e+ZF0cdwR~&M{*X0!3{+L=!C1XEwibfl
zy?Uah;qz6p-cq{Arvw<%hyKnr635?otVgI<1T|{~fU6+a-)@F)65iF*fCWO-?q@(P
zSb}_(%okK25ph?lsT+1$wc=TD4h|oF>0Mnb)vL-`NQns_s`Wn}mEa3?h{T{JzIz!{
zsEwIm1QLk*#yzv3iOp~fdPet0GKVITmIO~XyazYio#HcY&fQJ&HcpPOs!oWrx|xwi
zSDsl?HiOfnhD;Mt?g#!qdWV;W5RPOBe4Y-L)AKV`-XWA@DV59e6gqsFJ_|PSN@bKU
z`)-Q=V<gQ<tB2`y4QH5A1I@UGB?{i}@Jw*BzmCx>ffu!&xBo)mERC(OA#7&pY*Ed8
zs+^W-t?1F@WX@s*9<K)lpcO8=(<sze^kWcr*PGoK@4R&ogpJUszvI~knaSruDwu@l
zlVl|<==GUa#~Pr9@?_MRIV$goqc>JS{q~;XXsprz?}YI<R36x;Rc$HJ?C3VW`bOSo
z-BoSOu1Fm(b|&d}7L63MT?>R`2%yG1BX?4fu%D2GSEd(tE5mYgMwo?*Up>DdX9;#v
z10H%c^TirdmlHma>#1H7i65#_gmc?$%>;QhJ@qRs&k21S!vC|f#UGY{K}+L;hl$aB
zLUH=~WQGc5f5=P2)%c`B?4e0Vuo!ZiuNPj1Ldq9duF<#+KI6XFv=wmE6G=_ykN6tG
zZE%+=<lfXtrZBoBr*4VN-7yQ?zvRk#^koFDa0TMsNo?q-NvC%Sg*6gyY*cbPoF?W{
zKq(~J+?@t)PrZfN(@?FrtIFM8_AAZ9C0*zP2I`C~YXbSa19|YyO#6>f6S=KM%G<@X
zeA#06#twRu?YPgYZu`<J$a+GDMLX6KM=>xWN_|&*+8&$5ovnI&C^5-b0<J3gBX|&R
zua?nu+;{D%^o7}iC*)Mwxpp^dz0Nfo*?eyug(zuYJ8@q}#IGaTn-$|QMxg8@1mj=s
zehpV3yf$pMvc?jXpb>K3qr1CJJU?$t-{;6dCD(c(p^$(PGKbvPBTy5$Y`WZl4gIq;
z{vJTE0c=a%6|CB!|2;+gghN=v?@G>AqHk7gJAdZD&fnKsk1e~d2!GKN@2al?Gu+WJ
zwf^Cg6AziOz6DMxH(Bgs0Sa$B=N$K}R$ju=sX&5&^-dey32BF-4zrJ4nD0^b9is91
zpFN^|!4g)5m?)rQGo&cgs6k4rFWAP&XkRsD=yQaLTP;m*GLACe!}lTIwv1_wZ<D97
z?-eobUHt_1G6k|S>{yMuObqo?U08KOna%Dm2LV`3)%8hxoomAbNzzPd!m%uIj=rVb
zg1)v2h9`Y(9SkS>uf<HkQCI@iTdTs#4UcVf(GB<WoVUL5c=S4GHHV6P@B>5-KO6q$
z9b9%55f-6VjM`2qliP7yK_7V)dNI<i3Sx-RNtxhnpC?R8drfy%sfOy&-4HK}m=v;{
z?OMG;&1UIX%7`tGu5WvQ(VZ-(qZNk>4)+QU&8fo>X`*zii})j{!E7y@!I8(A5Fqqk
z3V#r|_lC`FhQ{G3ieUWPoqa8pEx}aepf?d^u=8d?>D>gAnGm`=*Y0mCuc;*kaRXHz
z*X6~uaJi%AJ!FN|CaaG=gm0Xdt|{>i0jv$GT~)Tq*&M~UoBhJai>cjiUQYYKjGx(F
zpOrL3?{19XxBbW10$z)q>~sA?yq`9m;3SU=G_c!oa$24hp|souw9Ry`or~gtRMn~|
zGq*oYoUKl>SReFN<<I{ZpPmqa)z{vW3f6K)g+t!k%w^0p-q6}~xn_-3v$qwn!hVtt
zcTz`Z5^<k{-`NQ_74xwFm|1p$NL80}kY?4V%0I@3xs|WKr^s=txzzf!SyuNcJ2k>2
z4{tVffEH$~9G^sscO2(>HWW<Ts+8;yiw7j7*e=6hB3Sw}!(uexwgHJCyxdqsP(>yD
zvMOL^Uv0#S?3f|w0<nP3rZ&m*#~5}k&4EM43a4uAtQKXm=o%-he=x?Qkr;Q*x5{bc
zy*6q(ij+sWjB7Ao$olMdO>X-9E$eQgpWyL#Sh#sF7T)z9Zgx*w-R-C7EP$qyf}M=1
z-EJybZ7Q$FdxhwTgs?Bj9UaBAxvjGo^Q#7<Clo$(Y>`A~I7`SfTi~<CI2;_v;Xp8!
zCmYbtZBJ2KuPa9O<{Td0ZVfKoRFpv?vmFGfYW!Mh*zcbMUX%IBTK2qYxxs2BIe<W7
z%3f9==`Ap*%Entz$3)P}!k55q#g%Z2KVt2JMK@qeC;phy=94hFx_Cc8jBtIcD3(1B
z>kKfN$lMBJx67U$Im5=6IgxU~lzQ^!_l$d~Rx4{c9Euu#@S)p-9%)qXg^)EH`f}r;
z9mm*cB9M};ON1cff`<ho<lH)kksAt8j#vE$23%;I;2OHO3m6Sylt(ULmTy@YwBHV;
zf3=6(EDbHdE{>qyivgVX&So;JNT<o{tows#sbBe;@7mBlBXm~q4-T^eOm~Yn6Wz*0
zdNGu4TBvkcP+bow)8`*2yaclk8984QXbwT>ODdeBKv5JK*vC%s@h!o6bECOs-!~mc
zsQMHGggkCX`vqaK!>j6~hCLxp&D%@PH1d|Lwbe3nhlgSs-aWHE7Q;=ZBmys9e1Fbs
zW!Lc6NnE=XLXovq@iGpp&2M+Onp!?5^jsczJvz>wjBK|Gn4TLMB6`*#{m!e2Z%ayd
zcj@Q%)qCb+HGVtAN7ME#sud$wsjOIAX1<kL(sX!-gHq&AwDpJI{Tn8<H??n%ku1a&
z2>!W1+6YUQSZ=ENrNuFI>k6A&<`amTu|i|Je4_j=#Q0jIlHpSPmBuuGBLkc%*}nni
zC?atMyqd`)d5KtPC5<LKhkYiGF9tSljzBsMeh)v)`aMzG>|%4;^nP(r-U+qc>j8F}
z2JwdHqPtSqLU2dDtP#>1K^%85F6DwXk3}I(7|cr->Vnp#hf6A;I8t<*c4-*~YHv?a
zz$4wALY&<)Ck^{PO&=F}Ei5K0&n?2dFqT%OuA8nZ)mgnZXx)-nyf?OOl`3>!He?EL
zVB2a*PN2O`qz)J?oI&KvP@?e62@mgfB=(7SU!TUW;J-4OJp-F=>2Nl!+Z)liS<vQv
zeP@N#d~$zw`_<GwV3je)O8JdLTJ7&G4IGI{dglT_aYgc)iCP|N25--aD$pdZfiVCB
zuMI+;O1;d(AK03;q#*S(iq=^1kY6x$N%R<-|H>f|H!SM$4+-Sv(P~F#^Wxx8*245{
zv1jv<xnHf}1>MK{>zBh1v*DWtvRBAjRl-r3UeU4IdLwrL$$3z%LD=t{Hk9Yysit;M
z#DJG`7$;F%o3FF%G{-B@=RPxUg`vlMJT}|u2<p>iuj3<8Q*DB1GVIBdhFlFC(Fu+v
zMBh9{cIqk1UgrCVQ)O~$Y_8n1f3rg~1E*7lUSF-JU1j%iY!irrSf~tci<w&FX;4q^
zgPi$1ztdv;Ue$Hmm{UH}8umDGAuaiCYOI`)=Bcm(Hq&P@gR@|GF>r9PPIe-$%m(z>
zG3_E?ygtHXG20Iz!sj=pIu;o0ha!bLP0qJ{)=BFNma^3IJ;2(vUHJluiD4^Iz#{y7
z1f~RuU!5kDUL^Pm-5;nfM#>sW85SH_{<&Z47#kqslzyoos8AbDbAH^}DsgkYfdA@g
zYcQZ!z#5_b(P12s!ic$ddYHL6Jp^H-PYz4YZoKt(q>V1a)Jx$@2oX*KCsv>g^6tcT
ztClje%=gMEpS7N5jL19KN>_7NG}Q^s=%`;Uzp{I6!+6_7l^h0$mqu}lZ7)sp2}vH`
z-3+3z_b!4}U{5f=z6zMph4w2W#pvx$4k2~x_cvTqyyjVjBZ=XKIKcn-_Ey4E&+>(R
zW=RaSJlUq~&dED9uUu06&q#LH6|6jL)!4U8Oy#xS#9T-2M4)$4ly`p%tIfdd{K(Q_
zPgh##H{^4KR=e@ojN)y|(<nF-jlePb=sq5hIN9!fiUA2=k5ditR0gC;FOnW0;EfsA
z>a{2vbL*w*43<DKha!*`s>s`SN#97m%5J;If@l<Qo*c*<hyBiY8g-qmobN{%W2SNy
z$E)_LMzkmek?Qu<@U^DE?`+Gc(+^-UVc}axRy({q`(#+Qekck%B|0nGDLk5h%S_b^
z<29-9vX2Em(A)8knlMm*=1E8GYp@uN7KilZgX=p=ks;hpC>EenpVmiw)5UmlGqc@#
zWvd5O%xmj;i%6H6yVmB2Ve<?}gp(`G9Ta8yYQ}n55j=V(oVV5f7HYkgAW3veaW|7`
zy_7k0GFS1##+i6Z06T#tp^>BdUV;d%+GvX$hOHJCmrS!|Nsi`YzG2>3DWSnR<VbL(
z#Im-`6^aJIyHt#x&Mqg>&zMN8T=htz<u<E!J)zL{QwC!J2n}%9bAc7hZq&TJ8n|HI
zjTU8^&bjvXIP?xI|4i~nC@T&@ysJq?R6f1};XZY&e#7rxrdLDZym@ne?LrrgIt8DS
zdiPzjmc@vXUg{>>hu1<*@)92f3D*yde(ag1R_`m9f=Kkwh?R_21M_Xx<I&L_Mwz!#
z@BgrQ@;EE2p9DyXixtAGMyFL4F+JT`(T5ZKr7GR%`Po7-JO@F5$=RVA?XpB*DC78T
zdpm%!amO>;AGtIi2%aKiHZU=^LlYLs()kuN<Xa3|tXaq(ukPDnDxch8p%00n^@0pt
zTqhEM0&8WBPR5(A?<~FuYc*2{LeugJnXfkr;6>#QHshwsc+Cg&s^%e6EwQ&~q3+P6
zg?I`6Zxtx^Z#`|6dazpQF1bDRyQ;5`^9sw<*?C)!_^Vpcwp*E_2JkdE|M2|m2cc0I
z?6K^Y*F)aSgZ)XgJ}WG`OABdT6+>ZvXwW(;0DLAtD`tr1t!Id(lYG>aT~F4-iLb63
z#><)#-RitOZ6+m66A3t`F0SLYIAWE%p4yeaNrM7H!^%@J!#aoejsJO{=#!?arA1F!
zf#37Mc<%tnHjNCcQr7gk(vT>Ro#el{tll8|7#K1i)XJhu_BGd=y_%VG?LJGw(=Uj(
z-HA1Gu*52j&BK66+LuDAu9$j_8z?tDolpp%_OK?8{#-{96Z4u{-}C!rhbpnBlO3Fy
zw<MqWYP%J<tu^$K)TD=1QMqCyfZICLGQkj1rV$O7O<(0U;tLw#ufEBhYPwA9cdSFQ
zD@CL<`PgD$z-X($u$imSaN*nkgXNhjlP8-uL`}nmT2OSz0ZNL8Y;rUd8hMo$*ElVC
zVvCc8D@mL?`dUVO-?RDni;djSdV`-$>Ebt+p}|c)j-S6)3i9!!J)qiEyao9m`A&BR
zZdJ4$C)Q`bLs!QDPB(D`bQevK{Vll(uk0TLPfQ)?$LpzxH0R19)jri1HF@7jeI-pZ
zqXM+9`_*N(5Du1A<)I1TG4Fq6jAU@r#_axZcyn-VE`i2_j7gi23K47<(6bqsN>}qh
z<KJ&bj;A*B{Tu|J1og@<@6okW?>Dws=D>j$1ucKRX3dM|p|w;z(PUf3@S`b84+)3q
zXI37y)CNqlfkM%V9)s&Qx_z0OEsY7#+ggLJlSnJ3!Y60+3XUtTRy2D-YJ)7*679>%
z7QY2sUlX|K0#3}OEZj3uyylPdNp%09MhL?9b89_ryV2^bKOwZWp1c9mzcukNw2S8v
zQFve?b-(4IR;P#vwdz$1NO$U^CmGCajc)d8yu3}17(C+oMWT?|6*U=6ZQ-E{J9U+B
zHRigvJr-+J=P+$<519pJxQz^nW_jBS)}EcnMoRR`A)x;<+DcvQe5;YQ7@Fvk?(Un=
ziSjnyygKv~bGqLLh04)S6#V}AG(VuWs-x{9o_Q->CUYIQp1~TIL8F4YM!AdeNw~`B
zVPPCB=<=H-r%`k|HPK|Xkfyy86Ju&;gPWe;%?H!s2a)xnDi~h%kixB6E8U3;h>~>L
z>JsHi7E@G5$0wCTsgo}>@|Ud{KM50(<ya#Q9??54Q`3`n2z#K7jS@YN0*m>cUbALb
zFoz!?sbfIP_|y0+?voKrtT^b(;2RKwVCcR(`YdZ)or&mri~itR&x~!7$=iyh4fA!0
zFLep^A`o`{50pMxCqdYf?pPY_35@zH-`7fMs}8GG@H35Zkddgi{$OB~P0CyDZ8ADK
zmfwD!j+A~*Lh-bGPLez7E4*>r50r;^F=^xTW!3n87TDf{oI&PGfQ(osjyoF$S2EQ`
zBMH;#bF+qmSjH$x9~LKsnX}~yjFv@gUW(_bhZx$k^D8KCNv4Y@o-vCv>d5d6PA1d-
zD6+rvQ5F?wUzGyIMACQe=X~}MX5!SBl;UN7i>a3>r9@wDY{2S5nk#DR8-<w%m@~gN
zO`W`C`_-H0BQfL4Z-fQ_`3yl!P~D$58@7|M4Mr5U4kdlJFKKt}N47*R=5G)!QC6e!
z&oDhb#j@OG%B3Le9wiX~LPoO-+(O~o4<{lY5!&3}1WfPOX?)NwL6}T!ImonXF;v$6
ziUkKKWl~~Tsqxb@Pdb9t@x|S%pg8RfWwk==^O)_^N=wi6EUp5?Z-OK?i&bdLk;7P(
z`nM+!F*Sr|<`4fD0BAs$zcx^1Z9aZ8T2wh_(ZbaPw~6KPK>;k?v|5a=Oq`8{=(zA2
z&nqg{;S6@oxSSQK94xho(AD;=!d4MMgqO_FYLnJ`&3;jZ^1Y<Y$!-yC!*v?(vVn3M
zMfs4cH`GdC?UJf3b@13A3OX^kHeC^DB~ASB7iC>i)rq%91oQrLA2Ru&Z@FrFCH_Z^
zT<hUqiPkvqI(1Q0MC`@G8FXY5*MBH&Ax^AC`y}2TlS9abv$*ZP)yzI3&Q%Am+Bz-M
zo35l#8jFgK?J|qY^Yo{GL2X-<l+r88lU;h(xt=4NtBGBRaME*+W<d^Eaw!lSE7$O1
zyTzp;1o%{ARr{H{lnJ+dN{birxci#E3<#=3?~wW6zS&$YwmbFdIo$EaI`-_$;;WhS
z>2T>+{1n`gS)(IdcH_#V2+aJ|iz#o}lIR${VO9Hx)OA)NgD&oc@2(8i?XM6UuG={O
zjz#Lgalk@YtS6xXl2=_#kZp(f7OD$*<jz@K`Q#ifmptA7>26ZWq~YA<)*I6t@>^!l
ztlh|c+sa64FQREdK1aNK>DW~Aqn8(|Jn@h^tkj#Si)1{|e2OiFixcn^LpYj4`LZkD
ziAR_p?eysnSGY2|hRUF>_UEc|sr#e#F1Sv%uvCiQQ~Q-G{}ot+?1WU8vsaFJ$$3?E
zZ~7JVUcIA8eAaA>>p?P|onQ0l94>oY+ThLgWM+A|7LU}<kB?I(OJX0o*&PIkNZ+r!
z(;Xs;9WvHP89YSz1?dWk<S!$Sw_g5+fJ;6iwRc}0@71)XoOL*MOtO;6Au+DB?R%JZ
z@Aq8x<WF4l^a4KHlEe0e8##0O$MpF&OKfQr@wvII{%j#br@YN=hng|-f@Z{eN&K#&
zOCdZD@$94D)9!|E*cg$_TN9(n+v}txbp_Wy{G-G@m+NHge1B=KXdJcU+RE0O0)N;k
zlfeic8Xtwnk`-)}U0S!A+d{GR4Ng0Q)HYpxUK&Kk5p{HXSL|Tg1DfwSV&4mynN|#o
zRxs(-&uIBvHq)-`%NcrEQL6CQsA&TWo8<qkd_}0b#;Qs}B#(X`g>|*sQ7mFC$5iLP
zBLTc|uy(^94!3Q=d*`%Z&9<GS=h$5W^C)V2nU$1eK$B##ef4X4399yK4~yhO?UPIq
zt?3pLljWF((Yk0EfPb!x2ie8U{dh5hZ~c(F_WLsPsvhJNW)c|{O`)z#=uM&OD?*)A
z9MLpgQ6ELSvqSuZ>jr#%YARp)$+1Y7GO4UW>0=ox#`UDV<&;WajcZZsk0qVT)&W$e
zNIEM^D6q??>+x3^dz%E{C-J+6GdWeOT|WLWjw#ZAf%L?Tb^96id=^_?y@=~uH=t+h
zD7s9X#DYs3QlNM2*KzoE5hWpko>YCapIhd8vGu*aw2u#`-Tjv`<?vSC{9rxPK3^-d
z?XkRldIMTEk7M!kO}J;qI#%|WNaoXtG>`M4hnF}s5i~!qS<ZU_UD<t2Gm_iIasBh>
z@lp>-&wV$xR#RmOnS~xqzA%o+NPm1p4f@x~lRlW><C@XR>{yJYB&Zo5zkC+MdqvV&
zW?16u|20l&!{wE6`~8QweR^MpcZ;R{#DP3FD1=+4tra<KqrhV4?I*gEl+b`DU+YHr
z$_?DSPSVrozr(}0v13C~tzyVhcOfFIQlH(-2L-V#d!{Sx6C)V$z=gD!yOLQ8a`5-}
z#9zX>8b~{Z3Q|@1b&=_lpSW->f({P;qCS7oNwf}RAl`l;o%J#8rDGTJ#Oq>M!H4Mg
z?heLJ9>asfqv_Hqp095T=iGNvD3lKJd4`?m`*vkW`xqX)w<Cd`;!q_Ib}?XoN$eK}
zs4FM?GI-(TJ>2~2IFg%1(0<$)*7mk?^DFapDlc;maV{EGW`^ItzXL~yHoSOYLt3})
z!OFA!s1m_rA&t$&0dyYToaWufv8StDW+9rARnE7HDb=KEmA3MeHq@%{(#fXPfp^Sl
zqznk)#jRUt*0C{tJ4ij36q4rKn2QsdGIe?~QySFDl=5OSiftkw8xbAq>k^ip0bY3g
zyq#NS<uUt<GijF?M!P8&@`le&UifyS%TTOVaXz(mYqQ&BMpwJ6>O$Jsww=%R_;BOt
zW9Xd}&8%me5G*r<oT6}k{$wgs;zJ1Q9EeALG1gUkxclQgKKyYKZQD1bbEna)d9)`(
zMh@YV%lguxp(oa8nbDL;Te(L}sppc642C{@hy_od#h}iO=#dn~rB7VUmyM2a(aZBF
z@bnVx@9_(}@sXLnXYDM=OJ;Zhem)d@`5s>dC-d5b-gIl%lm~7bNuM<fd3HxApUxaZ
zJ8AcELnrdV^(~~nY8|2qjKQap`fw9EHjASDxs&-aA&*CAu8{$76_2bc<MBHtF(fgH
zpWbcHC-1J|+pV40_wfWeH3_Hvgfm%^T*)n8&nC}HCMAllLVUTJ$JTlB*;}J%C*cNP
zasgN8uHmEQd&S^uRuf#l#*J2oh|C`!UP;$W2XXe$rnK+hjoIT`F!PmJ+DS+$DWhqJ
zp0sHhBIjF>R{qxmEmA*79RzP##FewNc;@*_IlWU1y?XU$#bf<s(5-e&1a<p2#PNHJ
zba>;ePMp@Q0ap$i!}y}b+?$b2*6hPHIjbX+M>XN>9wWFtT!gv^pw^Qw<ioq#(lppk
zmjDZ?y6mAV3~Iwt7$3=>%elMI%P}@0L_@yt>{<c`3}ohY33P1Rh)bV6mkS5BX8GHv
z)3IeRy+x;IWjRQ0*@f>P9?Q^Z5q_=2PW6#}b$p7{LyH^FVb`TGGzpKUl_Yc6TENFY
z|42&Lv-qe_BFP;Z@y`3_aE{FSD|IHIPpc@pG*i8mE<acqJ1ChazDt*VVw2MG0<4~R
zXBYAQ)0>!h-za*wYe<)~2QX_&6CS)~J#8oU;?9fO(6M(i&)$CqT^lrH;Rly;Q9=me
z9fPoCOC`ATSc^^VR#%Q(Kjc$vL#)HKYVi1V>uGdaSMEEnIqkc*<kri2^ZkR%sg}u&
zpRWY19Tz<$|NgZrqncMA*J{Qu)6sN&C2lWmgAE6Gb*+`NV$-?x@!gV^9X~0*PU2lY
z!RAGn$02V1W;t<_FXrjwaH;R1EPk*B`O+OcB&^l7gmsvkzgt3si5K!ras;hfb!F$R
zQ9ShFd{*`!Mam0pX_@FtXEDP4;`8_JT)|DnN#tJEoR&=+^3YQqh}*e^%a&=mC0)s%
zW<fjg!Tc(^v~5T0SUGm(6r3N9rTcM&hE4i-fb@GGtyl3wI5#jxCJEQvFjahWIGsB5
zW%=nPT>A5Fs!DdT(;35*Nxf;+x*KaJ`Qq!;iIgNSUDNm2G5&XQ@=up&HoU4hxNS3U
z$_#33zj)fp%(!Q8Hn%;onM`T0s_X*h>5{xufZnr`axjynnMYVQ=P-^Y4H=#kNpG?^
zZ~8*EY0uifkH-(&7$LK69Y7a-yM)K*q`Fo%{2Mi4Xv;`^Q};9OWzn|fh0NNKPh8Uk
zdWmC;J$!(Rz8A@<OMYrtI{himVPk3$5ebcnswidc!2<Rl$!5v^0<jRQXju=o>^#iY
ztTGXLg)Cg2!p2fx&gv3FYo96}d|?p_b!Eb3#1f~yn)H1K`6=Ct30)h|Js3WEegSWa
z#reiWa%HzDp8hh6Q@b_9J2Q>*o?lI&I575Sv$M)Z`}X1NJ(R<Nyb5;h$zWsAAwHj-
zLyUCNflZ@mlD?aBpIbv#sE<ok9@(GHvcpAGOZ_>d0=H~WWqW}*o}(R9W@DB-7HrNY
zyWA#|#bTE3kO8ku46>%*$*070#74`u&1jvnh-qtesaKctcJWGqKciYTptCr@cRpOm
zCu?)$n2k*<({MBmrAO0nR{pSr&$gAYVQ-FW(wM$CmF3x`t~}KsdGV}b-=-9n6nSt-
z_gFfIIe7PtADD4Kmpd&YmJ9fKOFHSgG?=xImv-10*s2lT;w$;!XDi781-!d_2XE}O
z(zj_O{aX}r`-l74k)FwBNvqtalEs^kkWwIOTReMVQ63Ao<xnh2efyR}__XjOKRq8?
zNJF|OhSDJ}fNd*x@xk^IMh%R|Dt7n5t~8d5E$$YFusXe*Ce0h;UsTNc!-eFh>0RiV
ztonH$nNbmpX%$6}paQ1J403*<pR~Uevn-E!TQg<CYI8kRSD2p0!hMC5I;9@8IYb1^
z{W*`|Bwu>BY{;CC7yMs)X8~B%kv;rh+}(kAf_rdxC|0ycTd2FcZ@YC}>RaEsZc9sP
zi<ClfcLE_0Anxw+zH@H!*tFZ-|4LKYZ+`6~@7+6h<jk2fXXehm!_rfA>`pyFnnM8N
z`$jM#u$udyUdhS|N0K+^QXJ;R)Q;f{=vdDSuYb??rFF!2Y0tO>f68|6;KDDZo#><4
zmZ(+#WOSQ)fR|GnxMEl|y<>xkD#>BeAJ(wnCe~J}U7f+o0%>RI<<yF->Sc7jKP87;
z8GSW0**KM&&Ca44KHru`sMNu@1YfGtPV&`}Ts~P<M3{77qvJw}3C!n3as0DvQiqoM
zOZxehIE2SAu~P^GgQ{8b;z~Zw6Gy<yjh)}`BPXmKlY57AV%tHk|L_PlA4e)ZU6|1$
zf`NgxJoDmL{N;#rhVCjbMgDr!vU=4CTw=pHL+n8pTNYP7zmfel&E;{Bdim~TDOD{U
ziFJ*Xt28f%kB`(aTiWX2_HOK5v7YNU%ZS;%iIn_ODjfY7-(GZC+F4F%IUADm$g@0f
z2b^;YSeGSrzd3`_a6bl0x=GPa{Q2W=Ia(=W+{P+4AIg@&V5@edhzzQls`>O-HAy|9
z>EM*cRd1(|U8<wVOx6~;F<s(vsyo3;Yckj+dEY6$N^co_jp-D@;Z@tX^_w)2mpG~U
zg{(>~rrg;^vee0LUCb-xs&lJj{h>V4PaNm@JU7NhO9$RD6m}ovPfMi@dHAqM%ADv}
z%}q~;eX1|TuR}Ovx<?R}cbF^Q+{dYUsWZvCimD(-9F6V?4D0Aa?t$%G{$36g7x8sk
zHN8f}Feo;JihT!o^l+J&OdG|LueC?TKB|q8PTNV!T1y7+?#)I`p(TTg3N|0j=GcjB
zmS;C{;owO6c{T9W>U4G&r}60tXU267VNkR;C$=2olO1VfdiqNnXvc`48XkUjB}=7j
zmaT3<?VYy64K23Wp{STOhYKiHn^Bj+d)t~AofN^aC|^!|wS}9uWn&YEQYXCjCufmT
zQD?Qw{GuYU@6{5Y*i5nc`$YGT>p)TUSCK#URnixv<dWxD&#{_Xvi7I&WxhDmGLVt+
zzMRY9Sec{r31w^)dz!xg6z}EPm^eI|LGd<Ltl5h+U#iQ*4jn0`K?Wf8De1f;vY0qR
z!+5fG)p{QMy2P4gYYd8#HV{UDw$&HJDX*_))9x&6(J@T!8j4Rr7UQ3j<9gdi@>f?<
z%J(VxREs0D=ST(N?S1L*S1oB3(QrJMm1(6^o^B7#h>t*RRV~|-bI8<@v8&j`9m%Y8
z7TY6jvVW{NYkyh8vi%}3k4ipBZlZsT55qe;@ywt1v9_#~9VaWLu3b5LB$It&BbuKa
z{O|dh-uNjQx8FNfDXFk@dPfVZZlPANP7A3)w!GCw@v@~-t(05B+m)d8`!IBrtTPXd
z5>}@t^{_e*r{k34E%)tzaJ)5|uFh^)!+pt*)`opHL#K<>Yu1j~dTv<0>#Ao>U*l14
z_eYg!#i64+D~~O4H8tYhvlGepjN+R4FY}o$Y|{$Tk(%WY$Td2Rs+VY-I{l?{f#P}U
z6Ci)Py(HJDEEJWgS~$&<&dX~LucNTm`LW(NA?LIqI!YY+?g{-amz<_dM$R#@q&+u{
z*Kc~8`*hKV{T7g>VJ*0jJgR&&KblGVyDd~!c16>3dK*adZOQV-NZQs^c}sj+PEE&p
zzFp4Q7o+K7K7BEn)?H;dTX!tt;M=RX;IA@rb(V0}Oq5(Nms@FBQ{oa<*SY9-)dj1r
zB!Jef)}P)|IIVwzRd;e+)7E;@GFbPHRW@?Y(pUMdVf5y?S|@AxBHwjNR<oda(E8Kx
zr_+?*Dh`!{dd->#`Ewc#XMcx*>aND4a!{SN?l<W*E#<J<fXcYlaZO+4qKC9xdTopN
ze}JXaE#=j+s%-6guX)q*Sb8ZDX?$8=s)t%`9j&Sk>4M!Kr=_d8TkE1FujZc?r}g5;
zWfAn4P7~`XZHrcYOIVHX@5=ro^hqgu`_OXO-xXuo4E?Qn`!N#OYX2$+38V7X`qb#H
zvdKrwpy{b@oYudVy3_jBy4Tyhny!^UNmtvEmQnA$w=TP);Z+wktm>S`uX58g^tajt
zEvw4f>ZCOSiR<(`VdS@#MQw~6wx&xoKIx>Ir^z%w^4qTKt!<$-x^D@uZOoFBTql1l
z+n~Wz?kZ!A%8uF^Esvt@NoOkb+SWQ`Kdy4qplWmM`efIAEvL2x4RhMA%X!NdYCQ5o
z^P^!jZo7T7+ZEM~f2Id26OBgW&^)Uhu-BOuPS4xdn%L#2@u^N*c2VN9@-Khw?OJuf
zYD2BkvihY~$E|ebuhlQfIc>kzJ9Xr*rf0XOmd$8MU+YH~@5&+TI(z)B!|44vm8q^j
z(m1t!sJ^J&G`w9$f9kl#p|(e{*Pq6xX`Z%KKSIl;?ZK-5mi%bksvCB>tDIEN^tiSI
zyRB7cPy1#)r)5xG`$-%BpYiiJ8UMc{it3pd%?B6t;hFoEv$|F)++NYYCRH^Izj_Ye
zkMQR9hgR^&E`1?Vi}L;&sDsgYB<1&aqESZHx|sFl*FWI;r80U6kdckSU@#c|r!Y>&
z&xLx#I?C|U>E+*mgJH-19(-MytsefbjXD~wUwN)K0oCI-7z_r({~V4je+~aFIu)gl
zqW+c~3`G~u`Fs2}91KNYtLyLiw~ui!3<iVYe-`6p7z_r3!C+_;et%AeKBuhD)a#;~
z{}jEoQL2j%f2lh~O;9fB{a?GT>K47a@UX4W1wXp=wl3Dv@0urFeDrgnn~UjQ8~-#)
zNw;3Y=_Ya3a`pcLEsM1f@Ar%dOP_yly)*F7hR9mmi&ZD0gVsAMe#ZJX{NLz8zH*Vf
z%Kvwd=#wr+)ki4Re*9KZJ7n2fu?=O?w*DO(VYiV#)lPH~=D$^!5>E4?3*B`=@BgR#
zzMKp-n8QX;{lPh0)k`Y-U$)DlI5iSpUjSCufPc@9Z29y`-stBbzuUU8sDlx}M=xH?
zx=a4a_U__fxX+%<_N$VJ`LUy+E7!GCwyzTZPteBGXk+xv^Z4tSC`;*If8rd@NecQm
zJ058)nwK9JLmE^6%VtsY;zT9}{3Az0@*oaIP}pcvzr32l$9n(gj)oY5p4ZLe>oXJa
z{aG9hEm!3)pbxDPAytO)_`Mf!<evWjrlX+-OpKRqSN)S&mV;6a{rV4M=R*U~r%Gnu
zbr$dR5C1po+wdPF4u*gGP*y!Li!QpU-0#KFsL}y|D37AHr(A81=vl23<HwDqYUv^d
z>k}HkMMp#IP{8~tEIX$&<i@c6{Y!X#Uc$fTXjtWOV(RVl_+V&z99p*%aWFh$Bl%>>
z946~qtpCrtl=G!dOqw>Hvd=H${Y8oYo}-~pij=5B^Ba`$zsY~^WT>ZJCEi+Pi}$EP
z(aKVfS09Jb7YbRAnTpU`hqJ;qM`1lms>k(Xf0>p(24#h7Ij2glkClD@9Uf=C!E?K$
zqV*l@_Uo)Ll7==4`!$-jDnofA<0sF-_F_jXPbE7KGidS>&fg*D^flz_q1y9iJ;JDY
zkaJcUTAll;4oGK3evnTols>#|k4yKN@G0i33tnL4b32>&70}04^}H2c!e|3%Xu=^l
zkbdpFu&F0)os;AG2$aa=gU_z!`XRyMC`md$M)P3LqxHCy9Mi`Qe^4)StjR`TR4~2$
z-7L9uPw=OmHW+=xNgq|Shu3s1<hZ>oRy@+FWyi7otE+h?x<tZjq%C;3vHjVPaKB(V
zD~hF_^t#q^(FSXi-(@kRJ(tKI?s}e}EA-iLr@w{K`m#R))*5{rP3yuQMjxS*^7(WK
zreB~dwf6j}?Cn)#mEV4imS0cENA*he#0n?>XuNtXw*y~&dJP}whIuV-^s`X;YyMg{
zcGXuapYpM%p>L_Rhq2OV6^A}XW`A7p2T0kya=7{Sm+5rZR*_+gEcAMNoc2c;TkELm
zOQ|Ds&bpZLJ7c9okb2Qzt*_I^@1$ORef;Pf>nrCS2#pS*hrZ6=dZeut+Ggx+@N^wW
z7)?{_P>*Svt&5;W&^o92k+N!>KZv6xoF21>)8i@!d$`kjCTKgg%Tnu0%dL-S+jZ9p
zqje#_HLce2XdRCoZNqlGvgFuuT-%$yOs%iA9;21xT34;}pjdfpN$daWth60jX*S2<
z?CL_lgkan>e(kt5Uc3BTw_CgJ>h+ord*1EkRqVQG<wN6=kG-S+aox8ZK8+<idz_Mn
z*5wcCU9OiPl$H^-=u%4V9Eg9ew1oyYu3vIB+Xse89;;aO%}P8cy~bwiF=&ZL<zbhl
zKB{X^SI^n=qiNXX_5(d`DRXOnQWpj7XY6vZ=f5@f@|V}p5E4Y+Fkig9jxc=Y^IY)G
z(dNfK?eS`!RHi?bmK+Wi8`;a-30p-=Sgjig@95@6@Ay!HtzJ_C+S6>EPdlP#?FK}%
zd{HRAbDn3xt0`D-7dtI0d)ehW>n)-!X=yyQHH39Zp#1YWgy`E_HLT|Iv<=bUE%kM}
z|7nR+%VoEfR(#D@{6H@?+%L#~@iHz!8*ErGH!m2#`NQHE-_eb=M+!tvZVVjRgK=R&
zoHM%{iMATH@2TOU%Z6E7TMr9$CA3>4KIK`Y=hxG7+7KQ*Ba!L-V{t7_;ZPQIAJUC;
zdidbos|WXtizUXRo-N765FXE+b7RRbs%PSq0bDyKjtPAt8PPkMUV#;CKIzJ=Gn2S}
zLITse2eLIapQ^Z?JUcszxFByr1H8$WPJHZ)B!W|NIH3w35zS+Zl9)X>mgyb6Shgcu
zD$9q7<9abBsE!d+26MsSX#8uAvoA+9OrHf;q=Nmr#dH0z2qHRl<mPd4L^zeOzb=6%
zF6qI<j(+5(o+PINCe9kdprA(frx(d}G2C};U(Oy9N4$d*J^Kccb1a9lo;|qMuZeuO
zV9uG5NGF#@cI>NR;o`xZ+clJEe=nkatN8AaG=BU0GE})@qxj?eBo<11gF|arn_7g;
z%a2>m8ES2<JSN_i18LcmS3A*Zd|yVNO5^zhg`79HKL@uTX7jOP+=F8H!+A-ZJv5dm
z=X$ms6<Iqp;uX-12QKQ)yn(SqhI$dzD~@w|`x6@MgQJYR_hy&VsPCcB=dOGA;DMn*
z?B176H%VuP$TFsXcWxOSgRiZUy~*yJb6y{2Nxg;zcoAGz%%)5mBW4ZeZmq9A;bi3&
zlU*c@!(KjhFdW<&JSvGhr*-7az9Hlll#`iVL5B(b7*ke_M`8ySPe`P<dllcOl{Pn2
z-yklZ-=9lI#4)X#KdTSt(opS8pT51hphqR^Q*@Nz%A^T>=;>F8*WdwM-`AfIDVMW2
zbq7zCQtKcM)+>YyX7;3A&Pk3|NuKIzm@#t*Q4aYWJLJG6mksAKNn_@q4pgS3a$LmL
zV|Wi1cXDHsZt5k*aqyJ>3~;X@IY*oUyY5)1L2zaC#J)_4tz~<*8)u!_onAE_%s#I#
z^OD-b$uy1@i&5wh!($7Rm@9Rh<Xy<d$R4~jA%b=xo`i&Wk+S&&-UGYw*qokB9S}uA
zLm^u-YKe-A=e+I>+_yZPzT<k+C;2EZr!~Lu$U-|Go2Rs;{@glI>Oj&gKUKhq;yNPb
z+KUH;&}DEp&hO;Gk(2op*K1ujkl3dqmx;V02KMLj#45fzSWM)Eq5MheXiBdzinCKm
z&x0|OlbF)Uk0HZ)u}JDJBR`w?p;F&d<4AC6A~~f<H^CG+dvd}2!CWyij!E5pMgBRI
zR>gDo*<s{nWK&q-fOnW5H%;%(&ZAj4dPQ=d=<7n!*GQ*&wyVC{7dLCiD@JwH>=E2G
zE}p4<J5Z5#gcErV3>nvlGZMW>7|@-Y#w8HtQpdK#`67=PZa6E7n6LoOpW2%lz5F<q
znMZ-h-pSj8tIi(A#geyv!A=}bE~LUPzt)Iu;1ertKZ#j`Vwe!?&eF7Mt{N7_7bQ;I
zb4Dj7ckyL)N-+&JwS;$!<gPjWm^(Ozp6=CbK2?lYU@TXS55zS#o<B_P%%~U_)}1J!
zL7gEdf9B2X&y5pe=^Plqzya;3-IGPObSh50y70<^UQ+jw#8&09RX4ZNMd+$->hSyN
zHsbxca&$byBVq5ULMm&V=sR_=wGI4)E`Fq?9izN^A6`BqhEBn5B((FSHb(N36ik%p
zn76+ZSv784BerSn-U7Py=*d|LHoA}M#}(2BdU_SG{-oF=?R?wC@WeSu%oE$_<QmAC
z-Tm0NH<P-kxE4K*Wk5hV-yN@#Jc=wepV|@HyqG+#KR1g#&~5)qPZV&ftd^kYaIP8N
z9-kgPxTU`bhef%HYFe(VkU08EzUOvh+Tc*}7lRn)SiqmYE9IQ?2NL62%8`^3hMqZ$
zyC-*I+Q0~^MQ+C(y_tMQ5;sp0z3&;s!SoV}WkA|vd`}WiRndM}Jd32xyHL!=v?`pX
zKf8EjG~X}V%f8|!y7lYMy>q)WL)uJDRuRWbr0i-7)uD6<;g1*eCn?m8PVIxS6{T?4
zA(A`KO=8i|cm@PY*^h}GukmEaklx%rtFyGd2<mf+IaU<Glh^hnDae<Y5I?FbatQC6
z#2M~I?95eXBZ$RwyW*dDf||HQt{)gkK)?Q6+qIrG2XgQlHH;T@d-r~kROcMwc)qlU
zz&M_`D2X|uYlFk<`SxHd8_>r5=c$Nsa+6MP*~7ExUr@wzt1@tJH<Yw{x`~oGGHCcf
z{&LH3POU!7(gQVIaLrVnAL+|eU+(8n_ny2Xo%*masg&vnmQ0Uh-RFCFs419_uO3HC
zVI`dhbmhs5$1%$<n+J{s@~3M@F|V`q*4{BZa8_?dx|OnScN%Z4P3EuCpl+SkoyNmu
zI44DMQ$igte|?O6k0idkJPccAI^P|sq_QNJkG7m-uX`}p&FRZT-QOS~l8=^5ru(*I
zJiRKDsD1<3azigDa%HM?Y%kwFp7^7CSQ`+|TQ^LikG@aVju_j(E^$13&T!_3=kv#M
zKVH0L4u`IaCS}7OdQ2L`3$uD!>p!MXP2v(U%4Bxn-6fNl5>UjG%l0$u{PDab1~*nb
z)`mJ8e%)il8EN3J>l=9L`f*I`>&>d2$4RLYhvRTMpIXY%(oyNCATo@PADzOu<aGYD
zuZphSg79|;W8+gZiL#aQ{I@9-cOApdYZJtiuKT;$H=8wr3uo0Mqwp$~I943y+AAir
zAW25Qg<aYA;xK|LvU&OYRK^ZU<iwUtPSrMXaL-XzWL8jbf0{-;>h4{+b7~@?((w-%
z*@qXzsq9S#Pv%DQ=FLMG-m!=k+j1xoqqlY6G5&hAgt_-G<c(NYzF3*emi!R5J}^-_
z`sSGy3(2rc`#`Q9;>-FCds&~^mA^_^0(^9T5J$RA?m~QNF;DNwr`P#svUaQwy1CiI
zkIv%C;$oJpN~1Qo6U7gYgkl?m`Xuq-cnPC3E7HNwoRnmBk~<_{$HZ10-IvPp6QxwE
zGoVE)fip(*5`!Ns20`k+up>{O+l81S4=%Z5E)Vvp;rVY4@+YTgR^5LFgFVaWHn0cx
zj}=R<BOr0aM@dI}cDDeLk$og$M=GPvg~_64w++=T*nK%?dOzO1y+0+N?V(aS`46rf
zCiNZ0A8(w<*z#l^-P^>N{=qb)rL*RE9c8)Me6k~*<F*bwKBXHUe4or`(jM-;VKP0X
zZffl#-Je27a$*!mUO$^J``dU=+R{#OM3+4_gC32JM6{QV;^NU<=X{FSc1ee8-)&jy
zx=XJ_9=vcoQ=Inm>K5@PrcGk=xKP$F-OW1<omqa(U^+NfF#3!EJbOVGY-zj6PU^#+
zrx)^gU<046Q~jR6#9ks7ag<+u<ZKqY*728BDP%P!vG>0IICvCs#jKGGiw}}8jdYG2
z%H0E<ajp#J8>vtCl2a^Md4%h(oXk9N)KA|AQpeOOhI@yHvi$Siyc872SBr<@FLq_n
zm?U1hY$#oAxjeh-2-n;&jfaM|gR(H5oHvxWMg_2T;~|pEda?DsLAZJ}am{VBSm0XA
z>(VyDhjyp8j;eo*+7h2QUU_g5(_QxQ<ky8v8k|65T?1vlKCGGP!^7)x2^%()EsH#4
z#O=eSgZgmvWIAsh$Y<fDlUN+)g}YA#k1n3T>amqPuq~g2xno%~TJ*KvgXtH};Dd4H
zJihz{UL6v7a_&I-l~#&#--#V}j%3dldw3+vkvs1_lPM+A8L5709lQ82ckvV+jV|QL
z4Y~NncOcfI9FKF)<kKEv!==vF1r6Yvi+dBEd6G}l>L|@E<g?A`Y(130wxUL|k~8>t
zcQygy(BCt!yR-!ddL(w|xf^G4PDL^wmpX9oH8WVCqv!S=c=o<Cm{E0v$Cg*INSyLV
zW+cd1A%go(>oJT<3J~>c(NE2%vkT*Hn#IyS4ZOJ~nZ5O{eDma)bgpZ{KO&evo<Ew$
z6VrHca~^qi2SfJ?>XpR7+XoYTd_PaD^y2ApepG55iL-u%*!kJ<PPk4S%F_7>tdVxL
zqkTAM>dU6OwBv@Z@ZM_ah?{!z&E=v8P7PE`8yJ0FPh1a*ejTf3?zMCHbCNUFE$z2f
z@)O>r58qxJ$LAZ8StIT3<J-sLqBD`!tdnG{se*NfWZ+m+#nR2GtgwY~^Sx&<{@_U-
z+)_lJnNxX7w|x%}<DzlytloHl9b*4Jyd?=AuVTL1nJwK$C0|Itw6VmOIn(-bV;7wv
z)^Y`M`C0v#=u<<7PSM<d!FU#V?c>!=IaH4v$Kg4V>{_~qrwgO_@|F>Fatz_ITPHHG
zem9RUZ)E038NB@D%xc^4pF0_1a62wImq{nLan-V&>^+#wC7*1dBw--Kni{E)GF0yP
zlxMe|BuhH-`)7u7@vM(IbTW^>+_;9F(rMcCEn^<pj5+sHcKNyC@<kRo5fKdU(nO62
zq4L;qu6p7isqekTD|x<*=^8CcRY!GG15I_+WE?)l_XlekJG3`jKKz6w>2)-Gzl|X;
z9Hz;smIFmch)d`!4nrPWPv};{g?zt1ho)-XO|eNjI}augn9Qu>Uo&}I8p+8Ane@kf
z#0>Ao6dBEzNqrvKw2rI4%;vr8cd^eaf+_u_U}8_~=tf<&GCI5Xq1~h{`JS(focMav
z8eUwT$@rIYNbDF&xOAAh?RRl$9qq2^!NP!C24B0C!)e*fx#A!>E-jmFsb_gInft%k
z%$n_+n3m?wbDaaoJ(xk7bnJ(Y=ddSL94!rJjn*8QGI%n>HmqjIcSkt%{T622xr5qE
zCNd;5jYpr_#GV7E_~WZzkeM)&PQG3;$Zu)XEi~%%<JF@XTAa<&4JDRBEJ<<V!LIGO
zW=TH^*R18DXAZLcU?#I~|CpU8Dkzjjb}ac6NAs&%y<S{UM?*$j4bsS(#Cgfsc9^?f
zI>P=pUuAhsJBB6tlD|KXaxuvJ4j(10Yz!ZDtLC=PzT}I8IlQ*?du~7F&u6h-mUCet
zWvx$5W8s5q*<I;MUeyk4{?UZ`dRkjO*KgUt&1?5_aK#~B{WOD-^STibIgQ(#_AqYk
z4h|kV#?{YlXG>%vH+nWwAfv2Goldr}S$;#EjuMmeNw2YS>gXwsWQp^n<<fl#8q>Mx
zyG;5I8bU{%>b#~GetY-wZFmP>8t+c;3%+MhS^@j-`7<xLBuE49KzT*2wONs!T5&e2
ze>|Of8p(s?sX}kXN$04()i<BN#ggP4Zd!7bx`YTuNjW=8UwmLsBgeO_X2d;5vB^ku
zdxn&ysDKRzbT{1`=HKx-*;0m+GJ4+Y;>%2NMr(gq-9N<EfR|?<)();_+?(5Ebehde
z&+KPOst3<ZbEa4~7Oc;s=Ud{Kr<F*1P?<De+9(-qEXd;0CCAy562i8*@vPte9UI*|
zsNKGb;>7+8?h#CVRXxkUIKb0iW^(_PhbV0<;*M|E^7W35Oiy-TL9leVljd`w(=l#)
zTdtQ*?ZL0UV!2ySu5znl#`Z=Y>>Mh3(8z#u+Vhupk5YU7D29o?ez8e60)c0bIq~#>
z_V}uEq2<*#U)H8F>Z%o_ie2I3EUG)Vqjz+Z46++Z+jN*eynKLN`_h^7Q4QCf8G?sb
zBUMyz?#H`WwmE}mH-F7`-|k%H=ZUkY7pLkgIC4ClORxTjZ*&LYA0Ua=I&kLHZd}l?
zk&buga5QZ{9WP%>kgq%5BD0Hb+s3giyZOVXd+0T4l3Y{3eJ?L#S#lX=#r13|abbp!
zo3%Z>v#pFykDuW9w}*J;-5h!h76&vum=DI<=zQ-Hk`JeH&qsS%C+(=304^9llJ?uz
z@r{cM9y?C4Ip3fAu9G}gw^Y8^*=QdpvX4N{(fwR{&nmVa?ZNRg16jIn8_90&6mDLJ
z*TBI<yVkHOy;k(9ly5~J^3!rTSk^@Tu{;i@6jEuGRoaW#AM0*X(GJGGpTVkU5AyOc
zPiBsBV^ohpT*Yn@UP<Rj@>XVkmTYZ)S#NWpXP{k=S26s~6lvzt(W*{~P51Zf%c=oY
zjCf-Q8~11P!c+Ts?vyvrOm?EArb&X;bM8YY*_~QUsSIRskov9-;K|to@!s_%vp&ot
z<=_gUSCkN>Z?BZRR!V!QmO8h22M|<W#=6Q%UcUNWuGZT_+x9Z<nY|Q?gLAaxAYqZ>
z2)R1r<my1d@)g{>{TK&7+R2~SRdCh<89YlF)ZRCUGc@VC{v7-|je_z9v58e|4GHJ7
z_BuEcq3Fy^Qx)5F7QMEbFZX27HGBy7yB_8qN#Cb1oo^49bMASAWmI#33m%j@sBq+P
z*-0w=M33F8Sf5-VcB+Oo`!gslc4)q9ZNGgdeOFaYy>-_^+aa|jEPf=7T}S-*O7gjT
z(+XC&dE&TZ1;^X<VRZj6A_E#JJSKMg<T|=svdP**>z6`n;y**m<`U7sk)tx2s+J7v
zYf#H<<cKQtR7cKHI@KIGCLUv`pCduFrF>-HM%%l2b0BLZ9u>zMx1Yrai{m+OLO8zS
zsi_X@4tLen6*TIa0S|Y4L>Jv%#iLh4qUdXHYisE*Bb_T<jx+Zw-3ir|m`;7z`ph&g
z9Nmc-UBhv2lG>5DT*Xl94t-V!tx7HEwhZoxHV$r)ANp!v-P0qjiu@)S#mRB)$4d%x
zn_pz*rJIjA<0%8$AKwpjlnzOEW7MshUBqx#mCEqf!v${-M@tE$I2PLNbd>TJWoJ^a
zTU*O_^?pxRf{Z*HOPi>+wzhV`PrUpJRU&66Yx2U{vRglPBwfGZ?i@I%8L|Xq-PfNO
z;K088a?;fpTCeGK<cKuNF%rI&e`KK!?NEOQ9D)Kldtzs6i{{SRyLl)XriOWPB;%MU
zq{O4I;q{h0OZrZdPiK9#ugdcu;3)r<h!=0YVbtBt(rGtWZ^?7>j;1bJ3H`ijDlRAY
zq{Qnf@$1Cai8>;BOT3oQqyicn@d@b47f(#(o*6xvn-ooultP^)-FiMJN8+nf9ciFI
zI<T_xCS3ZslDWSgTe-+XU(=pnM{d52m_FkCG&b)d*^Et`q2`@ft#Zi;XMLq^>suOb
zZj>(H%~3BO`t}Lqt>Iz3{rY-r0iIBtL8cbW(rFKlR5VCAeNWF)+i6fm`j?QhNK~ac
zs+jV{-BD!bMtop4e|&BOwyD!N`TR7l7^HhOYhJYqL{^$uXb_8TU&!Y3JF{p|J32|W
z?0w8XMk?Pah~n}B8uW<)eI>D1oj6JLctl8~(m6F&mrC`?_g3vjv37H<s-VV8GZBch
zRAG;9-MC^*N6s6b$QPe&V{3LJt|Chh)j=tbgRhe~`r?AtNWHka;wP8Ziu2{r-bUGp
zYEBlnl)KiEQc=_%4q{KfK8*YD0KB|nxIU<quhX*`5-jZ@SoC#5XD%Pxk;IIBJasgW
zTHS$CQD?VH55B&827i{(>p5dXaI0>xCOR}kQEiJ}x=Q;?DU<GAHNk;8Q9y@UapJWd
z)jN_}QYURr_jcGwTE`yb{b?!}PfWnE^~>ZeM9?;W68ziA7$F^ewR{r4wj0rP*P0r3
z>wYaFUoUM(wIXXT52ju<o8)Wya`xb81_q10lMYIEWUZ*J#M@Oe>+Wn-iFaT)t_~fj
zE=iYGF4t<@l6OhP+8@R#+?jw5F<h=&w@-^CZRY`=KO{OLNm<HRSIN@%*YROMA9DXP
zn;XxNk*t%CY8wN4cIEOhotV`tg7?G$I$GvnZTYTx<)(TqHbbl4N&k^gD;2Q9R1}Kz
zw9Z5iTqW;55z<LJdy$=z*?e5zizD$kNW1b9$MF6aM31LUxAge(L1NE!or$HVO%k8z
zVsRc#x)wtF6R&E@%j@x!?An^dX4F)&M`sIky8<gCDtAxZq@AQ3$Pq!QTwJBEXq`*R
zw#dAG%>l06RL-YQEoA-eLkOvHA~>oi-!GZQRpYxbt4BM$q_0pXLhVXMx}+ohiSAgP
zQCn_3m}R9YNxF!0(@Vxdaosv_{@5;DKfs?utM>6%8JM<Y%&K?Ye9=+l@2d9O(N}af
zgvCQUaoMCE#8l*R|FRsMJH+wg6SH|`N)P7u=|DRt8Kl|t8nK{qt(zr$-Ho_8S_{#W
z(_=+Rhf2wxx8&E+&w3+zr_NouVsxUF&Z?z5*p_>odtTp+%dlzeleDfGCyiCtrTs#*
z&icQHT-lK6L}aXZ&mJONU5MiANIOxyeIg`FzcqIG<W)3LB%ak6Q5eerln3DNX%la(
zf#GKkWlGRCdR+50x8HM!Ou0zJWucu>Yg%vbZPUjfL;Ldn*?}y1aTOT_60e6F^DY}s
z{%2db^1kI<{pkU68YL$Zja5*+=Vz^owxSS&BC<YaBeJU;uohg&NHx}zFv&pn(Po2h
z8Sz%weVl)Yq-8lXKY^AjMat|K6pWibRUzrsCwSv89;!WBYm4`vxLl8^M{cb*up{!Q
zkxsT#qW+NlTMMijSy^nOOMp88y3kBLHs>a~c-UAY9=qt^5773yu}r>XW^nU;UvcGA
ztGW75YkBqC{p^#56&2J@lvwhr3;lG_kQC5K1X!mQTc<ex3IDAAEU#&IC5{1J_=HMA
zx|mCBvS+M2IeR3WDv$;jz3O}EXcAIRu;9+6T=dFj4%fS!zGKuV`lK@fR67&o5`t@O
z7LEHF2#j~8(Or+rC)ACI5Jyh#kp|pUDK=i@qIy{2iH{n8D_c@7`C6~#vd^L@x@SOP
zDp#a9F=<|ZMtGKT-60nl(KXN*5KMbZr{$W8YP$G3Q!As;)LI$w=rLXFR#{DF-N;GH
zZaunN-4gLXM)l5)c784nHDbheao&CJF@JRhPhC4&0_hoXnp7WTv^J#IKwd~VM3>vY
z<c{Ze@^w+8)j9lgBtTOkKHf6C)R(sD8mme-{Cr$#$hKKJ_v1QjP4gDz639WEY7yzG
z_1n1qp_N=AI&|&xn>m$UDaP`L*XuPuh*AuxEz<$t4sL`5h<tQ-=58ZEI;i7v`ef-z
zb~ME>cKQ%%4jto*qxEd7k_bd!Z#u27-}2b%T#>y9PU9Axx$Nwrw5$A{p*Mcb^$#AU
z)bnq<xz=ml*tfs#;!VS;Cf&12Xp+&Q)S2qKV-ww^BiSs)tKG7h+wb^@s3)>{@T#HA
zPLRL_l`W32omv_5R1y;-J)+(+P@S|tp&<oswHKIWYn<En;ng8!EO_iQZd<Z}KOd=+
z&aK%2ZkB5+M0M&KPvPVdChoO#d}?dOU-wmoEo-7tY(Q1k7H({{b^9AzN~Ob91&}b(
zX{PQy#DkB&PmezxX3_cM=pH4Gx(s{XTd{@f9$CdzPp#sbm$s2zP-8h(O)}W4(c67;
zz3M={eivP9)iNwBTh}VTwkBzh;;2Qm7rSA}xfU;fmArPCwd`6gdVKG@mLC5}^w_%8
zvI~xKZ2`VM!8GYxfGu70#7`Wy2GI|lRMfy~7XF4@>`*05te&XY@MgJ)jp`HR`op^c
z+Mo(g@azjK8GOTP(jxlu+SwkAJbyS1t9Enoz00`lgFR$OUtupwy{4~qSmjO!Pk(F`
z8IqQkRnCd?y;n}1`erv*KeB==maOLbr`GUBvM9t4D!LibaQU|kr?NsWeCAuOd{WxS
zldHJrgCk5hcOqvTKEmjGKIf{xY-dNMqZNe}i*z=%I>;=lr&70**9D?l#&B2s#mUqG
zl7*FNy+{nXh<xkzo!nrx!&O}S>;`t7tm5d39Zb3VL&mQw=dr6M6J92c_Am7GifZA1
zhA6_358q*X$AP>)J&9i3y71>&gQ;2jAsfVl^K)|&Z(Is4!eC<-OTKI3t+z+eIXZ&J
zp6f!i3P=pl&Xin&BYQJ5A(jW<=tZJ>e|niqtF3>9=55&}yN=FysA9WE@YX{k2tKl#
zzchq1YH$p_+Iw*5WH}@I2hjhFp4@WPNWy)awJlFZ69FB2Gp0{_9Hql`lcM`OSF?P}
zH|*#)nXd=M(zR<hzPzg&Tfh94<&ACx>j3+-(m3KJX{&SI8YgLxE;8b1KJ0*}3_a{&
z9CYhpDZl=7mxBS~X=klC$+ylie05uUI(AHA=cN&%IFd)z5h=5yl-asm6vstIkltEm
zaa;4sUAVY+JcHxK@@dDSie+nH?Yo~*GI|2fjqFIz5d-<;?j)RFTEX7f9z1&EAbNL?
z;+_kq;qu*Tjuckm>FJ2K_C9jGz5(4+M_WtQursCy&)q+Y-hE=YXYn~)J1?A@p4>~9
zDWiGj+z1Bth~(pYrr=an!l^oECQOMUA;=R)Z3K4ot*0_-RYTw=f3@t*s9f}vrYmxk
zk%g<X7|ZGvoS)*&Ym28by=yoZ%oxtifvHSMEf&E_SVatJ{_#ROboJ+~VUb*T?>zbh
zHd^~2HA!QSnLC&TQ@Su_Mh~8x6T}sdmr$7TIj?#5Wz)nYx^;=?=_~pYdvGI9)YY>8
z*b#ht&*qBm5nOg-M=p$RX#~=dXGrHYW@<Ev;oi8kE|-@pdtXXpPEsPa4c}U`Yq`r#
za_e_)9C~X6y<>vu^}wZ^pK*vkzmr4qo(zKf^pbWFM#2r}aCw--q4S+RCSv<)5fgsk
zXgJ8g*`>Lyh-|d4_t4Hmk+$G1nXByDhp%23#i;(ibP<u}i+#`zv9z|1$fO8{^bVrz
z<Ov%5dyvq*3pXwt#Cd_P)@-tFe{HR-m-==Shsvw9=i%T?WyNmB?(k;AWdj)1Q)F^=
zH!cdxVc4=dLcPT3%C$e`Xt+pSyISp2KJF*z`#~DlT{wq3&x~To$j-d=?3wfqs281f
zk~Y+wrh}yCE$zVaJLKakI^yN&0n6XxO{b2$w0I0dx_01>NfQ}(Y6Xw#Q!~lgytJX5
z&*um7#b@71=ju(R=<Dv-o;>r%W_`W)ymPpEs<b2fEh^ESEh+gV#`R`Gr&wNnyEhRH
z&7;9uap(t)>Bb)xM$oVKaJJ5_=hE*}#5U`e@FDzZ%vi?th~VZ+XA!Y|4I54s^U=Fk
zac810{%#SX?>U^P?#z~z*YHY|-O-SUT`PHR%{IP>mN?Ikpi@E*4n8}XqN;kaW9k$)
z%g|Y82c$7Hlpdo%oTupSU70&|1TS=V*G-<KKa>%_wjniwk|&jO^K4upSEYGy<ibvL
zkve{K+yJ_X>|H75^>wSr9<+dWhelglx4-k@A}+LM2*k$f!rp)o{`kZkZapiAC>>ch
z>a6Y&Ixa2dnaied>BLCJPw&I~500Uuw>VnGWyJJt&)MVk-hDkKrS*)N6-l>_fq2<B
ztdsJ%$gtVVK6@lGkTD(s9(8OyvXiwP`to_-NV-lO$=l=OanN`~kJq&5an}|-KHbHM
zZ7nX{#iV^cY`?5O!=!y)bwfAK^UGw^SM`K=NSczaC6?1j+Ac*rw0<AHqbBiK_YgXt
zHH-I?JZQ4yE&8s52yqrB-94KX<2utR$WMIO25Vi|$y4R@Px5Ev_%7UV<3yr;WpE(Z
zG>LrrUpt10(x*(lZ~zYsf(1{M;^ZUxD`oa<tmmsob};<LDa@VTg}#0Jv-Y7mGLVsa
zYSn4$_Uqn~XYE6_9^S$O)!it&p(ovXMRM6gXYuB=0QPMxz<a1Slg7n!<;An;AEY~$
zJBXj!h>Le5lat~J^($uGp<D)EFp~taXG<3KAW0lZm4%DFeOv7?lL>DfV!`4CJUS<e
zr2cWd@zQK*Q+?R??sR%4`Y|$C2GDtpbn4!jvM=Y+JwzgDV@KmZf4W3E`bHV0eYPW$
z*j~|$?c_)4sU0kMKbJ-+c%vx!@w6N^=SVB`tYG6e8Q2orNoNwu-Y?T>H#C$(>-MvL
zbv_wE-i%CYN8Y9sJ~~;zj>CmyH#m`<k<Ug^1Ravq%NTs0ZgpN*LtS+VyUS}u{~Jgx
zb!Tj6G4j#D#5z{+;x`8<4vFH-Xm66Y9cKByLbjhMCa0`~!_}Ugncz)EY6i#3>ezE6
zj}tjXyt}WM-os-V5${Lt;XN#VTf9~o`P7S*PClN+u3Rav82)<aN;XMlr<F^EwzMtX
zTDvN@h_y!xsTGH#-l2}2M{+q{E&=5K>Y@TELmAa#JdPaCWq;~1-q~G6?`{c<>Im<w
ztYu&q8y_t{PNo=PTUH)xHN2Er?L)?~Y_=Cvv+qC^5j_Iw<X*|@<d&yPB+lym68?Iy
zhyep*7#ZQrkv*qac`}!`zb~M#G}O@vK{Tc8;gU~|Q{~_)cE^D%jkBm)2A|ICNY0VY
zwUGBVR?%1D9}yRfttypwzCA@remXB5b!AMq_6&*%WZj1S?99z%U49+iB4Y_HD`Q7?
zMf1}oEx6?7v-)_6wfg>q)c^J@u_P)xn+rP*Wpc7aMvsm)Y&?`tPQ5#OHXh<syKp9T
z4-*Gn4C!mzIi;(ittnAy0Maw$pEyQ}dpHxiN=LGD53lYn=74TJFV5D1of$+&1T!?!
zgJo}T;*}FRs&3%xZ5g;pW1i9}kjDIDOnc=pjbiMJk5#cvbZ6AiD4f%?cxi7wyN(rb
zu%w)Ix#c9Zk0+|Gid|9%wf1s}%xta&%$(4b`(N9~{!*zJp9(gw$e<yi9g{kRGK>Ni
z|6v`;q2dG{JI3ZlAL8QMGqx;^dF%4XKbpyr?(tmfp3NnzGR0tu4z<wW(7=%sxopoA
zotBaG9?|nd6<T%&(e+Zkld_}|&Ya#6L{r6r7dOcuxq%avx#ZH03DNGX{4|v>D{P!U
zD4eQ-T$UcpV54-jC&g@56cw>9rBnvcHcqByu~Q#|Rtu%_6(u{l`#Af&BbePioc6YA
z&i(UdN@b+4+v=CfwQG-*h)dHFz6Eu`^0Er~Uh3M~e<t}T-`N5f79U1ZdtX+q+{>!t
zwNj5x98S$<Z*H{}UtN6(>yH#u(&QvIqKQn=kwemneIae%zf&aRq%FHt9^#@mQz)+$
zkIO~3<F2Q!tbn(d7g6Lb2Gy~g_cv6M)U#P%n<_+K*Q8OR^K_a;(Y>5)nN)NLupFnu
zEBEo&jAAw($fM8be#GUS<co@M=5}-DnfJHw*)A!AYYf-T_2#qvCy415M?l5_uKesU
z#nrCldU!FsS38C#*73)uzhu38XYL*8$N5Y4QKD1yinK-Ya`<3(IRpA8Fet&3z5A0{
zol;3%Z7mxP=SZD3S)E^9VJY8k&g`A#S5$BK?!StH3IZYxLn95+FqBBQbTddu$52C~
zpfrOpG&3OG-7Vc9okI-G(A^w<=e#)o!g+Dt?`Q4x?7h~0?tS0ab$z}%$O1HPL*Apb
zIu<C@Dvza~^-sN>)QYcEwg00^BM|<Ub%1TX38P_eAyHDtn&Gs`ryQ6SCysc2byC$r
znQ#h1<TKh>;9!_bF)vp|hd{OT_D5nv-1Lafmm+uP(@fe+Mei;!YY_y-BC!LwiTJV~
zg2$EM;}Bg+GecE+?KzulB_9g%twHE;?<_1{$?^*!28QY258v<sR(&6#^bbr0ZHq?J
zO7n$k=eSXnii4KXvx{|j@jTATqV(MtZAq(r`t5X0(YWfY-nn((==QyfBZ8|D1&(0{
z)XVX*l^~ICVPc`y`4&qNhRh@l1qWL3T6#N$>8=JOIb{W6p77{!qa-2r@OM-)MpykT
zC*8OXqr`I}{FR3D6XBBv-Z;>wo|Dtq<zd5Sl}4otPv5cK=%i-=Pc2}*>^6KhUWabP
z3&U>Oid$pPN-Y4(<nh$ImA#<Gk!(s!yTTZ=r<eDQUfS5-z1CHnP>9vmH1f%Nlc!*%
zVo;fD4AJ)@O4U@#*S)2?4|EN&?t$Ra=6(!0Z5zofW)Bjp$ry_9uh_eKmvGQ$ITQAI
zAbfXLXZG*eK|9}i-q8k>hliX}xC!*JU;%o3+%M{py&j{3mR2$0Uf!9|Zj3k@%ktIU
z8l<ra!9WGh)_RjD2@<OBp+}!=>T9X2_3L9!ED>ZK%IP?1j{-q&0K~QH4IEd8g7Onn
zrNEZ_iu~^!T)O_-TCk^S3F6n!u~dT_p5k5dMia0&))sKgVU>w;+#MgN?Ko^NuUBK@
zO|K#6?@^{d#^UJEci}Ln&CTy{8y7=|Xr3zHqbJvvzR#DODex031>2^b8MGYcZMp9*
zK1pOH^XRH^rcwB>v$B*CA>+TCrv-+FB{|Lv&R>+2cx^PRUhYP5zs<5NcY0lVJyY-A
zWO8e`J#goFQl*rXR1tp=y%+0DFm3XUBT;qECb{HJ(X%D`+w$jn{=8GJnL-@56fH5r
zqGp$R_m<f;Eq(N4Dm2c`+9n!g19&(~_!}5JHTOD7iiCCt0!W@4E5C54=8wb$@JA+e
zrzK$OlFik9nI^-SqHgKWchBez;OlmrLQMY(uE@38NLpH$KI5}Xakww?su)ds(s^z?
znHu<UV*j%Gl<<m`KC5nZ>rr&q8Jq`FwLD3IRgX$YV9RXLRFIO*PYs*KYq5NV2IK#f
zcS0u|@6M(dcJ2m13a6PNBvsafd69awJKMELVi(oH+>YOaC5IAA(<Y}`?)Hf>3EicS
z2EE?OhuY{G11=rmjjZ!O-ZcIC4xa||=&4I?r|*mb)}+@($LJazpMOGzUw<XGO*1Q&
z&s6ke*eqCD&-mPz9)`rE>)a(o{a*Gkp7gbSICqIpHkKgdXi6wLpI(;8DJzM{x#U0B
zN$#<lBkI>Q20+BU$WC4A#!nv*!)P8YCS$&R+Q|U&?m5B7U(vX`)rLw`lS@zk3U{v&
zV$k(xOs^U@>V;A{HtMo~HXyxXhpBP4u;tQ#yg|CQnmb@wS>=?gj^Pu#Ve8^V??Ps@
zAJ0!qlZ0KTVdAi|YR<paEmX5DK{WL3RQ+C^hBj3RTG{d|BGL0aN&8!T7-d~u5jFJ;
zkDZtHrpNt1Pi-!~QG-JRtSDBW2HCvfYGYv=fP&X~)PTXIc#P=z&GT;n-{>TX9T+%v
zI{Lhx-=pb#?PCIGZMGekuH6|D|Kg;8^!y=w-eKQRYfHP-`&Kqk@7(PC^@*Vq#twIU
zn@N#(;lA{kXug<^pLWCSY3@C2_g70x0i3;wjr!V~ylB7QOU$v%$A@ZCz`!AokxHeg
z#^Fg)?fTkL7!P_Pv;Ph4uW_!q5Ep#i@4>7mU`VGeJZs7NsMfmTo2zZVa)K8fhO}*{
zjk<d2@s;Scmh{oOUsio{YU*SGeXCb5xbcYX)rBMR!y{Mz#8|1I$e~hZR#B)i&R*$Z
z>$mkarY;w+>K8nB-~OqJe}qCDDf-E3-A0;ku?4hl`2^=5U$|GF3yj%dbsj}%=yzVv
z44L^J(-OC)&M%I!-Ne@4q}l5cj07pQuA((j7I(Z&b|pJ8z`Kf|F&%5B!>!)o8MUnp
zA-TeA5)Ps2WRvK<IQ9I**_h?uZ{wkSe;{(L^=3kTi|&}uYg?M)D$)sml(~gJQYYUo
zvnSBg)ym89UkLmQzWZ$0Qj|4@vSHnQS9E!=NwxC`+_m1`bt|!!(FOV3f9@GLI?RFw
zL#fWecE(+Fg?3kfET@T@G=^LCR86@oBcQ9X=$WBC^l4GV<(`0+)v{Z{YF&Ob(5!Ag
za#P#B8QN8n9KSgc{MdH&3;x90{U83)W82qFhyMexs(vj|2Ft+yc6N_<Vfai!mV|J}
z&&K%9>|=GV;@RhA<D<hr*hR%M)e=GC1qTVcRcj^Ujh@5ax_{OFL@W(3j25CBxA)R_
zT2^OdE}6!AgG+wpXrvpA8bG|UQEieW^be!<YmOhQ-%6yzXk{DGD<<|=Qsc`y?X|K1
z96Tq^Rwt@5kJmT7&|nWr+ZA`BL#`+fKHJDWHrGdETf@k?!yg~|?JCIo5|-OOpiGC_
z>@mwm9hS0CpwDMrjO<B}<<?j+S9eg%V<wHpVLOI*`C7{$%l#1@wAF=E{}7~%>?Ju0
z3FGkjT`dcU+!hk|-eKR=;v08bm-mpM@h$`2!l1#FMa24vHcT@veMgsfhWm0BC2EG-
z??I1|u`ZcgYT2trgL>jDxGuieC;M#WEn=xjpX%C#UkQK-9}yQ%-WO8~(xUVv1v7Mu
z$CJ|t@9GeNbH3@G{Y5<jmWPF5?q@&_*VFWiR9_~rS$;Fq9&=IA?lvL!ZE|+Ltfn@d
z2&1@XVKC%89n>8MC5VRN67ApdNBXfXrf0g7`u$XnYU!~8*oA?(w6Q)@b4@ne%wIH5
zO|FdRQAB|dGn9$vo^W5jVw18}K2`U?Gd=Vf--seNl)mTd?Vded<=_KYoXGCjN~!gX
zTLgPJs4J(fM6}?$!9O>CmHTaBzc?l8w(&z9N&|t{=3?H{F3Kb(Hk95D=#ro3^WNMe
zHCYvYVj*EvvAVbPh2i3Xd6kvF*BX!1MVzDB+*|j*?s-)u>Y|q(Ud0c{pJrW8s;@^^
zpyj+c+TXRi%_PoQ^8x3p^UTG9nX%k!Kb<<#26QWwNW>4$xhDR*4Z7R>WoaOoXE`2=
z6|Z0ixMeXiW}dB0_diYRJuFlcKG+#ZhWLF)N9r~>$pD2EMDtGR!Pd==2WO7dpYzxI
zdq<;}Dwc*V>)cdN{<u{9Zrg}bMtBj|ZkeZA$uXo(OI$QR(D-6|h>7?ap>!GyWUdPA
zHnL9a_wj8!<CCW|dMwK#rfqEW&)_{dz^v#CgPTXq<LdSP(p&OG<Ls2$;HuuK##U|4
zi@W)We|LrAJN(|I_0KV*|JM3)$LLFp`K#8|CDdczc^*9!35(81QNC_iTJkUccrwG9
zDD<{d&ehl72lLYVCyUd;=E%(EyJ{~YT-frObjHuAUix$Qbj!{hu_5!6yljWLXzK3E
zHOZL1e{)k)^F2sSY8I_z+l6beXVIRwvUq~30LZSt-xmF3r<_<WTq9TA_&WDbXLjL}
zU25T1H|~6*y1sR{7R7lT@iY3>y<Y9$l-&5*V5hJNs%42Peay~)zJP`)AAmTZqrtEJ
zKjI7QJgFpV<o&Lv*|mc3*3b%fOT*z1r}7Sks-q&OzRCy=^)ey}5aP9F@%m?o%i7&D
zBO&$#hIE7J+(}pDuTCM}>F8M+P@r-6TxD5kpCr=DMO7{Lt!?yHg)i=|p{;=g$XH#)
zVwqEvua1NlOLlB3BQDBj<AsO(N~`P5M~E{!#vR41OYv_^UA%8<=&)2L{5rM6fn<dz
zvIbGi65&wi*7;ZGe3CKRC84P;*Q-BKRU~g$=fSU)_lde{hj*S*zQH4Bsz0?}x}JL>
zlQ=g<mYrh<u3nX<jzxeo9J_)&U8=Jq;bu1V68_Rp0G2Bcq@IhUTE87-XO`%dN0FNa
zZtGC$5=>p=Vh83k(IN_SxE|jw83ZJW*5I|6J#m!-vyn-it&9JanoQy${k@eVG1#6q
z#)Bl|u9bi&@As`!J!EeY#iW8%zAQfz_1CfbhPzGEBN{=NDF0CZ2fOpVSXk&$-tH&y
ze&CxK+)5DM!IPQ0RqB^kM5xr~C!z;juu1d8`2^kHnRsS;@JGn|c7C=(VtHPE@2(1S
z%}{foKhPHb{J#DwawHou)Y&GdW*2c2mIdT)MNll@k$kZVkdx9ULdc%2#>^p0O6n*?
zq~GZ$b$~n+g%vxmIyr*$g+2zeRB*B{tM}yF+$V3Ebk$PE*p#rnXF9W#&U{<eiX_uk
z?-2()yTx+thd&sJ1EFAm*sOnZXrZiCsgY>xplr{C#AKLXlS@IZgys@C+K)k1=*5lm
zQj&D7lhTG~JgJo*l{jk}$tZfb+Mhepe)(@<ORU@&QmI$Aasz=_hoJks0Cx3<S?{I0
zn4BMF#PSz>W8WKGj>mXk?)Ac~JbuSi;r+;*VPqQblgC>Pw!?CH_^p?V_hxH-p3mhR
z@!w5XyvHUjtr4(^%~7OEp$<+7iE-r$EQ)p&m2o@Vl{6C7DvP2yz2&QP(72@c;i0ch
zE9pH`iHlNBUP>Q<{>pyBR3nqa+_0TSwXJ$w>~)E+=Z~$I>20D?c_SC3dq=maJ~dWP
z^kth29ZvRbW(^;23ml0VhYJ}2I;JKFLLs;-i!WP}7TDrChO~H2D7Sf9Ni+$9wkMkC
zb=8#rMA%_0L=)<lss9~}h#<k)Jb4FJ-rekcfL+JM&xM8^_6WB;C*v!9e+r```^Olo
zzAqN`_F~<_>m`}Y_;mq}UAAMB+t$WQu_S?y3D&*#su$a%^in~u-d^-f4aeL!4Uh`j
z{a2^D+ed~$mp_**Y4As4Yj}5X$m78C*X_G0rj!D)`FA8Miq2o&FH8*PPbEsq$bh%>
zjmeN>u%lNJwy^G=&@yh*yZ;W-5||xC2|@xjpz?;md+0l`i5P~jOqrRd>&CN_6Lctg
z`j^BIy1)1bz?qeE%~|zjX}gILZvZKY!dyr-WMejr(k|0ub?@0(IJVit)snREx8J`f
zVFqRRX(=;NVJ)BgM2+O3Kvn~PcT7qo8L$#7D+ojHW1dKrPsr~^dc=>@9+%sEQp~y{
ztMdn!G4qP3>-I(Pgy{$Xzw@kpHM<xnn^6@s`{QX$%^X=zW!xapA2wP?G-kQ}-$D9V
zn2ldx{~#MpmHhbKv5)N&={-<K?7S_Elu1y+N!-sAv&H3&=Yc6ph9By+I|*aFET8Gs
zm)0icNT!5+b5Iru`jCvHC$qiMP5@whQ-8XSm>{JIzrV^=2Euv6bP0U*TE(I?Q4VDb
zkXSCf1pK8kUJ<A5-gMo)ty2Oy6Hn(ih^ddWEv{q^)#&)X+9o;8qx-LEY|a+Gx=u!-
zm=%{{4{??V)UT4{pQGsm!Msu&^x~(*&-PktNDlo2VhIwLd?66L;}fN;O;b*y8h+nu
z#;9{S(+e4^atpopc)pE^s6NlurqVjTPfpxML3(~lkk-e&7pq}ndLDKXiWAt^XV$OX
zr>5AE&VlcNjW-oR84CmubmvHjEJ3_SXkMGJ{PG;VzDH?x`eB!s>+R_x+;iZ9sftzi
zZG_Q;#)ys8`PN!Q=9LG86|{NdvZJEeu(U>a8IZ=-<H}Aw>YQoZTj9&so2)iX{h^31
z_~EtL>igg-^nhNa$HC?=_h-#Mm#=QTtWL%@3CPy9D!&bK*P{ErR26bfDjfbbPQ0*?
z&nBIm|A1n`S?hU4UDz4oycf1qZwWwkPqCb}nGvK%M!mDjNE_TbH}i!@$CbUak^ng-
zAtUewvF0z8QNP%N$0aGD(Rdr0<`5jqpL1Yor`lzqpDlwIC(Ru2Q<0{D6@9t<)hFgP
z&bRVZtb}hcK1ae!wevjVrWa|#674DHf6Fie>P5ryv)q-_W}=laknKpAt5aIH5;vph
zg$nMo2lW??+9y{nr(~P@{Zi=%blwj_3EOcEt)I{!8H=iwW`;l=%Jo%0cevL9gQHp;
z+HmxNd6%@l>9}2LZ6_Jj;SW$?gQ{v-Sf2RV62&vl`Ic|IFbrK!>)mpZvSuCig$<2_
zdJ2dMKo5YGI%hK4UTJV)o-m&eyYiYqXy}M&O*wCx7p>9bw*DfSm(dwh@;>T?|Kqx+
zS!F7za3&W7I?gegLuJ_|Vr4*Z3T(_2Q5K^ex#RG|(7V{@=Gk+|t0iu`hFyQ`52;B%
zTtja|*<ZPt&aQ|r@(Ror21Hr)Ofrm2JLDqiJxy0XJ&1CI2Mu1H=wjJmWU3iI9|#33
zMYkCVL|#BGo2$j6DrQtR5YHN;<;2Rw8oxKF@;6uPGB@BV>^+)Gpt;BLFOZ%WyXwk9
z@J^6G-tkz4nR?VyddzQGTW~~BhGBjP#C(TC>NT)2m1+D=$f;bU!G~uqe&*BCG3?Gg
zfV2Bp%*&z~E1Dgt6l}#jctHB5A*UF~3jJmbU}JdTg1}cy6)^P4$b8Goe%ku=$LFeR
zbX9V6YYAvo=*)K-96!%2g?HY(PV;TzPIjuY^So~-8+vmVcNePcFWn+!_ORbnb(70!
zk4)?!=^gOA-aJP22~E)Z=J(}=_a+?B`X7)|QGU2#!o5Jb#(MfVe#E+<Hg)|axRoyU
zdvc)({5TG)4>>oVKp<p1IJ^tbH?{|y!LOE@9Y}8_BqTLWojh9nXz?JNoBm{3My^X*
zj*$rhX!7ngrA_CUQQ9=)n4zV7Rr>%>oC;y>tBZr7pe<bUawl;v-}JDBBo<#0w(lww
z9#tqkIwhwA$>O%{)cnf!BiG|6C3)l2ZHFsad~MWV!oJ1hJcj7w2=2gcwmJ6Y)}B)1
z(Q#^lP?ONfd8><RcQ?2!(tj{JN`P<r9jRD6+oI~pSU)A)g3#Md^DPOIuxm^z*<wbZ
za?Kf2?o>>#-t##b^}!!Wcu<yI#OywCS9)IP*DpTBBjI@xBql;J$jirgAIP`L%b-Kj
z%RE9ye}S-}vWwHdO(7+^y34m6-l)8{<v`6Ej=@7vckO;igWo-b@E60%j8^w$uf>@O
z7p6@w%bU#XDg;GO&?t59@<Q0w4B-S=883HGUJ_H-_w3GxT}6Co4-a;HNX7+_W|31%
z2%}c-+%--n)D8V{^#exhRdTx3zJsy-yD?Dz@Ee$!A9lR8XL+=z7fVM`P*8o`-zX*e
z;0_GY{&IotekxZCFBcsXO2k!7rJ1AM**2S1YF;#M9^draZz`uL*1K}3@+1|ouy6j*
zUEZq6*%0+HhVWb-tlm=!+D94cAHw?<w?E?U5eF^lb=J1*z{gb;<o-R)G;ac<i#kb>
zV(N4*Te)D)#b$w^rqVr?>DqmxTUp|!%XHL<A!Ncy9p?wFN*o%Qm{6eOPQ%unY#*np
zQ<S%}{=spf86;a~$+yk?MP%*!g;A}wP@ai@>J~1E^U--(eSje&XOw_1ahI#^D8a~8
zSBwYM%b|Jw0b`g?x$Bx^cqSHihmKmv*LOIa%B!s~_j*Mu5Z#EObK>gVoD+41nj_Q3
z_SX?VGZvP2y!9-#f$`~p?#_ke(Pd`K)j4%H?6}DLqTtESUzhH7+aKh7c`IlA2a+r9
zrFBZ~3CU~{rh%ukMI@-Z1J)1C)v)L2{Qv@0KvA=i2fQ%1HuF1&i0k$;SK6)j*2F4Q
zlTs+HGo9-?aK8c|Y}II#g<IX)o3Z&ZU@@t?-UjwbHj#cyMzhhMgrceIR7>O8Dg<6#
z>USM(Y5(deJ`)E^abP#!x+XzEu)eU?F_}MXWcqkFJck{bs#b7Anj)yqu6yTfU$|xM
zMLX!|iCDmETK&+*w&yfKXlu(r<zC2;#%f3(?RWh&!DF@9C~_+AZo|7@qbsn>&#@j9
zH}UbqTBuE1FJ;0`_Wpq<X*Im|e1Y51%L<T+i$Fz#N=<XD)JjiWa*T+wPw*!^D9sNa
z*r672noPLukR~4He{~q?(*c6sR{|AIPGT$|Kk2p*MH=4db(Cy4PnEoC(f7z<x3;e$
z?c$uxe$_aJTk?(Zy0Kn`S|=u>mp(l5Pj0i~%$U1H$_pyaJd@qYLTbe81zp*wDJm$;
za3a}!ZL#61<=nTKKNW9TVH0|oqL*3s%~s2^1Rv{<3FX+=I-D%GQx>S@v<qKTLj1^&
z;yu#8BPE0N(tCdrL*9c93bWLFBy0!;?8c9f(Q3y_f=t3j>lQ5+C<I08`qioh=c6MV
zRRtntAsnDks{kLZj+WR&VuUmt+?EJ=3vh4lMrF6OL~Y@=_q7Um<3z3Hate1LQ$`-D
zDbqv_c{RK}z8y$ofmfuL8g@i)uT(uK^HHg6z;c&f_1c8S810%UI<TXxbnxRx<Dk{H
zbqNTMG)T?q+$4)D7~C`5N*#0;<{FfCZ(i@LOyYQe9!MO7R0;IG_8ZGlc?*KzEw%(E
zi8W*EDl5}0(jr213YnIglYcwHBC2iVoI(%DhOe`loRMdrE}VqA?50iVPSo+1JAcs9
zzV$7omqR#C&%`x}j2ZhMuyPPGN&7c7d|_xq11zdJf(IKgq55TF9_<Tr$(RtlU^JUC
zA_YP@37Ne00ix)${=GIA0k<cWE{^4-^oq|8w&PnZ0vsrn;-BvhI%o5O2`~s|#xu6h
z9dF*uQwx!XTm0P&YwBa!`1HY3sny8H`G`Hcxc#Ldb*g(&W3H+Zsh`YsbSWg^S<maI
z+}JqAe=In7YEB~*F@4=@O|G)$ESCZCpTYC8j>y%{IyJ<wR74}{{kmFy*Lxz0PHhdS
zl5}tZ8>C_<o7A#^ZMf*5es*#7)lF}EyhI7Bg^madDE%v3-9MaPgnS3Jp=>){vFSTl
z6E!jy2mIA{UMk_a`o}}%qJ<nl+5L=#z>818Yj0x6TXA=4A?t?|ZvK+Bn9}t|bAp5h
zx_vIf?t?o@lw|=~%kBt@={XMSwr2*LE-~ZDcK3qUi;%-7GtAxX$J+~Ov2pX84qfLp
zZ8y*VFbnUXhRNPHy6hx5Mye`rJy_=Tjgi>he`%J8D)j-MTkQ&K3cFm=j8KuuE&tmz
zoG%$eFd^pMH@=k_9T?Pv$WoIX&s!GCCmTr%76aH2$k(oKGkDfQw{!2Nbun(&V>C9u
z*F{U00?JSaJqcxMUr=kk^*?cq7I>4amc*r*+Ag%d<;c%5`upA2M=ENvQ63#**O8wt
zYdBO=wtS=PYA?>qmEYA`$QN^(=M-P;qwf}Hf1I#SFiQLBB;z-@so{}wwV-oO5G_Q*
z{|o5Ka9rOIqhZ3;n^N4Q*o`Vq(BD@XG*GU%daeqvC(PB3F=6dJ7tk&dl0yA;OBhV0
zq%2@&`3xzjH7O|BS38^1Zd*79?SGHEOwoNZ!tP$%2l(=wHpwgG;A-c<&zehq;382C
zk2}}R+(OVn@0V*V?o9K}Kvlsh*X#N|2%5ZQ)<n6;#Ldp3fC=sSYKl-jrfi|L2)a9x
z$zQ*HF~l)7ks=#2`Uw;&A8LAh#c3qM7kM{)>sitKv+EaZ&aao$5s==O3?7-(M~8P|
zhQYucALtol!r}p7lUQx>OgwRo2k)^3@w|-(K_i*Xn?h^qu_w=r%Nut?FEtXSYJPXe
zpW%+$IZP3%3auRXeH+#}ye3PME;Uh&h2Ac1KK^;k^Mg4pBE2rx^{VW<Q)yG6eTJ$}
zk>+SjhmUuO@)0+9F>L6ZGJ6uXsLyrYWiD~tG3nd2d~`OSdN=MeE(O5IHMR!d{<_7Z
zE=cjPOXUqAR?8OT4>UMM(@eA#Rmh~{ii9n@<h9Bf1Fe}V^t2n9wS1wnHd|g;wP2(<
zTYblTk0+zkA*`<islGvvJDB#tO4iP2(k8&}nKu3Hh8Bd&=DP7;acvq6H|K#WLGp!*
z%RxvTAm_NhZCYS*yqtpZDRun=D?@Tlv|lH`S}CfMv8Z7!$AOY923H+wSk_rbuWr!V
zMlRdXI$*%S#7#Vi|9BRvJ0h&5zYr<cy>qeSVj`<oyG!%jnB1D#Y3cdxVXap!eTa-(
zV3dm?Cnt}0n`uA9=vw+zVED4x?|XHinMuGZ_FWlBwsV$SG-+M6G}0b#57-ff7k=j!
zv6|PmbxPl@^NiBc!q#EVQSe(zwJ)v{QqI8aW1Y#rw0kU#{$dtdL*Pl@_XOVv->0_B
zyU8T3duKpz7pJzJC|v-AMKh`BbSLb&pUfj(c=mFULtMPbL|fBz;-uOyyb9FE+4VNJ
zeT%0S$=bn&(Zi%Ir=Kljv~Pl<pVS8~Dh?}DHSJk6=UVPQo#8ERgBc;k#Wen(g{CI{
znYx-k9L6JpgjMTNTn#tJQ$~y%ZI@YmZw474jlpYf$U6*aygTo%lQ|U4Jm`kIPOKaX
zfuVCG?2Tz8A($h=UD@w5*qgxrrA5UDKtyD?Dt7k&1e2faVjsOBz>{|yGKkcrQY4X}
znA-3nNPMNN{!$4!2=gj6^0&lk0q|UFdeHN$TzkH(H7de>J1Diiz4pmCc~aA%Mw-b+
zuQw?4RHJv_$=xpchA;N8r;uLM`%z;aS)P)_O<!+SDAaCAL?ELiO7x@4@VMHDzQsOj
z>0;t0p_X`!(MHLtAT>^KQc$A=`%QP4HG$y@Z2*NDkN|&2wLE<?gtOVb?j1AqVzp<}
zp=s)P+>RsrUP%64cgNu81a7Rwd`|2JwWH}BfZACth3U{pY;v5!J(j{PAcR$71R);$
z%cnK>^d98e+sm>(Dd>cJESrFPAZoUGsRi%Am#}xxnk4OAT}(RM3&SLd4uz8n?MW8M
z+OtyMZHm$>nB#p*xNa?Gg}plAp!nVQ>r4Ocjb+_6>lyv)H4CmfIuOF}(Xm3|k+4Rv
z#Mv#M2szNpD<r$Ca#C`xODxOeG?p6vd9YS5h?(Q36y`NuBiGE{#!ZN>f#D|Ta!6KZ
zD^8G0^+A{lTaff;x;4)u9nTxZM+^FR#I5rInHU*2ZA=qaM5m<B$|Awi&BWKuM;j^(
zOqq$g!&lH&At_E<0=30wAYDkfs_)2Yt;t@JSa_>K%%aDPrwJ8nloUL$*;~y~DV&Kr
zI~=lnm9XMEiYk2vKHHm!I4>JAPjalx>d`EbS9nRyKG)mqlgFbdTXjzoiHeAL?{!yb
z%rHdSC${C0dHJt&(Y@bP{Bez#`vljs|I<W^rQi3gyYrszdClUC;vaN}rc?mZsO18;
z10TWY#8y$caR;@wY!*tdZ`o7r-ilK0iP67sq~MkotC?-x1<p9H*K@^b&A2gt-=D|d
zaW5WN%Ret=T&!@z`h_uSIv42S7V~a*cc$rd-0*fbVdwL2Qv2K5S&2^*6AoMMag0l2
ztM~dwX_TQ33MAg=;bwoMu=U+-@XblMHoH@sVz$?m1<4rE9FcZuV)Bpr^j@2pq_LQc
zF6h{6_FV?d?AAboXwwhTQ4AVuH9&fnpe~Sa=5Ot8W6$g?>``BatjteLj@}*;h}_84
zhVK3C3Eq^g1N1P+L`>EH2gZ{rU?r>pnIxQzf$fwcnVsjsGaj~`KUCv|ewfH#j0nH7
zwRuC&nXE9Q`W5cJ_K9-`Wj}lp*OoYN-|tW8E1I$-HqU!i8KDQ!|LMkeH2gO8^}$la
z%RFcmqa39yS#o2O$ja8H>cv=2^X5e2FzjZ$M#*Za-jVh7PWq9wx5!exIk7ox-gUKk
zr@2b#8Nuk^i{Wk~qT@?wFu9o;8S!qYuFuB!9-V;j?a^mxkq=A2pQ$h-2DbS*p;bnA
z)-^>k-^P`73^qrv<V2L5#`V!Fg6E88KBMgF8<Ugx;{{w&w=(4phO7a7k#vU{%#FRj
zTsI;ntlPH!3()&;y!*lHBBGhx>juX2?fg(`z7RQ^?daj4uvV%GVD=X3X}qYk%8T`6
zNWM)FEJs=60<fYsS~*vTe4Jlcz1ZG18eIJuZC(X^{2p$*DeA?-Hu~nnfMBd=udPeY
z7Rcjc$aeOa=p;Y9;qtBJx6mH?)ovDd=aco_Q!AbZb9_ze*54+nbw?WznS^3s)c#P(
zmWSoGDR`*#*lIQ8n$Z7(mb%`3eM2UTbdf)$iAn9x=y926X)ytaMAxp!SxMq79Ys!l
zhf$y7gmvehj_uBO)}Ox$lMiSmF-D2*Y|TrDp9KkpBYy9q`9H+wzksMxvSr-=QSEw5
z^*22S8FC8@Q!I*d?l82%u5J!YH9VbOkdXFY7|8d){<d4M_Zf)`yD|nifkXqVFr_~}
z!bcV-+G14?l{y;TJ+Tw^ogwW~l<SAov+`%CV<Uf6uA8%+VbGz$CtovhigBZz$ufzs
zdpQ>rJC~?imVo54$-xrOIQVy^k77%cVc<Vcgmf=F;L5{wOiA$d8q$o~O`u0TkBfcX
zK$v8E=kEi5uUF>BgtHL(9V&_u{<7h}cAZpI`j(wDhGy|6MTU7*ylbGL&D_CY=lezL
z*eAMcvRrTMHnHN4;LOoY@uxLwQh(xyqLL-Mfj3vqAhP#4u7~KYzPzH#s#SS1Lte#x
zag)D2Cm)E<o#fhHFzNW##1A(_@d*fk_pAkcPT1zEMc(%w07w%_1Jx90FZYBbwH4mq
zM(Yr80NmrGSlHSIzp6OCrN@-v`M8vbVJLX|Ers(9tS1-H6cM#p&E7g>zkb&qb9U*t
zk~+1sHzF}|+hjl9@ROH)JY<qf(Dii0$S%C4b>y1^MSxbbUn<|;ZlR(8b$<?XRl@zt
z8q}Ac;Z?BVymZUo?^oKDx#ux}0w)8hsX}^d>=-`{Jg5dXJ(b!PwKO^)a@Z`2Tpx1!
zlb4L|XIV#jECIF++wq-R+ZU7J2M>t_3wblVjk-8N1X2pfa@c~nij*kVE`WTN@mi5H
z4tH0svmBG`8ZcRMFlgyEuGfxxZGxs4{K?sllM$M_Br5Yw9pk<!gqu!0lmq0r+8#B>
zlc};bEUMPiEB8-gI{i*1<mwa`>}ymttFbZodlr8e<|;%p0%KHDsm+FNcai2c9Bvd}
zW@C)`eR~5v9e<}Q3$Yu;4-43;<XF7*1Dc&PkI&&AdPK_O<a(m1Opu0MG1b1T=v3yR
zfv@)ktQL!Nlywhl<I?j#+*-L@*TcV#{UpwHecb%4@ie8YtNwlHLG+H2Y~<e+KBo5;
z7_Aw?eD<zrFGVUPhy>&y)_!3$_KbV{ZOz;4Y>O(cvcNKk1?q$9%%o~7;bwLvO8({G
zw8bh6zwbBn>(2(_lf?nCb*-=;rB9iUK`+<&w<l9Ji^z~}6(+LVH+)gzl+uz^=m}eS
zatbvgFK(y35%Yz2F}fA>=PKIv3An;i;W|2By5^-`+RwoxEv@<XStn*=IAUzXfP69f
zM#{D|Bvv18zBq5w9Qr4QSozBJxWCDjQpc@IpO<cEi&ICh@Ci^x7}fh03MRHxg=kv3
zlxD=8r&fWXs-~Z}@aZC4h0zKP0)0V^_YIWp&Y4P&xIYm>T}Tl{VSmv?!m)_?8=h8)
zIJs~4c!NImgu(6+-}J1wbo{EIOfzv`mDpCkz~~WJ(gfh$R}d$dr-sZWc}Ih{5sjU0
z9{!R9^kB}$=>7qhM|#T#x-Zk#;p?&9^s&~C<}jf77vAN%QrSTl2}Lx)tbQFBucP4(
zpQPC<E*!{G1dF=M6m6Bzk;yu+aw|;gtie6orT8qX^KPf{N^?V3OGV0*kk|X?yDzbw
zU0WXVBBfSp>d&AiV>st!8x3U|ea?96i>+zJ3$8}<R;s7uY&&si#R0tl22iWW81pZQ
zgarB<y8Uf8iV3I)OhtPMC;V;qj<q;ikje~U$IP1}*4?yFzgiOo?@PSfE`bwQU+d~j
zmn*pCFbk%SYVIbpd)R#m6qLg|SW8_eNN_5M{qc!rO+@%~v6sbuh|@wXts097;sF?7
zP?=9rvDY_t7ZZV13A5~fIozDmi93E0ZWpTNZJ7?2Q@uB=(?4-^NCjz)G{$|l!GfaL
z1Y_U{y${6%Iu0ZB)tXGQiaz$~>HXDAf)n^Fj@mvlI^t+(;ukKA?>A>!t?ZXpE`hUk
z&XC#?@s2t(A0;HY{!=wntx@rs0~+0alzsv_Fs4h~oy=856oRXRMFQQIbw_s2^7&I>
zu8kYT7d60^f@OE<qB`lbI?ORU_XtA=O`vwsL_#CEqMU~}#ZzoSog-s$6{EyIzpxcI
zQsE3cUbi^YXu0SeG5z60DAWyz9Ek49ih%P)Lf`O>l1EckjznNc#ov`jpPZYtiT`*?
zBsiS^&;4bhYLp=wV;!zaqB}(Z-qE+mTmBp(_a>XZmLi<kEqt+2kZt>|zMV8(o3_dH
z#Xk<0>Z~1fb&1$$c&;6C_xB;IPgLi8V?CqElPpiUZ0clQZmJ~O4o+@#>L~aj9`*f&
z+|jU|tMkK}Pvn9w?K$0ywI{;AW*M`*H)}iGM@33ae<b~Gs&P`Zu)CUA(ty@*Ov7Y2
z(c|Nd;b3W}!)=o=`}$`tunVD28ovX7tGC?-^$u)6`_vS+y!&Z~y9JVUo;yJ@?J;lQ
z7*$WC11DGtuVS3IxT!odEY)n8<hbRBFICOBZ3HN_X%XwBF^rbT4JD-6&<N-5JkWq#
zl+k}`f-))x+14U^%QmqO*WB9BBGCFq!$iZA>wY^%hg%=fJ)WrrP92j+Nw245=HMxw
zJ1x<hFpAHsFr??v?w03n{kqIxo*hWqYE#_%wHh&iVYBs|&&JQ@-nxa&z{5c|1r#-E
zyLBQpIQz$)uD3W-iM;TA3Ou+1-MCw`8#LYK7hyl8i%x*PcuHz+*89rP{Gn(mb3g_y
z+o`v&`9-Xz_Ss_$jX@pOAaNgPxN6{&<pNN`qqs5Qss^ylQgS(6Imze7=4k9(@UBp0
z{Lb#S_DrwiDcM?BWiU44?g5-el$y)<mC~S8J=r#C!YlrYlCgOp!~NE#gxX*R2s4|b
zXkYSIU9gUiczO*^4t7ri%jZ>+28J12{WfvIH|AJtb;?oeUOj~N5glGzVMOpI&MGhB
z&ZEIhgp<8!x{*Y<<VG*4>+wvs^c5fELmTl8s`%)jxLyDXNq>l}bLr~0-YGhZDlspE
zx7QFc=^ah`vl>F6m_e(Lc9F2JSF}$mus$V`H@C{aRukm_Z;h*q=|L^pXNI2uZ~gY0
z<k+w}p$B4Fyf1p%pHyHaA5XsqQ=>QmDQzL(kNysBtVrG6)jE_Zvv+FW784~-w<eSV
ztJC!3-K+nbiu`n&r=^%d87d!Dga5afELfmji0pqNlRuKqzxe+b{y+M7el7>Y#%7t*
za}%h8ssAy!*jUqF&)N@z(aVq6Z?n$NxL(}Ll!u8vI3&w&rfMae)RhcoT-#Y&kF2%P
zEkC{ro2do_wI5OB?jvycclm3+aHOXIxtk?;Ld_VAJLlg~?*^G0k_}FK<(D{#Pcs8P
zA$%X+**2pY>{H$GOJZDRlnmytYjPD%whm-I`(l}W_5)w(Ze)2)H!pM+WofWgI@yLT
z$A;W_xH8dxcuv9;5@4b##`K64{BmuFZsq~@r|s4JkEW|}+C4d*G2n#Dy`HkcjKPDf
zoNwTh5Mp(nJ))L1WD^fE-z_uFIIgz)`P}5>qKYm#@#N~496rVFab2STDNgV*z607q
z-fDA?to_O+tA3@J+lbHZ6|$qHd%KpWe*BqtZFHvY?SJrn#LB1w%&k^MGBQ;-Az~|f
z1FnEPF3A7!Pv{#CIuflWOg^qJjQR7Um!4Ynql2NG6fneF4S1oH2@$bUSV&8tEOX7<
zst+^bZQw<8+<~>MRv$YCiZJ{_&X~lzs=WC2H>DoAF}Bw;kI{$DvZ{MZkuWwfpzP`a
zyX{c`k$R#1#T;x0kcn^~tN=yG_Djv09vBI|DkE>2U~VL)Y>(XO++NYK3>(eNpsM@l
zF$AB*yChE)QdB<+bxAyR(91h_e{oLMS>hVPTaF+B++5@ZDF0m+nSJC?8TlzKJJ!;o
zyO7ZPKPl=`^Nan?PhS6JXe*_-^KWFbKfJ}1bpLtI))Vvg%?{3P3bTG&ike_<--@A?
zhyhN8e_32KsXd!fgKyz_ok!-px=syc6;xNseXuylja949si<ly#(~DlSTq@0E2`rp
z*0uWEk>O=OzqtAkAWq)Az<1`Vn2$Ae?R{@n|3tb?P~&)h74`h_Ot`t(Xvj$Lc3(v%
z%4x=i>MU!yh;dZsgxpC99`DlP@q(W``sV~%aRWYLswMPpxrj^bIb(Bz)YzDFO=K_z
z@@lWfNw0!Y`$k<jpm8WRxF^qLoR43%sgvRQd?%?ZuB&{r+1rPAKazo^43^E+CY7ZJ
zC+rO?Ru;cq7YS2^YS(mSfYG2RLn~3%b5GZYq8y`h12OMK&LW;`J>FLurQ{0BAC`+Y
zjI;+K@nJyV#f=7589%u$x^eOaIYZ<?u10h}sK}AgKI^U~v8GVAQtPr#0XwXhgCX!M
zy^nKux$5vn?KeWv9bR9`nPKIQwu(TQh|cLXL}sPf{VP|QuUoAodVsa4Ps@sG&ppqk
z(7gB<(JDL0*sF?$Qo*9Ps|GrV4@Ot{(N}{ZB4O%G^q=8&KEi}iMK#J=Aj7945J6S7
z)n7<4ET<HvO-(VVaDQN!;4sj663lTwQGPPktlyY%-0waWtLCmzlXjN0yEeLi_Vg|9
zjCM9{FY>6mJe~Lw0_pm11hF!3>r|4_#r<6$dz8WJnzP49BBcvO{+w0K*-)KsCV|RA
zMH+&+(cDWd!4+Jp>Gc&T+Q=SVM2yQY*%I?~h93C%F}_663?)k>+l-yZO$o!iv+*Ui
zI`584TJUE=^0?$t4OmO7`Q$r_0mMjN#3JOOBb?r>E5{Wqzc-?S-NU1Gv$7`Varzfa
zpS=<M2HDLi*EsFG#7oV4yyq%hCAPl4buxra4O?`@JdDE58XJyr7!*9(gT7yMTQlpR
zU^~7%L#_XC!xg&bsS2U)y>Q%U#jE{n$|q>#|DgrB>&(uv0%ww-1@9UiZ10WG3aVks
zH6HKKr&kI%65=UicS*tXr`QCK1{$+gP@nVEUF*%msZ|-Le6PAm_TG^7m`imQxPUX)
zuS^aC+~1psF}a*4gRg`p!JeI%X(0NUH?#;$my7S-X?|8Bt71K_o3k%~345qU#?<Xv
zQ)2Aq*akaZQFm3YhpW9U_T~#Z;3U!7{#q17hW1jTCXNpa^ueU{cf@B~7Isc^tCA={
zdduL!xW}UFr6@sBQ33YF3W8!O*L2)s#CrCxdAc_5!}v9P=T2Bx4Acp?`=)U_HIt2p
z=%{H)&E_gz{Xwz(q1({vz4S`j>X3*J(5kvDOMQ29V#dVWYr|rxo;P^1MVrCxjKOuG
zZt?u#85rmG=pP1sD07+R@|gE$QC_c=Yo~$}mnxw3=)rwMjvW?HCSdleD~~~mdKa(|
zR@EE*$IzMOa`8eK$)z{6-LtXy2o|Q_RJD+N{I7Y}zWH<vw<8yiP92`*j8(8uC*Zot
zxWzNvlJZ6ZPoVh{x6G-u$M3{#iHumDv8MTUz(q&r#<`slMs}#FBvZl*@;_#^Gm<@8
z)PE|=%INsZ!kC{D{3$8)AJ1LV3==2z@Mn#7{6>Tq$!3^azY^6UZ=dZTF^^Uvm!!S<
z!MmT{1bDhK@*dVhU#m`OMWhkkV7gwFah;AqZRtkplTMq*XDR;0Q#F*GZqEqxq>F?!
zp#Fsj@g4o62-q<7(>-X)C6Pq=WbZ#J55U!|`X3#FK0BAPY!u*4m!p4H^CS9so{klP
z6_N^0mGNY)omc-DW3GNHlGVpgFwj>5iX_aBF+eLcS?wu3zB&#-S<j(QWMRVNHBSG9
z2skjd6^Gs)2K?xrY3;zhWX_!TdM{|k4v3hpyt=WfzlqoO^%o+Oc+^wq`}H%_gA!Su
zkaa%(gO(mLBiec`@XLgEbTy&7^Oc8NkH;QObb$Bo4p?6OPK*<ai<|kdU773HwNkym
z?tAPe?bF0MUGRy;v&7{~@qQDrt4@4D&Xx=CQ=TuGxPsqnh<oPJSkDdK!+;FLH|Tan
zp0d`jJ=0Kk{2z-Xke}LHMIvZd+o@`M5v%^7o=Y$)JTuz}_^nsN<f`-ikoWZ~&CRzo
zYn`KBK2C4b{f>ysidCNpl7Jt{g-)(#nybp<5~=-RmR{UO@b$kfmo0z0XWDua-yRPg
z?6P1idW+ich<ZM<iI&YY0+mYU`^tv8nfPMlo$yeN!7kDkzsV9l*_+~5d~LT!#&G%}
zqIk&01o#AK&Fxhkuc3C1zQH-}tC8Des<Y+1q}t6f4Z7mPmedRr{D0LkJNzSsop6aj
zemxB{5`(|+4mKj$LVhC>6t&Foj&w(B-r==z;_pd+LcX3R3E?er;)X0=e~jP^sG4gp
zcmCU7paHMF6h4d%soy*`@P_Ph;!5%3TITqkuZq9}CS;Ag8OLh;{yQxtA6a5D*}N+P
zt=;dD-(^=lWQ6SfEJA~)sV=O}@`b=3+2pqc;|k%L>)Il#%o`;oCArm^m}Lj_q!b!|
z-RmR<GqGB~+ByE>f2~uw#>?3tx9d8~9$Ts7I$bmB+Wr=V53~USg66?f+aIY~Pt}#E
zb#pgAS`1hO#_CqC1m`te?Krqm@{^^D4K~=Skl7{r^@>5nhm}Hh_0M+%MK4u?E!5q{
zr)k_5(<2&*UFW8voiCySXpwU8Rc^%fO}wtY+eU;vIKs;L^DBPTe}K6fsGXC~uev(z
zckky^1~yceO9edk=cW9OIV_3rQ~1IwYLz(~j`cSsTH(gpv_@_oqKC`J3?%T|H!SKf
z(#0Y%*V~YjzPCz3TeX5wK~DwoJY1meW7J!oSoC;mB2_a~*Ku2IKDbPNw2VZ=P)^pS
z6o+3dyC^2IuMb(v^vePyLD%SRs#;GUFqfdDEyH1D+?u3I)%Lr;-92uGZ>#_jnGd0k
zQ+NK)BFDu{m%mr+xq|aC!v}%LP9|GE+5OJ03NXDBS~l(4^d<F-+{x_lMCfS&Y;DBs
z5OI7Gi+eb!3db7R7#8GOP56;E*%t~B)P*B*%uk#d|1SUdZyBHJcH+F*`7#-2e@9A9
zPOflpKsZBlByG+Dk-wg#THs@$VQ>&UO#AcTYbj2uKoH4NJwon@{Y_3P`Fp+KXp)81
zLHxI|f;a5FNoi?)qY&zV(@UL668!snEEb;d!RCRa^%t6#EOJ8Oa7c+6#D(~^SXPPt
zW#FPFVS}QVaksEKeBDQuD1@!!U^3*t|A^lzNK0xhhC<wE*#E@%?tFxh^ly9pevfRX
zm`ir*lo`>NH&B^!ryNLF8bHF#dyAxfRo%ke%pV_&@tIvzmj^e^<S6aGy5SUTq{iFe
zXPzt%h#S(-$}m!%V}C7Idtsu{y8re8$0Y*)C36hakBQp<V5CKDdANr6E*qwW^<^S{
zVoqDAhI*um3psMC>02;is1lo=8EeMll1+uib^f^gE^)=f&8^T(C0wYeU1gn;IrB3-
zGJyczGuMrn+^0ASeNB{?iJb*hvU)^<ce`1t*_u?~tZhGOR1eg$Y83!!@8fc3LhBtE
z(g$9YnPSQ|9PI<gDrk;VY&GX%H&mmyHPSp!31>thY;}kk-O{2gsV@ML3u@v9h5Fz%
zIO{1BgC0pAP`;%>(J1Z2c=yXLLBCX0r4k^)5tV%C=Xnri*kEd3zu{SpeY_r6L~`7r
znON!hhr$?%bj~kgs>*)x+_!HjUNNe)YG)xNEUKYcNF%CAdTxDBHYD^_?Ex{<#9-9?
zxEncz)HWe%m`KpLC!#EUc#jzmWjxprU<thBY)GIORqW7r>VGPyq$tKWRfA!XajJ}m
zt0ztATc{?`I&7FH9ELk22_#^;z7=#+M@dfSc)KJ=9$-U@b2=D*VsoWSPJ<*?QK_J<
zAh(JQ7ljrW7Jxo0BbUHesymc=bHiN*&MOi4Dv>?b)j&4VySKGJwfq&xcAQt<=Ul~v
z(`mG8X}>#P3Ez-@<B5{gdS?4gx6JGqW!3O_`<e30VCOr6;ftm*hPDdldbY#bNov|g
zI6B>8pqNQtf8l4yPgf1AzmgA%Ay$v20hE9)+QQQH8mq?+q8YK#UnHXK98M0ICO|4C
z@E7)eC6FQ4b-BXm8p96%_Dy7Zz1jf{{Smn^$vc4Te{^j?CKT{REF+>JONbCkC&%U>
z5{s3>Gn?caK34S&UprmO*5GZCAkjy^MMA}K$QM0hS}%LQD2$O^xV#A^xjo-Nff=}#
zfc||(CXR3HHeg;pt0XquTh057*eXML{ctMY8bYRGwQsiZPHrTHvbzG#!7j4X(@ZvI
zk(;2w@k_LRQ-(9;TsK^n!^~gT7?0+qlQoTF*XNM~c+XU#Scm1|rg{-kaRWY?u>ScM
zHFKDdU`<V&QV4PibfU*O<8hwnmo*tpbmOEq1Mf3cvtid26C&E0LQPI9F*!l<4Xmx*
z2mx=1g~K!_7%Y$7D-zg+481kg6l$==8V9_Lmsjv<0JTx@=iqQiz!2)x#0oL`s+1C6
z$)<%3AR?`R2xW(3ygn_=ZZ15*s&pqrS{EmJPc+6C8^#|leHy@0(sQ1hsaH)Mbpz?D
zT3Q_)(T_$z#X1*%shyl0xPepPV2>|;;M`m{YW=tS4YrP49`;uTCmYkT&?s*~tj0RL
zI00JV`Ul)%SXAI1rDHw%C1>05%MpV+hC_QIE6ZU}a=?E290AKU^_cnz$MyfNUOxN8
z3v`c-y>#NjyK5FJR!8Xhh=qrQr1F<*!i|telkb`%*a~h>!l2PKjQS#r-X{|gJ3=-u
zwm7MJvoCm15ZABgkfzt$62TNCQL7!@@3%h$b$OF*2zN#0t#*NVA~wEj^HgltP$?$~
zBCts!EswjgllS6B>Uwje`UaRp{)mx`Y%4jKa6`ce;oHKhq#3qX5RwMYvJ^hw28)9)
zqNmWxi3+S}6Vae<5*72Yy(J+bkrhtdAbtv(;3Z>O#B|o56J#e6L+z4ox<qU!8=G_E
z1bcMl`87i*XnkdmHE1|t?hQiWop8NS0xSVE@_m(_Y)MSn=kMmJ#w%SxK~aX1N?6mZ
z5!JB6>B!0=b{_9YQDB+Cl)Qn932>A8JY#+#HeO$9@>9Sr>{304SKyX6KkPhsh}G7v
ziyQ0_>nk84Ms>hBd`$vJE*>AdSsgYG3!PIAMp;E~EnXv>V{oSi*9bwrwaNajqgw-B
zSq&?wR`{JQR<e6qwx!lYs}GGMql|?kCr!34&4yQRHaRNEeJmLspdElxI+@kvBwCJL
zuFQSU=k2x{durv<ot)um*Dc(D+F#8SY<dw>l7}TeWz&3a!s&XD#xb(az!`>@*)i9^
zsLTsJSx~aVBOjQHOX;lt{b6Y-h6~U*(5KP?T-ikh*VVCkvDLw-mg3P|X?^joqo$_K
zeVy7PMOhmL?LF~DV5%qj?l5&fs%UGie#b{(OP0s2hYa-*Y96YDE9bCLtXG#<E@@tG
za&{WqFV!zm9aWtPG(sYeonscmlzDM=$859+%)P_k|4EA!PuWBKZ9W}cZ+?0IdRT4a
zlR3)*51_$q^*Lv~HR~1^Ww6@s?ciz>L6UwL@cq<V%6{-yPZ7CRWYK>2I}(<}Xjj0k
zu2WXVs41r?gbu<E|0I{U=G(XcYdT0BMV;nVUcocQaWTmFT?t5xKZZSwyrdlBn#7!^
z6MJe+UR~QP{7SF=u%p%T>caI;e*S0Kc3XDF2288Kg<EyaI46!22<{u&?1I=m0y2J}
z*FW0D)aE<0U0Vw9*%_@shaBcNfkL*TKCY5KvNN<lW$@8k%2Fzf1xzQ_tZ&W6)_D7U
zPu*LGU1H=7y(@Zvi-8L<+g$Y8!dkJ3N;)zBtGP1|hk9+}c!iWQk<-CoWSQ(smW;8L
zWt2{X6i1Sxj*PKqXH=F+GS)*fwnhzECR=twCWEZQFqUELhJ(Se>m8hPz5l*{zP~?z
z*Y&%e`?{a|exB#|e7?_f7hZL5)RRqA#>-+Jvt)|4$|yzdL`!N;ZVN7R;51?R>ib<`
zO|Zm-N%FDt;7&#Rg;azb1bY{D{ra&B&CUG=Y+_k@E481}GiR?i4uc<&LM$zz7Zk6B
zRg&YarJs1Oe6)>~)1)t}`ESMXjGIP}UXtz~y5M;W$A`*74M-NM1TTeGpIcdEbN5Av
z>q%tPv<6^n_gE*VFP3MT+?V~+&8w(jM;ZVMi;|Z+QzAp?vyo9WEM3Lr=e#wU`z)L-
zadyK?LaILTYu7_Wvt~|?Q{#x<DFTs;D@tw|DSG1#f$z&}6*yUQ!t8<J-6w4Om%B?>
z-M?lPz6;Iur)!(wSt@t58K-A))Hl5~F>zuv9eV;XzZ<!<fDXiwA32G!q<gPMN4vu-
z<HuuPDeG$s=jP>KsxOZ3L0CcAwM?`>s9n!J(P)q(*YTm4oB$Ykx#Eiyw_^1_1=gM5
ziJTX>KC?JBZWQP?NA_xy)Jr$qu8dEY!}(g7itE?3w8=NBEAxo9w#eltESzNR6~1sV
zP?zet>2dCKb}l5QI3SV$U%OPJv+`a816UW<jlB_?th7kw;2E2~>TOh%h|`~MIo`SK
z9v3%jAAI4v>2&WyuST#LQ%0p-DWMp;c|Kvxz`|S%|Lu4Y^?8YCr1|J8I|F}n0G^qR
zYOZu91W0qbaF+?U$$!<k$d3PH|Jug&vZlWu-{MmH%7T4dhQw&Y3qSIOc)NixFL$0u
zF_7AgG;E7v=9hl-tf5}b9Y=5-dCjvC%FcUn#VYYncX7gfruh0F6v2bAPI0o4GU)Dr
z@0Y`V!$+q;fu3e=$t{l<yw^o?odmcEF>esxv&IXIWz=6LMHR>dHvoBCH7}QfP{+eC
zLO;CKN%!lY>G_eKeo+V3N8DB8mct}zKdsrem?$Cn-hwsFUJm~4u2QeevpividhhLf
z#(UdCy61O|Y3eQv;4S0tBMKf*LHUp=G?74=_4QU<pdhaP2;J{z6etJO22s}3^TBMV
z5#dgC^J+fU)T#WmDjnTg%aEa7vR~PKAo>B`4vv?3v{s#7(wezaDw|va;>-Wcq{I_~
zisp+xwEsPH_1%|Rz=go{H3Ary^lV|}cmG6DpTV+1)x9C8;>|0}jZ)-PHTdS9qSRXT
z-78yptdeKAxp{R<XaL-l3%?FS*_@G_s*WgU%GMW@P6av(I{B}AvTn7k0Xu3E%Fzp+
zlvPVAGp^~!dhdDoL{VE~x>TUH<vj&a9XwhMzzAyF=-ujKV~!~LGTsI)Y?U*6&ZAkN
zqm<WW>2awH!Z6J#xhs^km$pSOxHVbHNDw4?0$Cesov)|ZQ`NQWPr>zo(myd<X<CA>
zp}_Z>RWExW0xVRryov)vln5EFsbOF?xZr_Ym!GN_;?L)YY$f7Kv!}|in2&V7^B%WL
z7(`(Hady6|&-^}Tmr(g3XW6CYlw>&vwBw_76_|UXjsFvVK^YIcqn*Yrr8`B}Nx)+E
zVhWr#YaNbm1lWa}aW=*Ih=JBzXSmAfNNHAO$N)%hNpPD(#!n0`D@s8fG?7|*nn*fe
zKTS*QE9{8jN@uumH6hBuvf|mJZA|t_p)}}r5u^BTzxllQ{k!OE!e^x%^;|&=)5H=F
zHR_2YGBoZR7Clde-EI}}^Rkp)OcRoy$*jwYd_RB5S>w2~&->e$<TiYMo&QIDyLCHR
zTAxfeWu39o8o)Y%TH%~1`l3oNvCfCKTw?!^;f3xV-t?{+^p-s2mDR}|T;STkNGQyf
zaP3%|>zw|eg>8|}Py#2+?}alvcjv}r1g7KsXta9g`ean|O7_Tf6amkwYq{8(_Mitm
zPX#n}MtG<kl>c0=*56=9=A(_4e(iRM*9%2nL3}I!OriyFI=b2oVB!s=mTgOg(8gX6
zM|~|iuvoCF4$BDG?s9l2X)eW;vf6KMFDeVptH6$y3)34+BEM1JbS-;5`p4+M+`Y;g
z#>I8p*2hbX#IT>9mR=GY9uXFxjJ!x`vL^+WX{1olyo=+kUvCW3)~22K*8NKR%Rsx<
z4;{@MR!W@ru_C9I5rf==|MkOumyRy>Q{{9YQYFx6`If1p?7Yjs<mVWO5Pyy5n=T<h
z&wfNO<bF+Zs<$od2HRG1bdH|+(8YS2ATGwEU%ZmD|HXNz3`k_T*}G27n~b;0+SuRG
zmk@cWn-D<|Xk2Or%qk*fLFBLjG=Cn<YL8u3Er+gt-4d&y0&~kX>5B;5ZT^UN;Td{b
z{|3sb+Op#fiVD3ve{~3trgS*;(JjKD6VjNb3A^c73i!<@@Q6&XN*p>Ex#<)0WRHg*
zM7`fqJcVyz0Etvo-M}X=YsOzq9Xmf7JHLEIuDi0rFCqk^d;XJ6?f0{;4?MQ=#Qk%T
z?EH@IE*@%Yad&h+ZkW`hy$i8wGsY{GqP_TL8m`rmTfSR#Fnqa}6lq|f>|}LBpL58f
zw_w$$_1W@2@_Y};CCWd0i0QeN8kz-Zy)3FZEe8sPp6;N_&$@|j6?`X?-2Zgg9<lDw
zBDvW`8|=@QZI7S|#vP5aoeyCsE1_3~d{vNU1h*%72?XfOlf&2J8;x!QBvxugDy9W8
zXZzR$vtxt=jafwX07Y@vi%1!Wyo!M3<iB{&B^_&;CQ)0xHksrRESO7pt*(1SSL=mP
zLU5P^8`<FDXHnITl&`r{6nh(gk@7xuv&_`~Q)P!Jmqmbmn+Z#g)zs-@e{~L?F)rFk
z@ejJ95w~1?JIO`s>upZX;dXnwgDGRZX!P@(tSJAg6QlDdPdz<QMbf&K<F@6k8L#Pt
zAfLCwvVTmA(28-{5pUj`<ajvzov*s}*y9+bb654|aJvNTAUmRP<t2S2_w^*v?fugR
zLtQ=feMuViN)sW^?MS3pNpCT{@2O<K#zfju&nXPx(#}Ju_bdJx`Nq3j{S_*K)6Wja
zf+j-r;Mhd+M98-WGgMl9PB9hxRykNXL^tHDlD8*)vJN?af26?bTe^?Rz5+1w9*z3P
zf!{Jj(nwt$ok7(7RlRQni+4oWaPW`^ZO#3u$wZZb_m7U|5bc{;0GP0^{Mm??_ab}!
zhK>eJ>Mj%xa}illC8}J%9l|Vh`Q=We#Tc2|5KHr>L+<pM-=!@m-?564xNS?TxtU&<
zTxWufG}*z!uxI!SQ?;TlP?}rIqKVx{U28>*1obYtZ0(;BOA7%Hqb4q%)WA+M-2e$T
zU;uH>`mDDy(hx99)Zyb37}R;=I<8nzQQ1{yDlj<6F=<ud(P7Q@HkFLwt%WLovXa~j
z_~P(bDWpn@*wtH|7~^w6<9n_}(4pM|C=XP4cm}tbz>S92B=!%W%%NZg<j&G40&Y~?
z`?RS+>$&ewZ8S$g`m}X*fI2RtV=U6KbAtFbDOAs>S4Mj#<W|{)+e71nWiX5P=}lP$
zRAmEt<i6Tsqpq5!nQrmMe+ck^A=7uq<HCni$J&M5LcVdhO&Ms3O3Q`=Yr*28dkp#U
zww>5w=MyWM#@8#HMVvm+?^o=)DP&$|O$VXl8{Y`-)rJ%ccF#riPyx_FOIG`N#53Ro
zCm(=mP)>KrcNnQdGK(=D8;+G@O9%yEb03E`wn6Egjgskmd_9|%=dPw(0GrqTrp}I6
z^PKyRR%i1;j+|^#Y9T0-`8hK`zA&-~T;9Y=Qv)eBsP8lhOhg`pi=(n;)BB`fq{Sm0
z{XS;*h_x1YxrO|oeSudJ-faGHqzv;zkRDcXs9|75j$Nu<1Br+8t7bAMpoIchk!0u4
z=!EY|(tm@nN(I-Ht)GAgcfz9iR?!hHF(<EpbijZcI@VkNCRlkRq2y`9kMQ-I7L!p@
zoiXQ)v%cgGvM{z&4*G9%`2{gb(o~VX*NxTu@8>|F>Ia@_SaxPIAc7r=zho~=MJCYY
zu$LqB)}Dn|g>-j!S)X%M`c+<-sJ3$Xi~LYal5DwMp5#%N?;o#+Q}Uyra$J6s>)Z=+
zg%@k@VbAy`PfMBXci$`}AMf@SfEQLk$O%@z!{=5)&+ca)t9gSylpZv>MccXYTY3Y5
z*yWWR9JEM7v@`OO!_4tQ)Dlm{tEQ~ftXx(55Nz2!-9=o*)9$N^`KFHJ#(^aHFLO<w
z6{4=KM;*yJXk7Jl%cYl4V3{}j2B@7BxIHF=#(cQ&8L`6)+M7Nl)vCaMB4ZW;(#+G~
zs|t%9lNdFe=B2ydGq{%kk?6P4DR}r#02}O9!6VY%Av}IPQ8^uNJ`9zA<CFfw^wqEr
zQ7GH?89=n7pMts)mtxUwN3&}xqfP2RuLG0)_zyqdwcK)n2)<UF&F68HkbPYePwiH3
zPf>b6yX90~D8InaM<9O9K$_y~t_cHze=A#;DEOyUuU#MPSuJillH6wOH6;cxG6>yG
z60Op0GQyrw4LtJI(o5Q?gWxt(;hfcSVoZnSthm`;;hAfPo7M*los+8z_#<!pe~4U;
aZH8n$(eAEIey)3r_1rLm8y4z6eEA<4>l#b|

literal 0
HcmV?d00001

diff --git a/education/windows/images/express-settings.png b/education/windows/images/express-settings.png
new file mode 100644
index 0000000000000000000000000000000000000000..99e9c4825a4f7fb29f0ea2930894c78a63105991
GIT binary patch
literal 110041
zcmbrlQ<No5*REZ*ZFITIw!73-UAE0twr$(CZQC}wY}?rNe$VsnZ=e3-KUiapjLeM8
zj1_CndtP}*sI0UYJPZyD5D*Z&g!nIcARrJ<ARu5>D2VTt+VTs;?=N6`c`+fNswupa
z?+q{$!9RlEyP{#=^}xTkp>4#~?16v~`u_6)MyLGk^WBK$AfoD^U~TN+tY>EgWTR(h
z<v?d;<Uqti$3VvkVD^#*0{Zfm_$8?5qJ6Ff?xVE0^jXy29*-SF43U!4-p&n&CQ{q3
z0oD#QD2)ayD{vB&o35wpmU21urSZ1e&wo2pe0)cB<>8j%KD}D|xMorPaN+sLI}E0f
z%qkp=fY0S{Jd?Wz<6nAH{qKhGFgkeV{&(yD?5+|&CKdblI9m}R3eNvIK{z;y8ii|g
z_Mc-MG-GEZqW;@gSb((Me>(lo=_;fSarysVrsc;?HZdnTEdu@*HVYf@qN9Kjt?ZU5
zPw9Ve<N7ETPk|{d4T7i}k3$E>@NR?(G>jTM!1Xgb>d+W8cf=$;?Q<M4w5l=~y`3(%
zksZPb#;3WwQrh94%SDA>A9XC{77>h42G~RL(`2l{1Jkk9G_nX<8Syp|jt-VvAe8sO
zQQ#T`Z2?1X)|r2gHIe)mZB3;AE+}KMiG`G#EvRm<ebHB7yC?jg8dKAO+qYm{fMyNX
z!)y?9O5-(T&!o2JS3i>cnt1)Q^_k{B<MIspyeHRI2BGIAz4G;7NvZ9Go(GZ<qbM8o
zVRpb^&D0yuY%u%&pec2QIoQxRB-M@V2!H)(^D9`~TA(DQqUfD{=2zU}Ld4ly!(d2&
zz_aUmEY$Ue4!jvZ^a!lIJ8{oEFgd7>pTyM><5^*&H$gA4ubp$Fm{bDdMBvtYvqRNC
z1NbiZUYm#)m$alkwbEwFgAxyG`>~!L>&Svz!)7oV5mV>3cj`lY)60>m6_&7p($lw*
z^0FlW0?@|h^YXyc@7J9DjH(`SJq2P;`q&Z>2A!CsMcOtGPnh`8voz+iLofOVpRe7W
z;W3lC2X-74*xdpY8QJp-yQFG3pSgWINbq7-Z!>tL+%jkCVG-|t=GDz~|3URW3rnd6
z4nGewMmmC#{=Pza44Jzvh!zmN*!Oc8g839uEnWU0?%iR%!vGW6E!x1Ks)qROny`q~
zRZfO0<Y!@v-YSC11Y0hvB5x+HLSgm^Z+H-BC{UQ3A7=!Mj5J5~W==OWcp_31e#Xcy
zCTxi>KeZ3SmK0=P$6lOaG=9Ot`SV%rHd*V3x1{(wX=Fj=_Uw$Q>06=UJkjm=L!5a6
zvv)oky`v;&B<<s#IQM=BdGLrMV?k$KSy7|PSfc$8$h(A_wU^!BXqdR;G4NCW%>QA2
zIAc@xQ^vicEl7wV+mC#PW*xA#%~#GeBQinQPg>$PWg2lSL+jwCH6rh@pL#pG;kD2^
zA=Z0=*8(aT6QvAD;3%0*y_d%*gb|E99T@;wO_gZ6Sw6~g3!zwmG20us7rAd+9)h6Y
zB~~m_gmkR7ja{wSS}9%tq<fBK3g#SB7#tIHfM&u1QNmI1AY`sW0ELj}-xxLJ;5I*|
zp0z$A_Hjr1+QAfpN}F>)SFRQhyM-(+o+On3v&5gTsh#7$vzU6obmG(%f}KbyNz^Jr
ziYrzs^pIm1egSNo*Tlq9Q<UWN4T3@qg!0cXegK>RA6c_bZm=8^F>kmFEFcPQNtSiB
z91C0>!{p`Mx(b*PDiPfP!dItjVZ8Auxa*!!`vfKN7*U2qFZ0>lNPY-sgaW<|Jqzpb
zigy^7wiP`<H3J;rDtd`;in63i6z;*q!XPjLpcdFJPWNw2vW^&U*CH$Dfa`F*(h6i>
z#veA2Y{F8u_L7u9IUX-#tTBLE;$;PCY=oyQG4+YB<irC^?AXs2k8q~?V;k&VZ`^~e
ztf%)6O@JMRn{Qv}`<GT%4=>}&fFdjnfoS*uZv-6Bwt6B}U7<$3&#9x&dumo*zf_?u
zu%!GT9ssv2>IQ#qFImJG9wPU6nsB){y9j+pDY9nrjc>#TSWep9wY%R8-D>%iXa0c5
zcW>%zeuDEGjZuMrVD`RqzGK)vA-wLZs5%y~i&s;G)e)0alo!*we1@U0gONxO{|qRJ
z$@t4riMyGBA00Qwm9Wf0+%t;<nQHviiUMbK<=<l~Nm&zLD<~?iU3QVk*~!o@iB$oZ
zkX2X?2|E?Vu=Mkat{$3g;PG%-N18Y%hzKilvl}#S;a1!BaHR#Yeh;aWM@~9qD6i^I
zMvUxPSrN#fuObU(_J?)!c<9Tn;mrr*&LSvx$;=F-a@2-&M=2e&K-lwjb_SYi67~Hz
zoObimMei@L_f2fT!Dnm1u9t6$HEx*4jjW&yiKN5Mn3t9cUo`<gA9e}4+{b&mTtvbL
z>1f3QG>3^kmz1=&Io^a5FcUyZ!Cmeav7sIvdTKQI4La+FhqI7Xl_TiN1VVs7U)`VJ
z2Yr_Kj%~i!DY-H&TSQkeCJ24p#To}sKh&^XkB&%<5E2TJ-E}e}exju0%6LYfPU!c;
z$XW8f!e9BoBi2?FFX{DHkv3wQ3V1MdbvrXuh<51_ak4&`YCC?14eFZXb`qBdUKC*8
zP-s3EeU{J+LXYB3*cFXZ4e{m3%Yf!XC$Z{a6}@$tVPI<eCfpQWG6L((8LbPAQ<k?6
zZ!%60wMb;%WW~Kk3eg=GbH=2O&Q;l_NHVTw#GX!rT}JB@8A=XU?Z4W>3M5lr+=OCN
z=z8aQR}u^64BqM>1o-R7pZ0vBe=wl2j2iEq1Doqv=MGH1T#Z_G+O%7WyjgauJ)`$S
zxSS2Y#0fvVB>&B*pB63Wyqs%)e`t({k3<SQ214nH(=*|j@hn(Umd>C(MO=kAiq&7Q
zEx-Ai>hzbvfL^RiHkYxm-&<QgztlCOW?0hhm|7wz&_j6Xn3Tp)(HYDBvIKqi=e1Fq
zX1Mo!=SDNCmtI9Bh4jDoyaEh&C4j7`g?2<NN%7Z6QttX`&VJo2mSDV)RxTi)M@4E#
z@AXbU?zFc<#6&PeSD;{<zj|Z&e@@M}x;%_~26gz-^bcalc(?))AT&Y2Ijb~3X7J#n
z_hNVG@-|)YLI&J+WH+os6MA?f=>WKeyX>H~%wyIK>f(0ypj5c2TR7qjUuyWQ2}m`?
zn8O*&c7CFb5TqkfrN8dJgwnr<1c<Y@z{-`D34fXLpK~Myroo|P2(Xh`<3lUD=@t6&
z$WIeYm`HxKkDO*K5IdfL{i9ai`)yW9k4)sMjqa0=MjIZ)4#RM5KhtqzUKTYoz8)bW
zPEhjvI{87(w%GVwE>Yt^h%sK!gCL>C_|nU8Hr@`r;KJb<&W+3fY)gIKji(KsyqNj9
z(D7}-L?qofqZD=CUKS$CQa{UUPmWzxHPQs#Q?~Z@46bjYSXh4lMWD^vA#vnb-%gEw
z?3-GH^IVf7SZ(mIT^uqQp?N-x(d!Ol;HO#}0x?mzTj}6>=3J+?W278Y!LYpEJM|9(
z)1s6bfj#4PDMEU%!@W*kdy+f?r^%PTWxI>{Gf=ot{yvatNU8G(&RCv0Vs7aRPf^Ff
z!w2St{|<*}NxG`==D3iBFN~j7*4Vw~`foJN4j8B4oDAw&CJpetxd)+<s--W-x|7hi
z`f%X4dSyU9h%7oSUN&bfC=JEyL1T|F4;Fbs?4@>wW5H`i9Ox?^&T%h+1W5dzn2ZeA
zX%?_jVhoWv!|_FjWP&Rfpe4?WBMm9}ZLU;BrSJE*#?)xHkX>rL?6+0z>+zv(A=EN`
zt`tGg%5Aa%$kH;+TXX?aT+E0pd&VSLYF!Q(rghrk!y$Rr7weBZix@X?EdP(cH|LR_
zwI_oTlwS@AY29tWC)F|{f@+b17!(>EkE7Z&YThuZ;l&1{!u{Kary~%G*bXKC$RJI@
z7M{3%Rn6s<fVopQsW^0;7tT72?8yn)0iU<Y*ZgPw3ptOcJ-Lh#y4{0p$ZG)#$beRk
zA1i}d!TztfCnpg@T-*MWCL`$qcvz@k7&R{RVz9RXI^;0sTH@^!-R}@*;n1-V#Ngev
zUUxbkKWk!-RnvNxCxJ1-Hn6C>pnj~ANq@PEzcfBzZPLPp!itjc^+0c3{uT~ySMJe!
ze1qybVQ%46*D+<wsIa}m#bw+n%tqS1^qF8U-X3Da*CXa<?OvFkbo?Iy9pz2=9fHMc
zs>=G^)8npJ0-}PH5L&hJ1PN9s+yyc$^$vAG(=mSaZS<iXI8L^lHWD&kexhT2jIe)s
z^Sr|k@qWT@zCRMB85SNVxAb@WK;!ymO1y-?IzXJ#3u30F8O4qYFcfIU`6qPPMTEjK
zzel|5i@S^Wfsrke+S+NHU|w77|B9_zgUFB?^=+?!QW~|a4#yGwP)lRIyRS~XhcyKR
z<ae@Wb(i60y}cs6ZoOk`tJUHj)rHB)DN1~*Au_8eF_Eiy8d!u@vt<lzb1Un9&Q-dY
zyYY}egfMKxp=t(U{i~<8;FHDdNX0eMb~dL`cK-ZeHnB4iAb2e11(H$5j1V*M%-5?9
z^?8A@z=<W{Cyqu`au;1VgK7|doE^!+UfudpPD0bSv>|0%LcVH!D=BN1e)C5kX18Ap
zzFB*pVjjnED>M@QwedkX5(#GqOX}`0n!@%jhcYLERMfq<aD;Y*y1&LN_H-}E)69o8
zH0@^YU|Y(G6R$!_4`(0561B<i-Mp+8TCdkCD3PG@a|`At#oQKpuD0~Em3P}(1-#g)
z+&*nZPX{t%iSZkK!q1CjdLbcRKrP@v5WpMjAFHJy_k>aAWp9t_h%0ZYB|m(XAn|YU
zfV+Jw9@R64=Lmif;=ZrZ;i)ClVYel_vZjXn=&ZPijSz>8NH6x>zJ}vRBOxu}h>zjv
zh*Yh!j;<H0?ZY#wYUMl%p=K99>c5sBymmbPzLc~Q??w={gu#Gbq%dl4?tek%S5?W$
zx0MzlnzEBmF@!Ug@TWzHGUaK<qCLkT1Xl)nRIlEW=K65Vz|@qjw-|O98%iB~eth0@
zH7Ke!_xZC+Fy(d(Vod0VP~F3L?x%{l&xpBoXro44?VA+eBYm3wN;ipJsK>(mFO*o^
zSJ7Ni4T%?4aV6SvX6D||2B8codZFf}tc1*i-|H{zO*$4lY(=~<KTqNCwREC^;)ot#
znP=G_%mi<bP5}O>*sc)xH60Uuzn!Y7Xaapg`S$gMxn}=Ki(d@ywazLM+tigpUzf-(
z7pGR&PEEs4!SZt2TGf69k%i!|O*g-k<ya4CSN#SIA>^U2AO5&_e5YYNLVstrOk!)Z
z0PuNdm>crh(!poUB@)_Vsmd9Sb=4mxt27VscQA22Pi&-mA6@pOtjeOq>NyQKvvS%i
zFAJ)qCdmfNt2~a$RAbZ7tAR=-=BA?5h+_AxH=zB~gA&FdAAf5;P8jzM99Nu}AS3@w
zUfVPf>s|M;x69j%`w;^1n~30uKEMq-KfzhuF!YGBcsrA<ZM~316`@he7ZFiQkRm;7
zP4?%QEa@ufmjO0>3llk~I`|TQRbZbX80R*1VOM_OB~-;Rjn8s!;M*?Cvsw3B)_MCL
zr*o-3TtnggrtRy$x?*@Q$g<PqX22OgeC(N<ES4L#^Ay+Qie1oZHe~K<vw&Lr`^d=@
zZ&&*qD~Gj6g|sCX><CXD0&N#m7|2<~-;6*Nh#nU5+P11c&Aewr)EEO+3IQp7v=gZm
z3}?CYPp$t+-15H61-0LV4(bd8dRbRlET<_S8T9I=sI-_{k(VUKs{QuKarwrAtcD_B
zWF57(J{K_w_dZ-Fxec%k`dw6ARx$X9%9&E{g8JKNP}EDv$~X)sF4}W6u!harxb<Nr
zE5YBx6=Pzs+ZaVvgDBg`%bf`H&jY+EphC<N{;p;NQld`(2QTu)RhUsZ0uBh9gsPb!
zINz!#!eT;iMJu#Y1%39w#h{W{jp2h{KP`(Hg;5frK;}5rpp~nV-@^2j<3r?%+fPg-
zyY{m@Pwv5m-Yn*qeQiK=A~=rPaPazcUYup3PU_;~;toKW%1XTrzRD@-`0pmBwU_Yf
zKCpK;*w_zhK1c=F7&S$s7=Od-?NGqE^i*(hCz-kVX-uq!FE`&>VE++}tl(U0GSjkL
zSEhukso`f(5X8db(vG1z<K?RhW?lHt#Lt2XJCwG8{cq`&M(K%X{6#)~A^y>b@DGt8
z4B&5y%NJC}+D{7FfH7}%6m9YC=v9Xb=Y;n80V_IU9{hgamMikmhfF#%wuwetnLvB8
z-%1a%YH=&s9fDG_h%iQ6AWW_Pc&@mx-F`Hbo3%`_@l~nU_^WE1SVlgHmxtCUS!>Kr
zL+sW(=7YxWY)pCTuFZB()XMV%_9V`tZgeH=NTaL!w-xkg?jqSMRryf;-K(y+5EPg8
z9q{%GEHx*{AHpBW$Aa_mfSgzjkF_F;*}}*3ES#m{(TcU1JTD1~gAr}YMZJKz+~a{1
z@wICU#GecQPNJY^d-16)a3Pw23MgCC)-riDSREY`!%kLEL3U4H2Unarr1)-}+c2<~
z#S|nycv94+CFPZu4Hu8h6km$X^@=Q$|5BxA15;$nuN~8bC$m(8sTrqh$6EiyP-vP_
zii($JOKN(6mj_yuVFK}oVUZr|akZ!jyz!$&q%!bjO|E8A!g!eX!3!thUuK{x=_MD(
z7wI1Dt*5+yc?x!mowD7&Q)(b58xIGH@8yztKR{Tx-fblt5qcntxwU1dGINBU?(4-e
zs~aW|-Q{8FGi8An<OKX6=1C+qHMM7W72_zJ+IGI3+h*GVLDw;~nEvcvtmegDg%?Ni
zCXSP)D+V&pIHL3sH(Encj9sYY$dRHPK>qU5dQLz4nDw3*Qw$yN;23%B6FEZ8Bzx!<
zm-#^zXkOp67JaW0Pyb(jH<;K+Ax1>aB}A#-^gG1=(Wm!|yg`Mcr1-qi=X^Gn0{QG+
z^xuRtZ*y=yI!n}T7pDU<S{C9oGB)a+z74gXENxd_Q3$ZZ@{anKC>=lF*&M|F!*c%f
z!~OrGf4TAh?P(Yt`u`(feE%S#-~6l`rWg2M0NIVna+}w=^16)Rdh$Szlu3O>yZ>J}
z>CKjwrfX~*lmbMdxXgY#P`IT}d$n0*0T4C!;ylF>H=%RGZkD$De2lrA)sg$>aX*7+
zR=^}B?WH0Sf0;Sr_ivN!67}b&Qpsws``{Pf$*Qdnpz_N+4O^*<-pU%$T9h#2C88A+
zZQ8sm%_P<DSJ&{y7N>4~#mBVaL^yt~nyRsJBP1@6VP6pX?N{e%pQ>&Witvt?F(fGs
zeq!udK$l9s?qx&Gwl)+W=CL*Y!nc%K(-Cz~?oRe=(5d=R<~8NAFq65}0<<o1B;iCn
zd}?dNe4?lw#4wf_|MF%QuP^LO>oPo1n-}Yh@ZHKC_YO{a_z%jpjx>Jt!5QjT=R9uz
zJjl_hD2y)Od(gpI{J*@)7R@1pS*&ST%fNu4RtBtt2T#|`AaFJlr1nW1LRZg9O3IiF
zK{6v1PpF|`dW{&VsHhOt)EoS#RygWVgE5Z>K0sDmIdTSworjZzfFHnn_vP43qcHBZ
zlX24#6h03{8u_^VJR6Yxab77aLMBP^PGcGF0CTIx&0?BOmd)XCQNM451gq;l_S<}>
zI-cJOe;xWP+Bi=lBw8{5AhCPR1fF)<jH&dS&~WB5OO1pvGlff7j#_FQTBgdp(bSpF
z@YQuzRXKepcFY2FWqlVR%GW_KU1xn5UCUBHpRe0fO|5_{tAD*Lz_EHEMF&S0?M&$9
zR?L%y?Xu5VXnu6?2#j{xVi}BIa+qHK1+z*g55d<1gHuA+Dt!i-?(tEaFCA9Z?9l>j
zG`hJQ6hm_!fBv<32x#r)N#8=*_)7=zZFG1P0#RC~Cv^d2N+5z%r2J}^tybF|R-r{z
zBW4-~c;{hARMj4jmyg8vC@nTI4N-?)Oz8^IeV&eGPbd}Sp>q(rH28p1F6qhoBA6JO
zIE6I_9>Ewbw<HIIfqkuK@M9(qDlo|mY;8D+siEclYb#Y?4obaAr8h<GO*-AV$dc>2
zB(IBxGQGJHeQdlO8GR=b(yV=5<}gPaDw{^c;)QPMAn=Z7!TAC#_kI>gMnh6{j?N;0
zXOv^+Tp=pyVASM0ZoEJB)S3>}t_>|q#A2gHjfNwB=4%S^8ps&iq96I;bzuIjYU@bE
zvxRebev-QKLp*vEGS()888_Dx%!O#Y8;)t>1ETJzDI*CG&*<c!N~IeA=`+D#6jU^s
zL6(_7eY9Wi^yfBAxa{yr9RgU5cFwq7YB_D-@IvFY)c%vssl`ketp}*$H2!_JApviQ
zYrkV+$jC@o`S*UtMBJjYSJEPMsSIA`zEa&?MnR%Q0(IXsI5i=5B#<+tuttKxe(qSj
z|49J>ZS_RY!FS>BD^;#=YkE>3q<w|96HZTn1>tOh!hTp;SuX64glE>R95pdgNTWo4
z7tW{H`A+koglmLSLo2-Yrg!N>iMF5k;oYWQgo?di|1;dXkTy<djcVveoq4&vUDV0O
zxuxw>i0LmEZUdoY*^QZM_=7wieHAjL7PDV)S!uJ0p0b}`uZniJrmb<LOp={(q6mNJ
z*JkCt)BcWdR(`|w>-IWKgO|hv;WwIPvd*%tXO%VTwgk7r=t7TC`U6QmFO0le7inkJ
zZ^=Jr5p(NeIoRosOt|lNe=d)$6XX;wEy7nC+;&}CJK#yOM%*(sM&!Q)L6&@<cvHWi
zrXE=iDYDmU;U3FV&k$SM3hjh}(c)>!JrLwl#&=D8lPRWeG$RrI`b%^+v&{dfkaz7_
zR~=D|TIvKROg$=76Xl3YqTGSb=(;)roRfk}&Z)=l7h9>=D$jK2*y32GoQj>+0sB}^
zV)5F*bed+IOua3Y%G~0etPys1_#cHJcXEe55@vTGk;HFK9o1}w4J3(j_;X2a$n8wx
zU9r_1?z(z`*3pz{%z5#vqiFPp_d)x8=7^lSfAkezz*(^KzGGIhMcL#~cOL90$?MFy
z)OVKpGS%G7!s7}gB2+2pVub!npdF~i9S7tN0nSwd{siA&g5{0(oB9_Z1(Lj@f#9XJ
z(B-WOION`OXmmn9!pof2_#Uoz1NlNuRXtj{3!&w!{^R+w{KI8uRu5}-laT5K-Nw15
zPoSug4Bh?d&`ZiBI=ZQNdlu0dB;&=ee(v3|x&QAJh>lIr+iTn2%Ih@)jiw{o-mc&E
zsSL%<8u$9Fvo0<Ve?2u`rIhUv1!N7~4P4US1zbjA?GZ}K{+eOsoy0S@e4Su{eY9k~
z!}9c41<HCYR8=)~eJW7drzI<Z6Eg%~J&t7cmA@SRhb>(<3N*l5P_Wc)MFsxM2Xfen
zl;3oKS%<JEIDJa@P9Y!r35TP-SqM3FEF=(@Y7dI%@e`rq<rC`Bn;CQ3+Z`*rk{d$I
z8uQ%Um`2@o-C*_5euPNv&at+Sc?+*^*P=bwueUO?8`X;|4HR=qyuJCcXMT&I7gFbH
z_!!voW~BfNLK~H*ZkI^eigS`LmPjL9#rnLzWiFsS>kAoiYXx(@jrq8imIR|RS98hb
ztEkJShH2Q*`l{z#J9eQRyiW4W<^nhUW^M5=V@@ZgfjDZFn?1=~*jdc&7+Qq87ryaR
zq(DnMYMa&<-S!C>rkDj<C$r>Wf;+#=z}*(!P}k8=PpIJ6{)_yCS{=HpkO1vUF5J)P
zS{ZT&SP@Rpsf=Xyywx$dtqtaw+HtVzcN;is&n8HP;o<F*P}_+3$dqOPWD}kgD92ti
zDYVPc5J63CjZjQ6Yg7>iaeD<qJgVRIM=spP;~~bcI3RixS0}0N2StQKy3H`Q-m2&A
zB0h7n)568!nXD$~<zuWzITBGiO@I5*7x9mMw~bCi)UFLz44WJ+ShUs>vAZ!>)$0r5
zjjxSppL{Y$fInqimh;g=AY$mrt|P_u=QmUUjIzLWJlNxztUuCYA==LySFEImifMmA
zLu>V4U&42;!l71dX8VSchI>`9xwu|PY;?JhteZekxVvY#TB2NjkRo5vZuvLigV@{`
zhB9D3;y^rw_3WW?_h-9)-&yc}1B!>+k$@4dMU?U0Av+teG9Do*>W*NQs{NO21I`!5
z2!;;>eF1&CFLc7z;v#T#ghlYGWb<w&CoiX5DT%Lh4+ZzsPHME%u47bdimVKPD>d+m
zjeO^1G;@Y;1k`<ce|xQPov~TRVuPmuK1_na%FUS~$bLimVm3^(8KRkPJqq*)MjRuJ
zp~apuD+@!c&nUD!>9Xe%Rqgq_$v32^<1G4U??vg&_V7UB{E6J7iyQp{RC9)S2E6*+
z1!rC6C|}1yh3BiEiifk7B!goKR1<KsH%qfI&P5`;aXpy{y5c?AFzbdlN!hDKcs{U9
z%3S$@U+ZE0^U~8I{Rf>2;#H5=sRZ48K)KGQk2PYE!3PNmIx<g+cErhaRj)rY%FNn4
zutL^50UlIP*K)4#unuCB0xT?Z#1&r7<9<nEdN|R(NYl2Won74<0JtCj<378NB6zCa
zotoY;-FrEf#-BMxx2K2NenggDtfTRSg;N}Sv#Sj^45qBcbdj+k?F+n3#BFD&E7m5D
zNPg%8E~xymSf4Mm&|3=V5(_VKxQj33z`-d~ctcMj`0I6pU?o{TB<jiAUu?)p;0nPj
zXf-(>{!$+aiHRtxQph;s7kRgL!yb)xW@-+|E;svqFUXSpM;-6;Wz_fU3S;McOVofJ
znRlOMFOE=)pazj*8${BLRw2$cvSmm11Q`TVee>V?i4iNo-NFh6poa*dz4cr8@}xUU
zh)%drQ8XXvY1;s4@K?S@oM}&IG{ng0z}8Aux4O<l^2wB^PXaj8z2M88O`2xxN|L`m
z;xY~}cKuoQFA4J~Mj}QoW*5*2%-eMDKjdgDpDg!a?U|Y3NNj0JN_s&_{hJZP`%*Vh
zXvjm|9i2ctsNRH{9@?CpcK>iXEAeD(09Iul7);*sJu+>0Dxs9U=v@4Kce4)M8G{9X
zG8dz`XA^`!1lu#dO<JltGoX9seIOlMMW^e0B0oii3_bY&V7Pervtq{t$(@ZCz8m+`
z2%s-|I&&V%ML9*)A2#3sAjx(4+~a*diPbZ;Vi5c)?xvV!=%-e3R4R}>r{I_YjkbHF
zyGXq~C0~gr0(k0!4e>Q2BYHL9M$1oC{q4WGeCV9rnX<l~tU~kfGV$)0%Blyn{#j{E
zr0?rIx5a(abDM^0c(5OeSZ>}nj#HOGbWi-;UKNsZF#>g~AvAungjaYpk;<XQkW*=7
z*-jSU^*i+NqotTK7`y;g^@2ypm=sPIkItrdAFE_vT0O{3Y_XPtn_J%S^AV6Ksva6{
zh8t=QHG|4}qr#Ai7F$O6EFo&8B5(bBGaz2EnjK^d%f9_NYdITFYWITwQG4=>&A6i$
z{mPQp|H{Qv=QpzU`)5j>if@q)E9eenlPX`SulM@3={fN%*84dZ=|O_Q=%i<il6oXo
zRCGE-!%#>SaZn<>(4|o@vuU-bCzIFfvpPrn+U_0xsEeC1PpGo9hoI2jsO@}xBc{X(
zC(q3!Fb``fs=8b=uM1su4Gv;F5)Wf3^X>TQ?8Q{|Om!wdf!-D`M-}Mdd=*7^9dxgD
zm5ZA>4Fz&&i!W+86L$D6;57aEC-mz#TseLnF-J>W-eZlb_PaG7;C<&kd_>Hbx$Zq8
zO<0%4+&(4KsJRt@px{(;IjsK`=b-_2g$DFJ)!+`W#HXo;d9yDEzjYdMf`Q3JXMZh!
zBUZD`9FnL;NM5AOF#(8%h5dj%NZpM%f<$BL?Vl@4F5lf-2#=Zvye^KIz{=?8A7<4<
z&zS7Qaq&$@hmQkxYpY?M*hKEiuk+urfgksqIv>Boa%$`i;FCK!jGZO{XW}4Qa3v(R
zPwC&iaods>f?+tUb%dQki0EO0mZfK+^PHy!^KpkG91S?X*}ks0E-?E<TrI(rI_PJ2
zHlkj6)+XOnWbtjm39mu!lx^m&3=*|xGdrao{LG$C{n|<3iK}!oBt7a&Lv9Xp)!vJE
zS49a0)tl7C*){eDhpVyHj`xYAu&a5oVUspO+g`AUkJZqY;NOU_s^k#%)WhrZ$gpK<
z53odAWN27e)R*cY^y;wY=ySFF#jRs_q>>jKdt}OlUqX|b&Oqzm5nRr?w8@M16lE4|
zV-2Y)D}(O%N452V=J8xw&{c~>lM~hR{O&InI&M&)!X9>jqzxS-dQGz;Fmb$eb6Xei
z5i_h@zkrfKhf&=0c8%dYHh?D~EThi6<DC<F{j&b|1cNojujiG$J=ad#qmW0AIBj4=
z?l`=r@wGXSEV`(l#|s!rJ0x7sGDi=+0ad*~>vS&HdzmW@H()kgG7lHQXEHf{zFt#3
zO)Yo*yem(Ck!g&8nv&45Ak++6l)M|K!@z2y&f|VB#B9{n9xtsyI(yWCp5RLBjeknP
zouQel-WXg<{-NrbdnmqsxcFeKwx(W_2CbN!ycw<Ztcmd?D+h}8s^T#Ti;PC>FSyh@
zXMPM{5QZA9tzqdcUbv|3H2cjj*-T1edq%Y&KQy9CAK=oy4UE#(Pr7ktX0QxrD(0mW
zy_ZV1A}EhKmfD5A-u_ewjkU6gXhvpuaXv2f32)<UOa?a>c8;TG9mv}rr^jSP)kH8R
z@VY)Pj)RA-X~~ei|ITq?ww%i2NZ49hi+q?R4cAtcGFy+{)#2`=K6pOQ2317kJZs`!
z8(c@QYLAde>iL51I5I}Vu$Bp(hTdx~+S%5rY~5l+mE)mvDc-x-xxT%q)~Tzm?mt_b
zi`Bn6Wfc{j4@mc?9S%06n2>_!b@)+<204vZwyr$w)r!bSY-Nr(F>VbA@Q-JW<3v`g
zz2r!$<_Rn4FptB4R2s1VwnXvW+12$9(Dkl7?7G|*i$01lZszh<b$c^h;w@opS@K7+
zi_a`?Fas%|3dPVEh!26kxiL;pU!q4LTAfGMW4n^Feqvz~M&L)o_cM-B_hBS16E)WX
zM@k&Y^{uL6Tk=Q0n&y0rLkK&uLpM?-S#d;yicQb6v&1&1^iNOXJau>Db1xGNw;8mu
z=%7CSVe1n=N6E&Ebdbhdz)B1i7YwXZA^r_dTCB$>oih1IsOAlKRl(y!^_RrfPUolc
zyUVZ2nUinsk&P%k@Z9+=O<(s?NA@aSNgyUd1lS#5ZUh`O_#G{V)Q$5Ilxv8gOU=v&
zXyXlL%M&q0Y1G5x%0wZ&6}V_n(R&7b)9QKbxgJm*B6=O9E8PP1ZfmfH&|nWX;_b&d
z+J6flL3R&MUS0GeLdw%kxL7_f#{;No66(!wN>NDhD)bC8LRph$a%by#9~Y6Q@Kkm#
zr=Rq6Ze2CI9k{h$cQ_vTnUnZxQU`LtK(n>O8N=CjCm$pX#WFr-Q=4I*`X>GJ7_WHa
zni_t*0#JvDQ4g5&-?em&$KAv$K(J=I+8XHzG-E@Sk8O-3VWrYir_h${EFzgDMlA;S
zI6x~nj@!i=hv5mWKsN#!7(wUR*w}kR>)xKZm_yP_1xRkDGJ5-Bk17E)oQ$l2m6@z~
zM$?e>=!^nM%8NT)2aq!dv4q#xx1QpBIu#CzYD(ii3Q*q8aRgIV*>7(A#<Z(Z?qW?M
zV9@Eh9?h~~qAsAHQ>NsMD66Db+9-qN?#+Jo!9Z}QXeD!O^;Uz-D+p%MF#)hS5lx2}
zHujC*63?cq1!Va?0tF)|iZph3E*!4FcMKZFW>8@ZueZl!X(y`|f41B{CctUqUGGO5
z&nu|ai!Qy%9h~gIfJ$>7;r!nhxxBf2;EMFGwK=DXa~iWaau!ZlRe6fMyNy03#pNY^
zuF(2FHIQvV?z-cnQbo-Eg)yvaMKKzJ-<}`c{kt>UH!=5wsI?dF?U54znA>WuyTz%v
zp|LtFGxPoBCXAqTlgr!i-cM`O7TmEi98>0Eq^FtR8~2w4ct3pY4f$CUlwwiYcJ4CG
zLOe~;jp<f>3oRb|rx!8$cm22VML`I53eTsbUtw;^YvVpxDvDXE(H8L}_Y8!$#p+y?
zvZ18GREfv`@T7)UMOXe>hBDb;%cp*$!sI6y6~b)VYioAeDgQfq&hP(`9{WxF7q<tm
z5cC--&=w2Pv8LJ3V$fi)VGF&=ewQKtehUeI6wy2q0OQj5K~^ob+8Pg_ES6%b@Zw4H
zUx8H7d#A>&JyN7gdUwF_$9NA}4;I-AT-CZ+Ne-Sl3njeXewI!V&&z+@v6-v?)P;EE
zX-x9mj$*eu56?GqRh9gKLQTzib>1h&kMEycPwS^yp(iM>s-#j)F6`wc%}^MjueY`{
z@Y%fU!gTaP{uo-(A$@}FtGi~R84`X=Qi?5d{IaiZh?!`xHE$qpSE7I&bMF4aE5rev
zfj&-8G}~&R3aM%z@gxJ)AGD_iWp)snl_@b4Nv-z{Zl6tr`xdVtGet=J&6mZL^&F%q
zrRlPQKBl9GwG>c}mvOd*{73|6(gcT71r4TsSvb};cIRI{bgeBQs3EM0g`C(bva%$T
zlKeaHZsrf;Ir^}7LzBr3Of`MV%DQTO1-X$`=0~&L^x(9!u!}*`ebG{Ei<EoqDr#S2
z^=y8$*2Wc@B~eie{PZ>l&eCzjyV{z8r^w3o;f84H)rDBdgdNh`+=il2_k>GFEb8y;
zLkZ5t^<T^gZGyLvqsBm)WQL*U7_S-@V}A-_UO)JCl;YL}HVP+XL4X6Hf*A*i5+9NG
z)1#gqR<i0WRIawSE)#O;zNF8$pmMju@;g%;=gf1i^9#0uxtHRiw~+bNYC%R9-bGVs
zx71RAaLl8jm<;y!CV8*2wTe*z3y4SKJ<?n~r)qlCe9$Cq&EZ035rm!@8U6ASo#rzw
zvgeOiD1u7GH#ra1P766QA=T9}XPi1p*qcR%y!rgoY3nxX0C$XBdMp0r<EZ(y$@Ult
ze#_SeBO`SYQCe*s#O)u8ziv3#w8{vyHnxfA8@C0rMJO!>NI=w1--6uJS@9`<WzM1N
zM!@guv|Vo3NR$p_2yk1A*NqyQJ8RovfIf8R&+0*?M$moh_qVxkmHR1s$(0~zm+r?*
zA2HZ#BBtkn2U@&__H!_$Zi`l;Kq5x1C=*G5TH#?e&dsc<Y>0N;$zZm^<-3giqfy&K
ztwYxLcND_P&LVN(_zd5qmbn$lRkDcarW82@kwT7*Q5e@-g_K}&=&ynP^->40fNf!1
zYZjNMfwnhkH#=&2Hn#utV^+VfaH>m`9Y1R+$y5gm@U(QK(yy7>O_(Xt=XmWkKW@<m
zV_fp>c-%LlXwNUG(Vlend%-2{dd3b5DCG-jL3eM84)Jxl^b~YkK;J;}vH`%4pJ_8a
za9wQpTf*k?>)z0M-pqsg%gvkmT_G0j%+jMW{$PVD#)#~FTXxR>!w?&Rhz)fvLoW>y
zx0&W^PpBC<D!i^gx{>8_-iiNgIxhk6av;UQvrPE*s~vu>yq&AkXuIQ#l1h7#ZZXLr
zXYxNy3c{Uihwmp3?fgA+CuUl~x40w>DYSRr?rB9SkP{2V<G-3bixM^)TuIBYZuz6Q
z959H-O?^esbEE6azC<uMULK_<>&~Cy;f1HX#V2c7q3!(4(-zpSKfAHHQg?y&{ufYV
zs%^bEOh<aJ|0d0LkKe#;AB8B^hDGtXb3UkXgLm;#-~QUaIj495na0upA4P)~=p?9(
z_a?T&B!n}<gkcZD+%Cg$_=qrEq0+QFDv=p;x1(f=zaQqlxe<{r-m+!XSr@APjrhFj
zOLUkmOkZA9Y+evS6R=GzL21-t;WO*rRYbCXqLNE~Ru(bW71*;JJm6&28yLoY&_2M!
zn=-H;u^;Ze{Dx4pH?A`TDlID!*~+T?_8}k~!kYyLItUogCzY=2H8}v5;0PMyhJ`Yk
zeThbC3C`TcdRMKnLH&6L%XCwV-YvxP<mn{o93yQE)rr9q|B#m${GHmpPx~WFQ_nMG
zW<P`hsco$<OKGrXOf2zE<622okA7AKFjcI7G0$q&T}7a27Y9M9F8$lo_+Yd1@LSu!
zO7SkOp<Ptj^m#SuHO>bG|2T|H#d$ERUZmw9k<iG^yhKtU&Xk&|R-ElmWzxcRJ^pxg
zg4^@ou3BXD3bE~;=>w)oV*)Yl_(b%RV0E+R43o?qKDw2MbB+iXTYLnHB1(N(X>8nr
z$c0SM(Yy&C$&~3Z-`3czGcx`+nOD*KKGneAO@Y4y@E>GH+YJ8<Dy~tKL*zj+axES8
zbpOeNEUG_nB(_|H&x16MNd%S{e#KX7I#>Cbe-1y#mSwNcSq6W;fn!EwWP?03@>vyA
zjluygMeSCWj|ZPHo#eP!6G47xpJSPH*HKVwBHwCRvL=~2002-)79ts)P9^+K`q0Z;
z-VMX)@cd$MxOWsi|C8N6HY<M-Tb0A7_@<bte^+-1mT=pyE@$|+PGr&VK(YSQyh-LE
znFe=Z`7W*ET}~Q9j_v{t|0V-`U1_X4l4e-iq3^ydx{yxLk#|@;Ui|~Ly*kOB6u(J|
zem%E*_0yacfg_1B41T=47%+C&$TUEwnq5&BN}G7sK>HOowTfJ0NC;<o7G4N&&c@{z
zls000OMOub!mn1UpCGSARm&};VL~`l6$3wOIMR{)q%~5rds~VfrBQW~@MOjbq?FXD
zr7y7lrQI5-I_i*Tf!nm4#x&+aZRD5}@+h_bD^R6Ydp3BZ4s}a!GC$00UlZL@eQJG{
z?q@1pULs<!7JLTh?CR%=xRgd6boo+d0Ioz44|t>I{g^}o4(x8d`6=h4na(>MZj7bt
zYS<R_s*a=7kG+jJrZTVH|5*0klY4Gf?e=N~I0B$4@+O%=Dbld3NwweChW7YB2Mla~
zB!grw2U^hb>%d*4z5k&XSS)InRn;yB>%OeKc=kFo>n}RY_BDI?0@tL}kj5E*rFFDu
zQN-aa-jQEcUn(X0Xmq$u#YdkXBIMuX$9kJO)ElG5l_lqgOx9gN!A#C?l=Ngta<yGe
zF4F)FRe%C*&X64a$p%K~J4QiBH%2{k`z6`RLnpmiSCw>7daFVDsn!-gp4f1^lXu^}
zM0cS+?yzP;t2O?PS&VAB6<APrIkl6;k*?*3vbH^aUyy6$>L<BqU-~&`bK@*HZclrL
zqM4y`tuYO~aDuVSQo{9;+%(I(f*!524y%A!DctoArvcK@W;Nkl%JqrwMJ^ofk^HmV
zNXsw0`wO-JPMd<tQ(u~JgNG<XxEwe=>cC*=?rh|7#hUi)i&f3*#C@FSKl<X#7I~DB
zl{q-DkT$Bq10Nv^`1*<`fV3F6h?J+U`i5W3?o%qnKX<Q<;S9yZqCfR3ao486Gh?yr
z=wrl0?N3ai&lgJp9ggqZo{roWKYAX;sy7KWCQk2*jsWk496~L;8u)8*PYYAN*Bn)W
z*ymWM;te5}#O!xz5(!H>OlagdX=-IEu(r84!qbY6vGfQ9SjP0if9)%1jcv%il=*~y
z@rKz=Ij;~09GC3t0aQ?Wk;OGgea1xbU4tfdL^ukxSGn_1GjxKFB><P+q1#XaD<g+4
zsfzFMIS<JZ6sybR?!b<I`NG4A;0nwv3(6!$%g*B59R!vTTToX^e`DNqX_*izj*Ox_
z8{6E?-ak6hIH(+DkEv(XB+?zkD)z3xjN+L#BeuS%kXjpW3L>dIHBV-2MS8!7D31Y^
zbJQJq^XcbvLztlWJ5-C9gW%9kqbZ=|;Q8wyl#18?|E?a|LYkapU}hC7-<(HYse&~B
z8Rk30_3J(ZZ0pf~R*`~VPVT9K{{Jxmd?uM%0emvs`FZ@-^J<l|T4bX7?M+L9yo31|
zSer?Q&De@QRsMGo(oJ(9&xPhkOHYeF$*<zlQs~<Nd(?*#$p3W|e9j^X8F0YSpT8T~
z<qQ5lh5^D6gHzn}g|{<vualVIST=Up3r6Et&i`Ga^z7a{00vLWn006b<yawBqlNEx
zLC@tv7vPOA7Z@}o+W%u(q~$#rcr1VS0NDN(h}BiUnukk^mhb~S2J&>&;N;+i;Ff{G
zRe6a20-LZK{b8XNP&T)T{9q#Z8U<01C3&xsm-InqtncAlP?ufC)$fmdfGvc%w|oD?
z9v`u`d29VhKDmSOi(ikv3_n3BYxPzo67+$A=P{pWPqY&*p6i91XHN{EJXAdLki8Ii
z+>yq$ti67n9pn~Myx<)BF+y_GcolcZ|KLGi*_p9gW)iAp-T}4W7GaI8;2o&_{U4C=
zF^*Wn@n9`R{{g~t+;&FKSOG`>`U$Y+!gx>UXCyY5b{P#B#|3uKC+?EQ`pXScAJi<o
zZiBcNFD6nZ>FclH54Vui^4uO2E@N@R;lsQCA(Kl`)7ad5o@=Q`52_9EIQSfx=Z)M=
z@lm+{nQY%p27e>Tm6PSki;s-FZw!Uk4L0kpmgwv9iPK;{;zFW!_}mo>0a>}DGw=o8
zsxB1wzQiWi^}R+W;H6E|G@8?haG4v%mjEFMh<N6f$<x#aw(mm|{)DPIIUSVzK0H8p
zoUgm3N>Z_M_0W-o3u|-pQ_>YYnQIvZMPST4fd@vO?e0E-y;0KUYtYsPT3m~^{H?H!
zp0DzhL9kjH__uYw+pnJKOs)mPwhSk&h^=^S$?;d=m2P2_KDcTx`6E}&vJ!6<FEYz|
zsm|K7Io)=5XBd4v6A{ca%~uueIx2dfd7IK#x&jMEC(^%zW@^dxovaY#0XS<vK4^%{
zk}&7o+E<A;w!rsJP?ZQxZ#6Zg$FGv(j+W<C*ol}X;Om1L1Iv*r^TNFUOhd=Aj><R$
zu)8AteH-lNnw<;xz--nCj_SrWt-{FI9vknfd|4jryEO^UsNZ2_W=44pm(uD#h|P$@
z>EL0+fGu_uWHqTSC&Y?U^UsH8zWq6sa1gWFB(NFS-&+b&Ga(cJH(H?pkqxH$QuSRg
zq!%RHmAOh+jpig+#Hq~Pyrxj{dpMryKInJ;tZRp`Rs0EmH)=s_xIOlyp3kGsnFnqw
zAm6k=|588)T@@#KJI-n#ptL-IEzZ?SZdAf{8-ou1LN{1;Hc`B0QlWv@;E|jNN+mOA
zeu0@v8a<M;W?rE&XUa6{%vF2#CTg&AUj>0eVpK*%o`^HM0_Q}p-ImLrC;qM|8*>XL
zUtOdzTYjvy_*aVXZv+=KP#WARLs8<b(a_I>5zf(a&WEI!4*8-by2?oP^!;jq+u!bX
zzi$Q#RC)Nwrvy--TI1EJ=`Af8mZ)3{XgH4pvNO<vO@_&UUJlA8ARfhdjQ|O4O5WIK
zaUCFL^{24;8@F1Z272(_<5eC?UHeLoH`OC_-Xg<g7w^=b#LI=%N(8e8w0-ZI*E6hI
zdL;A`O2Cnxy5_!>(Fp9vI&%`-EFY5EN_^w;A7Z9kg>;rY3!^3kWrQixr<iYY7mP_1
zFQm~OcM-hZ2eHUyQ|d+5aTakh2YNVW;l|zaML*Mz_NzhW!!IOX;#5{a_{TX5L8<zm
zwF(WizYTPwCW%?ziGU%t+b@VU6<)_Bj~%XqBo=**IWH=Oaf&)q%Q&w6`V8udo(3;D
z7gJ?+qUr@3ZU2HqCYYbKFR^;pG0y9yH$%evChjzolePC*y$p#;1UJ0$Mf>q?jdj1+
z7hbrZ;Qgy%q4Vzj3uf2oyc-+d`H1E)`S}>oRN@n;*Y({28GxAQ39Jcxlt{a#dUb#Z
z+@H@d8u_3FS|gQE-rJ5kIRmXUo;=*j=zX_wzW9z?-fp;J?UaEcHhohMsLRfxWWlJU
zwp@h%?-zYLlb}e40E?Mshp?5vxyV{+FYmXm-tVPt`FIsFbH_6`?7vVyLZ03GXB}qs
zII2Ci=zHKUM0t(h-`53i8447j5Hjfp$LT*p$eqQ${TL)S00M%HG#`Y@4%x9@#h3(t
z_o~YvCp`jld)X&8KCC4&G(qhtj-dumE(inpE1QAFN7e%V_+a<y%cv3}XSh&Azr;kc
zsmw_cYl&qF5PuGfzaBi0I~lBv2zLW<(@#WnYnUg2tSNKF=qT#$`PNcEndQ*Y<P%s(
zfxsDB%WUaHZywO#>~hRirJX-)SsH=<IB+yaUIoOj9vsiD!REII=IFc;WsK7){Z8lS
zf@nuD>GPk`H_xWT<4%n{@z0yBucX&>xx`zSf&V7CFwAewy)^;4jQ~p%i>O%Wony3}
zKx7{0pZQpct_N5fBw+b%jY1v;(QeR&=%7!usCzTT@%$jXnKtK&2o(Sto8c7cW7IuJ
zdv0zK(Kh*PWrrfrl}~(%Dcn~9jUZ#(JpYZF`!<3a-M`XPPEfZ_1F6idAyD@{5nh(E
z$|}LB@9VjV6t9EN22Z1!9BOI(!Bf{#w&;flmgUM$1@uvc=(%D0WfYElO=4JWqAz*8
zqY4P~iQ(}Jr-hpGPrRty`LGW=h9;5w1)34Z=)Ir!Lm_m%P<M{~JN+j%w#~zfpldk_
zV%`Dn+{70ioJ)kimBwGm7j)VM*bNOa^PQ!T+J3$1+GsNTc+apo{>9eji116omNsfX
zX}gN*W+gr&n8BI508O!Wnj`_>ukWv@JNcVFpt2L4APXnDM8LU;6^Qe|kunLpx?|4I
zG9>c8?`A?CE&^UuvtT8hpQp6Gz#uh6%Kc=P4v2T{l{oDMQ6ZS*JNi$}p>Z~Z0&5BB
z4&PEZ!47YDA(t5GuGq6kKD2gxcu03Itz;{Qn1O1Pe@;-AD)(AX>lNv3w<WnvkwDYa
z8|msZoNlrKp}IE;nXF0t82)WRsG`Z-fWMpH5i6-CDXwjWjoN>+7nxh@3y_2lv!g~L
zya<-4D0lQB337nynJ2syRczsYQ1`Qm$_)M6zlz{}f3h8X@iwm~!8>id{^|fHVCX~L
z*NJBv=Y|&W+^R1nM2S#aiSmA#f*0O-bUT~u7;%9-#fTYFDaN!jt;-R~)^MeY(P8?w
z=iXe@nKc}l&y~aMXl`LK`pQXA0?E!T>B6nHCuPiNwfiul%MNFdeVDYIU(x{M9C0?m
zco`I{C7im3R(jri<EhT<!k*KR1A_W0*1Nh0ynJ^B6%|Q)LdK!<`<5~)f@w(9#o#f9
z4GQ{Jp!*nz=kCJG(Mo<x9PSt^#6ZpHcxw|;M&`02skwP()8sz1Kn7Zr($OQpu3W>N
z^f!r{sP627>ViU?C58P=XqUO&71X`?m30jj@v<FtSRMEahXK|{R&hBi-&$r~$Vz{G
z8_C2lbh;@&x6EO_eGPLI-jpcZ@WB0NWo%Ea)$hK=C?~E`chYk_%NWV_mMEv$%&v0F
z8b|~@DFclSMtfacxP7eY9Y<G^&kkh#nZ`=QJkSlB>wDLTy{FNJ-a-D%KB?DPMrc9G
zGRwXl)CT$sCpIG|(%Q47B|;07>0DW>+_|TqxRh!A7f&<L+q!-vFK<0Jkn<Glj~gi#
z=4>wu$>A-SJ`E1wER-u?XA15%SvNI=<D}r8z6mg~<N0Q?an*x?d7D=dy7jU`KfBc0
zxD3(&ccOIAyH1VZ?P0AW*<|I2VC<OvHG73!-KlMkq+SEI(4OANVmTB2s4O^B$-~D!
zWC&>bq~`0iO9x$6RRIdzi<1!n*>Luwd&Q?rTI^@UE1qy96L(FSI5`oMYA@XB)Xz8e
z2fcSDVJ=VrQ)qvm*-Z&M<DjrYTMh#!;gR(IE;Ix$;ob!jEZa+x-o<QI@6!BVVEQR>
z0Wq!|$l+n)Y&*#s^<TpWXNLk5J#4a%KwL!>6a)QH%#FoGPDA2xjTH+*Ea7nyMOFmZ
z{;KR6=iCXsQ#HM&T=#FogE>U3gx|hxm!yLReWG?tMH9gDA<#RZ()OaqGy)$l5{s*b
zbqjxJp-Rsb_i(B~3;F0OA|c_&3df4<n(^~YX;v=48Nt$j6JNZbWEoZ$F=<Y%nE5!{
z(C5LiaX259%Qi_8gtdY;Gy<NSnR1JR0p^6%taBY~J9HL*rgt1VT8>^>S=r?-&Fb1%
zPTIjPdx{Xso!XuzWfdI0^&lgFoe~6H!m~uJ1mct_#O@GHX>Y^VVS}9xfsUmn9oxgo
z*hcDyp69or=qCpc8x=w4{~_(Hg5vtZARmGUcL*Nb-Q6K*Ab4<hcMI+|xVyVM1RWUM
z-QC@7=f7K9wfnmJdY^99m2=M5-M{V=km<ZZ!#N4o;^<)4$j7>W+>=8$c$ggb$!GDC
z)+V4@?(i2Op&rP<nD^9(7w>j8vg1}EUdXHyQv7jtY#7@@ox*Y2X!_+3bH;<1^4s})
zzf#}j;be*dgiRhsU|4$DPdzNvoh%QZEd@un&n1N;dDa9!S{zxsGgt&!S$?rTzQ}=#
zt7C#O<EeAedd?0-{JYrv;AC|p&q;ekisPTMc{*5Xq(YG*I_n86!n%(_fWjkcnO+WZ
zUgeJh48!RVa*EUe!|k!`QigKnfu+TMG`dT?h=SG0+_3lK6Z6PWszHO#5BA^nYparO
z0nuFyx@qfJ_nkx+=F#{tErG#Z6dUP_D3n7<2(o24HeO)&t+>P5UF-vJ7n~grd6jGo
zO{qaBj(49pBMip~Wo1b?_tO8(*Z&jsmcyy<<}Qj6ZePP(vHs?&RbwF7YugoO4iP}8
zsqbZ_YZp|12A$AOy^26O;*ok@PrmIQ*gPA-nOxy4VpOO@F8;LTi|%4^c$&HQJ6V-9
zr0`PmfkrO<x-ZJT2~?ZY?w9d?vU?uT_Fgc(vMG_|$F#b!zKB<rMv?jNcfM#?2si&q
zP72j)mQU)?^`VUwG_1DD{pdF<^ftCv<zK?+_j>~|(jaPaH3trW%u1GYJNId?qE)OB
zgpFWSkZ4tYYDRugLabadSZe;uH`2@Xh(y*lE`~93UE+ou5M0@cYcTPEl{{y!{5yn{
zJieaE)Nm2C^LZA2X$DpT;4Cot!CHW<+f$8m#)BrkZOoV%WQYbY!AwQGOr8M#rbWE;
z0PYX>fsJi~0$S5t1OKvJy#S6+^-S2~Cn3_{xi+DYVjuQj9x_AeiAW1jG<6YS%2bT9
zMIbc)Ba@etIXcc5fR(%9-7WSqidKQ#)lQ)=q9Zhpj`LRw7WX)ODk>R=pz~4dR|gOB
z5*cq}0V4cOq9Rx#aSID*-z6vPe!ge@>$eT}i{@_Jm0sA)nX<haJGr49Br2B1E+!bH
z@V-U6kD!sxkF#<y4cQw<AxJ+RRg5$3=lqasyX7Ga_wz{cR=%b3{Vg$>!|N@iF6PLF
z!y|p1IR_;+&hlP*YW*)-lP|;>b68;6Agpk9`3P%2oa=%pEXDRbkaSu%?7>ydg3a-#
zeH=1tdc$a%fVROw2L85eXve-dvfyfVlzR6Pq?wsjBfPVSS{eQB&nRnAMzi@HIj7@2
z>?*$KU2<j+i&7jrZ^S9kRlKPUx?8t9rGbo&UfU0SlcHFE`*jr!;~?^Sy>BY8;oMFy
zJ7{&NQNnNHUx_oq{uv{x9s@yWd>urq&mSqo9Yn_&S)uI)8?&o^6xeyezdGcw8Qnrb
zk6hWiaxvsm$r(-iCcGPGJKu}}duOH{x;k~Sz0G*%o)XHN{;ih<S+yo#{H%=77tUmQ
zvvMvZ7bhU7^N??4<OcC<6+!(76)3ygcCn;+O|UCc(E6+4{GD|lP{}?%sKA-gWmnoi
zYIf`zsXwCkBu%?71$Ys=$aD;VP7?b~?tX6HyI=Ux%viro)mf2eT902nslV18mn3L_
z2cpQVr|gVOKjWe2s_1VQ<CJ`Alg>XbNEBG7oTINrc+B!|LnTP!U%KCmh(|aqe~o?7
z)872|Wi6^jXep+}HOI)_=HQI)i-4BL?%*Qlc7|%G17(HA`bPWKzi7V`JnEZK%d3eN
z*eksA19JFZsVRiCmiX6w=@?6L+V9>{=<PGQk#v?LMP-+!7?{^i6yfg=g#<8Rj+K;Y
z7H!juS>k*CEu2R8$!ya6so_NA&Io?o0jDyop_1<U)9GZ^bR)q<JXFxC+zHxIC3g6K
z6@``~Q73*&I+%9f#rT53I7}w^M2+vA^`72WyT9oFcwnygccBT_|5nlp#VMP7Y$?v2
zSfVOQ{N-z@Dc|+xP6El-EfA*IoZasdn7?&-66WT|8||_RxY}taPe*}GI|`~VF~v3j
z9{;)fW)CDl&&88%(bw1Zv*t+;XIjQlWLk}}jfa3ku$L&0Lt4?XdH;+JwM6fLwo0&1
zZ&#xu3VN$-DC`p+h~#E@G9BgNe^LFB5BW#m#3pcW&9bxc0=N6~<O^~Mc7;P0Ks|z%
zblO_MzyxW6l_Y1okb<G-s|>*>NX4O#rNd7<bCMBQa)%cwxK^#EE$42{lN$0`eI6r)
zHwGzPssPA6oMxim%!!%lWL=7nt918dr-D$sIw+KYOSK+b_kH1SvlCF8N%nHN0^;yZ
z>hB)Rx_=btkfZNk#ge>p0ld;Q!g+iegrI%WTn~mPG`zS23rnCD=w+>08*<UXG>kZJ
zMwHl|7KF|C;mUQ-??ukmU|U5HSv@b_c1+u7v%zgI;-AL_?3X<Az2t<<^(p*KKp2sM
z_K!D#x~Ggljf~WYmhR=)aGgGT-Y)6rgg`G9Zt&CJh1v}jvj{=jU;vuR+ONH6Xd7Zv
z{ZiCjB)k-2CD<l<Xsr1DGOpz<kC(ouR?r<$u={OrUz5{`#}Uj5*n!LB6%6*6tPZ9z
zlQ<l;oaTJc<Q@=0Ncmt2%>F~cwM$=-TliH??sQ^#af72JcV>>@BlA~5GyFobX>ERj
zc{vxiBwJb<GwQGa7ZVO&rXD9k|K<DlF5+hh2-^p9c9!{_BvBg^hU$#OzdPmMz28lK
zWM)-5#0~Tt?W|s%cEeHX<n(*OsNWYG9=y5F!Z$`<4af)bF{c*wP7kdyuNLe!6c#kI
za{Yps{AKIFT*|@0*%!h3^AENZ)qTY(@mJos*aaegna5yvH(Qj>&pziuti)1QJpZkM
z)1*uWu4y!(rV}{P4#prX7k2X(?W_70(SP!EQ{_}9Q666x1zV6moP|LUkz7R^11@D<
zNX|3$AaWt<1oe^CQG^l9U*-qm6Hziqz0KJZj;m$XYkc(>YD6aX`piwn%nbnjvA>u@
zHx<WW<FZyuW;ezVDj-Ue^fJeE4L2VhflR`nFeQ_N1Iq+ELYbg0tkJ1VnyfvXNyPw)
zz#^wJCuwrD`a=8sblzh^kc#4=g@r}0h9$Duepm+TkzuT-g*E~;a-SGy9A^ZxbxSRi
zlZT0**~j31^wHKOG!qK!eS)Z%=dKDGbq>X==*22X7y4I+rzZYq%5u}$a~rN@S%M>H
zWVTJEk{P`UGT$_rqF37rYiS}$OC!2qy`8`7mO`IQb-@W+%3sEI=5jHTcVopq`U*S+
z&IR)y$J({}gr?C^Lu2sp8eQ8#q$Di4sdYX&lHL9in?#b^?b=gCMkH#)!{Sf>)VC9B
zQFY(-gn1#mDwRQ1SWXBC90qpe+s!QpunSgF8BLg8B#8=eY`#i!YcUU^235<zd@;V|
z4AC}G0fMwe>Xto&HYV1s4R$(+zz(VH*Cy~;t!j$|Ut2Q;YgK>HH)(YQnO@}~Y&e^8
zI^jrkC{SyfePt6`df5?fZvpi*AqiDXStV5#RwJ!%avXbg0<(8;;#>5++(6xqa0ZLX
zCW3<!U2|eTNe%qSABMAi9BTsYV!;XXz1E0t&SKkAi$-UC_g5VcVnMf^@JST+><bG<
zzc1mUq7XzhS`O{OJPu}T_F5(ei^uUf88n$+e><Xtvdz{X=EQ=}-ltbYmS+EP+B;HK
z_(z(#^dit5LmtmIlK<2N*vrDA)6}7XF2uXw@fzYh2VKo`V#dfSWc=^UD2vD457LPB
z`5s)@eH|H0V<M%38&#}>n~w*sb1CsyC5yZtimaOxW9xB1+3ocSb%q4$j#{=(>To<M
zs&)^bLn<Cu*;mK`UOitLbP?i5;lnWA^HxSl+ULPsvEXTm4+VRrCC4uzUb6-v?Sa<N
zR0{k0t95ep?{B<o9#%qQ8LPl671{iF2t&!u1^4a2kzsBRB8q*Nr>KUa3eS*TQ{F|B
zh7PipRsvPCTapiL9@iLsbuYGk0%X>uHNkvB-Hvitpfgz{M^Qp9B(vv(LZ$~}YccFY
z)_5-=8^+YiYWPGenk*4v3=q8Qkh&x?#C>K>J&tN2=8K)kOe@|?$%|)O4y1vWHs24H
zDj729jefT$Y5RhYu42#Fg8I0zg3}@&CQ%q`p!$<QOqPnq>!)qnJS4*5ec$$;Xy!g*
zMS9F(xuA{xWKfLz^MuHMN`7a@2l)j7ZuBZKzCTwEZg6iu-&QxuBgx^oMXHw(llL3Q
znR}Y0`{A9X(#IJyJ98SVt39N`eJ^(ykFb(kfVW{faMkF~B%BMKw6jwGR<^2c_;cVY
z3G*DnrsDy3Yk|;+LbCL5>)hY6b?xos5qNh)Ln``p03sC*J^%+s1_1+xDOvGdV=DaH
zvh1Fmsx4usxQ?K`4GKDJvWV>SNnU)tvHld<?7>w7bYO3TVvOXU+`s{47zkNM88IcN
z=7xh!)68+&-hetnme+ROBaCyYf>*zW1fU~dytzglzr$PeP#3f-{bEQczRS(T%j{BC
zVt7qyikk04BZ|{K0=hPQHvLb69;!eE2(xxsE{g5`;9Yy*nXSD;lNo`9gViJ){8|jT
zZA4<-`i&Lc^5pLcVc*@{=2SNqx4W>bA1pOPRN4xL6S=ObE-qYABxrT|*?oPqP~3c5
z8@~uK9WdcU5`4@q$1h_;tB;W{g>mRVwo#V>kj(^>5}KM63Zok&24!cloZXD>mc8yz
zO24dPjJJ=L{|voR(rd93#jdl#u~|&2ow-qI7ax8q*Bt%GG0{lpGT6QsxL#^is7%2b
zl>DuiPP@(rYE9_Q?c%=TcIHJ$cn#VPvGO#OGxPgB>{te~a&sNQ%ie&8A6q<)EO$Lv
z-EcJBixWE*)?W`BVzfMD^yE28^P7WxYkL)TyIAJ>%DL9mFCmP%Cl1O4LvolWUTQcq
zvQ~js^K0i)oi#e5eM?_M!tV7IVW4X6MjIdevh|`%S0A&V0+Ta>Q=Uf}X;UpC<jQLS
zj*YtiL!I^ducZ#n-H}z;E%_HDeDoq#^cq4LkJc(LI5k1ukawk6Q-Bu&=y5m^3Nv}J
z54ilTfr!ArSwsOQ%i`;7Pa*d2t$6q>`x|SB74T4L<BZYW$ycZ_Wv)Pp(sCyj4)5`T
zTyP6&I4J1aT>-Bi;J7^`lf+;%pLyI#U}GO9I59YlY&UTp&IcSI$#Y8mac0<H?50t7
zNRYg_K<q^2IwV%Ww;MeV>u?E4=J1+p4knL@(ZUaJ>{+kzFzBA+b^2)G@VD&z{lW6U
zDp)vKAAxpe5o-l2zI{RC;2swGBXEZCgZSteY+q~c*TFEF*Ui5vr}eJaN4#jSBE}Zv
z*Sc^hsIDhcl#kiREfx&AI-PQW-nro<n%yqmPc~dUz8y|p4j9vLzc|&Qfg^h^&E4Jf
z;>F>aZ<3y%9-6)#EZwgh%&S8ibhfOi5{yt8;aO5J#5}SNG(rrps}zX&&f8x&rhG<v
zTw27&?@LJ>PV>wyU9x>*9$h4qHBg<f%pI>2A%^&k#(AP1g@UI97noWc6;qYwNWP!E
z8^~a`C0?R5&WoX`s3j9EqQHCdvc@Whj~;D8t_75FtdA(SC+A7=S4_T?y*h~nPHU*g
zx`eW#i37dQtOW%(;(~Suv7~>J(fk~jD&mI5(odh3CLEsRFzLTR$hjP(Mvn{VvpiEA
z1(rEIyZh~0fXNH`0;9K0Ex#Z89$83;`I4d&@FZ&Y+c4-Km!8qzT7|H%@06p-nNMZD
zvy~o_jd%=K+6tQ*w5>4HX0%`|Z_IVFo@9vxwXgV5;xs!iNoiK|WPK>1594%8i_-`_
z#v&QSRrOv+iB<~5#Uy!6=7|oI-8+VukY|mGeREM))FCwMA(W*VXzwbs#Lm?H6Wp9f
z#4VqNbb%UHv`NU$uO0eM{VMop#9G<?obAL*=#$b6dl&V!GBxG_Q;68~)0#Ikk26WD
z!B6ky;tP7&<ez1X-Vao8R`f2kemT?vdP&g->sRw#rz1fg;c&J;Mwy338<TvMGDXsY
z{$jjbW`1?d)JF`CYJPHG<_{5t;!3?LemJiaJ2Okt;&^kxjuU1X7micIzoZb-hJ>%~
z4B;j@aRO3jJx+7WL?^e!zgV6=?6D!W(Yj^j24mPfEMtK@2ixBG#9*hgj?7`a3?3_<
zvAABSc?Y_)F~yd<GO{b-q#<)lpSDoezva0f_oGzHu}MJT4qrW56I4g!-wp2*iL;r;
zTd*gdtJCzAd~&ZO@F}@nLOgowGrU6|+%h`9<8cX1o~cS>ZGiP#!_KgHi9H*>FeT<a
zW)@OX)R9N$BsQc8`)1gQyI=0>UHo_f7F_p5^R?u7jht-22pgFY-#v{gqjp_~-o_T|
z2a&uLYp(##E$LMu;3carg`=&}DnDLjY{S?iSElH<d(QwLk2oXgX-Wfn{+}Q#`><V_
zs#bJhsaU+;gKM~riBgCr*j2t8O{FwC8SCTp1#8~LvY~+|(Ah--X+t|FsH+T`d(6?P
z^bmbT>^m?jaa~TdC)j6iS3j6zZn2z@W=USp{%OqP9@0OSlgeN;53!K>J=_Vp)~M%A
zxNY=?&R}E&c)CeE_$yg^gth6~E6&GKR$ESvX+WKClC*C=*{JI4WCVC41hT7LFG`eu
zdBi-I8(J<OV8>LNgnsjldPoGh5>XuU^pDIws2mzd>HU@>zC)TNED?-}XI8DRjFw`Z
z`mKtBk3KbM6+^q)koR&{YS-2r&@Qt#P+b=AE^%`w06c|R34;%RhF|&T0CJ`5`RZ|3
zA>Vj<-WZCRoJESiqUnnzqX7f-<nT$210{H1Jw;&<%W4K2;ZzC5`JdI(W=b=K@SL9r
zb5eQDC>#qB@_sPp%9KX~9fUUBy;(lihjvH(aC0kvz!@)8i+mM=1*8)>{ROie1Gu^8
zIhGMf^p%uC#{x_qNJV9|(4mub1xNoT)bFvG$y>sb;}?LiOZva`mnE%uTci@owz7+Y
zlHZ0jn|~^rk;?Yy+PXenf8-5Uln!1=spl!&{CxkB!I=@?2nao%CtZZD2mCOJ$jq06
z$SV9vb{;ob>2}QUKIfYfifzXUg+4;%sJEtDroER!6z2p`5R~mGqPMw>AOLh1Bb&bQ
zRZBrFoXZ-#8GGbojF6w3O&w$71Tfj+{f&Lh9P}A&uKP1Fc1axIL{9S9)f|3fAHr}i
ztu2AwHcoOQ`>c#|e>teRC17N<HKOT$`H<)Sw0pkfLW@J>JF(=zydI}V@}7TRCOjdl
z`6J;@gkzP|589B4UiUt-ec}a5xnzcBR>lL}eXqeG>8B1(ShaCM#~+O4CiZ$m66Ev=
zEn5tF@W2sbBH5Ddc@eh3{uBKH0=}MBmgHr@`loT+ESM3sFHv#09W#lt^S<u|q0Sd*
z3so-kq&`!=%x!{}Cc#;zm)j&pa)VlZ@!<ZtVjG71APns2Q64x55Zqe`pbg9!Tqvwg
zHWELHYbTGbN1#l!lH}_K13B6l+vDz(TMCmnK|IBTa~x1kp3TaZvB<Z*VP@Tjdj(3%
z_Ng^&VBal{g#<_H-J2Ewi_&mj2p@&jSHf@TX3p$bDqg~w%y0fA3@u-KUW(sO#5cR-
zf{^Fq=VlhtCJ*sWC#v}KbIUNpu>>)_n#d_WPsy>=shB)650g!j!w(k_ZrrMqa>_9I
zanRVXS(RNOB8}_~?NxiD>K#qXojCG%iZpM$eBc~u=v~_!Q#-c6s9C(&E#3-uoLKIC
zRU(B&WAnE{mBwy#Vk&v^<>xe?uxbu`R3EFC-!D6`@{eHsSTJ7pj?n_jP*zz|b``)&
z(ew06^Eu%Z>^#dN>8~w@*_?<Jwer9vvH4Ucm%_#sTuBNsTQGG%oJwZ;>G({3m;=X)
z+-7zmO{Gf9Cg#A)y7Vbmiqw7**t^~6{NV>PAo9%vRf=k&oWgxP0C^J-)1Yh{UHU~1
z@AuR`Y0Meduu&fjw}v(gOnPnr+k|JE1jW4!2`cQH8}z<YV~b%6h@qYG_sGwbg!3NU
zcM4L^q##<2>q`ol*~<VZ8gw}`FWE#)weJ(*$e)%|L=5JKC!Da5h7P2!%Ek!-q^v}^
z&ijkb`-A*UBK0OppADq#s-BdMb=R=-mH&~8F?VP`pa8d2Qd>PdN56vu6G2RW$hY2>
zp`=LgX_1J1G4h_)<I-}^5L#2W;M}XS*;;>kkmN(Ll<9><JHK3#{23poq^>BHWP!}F
z7FBDonV#QF+kz`iU~TRSb5tJ*`9+oC$MU2Xbfk(V^6^{%C6(*E9tGI3g!Fi_LnVMX
zughk80!JDjN`7J6+{+A!8L@#zOX(!iKLf#c;Hm0~t-W_mRjT<Puf-Rshv7u$Tm4;`
zZPPHVKU%$^l0+ztY<vBm@?>r8Kc8%Q$+nt3bB|spsE4#MACIW0Y0u@_*gbVb4tt<9
z3_wXbt0mh~WS;YoYZ&8v#3*sl9G#67jh(EAF9JF4h%PZH=Sg#K4rX*Bqi-k?6YR=K
zX0!9BSMISw?g*``cU#<xpR3iLI?26E&d7P75WaHHkvQ`6nlckBQKPm9tFA;ya$H@d
z^)1fXqa%sU8$&ar3xZ~n_Wz_rJK#MbZ9Jlv+WpPxAnXfVe@>fFBxrP;K?<`uhgIR7
zRfyj>!aXjU`8XDlC$JU6SP5x2Qc7WN!Vwc#JDUvR*6?72`vfVj^#`oYonrVlG3-R`
zbEaa8r>Y%{iFGsvR8)5Vk#jC2<liH;e&>ZP)3}Y?m(`_t-Gmm=eROFS=~>cWkmvcZ
zUjNh`p3#)SvI+DV;B*eV+TzLXk;d}FmsY~^C~F}ie4Ap7;-v5W6oM~`HEl$GP`WgK
zR)HV1gSO$~9U$!Dg%a-iUev05pB7pH8A2IUE=B!j(3aT6MaDiQ@s56`2g1;1$c>Kd
zKIW2>8)q(dqYDCcOgQI*2}LoZ|NfUjhn)x8Og9~l?VcZrH#b6Sp!r&CCt&*M`!+NJ
zjOTM&^~w_!@=rCoJ=B|jjS;DE5P-CLSNSTz+PCCG^3s;E8a2BUu<{hbff9Xi53|NX
z0Ul0-d}JO;6WOTIip$-Et0a+7?wjw)nwDv`eJ9=Gcn*I91!K&sI2v_j)tz70UBzj3
z4_BK$GTeZA9kbR5uAd9Y{KxtbOw!WX`^S6Hu>mb6p7GIzQ>*J}eAxuBLO9y&!zZcy
zAvy_C8RxWyvr&q~_(t4RBEq(0I@FP&lzaw*?Q7Om!%glAcl3+<HO1=B^o26cBrm9%
zjd%^kWcOKzCd4s?Dc%6Rn-MdLj5=?QRXfsHZyagOc_jCz72Pld(zdeF{=CB>{F5X-
zewpX5RenVik>R<N4Mz$fRTsACBk>u8#0_^{<YQtQy&3aE@~lKMUUZ#d9va0HfS8q@
z1(xJv)PPEZ*B6id69))OCRw)8#l1MOn=pFiYFC9-?{X32scM=oJd-(VVKRjoS5mCG
z@r@EGQqr+mk^<oo(@HVWtTC!b(@W#SFez(OqKY6wA#zo;a&{tx4`aRgjglZN9ov#q
zz>eIiru!*L>#D}INb0}!4FFWm!>aOR`kPkTjXJ137xKe~XJaq7Yjm=5QHT}B#wYXR
zvy;FOp=kc;X}azz-fTW`UVql802O}+UKWp!VYT`!alhh{UN4$r*M&zM*<_Ys#?o`f
zxdQyce8T_PP#iv{HYD?&?y5r3$%W^%kuAn3@8?2c`<KD7Tfi_<T5wClSR;WJ9@?pB
zDgB4Jz3F=JdJKIGZwW>x-{+Sy-J}n*`X$N9#zM-+w0M_aDaLH{1>>ds%}}=!^p$h7
z>Se<5^aRcV<$*L^^*;=@_J3=AP};5~yUi@;X!~IE%5&0i{CKgmWtOPGbXii$Hle}?
z<B5)7NrEGb+i%47I)eMTg+}kO?<+(Cd@ud0%S1A15+SO%Fp+3=dG5yEumr=qQOVs}
zzLE^9`a4Spp6D%^jiPeLt1#<nTzx>ik>~x^az)Gwyk%_s3CtfU{uS{eprCpvCr)qP
zsxSQ*0rQ~0onpi5z28QH=Ud%=dmXs-1?F6syqNysp#FAU<+HVK9O=|n6mdJ^#N*j~
z+aJlc6EB-pjIG+cI{kguvq{w2%C40ew`iD2Ra|(%%+3G?2j)oSP}bpni}UKidFZdg
z2Q>vm>I@Y+VV{6KV+Agw0&?mK8|H_u0`7O>s7}@gO--x=#0be0PQluyCP^&?8e4q)
zg6>7;S}ay~xf26-U{W0DRI*VF-DM-16(#urx?>lvW~8H^9QE-MH|mh41<B+k+{a^d
z%KS{8X>gcPB+4S1dYDE;JdUsUF;=`MRoGexFes>>vCsJ}T;)(&PcEKH2eyrr0_+6y
z4BpLs>s%f}Z%94-*DLp=<ac9R>`HnO7I`I%cZ+3`WXQWpB#RGN#N=MlCcC#LdI1I-
z{*Gl1s+&|$F&jTyTLtT2UuOwNsC((u-TFyZfLv6Q{S#vZ5?D#YlV!r26TP?u#6h-l
zEssheo(%o&E9S5EiUUp8YLiPefO(WQ9Z7Vw{lkdq$`btZ_Uf2swV&$^J;thr!iQgm
zbhC|!!!By@2&&X1UL~H4mXlS6<K=e|&+12P8P7>6XAn&0e3)hKs80l|n_%m2>6CPp
z{7K>StW{9aQx7yONeu%8Sh~%)d7E#3yX<8#iT$k+5i;<dIO>C!_LN~*fo>zIPU32B
zdXz|QDR>!ajSOt^l-6@D<-?YfC84tThXSjDc5v{Qj9z;f=pwfIBjkasUtISWvyHy?
zN=1vOpC-xd2pQoV0}ClOe>LIK_iYHGBcQ_%6qK<s2H=sc!IPynpuVOeRJ`JmcYnIr
zhesi0;u!Q%5lD6Kg;C?v`Ht93FuK=z{cq`F`)Ib8_|Oq_6!4u{<PLuyfs2dp>GtR+
zzFgRYKb?%$Dk@jh33|ktVL#u$5MXHe2ZFPkvQWQT%LN#pef<~=)g!b`wRb0(0)f4w
zZxpl7r_53y1&$*XFhC}@HQ_A~j+hD*r}E{K!OT8;w(*rewx&)yENg508=Z%-`?E+W
zg3MWJsIT$7WzWr;%W-qt@`x1D6v=RrF@-men0ZsEXy%1a-&H5H;?DDfs{^w}Z!;ri
z4YG(rHB*DLH>$U>v>rkgaY~+5R;9NNxxgsE9wjhkZRc3Ngg?jF6!g!vHA|t5pF&Td
zso5=-8qo$Ptlvx7fe<p9TZZGd;Kx48^H+~#Dab&z+{kE8#|ApWTR>aaykh?<GdI<x
zV5mqPDemS%tba)qL=~F+jj8@I>Br@m{{4&mJKDhVRpe}YJe)*+yon$;3pT_B^01kH
zBJeuJzWC)?2Xb4sUR4bJacr#G9DmO;RiHtB-#Wos2xQ<DU_)P<3SNk$QfI?^e0_u(
z@7*|u6%417Ae^@61=1!FW$liF;l2-Rpm(dH#E8P*a{`d{bV0ZmhaoMtN71I}-R3a0
zi%*(Fa8D1>T~i~An(_Hem)`@vNYULR<SAYd<Ys5S{#()@hiWfNs%SZQP*zMOTx3HZ
z@ls|E^X#z__bSE0I;rzF<_Z-l&To|L5?BlIyzCR+TmetJ)|bFI$K7d~>yvdOP4eHw
zn;aVPycUsZSsdN%P9zG1(p2#ce=8c0Hrnc9zhw(H=Co8_7Tqv)w!`LoRHfe2n`}B$
z_Ga;Nf9v1vQ;OFKu<+3`+KA&c$2tjq1-cFS+nBL%fMAXAtW(yQzkFCHkio`5eje1?
zfk3B9BClTVhF>LJki<5FP{;6zqQ8M~4t4{i%-lrcO2{@k!t3KO2LJ^0>GMg%(Y;wF
zP5B=u()l21<c&hP>a)d1yNggTfg_9r&qwzq)aQQvU2MzH0zz@<kD}WsHUjC5tgy<x
zFBcAi)046tio$us9Aw#5Lvwytb8totS-1Y@UI|W_uLb^2xJe>StPhs(>sw-bLe6g?
zt`5GHw&jWviP4Vy0H5_aS<9T<==mZXr_RAVCMt$q3k*fM%aFb^L%{L(-^suGV+LN=
zS7Aw}HVJdq1X1PLS+rMn5@tL4(v5CSk_93;bu_es)er8(QSS@XA_@uLI-=h9Plp}k
z)NgyMAoXQ<_K!DjtSm@>EYHQ`xIFyZbJwWd9JNeeift-2e!rQ!HeC_1w$fA0p|Bar
zJb&I=__%ts&;9TsizBbAuKo6?a8&rx&|QjtN<`>S-Q1#*OE(G3kM5zfC0>RYB=5cv
zq;BE`*OC0U3KNZxo*kvSIZBeFkl+jP!??ws2U+QE!m0Cm)BM)`o;JR`Tv|=~<h)DM
zc|A_b-{6h%{rIm+gyq#-ggB;C@|tu_+tICf=XEcb1VS$s`_OCY;ms>EqEcfUWaEJ)
zDs6x9%#Nl9R$Mux*qAF-NSd=I29IxxPP&+H6tb!i0a6N9Z0sH$<^nf+C6l74+z82!
zC^iBqk;D2_#xuQ?AI@J}kfQqrE=1fj_AJF=^_=tBRK@*09$2cbB8m6A*vJ_MRgv7?
z<_-8ikBRObrQKk%rMj1*Ihf@8qHKHZom&ReciT?PZ28<WO)^a>(D(3~9A)VD-qk7S
zcdL-7YVU5lPIOeV#Qt25OgKsJSa+nmK-+V^Jk5-|e};lb+g|9N;wnUK3?eh`M}Guq
zEx%u#FR)$Rx%|tU^X6~3VaEP+Cy3-C=>7YoFZP#WZ(ZC2@#&^3{l5F|Ue~*w4-3nB
zwS@R`$Z;ZnHMqTuq@C)RU(Lr0j?1qTb{$f{;F9_hMEkEl=Tc1V7c_dGfWx8o>XqQ@
zk@Zi!V&~X_mQdEI<#m_@L&&S%80SW#t<+5>f=FWAh%%i(=5m$4+phje(9M~{qK>u{
zoY}*YD!$N0dTiO6E~s37^*FjQ*kO@Y!4^7!b#c8{*T)X28v;;j6RtDC=EglR$~7t>
zP5rmTXQHMG@a21pOXWI9XX=3SFX}<9s|FiXURUE_Tmw@RCMTy_>Us^~hQ6Lp8wGr%
zh1)Y?y2^`qo*zCFeYYK|<Xx<I4z&>W{NHH-va2;WsW`74{s&4N5{4dh4=L6;qYqhg
zU;%nxt%2QlK`_qzadxQWF+z>WTOeCC97Sj&IM%JCcXb)!;s(>!faa_w313nF=`W{-
zyAyHiaz=$iyoBg$-z(qM&4KZQi2yG!xUYYMD7O2JO!tomlo=~sp00^Oken8X7XSJ!
z0@A#=EBb6JxCjM#&}Ns{&@;!r)7eFD?cqbgyX%=9yQ?eE^AT9x;GyxcFUWtl@2ion
zK{h;zWz)505Bd5idvZtu-wi%oq6ze}Jh1=|UUqq;;ansj!p%v~59}R@W+Kb4@4J7`
z#cAeH#a~DQGIf+g)diPDG-H1}d&9R6K$qi~cQ-w7cjwCEB+mWNk`7v`WDkT=+E~8(
zHY;>LFSwMh{V#h!b!-lRQP9-5ZxzzqOV)tFJ#_AHH|CM3%CQ5xvWRk%uMEgUX{M-n
zjL%9Ab*>hSfVQ(MVLYFT$H>ae_vCLjW^2wI@$XbWvuWP%k2X`1&gzoN;(yZo0p<ea
zC1w`;HF7C0C70-FQpE;v-pxWw{`a-hVWr4B?!nh=JDcxT>xE#o+)Lz!vLO?Xh6tFg
zp$|hTyUQDq(VNWXJAP1F=1FXnk;Qs&aj}Iay+ufM@<3MaF;J8pbM0Yyzx5liU$(*`
zUBqMxaF$WfT!Sgx#UbjW%sokK-)rlFsybC<rur;KMj^ATZRWasmj9mq`=>4nYlr?x
z4@POl4o*fH_$<J6neb>m`a)2$DDK?Hx_<X{9qYUSeX${{eX`QzsNaIu22n#94%H%?
z>-q}N7Z3yQFV6xJ3XlRT+O*0_a>uCrqPun9t)@adlSSV<GY;qYiYmonZwA&V?{(hO
z!#!-4tF_Lz_4y4ZZaHTZvMoz(4ABrvPts{Jxvgq29E&+}4(BPJrH%{nim|Z~zmpSH
zYHuK!<_3(%0S^(*q>&MDp}v3LbFfbwpTS(<r>bx)pVf%rIJG-Cdm9C3o?Yc|_&rpG
z{@joK3<3mgv^w+sfayj|Kvv8LR*gb<G{M{sN2J}Qb;_^j$|g$?va9^1%x)lOSxQU|
z4%3Z9ojIhqN3LD@`CP`fdT5EDlKi+_ZOmTNLkO`^ZJy{OSx+3)9)FSIW;0Sjib-8k
z&;&m|pznX<OU;5!h2o{Qj>tqsxAy#D+jxH63Ai0HQ{N5&qp?~-)$$Kk@liL)<O)^B
zIgX;Y%$|)IJoR<d8pYUF%IESnsKf;{Yoi?zRPxGXx?&7Bwb`!cvz@MvZwSuLte30C
zm`oh`H8ixT1x8P~_nN+!lUfI23CYfX-)qov+VW7OvZ8<bpceJ){u26RR(h(gH1PpQ
zLV`|aLZHsKqF^?`bOKD?&@y4fCqeatVbhLqX|xrkDu;W`$xAtj<a<&ZT$DAPafXTC
z-K+E3;)}_eY1HUl`yGZkBdh1oS%E2VR*6G!{VtkG0AjMa_*BpWd0SGN-eypgVoh%)
zSIdu`mDs$EZjp>+b<t8@&F;?X{)l#fFT487uE$6GBH1vv<&SXXOTC1g9yXPP#_5I3
zw|2CHO2upxa;Cs>-gKA*U8b!CFfy@zn`oG}po*D6HJ$*RnQT=iB|3c!oDkVy+Y>*W
z*)tC{T25MW;tcIAA-X_pO-3BPS<pkl!M9#X2{E`PO%>|KAWB=olDB=ZH`Q;*zokji
zQ=S6yJK4DLbGLBOSIXIwRDEIU^1&+C3>hmuJsws(NZh%%^4v;4*5NL=>z&C_D198{
z2F-eD3V$<uGUA2Fm+kl>_Jthp`PiM(v-x3we!*+}X#$bjC6%j)t~%#?tPS5}evG`I
z<Fl@{mmxuQcOI3lk0Zew+1{f5U7vI9jj6SV%H>@=3mnOGeG7**5jK$S)#Qe*+=09T
zadG@20(Qt*E!Lb#VO+&aC?q<<Kgr$gMCNO4WMI-a$NIxwHKJ3+;f@yLoCxTw#!$9!
zRo!4u<ImBSJN0&efH+^wNPjeLo`#y3s=&m4%I*sb%bYeverHyly(9ev{wxF;Z;0Xe
z2757wa|x>O{RVZj*hw6TiELJDov(lAn2K(*hK$Z&h{w)}CYW8Ap8e#$YH{D{5f2<%
zLC3?Bkd_<ie{FdHW-Z<aMP?u+f7nBn$ds<x$j7N_fc`B+37FlmxVd|+xq11~d)pH5
z4u#^WIl^g<peyq>NYO1lwJC|81piu$3hlIZfqgBT7($HHON+p-KJ^D);2JJ*gLpf2
z2(S0+HN*73tPk-<MAF$O`n<oqeY9FRM|t9znP`zJn5AqtoO&4?oY{t5xej=o9QVru
z?GH1F5-SKzkuQYd<*sKyWbWpU1h(GJxUXJ_qN`8431(D=N~LtZ+}VLQE0XuTe}kyq
zf(C+V@lzg!ed+|@A!Ys^M4$gv2m6mDHYxIJTfc4G>?nk|c;F;Qc2V$jlA_Au@1O72
zHBKJtWjJj6Sl6eM`OvuT9b3kZH5@wp=zwEdV}nB|rX-n?CHiAd0HBxJ2;H|XVKwT{
zllwE<fMr`0ljEU}J2Z9_5xjXeh_SoN9NPOz6qC2#G5LdX7?KNYNMllrE%3nxXHi%t
zu#>jCth~0$;j`w!rEo3`qfI}043>jD%~Cml^uR)d^OnkD1$o4SdmAJ^-$#eK!RFmV
zo@NGnru(<KMDFYcpeuk|??kw(BFet5MY%`3^B=zSHxstoakBinrxPM@fF$T9g0|J^
z4bCEQk!0)$FC^6Ntcde)ln*wh@Njp?|CjmhWuHtKo=M|CXolhs&?a82eDt6S*CQ~5
ztZd2Ug#YV$6&3_weENnK=^mhUvd}*QVEk(w&70zu3+;y3m(g;sUNgDm#fZWNbRDYT
zx~CE{@f`dCZV_=P`k%76$Udf;;bs~^VFIExPj>JCn+LVw)EJ0vaNF6TnnD^xJJdFY
zo|*52uvN+5Qi{H+uumefA?wtg$Tlfi$&(7>$LptA<>CG;=%P&%hrAdnBDP`Xa$_yn
zOtt?nTwydx+;F>GY<QSnlBcBV#`e1h)qLHZ=zVude!65Kc47r=#(v$$?%}uX3xm-0
z(1xq^4NP(tbE#(@(om7REF>z2Omb1%GLM9)5i1mQm2bb5lE-D`5oh>f%*f{YAzq~g
zAF_t~!aG@iJ7K2}xmM|WJXiL|K<E!Hke?}lBp6q-Rem#^^oD1$Hl@!A!)B)c3KP>T
zI{EdYEJd^GlkEsHo$y94!vy6Fd||va`$j<u;9~Zxy~adluJYfj6+T$*6~>VFa4p2q
z=YUM_%<GC*__)7}-NFo{sKljy(y>h=R2%`Ottl6(Jcu2R;x3)ohk44;mMPmM3ikQh
zySfVhsl`~Zk(YG!;Lz1_`kj=b@J=+sNUCQIM#Rmc3a6112tMpXB>r9~!;0!3;dv5d
zfz~|xGzLsHSO><n8KN&<#v12qCjP4z&oYzwW3u^6%Yg%#jhoPP86BLOq>@sJyxJvQ
z`CHKBd3r~?0JgH{rRqJzxyM1J-*k3vv8TD5fh|+nYQ-mnW~b=0wK?_G%PC*2K%VLQ
z3K#R(lhuMjHmeE0B<p8|J3!l{_-jJi9$#KH^qAotO%1TlIWbHVM^pU$-ankr3X!N(
z%!(RkzpebsR$1m22e@qwco;Y6d{nzi8xS)-A26pcNdW=3_L=Y0mm<6)TOI+NbN@IO
zm3zP!ExaDM#a8v|81SUh6gO&IqFCqSaf?l{w+T+49S?cLJ61{4_AKWgFwYdmOQPZX
zSt_NA3Ng2t@3mzO>s|F=`nm|0dXOw{?=3)HTYm)myb0n&`fAf2+V`cgdE<^u>du1c
zQ1SrArzHcwHI$1XtyiNq&|2M=)%Kj;vU3SjegT7TVrU+MJ&AFFs}?JDoq=*{w-5V?
zyYw~|lgED^RA5$G0Z{WC1|zY+U(#8|N*7skVrW1kPh?>DQi~j>v3%&wCTB63;JPce
zY9?l9=L0Tixn-H)^(H`O`WMN_Q<;;5M)xivtGVnAK+g}oR)yXR1$Za}(5j<p)1kAY
zui0_;IE(Z-89y8$5Q62INaq%GEPLH0*mShw4L(Gfx}f7e<{f;<H0TI8@-r6u2poMZ
zXlz7>em3DA?~WUvVuc6S0{}M>Sv6lUIEnN=tO$(<#S7zBDIF`sza?ucHX$n2zcI#W
zK><umWk&V$yGH>n-YFEOypBognfcPBY%DU0p_SdEW-?TZO{**bNz)id1>at>d$xaN
ztVOysdVx@~;q_mQrd085#MNlT;DQQSV6g5lzLR2pH|7xCOLo3dKLK<)>fXp^DR(a@
z@Bnl3brDD`isag=i&8kHHGh<>@dDb}(+X|l#b&;V>srW;D$F}m92Wf<p=xbiXNM8v
z%{CJbiarWE6j$WDN$~q%sO~$v*14W*U4X;=fY~~{`MeLezR`@QJD4?|ab}8R|7uY(
z%pe4@V7n|$IK$`<NMM!b0jOV;4ZHZ?HQd!4sV!qn*CQY6$&gLm<t+yc)0nV*GW7H2
zX0;Hmz<B*AXvI#r_&|Jzl{C<Lv`=N0_fBMz<Zpl}LkudHYtoA_i6EFkey)DWsh3Vu
zF1btaPQJa-+)Ln;7Hr!md(;vCyumb&*E61Z`9pFnp?2QUC@agvI&5Z9;*I_OlUJ?8
zIIj6yqQI2kJ`0kg&Z(b&B2^0~Ma^*0a^@Yla$}x0gS~&9Y^8uBJh3O1&eAfS<z*Wy
zq{LKKz>tsOp2j7D0pvBk_Yj*%V`H(bsN8%c{vtLMn@GB80<G`?a*LO-m91`tpfuVv
z?f%}RsW(E-NpllfdE*XCQ)BW8%Bz-r=cjU|X0<$@Ig?spY-T`hE3~GO+EelwxdkX1
z19+j8vn@;NY#4wkV6pH+a0_*QQ>SS6h7=-doym*s`-#O@bn?$|{Vf-#=3jIi^~-!x
zoC~~5rK<$C$ZDBoTopMCT(YQ%B(FVC@CW?-nbsqtW5e*@<1=*MZgG-7N=P0CKTQ<X
zvQYKY48V{*F`(UGj<_TD`Si6A{PJt>a;4{&ZK0$sIBq8<`f^b%HF!ryStO>ty*5xf
zZ($CTh@@*;`qbwn8i7AI6p^FV&%1;Sz3W9(0{^9yGWe4@+N2B9|E8sz{ue$UDWnZn
zZB18-q3te)5W~f`41d9%>Nmy~s_Gz4T}E+Y$5W}}(Do-fxEL64b;3bSrOJN-sn-9|
z2=V_=N&Ej(O7VZU-VW?1WQIugUwi#p{KEeIc0?Pn-|>bu?BSu^nEA?JBJ1hVyXS`y
zE&u6*_Yoc^sQ$i~|M>|wpu1-h=T}HS^6CYO^Zl%Hr9DpfHG5_t_4uUMk-=+96vGeg
z!MPu!a;*^oC2&QLKGPB2p9P-q_LK4^`X=>!BG1?uGBLa=3PuXB>lDhCiN)vz9_gLT
z8$UC+mWqt7)}w$MDJa3b6e~NhwhsZGYgw2FBxGTo?T=6Nu($4Ic_%dqYc_2+{DoXx
z>?cY-IDiS22A-eW+S$j^1IPLh!6fCKQ$#zQ4n5+aPE!K|WH)tfG0jgTB^X&*wpL!1
zkj-7=j|=_J{K6BVQz*^mq$HlqOzRI}fxB#IEJRF~D}7?H=E|CBi^uLumkJykfYK>=
zM^w;^(Sx*^2y8Z^Vd{S4c-E|LD&he~G=0<8S$*jh*VUjY+;0gm8AiQv-qnb2*Mb3U
zej6b(if?B%dAI5B<PM>ky_^@A<>OoVw*oo~$d)gwT<E>Him&r_ATja*C4bO|*<h>d
zW+Q)4FCDthY5p$dLtlBR9VfDPs+W*!4fX%~fi6CGKp9wr-X>v}&zp^K<HF*-@RD@S
zcG!wa_-VMQ1UxV;1}P3TUyC4~>vln^4o~zzo;K%B0_t|mZALEr{E0M6AdP~X$}e$N
z3dMkaaA1_|&x)(-ruFNKwQiVDvN#CZz{-fwG4vy)*P&qjjU}+lwT)EXf<rfR9e>pB
zbn+BkJj1~kjAA<>_-c%`9lb12w-aLk=iDTfT0%C;GLc?5MvG24jy8N2Y7!H34_wA6
zh6L+g!aAw*rJ6<89m0F@PG4zc2>`SyCgsZxk^WQ``<;JqV8MXv*J|S}w|J2ma6g9l
zAxWi&KAedmPkKKpPt)CxP{8t&&dH*w-HrM@&`Hb3vDBGg3!SR0rD$x1=sqhnSz+El
zjx2|RCsBpNH`$TgXS5!ykha}?cVE#q_(){5M?IYa*_J6*(Z{PM8PUt0BseQ43s>|M
zovm>A_817`dwV<z0}OO$??@~P5&hqiE**6R!9O(}5PF*<sCKVAueJ#Cz62a|A(4}(
zZX8S1UXWrz+Q%P7Uzg6%4#?NiN;Px_eo5}V1biB%6)B7`9X3QbT$TN51(%1dK!hhZ
zs*+epsLl7tNoC}$Q=yOA9mA@yVMLvwmg<gGy?pH4Ff}f^o41>Jtvt7pxE(vEnsYuk
zJk&8-#4LO&yN<H|v;&_WyV?2z`KJb)y0l;aseCP4NC7B(So%=s%zNze_)o{Q2=HTb
zxkfWbSrykYb4X08>B2oam}(Wr*OL?5l-UGv*`{UM8+7VXtDHg>sTi$;7f$T3v2<Pb
ztMuR|Xripyz+(@2(A13iaS=FLHRP&Ct=-)cG*>f1=Et#ac_Tx_Lxq|_lK1fv)2s10
z1s8RO8wPRyhPHF?*Y}rT$eWe`!ztk5cif-)bD(Z2oZq#T=o~jCJ>H#)UQSdS<SOnB
z+>zp`U^jMTjS0R4^0=MMY9p(MuR^RnffhTOkx`)i;V?4y`wIKOYsdGQrbaT0*rmYC
z1kR}vt@JeTBNB37iFXd8r>&YBWXFk}j|7J27R91JGakin?$^vwO}#YdW7p`;L%Jc`
znNh2NDI}=>yFLb)_irzum=Xx$=6%BW-@?zTm8cj5QSVkNYi^ZcP|ZN!@;Y;sHr<;u
zH{tV6qPy>59y>p)0EAtY5InIW)tX=@!?y^lTH9L-`t(hFC*9SkhyZlQ?4Pan$;8Ab
z;kIbmaF33Xj=Fg18YSFG7tS-jf-zTa4g)h-UT6wbe63wVE3obP&CO`d&LQi4K5?1J
zu?m?@yiUS6#>x7IkIaeJp6Vc;xQ4o)G5ucwoC>>1kViv~A+-c{W_+0=41r{~(U!!2
zsr|rvGi?EYYM;n@P<FiT5r_=Xz=MNt<=y<8C@!;aypCrtH2{^%H_EH09QYIY#Ws;t
za10}h8^O7`PW<Ir`Oe_|A<;>^L>S5m+nYDkIQqH76<+GAS*T{w7@b03Z4<MUUvnGX
zsP$Ik_{h+=Kx#7}iF)D8^TG_zgJnN&K_|E}NX!maJ9D?Kj^%?p38*g)OUX)sqt?3t
z`f9`rt6ZZSHR(c4p(&di^BND<tCk9ya_F+tlK#%*e><C`6=Ne*sSO3A$S(>TMO)*3
zBU<A8oyC*Dm6O^G_E?2(-FA0{=O?g1!#@gWyrrluj3Qfo-Ju^P{(c_GcqXfP|8tzN
zm<`%&fauDxxffiDoTrltD-*$F_;o!_szl@0A80+mI*aoTOK&x`S*}}i%K*18%Dv-{
znyTQ~3M4^tg9(P}A%E~8lA5|?{rA66e=~Pj(BO+D-k%!}!Q_3n-N#gBF03^b^PF#%
z-{hu#fj1eZ%nC&tgUE(o|5%7+n{OTSH~01~peLB`vXBxDo8-h?qWOa>Z4-~VRj7g+
zCvAWE)>3NH=D!)nvQ)N+(diBCNmg#SC_s1qUJ=JhUiG&*r>*#sNSfk9?HC=4BuReH
zR7jZtC37RA<WMXheTp57)4hgZg^v(*2qkLWx?G6I(-!hU2xd30n<p6h@$5I@u7>Z%
z->WnK<w(oeP0)Vn>jix~T;e*M#F^%-_|@;gM=7W=f-&~Ro3;ziUl;l4r%sc>D_<Q`
zY+a7XkAfv);BZ*=HnWxa->NR?^9A^liT%8gT|TlN#3a@G){sJlAp_EpQ$i!&op!-r
z8gBF$9y}DOD`Zjc#}IC?R)zM6t-Q+yU}iT|gCd4T$*_*5Zm{c|d|aqNeVJQoo$blL
zOej~!8s<*+283?GxER!x@}3I9`lamVURyZl29@IyiXal&e-hCNM2&ULh#%M67odgF
zay;iE2J})oOXfN&Two!rw|R=0W=ugAQphZFaMa!Q6L+eXeyQGB(6iJ-#6Zew!u4H3
zMctz{<H@+ZQZKLUFxJZq(_o1E55}=9qizU^GnH!twvLd#NXLggcRwqz)m%kNlsjGH
ztYDY7cVXrm@kKFlQ8#Z$>vjm*`Stz;J3HrGf7H90vU0cr>4m*hqa=}ysI(cZZ;d5u
zKf`3@5Ep^aezB>$z9d&?#|a66=Am;lT?j9abM==%UZ~vco1_^*FY)KTWe~wgS@1AT
z)$ezq4!58i*?U$sa}12K9`}`^O74TH7}XxD-Jp+=Bzhm^6y^a|MGqT{2-)%@+4n@I
z6KS0l4b2~P4XDY<$*D6GPzK!!M*}SO>;-YV>^Qkhvw6Fl0b-bUY$`iPOh;5Fc(3!c
zPZG7ckb(fs2%C|+K=Lb`3j(}eg9q4LtRZ3k%osb&EWB@{EJ<v4y#!EA#y2jQGpi#D
zafuT}@rRD1CtC`@y0epwCwFzqKZNx97{{YqCjnyGid*x1A^O&bBzNY!!NfTP@Kjb#
z^j$_If!TyFPB8a7NL^bO7O|u(BBiFab@p|G+AWB}W<q8IQzAVAeyAbN$b&bbArQ_}
zcI%vQv6DxAX(oi-t$x(iB^YUvz>C3u>(xzEW;}OacJ505<-u>8A3VMe0rQ9<+qmB*
ziEzI%Ez||=4+VL}6Sx~~XX?V;I+E92NhZ)knzIq{`nw|H#@oi&=XDa-UzqB89X3Ox
zvUEa<;+E=lwK4S_4G^bc$1WZ`gplzaUsrhPiyxw{@#jO@en+he$Q&*KC25l({<X@+
z4F_kqr;_(K*oqL|+!<1jiPA7bm3TAVO1Tty*Ov?Uw)**CE08~5^0t3c{$4N|?C;;w
zw~Jf_x=4D*;h!u|D5fzMH!;~}prW|(Hq^bZFsBYfRY7DsC!6kUY5G~|saJXinG|8=
zN)@6U%<`ZZ{qu9$_`>b@;PyWN<v<$0%g|^%!WnyHuoqsJnRb2!oJn9-JUA3?BwXJ-
zJQ72CMZk@uPU)Hud#xjR2?=t?>o@gB8*eAX(jmV#x0kZaPwpCsRty?#c|FL_2}9z;
zV8b>Kp@V;DdOUn(C4#W0)9u;L4@>VI4AW*4e9SiWVW4uOjePas2$+$aJUBTH&)?V^
z!S>d8@ut4$$v#vog&Js=P9z6EE}Fm~VU71_ZzFm}pbgV4xp{yZY;Ur!hWBiRRwSfB
zw1avE-D=8zKZDCe%0||JhiCRwL3=z&*5lXqWPe+sZ?qqp8d(>E%lhXhz?phoa!Wr<
z=of|73<}F`8Kh?V%V-yIinzMtv-=056Um*LX$z>UW?8YJtt_CejEfJ2i;E4uynh&+
z-5ogILUHHhc!ZEVbmO=P_jgma;cjh-m*@5;d9_7NO(X2A&EQW0zx4JYXh%Ix>K~1J
zY3ok57FcjiFO2Km2AydSUp_hl(adw#lsL>E7Q?Z_;3}a0t<6o*CfXYwZua>8@!_!b
zaKybN9tk8_cT9-o*b7Dn*6r`_0xR}SU41?4wZOGwI$`dJj&Qdz$HTL_(0)P?5$K68
z9vFs5l8WbMcg4-aJE|3v+sAiCub5zEds@9>iyqWxB_}D?^neeHja9PCiqcgBqj9UO
z8q>Buxo-&KTY18lj`7<^hocAO8b|#s;Fu-rHH<0t{j{NNap#0MxLKLuz8MLa(4!Rs
zeckaD$4Ofs7u-1}26v5R`7#MII=coEjKQ4(F!h@5=uG+h#0KKiy9dLUeY=k1Gpv<2
zNnk5HJSBmX9&>zs?@$DjC=QSICkb;zqY!B$EX~d6o+?m4;x(~DAm|wJ;e%uF_QrE)
zV7upYoZdu#0FwAy#&*KMxKM+yGQy62(S#ELupc%Z$zmUx!kle+;hNsC;F#~##vk|6
zCaxbHgLx#LWHngz&<J?ZHr}{>AX@u4V-By)9~pzz9D5F~woKmzy+~MWS^mN~ec<Ow
zAEfnxfZ}_T5cX-!$rg1jZ8sr_{^;&um^~r}-t-~so*WI(?w*|$j{($s4E<z3+Do0R
z?EHW8b?Ep@@P|l_8usEaI9O-(ZH;~m`17a6WB#BhbmPo@!--rRC&T(_^Jz3mMB@O+
z<qT)*iA=O7S&0g9#4U@yhr6>Q9fv=DJedPdHBnergDN^?nOUqod>(Hs-h$<uj-zYa
zAav(U_3fWd;^jBCVA+O~FlXKUIlJG(8Nyxf@5DWy?7^;-9Hi!!pr)!CcF{qor$bB0
zsX*Uh?Qtln2>XttV|<@hcwxgCe6c(c;LKP>TsoT%ww}gy!`gDz#hI<QBdY4^vFUg&
z-uz@Q?s$JIu4Z5g<e>d(Pb!{yXD8lVcY-r9<IKe12eE1QIaoVea)#6jv0*M~=Ge~R
z4C%oScjBo}60tkE0DU;KEaS}WjrFJS^0MuCf6WO@?hy_Xb4x^oI^&V|cHrn<&ivKA
z4e>KgD64A1jW4f5GM(<^cz;|wHU<;BhvMo1t?|;eeelqid+_q|eOU0}ZlscAh)0ni
ztZp~Z=@pdLC`a?)h;|s?GYoS`Ou9w5qf2WaOo<P~{(>r8JO3l>rY?_XmEnyw$51CL
zNw!v4yX!3SO6uWD#~#<l2VZSX!u5mNW9l30vH05~82|c44C~;FVmiEXnJrTnHFXVY
zMXrf;9!f98eM`6CD_QxIy&y(!*Fd?VNKR#z_s|DBaqAnKnAHroPUwn)@&-JzbTjVx
zU>7zereQJrY8;8jr~#3PWFKtboTRohytC;vPNWsGebsOv3GjEd#*MU@g)HkZXR_nF
zM<TDd7EgY42+y#N(;4OH&Hyi~9~Z#>uWx8(olPo`oyso4i>nUfp7(cgf?bC`31OT~
zSYzsQ>+mq;*t78jtW6AUC@8CD9HgFDcWy}q@)$_F#|7h=Pj=(^&-dZ=HAi40t9&Gb
zg_SIy#3h-8=*88CaQ}NdQCLxpK3#&<{;v5iugCqL?Z%Gee8o*QnD9U8J1+*K0j&ct
zYsqFTdUYdqoXo?6V>)9>&qyr#VjrITazCD0z86OiXP}-szHVeRTKhZTNLCTYVhKLp
zb`~4=r>gN)LECtW1o<kK^$Od0-^V*}_sDk0rJa1a<1C*2XcwON_9$lcAc50vL2wL9
ztCw#$jW=KX32C`C=t<I>Q(Q^i)gUgy3++PPa3A%&d)+a7&3-#ZAF$_WHXa(?8Dm~p
zhnGLzgD=)6VH*3gie&m2`|c&$d$-3|VRH9i*!a04*wqE!Z%?9cF}f%coLbuAQucKg
z>)N;V4Dw4V$!`oR4aMd4$S<Sa5qX?M-Sxq498AqeExYCRS2y61&l1ry+#8mXfcm#3
zS$dQNW)iQxLZ9*O>Z6$2BN8<vv#BHlFTK4Pw|}}1SM?4z+)g!)ZE<(a6seMZUB^j8
z8D%Qr<f)D}lUZ7aXBKb3Lu`u&CnB>4wt=f13HDQKaK{&kNaqC5TxJkPm{M+#lrP<I
zLJ@fPPQeKGvctO@k0Xc#{XyE!$k-5A_&Sp;n&YRvDb#~8vp|Fq@LW+f+fN(s+93#Y
zdWT{f>mEg$S}>(Eo_TvKd^yH^yM)7;6UraH*@sff-C$)wqSy)DpIC`|Kiq}g9Pf{e
zj>d?%09-x19R{@VKy-i`$4Lv4!*O!ra3;2;<l}Y{q_|)g*myZ}yp&?mr+e@s`@Ool
z5!3rd(O3Ip-U~nCu`l*x`R=o@mpwT;bo|BmLnNnGW)-sZ%0b}iVvkXGeTDdIK7?8K
zMR;_<_nb*t!&FuR<PZpv;B540N(o+_*&X>D48<7*NGd47`<!jQvii81{b)kTGE{yA
z1Ch+$D(c|wXsc#IRWbvovyc^%Cc0eNgjb=QFw3XoQF76{eZMOMyPq3}_qLouGG|Gj
z-`WS0mTbjJI<%0vpCR?-iFn|Kz5q#;1Uz?NH=KHLJQ8mB7;mgPK~ZE&r743Roe2kM
zE`ynegDry($%Dwi>LmCmw<Z5j9y4BB&6!MQRw>$C_Yw25HFRbYuxeyR#6Z^AWJ<r;
ztlB3_`a%*#MY7EM+QQZ7dGEI<{eC{KlG$K|!EuY~l&@hzf0C~StB#<}toP7<^4oCh
z{{k`!s|+%+EK@q%X34<7Yat}5NeN2lY|2@<8TOnjM%WFXqsLVrz@*0_ELpw_CjDN-
z!fU%BXUn}PFDQo<<y5OU(k{v={dV8yd+^S@ez3E$#utY&;7qboSV7%!7F#1aVx6_r
zyKD%T*`GcC8cy>(1H80X-P$xdXB99EpC~&Oq?|rKGp`S4mBp1TyNQh!8Q7;e%jaO$
zn_DsC!IiKf86<O1wqnL|O_*1b$v;AlRmE(t*op)Qv6VW}zXJ&t%QBVKB-y7R1n?rr
z24q<+kh07yO{m5OxRQKV)UYqa&Ma7~<Y!iCTMf%FkyVz8dN^5|soNx?@(Q^{OMN%8
z?v~4}65OPXO_GPYD<_F^wYN6(pD09)7ip79t{|sHUy@h;)`~%?a++YrF(Wd|Z7G$v
zx&fa*G7NQ06FK8Uq!(Ai+S&p(ocUXb>`Wu&iAa|GTrT@0XzM~sWh|LfpT#6Bu(e=O
z&6M9Lmjdf&+neMb9s_tC^O{qRCJGfy;yLxEPcY`0HK_ezK6(ymtHd$mbs_6Yuar&n
zCo8&Amu!Nr7sICB($40gsooUx$8;dcOT($u0+^Eos0IsIj@+hIc1d|<;$$kfo+@jV
z{!N5*QfX?uTAHej?M>nqI0VcsEMPAEWh_f%7I{?LY3o8f%~_Ti^DBA8COJ+U<-V%O
zV1xzh-hDC`E5ALAqX*MqCClT4v_pua^rx&|iE`~oBFe=E2y@D-<TEx!gG`V%?oCs-
zBTp_G53ji&Ai~FqrfrVo(^({L6&RHes>Z>w^g?Nf%Gb>Q#Lk;#5>j4^$+7+@<AltP
zW8&C}0`wlc7;b}Kg-P#4$fA$2v9!i3vl1}rwau`T)gS7?l(Jh;IklSIP=^+#W(b-0
zCE}(ogGsmN@Z;`ewK`;?F>X$<_Pl!)+PCsS%-~lP@s!Qj^|F^o)Z}D?GTN~<^-y0=
z8D-3|?b6rcH+AUvt3k`Y4A9<f=`cHnx?@c5R_Gn&h0iyi#Ji7=#_+xoxcl1f=+Gq$
zTaRa<YnVIQNBh#bFrPRW4x;TRv*7D#i?8-@W<v6C<ivS6*~<8#V`WfqqVu$-<FVyH
zk$d-&Pxi)mk~AGlE5dz4qS0?aH16Td(3wteOJXX<a;AOT&}hu>7l{#_L$N=(0B>$R
zfwq1QSjpL>0|%<7y(P}<O~Q<8dtp?2A3VvK((q0pY!4g6KovytkX2BD(fy+_v44aj
zIkLY(0-R{d!Nx-Us;rP?XM92s#`KTEJ!3k;%t9QoK{XO=vx_Sb?(2jHuIdgq2L^nW
zZN)U#3~Y_-hPFjqs57=C=c!eX=O@Hr#K0(w=oN;?Ig`HY-r)%Kw8N*HP9adcT}6m<
zb(fvMlxN?uEVb9^{+V5H)z}!!nb{K`u04cT=5(V&48bhU&YWyX0*WfJ`)nazoY4gj
zk}&yGe>HUGB~_JJcIP0B9oZiD-8K;I+Xdj!>0PjR^&y<(jGrz~wRv(}2-_y|QwDa>
zdtdFvkdA%~XpJa3n~RrM@5hD*Mq*$)AG|ZG3$`WYAtfmbR?d!?KRq7LaHcG)6SARK
zZnsGrT0)lF-5srwl3#(oZM-pea5Qe46c2k6*e5>Uq4q${7~2`MX;Tx2wr9{bMJL+L
z4cGVLtdM0<*K#*U_OS%H+bbKX;t5X1@z}I@j2RPy9+BSoV%tghy4k7yPZF?XZ%;kR
z%Y9e%LMuNP!-@{|EWurLEVmI{8FWN$69ztCR~ww9-Fetr<5reCr+X^|#)ZL}I<ljU
z{;=yDCebDb4v4~-PJXatc}d64<Dr?|Frixr?i<~n{ZDxrRNU;0<uk94FKL4>CkV-z
zC2(e+-7&K(=Jk(60>@2VoiVTwqC0<gYn(q{ibEN>c$57#lKtG1v+X-R+<~KM1=L+E
zrgsU!4HG&ev#1_noMBHK(+(YjTwu!frQ}v%Sd72ggJMIuty$)CD-Yr0xqUILe``E8
zxeFfsVlM*S9AGc2n}h^vCn2U6&`g`QHe6?!p0o>Frm^F9S(&`|j)7=Jva^C?QdS=;
zsv3|G;;vRj-`sc%pWoIWqk2YQaL+Kjx#ox(Q_^lBq(X$AU40M_v(MM=N>eK+U)(>~
z!0u&?QipkLf0(BO;%NV$C#GN=^*e%NXk3qQMfQXkO5e$5XwjLC9YyA6As!x1B*i2j
zWHKn@#OBqXj^N8%`(s4+aEu=iNqG*lEoN{Od1&(De>@yybGC7Cv%ONb><>_@zbsQo
ziUY}@^r@$djVfR24REu^j^pPMML#flN*6pls5PRzofY{}g%d)u+{Cw(RAG10d6F{f
zkaCHAI?H*Ig*SgVi5EDwzTA{#uv6hwltb!^^moLhgkan_t}`a|ZH-5l@5Ne@k_zi)
z+<MPYOqtvnSI_E!T$07pnR%E%->~U$CUqjd)DHFZw?7<C!)Lb*z&!e(&>oTaYJV!$
zksyzm7>nC(HQYx1^e(yOEWgBKKhR#&3#wsNUWFU(7z8VlDj_hkU&vbQnYs$`w86nM
zx%7iYxPMMh+}Jw;*Y%5FHyHJ(L&sl;%iDO&!C5ARgtH(I4|@)BYb^fhBuuJn)Xytr
z#bWole4HT3akaNVt+_c)(K#s-XWm*4)~w88ytVNZ>ggzCHYgiaS00ijcFs;YgFi^8
zon2gow473$%qv&7(o=Fvv3BoSMY7t`aj!j)hMgy}vFCI)PGprLI@lG~bWksTcL-<m
zN|7y_e(6Adq#Q*gCi%JL*pgC+0B2jogt)<m&TjtuJHVEx6{PcdWpJk>b?0nk2c5xB
z$1;(_S#VKd1&(Bws(^Z)<*weB22%#0Hmq;w(JcIQFde5!jwFc5Y(+NWg)rzAv;J>)
zCgXTsB?fg2L=9&_mTd0_8&Bde^UWF29&3(dAjHKE-!Uj`-kXY0&f*fnJa8tb9IvlE
zhB|TnJfz%`f^zI&ur24z^-yv?A_JV^O7d_ttq@z8zl?ed3v`7AXOxbPw)pN)Dn8hD
z2ED`GkyKcTJtRk4NJO@>&Io541bW)z0KaGClprC>2fmz<UH9G&RI;5VMHO&&wZp#j
zBEu|ARy-Jp@4mVhUi$tJPG^_kR7wGwsfX4P9!RFVPk(y=^_24n`#vtr4I5A7An|xM
z5-DF93D-W(L~A5qC`S*qCn%HsyNzkmbITAN<O)mH^9=j1kl(kT&cnb~?rK*1_1<$x
zPRUn$qEgd~v6=zyL}59dcNx5BW5@F<aGLTQ&L~zSI@;G+>GjDK2au6f%y`j&!|4Uc
zl}*hR)kvZ(-8nWE@6ZM-<@Or;PF8!0spFkz^HEV!jiW59lD1mInesuF{T=(K7wyJ@
zf$liVJeQV_L$s%p=L%rUHnj<L!%M4=<BZtIk!;v;W*p@2j6Fwlu=Y?o&e2B7X-iUm
zIm<uBF;Gd{uVpYl#PU~cIfKrwwrce=#LolY>^_UkV%d0WSPd%5r)){N*i4&`_H{&S
zl8J{t--~Sa%g&TMc#xEb1-KxCZCkZ36>Z#XV9T;T+;oQaRDyjBJRQ6pki)^W?^G6&
zsQdNQqbCDc8_K!nU@BH@KCS9cA=yo#?KhHKq*2bpIb~{$2x@3&iR|NS&f=>m|IXxG
z)sHd(aVJUWLi^p$K3#Vx3%R8Xh>i6m%cgki+k<FDe-TU@U(E^5Pn>+1GFYc&72*&H
zn2;Jf5{3Sp6y5X2M)c_$g_{Sr$4l>T1DS`io94QDG*>sM6{&CcoI?|32xXZEX)9~!
z4^nAoB}L`fOIc)fshD=ZlYJySJxBD%fZxnIC0Os-p9Vi?YlPBPeq>(R7;Z`(N_!8|
z7c|O*g??!t`&w3Lr2ZPV_Ym8DPB!FnEH^YX;%sIS4rZ0mPjFH}zs1pl5?=rDa5{FL
zI**}kypYH~+CV?CpJPGBh-wS}lvCcFJXc&^ho9*Gk~0gHpE;Xdgwtp8VM1SZ3nyGN
zU*0IoK8CTwqpF6UvZhY?UpxATXQ|thvPqiPR#C5mIPnZ10sVsGrlh(al@&GEaq>Lv
zCkM@xyP~X0-6s5W*I9J-bx|ux>GY4U(&vQJHw1I+pUt4Jp?)8qoPei3+Nma_pf6uf
zViZq5pCaw0AKS(LFJ(Ipq!yx-`lu$c-NkmVV|%)A64Ahk&gYxYBJpgV+E}hujdbYv
zcM!rrzx_uy9-Cn5GAZi!L;ZY{!&xe2C8Y6yEX~RQ78@qRSH>*A2B49v>zaTPFlC8U
zW<%m|WJyz&U1i27WvOL;<3NxRFN0g%j$+xew}C-kc?dcoRVD|hDo<`x3AFk|7D>yQ
ziz-LT<%~o9+*@u{2t-bqWs7Dcy)4r!Ir&)}n<!0YP$H|8FUtg+aT(gm@2dUG&)J+R
zL*$a%4w6T%anSqvyJG8;<1l=|YMkcmPNijCnIBz^$**t1j`gR&>8zoh(hlZPc{TkA
zG@aS8t<rAMhgw!AwDw9{nPzb3AiQ_?NW|au2{K9URC`6AQikN0ze=A39iBR*Y>KXQ
zCB#blL-Zlv86o5sO;fst;MS2H;C0=HhIWc<qA$rukuJz9d8JQ9FOp7V6P?I)DO-b_
z6ItZC$fLE}ntGR6p<HKBF`Q!>(W#`Dx}<FBJCR%Dlr~5t6WvNW$t#e+Ed8k2lzcC*
zhAoNg%>He#bk!k4e@Y#ijzvz<t)vxQOM9e#O>dG`%9J)ry&{X!AM2OTa!%^fbSmfN
zoRoK|^5ti?{5-2yBz&E$)E=d3mUHL3I~n&`pV*)#o7lQ$%Tlh$A+m`r%B^GhD}5m2
zNOT~wN*z+Clp*=VUii@<C$CkskX>w0+9f*Gbgqp-fus{TB(Kyh{V(kh-AkLb^zvEy
zN8}-SQFV%*)!1b@+I8u3sgIb@Jq(Y{h{v*@&fw*bc3||Nwy-7f{_KZ?29l#eY+BkV
zb|SK?0trnfkx#oVs_9JYJF$P!i9oW+?N&)A<!L$+y-6PFBl#?=D#j{Qd7@9zjX=^|
z@Cm#o<%{m5E=_-uM%pXqMUSFqfu<YPr&12TOCHe&^*XkHYdkxnJ3iZ*gva060?5zL
zH94eQHHImRG)LMk?U%O6HR)$LFKv?kk#>k2GM=RjkyY|YdbuU8%3xZt8)>7QsISKW
z63tew4p__y3`l+yL_SF)ZPLb^lrQCJK0)f$>XAC6d>PXsi+t9h<KKb90W~%Fc3u=(
z2Y9GoDPM}@*f4&7v?~qItj(g0(Y`NAa`_}j$8U!01MqXRM_x%4{SO_41bRBOK+dXV
zrdulxqGj;^BcLO-mDMO`J7jX^DtkkelldcPY$OM>MogGHcAUyVy#(cd`X)jxn29s~
zqx$(Xz<z5V=mu9uOUCee9ONv%S%RPhh5rRG0JjZsRjWuxPUji|rUX;zr=Q&}`yT<x
zZCkmmNMew9G}Ay%T5i(%s~{v>_FrivSBH+j3OdR82SH|VGTW0Gxi*WF*`ur`wLJG{
zL4u>2O|xv7b^aO9NP)~2<<RlxLhM1U3K&VSmGs?zA*lT~AuAAKXR?~{cOahsZOC|&
zv8?Mu$NwT|`hNz=`QP!P5<FyY$sd7`6}f#Pe_KKvkvQm!&ub8(A-CCDk{RhNIVaad
zHpwdvUY4NcP!8@F%KLYa;3z8qe-^<Ji0m?(`>g~=1#M#+wBU6mLfZ9feg9h__8_Yl
za=SxTm;N2Wk^00&#8$+9E(cPE5N+uz4XQmXuVr(zbc#Ilnq2=+Kx|fQObEK@w541c
zL<ZyStv?K<!%K|k-wVmE#xQ03Ga>dMxAZP{?3&G8N<TVu==d4_H%Jbhg8YQm@N??l
z>4?OU$bI{oI`uQqwqYJHk^9z~V`O=<F*ZEFMP2`0<x5(YV?#%#+!+4}@O45|h#Nxu
zos9ckS~xOEBzqd<KKI`lMjbfHFH@SE5bo~+XSwC@dv*VJ2is#wyNV2SWjy+weg8)w
zgrl|&q5jTjBOB;trvH0MB<)Im323kFR}oNtxn1Ne`_?q_BL@SxjoRY^c)Hjj&|6+j
z@E;;Nm344%uu?Xo2%J1dK#TE|Pk!y@sO@379LR8z2ODw>Sy-API@II$kK2nu9f^NY
zKWD$V9MPZbArgK58YG=ObnxG$V_(_WTA&s6BR_-x85z}~L&v}1@=1=&rewx-;j?ij
zBOBhtIcbhl``*$isTmXpv;398EuSU5q>;2*dbuW_<*z_nzLi;woR?Xc2CW=*o`2=L
z98!N-6_(EFg@@$ns4d?!q{%JcC7+~~Hc1`wU7f4L$UdzR?Bk+-ayz$Q6zpULMyrc?
zeC@3<ty?HuB{*p9l|$qdv@A~!Z6-?j964KCb^kEL2fO0d;q7qrh4Gl#BOJ?b8Hf#w
zCa9;BUTA-54f=Iyg?=#s1_C7dYgw0;P9UE}KXSCJvt=HoW1iF6BHtyQv_bMo8Jcdi
z>jF*xa%g=ZdehET)uEHWD@xy+r5wCGIzL=q-YA<D<+_wF^(Z?q=4mOvc3!iOi~C6q
zO&0kq`c>^^8S+`K$$9zS5>k$qU&@l}@>kVo{H$G<L(^Hy^YU5c<!1(D4|`k8V1K!3
zfmch{(vGw?O1_KBlQb8XueC+fQ%f{9t7o$;nLiK<ro`j+5$&+zrh$f+U~27?yi!I>
zdE{uR&!S4iGQb~yagyO0Pm4`W?cEC5OQ$2;*V#}GkC;~8sQTb4^&rmJFn0`<r}IkL
zE$h3Wa~^WOWt%j@)H038^0PF&#&Wzo9dYiZDd^MM7sI=Rphs-z|G(gqV{uT&Q0#wV
zq~X0;Ep1Nn3#8nZ=UUbw^^-Ks93F!RKWFu;q&a;f;AlfKu85;Coi=W@_Q|2i+!9hY
zZNQA>elq|6*!v0qJ&NS}x9;xl?h@T>+?}`(LV#cag1hVCE<pnX2oMqo5#sLdF6-{@
z|5v>`xsUw0J1&RjHxDK|($igCU0wCMXTItF7%FS<Y3XH?`+5E9kx6Qqm<zg5`LPTw
zzYd$dd0ZzrIkKNfIzzct-)K)N_xL&6VM5nn*vrh9{4!9kYqp}@V`x`Wmi(3a3$!#^
zpVN*-2O^V{FXshvujKQyyftBT==kg7(tbkD&XMBn03$lvs_J?~dpW?KBbl=5224ry
zM+A>6svA*7M|5Rcu=-@Ud|^|*qajnT>NEVouE^uarMaaAy+b|JPf=}nenh;F%CDU1
ztLSux$NAt)SuNTaAO}RcBfGK@G48hL?C*jE2GXP1rR|SW*zpEMdLlW%3C>pL>H}yZ
z=P2eE<mrg+QC`@7u2}udwuXVChIz{xPx8GF`O@vs7%y}Ra7IQ+4Xlie(J#y$F?56y
zoFACj34V4~Y7MU9%o3a}s8A!Rei7~na<j+b+;Ze+SKwT383x4oBGTOsN&d{+%oI6=
zmFk-$gQGlIo`YJ7z=V1$?f6B5e1L3lN&wdE%R(3f%bs&3c=Wjy_~6I=m^2_B@o`>Q
zz2T&qx^^-*!D~16LEj)}tUQo|YU)VzBkK#<S(qbRe%9JCx|5&P^$KuB7=uPC>($CS
z7t3`zukpzN)SUwgs~S;L(}3<FE=Zw1TX>_LxvbUYjQ|%L*0V}|uV_rXAL1x`S#1-l
zNLo?@T#)SJgm^zEc-vXxY-Xuid#F#O2jac#)v_J380E|%ad_taP3psP*=*~y2rnec
z>;v^9A95>U@ESsWr3T8V)P#JFZAREznj$^OU9GLuOvfvFleN3VMkXfvA>6}W{VcY+
zxEjL~eNjYPlb`ku2&a9J2>Lr%qfdxCf<5eTDzB3EL7mW9hq>9If3zn8oosNvv=055
zzKF85(TVpC^FSH(*)xbb^R%ZvoEY<)Q9+q(IdUEm=Zz%R`4nwhzKxP5I$+wY;wog)
zu1*!#LcS?8F3A@WyuYNXLH$&CF!K#&8>IL-;ym@=M7bT<S4Pt=6WInQifdrT_8Q4!
zA%^l3=tkOY&k#5Cqz%gKKt9i@U$O`os5<+)U={=C=!X|#!T0;I@N5B3w<3iy^$2r=
zkAoG?vfiO?wyK?y{ag^l_RL~F&Gn5)WZlw3-QYp}MEW`7qveO&ADvQ%LH^E|mKKVP
zqFQV_oUO{6HXs@USpRocoWQ{&IjAVBR%<9p|LDg)=S^~7(a?e}w1+sJGoj4#S%|^0
z-l}|wt+K9|e1B(<=%2D=aIj&)bfXj6`@76a6y%lT(P`b(vJ=mKxDk&}NJWph0Bk>;
zg)(_W#z5=q<%mJ-tM7cX8-c8E|0oZ&97rw8FIT^m0wyHUUMYus_eef9G>UyBnr)Iz
znS<H(AI%;BN0T<J+?RvWoN}DZFN3AE1qMfYA%S&pWcy@gl_8G(CZ2gGvu}9WTOfz_
zDnI2{kB`_!w(J`tsTa|6RH!>P9?eH7?MZAjjJg#c6iJ)=@b><&XllZ?<N1iAzWYab
z!kIQDeS+dC9f#0IExc!d`T*uxmM!1V8O(adv%kpqe{zM?$*(}Er+U_-G`|v=tZ#qX
zmkS43JwsjD?|95Qgt^)%Utq`kdXtp;I@zLYkPC|Ff8~=JBjWtopY7pHpC+GI7?a{p
zf8a!3)XM(QfMIN-)3i$&lnjjaMjm}ch_fx*+5;iX`-FT>KorgP)1l*c15NC=_zC%?
zksLb9FYg|JS~Cmm+jAaIUY8DgI=bn-!x6{e<VPoah8?^QM`69_=*;PW#xvlpJD81n
z1`;nPYpj2M9Okb)tb*^ikBq?HGe!99j)5p5f#}7cI=)X7zF2(}Cq9^lSAIH*hSP;O
z^Yu);yWt$(oY@WIdq<&y0e6l3@_;1Agak>}&5`wACR~w(1BY`kHa!9lOiHEmYrx>n
zLHKs-S=@R>Czfx44eL%~<J(hlm?Y$iZefUYw1g2I*~|fPD58T{_S6VeFmSX{u_<)q
zO$-j3&X?iH+mrFc;sbc~`d)CLQ}7G*LN)#GTetMZmkW2}_}m!?4{$>Tuf23#PrUTQ
z0n8c}j~PSbRIvK;-a)8nHp04HvSfoP<b#8w<->`rM=%M3o1-;W9?erfb^ms62Ik$|
z8!s+7q)42vi!CPiiG&RYaEte5;r1~p7)cT-->SKdMC=F&SXN$zY9jfF;^8+Y!QR0Z
zwshz>jZ4ATn@-^RVM*xA;4WXSy>&t-e6i#Jw!Jk8adgyMvnnumc3))E@uejCVdtqr
ze0*Df_49Ej>gM*bDfsxugIMs$NDS>3jO>yse0KLhJp27YjOY@G7`D5Aup6%6D09iq
zbC^9k3D17A1xsI>O43^ocRJMwXKTE1M}O?kEJtjJCx&(nKpUO&GzRTMBulcGrX|V3
z{QHM0(sS%|5q^AP6pH9@Zyy#1N8X=Ghdd-L9N+zP5GOvp2Fv$mA|tl~N9J6Gk2jve
z4FjWa=lEo`0OYn4`AQ$6*LQCnh{BV3=-)E}wv;7>#P>#~-FLPG&t8*`W&5+S_my#|
zY-mG_uRU%Xn~e8KBIKifp?2o*CkYwPdylfLZ7+;LBS*C-*}1-bY8002&A}5>yTFLS
zFE!8wT@nHr6zj3^xlza@p_<w)2!Z~tSiS8GKDcKPA{Yc?NW^yY{%d+iB9_Em)+(FY
zFNVaa5)V!3iWb_nHwnO2_OS~;SthDkMhpq;81}bQ)KSjS97IKV<FTvLQFf*PX}u!U
z>_Xq90L;CkAGT*#;{J)LIFVh3RtBc|_YFl!Wi81}BuMcvccpx3yq)C4Flfp`i!e6D
z`h6LwqoY}H_Xyrwj>X$fV|dSS+%hs5i}z=!e2nRYTsT;0H8sbo$A_YjM5K}Z?b^YK
zh$oqHakjxNqf@c*bOAoNsSoO_>k!C5eE57RUbw0|b>aeF>h`8F$yi3aAC($_NCtNK
zKx8Kp7;BOb`Mytv5Ixo@kOXf42Nxf0K8>HA8;fQJ?JnV7m^3H>pZ~B2Pq7`R_lr_r
zZ?<PZ_V#dskEIC)F_1?^_@IpaeN>N7MX=Yg-H*N_{rMnXys|6ONmxvI-#ydQuzbf^
zJT$&D9-rO=N9mJhk4Z%a?>*JASgEWA|1tZ#4{b4w#A!rY7)js}gp(xpWdG_B>IpAd
zAC5LKyhku9Ngj5dD#C>RF|eXvnLH#>4GK?Xm8gM7G<7(Mwv}62jokby+&if=Qkb_{
zYYU#az7Kw)Z5GQnlbE&(?Qrgc!}0z89PE2(EQ;z|F{xVst{fDjCR(l@9)nhyVKO(y
zs;95OZuYf_odS@a8i<8U*=Ihx8h#{IyI7au?5o#MU$T77UGyP~_hn+?gF~_XNS-2f
zr{BL4pKLjgd&j4uv9t=~2E@R@)*8DHWc>YqVX5P<jo*mmTp|@Wf-Iw;K3mWIlFA0P
z5_E{KJHmV%aKocNV8_vHygI!r!a0KNPX|AZTO3E3609?F%dvcC22x^u5J!i1>P)fv
z(&#=0=_lXcjEVnP4wJT41T$dDXkPv7nu1r;DKxM%%4))|%-@9vKiJs*^HLIp76#^r
zKHq}rBjVJk*@cAQ;W3Hm_slXp`R+!nK9~c4S6kfi`DXM>@PiwPR4X0Gs@2Ev_~=-q
zb3{3i=O%U!gdLsMhNDH8_4azax^OSHo-D%qYfd63vy5doLDnJaK}Tj~Z;J<R`V4t2
zyOhqmg>}m;X~gs2?ZIO&{DhXKHpEAGU~K0Q-1+_{y!P$}yhY+BA1S-IA$|tA&QVz7
zxdK?K4{))WIBGo2fW2&gE`A_^IJN5>X7mcjn3q@Kp|{pz{+i<$pB~*lolJ;9)YP_N
z;+rdR$1AIG_IxpkRuUc_6_2<O7xbpn9}?pU6E_DO%__&eU+uwW>OyA1N}Ahn^Ml{R
z!O9HLK5n@3AIosZv&%qDBb}rC^99v-|HlJ(p68C|R8wam_>?mEd)lH0M}eUXQnpTZ
zY6LHJkx_pY+iuRBbvRs9j}-^<@$r}2arfW|^o(#rf0DeBiQY&Gp?%P@Wwqo@2Q$$<
z#usgLtR}3#4CG~n^E;ngfh*rx4_i|+gvR@m=(cba-#*QrSK6Q!7L^&NcUK*!jqGlJ
zakHrv-8p(59OsT<BnCZM?|VkZ;h_&VA>7Rok4@@?`##x-0+v-;(~Mc~uEF#-Hz1Ou
ze+l4^jE+Z_7$5YE^TD+AVAPVZE!vxnX|yZ(sGfW<(t{)2iCz8BJJ}a$3BH&$Fp@;m
z0`*kFL(eY3L*MK}f0?yP3PhZ%1ExK>3=^JRuGUq1Zb~XT#dxDnq7NoAST&oOsdd1f
z`(!g-d~aR*x1BVQ_{c2h><`xC+byR^w#K1vdK5a5Pz;D+{YZj`(Uz|n7OOsbxB6fn
zUVZupe7F7-k|VruJIUmdt!MD~ORMlO37oZjzs3L-yl4Hfd{j3yA}q)a(}yHr-?>5@
z%qUhfk`kD+OR90hpjfOTF~6OC<jIdWql~)SM<R4PZ7q{&g1qc-&3o%{$E&ox{1OaJ
z4ur3VJ%SmyAH4b#1UgwECddUh(zb4!vl+*;s}aTEEvs~&%CE-9bGKsC(OfLqmx~Ro
zr|JXjGvfE;tKIS?X(|7nk2Yh<n`=pm%FvHQ<7NioPIrET`##=+ca|Q(eEI}mKNqA%
zdXNYNW97Qz*nO@X^EaJD{)s$Pk<>WZTOp97^S1Xl;*pQG;`xR9*;f)!!nXN(%V|9K
z+%l{r(d-rHOFI(*8gWHRAcDP}antk5am#1hvH5r&oH(#pzvLjQDQJ4UH-^UhV(E@k
z*q2d(mzM0uITGwo*Pp;}`oexOZt&y4LOlv%UzblaoXV@lQ{V4HIc?dId0qMLdOY&+
zR(!hUB&K$eM`5&cI(b>jBe%2`^^{K*$$aSL<#_7reQ>q5#v`=d$3EYIZuD`DMkdHC
zuE*Q&tih01Rw3EX70x8q*=4kG)^+KIlX!&Wtsm?62-|7r;XK^XKb8Z9lNiB1G9t+j
zOAqA2$-)TN^$0?L5~cp}K6r?IM?D_Xq2q6WOP+63>(R(s4fQfD->Q}|7&7fWJhosT
z>i0a1>qaE07vy@4e;+;X`3^??Ud5)pS?#|ZVMl#q`9a({ED5Q>p7?ynIkn>T8JUGp
zAD?SMO<lcu!B?$GB#wohS^G{zYfJlLipu#5Ss)R5^xAYBd37pcZuknXEk6P`S34CD
z3OE{(pW`;Rv?+3O_G}?Gb7c7X)UNn(Pd3aMgmz}sAobow=y%(E7^S^{Mmll%`mGfM
zfC(L-wS_TcAy9ejA)kk@%PT`jpO;{7V}<HdPr-t6G|GnpDT~ZZsV|zc?kzlLLHW(e
zE^Fl5G7J*69CgW5^aU`fl%>2kw?;Z}^&Fg|$EWTXjwQR!w7*9r<+E)01ipMmU5<tP
z$=7lv-!hIAZ7t>HP{~NCSY_G3fFq;yIufqz;tJG|1SH)!5B=|20HfY7!MsMM;Ehmk
z%>13L)LK@KPL?>g^me$r*rS95MP4433@d9J;c9C^^3u|=c9A72SgxzHHP$Y;9zSMO
zW9Y0eVQgj!TPq8a$aYx-G7|<8+E4H9i=j_16&3~u8*6lVWEuL+rr!I%f_W<rwT})-
zTp#^*FPv>mFz>|)_?U#sk>s{mUb+^rZuMk6>P2$uSC$WGCwF2f5;tVMCGN<3G6JUe
zb+f^33`PU*S%{#?A0l?fCqPjpP8L@o(A@?nv&z^`#>|U1%KHZlJQej6h3&ZMcnQ*I
z!->~?3ZwKF5lZr{9wE^_EGVzEpCi+4K2?Q5w|<S7nV-YF&kM*as^XwuWTXlyYa``y
zu{TGp1PFO&g2$FDXV;l>bieyMBwsgA^^-l@Pa|;pr#SS<bbS8IShXs*dQU>`5wOlR
z)ce8}N8s51C4Bk7U<^tN#;AX+z<_%fB5=Y7xZ>t7V8ObSi!I47me__Crlzo?ym{p!
zyD4p=k+K`uBBA;m>;J{-<9KXhXFNSN0mJV33Vtr^PgIRc&41+4oa$TB29!(ASBNdr
zCLJ8DRRC6Gp0d`mA6Sw!MRtFR!~r;a=usp``KX0>)q6FjtdG=>iW2!`c2m|ElQLv!
z4Q2Zs(7K9{|FcE(7h*3wQ(RFCPcJ9R#`Fc{s($jm%9+Kp)Z?Gw5Bz|t+GZGAo2ti+
zCaOP6!^j_FwsoT-4>Ds`K>e7Rn{!ZTtQO#ejTtSAZAH6QeSz)fNb+1J^%Z-eytTB)
z!jc-)t-BkC&ljQZqd%gusR<?y)~tt#dL$Ye>xYxCjz!NqzQH>yPpZe(N^#7>h%yP`
z6#rt$yk*U+W+{vNGSIUySlCmbxe(Ss&8*8kGSC!#G%&q6kL88x8d*<^{k4q+mDJYL
zwX{-v+1g-Eza?t{Hp;tlEW5P40b!mFnD^;+ghhF)RqgNkYzqS19r4@`M=|97?_oLc
zHTX{dxc$R~I&}OEp!&#v4R)TRd6nvYo8g@Tam%0>j@E1N_#-1xb|xQh{&bi=#spuk
zKaCe&7>m9!UbySZ?rMD#1rnL99GzK^JPc0u!=kMx)gy;TCL|-BY44lR1+MPSIKL+Y
zThA2Z&54~bd0Z#h@;+HW&yjy+%^-0O?Pycyx1K4$h&WF?JifCU_^sHVkNLBDV_4^4
zjN>TIlFp`8-oa=!!sN6-yz|o`)Y7?_8aLtDtGi=RuW(Ges=IQ!u69<6$VtGo<j8t>
zoR|7at`Hs@jtsB8V<28zunm><#&BW~k<X$FdGT<xP|wiCd&!60n(0ioXBOhV@hM2^
z5{Ns7#*(whyC>~lN)}vnvXOO+Oq5fS_gs3#df}QeDQZ+d<DHFwi;Z%uLS_yzuffRy
zFyn}Le?|%3x*;6{yM<zE|44kd<*0Jf0tp6n%?)^RY8PBRn4{ZRU##178e2~l;iLP8
zpf}5SdiEf+(K$OapqNpIE}qVK_TB+FdoUOB&QNx7C7c}0aO>Dk7&j^reqQ!iwC)6g
z=-_1SGAYE3I<cjG8e2@^QCx~!XZ42%bz#Q3IC2Ci^|U9kwR5(?j%UZ=&1FY0$k!I$
zBs^=6W#g+``l5gD2+Ww$6)xg9C6H4WGBZ|H(}t-WvA?r$55DK9zFUwRMvqRw?fqh4
z!8}i$Da4vn`M7&TJf;szM39@6^8R+zfjyo41@PQYJ2UX=w5}MO>W`a7C81B}5L`*3
z>uh6+hrir|*RJcy0B;I6doxTP5QQhMh{u_tYW4Wf+{y?~UD*XA2FGG7ZBZ6;6kC>c
zii}x5F9!8<g_Q_*HNjO^rD6KODD)ea03+(iTzVL7(~A8e$ip5hwx2~4?c)Zv@0}A<
zQP<Lp8g9>B)fGbrMPustRK%qOqF<CJ9-6lUo+OY{$9KW~3^;0`NRq=S4+mvWgA)BP
zd0G!_kXh5khw!Pq{MtD{Ef><QTNrJs-Hyd}Y$=P(9DKd$B<>uY#Oon=eoP{4to}(L
zq(2D(@OHDq#vNx6;%SR5v=?a)S!+w|(}ubgdtG%f3s?7yz}Rj<7(E~c&Llyy=8^=<
zJty)>PRwxUpm>ZM7=tJ;M{Le6!=$^1VDa*O*ppjH+p1P$q-!U2!j$eIi1KqpPGJSf
zu?d`noKkNUb*<<f;SPV=x*`+&Ur3=VNypM{XYuIR&bT7c7k3YiL-#0ue6?gBcGLen
z|KM=7M%Va3vFiP&)yHyi>y_OQ<73m#E&1PoXkVDnChgd#gdjQ5Uhcah5rY%F@#N$#
zSiJ5K+<48=mOhK+$}cFbrEiHzbAQR<9QFgY4ez-%Jsgv}1dy+_qLhQaHV!E6X8Xta
zxzc~MBA=vbLe~&<iSWSsV+9!2DF{<~g(@B<c}t#cv;kRBeMC|q>Psr&#eVhZ&;$&Q
z^Tr*ti|=HBNZm@GGba(1HMGQMsFlpczIe^OW6&ogQPvZyqn$?i+Mw^K6udAp5t*g6
zsL3gZuQUB8`%fcD>c-<a`0&Qw=*K#Y?j43_zTJ*&+O?;hHT-FNC)me|Dc7hjez=ly
z%%XpcPxM#sB<axccfh5+lf%)~=95JTurr4@gYw4xIatmuhygw|)&~V8wfJcDF^)73
z;R-rkA0H>Rj?}KRg=kS;f?)6%-7gv^IqF)z`82BQo3Z^wA%=DfgcV04FMhudxg23E
zCei5=>CO>g3-;4_u4kI2`g-;LMy~w4R9=2#XWw$V073Q^@D6ar4_nUSXl@zitT>4D
zP<J@cnaLVTYw4Keg}f5xo0VUQ_4_kX%K)(BWWIVKHqzS>drueRWOk{Vmfyt@nfTUP
zruTET!V$`xn_rH7EPFtx8@k8%;AP6W<#-;9=%n^!l&VkhY^I!r)%6Vg&D<}*Y7)2z
zIxSa@_NyuH76$C&@+_Wm3tBjeJ-|F=Wb8@j6F`00SXtn<Pq&~<M)6v}=Dnv`ew?Qx
zim0zQmK{V|kgIw;v~o`-7RrLB;yGC-2}W0^MX?UW@O81moRvp$G^Y%U_MTHOiw3gY
z<mJ*GBnjeZcb_dnbz>`rM0vo2qq$Gk9Hq{3l)n2%Gte;bJ@U<N<gt8N-)HZ+B4m*;
z%KmcdaVMQ+x0C>!%dWtNL)kcxQH(MY-;F2P=FC5bj=s300<9eB$Ax>LiYH%LatP6G
z)`(;ftEy_mZnh!g13??fuRwT+D{QPS@yVjSsOI_2Ckrqp$q%NqkJpzTL_UM!*3*UR
z1zuU~a>ubetUj8j9s!*v>Btb>$!MKh8ArPZ&y*l7#a}H7x|gH-7*BgV_RSugr>*!q
z*&vfLj_n+#UPQHHka*(TT_|B5JI@p$CD;woBzdwfP!WToypSw5rY1rd$bQ<Fg_Zj<
zF(TGmt@(BATrtiRRH2$_H<GAJfGX!bTlQsO19d)><le*HiUWb;Y=Z)of1H;Cex$w2
z`yNB6OE(6xd*<zgE#+@!P&q6w*;6;>3~XKH#cCf%_>!dE{l!k4J5`7Z_J_nMFF5eN
zT_h(3m9;oWJ3qj7Z)2a8#b<xmcv1z#ZqeTOgrxVx`BLmAS#E!pEy_1SKGPk_DrFNi
zV*ZxXs=qYTmUq*Zs%n~0R8ozlJTFU5bS7CfVldswb|~igJz3@KFAX?wt^}RK-4#)K
z;fMX$LmiIb0465F6YCG;;M<MI)gzu!2|jS9?!VZ03Om?GWyUnWxC*;jeqL1*+^vmK
zMVZcUP^AsYr2LJ0vvHDb+%4W0mLy%TFFAl*lG1N>pT}^vfvk_U@<2A$?a#)TP66tr
z`_=ohv03D-uB8oFA+xf9HdLwBPLp@HlKh<!?C*jVyUt_DhLbR3Up&lydZM5bP3$CR
zNDxjH$_v0IsG)9;u&x8ymx@U|zua^N$9Y}W>>3pBjpK#Y?2{STpIL@n)+Z&<4c{<d
zM-HF@e4P~$TtT9kC$m{HtJKtrBbmkM8}5c(*_BvIl9?RtfsjBKd_rF;KTJ?Fa>{?U
zp_2Y-&-oIy2Gu6oR~t!eVQDpXu#H-nB$xG))*PG|fHP+cVC!guC%@Z+Y7!PBV^eH6
zp3ebVBNoy(^$K%WKiU6e&2hCBUn@z}v8-bC)$POdOY%OH^q+Xzs3!^L63U`h%$L5U
zL&xt0G2q|eot#Vm;xRk+&z{T5%!;u4c0Z{eIjA{R`9_3{HYkWX$B~Hq5~wdns^8x~
z2wpdTfqZdbbSUa4#;k~fj9O$Wnn6*mt-@fco?lBxmlrgIAgG~G2PB=`FOc%(y4)jE
z$|8qMZHSDLr##vaS!I+aX=SQhI;|W?xpJ?hQFY*HnX(qSv^uIhcuqu>GGv4&$C6%t
z;UVcH50RU}SDw$OlDG(oxOYrvB;7wB)gqV3uRUs!a)k}Zz8ak|Z@JE3`%mz?JW7#!
zrA*POtXCvy<sK<t{!%|)9EIh+e<h5rc(+|IqF*6PQl32a5uHd{`S_e1OMU|Fnm91g
z^#$D!B9G)FX=LhN>M7qGk$stIl6H|iRa(|Z?z5wg<x!oGQITDPTo;2>ZN_`G@>m)9
zg5}k{!tmI*&PaH0AqwPY^ir1AZX%x?i*7_dIWNUZdq{nRX$s`Jq!mc}OIcEXfs`+8
zs_cXt364jA8}i?u3Zr3fwzq}IqqVK9(<XAtvE(WCrjbu+bJ4xjPvnv7s(!4K^br|h
zi*Dqa=tJ_7JOwgqA&*Ivjyv)fsP`}USL)e5{m?Ft<gK-#2DwM-A?KtW1gfoBj-(Yk
z7aNv3$$61ilF1_w$yXi`OZx~!M$wD3v&b&?E$uFOi!73d<SAuJo>HE)xs)&U7yXNj
zQa`D)=w0rY>yn=wi`~loQjTgn9!ohQo3yXWNA^Weye{QR9wMVGGa%=sPGVP@zmWXp
ze(_7nrkJOamuW?2{;&Qax%pXt7QHK*;We#Iq&`~y0=X`EitJK`$SaWRBCE(Hr$k1v
z3w4esB%M|#<u_PotuJZ*$k0YbE-jtXA?qs8`i7QH^e<`Ue$gohQ0hKuI~&R^*Gp<J
zX?QF?xM=|FI&&OL+iqVIj(QSeCG9KyR%BK6WZu#Sn$MH6MR#&6y1USKcp$RKy*hOK
zo)B~UTQ2KBr)WW;dT_*<UtW(R$0?XCJL%;LI)<nKXGC#iDL+45eIO4tRW)=tY>eLv
z)Uo*8PQmWjak`-WoEF6X>Y$F~r^RU;^=H#jpFBhPt?9UbZ;(hBlXN9<<h)08CIn1}
zj=wADcN|F0<PoXNfGgspL&x6<e_N6xkddj3R3+~Ip27aF0yX-S79%VeJpYJMkmy)O
zjWSZyW>@|$__ORo)0sAs)}iC?44JKxHS_*2_*fm6A0%Y{scTnhQ{k5anN?7a0y;XM
z<RjCje>~kXDEoITT)sgfk0oULqo#R9$1+v^cOy80i|yl&f~GT_;OMv<pdO|F!F@=F
zj=vb#3oZd924)P_M$(D2_aFXS2(hSW{{pXkb=Xrr`>%+`AINlA4{Iw6__*1U{4uco
zo<v874jnpl=+N<p;?hV?SuMVr*#oalPm|wywoi-7G{0;bQ7}9wj{)R`JlXGf3D4ER
zQmxg3+;a8l_v`vb!$L;T>b|D-v~rK+CodDK7wbCC8A7iA?3$!EC`-HFpzI4W)-)h7
z*cCSoh=Q#=M$%-IO=fsxGd#YyEG-`$I&|pJp+m=C4wpu97~5s-q1s07)Hfl_*#;wG
zy)Yu$lLUYSh3DLD%rTtDL!vxkXKI3IS6lVd&h!8m^``#tL_fSeqbuS=Tyfxh3BFmn
z9}V@5aI`SRXr>zx?FCmW3q>dryqwUT_l=72Mv(lHK*~^Zu>6)bb!~LKH=^Y`E7c8%
z_q11Q;&kz6Sv*egbija6ck~JKKw5xPJ3(n|LT~1`<3JX^`0)^`NY-S1q$^mDp)A{l
z`}U^BYHgZ9ksfNjEs?udu$wv;<t`sbWBEGK(V;_!4jnrFlDM?*<kU4{TzV*Ss~T}Q
zrvzU-I0P09_A^Ju0~Y4$8#Z%i_eZp!6TEz!P}$Im0m%UfBu|)fMJJSyc!apyqECV!
z_Ma(2bf7z)pV=F87VpE-r$@un(HdQ%yl~aP1bn{s7}h*L9w{VCCYHu{Zdw}NUU8J%
zLI_qfdL;ScA6Ir$KTGxSa#qU+Jb85*Y6{Bn+N^$9y!Sjlxoa@S_YOy92FcW;!|}$l
zBkIe&8($iSZ`Pm0%9keKz17F@^_>IY=i`Vt%3RahhP%cj!>FbnL%N2++shG+Bz7-e
z+e3XN+0oM(`%e|9Z&K**aOlvXLx&C>zaeD);LlsTiZ`;bf{GeEF+Ck?_hjMD7gwVD
zBR}GS;Yk>t5{Tv|VDbw;VfNeWux|HRe7gDs0%V0}4_meR^E{H5f{Ipr@ZNgVRgAr5
zS6tz?t(yc3!6Ct2LvRT0TDS)<+}+*Xp$c~h7Tn#vaCZytZoyBjb@#sQd^~?(N}Kbw
zF?xUc{Eo9OTqQ0p5)GS^&dt;V?!&2LaNFu1G{o#NhCaH@^In*DjgP!mNU*GE>;$tj
zk@}px&T+ThNP1_3R+9`pY;2yn3W;r6ZbPf{UlN{&{(imjeTpJ-Kg(*+aBcn|n$Pd>
z>p-!AQAX1hk5#6Wx!sA`nxVpBoI+6lX|ya}Nj0Rzf-D@-1rS`tPYkZ=5A`DFhQL+%
z`JvnSRA(22MNT2c{?7nP>8DB{3@ESr`qw&27W32NvW<%g%v>#!D>fwA#b(azP&*!b
zJD}nnH|BZYy8mW079^Y6y-;ctga4LvSCTHJ5y*EM&mi*>rD|jIy{aOt0`8{5PFYVW
z2@Uv7jq^>#TpP*z{#Br0?UpLmhna}Y_B;f8-)Ys0z`l?7#Ng+PT>Hzi8W*odSqMMI
z-^k|!n}J__m{VoiAF@5&h{_2orbfKH2`h%-M^`j+BUr4*qURS?iaY8thus+cPYSr*
zo!(GkW4zD~I@{sjo6QuT!%$HK!~gvEUxsRhM*l*mhm04Fb=aP3&6mejhdyW^tkms*
z_G0nYD8o?At2wdfpu2(LB(w9y*YJNDdZ&|>61jCKruV3Ug(0-8GRFo+aIm3Xy_p_x
zt*bi?AzoALgG4a!gZhKr8uj(~TdMzs^+57uRi`U!C&1nxRTUS*17Hld4s3%4tmH{q
z`U#Mla{9`rhb`x~ylC74BI<|;rMivfh#zaumfIc0p1FEg#xQB5MvUi8+`zde2zAVz
zQGzpGfD)HVdg}@n$`J&Mby1c=8PaXTj_EEpN<-yOSC?Vh2DZkL#Z_kmtu)}%_^JO8
z{{B0Bm7D9`9APE8mw)41FF9hO3`*dNu~O_B-4j?Ts;>L5UGv<=-h@^quw!402w54y
zcse8Y&H&T6z`)4Y=ej9l!{E#BcBfqG(buIsr=-(M&aJpAUZK6?!(ZHdYKW-B=c~!3
zmfb2p7dFUM*Z&;Y-+BB4(o<}xCm&nIph&aRlp!E~cg1nd84GIb_|^(C=GN5QdXAyd
zH!&z$&>E?z1URYCMbaH#o;A)w=*v~>IL6>d8?$?eM_95<RzbJr8(zdRu4aaoar*8F
zV?^Whzjn`$>-AL|8n+6?pV6VJl<O6ELN1lLw+NU2ord3IHxK{2Gps2$A%`9tzt0n$
zv_hy!+7pm!QKPF7Fr-Zl<`5oMm`WNnb~{VqJz9!i^M75>Iy`>R@lo;83K;8z6fIbQ
zm>#Y(`5M7!I>Vl#pIWGosPwp*9xbeDzI*U2<YHiwlWZqAk+&5jFs)h+)k;JqGF&`C
z*l88+QA|KzAg$cWG%f1BdsHWvkg9Iz%JlzDDkzeOZ);4%NMxX@KIvEyYvV0p%@_Gj
zd^$>D$snS*5aZ7V@m*kvH_M0N8hT$S`ZMHpH+`2P108W#rV<eY?4x-gO~Lhvp(ByX
zSo(9~sa`zbe5>=m(12F-I^o$^Z#U^gdOx;Z)pOsahF;{iswUCmFJS6_h?4(#gdL_Z
z85(ZCFOp*a`#?OtaBrrR|GRqT?JNq@{5S9o`n0j5m^{P(vkExtBu`2G&kT{bQyVPr
z_`erOp>hU8<I(<mgJ$~wi@|7un6>*qZ_UFfbNK(?!$DKz|K%3_g$bFB9Jz%JuT`N@
zaqJLUmx|ZR+OWBXmc7XeJ1c;8IDIWJT1^)V@7-LdIwN*x6z;d(^wB$<B!M)Lo#3fZ
z!0xlfg`fy$mqc<GjF@_9+>7)pRN}ny?l{#HJBpto@2Cp+$?W_{7w?2a&<Xot@38rm
zIKJHqf93rR-~7lA%_BWM$*8uL)oQUXXA3s5Q`6Rojebndz}EKqrd65Rh=O8iDfQhm
z>lJ(IRLq9{p-DAn7q|%f)Bf2`QHIytIOCOR>XyL|<<7fB#99Jlmt#pw`^Ax0ninGB
zqoI}FJ2rPX<4o}&srRbz8qQ%tcTYe37A^3gEqsTupm`dRkri{8GUQjt1B?e{?7u@@
zuu=cn+Bnfg%S9{kx$(4TTCWo6`ocMGWWy?O4&CRH5#>f4v|O0mL=Z8_iPh)-dS;iZ
zvcVDMWqPpusKJxys>_p@+(hWKnJ(O}a6lTbR`13m#k6QLOZp)BG)TRqk^0-t5?!{?
zPTDiz#iZkFJ?m~&=IjXA=qz)^OzW)O{~<LkO@BQh|LQd>NZ(FmsPY`@ARpGw9XW+)
zR}R;>0!LMH&*x_x+B8UT4uGrSXl8eVhv#|CJ{q4Y&#`(=WGNPRiFGgVw<FQa?%_*$
zKZR$eJd49K2r}5UC`?#g)8aK(4HpfUo$s*sdDS}+Wn>iMO?2^o+dy5Qq>7R4a}L#a
zbg5E{U8|Z`Pf*C67cXObr<U;S-VD2^d9>Us^>POi=_M+-@Ou`+_Ad5ie_ZxI#ND9t
zh*B(VkA0qRiFJ<Q+waI(TS2G`?f-a3^ax>>qVYp{*sIztJ6cpMcC`L1RaVG3CKGEi
z>zudTwwt#{k)akA<wE~pVSzF$gXc)Uh%yUd574Qy5StXjv4(QmF@x4GhsQhqnol<V
zJYA&Z%=^gr`O57V?B3QiZE8H`RHadcK<H!XGtY#T3ugUgD$ra%<?sE8avajbO;vyn
zG`O5ZZ<AnSB2j!)?@ikCj93oMv3&T)YKRlj0XxwA5mKYpD72b#qeUF*h(sCVI?gQE
z$A?^H1;v{gl`LKm6T(7~{oXFxdK%i`_J}MgEh-fNap>NtYYj3!BcryAoxA*~%tQoX
zpq~lMEnfZ-b<XBGiD_t%R!h-v?is;8nTM4H^w$cqk6`1rIYpqvk-+|w>`y)sH8D0m
zfhlJQadtF7Rg*-s56ozxwM+|j%gyUV+-SrO|E(f>R}TP}0lnhqg#dU5#zB$*D`&In
z>ju+<{lm2gRQio&_^b{hRdmE^b^xay!1-?1L7ZXc6R_qmy9bx#JdY;<22sPUh4HBD
zIFT=)G5N>j=aKoaBOGvWG@?T>n$1P9Eul^5a#I4c3<X6n@3iIu2ia23r}bAt(Dzza
z5-iu1&oo5|6EZY}2eM$A=NUJv<wq5mtv;un9N-t;eXIk^C@!}m1AcPJYq3g2-q?x5
zu~W%FLyb-2eWERM#JUCS+e<f*+~|#;G!x@s%`g?St1-IeacnidtZu#?U@Fs{jTit+
zE-ZDztAk$hZizUVy2#!HsQ1qtt5ef8^(Z|_VD?WCmmUovmy-Xgp4Lam_YBk$Hkaju
zgK?8N2w$Hj04aibj5qwuaujG(B=g`TLQ~XWlo3wBmglWBmsG;VK9bq(iWzn~j?vjc
zJ0A6Pdb;P&XpO{XL}5Z=Dq;FLkFm9e&ui!Y=NIM8BI<vN@)l+CA_A!!*=Ng19?lOA
z{vnW|+iXginmH%VY$p!(0NNYh*V4*nBMm~r0-eTR;5L4!+$Q8fMj)>~0QOk%y4J`i
zI(3rM4Y`{i#&8LnUN4i^B=^2V&+FD0IN&?5|H+~$4>ftDs9l4@eDwE$eEp93ao@%m
zCWA6c3Cvkf;B{~$zmnhB$AGy!jI*(bTIo&}+c~T|6Ip^|@n=lUn1b<vWLR>h3&dRF
z0n<Ru&P=w#yuvGuTMMd=lru{s<7itxd50zySHtq#rSenpa~JTFO#D}7Ki*@S6_D$J
zY1jnuDaBk69`phmZJxY8UX^a>MW1jV%*zZ{4O67%+_(@e32dI{j>yM+-)ItX)Vfpe
z<P3eu)%`2Jos$s90jR0_qI@2Y6gakqY|N5;MNgN}G&f;aSkhNkSwm~Z;xh|8R%hQd
z>;e8i%{n}5;}|>r(D@2;lwuV(HiI6b{FLg7l+}}gL-);Rd*2`oe}WT|T8`D%mnJGr
z2QT%#3U7#~6A}+5JtY(wOUe!d<dKONOy{!TTA#RRSFcW{+UBHI^iIe7A{mBRv&Lk%
z=zJ0n+T5q*J5HAcdEkG3T9{3;FytLU=S3`T?|8}Fns}q8T#I3i^yO9QqE^-$x#$&0
z8WF&l;AyO{shTR*z4?bZHv?#`dlgpzmiSHQLB6|4<z7e{JUW~P$(NU<f1H^zK-k9e
ztbN0nLp&x(Vu~^Kyn?f39UZNebJzQHvJ&Ldm?R*DS7I>l2j)9H%t*zt=^h$ErY#Q>
z+_NZHt56R8TC%e6rE%ur55f`C_U5T<Ok$V9Z=0gWspNu92tTwYA<Qhi1{vbL_v25b
z;OJfN!>rj7W6ZQ3GZ;CGr2}8?{tlA-;yl=qz)Rr||8^NI@XvNgQ)ik1Hpiz48n(sx
zv57USP>F7%!{!6_Id|Ca-<I8hS?{tKU$7^)B?pNFoRcSYvqBfUHp5m2DUBvheXC6m
zAo+s-b_cUBjXf0fW(fdMrRd%M+|d+BGOiQzG&h%VWwYN9n|)O=?@f~X60`iy*I_VZ
zhIq>LzK$#*A`E(!X{P)dLQ>RIivg|o)oiCJx$lR3!=0vpo!sbdpG^821_<lx`GbNc
zdm4+Moa6O_WOXAewkd^JgpEk9r`_tZ7aU}sOsf1VuGq{OzzQ&=k+EVqNPcTJFz1Ur
zD$qH+)J;zd)#pix5Z$TXac685dp6vu%kR#^w<SsNN9S2m0_ir#v_2agaI22|^l>6+
zg=;k!%D^%>f$*Tj2pd9!0uM<AJDffUY&gQBmJbo_s9=oe-e3OWzdTn6V+nj(@@b4W
zDKu0CBQ)lG?;km+5+V(<QjO>R-PduswH|c!17=F5?rD33*g!Jk<~MOr^^qbmNBd92
z4A(4STMPDNJ{Ej9Dwk$kNkY%ymfv=Zq+e@&&1z-1133m#(2#|79T>C@H)A{a;S{_(
z2uL=$(Zvbx6ppZBKi25tq94TdYY3L-GPE=2BN3iTIxoX7qJ;MqTg8?NQ3-FRxM=*F
zVuocEiaCbneLS;XEuVfoBtDO@l@)B&#>K9l&|Blg?ZAAA&)y9Kt@k=Gb`j2cO2jW|
zl0wz3{Fs5v?EGIND1Fs$k)at3KTh2(K4qr9-)?M$BRc~S5ijRo^Yx|8ynj}G!lPoB
z4i)pm;d2*f{RFIVcu%zbXMcuB@8kIM$pw|1rMl-VfoG?K<lbN*T#V1%gtLEYA#}F0
zYtsi6VFH^rEJu>y?S6~Q-D{Z)7S!$QKB;IekQk(3dl4rzl1R80(@_74Q+X6IVPKmo
z{i>Znc*+Bw-N3p2QFD+bb@-J8+I|MCNosF+)uLA-i%mw$4fw;7z*eK4ED-ml#KrYO
z#Ppma5PP*b>t5A~`>Ojt=tx~BLvp#opESLgkz$An43%>v%RL=ottFd_kR!q<VARzN
zs9a|UGncDMO9@yi{E$82xbhV|aq;o&qkf#!98N2Jc5CeR@2oMmw(bwJ4jZX5+m5ii
z|GR|<w5M>v-ZBgkwgB1Jv55XW@!)78T!d!W$!|<>O>k)4or-bcH|cZCYH4X3JU7mM
z*Rh8gTXrMKUFYRmGFac=`7m5a6ET@3YBV1`9T08k4wCKUsKXIivtjlz|HK+)Y0p?J
zyBv$?Gk%0t)w4EE<A7Dw!Cyu)ySkO_FdU9%Ka_YLa0ns{zJMyVO4W<>y*DMBQwes~
zwVw<po>ZExyfJlKi*O=BSx}P~wq7-T(B-a~Z8Yekahnln;0&2p{f<ie-2LCE_$R_R
zj-%<!jgIP580Q|+gVN3_L9ef%Vc_MHO~;lbCTMXkG)#hqBJ~;?4~vTAmf2^2>>`_p
zBQg7yd1`IXRs8klFuyg}BUh!IDIy(DV8t{2&4gMP=m9&apwLHA&(7rK^t51`+Vltu
zPYL(OE4aFgr%g~AU%Mvg4EbIP4(}3F&fsg#<^4h!FSL1$b;jbi74zB9ODv>y%eJvE
za{z(aN1w3hE>=H-+sHgck$%++HE!nMF7{eza#zS5WNhjv^!O?&x}{*qNxGb~RspAH
z$0zlQ)M7ahdO$;3*A73Vuxrq>L!tCbBji#Mt=tQGw3;1k_A@kVEW>N8dyD^Aj!FdO
zyr-leRq?b;SFOfZHT6ouW8w5fzdh@_!f|9(lIN3IbbUvxxWN?un0_>dK=t_BuUP0-
z4yiC7^eOsst^OyhV|~2(ynlhd*R9MK5eB?=j4Y*JK(_q~{zz>u5xlz*$FVH_Y9q>S
zKb`^)?>G51=XY|bwWvFuIPXt|RZp?A*y2t0a?tOq>6L`$tE0WonXlhEn;SUyD|sV)
z@b*%ldL6}{+6+7=^}nhv=EoDAhlK(DX0uR2jRN{JSTf8YO4H>9CocESPn;bMsC%c)
z`u1sE=eR3e=?>vHAtb|tizf=(Tf-%(uSc#r@4Kwg9xiZMX7u=nlG2i<T4K7ktjrc5
zP-?WiWTWk)G4H)fvImlDnZDa7Amg&PSlj*?BE~nNZ$EDob+vb$@7xKTk_PT2&+QDZ
zb{05|gf-RiORRPH_cRh`ace140DmWa;Yrhu(caLAiKwa+@4~fPdwjyDUrh<xz{rO1
z=|$T$W(l)MDP`smd2{1i?|+tGX-&_s`UL-{4UbZA-5yhg_!*;#C1(~HKg6UVoKi_L
z>Q+K;g#EaPX^LtI$tM9OUif-R(x<*g*JREF50F1QBT~I1%Q7f%2}8t_MGMGhm1%kv
z!ypd=I{fnFDz(%G;h%}Gs~f$ied6P$j)3XrP-XkR!N!Hz=$uTIG~VoWjxF11BanF}
zE5%H~V~T|DfFd<H*w>OO&y67P0^<q#%)|0G#>bv)kpGFo<Sv*2Fu+Q28#nOGl5UZi
z3NRJ^=1V#3?s0_iQcs8V5F=M`1@nzk3#%0&pY3F+w^irvkX*JHm3MmUVl5$J{XqI^
zLSd*H^pSvdr^mnX!1$v;{te@92d%LD=UW%k_^N@7C|9FTHq|xrxa%r`_CpZZTc1l_
zSs!1x1;XKwn6amD29=xf)A+r5znUo1<C<uWS;+wSK`(=z(Am@h4h8b*b|1;F^1JHY
zpn|_2N6JlURIzQ!jp#P?oN!exw8OKCqnK0s?><Ov1CV!Twh$6-msu~1;koi2I*?eN
z(k_%#HlgtYPT&)bB~AQ%RZ|$xFnvmx6u#1L;U$%PnPC=8mEC_*)V51~F_=xXvDLwA
zQw!X?-NCwKe~Rb_PDyTTPoh$)PGaKJNqT-M&=08O*qTOL`W=*K+U$?@h{l;K$a-18
zReBmw6?JrC3WBCO+MZxLf!^^Hw5amO>8iwNW1Ayy^<NjenlOxJ0}XlvR0s4u-pzQ?
zeTF!jE7A56AG{Cg9G8j~$Ckq>xRd@}pYYcgszU7{A7zbzg2vUI78;qyMuBR_&8p6_
zSq&_caM}t6+Z~%d%L|yBc7jnLg{p2LOdG`ac}h<b20?$#2d4f^lwx~9oBHzKs5#T{
zmA<zKYXh#pt_!}R>HSJiFA7^?T<G_%-D0R~<48WlISOJJy180P6}yko!kwL{B>5U~
zD1;+UpO{jpbJLVL;Jk7Wl#hjRXd6=}o`jpc8-(|2c(sT2>_FNSommIx!~Hpx+^4t|
z5sO$S7|^*M<oWb9{li(2QX#1GW&c{V8SHyy?us`Uf4aFOh(Eib8<p`^^GVN+ckw(7
zx#xMDVSI|A_nVU%Vc%(S%1q}fh5v2W(Sr{H#fZQkbuQb&4vlLq#MgnJE2C#SJX<Ti
z286luJt6%~IA`~TWi!?LLa3E(ZXY)&LCG|KMRdRZx%sl9)q#9(j`MA-INLMX*ORXd
zb5XDcH{!uBPQ3_pC`p1rF_*W4)?JuDxM5*y7@6YB6|CO19y2Kke{8<AkX&^9;slKX
z3k!2J;CwZr-}J!0H$FF9-1c`w;x=ro>o3BBt9Nt#lC7dYg@Xf<34^gx$s`*t0sjU3
z>6%cpZ)obbg#Y@F>$m5-hlWO4@5(&t0%3qAgn~wplYS#Ppje%-XAX^n>@Il{V;D44
zA{+bfu;5s_)L;@+3rk6t=9t_~tqp|PcU1Kr`eRJ#__HBBzxJ~o0==dm@@IRckE@Vy
z`QW>FeOh6Oa}cV`57OQ;9~v(tY6IV~wixLV`iek)z^3xWj%H$jumDZfCwb@OYg<JN
z1{gFVazwfb)}@|#>;dNm)|xzF{E|fD-pqqid@V)I(SE|CZ*xCE&QJ-$@K6T@=H>SB
z4p)Mn=<7`^YEq<a#;|P`_Y+VmjByX?hm=kMF=H&p_rH)|{8o8yaR;hovb#w<BT?<n
z$_#uL5ajitb|f|gBx4^h7;<RZZ}|tv@20HrVmmvL0?vquXRE8HB>wN(Y+qPqlzwdn
zwqc+5oFU!!-nC9nNo4(+N=uR1DBqnfR|cCj@{Gp6w2D7XgTO+XY~gAPEL>br@?4g?
zcab1aaTwP;`U|F>5!t*LEnwn}7`3`czMMh!uc2K?f(N_%+fbi-=<b5)NZ67Ceb|$c
zC%iCLY^B`yR{pFe_En*Cl{%VF$8JxTTx%R0a7>JAL(`T7r}Sh0n!bfRCRvm4W-?U<
zhD9;_ko;b1LLE@MuM!rTAI-56`Gwp02_>?*zNfwuiiF)5iemHpTgOSA4@g8?Ao<Z9
zB}m-u&$&SUbYJxg-6jlUd`5B}rje4gK0>8F&V-Nw5YoJ}K^3+{gZ~%WgFpraJd4DO
zZ8Dx}i&KJ`!07Elwdb-OOiRL;G;yq}brOyB+;O8P1d=NRs-)wzWyQ+n=%+iOB(BEW
zzV~^6W!uh0ZxKw>z&>lbBhkHqdGmOIQSabWUgr30#_s@Emb)F}AX8LELP;?jh7vnn
zE0c6=Og>ICgqP~5e0T6={#brdo-lteeKFBuMp|AZWw-pwI`~zYSO#p*qezV8flNW+
z*SMMOB<>%?K7pgwJKod&+QIYj-O@qj$*7^7V1Rm@v7~3ZmsMlhmLRP-RSBhP@0(H;
zVItv3NhtRjBv^LOSm5NqI!5TeXO<AJcj628oC*wZ5-QNTY&`hTI~ig`ejhM{pUG6x
zdqb($^y-c-z$UoUT_QG29|GCo#Ul*ww5GSY{MY;X&;FU4OZNs3`+_TCZ&Eh^e*b2B
zM$|b3n||aIK+1FX%7Nib3{tWXGf=vF^$Txu8dpgwV69{mTbG|+AcW^fY55i@7;$et
z05ylU_Um*Qyq+MM9WW)dDhE##a{=C!h`kN@K8fvAL1In@V|Xkf>R~I1eaL{_0#$4D
zq~_I_C0oxGc2<y-%*Pz$Db{qucQ@Jiy{t5!nA?8dI@`}!qQ14y?57Jl<8)BGnS)^=
z;lH_vN&Q!7V<?|=eY*?6D;u||qXLxv!xD5Pjo<Q(C_TCW)fnfu-+|Clb^fjN=irtK
zJl>iX$CbfBo5OXg52%$3T-Udh?GvDE&z|_jU60z}3YOu3OUmg~$n?R6)4;8TsWZK^
z?`iG{_opl`QM+d4@Wq@Ae=6s}m`6<5m?{3Ltf3(coa4x^ZeCo|Ebh;|JI^*lEVlN@
zy|}4^C{X}JsSr>a24=_UDu2E;qib_o{t5svlm`mfrUbZ<K&y-VcJe`NStAIG4||_W
zG4GshW1Xc%MRn}^AYUQ80cZJm4uHg*Yzauz+)#j++%a(YLz1Ry3~!aBn14QdC`x$$
zU?1LG5-cT;^N6izm=TRj0lxK-*w}!kYj^a<1n8hYB9%>JN&4-#A10s2uIW&2GDuyX
z^;59>%J&KLVIkXzzxv|EN3t}HUh32vt!B6)?t}z;F+!M}obYoM0LQ=Qh7n37!k<ku
zpaW`$MCLxfz82HxDVU6XiO2^pTKniSjO`y2wFfl8BerLnk~>i^wB{LYe{10lie)kV
z=lf{j9OoR6#wEz3%@Pw4Az*JX(CZDH8q6g*wF!Z$tHMvQW4CC@G#ax$raBIfO|{1$
zIBb3^`F!croBNSPqxPB0W|)K)@uOtyjc{TyOe7sXuFSaPzB$8O-QiN84Y0dA4f|N!
za1ohi#k3fz7@JLVQ@9jISzU{SagbtaZ7^F+z4mn&sUg0n9G&Bz4abW;{~C;971x`@
zVbC*OQBz=sm(0rEe`0%&Tzhb%1O!HuRh>qj`%d7dV3W#;C_c)%UFslu<Nj@>ek#LD
zt^cf0UmHy<_11h|BW{1=I(YqRhC#9$E~!A{uAJPD9_Olk3MtC&w{$eK>xXO20|ay4
zXVL3t@zt0NaYtV|h|^D+5srvBr_zMp$MpWWWp?LE-?lb@JNXrL3+uPUHZ=(PJp3IP
z6#dUj%#(C@6~hfRQo_U}!IMNbyeWR+48S@?+l#U;rICpTQC@mOYRc?m2--mx!DNp1
z84mK%O5BqCohnQo|MwvB#4`j+iN2LW0vOoB8F~Yyo*3qtUNRxuUD|FR=!gjs)$tD#
zg7THL#KH14gt&jl#jogBB|gWH{XwvUcV-)Lq%Ve@ls|=Kx?jEOptzjP*7?~)2YjU9
zU5WpPYn5z9LzHkJCO}6#%Bvl_Kpol6%c_AUbrn|Eg_KQz6Q<CV8G`j3UlA{ae@YGp
zUA^Yd$(+`~i{+MQ2gk!cL_woVFAJsI4~9CH>dxqAGbjQ$Ocky%&QHoA)vV|v^!-v#
z_0EIiG;A!5R-em{5L#!eB7mB+#Wp}EWR<p1<qK@CH0=oi+%XQ9fp4c_5x3f`pB-|?
zQx&NR?#;+{&v=@|WQ^!W=#Cv8!oP}nEgP5zl1PaW{WkJpaguEJbY?X1dgdaFT#fg_
zCj9}yYplnki-f`+X%k;d^y--wh=xTmo}rddg(XLQ5dKkAA&t}4j&;OmPHp!(#(?^O
zdBVgEwx5W$^$%C;LFn5CLyV%V6mmitE6((2oM_Qv$W?AA54*!0-~%-=_?15XexwW8
zi^yMqFT<hkLG?|jM1CI_&$0+bd;?E~!yaY>tYcM8-a_~SD006cI8~q7bHGoh6&J(D
zqo*1US0cM}uj=nX?aNa%_?6B=A5ZO<spj3!M~N)e0OH{@mV5$iM4G4e>xaPycHA))
zgpV!F%Vb@$62`xl<Yut8_xyb=dM^Kl+iug*ar@f{^AE9$&h%X|5UJAgzV{1k9b)fP
zY=AVHw|;{A)>-_CW`}#fY*q+-!h&z9pA)h+9ZJIaP1QZj1h8%YjkRyf6#+w-W=obQ
zZK8N2T};te`Yf;+J2FVUJA)BT{*igRW!+4sI{l7HPz8O4jAGIS;It)9-t;IY5Gie0
zb85~Zp-2NvcvTvA%+6?niFMv^T#Z~m*pdY#_3#iIzUlza?78xBxmokYhwOwA%q&ey
ziFY7gOlsJJk*6)n#Y2wL4gy_YV8Ac&#79ALLpRl+35lic;r1`6m)eSI>TxY)aS6s;
zc?wOW&B}HNtkUz6_Iss$T(XY#dr<7^8FpZqu6EE1)OjyTB!5mEEhNa9oFrGPDgEdJ
z8gyc%xLZ*GOw)_X@svsM7-=6norhu_V+6IeQFN}lMp8WETMKAMUm<s{8@1!QXVg5a
zekA|2_LsDWc>zhmw~nB=R!VvA3gON*{0Ihk#u90>cd8#Dej=auyAf~aIT#Gvyd`kV
zz}uDCKc+UHSMXcy^^3`Snn-Lg9W&)TTJhnjpq|$!_4_ZP%H^EaxRlVyf)J?k-Ebur
zFDUYxjXf68;}O`iV91NKtO#+ro@onr2+uy0S%2t{o3M2Cxnd>x&GW?9yx{(E;L3sX
z$IcZ`VmIWtkg_HiRwS#d*&cdhZ1w2~HryJ8Owz0NMm<<rS=srWA{*%O<Z?+2R@`0x
z>b_2+=?(V2I)*qizW2j!B*n7zX#2?hvj2$Z+Rq=vA(U$+$PzP^f;IvnDyI}|lCsxn
z?^|P-@G&}s1rwoeXu(+(?3ge7mrr1rCAl`@L7|Np*DayI#w6Dz`qPx2?|}to-x1>@
zg5Y$dbT3}5=@{~20v10JnDbu8>ikk+lek3|rAf|G=<sfE7sNE=n@;e_iwQzG;^h4U
z<K{(2zwZ16z%_+C&5m1ABLEqz>c)nj@TF{OI7Ks)LXRx7yj%v09unjD+X7#wrM-NO
z-%wR&sQK1xY9f6_pK5TPpTHfOr{5Bj1cY^M&n7yp<OQ$eF3@smp7Z&LneyV?_rf~N
z6F<wiAPzgY)hoWro8El+VQGKqP1`Q1&q*{2u<>Cd<j&P-Jwukbi}p`z!Dt<LHay!R
z9DDZ_T;n@)2z~vYU+@L6yiZ2y-#05_APQ!A&ae1mWofu+7gW|koBd)S=;6%PSS@!!
zNUQ)psx&RTpIQ9Of-zme^?f*xh&Z3&Y?5B|K#}wIOvJF;5sFg`42FCa^$M%wHqW4O
zWN|xl;8N-AISpbJZHj2DjqB`A@DcJZCqi7YIKCp}baUg)<k1U6QztPcsPoYrLT3Wd
zld<G*e+L!ReR)>cqvHj;ITB~bM;hM;RUIlkIC^<Yxb3QO(vm#GBTykcm~G>(djDLl
z(yk>ztU*k!kz+HrT11U75VS9TuP9t26oTi;<9yX%^m#A^pTE|3aENO}tLhz%I*OzT
zBnX(WMC8UH__&k{A{f@Q4~AK7XhumKk+42Z|A)c$df4PnGxRw@FtPm23*uZ54}%Ak
ztWM~);_|Fc#9*l!U43`dbxirmDmVPWes?tEYQ8o97zc+iuxyAC=Ugx=u8|0h{JiqQ
zJ~iN%1Qa-O#t#<@QEg$Rq9c;Ir?T^~Cae8yT+d)4)dH5_XwjunDVnKq7rst3qE*+O
z$u|NYZO$pWjdkRac$@k}Qqzi7j?PuV5+R~f65xzrno%FXk{6fK#fekX>g|GQomv1R
z@jTyKsEB4Ek}Bcf0LFwx4JR_^Df&#$%CU3eq?F3ns&y!``PT=XFG-GY(z?@#RWh%0
zr>T(f7x5;r{BCj=pBTYA$m;qnXl%%eUaoTV^>~qBOjH7ReF;1krcm*)xVAEp5nz>L
z@C3Jx<YPV3ol&XGhO$cHgWHiDAqy<WYKmv0?Yn`QGb<{&GxiA>wR7sul#h}flv#%g
zvoTOgMBv!Ti(X-Zm!!Qaun^fqTQ+|gREl<!;-;<&^!QWBl0_)v)1O_yXA;$(5}-*n
zcO8Et4WJjDvEcZ<lDt^J2NlcG@fzc|P>aiWS(xl5=Gphe;Qm{YINkK91=@}mQFaKu
z)o%FgyeO(|`bQwgU*p=qN0fr)j<P(YHK7bAg|;pOu}`5?PX@b2g4a4;#K-CNO$Atw
zVuIvtr%^x)*QzIASi2z>3cV<?%<!|(Zy1J-k+>tO+>)m&4Qr_t-4g}nO6!>+V`_zS
zsw1UGDbIjJs<@COT@U(Kabt9X`rLI%-A}^`)^ZI<RTfXlFS}PYrM!Dv4ILM{Avidv
z-Rh&U^$+|<>NAYW{&P}$1NG!_Tx=ylyHt&Z%PA0sy%HXoH`yOP>cfN2>>2aBAfw^9
zl(~*{1(nuakLk9h;;*z8uq)h;Wq14_h2x%ebSU`9p_`no>mf#d(1ygeKPw+>KN^;y
zNbx3TI<PB1g=B}0H+nMNc#ryT>;<!Bnd;1Q@hJdOa0D!?GKC?}uct$h!-49F*}Xt=
zGo#e6fAZH&^_Gb^@1un03YzAvA451&ZlP^C-l={?y|@dzSP@EuRY5O4%MWxbj|Z!)
zm!}Hc^$ZbIL^wS5!))9?C|J~3+$;3Q-3K5hdPs9Kc)LuRYQ8r7u8zTArr4M)mG!EC
zBk85EMu&PmnphE@oa7wq+NwP&4;jGRL{wdZ6F7$)o5*6f)itgWZ=dW4ufGGA@M-XI
zJFm)(yel`*#0^62VR5HOUz1PIoqTPQ;1rsnGy5j3S<8ef@~JB`p$i&8yf_n?na&69
zYQ4zueALuk;n#XK#^T;>fBEI%tiuM?h3skA5DopviS=o4(EF0?1WqYP>RNfVJc-u}
zqE0B7J}zLf99Af6(n+b`#%*Y)^y4lTP5`zQ-7eHrO~??hCC0jsE9!yO%DR%fT&r|a
ztdx_ftCHhRNBNKOO_=Ax4A!a8`mR-5V_PM&>Yor*@f=@qu0e9ftg`vXmiB@a%EUp3
zy0J@EA?1?#uOWOfc)=3jwP26cvXoyW>2)6~9OaPuwKi~8%20k$veDd>*-LEXft+!S
zkN%a-E44vK`*TBk{aazy^S~`w50JH&?mAH|2-G<rc(%-kq@UM6&n-B}2NfipD2FDi
zjVd${a5gXr>XZ%TMPnv@E=l+pS&-mmoZv&%mPkf0it#9pP9+$(SM@{Tdbg%vc4Wc$
zQPcN@Zjt?QK)%6eSb?{Agl*|3_ij~@XoXI8!cdZh60!Z(hqF4Dq3Q!w47CgXID9e=
zEv;q7-Qiky9kJiFH`ZkMX}f_yDNm{V;ga){c)6?t7lxQ*C_#@S0782Qx|t#Q*90y&
zkaWe1#hzN|-;@#1@`Q?iiGokxOW3$mKGEv<I*`X|@hlF+pIlqfqygh&uK^+wq$2IR
z+PJJD&~n{m@PfLrny4w}+qZ%TwS`xwejB?1{aN25JrPp`<01gk<@+Kj)1`E7vj2-)
z=-2{eEW5sGPW&agU9%$ncC+3}+~*lN89jEBfR*BVowstfysh&K=f4<JN5=ILlOpj9
z?6-#af@`HZJ#wy3Ew*;+^7f2W@9%Kil!Tg%vfQJPN525bOV|FDdayx;<m+2_<MhZ&
z$0cAn^-v}p(iN2FOH~33|L9ZeDmUAbCr}{jM9I{(4bnpb9!`fIF@;9gnvh;?!V`hs
z1?RUWgAIK4;t1a{cc(Y2$hgu`{g`ytlHVDE3#8k4?N#Dp+~pgN{LIx6M&D!qhNCiC
zCqAa!URPO*dUyQuhRWIhCD<QP0+6+ey!@(2dtT&BJXNpX_^;oo%;f>5E^jyoPGo4u
z2aW-b)@udhd;DJ?pS|Ee2m@9#!iiqMFt2)KkMAq4$`s1BpF9@DOhtVwB$ZLK+VMkP
z$~-0UYY03Jgy%D!S*24P#U@9J+++OYD1}~W)~!5-+c3bJ?_cKc6U8^y|1n%YSCBoS
zx2aw%C<=IViN!L_OB6<~Jkxgpe0Z;aCJ(8;N7+EXbVuPhQ)p%a-my#t%pFaahKl0Z
zq})@~@jH=+Woyb=l{o>=o5IeFBx=lZ?-(q1jt-nQ-Zu*-+Aq6R&h*Rue;a(3VOKoP
z(uM8|^Ua~*G9zIy>H>VwT<Wt?SRII{lNQba!%$an)ZU}|gH-F21nfU9gF80$Zux8y
ztDZ?_wB`C8J#a`Y>GCArs&0C)(4$o4zByEB^@?AAgR^_sY@4ck&s5NMNGxTSDj$?L
z_5%pe3UJL4l5x7Kan0HC^<bzKNDoEV!|{HHgx{M`QKFkSYha&Msb%NMuCNCrt8w)0
zJW=<<wr;Ps!FMZ}5{spTKHzT@XJP5+xb->X_uCyLQataJp=11=e*4^~D5&K*9Cc50
zbb+kEsi{_gv2lJ6?Ug(gt1Qmw>Ljnx4Xt$;8DkP>#FrmCZ?#(EALCC`42Jnw;>W93
z`qs8zgYw*O_BVutsXhTuLC@39u<pxH!|=0kr}#XvJ<m1B5%xO8q<Kke`!=(LG8|J3
zWn^|F(JA!0)QQ|`$TU?=Q8{K04W)10NZG$O{r+d@!zlH0=!4}Vdk21U$r(Y>H}fIz
z<YX-GgvF4S=f~HOxrez`m93LujvpmG)v$V}9v+{fgTF_{SU#AWd_jJo@?)?QcHuX@
zMI3r6rmk-aQ_~AbKHugsx2Wf1oY0GHa7=x#KR0l{2+f`|I}@B7ElM)d&^z-Lh1|7L
zuT&v*`sjc6COWc1wh=jJ;gDG5+RQm91kP%-zDyf08Yer|DsT&C&m;I4d0%bByk3sg
z{}j_o-zqMa=vLFEOsPLbnAA%MEqSF_MNDedV?BhZ(_I)oLPcjV_7;?YWg7ze@ru9J
zCV7Eb3GF&V`hR7M@nr)^Pw<ABXnW7-L5GGxLS!iOD4%N^{2Rn@U85D#Vv9wSC&6uL
zX}#%0!V9Kf8k@ujh!#`5I>nW0%EgUJ&lQ{-ZS}$=C1&I*!mI0q%JY+cOsZWcqPl!s
zGsCMTmW?b!2`uo&L{BR~HKmC$#;ai+XOa)dH}Tpa-myf|vtnc4?!3HH9NC5NJZeF-
zeyUy8GArp>$hp+mR<Vs%?|0O?%6{2P&>t2}W&J!q^U*^qwMP$v>VhTjft5O_Bq5>9
z$lHN9fSgMlUBFj#Wy&p2Sdsx=8h|2O0y5ILERHF}ZpF8$tgwckcxx9x1SdF<C&&s{
zDa!ze*$(L~W~ak}elqi@K-Mme$5fz}ItfBm3!hLxts;1SO>O{$dC~CwJ_%R1E{ofz
zvg8UH(`M)gbUgDcE5=kXC$$prFpQj=T1Hat7p|mxMqm_=-m@2u)ndn&o9xJV<frPj
zFNKZ$R3z5qrHk03R4M*b`s?Yo?x%QQ3Pmj8WFLFnd-!#&WoiwV#i)IntyzW?QBZ~P
zIGN0`+6wql$?m#Ev?j@2v#hu!rqx=_kxDx4I)DR(UfmSwY)P$lBB6<|^eblXZLPdY
zWE;b2K_uV9{u1RH4<809{msTSt-FJzI;2UazhsE3mOj~xx*)X`QSsgcPS1kLM54m|
zx$Mk+e}{p2uYpv?DY%-1av0zI+KS@iU8jc~yv}Jk1{fFFLwIquk2q-ib$;j1E;>%R
zATT^yWuW=~h{{qEP65fO0X2Q8u&^G^g}f0H!2eY9s&i(ua+Z3hw5Nn1aIKNw_^~rl
zbfJv3kl}fh$y&0u;G(rwNBchO>#^ulDfyG()G5NC1ohWZ*u1&2rI=m11JR1HB-GtL
zZ;mmQ6;`zdyE?7e;V={0RfFYPc<@py(*?`^>-1d0(w~Z3#HTRxg<mfrLAY#tw>Uo2
z*)JN|+@oOE7(*XTp3(DaK^3gT`0)0oV=idVT~JXgNa}Ul;ecj!4z0|XHum$QESybW
zss}8js^kw%%_egR#oq1LHcF*0SQ#exCaW)c@Y>f70~#xtHEVsH-^7+FJmjslj1xPV
zd?1l`tlJ&Gt!nTHO#d>)C8l;A3Oxl7n0zC+cc|-Y{}pDxC_^{DL!sy76nrC4l2drg
z4z{q`$mwpU@K_Ieh<LSfj5r^d7%-#l>h>JLskK=aDA^X>)A_}Z36oXxR)Z0K=d9|(
z8tfS5D~@_6!=9u^$5*gkh|=#XE@;h!q<ih=)_+@^Y<LzKRGs8T8)E?@yDtrdX7z<L
zk4bcj8xOo;jcDYKBzH<?ID(#(i3Rt(R(!Idbu3CopR*sX;RNtvc?!)mPlH}YFWnkr
z&%PwOEjH-cEv-mropL^)`?fHN-o=HlXtL*lHbd8!J^XzJlV##2cU*T{N&kkxqPRJP
z{;Sl^J@Y=l<ByHP5)*}>4(2FuRn-vh2{g>`WX67HN=yu)?XPc<m)X@v9l`JLak3|&
z#<91X+3V^I!0H?O3BjC(sA$3ge(zsA@WubOpUAGb>^r}@B8Ss#rhP)g;pOAzM+tKr
z1&x9>Y1~k{!(mBoC6N_LmY?0v9K?6~G5AItb#s<wVt(heQ3HK4FYoD;?dNl0+uw&J
zqVd4tya*CoBf>S`O#~-K=!M@a$(9^Qu`+biqt_xW-934BLP1xD1lys|SDQbWCOCv8
zJX*qrW>g(~DYd^>{fO$r3^P<KZSQjNU1y&23yc>m1@{~b0-Fqo#SB0DpDX7JE-ptq
z4_=h-Qq;o*NrcxB%@07=i7X4g6vyt4WtGk*0oF|5{AARuq0iidtZru>)Bf0Mqyc}g
z{d)l;m%3`qA~!fXudl<<p0Cp+E3Wn>g1#+%LZ0vnrO%Lsn)XBI#>7(d4dLA~N>v3{
zWFB9W=_L2pkx9)XzK$cV&FyfeG<mn(zg()bTN7Ijrs71c2yI5#XMK?_z_+>YTq|ii
zJvCYLfbGUpfw1DrvyhtM&gKBhZAo1?a?$nb?W<|YONVX=_`4ty**>UY{&F`7$ig*D
zLb2mxAV+huXBz~i7^-wVxhEG;6t@!t<af7L0RTgdT9U!Ln88++kY*F1pMx%_{S`aP
z^EkQ+CSRMn=oEFMv}uaSg|K&IZ+j@lj5b1dBvJ1AXX|4$5S-RnHLojrZZ|M4Z|cnm
zZ3hd8$v)pz58U7E9b)c;cuCOwrg;`lf%UWI0mbzyR7v0vr+_}3@oGbamV%2bj{`d`
zly-l{aQ$0>6_4L&Z9#K2N!q!^D+1|jsD|wR6T+ltQ=MDLceDJAn1dm(?20|>CH@!E
z!fL$8sXuh0Qtj@C&GBx8+>YCBi~qIat#Z{7KWCj2mZCKzR}V_meIdH)H(O=y@T1Q*
zUEdB|@>@b{Qluf7JP)HNjzq^k476d29bkj{!_3@JLem;(P2(g*HYo*fWxw>h5y;oS
zgF}PeovZAT<!^(Uy0Fd-v)I0r#RCk%f^Ix7QV{uXzqW%kVemAvmIRHq_ASw5FkckR
z9)@_M?x!1z%FyWcO%k^oRuRak`eAmwLh=Nkfwoda?MpN{Z5%{E?`7gFk;|RyK1ik?
zn`iOATrjMO<-0ku0*VOFs$f^`N4(QE!-uo{FGkk9@lk%z!nO6tuEMHj>k(|Hhy7P@
zAJCrRH4N@qTtMn}|A2aX9<J^0@wPwxQ!dTMdic1VZbZo~ts14L73x7LDG~8svGu{;
zK(QSIunqx$;Erst7LGI5%=<&61=2e0Xg(GX8UG;GD-WE(`jv>ap8?+n&;^!rW<Q0W
zgHWNf^~<Pk8|JSh7x%>1VmcrHwm3HOlII6If<SSZhpnXpHVol+SMdwU0%azd1(G4N
zhqzpnFe9O0UgE52B099aJfY4$F><P|KTrNP-$~d{d*9Ba4X@sg^P8hyEyWH#$QD)Z
z%52R(iRU?m(?v@%I+o%)3<ZBhHh#=srfDP|7Y=D(lh=E_vU!z?tf<NG$-lj^x_k^(
zNzKHL&07zg>QM22YH5wCKslD2L%r$5=;(u%=n!Mcf_Ll5`6qB-es@fV@MQ2e5U?&y
zMw&ldY|J3gw!2aKM3(!x>RPcu4{2DzXz%b{mEfxxD&dg_=jy?+I1c?wAd<eFMPR(W
z+t2D9re#;uIKD2-n+wA5TL8}X$TRlV9m&H^<5iaZ<PZS{(Q%|Ma;FzA<=_;{zkkh!
zJ9*Z~vX`nP#jRI0BuZ5R1REpMQfykd%z`>@$SP)jW!Y$>DR$4(h?~r2Fw_E1Fi@t$
z`Wtc9)_38=o{_GG-49u6#B1DvM-#E%t;~lf&1m=@DT=x}P~FfJx<7!+O~GkB5A^*(
zdKbSQN)M)pmecT?42I9^QXOwnAZDZumTV%&F*ot2lQmz161;aWSF`Yz+&W?HrX!M)
z=ex7>(--Y7;t;DChT5X;cWPJ=%}s!@rYT02i=@#e=-}l)wY6H-g1|s7o=*gJfW{IG
z$HRghk#&}T5d*l+?+;MDGN4J)?rZXJoeQ2$Q(kEiD2DNbykR>-uK4ORkwubsQ&1=~
zb1zIMV>0e7#1PrbnuQOqA8lW~8w!NGrzD*IIHA$R3lkS37vQa?Cy*pax`LAbB=I{q
z_ORu`btj4Yq}uqvf_}{<IcSFZHu6EK4hd@Zi|Wz$1$x3})wO9!PKQul;=@;+qj|^0
zncnxuR~j^5B#eJAPGCAXygv5AA<c3G3Q}UP<JO;(f>z`Mn=%~B-7SO3QwZV?@;8H`
z6qU3>0<SG^$pe}_^pP8hm~y8Zx3o5_<km+K)@<AC$OLpea9<BEy$aytchd~Jft$Zi
zvTi^Sq4(~8U#(4iiyi5zcYDZ=9YWzfPM-#fc2c=+*fJ++`+~ETn(bsGwWy6}BSgSB
z>Z-|{e|a&x{ph&^<2u&@7JYd_o79Mh24iS0?-)89LLWx}AM6NlrTjJn>yY2_bM#{4
zQi!c-RDy4j9!az6Qwq9bIeh0cPOhG!opWoGY0d3UA@8{z)PQD?HNw`n`?NhkEpxgs
zw20~Uvn>3m;EZ7Do`KMs(`bM7gawL)`b;tWIs96r2};3l+p!vRcVcMyMOVHIs3O6x
zdKxKM*4xQAJ7BRg|Kys@7>oyFq#Vy1`6GQk>}Q`3VU4*NHMI*;KMWLyIFcVVhn(Pu
zZ|(Z{`$GDD#p_V-!-t9vDKTNyS%N>SZfb-*T#Yr}!dxjnhOn!3GVxII&|&e~9m*5m
z9fd7EZcNrQtD=&6Ts$)ql-$^N87$Q7#k19&Mh<O*E0fsZaz7K4ucSo8*_~A+hjGb@
z2vYHXg_3Ve(k1ww&xpO5?GTEb(FRvUxl_GQ)R$=b6^&=RT`Bv9?nrEV+7aNl66PuK
zpw!xTZx-scC-zD|GX~RyYKZ#a{0vNaJeOQrJ;=}4@Oq+YaXa9FqwzqTgjA1#k+i4d
zp@a(ea*kD2A<7>b{2(QVROxL}2-QNAH~^;}-!7Q{4pyOmuaoVRUvi|!N%*6HW2Svq
zW|{GU^Uh&XYo9y5^W?2%^=hqdRB^mhu}^@Ghdvk8&P4k@^NwoJ6{Y*~qr;_3qgW1<
zp!UnITr~TITpC}vmBeR>eO=U`=S5=bL4es0E!}-1()c}z3ZW)MOz%nmf>F5HXTp<k
zvSg6q!loM<CFY*Ok=Z9OAM-{P>nn@`Z;?>T7mWAZ^bcS7K|`+q;I-|u(t)^V6|dRm
z2S=OnaL%P2O^fCmmx4pm51Ht358SPiiKla&TEKiEV&-57-jnhy35M<*kr~r=Avke+
z7JU{x)`+){-x|z+-`KE$2R@&CV4{gd9s{-9eH9Yb^Q**dOdjNF-uVgO|A@QD_LUQo
z{v9ZSv2{`2`N8VvwT<`VKS}TBQ*$0Xqi_8KQjkDT6XcibrtYgXR!UaE#|3d>#Gsc?
zRCU3^f!BZB+;&BsXCex2YCWH`@dB_2$(SgnF?x-~?9>>o1Rb2UMy6|vJ5a{PqwOh+
zRriv#bq9p4>PmAyz2jbWsnjmSgdjR<DmWb1E~td?t>n&TIEkWhwQ3nn>^to;$PvOe
z_Dn8+;_qFrb~w@G;?*W=EBKgW#~0)Qa71@}=KSaBC-Lk?k@~K%I?+8ji>IJ)9x#M+
zDi$BbP#Z~kiBTR_-gw%lUr5NB_1oK^6|^_1ZfOFVD+gQNNs9Um1-hh|khsoleJ7eS
zxDW)6j3yJBB<H%7b3P3|8O_JmeJ+e{@~(lAnMfhOdK3TWyDSV@Oo}Seo<68W2<si+
zAkH}-7c1mbJ5rS5O>NpQ`<~L2K$ZP&K!R<b=*s|e++e*rBC2`3ILT_|5KB2YI2dT`
zf4A+EhJ0GP5u1|1?i%mk-gHKvZS>c<!;|rsrPS~4#zJ3XI1faLEnVd9#77zUao%KN
zk(@AGf9_KHa(x13Ih!&JL{*9>>PMrDavSQ}8PwOTv+5nmj{<8hsBXS>Sh{tc=&ruP
zuG2@AW72m>@oXVUmKG>%DirO_&VmanRh>=VAw)Dc`jh@tGQ5x#VaD>Xn0OpBg0Bvg
zFJAytcGX$0xVgK)O7M>rIuq&}JEq|H?E?Dib64#mgA@*q-eAWjULRXzS%mvcQFYW0
zrpVz#S4NLZ_CHC`P!&R9_IMpz{i)5#S)@R-e2;6Nq>{W_T1#sXv$!DfOcbNYrf@DQ
zTI;Yf`xayHJQD(>C%-EM)IKn=v6Zj;!p}Ydpoygjw$IjVp$Yw!1|C$8CWqb^<n+GI
zu=};ICfL%;N&r7DdY@PxaFxRWXlxWx+M4_t+fGW`ug&n4&gXaLBApb^kEN<FQkZ&F
zkA5D@9~;h9aFVGwc=rP?>|6hQS{^ma2RJexL)*?{O}tlUX@>plbsw}FGyQ2_g*yLX
z-OF8+3HG2rMFEj)NxSm+Sj+O@WFPwks@<PyRn;47$FD*7htUmy+IgmUDE)v{>Un3F
z!=t1vPs&GK(kCxfbDpFAxBLbTNKfNOeF?y+*yN1)o?TPFKJ<>oaI-X5e&hrn{n$2a
z$0JeLx7W@f+6WK2!QKxn4Er)g)sN*R+26SV3W>YG4{itlpeLh6O?{+|^|t?Z-qL|~
zT;Tom#ptO3Y>C&ch>b6Wbw?!L>)~&#VBH?td93J4yLV*2C`&D)0_CqO36w<E8mIi~
zOKe?#Ub8>l{-d_i66-rQvk`fomK7iTe|USR?#jZhUAI!PRk3Z`6(<!Z6=Nouv29gs
zn-$x(ZQDu3w)cF$wcd5M4)#9SzhJiZv@yr%Pw#iXu1d#DEY4cp99?IGRdMHq$_DfH
zPqhT2A&|-;j%BpP{E{=UWtBLG)%Y-3Ww{7zp`!4M$4Jpkc0IPS8|09v5s6zSc7^Wf
z+(W^fs|xO{`TmqpQg#%QZoBxOtSShafHOP3e-^e$w($0SR#3hqA6Q@8pa|FzlcvDD
z8XW*Nje|Kxr`h_^?5bLj7SC5eODGl%T_Iq;PE>#u&c)o+EOyEvtWw}nPoTV$Q;ecZ
zCg-BN5d*bmgfwpg|LI6U|6{>jHaj_3E};u{@_B?-bhuZ*26H^w%_GxuQ(xrE%G#>_
zSueg=o3{O5`m-M9>`^`#1hhKLxW+=*TbWa4X2EX;RgW!A>fG<T74Ccl2GB+g)l2z?
zf$<6l<rt~%-4$`bG0SWl#+7b5cpAcFyF9k0!w29CK3JWKI#X7Znx)LmZ0K%i)uj$>
zhwk~J;h&4N3_}b_9};p-wmH#j(7ACZsYFW&c{&}LmCH16y>C|3m`%I?Zsg3jU1sLk
z%sM~%yVp|Dod3Owo9ISpFI76cN(xC#s{tz>Jd?$rSJ0*Do2yqHq0q)6QPRT$xAPAF
zqtWtS?rtqLIT&obtCkd{u`WK{OCB>@1Tgm5ZIT2cRv&WaM7k#7p@v*hDh<oWSvcN}
zxg3t`DMms-GSCI#+Qu5+SpGEf!KtY@e2m3e1D|$9B1<IGKth0@ixdeGBkI}Sl{3>^
z>Q-LurqoOCNkY^SemxWph<GSus_l5bXIA4{fLyU!g*h>th4h=yy96tqCYZi(_rfR$
zSv{wx<X+M3t(~}162hf+tLd@GF1J)2OPy?LTXi+~`vZlg#^&56@={k7b~0`tMf)^a
zcLm``o|mFS8%&m{K%xq!0~#$au`tT|Q^FJIjdzL{ITJwM*;RtJWrIXcba58>VHNjV
zL@<ddUzcsHqEdj8wftcWf!LDAnm-+p2`gT1?I!Qy2=&4g+SAby?F}kj#?v>JGj=%M
zaHb9_r9B@b`HDY=&NGmNnga#6=e2WY^v7Y%Ma`VRrbt(&`+Yc&oF3S{?pBArpCGEF
zryJABH@){ySZO2~(lBi(+xWh1-|}AeHlP>~(zQZVKqPyLivVv6Eqja~7@q!kr8cs!
zYfyj3N!W9y{^W=FHnMnPU}nuK4E|92sKF^g?g@O_^~#)}>Fw+{yuMgUIG$%io9+bN
z0y>+)<~^awiW|P~ulhPlD+~N?AFG2XS}28;mGbg*hU;6b7Ya!W;uv}e9S~siD0`|z
zAZ3;<F_l@%C%7=bY};=!6=OY@a;Q4P2%3LU9T_Y8sjCeSMg9tOYG_YCO|JG`*G!*n
zTEEZ}Wt)FcunSOa;WBYS`YEAFVDZah=a*)Md5&p#*@<rj%U?<Ej_;ds**j6yTv`2>
z3?cUWe#{VUD?6vn%gX9LD>=PB(_P1xCNXg!d>E>3{;J7R>_dsHSjfGc$njt`cihY+
z$t)hqSqOKsz`{1_J|A>m`he^o)|{#8q3Z);2zzE8{zW1hu&Od|YkGp(h>NpbeF>h)
zW4LwSfnC`zhwVUi+3fmg^5x$zSP#l=PK2jczAmtR0y?o1U<aOn%YjHAmUD%rk}29C
zg14NCC(1{<K<R^|?qG0XAd(H0bA%t(=<=dBS<RIW2`B#8V5&Sx30+Ab*;`Zs!T@<K
zs7fMce2EyQbgGai$G-u)lnQ_7d6zS-0eRToy|Q8l_3MP%5$?D$2l5k?QLwHe`d%gY
zA0On|XLEl$EI4tOLxe;h_O5PX^2uYAVZ;)(k)jHC2J0V%iFnoC{E)nI(P$EaW_-lt
zPErq}*HlXBwM3q;UQG$umF|K;cA@%XKcpOeU5$ql)iI}qZ#08>JEOH7XjeoeL8Yj+
z?C<Q9O_~8QxfoJsAS!t}7Wc9)MELXDIPNANzBqmo!DML<h$j*r3cIngdT2ioc1HmN
z=b{3T5lB`ECKl3szsqze+lLCwZ_!gjV;aUiB_W@IjPdP&lz&{3LU0)J#J^BD7TFWl
z>^Rv_yO>t~Bj2PJog7apu$W>Yq}_t|l9(HbWPR#KT`=sie`4#p4>M0hSKY7MzrS+~
zV&6bj2a$_qJ2^;}j-%gJWK79q8c|ACI^%mspW*a+2{5}(N~3ksvyZ?x{i%93{D5s#
zo6Hl{OkJY;Za(@6^JHHn&xR`7%0*b1eVj@!<yCct1*wf^Ss|1jVoe2yBI3~K<=f<N
z&#J|kvdT8rdFBMx$Nh>w%l4y|Jj0zMs-+3QJtR>3g96{2Qrumsh_e8~y(dO^Zhaig
z)wc<w5dY&41RdXxkCWfTpDHt|DgVvHamlAWpi~9xC2)STRToe~?4CaP3c^9|dD&2e
zm!Fk*vQ?~jW7=%VTLk?{Do5^JNEWu1VjpeB)BCc(VjZ)z|0<Bjmj9^ckB!htTa5Kv
zTIh3e5GNqGitL?DRS>z^PbXXH*B46e?LY?4$YDEce}R~=u4FEf`S$ojZQo0nXNVP)
ze5Lg2*yXm#mGzE)m&V3bWxjK51oCKFh%sJ}K=fvjZS<{CX3|irKo}E*H4A{pR0cu%
zY`8-iC0{)Dcp7=r!;X|6ZpN-bosOYyUvLK`EQDYj+L`>^_<2ih$x+E0Te)Q&@0`}e
z`jOU$yTQy2$0*-KT~RTdau#iXWt=V+&sN~cEctclwwsY<w$sy}OfL00up6n&t@2Mb
zgjGp-Gmxj=gOp?}0pf|gX;vb!O3KM-lHAb|9^w3lUtSq+N7wydwAJ-NIHB2p)2z&V
zyeo$M>jE>=u*lQfe>Up0e%A^Pk$=)PXZ7+lrJ+QK^Rd|hyUikTQDCt^BAABbZ?LCI
z{OpvdG&ft<h5Q-V75(2cYu@#nJO=K2j>Yaz2>wilIJ$jlZuD_}dThcrFiX)1m)MZ~
zBbeywNC$Iyt8#<^`ew~B`HL-ofAVT1ND4}#E+&{FE-f#7OW;WDO3{>C>rLKwr;gR+
zBq@;vnp&2cWP6CY-?iZpzF0v2`elhia2}bnLPTdKnQ@GMNo;VHg622Pnb|jVQLMjb
z22W+<$VDg#Cha1YO7*XbS7J^-!j!VOCyTXHcyshTJ{Cme%-GtB)=<d#y*cC09RE+<
zy)(WIm+4?(5!2lmaixVy=7GXIrr-VW+No*aINRXV{*x2!mZO1&sA;g}^3TDxgvPL-
zr@!}7SkrP$!4n?ZxH<kevA~x6RPed0(*Ac^BpB(c^b^N(f(d)-dIY>Dlb(1%g)ORt
z#?pb$1Jv^S(TO@-d>#OTcGD`<8q#9HJ!5y>199o8#Coix|MbLmnDzZUNI*HTWiZxl
zh2=}a^qKH{I&(ur()3X5bE9FxYecJ^*%Apeu(nuD&0QBSV&w8?s46-s;lMe~5Hn<f
z*xV>5gZ~aK<I0ZS0#JB}#8>U~lS7x0Ky)nb@0gG<A(GwS{afeSemQdRX5TJ?>BzId
z458IPL-!*Q6EbolcLnk6G`oe$u~@kS5br#Y_KkK&iBc(cK}I528H+~ck#Fqx$pKX<
zX~+TDLo5zuE2BqjL*1w>GTxDht||z`LwR&iT@c5g*5TR$t(P%N@Z=534j-om{vCDl
z@bpI-;c@35x<73gVT@4_^P$m(iB8t38vP*c&P4x^_Fiz0i#RI$oa1!p9wB#-`8Y_i
z1Th3rHl+zks~b{eJ<DIOwb-r_+GKeD94p+S>&oa6^y=!SXwsoIWE49M3iKzSvhQL1
z^zmni<v%2Vm9E~*KhdoUJJ(td%~rK1Fo&G0Vm%`>cPpPu;CG4T4X^u+CzZ{A-XeZj
z?u-fL>8!U(G#@5kh+mphr=6X^FRnluajaQY>aCaJeMy^vl2*uX43MRIKpAo8p*lH8
z97{M1jT-q-E~3mVz#xE6%zUSNje9@TxLjP5Z3LSh6}WYieZbkG8&@?uGE!6h9P=)V
zCU^?9QjP{?3kn+f6r?`$0F?@Kx{d%VK$Ubm8=orSm-_3R3A(r%2o9NV#OQ&-Q^;ib
z7Tkuec_=8Z{H%WPgU1M9Ra%?>6^@|H6{kHn0+4e}XBZIx32^fpYrQZuZdIB_faXFc
zlEH_ioTgi(2?eU|_6d)1yfR-&KpM#^8KO8Zv7GpnpC{#HOtTrsDi6p-s97Uj2f0R9
z)Y|Qmx5^$EIX!o>wgX;<E0PD=u{Y!btU$rTLkx@E1^6afV;Q_qK?++M(X;Jz0jaD4
zq&lW2Dc;Mn$JnN%S49Mhn30M3(+(57_~HVLl2y~}-!HDm8fWG4dR8)LL}QF;Ixi4K
zs5pi6agrg?0C1M(?VX5W5U*&UhGV44sDcOS4`n1io*tHt6xrKFJKS2=ukp$2bdnWK
zNhc)XVic^$EY9~HrOU4UAiIN+avjI-!F3}!(RoZergaVpy8TY+75?xi2$!wcpiBYI
zr?Lk_mJU$BXz_MEWRR@A0}5c@Q2ZSfuW%_(*5jiZ{@(v?yp8g8>Vrt@Es4A8LlgD0
z{ju6ES0|tYf?yQ@^OIZ_c31Bh?KJuc>%tu1^Yd?#xmymDsC&cvC$KHrn<tUIJFz=+
z{_o~f{XGGdkIU4KhTX2#aMv!!9|If^u^3S+d##IvQP9@S3lz+TkTy&$1pT<4F585R
zJobU5+nORLLuYc#u6J;qUJIjd>s|F2>btVmMdohj*J=7Y$3ReBXv7uj`y5Z>ynT*=
zPp~^ILOc!jzrtux7|p?Mwi6d&{?m6ynuLd(no}*grO6jU$9hspbvg1SL!Pv}rY(!#
z?CI0@;n;7t6;M$P=2P0WCV+JXhy=7P*Wka<4P#B+5Cv$1c7&Rr=cT7|VB<83tQ%*8
zBeRXjOL^C}E67HVf62wEm|2cLDlHwt;n0jxYwL}CylG~EsxN$_f70*%&(LWX@hPwO
znkWQcDc5*$ncb#R7_4Li5`vHaM&!u23GgL(LbusMe`#8rK5<ctnPh=LmFwe~J1_-V
z=T83lqQky{{7~_$@`wA+>QvmkPC96x&o#6IKerxYkCt$a)FobSbzX&pM}ppEb+R2T
z$wjlD#_C<&u|yviDcP@G{Ss*oN9s)|WF*u62LuM9dv*W#<ccTj)&1UydC-W1)DMiZ
zD_KqAY$O-93Jt+6(IF<CWPo{ew)qOn?Kr1u;kE^Px^Um_YOWrrR3~plCu`Nw3^6To
z9lkA==*xVAzrqXGupNGsB!e>kQXvfRu0-Iuq~13@)Z_j~N!;4z<3>t*G#%JoEU>qr
z5J{ms{C{X|fbS_%4%pAq#P}^(=BBwzj%a-(mgM5=<Gl1m7AAx75WNWy#4~dpA3Dz9
zb6M84Z)q&YXIFEdm|gF1e)I-gmEQIdUV~~&Dy6o8F|A=*8Dpw2fw5^w4IItAy=(Yf
zk1_rU2b$Y{p~PGdtKN7rD(q?;`nO~epd|sZLn1SSU>H1jZdM|`v3=Ru#Wh;QNn%80
z<L8mzH7I#n$>Sd|+VI??Ox>rr3v1#^vgpJyT4kq;ZCaptkKtTrM67caHZ%Y?K%U&J
zNEtbb`u||}oOIS)9dI)ie@zfg5c=)1WQQtT_y3s}ciU~-!X~^5gZ&_lRaXw^k`~r@
zI;U>o1$m*$+YBx~>19ud!m3#G?3^10!@)I6%FV@=L78L1Y(ITh?H?%%B#b?fOgi)6
zo1(h*+YRjREqDC1v}X$nsKz%#!darb2BuL!V^wZ@a;${lA+nxDB=_5k5JallhkTrs
z@w&YJ&6|sW{y5BCBu7a)*)xKOBNHdp?ICj(&LK;#2azu+WLX^i5Zd^B%J?GND}qpA
z7Qvbuhaq#c!a)U{KYB`pEuK152Puoh8|ye+NKyV|hgS(Z0YAnV0r^R`Q6pR~3w)ga
zeZXWwCUD-NwntkVLMQt2I<lCFm*Ba&nsK<czX*aUpbZ?-g}T<9aODsgT7XuxvJ-N4
z<n`a@O}zhz^ZU*RPPN=EE^;TU2Aot^h`~ySb^Pr3FhlZLNeF8{y6Ed*pkj73A~l&@
z4V~rk4iayl-Yc~)z365qKA_8xV_^6X0>b8msMtq24R<G6H3WWvtY&G6b77Gqw+{08
zwCVHsbL8pR_33*@qkgrPv-|d{;fBYPYw9W;K4|Yb#GrX%IRDNy*R_txW9YSSehN)A
zN6SBDTT8|;IXH`|p5^@29sBlPncvmh)~n-|Ihk;z7yYhj|24$-r!@!jMN}iVM_0?o
zQPzLYq8oxS>L50?Vl@YB8&7C>R-wAD!g6l+(kKFXDSNQ1&Vs-80EM!<11)(-VuZF*
zwHu*?golL!zP2%m0!dc?On+7Ij3mZQ3hBIZV#mlDi7LK0e#``aj1Jmg_hvA;-ma0%
z{n+hLT=34;+CaqL0ZK`)$?nD_IG_@?DSIk}exA6*)=J`MET2WXoKnph0x|q7hH7u-
zArUtK!i}$QY!uCMi4go<*N(ScY!Z#(`GokA5@#&cmq5Agxqp20dv&D|E|FxW{-@l5
zriq|@jRDUiX?H}_t4(skJDkYYW@*_nk>>w?_<d1za7WE8gi~|ib+RgFjR*MtgTPK)
zTsDxcBbv&l7Iqdcd~FCQr5TN^`G$tC*)F-16aVBGH4(XMDH=~a@Uur~a<bA66zZ~6
zqL`RSx3|_RN$+&`lu)<Q&ps{B51dfrxz@`_huZiY<^18xj4?gA4po0Dv7)I}l18if
zcBmskf_qlZZ03dKmVw>NxCZ}^T$!^@P0^U4ZYpW-X8pClq6!S%Ln6Pj7bX{#@Y$!I
zhW~m3uEWmRwn9KFFsS+dkCF_X4Q^UsU)eAAqm=%swLEWozA@W@b9~L}1!|@V>^Ou6
zNYf7rqyLRnR2Zh{N|+B^P_*UeV}T?I>w0$Br|I~*V080X-w)okKgPU@VAC{?b*_tw
zimGuq(u9C&&#%jcwS3GDY3?R_Eq(?*^y0IFLO)WN4zw2by4!X}>dpGS$@8g8OmN_H
zqH!v}gF?Djq8}T*r7|_VTDs|6G8y{TE{bEZFQU{ji2~a*2&}9pYCLQy4f{H4-lUMW
zKzl&dx>>=A*b2Al5)b{A74g3seWr&Zl@X#JhWrR~?V4(P>fs;%GR+I{wzA=S;om&o
z20Y&mcY;taeyAq~p|Ey?a*mw&!3VUI0|e{x2V~VHxGtBR$Aez{Is`L(YtVpdp(2x@
zA9(Zs3pMKW{uIj-`#(_jx4l~a_&9*XXkZY(L%jD3oeb^B8U>sz*$KI;ySjMSAF?-A
zGO~Jte*}GIBIB;63-`z|#@j2{5=E3|2>>-%^O@TuO|(&&DQTazSGDgirOg#Fq_-o0
z#wEnN1W5e@K}}EbF-6NkX26SDOjEXe#z-&Fy;gE`vzEzyB%QU6F`@vq^)OSy=%9RD
zIXRKxNoGsA=)cU$XqkY(1)+<GVdYo|7k6lh?`<fMt0~ne@T+lhx<~FL-0^x<@WLp2
zf0s;8M<mzDvn23&F{3Tf=ZJ+iFWr_UgfCMXZq>(PI}QYCRHiI_#ThkQl(aV#lD6Zp
zkX3O<wTaC^tvjDl^~Xluo5ZpR3a(L^!|8<d3azyG9C^F{1<s7_h9LI>;F8D6{NzG7
z#mbrIyhv}Vo^y(YK&<m6sgCxRCi7(~GQm2cSVo-I_0k<*zJC8w56+yMvY($Tb%Zj9
z&=OoTaf`9~?;A#l08}CV7s|=|+4ui5uJiv&1ie|0&1`Cl&Ju!E{;W<CmU-LW$lq`7
zB`Uq^_Q0cSML2k?1eKmImACD`-&YUMK$ukMo9=|nA(Ouqm}WL7+&Azjrc@_BGR4bd
z9k}UhcZuE3QT)qm_BVi^3HfD&C8n=sygaKu7uDZqf#}BU16R4-+i-J8q#5rY%{$KK
zWV0Vcg?GQ2s*i7lPAbKnrY?L@W$OC@^AdUGWl)b9>Cx!?Rr{TWF`xpsRPs*T<>u?p
z(~|Nq$3(jt=OrL~GL-RC*Y}en_Kofsi?Pt_KY#e=sO#=Hd|o|MDwzs*d-@J*dfxAl
zS!<BPL*08b?&lXK&}7cPs+<d0WG&sSTFjaGC0T)nRuI0nk{I|l_^2_arjPz<sO7-a
z%e^<;^jVrYc-!gAfcpYsua_OgzZ&rDfuLHq<@vpvmy`cX<_O~J5+6Jus}gd9z<Mn}
zYnWp;Bc$9~vhC6FYvXrW&c5j~UlaV%y6e}&L&Oy9=VC2slJ)hC-M2{I=tj%n6G(FW
zWrWD#5Ld+K)+tD=ZJ=8PDEI6&b*;fyoLhn$K|~Nt3}{BWowe7~cSAOAs$mX@$Tx1U
z{5*dZH#eTYuD=68Glje4FM4%XJA`pXM_A_hU7XduZbo2E^R(jP&!7kNr?LXpN5ghI
z>lz#SR(sQ%3?9A`kQt)>))6*GNe@&4`S#axZ(4vlRPpZMhDNEyE-^jVsV{td8of(H
z9i8+HX$H9c-N8qYb=xZtzK>7V)e3=W2$Tr(I5z(|2VY*!fx%@)K}_sywvI>3DbPc*
zZyNyu*`m4M(cN5R1)%Jng%_AH9sY>Qz-DK!>-SdSwZ?*nukf%U_gG_#jWzpQ1dD_(
z&@Qc*I7>O7aou6;jh=ZtqqNz>pT4_BzkG84vK(oyv!-Q0=02ZR{K`kRKPgRn5wd;J
z54@@nPe1{WC&c=fduwhL3=7(7Cy=2@nOYv(K<KTKXJ+I269XRxK8<I|hPu(5#Hw0z
zW@ksg9d(3%*iiud>0oZIVqAjCcBVh}leBJ}N98lgsYtoF&7|eJtu-^jPdJ3>w*59U
zjCc55!xuW+G5P&hxjhx^x<8&r<8*Ww!UWygAmR2VAA~uApaoQT#>hVH(}EJzOZgwL
zO|>LphXK|}jp#6)BgzZIjS0|L+0llyn&QEjmfUYy%r(B)8VEmOY$9w_Wyv(2=B#Ed
zPLO`1x9IYYXJH+^$rLS_SML4hoJ_S$pB6HQHLrbLop_;dfJ9_^s^e6O&D8sDT~H|=
zqiiBdCMzbN-CRr`O`3B2Yc1I$*{O-3joq;8AIHV*s+4=YJhA(oRtmH0C0>8DJ2neI
zypKAc;eqji9rJq+XXXsgkLrnIFe(xY{w7lo)7n3jr_pUJxjKdloOx8MzctC9W%s4<
zB%KK+A}4FU2JP)EcQ{U<6BX9B<g3PI<4D|c>a!3*`3VURj}lVvDe`8)JW*9Zz#~Rh
z-Me~G@$MxmY}w}8MS?!hl5DjTl?#crg(<A04bl>(-TpSbF&k4Yq`9r>KZXb83z^P_
zb@DqS0Bi0RASW)`6MCRe>|Fcy(Am+LEHQ*v$$GplGA*Yr1u0FO>0ifoS=>=%B+A}J
zbn+S{HVa5nC_YwHQRc<71Os8*U`RNpAotsSB4c>2_&48mHRPSkQCHkb=t$)s2dVW4
z{C~>J@Q<q!?KaIq(m-)fly>%gz+#bMfGpX|FCmsa0NdClt#|bDq26p*&{#mme_;E`
z%zX#QeEgHXur6L?GLDJ9b`-(<&G;&BVunk1bj*&1tP+Dz`p=sH5*h(a!1QUbWY<an
z)7522<b;EhyBAB*WAs3hd9NQ$&4nAPjkhJDV3#SivZ#Qfx^{qL;e%OT0KpawO0!oT
zB%p%VAG-Q7ngmRq+0d@Vb;|{V*aR`UH-s*Fhkky|j{Wnx9q(qW5}cWS3Y@d3==gR<
zWP_a^^&@ZdBqz##l8#RQ$|7WVxL_wKNs_tV73R@Ijih%RQ(d41X1?k?I0Jg<?|SF9
zzY=^&$?%1`%TTANAqe#p-i1uxH{+ArQV&2lpOCwGR|vV`HP*b};0|<K&F8O1u+ftb
zO@AibYOy31>F3|I-3X_Zp^J38hfdYR-d}HrW?f<5*Ec3J>3T=6l0xo3n{UheTL-1h
zHZ~(P7ePLOiR|5oUR`fv?exgR)-#EV8PL%|3$Y<c6eEA>A7{T+W32z~v`@p&Ws9dj
z?l<%;4*MeDsrm#79thlcc_7?iVFxRB$r(Iz<N_Y9&tK23?Q7H@;di;|Q{zkFc6Mgf
zzDO|^@wY=<ZE&JwiRkuR$NWT=B;R1hiW7Wv+n0!Ee0_0k&K^{!L)x|6I@`C3;!-1$
zENdq-L5dnkCVNT!&!xf1T0zWx^=~+s{Zjkc?0{eMPOm|US&3wP4)hYfU<^&nJB%U#
zt;e%&Qm6y?t<1t=*2o}Au-P{(W5~5{hMZ_2?!Iuq131*KU1NA>-{GVp<n+`mi6}jh
zpJOAb6N&|*@!@e2PKcz22vm7`3UFqPKvzuoRj}fJT0tTGQzMz21}kSBv)^=-Va~Hf
zAjC@;__iGBzh)xq<3`fd&4Q>$i23ZJ0=1><2|={Af;WT^s_s(*yNoRRGqoM^6z4qt
z`^L;!TH(k9!!RA2Cuvk$t$od)vm<BE`YhC)>C;f~2anrhh5+_50}M!wq;F^)(PAkC
zVde@K{?4_3arTy5)&&LvIrQ1A;I()gVimZ;^{uoY?dzR-{t73OLauppg57#I!Q$)|
z#F@07bThp%;QxeN&wv<89JtGPgYM6H5SVO}HO1TFVZmT#k(84oh-fIv<^&_p6ZyR)
zXb-7lT{*L~7MeiO*m8TA1fwrVw7p7X^5d*{|7FFy2x5C<3oq>jgB!5s=V+|jaubBH
za)0`RzgC~h#WYbLXFT(HjFz9TmCkUZV#dtm&#L1RS#<}JCm_`i{iRUDl{n#pA1POT
zs&~k>Xs_o*8GnMdFVzje9eXSYGRD8xoNya+1ebSWWM?fA)G|&)40m2VLm^K{^`9Gz
za(l7jA%D7IyMint)%iTEw0O)xpHRt8gygisAhXKrk|1;8`xQt%Zo5)_R2S3AoHO>1
zGt$?GCoe$fdMQf4K<?qosUZ|%20ugrV`mb133ztIrGFXT&unhpR}q$_sI45J$5h>y
zq3$eMkdL8ttR4*FYN<9rr`F1XDwlT_{S;Aefv#>IxHuo1$lm)<e12U7x}nqQX5*dJ
z9ETOjlQYI&4kv6p2#Rc;lKN8$lC{qLuwu{L{i}V60mjjDk=UpwP6IjG8Q8mLke;>w
z+(?vd(~2bmU1P#UuR^*dPg|Z?xM#6+Rs0QX4g3|B2qaV5yZTe7K2z`dLCS|Wf`6ME
z+EG<lHv9pSLfc_|W4sgRgyEh?Hlha3bS6`uP&`hu*7&1^l#n~&KLBE~FEF*PUQwjc
zw^--=L3~FxL7lBEP%iL?`VTqztdeK}t?*C80#gc*QNt1xdrJzO<;3Lq!+Ns5!#f&o
zF&@w~&AyOKybDLeuHplc3cCW2x*hz5Y#W-kY-r)OQiLASZg@V7F2{=k2+0**^3oiJ
z!`(6YJcUy5j{WNO&^xj=6ohXM&=RbnF~5+9skokm$3Ea^Pl~GTz9chlHe#S_?D{o3
zZZCNoYJ>~3ay~t{y0%lIR?d$4);9^&pAbY(H@8V0ZbMouHSk5Gek{;Kjm}SW#f>mk
ziGMfNsXt}Lr=MI~&&=0R`L`@3pvyyz*&cnEcQ$~0J-P<8Gm6DuVMDX;Wjtno0iW>l
zBsg7>H{rz8c)iE=syoFN)b##wrLzh7N7&~0$MG*s!G5Yl=OxebTBdeffh%pl0V7|X
z*-_+rp|$UL@jcMR1-plM9=qj;R4i_5R2mKY?5)_aq46OcY=v8dgkhx!sWiYNV!mPs
zWSvED<3&U>1HPyhQxYh_XMwHMEy#K7YtRRHKs3jCxb)nCpS6+BiW(re?(-bk`fR^%
zE=z>}RIk)b0KTg&L?H4$2_RmWM?yl-h`2f(|JM1vw89f8N>+uP9T-+!-N#q1U^w)#
zy^~g|Tl1;NXlUvc{J}R}j+1=%qKeJpNSLkNf|awqg7uLAE@fdA=hcsO>^|M>cJ)g5
z>~V)<l(d}p#Nj9%n$AoOT1_F;_5XbGkrPe0w)pl4FRASairr!YuEu&pkdee;*Q;7v
zan$&~dPc~}w_3ktnGJuSc`I52gHw|6{}Vs%-zT#EmTC3-$U(pTV?RXH?WJ8n3f@`N
z(2uTsTSSsL$V{MfpXuR36zyi|G(f85(y@harDmG<KdT2j*Q=!b(>~Y7sbcRf|Cm2(
zpJB4oyP*>RAOa9?NZ;HlQtze9vDjSp-jRP_orG+DXX0WbvHR(;+s;1dXmw~SDj9YR
zO~cud(DXiSge)|R-)v=vYa>C0T!#sA<gjEzAtRS>7^3HNa{?5Q>^IvcK3bILszQ5^
z2Px$eG$&<GS-{ck*XuNkfIw&fCUD}_j*Ze4v5y0PqeS!f+Iys)K?xR5>gC6D^PVn}
z!-h4zJ>NW1_)U)@5@~k&20=9=ub<ng;}o*zj`S^Qf{TUA_(;p9LRuPec>`uvu~(?&
zn<N>_NZPFxB~8OXMl*t9y)c$ZHt3Fd)7)Daho2@w>7JHO7+(GwXt+H*Kg+a%L88=U
zrXOn__f5i-E-+7eZcd3?BfUSHjN6enfsE&{Bsm2Q=V#Z37h!2H;eo6*cbp0oouvx>
zRz?tiTAoR4nSRgC3_6ou8eEPP({INCT0_1y%^qbFZ5^xM*HxBQ!laVtwpILasTqGe
ziU^}r5#63nw_u9zrYkFobMkZuqRXPb(lXNjl6UJweM&w?_y?uoxY+WP!o<Y3;0W~J
z^riz5hA2zutN(O&Quu6Sl$(GB!d&pEgv%=tQde7xnCL<77=+A=bJR4mO2Ut?IyT|!
z+pT!Ep*-5S*xA?gybItk8~0@0Old7N<K{MWpo&A+e>25fI8^IdUd2^oMJI_V;@wLS
zIJ7s)Mv?^z*EQYAk_5QJ8=LicM9a2Ac+#MOLw!j8yBe7Fr_D@tWw6qer#mc3=$Ym$
zEs~Go>3eXt??ZxeXj#+WpXG1T#6$ZasPz&${Hr&<%1Ol&@9Nqp3G{}4#8BP00-{rP
zw<5j89PFeSL&tGE;UfG(EZ{c@mt9ff>dgCK@qN==sh8U#q4BtF*F8o*3@ChKqsicD
z%Axm1h0XnbXm4K^1Q{?<g`OBx=Tm?21MNFO37`IcG+W0of@%FPCH3v#A7~Rqj|V*?
zqqvqaSUXKIoGd>Zcir>~>-M0U;%Ls6KB<d!?Qgf#<i*Ko&B`^!RcnAXRVD&cBUZ={
z?~_Gr$2f-|3pZPO9OTYXWcij}%<Vr){7g@biA)A11%dGjh$zH$c?^<JcfX6KUFN%*
zW)TA=P*4Fc4*yb~MWd@&fHQ7kOP00nB5SneBfQ{IGUgV0h*+vgd5Suj>+B(CXV?>}
z_%%QCWhMUSrO*&6>?mHEkRavF72z%<UQ;*TI@GOR^Z{9nBmD%6tr{;JPfLkGXZngl
zLExiuLmlsDT}%Tzw!u}aGB(RLB^o^4qqHxyb_KVtAC#q|tak=P_{V&J^~nGy{Up7x
zgeJ$_UPsNTn;>t9C&}D0PL4G{7(BYldxMbZ>eEXmTpKu<8@EPYN4$&1);Dc5Sj+HN
z_A}r4Ou5+MGVdInNcOdfCG}w%KDC&vmLN}_o!vOtntVc}BX!nlwFbo$s$(j0U(+Se
zms%?~*3D<GCBx-a!$<o^)TULL2xR@iS$rce4s^yXB&loHA^%O&-GPtNE8C%=%_HfV
z%o;l?<A=K8v;@fWBTBQspGK4=$%4OLLp3I%>y67gG=yBO1e1~B$L>b@blt2^z&Nqd
z|ATfve%8(<+j~zTz6m`DrSlV>aqNSZN*BaZ0qBGUxgz)6Zt~dK*PALb53fKpyI_r@
zTF`wt=H=TM_C(z}NI3aLz~QTK|I&6P2X{d@U&5rsU%`ocOPyP0H5!Rc{6pJmO7CEy
z#c~y4&CJ1NsD+L}ZiK1VX)26G@kBUQ+9x1txG2yiLfdh%duSA_(7iV5XdPL9@si>A
z+iXnVQrwiP_i_EA_@-X~{Q7w>zz+jF?5D(sQ!J=3DJ``p5>n5ktsE-(4Z!AOnPK^Y
z@#U-F(fR3PC|^9;0b}{eVf=!b2*@mTQ=pk1+xYQv$Pnt#+#64Xq<<AgTCrmH!-r4}
z=JW>y{L(Pv0zndf(ptt%k%@);ch0-`*;WJr-I96Q_>L-)%j;aW;AZsK0T2C$+-N11
zGZVR&E8mPiJNk^5gv%I0H(JXm$g0(ZaaECxa-a~DAK0d-#uI1c2^xZ<LmPqVuNk2=
z$;qm~7e11yVZzo!RWowo5rdi+gF|~OK3xbrEbR^+UoMl54m768^B_)6|A{=Fc%zCf
zUnt!^fm(w_`-)X}!d26Vnh#mQAs4s;LwY;aFU3@56gtH(3JO)~s&dKhf^TcTLG5ak
zki+&m@~J$}X2plC-y$O4#w^NePktk{NwgSV1kY>KUm&nbb;wG`TCH5>k+CH+6)b|1
ztWzRh1(l_~z@@>Bkssb|P~~T!ZqX1jUrYi*TFGNQrvV}T`|K0v9`zZ2lVl6&v?wn$
z4PNRT0|MZJAC^+|%MA^=ww{=)g=OVZKt1oEiG-vvAK&xQi1eiCrNvf+^<ofLch3vd
z9U?WD(-~^OU}KL}^yzryE-HYG8%fPO)ki|h>p;ansa(6SLM?qZ2L#uVkXVmxsS5Ud
zpeHOKOh-qVCJJOk5NZG%;i!F8H#v$Xy8n@5vi4J&GH7m_G_ALWTVO9Y8lKdVtw?+)
zZeusrlxN*nQ;l&RhP&QcJaIFg;^k&v*liN7)sS~zlM)-6b0NPT4s0!5O(iXAP67?(
z|5j<IulhVO475HK^@JT%CcRAgc))UI(hLC;c<JIvII&NT{KHMi=m9lYqg_qEQH}qe
zb1t-Ys3d6Xz%$`lz7Kr1W{BO*xRdbEhgj4!*Y>f2R!(M56F_Wq^>ZFwe_~I(3O)ND
z>(Pg~u>lz#NWUm$GL|{|`G%my3pqmVnh$^W;o9d;nH3`BF<G8Uyv|IiXxiB~47E8I
z*Q6d$mp8x(@Im)%%5722hk-0izEr8iHV69zZ{38Ah%KH@tVoB+29uAD_#`|#GbbXE
z3dp_dmeC|z+lbBct?FEO`CYkS+jb3yCr5$n!-ad3QN@b7+94Sd13)Veh~$gWK9T6x
zd33KDrhM!)1ih?2ftnX7q%~|Wqu|}ft0$ny6EVUWL6{jbRfSM?fU#$N9N|S+EH=|Z
zJa<^XUd<k}KTmwSiw1qLE7H)O?$JqTK<pBYMwGm-A&5L50RPm~pM7@-lb8Qyuqn+x
zLjvgi`*qM^O`R~C4gt+O3k<2>ot%C2Mpt2Br$8Zkcl(Cn6dEHZJM<8+e|_NpvC@3U
zKBu`v0(HNC6h6}}3BgG?rYuZeTm&1Ua6~q+Ee@GG+_f6ETy^rNYSafi5!-K(Z`xpd
z6|KWwmlw*89H6-#THTy^cq~Mi6qzc?_6tWA+p_Eo<@6#{d#GrylIW>Fe(I|&x3;Ct
zm3vFa<wu6p(2sp!JO98AC=mC9*=e_t0$R$?;rjYn?4CHz!ji+VXJW_$EtW-~FLsOK
zo36irl7>=Dir`x42(zmW4>#^;@8#(-Kao!}R>m~eZhwY{frb_gF3xojy_biiF9bCA
z{$`S7?Ux<qJC8;7922gBZ#{J9{yPgOm_Ydm*FU<4+fjcC^T|>PuMF(iHM0&7O{35d
z|4v-*cI$TWCV=yNoGf_U|Hx4A9@ABe>n%<BD(=~{z6|>m6DgVEiMe|mrsEX-*w@&<
z&l3B}NLOBHBNZy0nPSBorhyhf$+@2HJ&{4KNyy}+a6dTr(R%8gBTo+StRJs2JJRIm
zt!0C9MienOCewSi2uTOSk>d+Pd=PnpaoynLMa3Z3W%6mqBa>=s3*;sV>tzWgdpntC
zkaRI7;8juwz6S2D3C_0M?K6yUr-IR8@on(3!Y(e%gEyqnEc5~aS3y)^yZ3sz8lxWY
zt{8oBKlc3VgOa#^r9~Sh_bp9{OtLes+9Pq0+j7N(4#J#@oqG)qp_f=#_i}iX>YG~!
z2{bSn{0>@-ax)Y$C0FEBk1wBIc>)a?m9~w<w9C|EC|%*~Nm@}vX4tk8z{B|u>XDry
z9{P|@ofw^;mSooe&BTH3Jcbx=k>wGHlts`$NpUiHEH#p$X|U=9_Gf!LL+k!WfDa5b
z^%Kn60`*e4WC2t5&Nneaw#U%B0m%k<ZBM#;nd>2VB5TkT*xFV92h`B3f!P&vyc=6b
z(>+Q!?Wt5*2~vC=ojE|4?=8Qf3Q^`MGX(vjHQn1D3*;@c7!Z4$-V*S)6YbXUBCRj)
z+cXoZHzS&!>B8lqPOHCV7TmD={uCqE7fVP2vP(w3oCCEL{_S7V#WPn}67v&S-OR<j
zm2A5q=%)>lM~*+5)Y>-uon64^lmEBtC5#bF32CU)ZHIPGoJm*Kmw>Kpm)v#Yq*h95
z|DTV27D-oKD^3D$Ywuz&l-zwx_q}{H&i+&HIh+-*ZlTv`ki9N6<HaB_S|SL#WLR05
z8oZ?g-aurSE(X`g$<!1WP5VL-$Xy$aX2o#Qa<GXS9ZX*da+sC=>M|CAF1(FHE&Da$
zjhc9fUHjcSie6Hp3qh~(mR^r`j)hF0Zc6d?2Pg3nw)nwp7(}Fm`@*1CWomZ^&>{C$
zOLGEn*&PPP%R7L`)zyiK=%9B>7OTWYP+A#4Q9k^BfQtI1wVqzSdgc+0hV!sKFP$CV
zy}?wcLmi<lnY7@^mN*!le}H=`BPYVa-scYna8lA8KjSwaVrNaSLhqw^3D2e}Coryz
z2ds}&D^)NgrgEes_(yAg$B|oBHmyAM$<`N1J1I-@Y_&Bssqi`cJ?!#){Hmuh(j(-$
zO2X~FQVKYXltGmE20oufR3(XS%-LA0ct!u4HFOmC%QBw6FrD`w6;jUasKR!V)!ZY3
z9hyGg!6qe3DEwi)PX_>&u^#RFS}5xJVzhRlmuLv9fG<#JAu%~Y>@uLV5hr~xx&R;3
zLi9zeWX8i-dqT1<PR@yjNh_APq@$D!sF#A%4R1~ScT3LPQ;j@V^|lh1#purpNMIX>
zKk6we@;g@7pW;e4;&44?_ktp1HG`aiP35q0ob<se-Xj80#l^kicfUu55|j*^%I~D*
zGR?m(8T*tES2Y5VajK8vxynRfS1FGi92_DTuq7zC(m;8FG)28MU1e6q<)K7r6Pts<
z<Hy%=ND<?0rR>avcfN3|?lfpp=nKu;X45RXLIJ)xtr~ikc9T<?IC67I=ZyEm+5<@`
zp=ulb2q|qD-lXFk-vw`3OA&{SzV5trt+8#|m$8YkpGJQ(4Z&5DtkB&PDR8dU3W-KD
zoEwT6M#!$!P-WNT?uWjt>E(X=+9m^<!bq?);@{`grFi0#oAeiMG*qF`l(SjJ(T-M#
zUC7;OI_(qk#0i&Fd?dEXU391pU3Hf4OF;prZLIU)?m<v;?(?h+iORK?1%4nmRAnx+
z<s2kZD@bwFQdF`EWp?V*f=nd4SXsVRa=+D(FR$FsG|G>^CF=JhS#AU}L{Y{h3k5tL
ze=1?4T}3qe@`ncCh$E;G1PX(2ULK|IVlJZqR&sJ7p6Vpi7N#ehv4X;sj)q&%n3{Yn
z4o%BLPTe0cmqWg6ghK6Y2b_Df#2TeL!VcXR5wP3$qh@E3!c1J+Z*|w!zp#h_5eNEa
z*M7Tw+tTt->>SR6)JVGOrq!;B@N&=%XI<#-sqy-gI|;*{HR3+TUZf5YX>oeJ+2m;0
zOYm~rHkR=vB^cj4*0c|rO8-5qyeD2JuPwNUmHvC$-|ZlGI3K4*EWO}8QCx;pPw6~d
z>*%i0&R6f<G*Kg8H=3Ktwh%CuaD?bg`6hzIYh#;|0*!Uc77Liu+Ymx9W}i@*8Z{r4
zpj$@K`ixf_B_58yH1xJhX!w<)r6oP)d!UgZ12=P-upe#FaHbngVLj};ily234sk14
zcqAk=UcBFy8Gm;g`(<`$;XcA~p~s`P%zLSF^rG%G{I%F+!ngJjpA%YkqE7r|9<tVT
zJj@KJw30LVPsg$=_VcMYK64zB_0`gxh^A~9{|l=pt~So=E>JOw=?VZ7xM|k=Q({%b
z?h|1oG6jOn{c3MIxPzI#>BjU#<bMpPOnY3UJgh}8-H7mIJ!^YkNWG}3X-(bC^la#B
z=Ydvv;5^9y+>bP2U8!ZjpB)(bQe+Uo3p9rw-Uj(ETT>rD0KtM7)&HZoWF-54?Xmp7
z4#xk#s4`oz>$nedAS=&>RDyjYy8UcE;hx8vrmK6e$lG(}KP!EBt3H&|;X(Q0rjI`}
zV_(g;0JzT`k9WTJf6nu{`_)ljQ3p~XG}T~mbnDIj;Q&3jUvnHBUz`LLg&5S8CO!-V
zR0za$W`JKjl@s-O$+z`Lh;sZlcq1>{B1Sd_S>a_qcmn3J9kgeDv^HOsU5ki6ah$(o
zVqMHXgE(IlP&U8T-U`mW)>2orV4n(QOI57*g{&2uws8$XK)w|hmi1yKs{?hB*N~N^
zZY@mNbJg?5X8+^;l-J;&^QwZ*<ld_1d&*Y2YURuK)xwVv?($6$7qZcG15jt0g3js^
z-a45Q#Ki@+<Fxl2i7Inn%5B?d@!hvLi2${KDIVr@H(!{sUS%t`v|r*`U(`}U=$oJM
zz6qiy0l^n9GKy`6yrXB+6%il-4<uvOfz(gN^4?CB`5M=$-&Q`r?~l{1P$O@UdHqNR
zrk1l?ET1V|y>FWnve&bn0lOzgcXvA_w>AOw0T|O?AyXDG;*nZ*^QlJopJu!s18?BY
zU*afll|P|@Mi#+`)4H>a-Q4lp-z(OwE7luD_jxnjhhM%h7avj=sJ`1y;jUcLBMK9w
zr{VUisWE>kM9-mA<k!}+oLkd>-FcJ4Rd3ATd2VHdTieR@;Wa-7K#nKsr~cRtlCzZ^
z`o~3OxGA&02EJ$uxz@^YX3SWgH{X=PF95gunT>$CaOf-I&On&H1dc3wx<Por1hqai
zx`iuI$6N-n`h_tE4dco8*ckCZvn)kODk@-iK7Ydf+{>=R#T(c3Nq1@hGnRRJ6sSOm
z4QDDd|L9-@d?ec9L$L&;^*AurvBl?U4^tX^zbICzK-NoJj5u0x<vZx~TZ8IwT}BxQ
zYBBsb1F^wZs?C@C+DUvk4@Gc(%tjrP6GFh*$y)lcW-HDwO>2S>)=#jn?Ato!3sI0W
zJ0#fUNsQLVzqUS%(qUt64yB^9_S}8P*I{C9-RpGj`o;L45G@HPQHBa$Z8@+JB9Utv
zh^K6u8RFy0FmSXk52ohi#i|8VWQ|v%mt^LYpw#$0rXIkVPs5A$H+K2+QWDMd#yXa`
zqcrx0O}r4QP$lDzP)A)IVD3y{D6(N-(1$eYC=oBu*=l1IerG!)J!;nd=ZU2Tdz4!1
zdnC8azrwk39vlWZ?17C6dgffoA2uNIpw*U-7SB4oIrp0CL#*7Wh^Dc`9|#3&(&ore
znY1nD>#&KAZK=86b_pGU*vWPPqgdWw-m04#gwu`o11Z@*<0+2V0n`Ix2PvKf?<RzF
zX>RnaW3?lH$97qq3;d%;NMHBe6-+$?-FR3S*f74+9w=VUO4!x`raLGUnwEn)#E~lB
z_i$TcONJm@8<&H4EtUnw3k7X138M#Hk*QFrfvXeh2}(|6hf;5$ga?^WOYNQwL_V2|
z=p(e&wq$zUie0$QE`ARusAnO_T-ifC?O3EVa|Hb$cjn<$;9?B&Ffhlu|I6}<_gg+~
z+og0}#-`kr07;;p$W^DSut!2PsTvCWqra}O5`+?pSS;gTYX9$~Fms+E-)IV+w!R#x
zG`qb*eZr%Nj*iJ}w=+DBraF(NGQ8J!yACzniQ%q^!IB-sC|4`gUk!pzO*yYr%`zgJ
zQOHgrA|sOc={o6q`aJo7zs^p37M<A3_mSI`;aGU;>ANFUTF(=+jq2%36%Hmoe<R-h
zT>OTd+<&HAd_P$xgSC(P)k|Q8zc*+}Pp57)=1FQxqcWs;FRlhw5T%@RFOAg7^iZ==
zXTKx-68z$6xPDJ)Tpo`RhP00MV<&9i7U5?lw7TI=Ibh!qZM+^Rx(KK1-b(6NDl=6m
zOVaR5!7cGDO~wGWul%()8bTG;59n!|ae964H0%d0$Y7a4y3kSlsv5eM)PZ`i4`(Xr
zxqxWwTgYGDpK`BE<Xk~H|I*I0)6en7?0Kj+Wxk}OL`Crp<pW(aJkw}P+S3=e|JG>^
z`J|hpI<fj6@|m$<A)Zz9A8WpsN0>lm(>&7nnWNdHiD4HS-5)sDB_$!sMF&Zu2f0H(
z5Bl0F?|#oo`It*OAZ1GJ^&5RA)!2|UEb){d&{`j~u85xm9HdN>3Z=2#Y9i4n7?~{Q
z=A0gJ%<`OZ)OxCgx)n}OsPr{)z`^^mNr%VhG*&7@8DB#MERryk-?E(<xpO)IUX2=;
zttgcpYLB~Iuopm$Q}rh?!KK!FQ&dsJC?QlX2?w(Se{g}BP9Kz4SwIMyD^;QgxBkC6
z0l!&7@QlEn8EsLN=6Ct~V?``<j|JhgvCC(JOX}zOnNnE%oahhR=$_DMjwBLY)=p$7
zm$EP|gDvj68?o~Yfgd#Gl)3I%KaGz8*h}~<5ySek;~&DfLFDo?!@-Sxg~(U>KZJg$
z_IX{;>RR)JUEI7(<d$6h^M_Pv-=Et+U3vcH%bj{YQ>JH}Y5K#{rq}G=tT&8yDB|w+
za{Vk{6cKqMeF>+T&A;RQWRv@0i$InrFhqh=a&L?ewcQELgBh-_c$WLU7vlZ;Qi{B~
z6Azqsxv$OCR`j6G-b_(6ufQR{r_PfdzQ0g`a<505Y({cKMnbTvss(SmlLun7{A%E*
zM3dBXzd%67?kyF1&BLOP)OcPmO27Igc{z8+&BugrOPdoZ<>pdsaP_ylV&}oZp#0i@
zrCrSNid}q#R88Fi2&P-z;N>|Ng^}Kk#Omj1Y&w<lo6<N`1+#8RDVl6Eh&lYLcwl<+
zH8WDxK1ED@mJs^;<KWD;7EA>UIer{$HX#gAW!<Bplhuen2ZBej*Q#*$2AJ!-@2)Na
zWv*fd{_x~0t}cQF@TrRqx9MrT_I<-9h<ZK<+X_wfg~pW6?=P&);b~$Z{kQc8VhoLi
zT!emowI5dI(kj4(oX%G6DhLH_S->%P@7ABs&hF8U9X=0;;{L1M{fFXJ-OA@gfox{P
zs2FM1U3BrA;Rs$v?S&nA`1{87=Nh<G45Um>8=_K9^l*hIp96h~?RVZd&c*<{=a1Qz
z+ffaAW4yt?+p}c&#e!Y%RNF*B^+YknDtTlm1e1&)lU*Zog(fp0(JBPu>yoIGAt&J#
zfaoQIu;;w=Tw8><Z4pl2GlbM-6(UjvD5e?FX_|2d9}y=nIaenP6Wt*M)xKJN7crEl
z5JBsv?*NT0&6+HK;^(ppcD$U&EAP#X$!CHnv3~klqCJS7Qlh@y#fzeVWFEYHb>TmM
zCvm$bc3)sK+TrH#n@wkj`~7+f1|sl<#+|e3G6I7M(J$v-6hGe|QMPb!Bv%x^AfJyY
zA^L)Enl{hg^b4wGfXCi`76L+LTf(V40^Cs&xIF<jqW47{@I!k=*>zcH5g9dNNdF(O
zGj4)~0abv4<od~ZFg4rR-cuB0Q*DIr@&I!4F2gFuR3X_-^h<>*QzwX^C6fLdRe>n!
z(8S+nd=Rm7+U3SK0SM5O&hc*ubx>q?B^;!jxOT80U`at4%TjowPxU864DbFpdbBwm
z-;r-*F0&-a)PF-(IeO~i`ra5MHG49hF$b=m965Ls1e~o@GG0-_N*35cucf0jTnqi@
z_SIzr<HVv*@K7yRKlW^}3n9+=##K6TgBvxV>Y6V@Hl<7FZtM$8*$g_4k=P#`&H70(
zK>APM`cnfRsNK}XA~xCmbE;CeUUG;2tSjZVgVyLLjXkQxbK9=UsWpXqef-yQHS!*Z
zdL&S2%2Cgk%aZy%i{8ysnMx;<5C4s)y8oRUONu_)n;Ggz2sfznPC~J{y(Xp=d%GD-
zewrW*9zSEPA&1rtP4Q}t3qcs|%`VcR6eMyYkB>Xu75)WaV*AMYz|ECxPj9LAbf#}D
zM%3ag4S$2;7{pmyOn@IEks3)up@&L&LN*WYO&mY3WnigLL3DH60_5qoz20zpz3RKJ
z(Ck%)MGs8|;gRvMvxBFr4i@#RyJd&0C3V^XK%0eLdH)YnUl~<L&}<um1$TEixVyW%
zyIX(&L4&)yyPe?f?hx$Y?(XjHk9+TT-+T3Q)~xQH>8V*=RlD}4T;t1PHud85x|xSz
z^E3hH;9o<DbTQ};A!9D#@c=V1XY}h-#$mLhM3bu%8*$={<Uhk{)P{#zN*rJ_ZP5Nw
zHhQ`q=&~FD3F8}Y#UWj--GDRUAuy#OEIE+EdgnZUPerX`O6vdhHk!#*9XaLN4}G-M
z#-cOj;Oygu5ZL;?gFTm^%O{W4qpJ;a{!%9*&|*g#q{YeXd2a0G!-Z*ETon>*OGQT`
zWZTqO6w52Y8u0k*6O)Ip7D_hf5*qKTdvoyk*<6tHZew4Iw~+Ovy9TAayE}{*dz_}2
z?l$X~rQXUcXVdRovTBQgM`~%MXLFtK-QXEj)NnN_ob6W*8(-{(2GRYcVR#jz7Yq>=
z^Z{12!c<L6dnXC(tqd}g5rcq^?~nS6%Lty2-<A&`TzDI8n04N{fc$C9)mZVopUtjQ
z`NrgIJ4+p2lCm9l%f@pAFJLkH@&TEw<_za~%8iA!f1H@gx=k9^kM95_RTqa*v&t~`
zw)ar4%0Vb+lcxDPJ928U|5mzk@jLt#mNy0h_B|PLcN-diTscdu{#3tuD2A@t7NWao
zv4c67nO;$@*OAu`z9uN&*=Dw#>J-Or6ZpW<;qSow3$An{J<)$&-)uV6OPl5~NvXx0
zPb9GH4wJ04m}jTBee6&<3UAZ8K4t;27SzUZ)#UL5&c1J0cDUs1G_1ZB$B)Zd+JZTc
zlT5{q(i0+DE9g;x_dAU?j&j6k{{)s@-xs@?xYVQT)~-!#Z|8~frC&)u{2b1c0HQ>}
zmUK+0j=KYg@jTWL^Jjac+g%?&mk9s$&eElT3r<mvlfCN@Q`#Cn^J&+FR`)x827eP6
zk-SZK+5E>Xmuwk*p}l;PZlw`cgU6MsoR=qF5z_An*Nqh!BK3#~MQ>q8UB6hOvnb*E
zCZoe^Y(D-vYC6D~!cVlewQkr`DJhCSr6D@thr6|kK4R4&y(OD1s0R2m5cEZr!e)9r
zDe-Pi?$@$!ZXAStMGTTz6;q&yV!zvclP^mD&JT8uPM#mJj(WCB-5mD;%uZr(YaF|@
zZ*HWhneL3CPHky*za^f>mmOi@E=~hNL)b;V6bS!$bVs(%iE7W&CT}?WHLWh%$&Vi5
za?xbkKSua*??CODBo(kf&I3Q^8Sn2wCt2b<s$eYp?{+&-{~9DI_}3WtxOI5omzQAD
z5~tUmURsa;Ntt>f0mL!Pqdj!`gW8fR+0>J1jriAP(sc<DE_4mbU~U`r#IbK1t|q08
zyGm4Ej$j@)xfDo3U}1a`Ky<}mD-@jpNQ@TU;`CtN*mT23Gh7X;hjF*OKf=xGP6!g>
z`5i0dDo3>P{heC&l2_p0b9sYyp6D;~wjX4hD*?=`-MvpuEMFob7Gy5=F^i`>c+sNk
z)3vI$9TLx7vfT4WyjZnX>G+Z`;}C^$C|{BxjA&r{JOAp|JF>6FKq=TSgPcc9?$mYI
zfbmTq*uI?2u=T?ord)lDv9vivN)uG&%2^w_&kMd^j)-CBdR(~}7hV>48aDiq{ETZ=
zBWi%`kh^vZk3P>c(gyQSM_E`ZTJQvuStgeS&NP|yN!)c*Lp$!6!$o}YP0nVM$(Y2Y
zM#1md+ID6(G>43VO4DQ$&#tK#y^>!Q6|Q^NzOGTOmk0X>PcQKAFCC)#>_)iZPl7ik
zhN8Qg_NIW)5c&`_&W;4i@BkD|G}hWIiQjx=-jtNA39R+;QsC<XYeb2d7X_k?q0rfJ
z?alQWZsr?dMn*}r6Mksy?SJD2qY=|sKbH#8aeGxH1R=u|X+@~W?#|iX=zbK(N|N!=
z!!giR8`dk`U1}l)XH8*ZNr*e=jI_M8=P9r=j%|9O+qNwZ#3X87A79)az3phGtu<mU
z2+U`qkgpOeL(@7Jk+|eLIa~OEzq({7S0P9FL<e54t?c?WLt0b=$g-zPEd1aY1}#X_
zl}&y+|5}#eIE|X5{wj?T8?~~9c;f~eJ2vw$wd-OFPb<X<F-wVg{05t#+$T<gS`w*q
zpd-aNb|xl=B$qPhK0yia3-Kh(9>b6@dlkSAR!K+)12DHwQ2tfDW#Vf+`SzeMB}5Xv
zk{%iER}AUNSd<q5M012Yv)_|KKN`M%zjj+nsu{a6*=H8@F@}LX3W}h5ltZmYWsYLn
z%9cN49G(D6=xI~;+Bz|kH1$+SzGXMJ%k#2<lVz@S<!`vq2;5Dqd?@FdwrmIG%Mfw0
zA>8)`FF89O>4B@JUJT3-SX|AVbUsBWAGbU-VwYLe(c8f9A6))4_BnvN7Ry#b8q2On
zxI=&18w#s?(D|tE7RySj5a9OU-VIKEjq{?>sXQrtt-Gs!X!;h}#qF<;h3eol?6!pC
zCLh(XwyP{x$m>C;b3Bq)d3eMn8ZT<%C8LqL^r5P$swA8DlUh;ipO3rpVwPC9-dS?}
z2Fk#LQ-{e8%NE*MaKIa%*p<htguk2pFyY?tF3%}8tX2%cz6(vlbBX58MwCiZD%rCD
z3}v?2;T3XLgp9<v%!Sl}TgTHfNyHE)r8IFrZCjg8&8G?O)@eZ65jq!_mJ;O>!6~A6
z9>L*y6`aG9{i$@&bysj3{D>4cZ@Geu_eIQ-*!L;V!NZg5G2Q%C;+{aK2=6M5Q7l1~
zOQ1n5(gt8<(_z9-jDnOJ<0mSjub~CqvJdW$hn``lS`ht?Uh*&vWMT~u=&h(?YrCLq
zoVEa-%K&HYo@E_1>0SLZ#gIh_Q(T;5iQ-;)$VJtcpcE+>e-?j&gzS8HmMkL|JlvWi
zyczA%y`6UpZ`$_cn6jNLZ3E=c*!vTTpV)!EsOr$+t!)nB-x<AR`UFNO19^{8U2iKZ
zv)jjQewY>$tnIIt#18CXbM2yHG8^e{1u;yDl!c3_d&=3i)L;GXf-r+eJ-YL7JwXEZ
zTdMO|+S<YPxwbOnbUo>`_>|<M@M^a%!Q}%1fyKK?^e;#4PHOZq((c9PL^@!HN?piL
zH$FcT_7FX-S-X79iHqQ^;CT}XLYjUIY@yIQr1KaZT1xaWG0N$75&cDwkr|Qj`h~bw
z{z^>24Tot+sW(E~Gh6Nk1j}CnN;C#I@bEwv#!E|C%pa20D`}|&gs693uLU(-nXg8e
z)w3V|g&tbb)JQ48+HIff=Wk~3$3gvk$?Y-^l3uy6*~XsLm@&{Wwr@HV!8O^nET^s}
ziV@G%VUkXDO9Bq+itYl3qQ9DQ0@>Rcs7$BYE%XcY<wVZnE%y%5sk+UY>W7ZezQh2{
z7#Gf3qgtMv(~f@F25F(E;OXPOheg?_UAyK!)(O`XgZC4Kqrp&={ymhiR@nNd!sCNG
zqQiD{gWsyZn(^b0t4Jd;Qq+kC9&659Kmld-SkH{nQiPN7%hD*dr3xzq(d2rFc+`?h
zwtUZY2|C~12!$C|^47#}=cb*gA6E5T=+CrxcLkLuZ-^2_Ml#JO6`Vwb&Jl=gHN(TL
z_9mYQb+BT)px-6m0XmKKJRIqJQGX>}t0Io;y9NXjP>Ha3tZ`wl4^8&Ytk}%e#Rw-C
zVO@gK_k&+rrzTP>9jR-so*ML`d|kj}a$*MhL^F*!qyH$lfN9WghH@?viGGi+O|-!^
zOW*0IuOMbfmYD3qHvVJTZ{?Rcf90P&KUkN|ERC}l`O|HNn`;Ve4#7b+7WK>qyEAbK
zL{`f)&v(sluAyhs1A(jSej!j|Y;G2p<Z`MFhc!85a$I3+&%9dhBL%dX6DZZ&XEQaG
z_L8>W__*PUq#dx>G!%+HsNM}niJoeewY{g3g3uJpw?>CfND9AAO=SA*<>}XN>vfs|
zh{h*cRwbKAvUMfhUUp3KXngtBL=>)8&MEsSw$u089;P%;rsN)_Bd0y_WDkui*Z^C6
z2p{UNT=H@NA6`$O-lai565Ph~_YZdV7s7jnI?aqvJLE07ODzZ)Juoh(!({1pZR2kV
z#^;L4PdVLRLS|y50?$v9bekCdM_fF7)QY9T=>}5qKNHkQTwL;KMcRJ6=!-*5h*2uL
zp4YhaF?WbdKD=LRu@})Gt<nz{3d}?M#GM{5lUt&ng*T2q>;z86?#|jNls=SVBxZR%
zweb9fJq#!1NvcP?pQoN8P#&r_ft+os+zw3|^GdUY*J|GWu|Zy|)BcFsnu<fA?QYaA
zULCAg^m8v)SzQoBi1&z$<i_mC7(c|hA4ihV5Kyw`3^5V`2n=fzuDWY3EMsiCS&Fn(
zZPP(a_n$!Iup~T_G0_h2L3jg6OaESq1uQ&Yte@8ao6I*lF4GctWb~<vPS_9%bBYeP
z;|UurF=5r$73Rci5aXL|^7thVH}VPpaPmV(2V%!5Bgt|JZftS=$!f!Oy0nFU6yot{
zst?;63@I=?@Sz#Kb><|K;^<eEB*=c&d>P?p@-?CK>b`^(AX9cUyQ0W2N^+pdTmn>%
z0kdTj)Ps;maL@YQJ5Q9LOdhF-nivIGLmjDvYxvqY(?Q3b$~`xaIbq^jsp)BR-6TKZ
ztzr(?1FnwHfV~^TBBU0fqtfna42Hx~AQ5bsV5GoewF8G-A75GCcKdx{ua<M0^!LAX
zh}qE+mBcZD-FSRURlj-_%*$6?oBFJY&i_F{G5(G*_n_(3mrx*ClTrz7sEnrESPA%^
z;2TNj6tS*ErLi|F!XHgJ{7ZkFK;buF7I3lQ|GNcUQl%u<A#q!9;owmy3x~4sFb#?O
zc-8nJk)QcBo8*a^g+TeRn#GYj__4^j_YCXB=(-<~sslCl@+e8br-?CZ9sk(ga)pao
za&kT9RVpEc$pgkHDLpNnb`5G9jPPkIoG^{QmfWMO0c8`vrQpX@#3IyR$@gzrk+MVK
zATzx%nSlyU=sa`m{Pa0JVrB&1NphnL>%glCS1jeB*(grKlUNKJ!&r~xniSiYtKcrC
zS#290DN1U@Amoc=u|8E9(R5uUDYEgfOyy;`NM9k6Q~l=)doR{}L5Yrf45%Vm5*Q^~
zVY)*Vl{Qi`lQdTI(iA8ScL46$E<nfH;561D``2y<pNesT8#8nE#8`?;KKigTlf!lC
zlH78IM-x&G&I0P|F`fDx6%;ci(qla6oyiw{4ScQUxCdjzhW4egA}ZMqq4!YnPQ#NY
zf#p_hk0wU_LBMRbW@6PIzZ%IlhFkGbOq8ckYB`Bo0W|R!e|0gmYHK{alKC`d;a7JI
zc6C^g4P93;TuLW<nmp6?sV(L8jRo{n_}<TpGnA`47BX%!EQ?9<Jn={-I(<IEXL50n
zvEd?X#Dgp6*2io6PA^jTP)QYg%~PYlmZL9aL-}#&WX?%+`Xyqo#aZ7%{`B3_8QJji
z#ct~M7}ZNo@k?HxtnSs=){EQjfX~qi9Yl2{Zv~-Xa^tE-B{JrSgsgiMiNe4rPX14y
z;K(S7Zm%w)p9-e|?5b@$O%l0FJWfm--NgiihCayRb-Ah|$lxCj8gyQN(f<7Y1``4X
z^l^wnjPKHY5K$&#k&a80o+}W5jM<-1Wp3$o`t#&m<}VAA4)C!7KNZBwRN$u?jB13w
zn(!tly=*of;Lo1lpk?=&i*-)m)^0_MNhZ$Z=61cIJ{3Db(PkBR-)7n9Eavx#n(R3c
zO|8i;uvu2^WUBD~vxkA6*vyP{?@y|6E1G2nmR)zI_;O<uM0x>qyg2tUMb=q>8%%f7
zl%|PfKA(7S%Xw+o?j<zG6UA9xBnMl27ZL2Zw_)VtD8n&$^AhY@_rwX!SFN#nP{Q|i
zh4>fPiJTfAD7Gv$;^AaIz{rWkm|(Ux-Nv%v{lOvET?rO5D&aulHlsMgk@=@+W;r~j
zyY-r>DAqEHJS)^<PZ=o@FnevWe?Y5}SwNVdyiZ^BA<$}rw9(PdkJ+(AG?X`!tT;Y4
zYEfI5)_e@{@~0$3+z!zne3T(CNAPNxfseV4+Q9vR1HU`NAH9h)^LREGS@nP=L>zz<
z+kH!ak_f?IzDbC)f!(>W614Cqpyu%0*zIM4<H_>Xy<pIMC-NO@?#cb7&5@yCcPG8P
z;t?B@Zw+H};z;sUrE76w9PE+tg-~&A8k>=SO1qL64k(rDV?I(AmErpwcF5=9yY4gA
zR*qo4ju)arX0D^K!2J=9A1e=?e>E7yk;a+JZl3-FI$?w{=QuE(@xJdNU)k*`v9rcv
z>Ux6qeX7>u8;i8Ug>DNt|0&cqWK*f)Esa#N{J*(Aa@|SeU8m044EM`(9ZeKHb5ZPX
z{2gcC5bgCgz5hnOd<W7QFn)gE6CSP^zDXhJk!Yh3r1tDB3nM5G4-t4WOohx6HkK2O
z`GvQMrqeK8zO1KSzg-<%kq+Z>KJt2rW`71bQG@y*t9@uZS-8{tKdda*05!c=kS40X
z;dkb^hiTloBM3yzWDsTMZdwrduwh!6L{g;HWF(2F+lXKkqHMI1k`ae{-X@|r_R~FZ
z^FzMlUK7%n?}q!_GaDUHptF3JW8}O+B@cGfu}_}Xg|YY*?uKB1ShOp%WtM8L)%tS}
zaO=Xn`%8twwuWA$Gkfmme18Kzl)S{#jR9%6&~F#*RSd3IbGtYj)MUOJkSu*OoI{*P
zC%&b#Revzm)bU7JBq;`frw%qw9^4H1pBR}2VABZIwCHAq*zX;UGL>E;?%l-<uWlcO
z0Kq>vMj+LFpRZ>Y45xJfU794DY807L2=3Qt69h|woJ9`&b5n>|83ixI%vKSL9mT%!
z<rj%Gl>`ibu2_=0i95Bfri4e`3;GZnshu{tsw}J{@cj1PUQK~clw+jsefaAXdLF9T
zn^Kp=C&Rq-TT&w7VnRZU^3WdNR#__Wa*RXTnR-xHgCYV4W|ZAx<d7!Z&tD8MweBB8
zf~1X4q`0s@VvTY`NPG-be@LqLx?k%x6Z#(h7ku?>)Nv<`QZuTBt`ly_puST%9^a}f
zp;jnb6~(JFd)_Co9RKh;kDlNH{q&cP)2}TzYIm8>Wfxb}Uz8(EGJ}b2W=zYp?RucD
z5m>)F%5JYSb%;ruJWdv<LOCE~PQYXKQWKqnPshdJ%U-RG+OG%S!PsLn@w}uL@`5Ef
z_x)PLX=cw6ULZ>%&)d43)Hsb8;jp@2HJ*%C?#kA<1hqbzw=vJOtb4z4AB#CTlVKLl
zEQIRNt#%i3qRI)7uPT9`m>Qr(N}*k-N-0McOTL$LWLoFNTB;ZGanllFKEUKx<HST=
zWzZu4OVV6yI<c#@RIg|Fz{(MQuap}RY)^xu9Ks?V>=(XPqWYVG;vwFY<~Eh74&Ggj
z%1KjW^k)BbZh_hOv!jHl4p;R+&6catR&71FVsU6ldzdls231Ac35-aQQap`=e*<gx
zz$-8xYsc8E9j+9~B`LAO1;c(r`jdva8$_xa1~t?JbV^`nWy%Z0(l=QR)bfRYB?nWg
zih>(`$m?XOqn|M>Bu)qiQ22p`La>>T0l4C7(X;6=2?_}hRW}OH65;*~CbLA!fK)tx
zn19iY-p1D5IyTn4a%7R=OGfk#OcP!t2$18EcN}c}%%!j2k}=_kdPssiY>#b*!>5Dd
zn<)m9)+fo)>QEiG^?gvj<IoA<$5FAWMj!E`W9m^~&Z3J4&a9I{FniZQSf3Sx<o5O^
z+suekm#k|US)gs7fFQj_-JUmrvs4gOqUq`RZowdHN}C#;lekn&$RH3bJ=5J?%U6+p
z4*uaMv8q%fX6J{U7T2f1vJ)huFM;TL;{4hT-u{y*K=SX;=7tdDd~<d^ld}S|Q+De%
z7Hh2(gTlm)H`-_mv$+Bn<llCf5yb)@xi%)@fe9L;5D9N8DFuw2RVNuql+XJ)NtF9D
zTJO%A9*QGz)(JThkCetz9@fiz>Ogh=Aid@k5_6qu^^WS1pM=ztzu*g^tXC<0t5X+g
zpv(34G77MyaJj20H&>A2i|@P4;+?Dlvow<`@fSQG%WUz<S{V-64uA^BA>mHVWRf7r
z=ti2*W;GtG{1e^hO<?l4Xc*;Zi3d%SvViW8_ylcJU}{p;n~DInF0p$spVq8;P$Q#C
z%3h-ANqy5O55@QL3fd;|6LdY#-@!BdMX8RJ&jmKrk|S7e1(zztM>gCQUo`X7l7q4%
zH4n-kBY&*ZckBzKtZ^1RRhsVg^cg4Z&SM*^>)J@`kU{LNjDKJ&toEzd(7fxKWUJuJ
zx}=xCm!9e@gGlaW$ke?Z6{K(y<Qp412wVR;$6M`X^ms6sza^ytEAO?cb!TM>NYP3a
z6I3Tec@~8abp${p$`Jr7A6br6**KDCpUUwv+YSa`q1SPD!(_(bFIGTy4^4Rlhb$~|
zz|VI&EAm*cB<qBs6=-W8Yxjlj@A0WeNj(_`RobViqRt~P>Aj|=D}&4gWu+9wiGMq~
zK7P#1(~vVty+V>!Ti@#+C(ZRvs-);8-Z{z}byA#T;9RM#Yo714{(*-qTX&3IRP)tt
zDrj!f7TulvK7V#V%<W5ImdE_B*8EV$?4Mdz1+Fi>Wy_i6Uc`Q@kvL^#t^=z-$3H+Q
z4>SvG#D^%z&b($4iV)Gf7(_!OQhKLdon^UJ_LL|!F>a1i0Nw<ZR05Jl%j(7eBoEXn
zN}%CKXW}%VJoB;a#U(?yXFc21V4T@0yLYoLU#hqxgi>(f;(nrW{w6S6R(a4&5_I~6
zsWYzi%FplkYVb9m+k`bX&H{DA)B(jG^gubNjW!;)bTaSV{dURiA%lW2)2gS}b|M2l
zpQ|rbxekFX%n719q^dT{yZlV0ihXsOo^Vob60Vie#gffRnY`UVcI=p#B9`wr7G#t}
z^uJzrdpyaQ$}ISoq}9m!WkvtT{%aIfoia>$9?r6WLrFFU&&?=g90{z+7|ZCG=zw|7
z_!oKIKpXeh?1}@B-4%#YY?Kq%Y+roCi>~{KZgVifE&&t~g|DKZj525UW7y(ZB0dgF
zn>isBM1GyICq3M&YpP?k7C=<%`$~Q0=I~9#Y`5HNRs4S@-!+WI^VJg<LBj!-`oz1~
zSHGN0t0&VKl<b+STpGt84oGTjK#CRTD#Y<NO%MhwC8O1zE&Cj8l;KV=c0(UxMh6$i
z@)~qjv*u~Y32iTw+K(~@)PF&afTy8LjfqT;xm5rzcempzmzFvkz6meK;+Kr`E#c^?
zybvPH^;Jw+1N?x6<n<bh4=RYK)~#Zq<k_kJwx`7%r1K>>XV-pxqO<-^{yq{z!L=t#
zq$tB0xRXv;j;0^+i$Q3Nv9^J+UHk~2RhLE^gZY-&C;qqBRwWy*3`Ne>;X+uR5U!rk
z<3zf#^+1JxVGr~1nTFp!KW>@r){WQr8(KX&-3oh&Ovb)S%NN^KTJQVP_>pqLiIjq(
zkCYn5nqo93a&Oq0yDWDhd<g$-(Sjn5GTS>wvDII7NiP!`33xjgU0v|54JYOIu5i9d
zmCJ!!XAwsiLV?sx(z1g<{Z~?>I?kQAw}pg(Z$zAEDd!#Eg50*IG$prw*Y&v;@7UkT
zz#=jb1~zn{-Z$+cyfT7cU}nWgiAne{(`Y`1bi9phu7l<9Wu2dIT^xr2H_CG#iLEXF
z%ihYbLp2<u05~^L<3tkxlVyHeCXWvet*o&V`s(i_l;qUfSAU$u%165V-lno*;r1$v
zZyt2+8~06g@2ZH#JgsWjDhf8*|2&A`|72VXmK0cv?yH9;qvs`xE_W;Q=B7xwJhtrL
zPtv<DQudD{$nW+0zTDjBBxqM$XQy*)r)%{;tFU$m1Pq1f{ll!~)@E8=F?k%uKH~yL
z-BOwuGp~~Acdf`bIcoc06}F(uHUWFV196QWW;?GQmL9?sCWI6OV8YA64fH&}{psVo
z`a0F3a33NDZPb5v-B>`*Jb>>L4aD0TE_|(ZS#*bJ;WqkkYThnCeAyY;hgSAr$7zKm
zKVg5f$e*qG)MGR7`pfziGDZ+g-U<7?5f^pzs{Zd69**a^Tf0X^@82F+dM5cSBRlFt
zpd}TY9sSa{TX81h)|MVmcR5DQ;NP6e`ldI|g^~!RtL<J}uP!J=bvaw>%0xQ0igRQA
zuQr~#=Fu4-T`S}x|Fn~geqZJgI2<;z5d#9zi*$I&M*eBxiBlTB9IL^HjzsAl!-`Ks
zh#XEihLzs_m=Z}2`EMH(1k=uc8rpE93$CeCd#2%niS#%F7`~^xGXaFOxdGTvcz{u)
z)nQ%dafy5I^dUy_M7(4w7PW``Ksm)5Qo#~83Koo7Y3-9#pZ(kYCwRRiLnexN|4tO~
zF(&~Ef@_hCkxfUM?yHI)STKqT#>^85LKv7>WTI84spkLLvvP-BSppGKGw|rQN;ign
zai2Z;iAupLEB@5Yw0Iyw96#^=s|&huLWkqz%jle=;>5nvzHG*gwMtCepy-XXH^wc<
z&{~)6f9#`?$^!R)tr?STc=~@FxP?4dI_5u*Ob;XP_@CQ<OIs%7=l-`j$ciN5|HrQ~
zQ5T39<MM+(^*obClye?DrT~)v*}emCn5fWv6yXa@h^rsYug@fl`;h(J{m#G7qKE!>
zUSA9unK|pLixOJK*G6?(j>W(ZOh)o%h)qdMvhJk^3t3JN^8Y*Dckbxy-Y~vmrGnL0
zlG#1qb+SHzZ;*&SHI0e$SwJ+B|F>3wq?Def0%R!kUZdOFK82VW(jw}FeslLKe+usZ
zOwCDMAvg{2t#$$d4gcTOX2AdV9<GO^Vr*`PN5B*6Mi99_d6iTg*AXNZ#g&=ka=_7V
zs`u&-#zBxb``jCUu2j2OMsIYLd+x00PMa6>QB*W_9zOMSR6+FL>TZ2Ib5J)DcXgx$
za3akXk~Otl%<34wgvxy3B78#yq*;=?&US$zUNMPBdqmV)gBv^x%lj|19-oRLE2OuI
z2NUD4@ttFjf;^ID0!5&;T@n`&fzhl~=F%UfiWiZD;d&}*5(gDgpVf`RXCgeaZ<u&_
zU;AXg3y_pQvbnR?1vl)R!^$)~3C+zuNx@mUku(>~jPf09R3V|M(2eS?UIGu^F?sUf
zF`n?wR^pw?h5|x~ODQPB6d~FKtr#1eymg->ut-aVxK@O(*N611j+RCpU6rT~!vPg8
z#dm~E$&P(0vo%26r?$u^;ms5-PqFcB9N8Fb9@!_*rc$A}=Jy(G9t(VBml%kUABEdz
zYc;4{-uo_I4{~;F<@=#L>KzVtn=j@Q7ao5!-ri&%t2-a8pU9qltyc_XUC-~WXLSU1
ztF@)=#I-f#?1I^2W%@*qje<`X`|dCFJ>@63IS^=Gw{nG}N2HEF|4oi;g=TrJt=9|W
zU@s>jwts7GE{n)!4gIU~_w<sIXEEhd_NmYrqiR(N2*lnHIsR1Su^hO+(XH0Me7V1p
zJ+2OoIIcLfQJuy8z~0Pml6Br*ailpw(R*EnttBg6*5dAj=HOd|u9mj}$BP-3HC-{X
zNzE`9Q@l|o?A=gsbGNbPx~dNhgaPu+AY@t!65%WrMBTly6_1ka%61;j5JM=&SQ`8m
zrC}3Mp!HHKaU1veu(pC&lqIV%Xx?b&kRR~G#r4Ii%BJl0`$CwgxM&Cz#oC2xhI01q
zEq)Qk6nakA;7SK#TZNld6?}{5D<ENUK%4PTV>6JYk7OB;?!VRXf|{jZU7-fHu))*F
zqsM-CxT%n(XiOqs)Or|F^~jS&jxG`_OOPB%bp)`Ckbp^Vwa#T`1wN&rcQhP9XRSC9
zvPw1%6)-gVg+bg|;XvgN5VoZK0My|#+kZzzjhsg8Tv6+ty>%g0UcsMyb->|rXF!bY
zc%?V8qqDYPTSe;=)vyBSBtA&3R@WJdloZ$wces$CFf_Taxon#sn<ekFyrK;`FCwCc
z%X1BDp0)||9r801CWwv1^UW+QIrDAS6B4#{lAPwB0l>^L(0BX?RNIX1UU_TGhTNC1
zqe@WsVsgf5Qit{ST$A79LCOX~#EyxREC%5=vgnif?pm501=%by6_?!_4Hc$z$NdiB
zXZu}uhBLAP)P{NL);{H4g^b4?j3`xJAmjD|MM%0t7L8+Z%>tk4aJ8>6#r#_DW-nrG
zS;ES7AX(Ibh2<iTawZ0~i88l?pM`KnApEcSSOGsNoE7is$IWq9iCGbYl>5xVXj183
zGD{(WN)E{2#Owpy4lzXhPIK^vW;C9MHLZF_D?&B#begXKDDqJ#*Gj=dR;T&WE08Vg
z7uw1Hr!E3l5|U&_<2|nJNJt$3?Byx+mKjRZSiv7)ara$blw@|D7ha-%uMFW7SPrCx
zuBsubkX<1zhot#o+(`;&{p=W~V6RYK+u463E)ZdVoinCdej8m3zo)kcc#m@dJ^e5v
z1bN4+K4&q|)Ajnfuy2_cl(xnxEf`8O*v1+g-~iD_#7E+i;lH4>n#WlUnQ=|hKygI?
zs8-~dadv>EvqAHqE6NF9khMqou`u>V^CY<;LE%nj!kmt3woI7N5^ds{;yk5mv?U@+
zY=Z?TZc$(ppB~lRP`l$6`CHYu+wI=P%YlI~_KU=Qm%5ed_F<}tUD{cvXL#J-YKh{(
z{G*eAxxf@*ui$XIf6V{sO$nXQumhU8qHm%qKsv?IoFR<PYUrOR-?Xmtp0kZMUWF-X
z9qKzefAV!gS6Qn;j>JqvOjyT2iVW^FWnpB;Pkm*ThxA3UN1yNeJ#EQRh4|^ADoqWe
zJfHjZdx_U*omi{HH;K<=H>u8F&i2Elrk1^g^*+RO+Ve&2zR{tUvOD0*_nfyb1QgsN
z6q**Yfm^V&e0{?#@9UK{u8mv4o;+lZ@9R?QJn}eMI$c#-{HDlFot&tL3kv`26}*_)
z@GKApJZE2tA8tLFJ9uG)OrSF6VEzrLC)%4lL(IA4?&g}}`Ram;`EcM!rYQ8xCbk<p
zmm5{M6>+w?kQ#3n`~p!qyyJ;(D}ZY?Hwi9u@JPwuDFROdN%T*)Ka?vSKE3rFG-FTF
zxZ5x!HkQFO6P>PwQhCB&UIaSWD|MI6=o!9*ufC`OU3&=RMXwodJ?qZfv7!cJiJ}Lu
z2>)F7-gW&7*xcx#LG<M#Y{!c6r$ku#tI)`Nn`^+;WkSl)%?n|`@Dn#gZLFgjPr<eg
ziS_bW=v9PLr0;&MpegLdghc?z-Z5sc1LGHfz?e+T2s}rrk>3Fw@J-=N0~P;yBHfEs
zhUBKP{T29`U?lK`n!_c>rNZ4akS`-9<-yUM>^FU{x?OsG$63O&K~W6Y!#Rr<P1-DK
zmfQ)xwoU52dHmBG<DP$oJ$wSKxDmq-C%M}n0b_%7TF9K^;EJcG<B65h&4H}&Q#C#6
z2*k5+H?%h7@lS5w(W!1|usNhJo~Pz%dLwLu2`7>$pKo%=_@xH3<z^XB;bZ&FMvR(V
zFuPZjOlMa)CLB3!0imyEXTZmAIV!pOPI9lUz4mSZY{V$$QX5Ng<V4d9mEzGROj5F0
z%#vI%W&ryvLlD>dh%foAB=#rI!zA~G=7Qqj*^q~--A%2Jgs<LD_sqj6zw+rYBSXcv
z7E8XAPQGu48k^xtzdrF)+wwJAh#oq5@r^GO+{~Pv`n}wVFa<pE*7oT$=4P7-FZ|Q0
zFTR3ND3ke$UQ7J5m}<kLz$s)`8(%y0S2s=ycuTbf!DC98{d&>N-JOhfdyi$aeWRD=
ziV*kM#{!?V==aE>JPAL%Yzvkg;2I7yZ_&=PvV1&6khqy54tv>2=;c8SwG+Pc66?k9
z*o^tNsmKXthuQb1m-E~!)}^fnM0R_(WBnzbLqs`(S;So^j(=#PnL85;#%U~77(-qx
zxEha|5Ej?7om2G~*=91BCmIj`9&d;K#Yt!HrFD5JdOBNUgwXgffR>pNQkRMqlCh<f
zkeViN0?R&Z7_&b&T6ecjOpJZ;j26Fg<?kIR=7@3TL3N6m7BT%VoT0?tx1vXz8M~sz
zX>t}HM<9)`4FQBn)yIKak68s9py2mZD@sg-;{hWwLf7>L<jpa>XnvyTfyGOB(XhyT
z$23JbBZHXXw;_+-G~J7(<0Nmdtn2wR<EOJ|5-#yhTdmR5fAz|BHT#=Fb{00?c5HGn
z4{5?CwGI!+Cy!#zJ8SC#nkQY*5}cBNc&-e27cD{SA3L0zu?8kUDP-IQ`2J&cv|77s
zF6WZ{ulDGRB_2EY2OloPN2K365+x8>`M-ZFSn7~{gYM=DcS>5G`4bu^I}<Olg9^+D
zB{{b&XK_N-;>G6g1HXPRg;>Gu39aLkym1NIJDRPI$z7VL$|A0@`RH~Y6w+IFLo)C!
zV|0|U**ZM)t6tcQ<cAw1UYktbO$^Mwj1`+ZOk{TYrTK+{N}oe~703w-grn@4H|lwW
z8>CrnwY^}9I$rc+8SnKb)7c&y;jJ~FU{cq#O=*l~Y3+ZWW#B7_+Jdp<MP$qjLP)xf
zY0aN*bHJ{u$c#$P%D<pnogR*YE596kR(H+Q4AsFNV1A3c6%R{I%t!IWiV6@8%S0wb
zh{p4a?nO)wN0Ex)g3t{NpY00?3WW%jyvrS@8p&Tza=(T9N{#gWuyZTN)$-j!r38;I
zsIZxm`jMX@EU7j$i9+IiU~+d>8K%XK11YzeFHD?c@IbaASQ`^BFMAzxq&9>Ev=I#T
znY8Io+PF8e;4t}=^`5?*mrwf~fU)s%f;iE97-R*<BipMg#D3j)e7Y(pdpZ+>ml*%z
z9Y5oP<4Us+nHGr)1t+LQiM@lDG`FLCn$dE#MGvxj&=X5-6JDy>#}@cFz|S#s`ZkLB
z`HeD?0DRE|;t?2|b5E1sF6QXWFaW@>uHf_g6KbmDJ2Q0U+WeOWL1>k7VfX48qM`gE
z`fmnUTCYG<Mk^%nygi^1ApLWJztu@S2<iD7)~?hT&w|LM!TnTW7tt@IwAlMs20tI{
zE(985`&pVFgxz2DMINzb7_>?uaoQ}Jsqk)=F8VhwJ!Cc$l#4SR@NGbvlLle0ERd-0
z^tM^~fiAG%Byis|ZuEQCvpu{=W4Xlg600Y(*Kx;Tlx^@cUaaX%$2s<LxJ1_ZyS<HW
z#S$KvW+XycYvz>Wnu%B2`S%5d<DhHrlYEOrrl8G6_~&QxG$%^wa4sw!J=c2v6Nt9N
zmTwXts_R22`5x>-t1rDjP6Ux|yZFL|oxksT%t>U21LN{BjH$yJr8fG*B?l<-|HupG
zq?+huo^TOm2P087^dlYaqRhAwI$}$AG39Zu(M#~?<2vH5AtOnCwcb0mAXq9569jIq
zMMd*+eUPe2fM_pH{Y0Z4Xc6AN(RK^QVldu`I*U+<ymp3Ge*GM#lO}4ow5IsRz)d%n
zqR2B9Oelt@$f~`A*RfQmUTP<ig+uYP_54m$HOa>MV9xP^wsLyMrG4an;MXEMaS-&y
zVR4XB)FYo0eZVuq{}S2E@|VfS+@4x?^9xcj+fx{Fr(-6dC)67F#!FByB{q&9T6@mz
zVv4mh%8!z^)W!3%u>fJZ5=2t-sAoe=jiIl~!hvgl<i=L!mOh;p)PylCN{fo2NQt(P
zaQ3qKOr0RzVA$S`wuUcnZ%Q}yoSPg*9&e>SfLG1995^3pGIhGGzC?r)J8fG|%gtWC
z6IqX1se9(IqekaNaBlCp*k&n|u+b19Sa&PykhM4LZ@RSm%vif+mEgs*{gO*)k4z?F
zu~bn8jSz)^8{)RJil#Yz@qwZC3yVGFp<|=cpU6O`mIw?D%k(&3e_KxbNr|(Y#|=i9
z3~MX>17X{M_S>nH*2d=vn}{6{4oOjRjlT`yyB>j(AP9s0QYXMPHG#Ro2?7308;MLu
zO&Iy`^ISeay(eG8go+aUP=3+_4Eyfji-m1ewSfe|c=UM{5Vcp)0`XH<_hC8mqY(l;
zBV=np9h&)N{j%o1l<??wgu=_43Ki+zR!AT*n($uKelzQG%J~G>i>s6!H}0=(#s<Q=
z;d+!NCw?#QqqA_KkfL+hakOx?Pq3@zIiu%%nO~i}>_|^oDyQ-7kSUH>gSZko5_{@E
z?`4rebEWk6!3VyDa*hK#{z+<UaLotTtJ6)BYj1+<sg{K+I7dwmspW4_cC<y#!Z5EW
zOh=*}_s=M4=Q7*pCSuiA<+T^>tZpvwhi1~un7;)AUsM;2#7=)*RUX9BWW_3Ls!q8b
z@p-*TapH4%Vjv9C=cd;N5)HM9-_l^uR>7_abRm{%KR?|Z`(Vqqw{9D;(R^`sx<dlE
zY|4K@A8G^&VMTfE)AkP*8l8(~D_cE@#M$K%-M3Ql5}|FpBF1{Pz$xCt4b7YvGskm`
z9PRi$XZ39YrA6W^dTP6IaXF!Mlh84?->MqJcsubPVt&`;@<%LvVvxq#1WyB8>iLfU
z{1@7Gker_qDCWPQ4%>XfI2;AcgoJCFd5*L6s&z*Cew3y6w(h{kf<ei(Y+DDrWTaqU
z=jG5NNEj<3XCS~pQIKca&I1B5h&3v?rs<v6e&HhFPtju3+b2qoo<Ql?1vBm~aZ4>z
zU^D?jLkXE_!KQ~hQ=Q(nPfm`V*8|LJ%grPVMSG<DG$_F~`ToX<!DeH<{a(&j61YHh
z0HHmH@$Imbn+Nl+q?j7Jn-&=js5NQSGp^;yL9@Sc%1y(Tk#kw3b1?TNei@;NY*`9F
z!391(;Ab<gMh+#_JsBu|l0|ys%~eno(Qn9-Sw`|xnppA4p!jlN;(g_9%W=G|fFndm
zAjb>#K(l>*6$@*LFzKixN<`~`$L8!o@`uIX=~6B)aeF{5LTG|m_0X>M^~Z~-n~4&c
zga&(jT2AB!LZCed4dm_OS#hq+z;y{*gPjh}pW}`L?>gw5DupMnA@>AQvg`rnr`Oh8
zu;DeZgtlpLJQ5aW49^Mj9%6+os-K>$IIURq)8tVmvefyEkK#tBwX{zsohWz0!C$dy
zG`(b%(b(2t3py}HKQ%$h#Jt0%=3EQ@O{<tFT;=w}C$0V-q7EnB_u3Q!WK(l+I%|LB
z9O`eHMG*_R+^x4UNl&M;&gaa5Sc`9m!|PB*(ghH#iqUG@hZwGhlvI?=r;*;4G>jAT
z;Mxr(Ly72U<HA<cjbP{}Bdz=v46uPpa7yeXSmW}kQ<)9`80!E%t{mCPa$*iP82((p
zw3&{SUT~v=V|_tkOm}48eY~Cxf@*Te74L=T_5r9W;b*pSq9(W(iY(%x26{Rb8qfn4
z6~(H_7-4|`=nH`fc=Ufv=c-N9McARHtnq2RT_dJ=+*+H~r?DpZ!@n%kI9&+40u++w
zHzKdG7iwvCs2;14Bxxx<o<t&aAlavm50o#(CdEU+z4Wf%EMBLxg6cS>AH&P7!nU}=
zKHv;=T(LWGydZ*FOfSPNor}mm>{oH_rFQ8~rDaCMjWCFyZl5El!Yb;WWRl7b;;*uz
z$2G)sUg(h7$0oi%Ty_W9jO@bipG~|uSS@oANjqZ1hds@aI+twAJEjGmLo+&c5L`bL
zk(EfBn2bJm82cvabS6V)(tX@oPQEPR#RtKx|0;EN(jolBDUl2s8<z#RkT<|sn9Ld(
zHJ@oo{B%KSb*2u@hrprh>v0~+n?;^%fD|v}!bl81iwx)bLk)Q!SZa~9tpX)CZN(kd
zk>)pA%Z<In1R+T}OAR!dBYD<(2De3)9S6}1&yh4`?p<~h_Fdg_JhWrLgt6YcT<D)0
z5r?DTHiQSw%js%&>U>+7uMA2Dj2g`8!yR4~T`J^K!kC+nI7|e&FpVsM%Ah~1FD}EZ
zfM-QHt7IIcU<3H8fvKussMx<S&Mi>R`1F)x`@QupS3vpnrDx|t*BB;~)Cm`7dUw|N
z6?anbV@-*gr9|Rajx70M5)MM4ClLj{zAUh#%iRvy*4x*;(e_e=%fl>*@NAzynYo7Z
zeoGYZ8$T;dC?||T_;B19{1K$QD<sq`j!7?drQiW7x=Q|a+7)_wZ8MqX98&-Ga~=gD
zdNWc5)!m}n$PG$us5QGh-tm~qB<5V`Y})om=_;5D)HVsm!4CU>)#CDMV&b*CCH$`{
z_YEJ`GGa7wI#4AP*+x#DUC0?5dlJ*r`$|R-ADlsTcL21dqNEVRiagt8#;}ZI%PK(O
zzcIE`j+~y%NZ)>0q8c)1iDc~KQVWor<q&9I%p#M_6E28Y3TLc6M;TNe)iz04RGVcp
zhCTPqsW~SgJU;RXKHY=@_e0OUgJg0sT`?=xjcA2yX*dULKB10OeKk$?qcIs`q?Z**
zTtf()C_O3knHF)Y^?B12W%X1Jnjz63W&A8DG2t9)*itj}MtVFL8X=N4I)l%{!{&iA
zt=5durDMfVhS6FNGLU-I!D^;CiEgj>fF$ysfDb1W63%7YpL@0T(-|H=`|SAXSWO%e
z_5HRco@0i%Qr{c-)J0zy4|m=K@gsf78UD8}WEa39SgzZ72!}3b21ihDucej{ZB_qQ
z?yl5?|M0S$p+*E7?(JR2_c8O&9PJwDTTbA&_n3s#2DO*3hF^2^)t-S3%xQqJYiA1z
zBU72~s|};M&8(HwW@a-uBi%-zJ3vt+!YrATn;ftGr~%lTPah*Ob3Fh^Ols-P4ALT0
ze9~|f6_yr&QK0@+j}I`LeOjfm0Q^H0)xori*rJ*VK;_CfQ#WJuNErA0XC4_0!Tisq
zE^YhVQW)j6Fe0u4Kfg{jMKW71Mpm-fg&kSS@%<lOrbEcfsZ?lUe4;G73-zkC(DO=M
zfpiyNLUJ1I@X^DR3_c&WKZfEa6g0_3$3|%eW0}Tvf2N&XZ!$!JX$m8aG3ARev~58Q
z9#td&^>KpT+wX~P?%pMY(ws(2q?BaHc%qqdx>?y=?tByb^eD(od@d!hCQ13WfqS*a
zs}JP`DMdUTb{or<UQ@TQTLN~QX82q|;%4?`u6KrUM5-kq5k|HtNBEGZ*UecA&a3s2
zG=Yo3wj7!&fh^XjgUdC@jHiZfS%@xHoFLm)nI=|=8d7_@HpXAbEiSMhc22XUJx?VL
zIsvCYjhiFugZS2@-9|bgl1f!l94amjQZT0ds!!xWpAc_&B<xOD>d$v`XA&L^xYAd&
zpWcC&ll?PVHQh51MYV~(Pu+a^sn7JHr)T|+IC3~zMd0RSm=YOfU!+t}(?lsGlTYFn
zL1!8ywVF<G5M)6RcXZ*Mf-pC)z>B^pNZ#w2q4xNJR#VCwG}62ii`=?L$qDl{Dd)Ve
zbj-=>W&#)Q-=fs|Is&V_OXoMq4g8>LM15hBKQmP4sN4zP`W*x|Kc|sOaP}gMPW)*S
zYm_ukAnNtuGlJH!>gmi)#afqR#S$hp2O9$LUYTzT<pFWpCtXWOp4$3Yy0WaOC&MiD
zH_}`D#)>#NC4E>{)rX9$p_E+RhPu8Gq0+>7QE%VK+7|}j`DwlUgOC%b{?Qgi(MzPr
z>QZw&(F`AjP`;Rs#-`R}1ue&%v#VBP{^pGgesmEf1<z#_DI>?8pK4K_s#!`WP^z5$
z@f18aI4w^^>iDTyGWVA@AmjePIX6L-(-&qR^U^h-fHV|s(dtez%+nV@n6ri{n{yh7
zHQ3ZQSJ*z)ZH}GeU57QJsUQ+aZM`+}qdx^L|4chW?jNdxqwWM5u7ZLdGao8sKg*47
zJtOMsVN}m4l5_uR>|H<aZPUNeMFgU5c6iSX!Wh1cMn=S}p@#TzrF;dY<s5j4ZQvz$
zWXBFZ-OB~(&dv;|6}HA{lRQl-B4|H6cimAYr5KN-LslLgROZKLhvG?dPI|l(ev-qo
zagz!qnq?wQeYyommG^IY5MNTbQB%?L8&G^444w7d$`Ou^C-Y7+hhi2%ZwXw+oTOh1
zhW4Bv8fAPKic%iO(b~`d{fhhKut5cXsRLK;DoNUqz+2Vj3;hOQF~bSy2oQn)jT)6&
z^k=|3Uw5mO-IMu`6j{f=HkS!}C{9Ia{FWrY>+`aF)=|xPB7)hzX7+!jv4dOFl5NI9
zqa#Z-m)|>Z<S%##12-nU!?`wYVQzaT`r_F>n$lXY{d5q9Nslv`%h(CM8)!*43Br9C
zz5KbYkxbkonK~vM^d7_%;dATN@no$4-KI%E`NPkVBn7UI1En*IppToLqO@BxySp=u
z%y?tEi=u1%=>}9n?;5le!FfE_+RBI|Sgk?1grebW8q*C<N-3Vmnj{6Uhouy^i`t8p
zZcna-FY>!s4g&E^oi4Yt#t-b(Qp_8z?z2Xz#P{zkOnHlJd(<$;X^p=a7doeq7!^-L
zur4iw5hrc?n<o+bS!11tRCiZQM)C+i@zL2PHR+ns+@WQDrj5I5_#0VY*_~G8%2HK3
z{!OIyQ|P|M`GAyJP1C`!6s^0HZ(d{9AO;%oUmjo-kL972cCr2KvChJcE5c6?Vsx$b
zN8t#0Gmc7&lQ?$#oXGm8&t$2)zeLw-;w=MTlzXI4$3Q+KJJ~Jy^4JDGp4d<>rNLe#
zsQYcjDUZi#J}qwQ{24qRXEX+{J3l(45j8qE@eRkY{WvPi9Hg|0<m`tvbJV4p!X)Bp
zP=%J!RMr>KJjq3h&qmQoCCA}hb3$3)7YI-K*Zx2wXUY#Xy1_R&bagiGLy*Rb?aaPg
zFdg<zJpFpGZ<L|jhn;UkYa2DGpeo8wrEc6_H(p}e<)B+}@xP(bI9EQV@(j%Vfwfb2
zwY`uy7b)QOQTyAi$rp`}<50In3QJ8VUY%KlFWY_<&v3i9>z?`2oM$!_`fnL2SVhpV
zn&3P>1D+zzO28WFnLwf+(wC?p&%~q`u8_kF%L2z6tvjqar276g`v;llRvQy`y1Sxh
zmH|HutHxVcA%Js;amZ+tm+a~zpZ{vFg#%PrVJpKmIM;p5|1bWFc4A5Pudpua-bI+H
z9a69CTqtB#acL<I7fO1CO-TN75airtOM_g;1oz>Njk0KRTvD*e0%!33Z?`HUj<|2)
zAPNf-N_gx`!#e0odCR~>?$07c8*o=`e`VA0Cf4q_{;z;3&!T+9?Y{8CQe{3Bs@uje
zSLK^4<(-cO?Si9%Ja9qWRxgI4b=l>P<<}Fh$%H9?O{VEe#cyJR&T{?@&pOIt6Ka7~
z*JnYom>U`L=_HQj>i|$(_Kp@7a|^T4bj)m;Km$rn#+>l5kOs(gGy-MF?)gyi2xwMO
z(D)T9#;8C^a5PEG5j-LDb&4X-{ACr%cq}?LJ))bQuihH;4c5EkAVaE((lCn+I{J7B
zRF=uz$MJNF!%L`#v)^%JJL}Znmaap|%&DyVq9|d31u4_AX>uI{MiQgj!qXwC#>YhK
zuY{o9nz)?FAzQWGne18Et4~BT4a4#&tNw``&V~Wa85QchR>f#6&^4A9Aybc#0cEge
z?K{U$k=Pi|PB-LNdW7|C@V8>9FmX0#^2M|CM(KnA?7A_=SR9C*ALL~UMxF>!3LWl*
zqg2B}&?ulL!`6&4jRIWF`y#N$-dHTOVT_TydFLiW9A+0berB|)sJs)1)-9I&T2kD<
zL1XxAe`_6#fG$8qB}AIJ%*XvzRgnZPqZl@W#y5RzdYm~^|G>kY?fq@P6|jpkA`1pU
zPsj}{l0AlxA6zY46sb0D+Rt3VU;A4sjvRSps>atfC7m+iQAgIAj{}8sdULt?ZZUgS
zJ8J}Ck<tUGxb2b3R$85xqy&Fp7z~Z?2I|)MvzA;q5uHdBW}ajK#b)D^3{gwCK_1(B
zULn8oK~(~;<emr*If^325{P3->X9cKpueVkgH0upgggCG9Jq_HgCn6lxhG4pJy2f?
z>q-xd{i9$ORYkL4OdjT~J|DkJ_RhnOlJL#yHt0~Zzs2~n5%en}>aGm1hz9T>kGvI|
z%)~j9<B+I(A)g!ufC}XFy0T!wZ=c&UP%u)#pcjromICpPEZo@B9W29}%jFfLkOm45
zVbY_bzZ3{>SZ=m=F8o50`Ro}O&}y%(uC5)7xiNVv`P8l*Oy<S89OGFMseq1XGsl-!
z%AR3+(|?^?{a*HuEMvtU`u<(p7ryP}C2a3r#$<poaA9SN=jnyPYnvyrKsf)Uhy*i0
z{Mi(GW5oY|Iy=j#xVm6X6EqMkxVvl6;3Nch_u%enf+x7sSmVJx!5Vi7PB#`TXdplX
z!J%=V{_dAMcjnifJH5{Deb!#9PwlFDpL(}9(>ZsAujXp02tbM^VHV{@Si%5|N<=h!
zuDFqDFB;EFid_<e`Qr$$h67#z2dtkq(167`>r|$dA5eF)p4Xa`8D@}vRAQYHTtMdP
zj6oL$km9%l8a8`mvFLRrsoSd9-x2V8?n<l0T6_~_6zk=yQTr@%vhhYYubGPeh~%Jr
z6)JnONu@Yi%H@bBbH9S00*bII0~;;s9L^)=TG4hPMjku&X~C>n`~WWjPMK`z2k*jM
z2mFHs!zJLE!PkAK!A#r?wHFLAi5n6ET4g*;3H*7@EaK3S7s;tg^vi7CZw^$Hy`@xa
z0z|y|#x}>KM)oxLAte%DaJQ)%c2*XHxF~8<(G=7w{ANfN*NH9+Xx?IgeC5p4!cf9c
zNXufZYs---Ck~Oe@rtF0rYER6GJ&R0j#oc&FIn(zQk%r@l9hA$j1PXV+h`?DR-m`j
z2iJo{y_rJAn1tV)D-K29k`CNi&O#dM9HC}yO1ZQ4qzO%s0l&|pm}(Re{1#&diQfqL
zzkz4T>BY(6Uo-qdIsN(~;8~*W+-8Oyv>jJw!6>eP2aDGiipM|NP_J)9ip6%I#L%tS
zPdcO3pYl=esJ4$|qZdB5HcZL@v_)`f+;DX#32gX2cMQ=h|J<Ez(p}p0Sjw0`Ito{i
zUWy=`ikYP+U_n%VFZME$&pa(QElN$0O$ZJMZeJ1)O(BgGb77j=^uiRDey@C@;LJ)S
zMo=olSTRzIWN1e6=}H_^@my`O<r&d$7CN~sO>zlX6Jqr_%u=Ft$$iS20vi;MAmJGS
zz;s=|`T_3zQr!K|AtGX4@%hZT6~!BEvy8S4R9@=QS1(bx50gAAJ-;oO?S46zqrr@}
zPHG=KQ4wT!B^Z$mY3yC%4aqUtV!Wuu(u-=0QqsH8E_E3}$oJLA&OvC?JW8zdRa?<H
zTc*%-cnJ-JlS$^5HEI8+w{lPkaMq>KO$!b0q9!W7gO`6=YW$<Hub(QXDc$<*pX`)^
z9bQiJTZY4WsQfKkP<7J&G@fIkX@<$PJcM<0h9RJhH>y#sMyb7sq4Dd>V1pxv5V`$C
z3&_z~RSK@$5}RWw-n6$K?P#idLd;5arOnSkV_UZfulqU4%ci1(G_K55u^Ir+d^JGp
z^SXU<MvjURbg`Ca-&bj^ia*U?mtxhxy03?LtJr2(5TFr{1ODcnG0z%QEv8o&50XDJ
z2nVs_IR{k(TA;dn_36%sDP9vv9@3I^)O*uf6NaCWSi?J^#ki|y1^r*9U+35?p@f;=
z*1L>t@g=0vyVj@keg--JykU(><-HhbYczRNufzNUrIPj_R6a#|JrflD^}(u>*G~=?
zar2^UT1-ymCA?uo?{+XzIzC3sKG0TU0Ug4Ns{_ZX0;Hb<c-nbfbq=?@rqn`G>94AW
zG;FM?F+{6AH$t^tfVx(PuX)*x6oWYT5~=ukv|R@I5Qw;AT>a~NPS@nSX#;W%CDt8%
zaz%3ObiF)e_L+(q<-ksshuWXunlsaGxa*vxlKmm!aEVVg#UIn*sBt#i(`Mhm!N4Yp
z^4k)cIKEt9%82Z(T@x>04Qn@SE?qIZ1UD_+Z;LKj`_S(5I@1Uk=#ntEmOnhaHr*Zl
z(9*2-Zu2Tw%q$r;Qc)?9u3s4wZrr;rl=U-+8!~nMgu)Slk(=`(e%4mr8hWjRmh(+e
zPPlYLZ|IU&P*HhCd0jnhS3Qh|{&)tT@!H_$jXOHE7P0)wu4sfJNKuh0ZRAU2s2g@6
zkDYA!PLcw^V&KE$%UV?vl1-&tWujrzDI@25fr6A12Fo)RNA``CZYIv<^JmhG(?KML
zQ3AtjQJ%L&ooi6#BSAqo)OmVQtVW>?Wuo16a|99hNGW5(M3M3bS|J#_a&o-(R#<kq
z<k5M#;B@{CL*UEPrU`kNJ9ATze#yg3tJARe%y+Rhw4mWn4SQ*M%M?LGJ+c6fH-dLT
z$vHto6o`IMCrmY6Lg>*f`m|1pqHg0@P*HpQV(FjNV4ozX>FW)y9tZf6_=S4g+AMON
zgXaG(^cwTARjxgcXSB%~YywW+H90sq8K|{8@oY|gN%JpDh%gl+f2|I%G1AtzE`rI~
zWNBtEz_RJ<CuIUv<W{RV?vQM(b4}xR=zH8jpwjNCSKoXjFRBc?2+V{Vl>%?Z$(xW$
z{{<8aPlpkWa)syWfiGEbT!5aHM}0-*{{6px;*RfQY|Pz>TWwbLinKa#Rp?&^S7tNX
zA#OE3Ry(c;G`BqnE>qN)kT>?00;r*X68EVx9#1Ciq&DGKf5=O|y$tymjEo$j{f?7D
z6&EI1Uyr4Aw%(NFqXj(H(dcSff2{HPv9lPT*>sBPEhUbhmF1WDvx7(YAmPnPX5#5;
zYx-9MUc-kxE#cz`jE;h`{7QuJ$&>@nTDfPJy~STP@rh)_llq1y?N(*=!(nfbE<@Xs
zN^9@1o^VpWf`cxEnitmzSf<ytt{lq9dnpzu^j>mk$@7-u-V_I66eL2N8~FhDcfUEz
zX>|d*n4$6D${QLE6&+7n-xfq7tiaG$ANL#<10)28|0O=J4c?iZv+~v>im%(I{wbSa
z|CuX<&|pqadMW#{hBUg^eq&u8ae=&U=s}+qg693LD$8&{t>&P)NO<SlqyLq4LbkL(
z5RC6tal^nTiDy>Bf-p!aTE#tp+`|Ku0FsiNEeEzb|G72w)SiRMQAkPP{85JH<7XBd
z7)fgNAJcc<ZugR+(@1_{<)7YbIwggcx-80a@n(aZ0p=6c?qq3#KU=;*yD9gVMXT3p
zwavX|QUB#aH_h?Z(R<Pg@B1n>&qtAj{>4?@lvaM{{bf{f;<G8g!2W}Jc5qk${THB`
z9{#^+(Ep43{GafzCItWe(r!607%7t6;1=y)mR8V>XN3&H&L-QnNAK~$>lSY+d5xc!
z`{}Lce%nREo6j{Kfn94FPvAS^6Z3pOw+F7E8l{TAe{Fh1yEG*`@e;@B`|u178w-S;
zhklVgT+Q+&oq{8#OWbva&2#3?jL9BAS7uZd5;4?%y8%Q@uk6=p_Wj+j3_zy*kpP&(
z0IF#V>4M*Bv*IbfpC@4aOY;T^9pJBCwZYHUa0!y-n>aU3O*y8ur+@!(cv~!{rwO)W
zw%H--v#OP=v}^iN;7_KW-xhvZ-KSOV|H@gQ!15Qzm<gtQ0OJPX43QER{M6!B%t2oo
z8$C=?ObCo3PDwc+$6R3D5$RwI#*$dceMwH9NJIUl$k^80W{bF3e~xZ;TT4?j6bR%>
z2e**@3q3oet`8Z8sNK-sn3&2CXcLEt3(23IK*{FHiDNVAW+z{4x>e$dh!knX)0Hrn
z^^Ze<2^Y@4`)=48zZ&2qumm)55N_`$oYW%a#H;o$ta5+2QAYl98o0Gb@1R%C;e9L~
zBX8OJ9Q*R!&X5;=c51?qkjxM8JCsH@P3o|Ap|IR3&F1O9+;idEm6K@&$8R{()Ahl#
zstYL=2V#I{o;%gUOHC$Im9C5j4@b|{b5+6zt%kO)i4LScyp$Up6bTe2C}*_NG&RMt
zzJaP(YGF>u4Xyt!6d0L+_8&d4&dpT40p$;*ew1yf@_poH=a!?woJelSSU-YAyWUN1
zg!wtw!5gZ%5>XZEc>Xg|QZkD&3wylE*f>3vd}X`jK}1AU>=ez*qSlFXloqC`YaAL9
zCRU{G<=(`*;L;e?1$o}k^~^3sa?DOZRidSin~~Yu+q*VXP1RxJNxn>|H;rlgdtKaf
zxaY9vu_P+3xyArXN#EiWGDbiEm4w$z*S!c!*w>@4`W+l9Q-43acbn4x%#QX14cEB9
zxj8}*L<o8qH<ss_Vup*Q21wh`Fns!+VIdQnEe)p+F)kH_PqDwrbfe0EO4;#b+R`io
zO?QU381kg|{jsp5Zj)eTB{a6{53(U_$bBXcVlWzHPv$>Y{!60Ei@LcmD~yEaa{DRs
zVQracprfeN%e^&w)`l4qBZ--igewjrBcN|9$GvfpY~f}ViA92R#VYuT5s;DLR22tr
zjkF0#pOM{UvDxG@!*O`kJpO))9KpbKbb8rMV}i38zZ*$<uGoQ8LVV7`Z`bqwzx+qM
z-VXLutYBSLJC=TO&izknow#7}??Ev1-xKoxFA?JZfX@GC!AF>^yP)yj6hYi?Zog5&
z)T~gO;Vs%oBsYJ--SHG}o?>n(^)v<VV7IWwAOmjEx?u<LBH|9L7xRyUd6~^W`<X9l
zC7Vbf5y?K#s>;2Xv`|^j%FRdw=16=`P%mI$;|(yOyl!nPNCM2Zk_fXgW2%mfl+b~b
za|`H5pSvnimw>0Q?dh2sqr(NZ$t>J?damzI=Rs8Ke10-6B8!G9UB-cbG-pVUtHiNd
zSA2^R;n~gdhiE{%Nbk(zGr2)#D9|DGEwCwMfQ4CrQi<GXo>|mR+$8+gcj|z|aq$6L
z7!l#xa+2;n7ct@NGbhWtrZ3K|CZuubMI)Htq}}w85C6V0IS1h`){5P#clCDi#Nt4L
zC`Nre^z^hV*J9>Kjc(yRXL4lZ(BxatCgNFl(6^H<W>DVEK1@o_3WHUdvxw5K(y(dv
z%?Oq=z@EvxR8rTqg7PNixD==#!xi)?p4e<k)rRP;mT4J8gT{w8CF*|@P>y9Tp?rHG
zzd3^;USzFC%T&6<Xrk|ZK7bg6y3S{7Al%42*YalbyFZ@<7jpGpK(AlZ_K?qyRwecv
zYg%hw?j&wZvWkkLd3ZMe9uR+bs{7RL>o?9P==X_Q3UL{RIxY+G-w2498JfF3Q%p!A
zCCG8ITqRp6q$uNEi))??3}IcnBf-!Z<nXq;Gs(;{%m0aZcebW-2V%wmm~+qIMMRSJ
z)wu@^Z7gGQv!(3m33)gEAOgyrq11bv1fdO?rT2<4b$7~Ap21Q<f+`k<lfoMAA0(5`
z;c`^_S|16oZv1PTpRO+N+=ucN042pa_>?re2}-$6R+~q03tmhFCqB<|RI7GhzoO!Z
zFJ63(ILpodnIgG%rb}qd^d4Pa3|BTw_<FE~8b*C6j8gryWfS)Y_{(v=^Zmh`{Lkzq
z_9yk{ZOM<Q+AM{u2_F2EM7uZUNrExteoTQ+;)fTS19cvCWWOP&t&Tn9Ed68N{$iA=
zrkZ0fgiBAn`1)4g(6XAZJ#kx*!@1ku;GrO|#Lr4I=1~7h7))Gs!Dm3^EE9o#c}8qu
zIO4Y-gPPy3v;2ILPK3dT3jsK^vv8jwll)w|^+GzTElOP~-(BfNzh}e-5SeaQ<`nq^
zWGoHbRRvjwqMdjv|82;WEF$691i!<KPsaZ;r?X^rtkPAtQ);$wA>&Ro;|OsItvZ2C
z3q$-cb2F%JBIG*F!dro+oqh_|Rk=$vS&g4TM=kgv+0<=l5hovotPcCBKLqpNoDQxU
zzOL?CD$Z7eGqRP8!Tk)k=s#x=(<%v6`?!ip1zfac!biA!%$qTdyIo95^m~}{NAzk&
zKeO}3^&XBEQ&?Su9lp#@FQ0}=-f-F~b^V-t%BfOWcd`%T9n$Z!rvAKGXocGL<-=*+
z-XHVfHXwej`CgJR)^1%ONvOpZvg$m?068mdMPw#x<tF@muN9nz_fRH8O=vt?yZz7D
zF4TO#Y5#Lgrp5%g%Uy2pQmK6!%h7ghVWJ|C1>5yVJ>L{n0rUf-<4z!-TP#X!onx71
z>{Pzy+QZrCo^wl|YuVUr&{=zOEm%4VHo~ChFPy%%{E~g~#;|!G+rn}f&8Ezbznh}a
z?D?sO_6spRrO12Jv0By?SG~m-<1#B#f(z7XzOAAZwO8Z4Cnp~Zf-gF-5TW~#B6^WP
z+_|o$f1gtQyXy)TYP-p+R=-!d9_&sSZH1O!F+v^UY`hrqV=AxP3j&#at~-pN;50P%
zb*Oii!?0uLQ@+fSo4s?~B<*2n36Ls$rG=u~r&|7azPUH-bLIBVz(NC=*#t|tuNcUM
zsJI?1@Fm=@FDjv1j@Vt|b?Y;+xxzEn14VQvjP|0yXpGMHs*0uVU-vePU`D^zaJo|q
zQ|Agm7@z*&0lm>XPZyO`uRZXb(Ax_?*lNt4_`KDFt~k_&q%3|ND%KCCRFyZmg#^j}
z+$i6AFB=KRsh7DN0Pm2V3ZR^qJ=!(m)X^<0j>IuLYz$BKlIYU=ad{pvy<*}URNZ%K
zj+hbHvGBZl*;&s_q83X18{&K^SL#4u5t$7Mj+C;Sy$~+84Mv;OBY$IS5FmIiRO}ax
z;$o=I{FB*B(4OMkOoZ64*|nk?BkblA{^dfU$*l%s*(CL(*#!WJ;Aukv_2}sbCY5n+
zIc_}0rC0A=H5!b2{R)~`^Y#uRC{`~s7Zz~buTJGhq3R37Suv5vX0o~fDW@A{e?nta
zsQGQ6QS!#g?3r*OGg!#Vq_V9+qPYuqG|hYV#6pZ-KZx&dwn-TU^wNJebY2nGgaNi#
z?o|v9EB01uXgIn=AN%ryMCUHD-=VSp;epa(v#`>^bP%Jm+~-}7zTT^<cL;9H3`0tt
z1=U~V_X2|1?8!lO@-d=D9BfaxKb{$?UNX_j+j5S6hUDY=G3mUq2iWgaDB7kv*|W**
z?{#Ok+eq&vHA(~qh<rgv%9{`S)@OB<f5?vF=5)jg95Y+sI)O~GrNB?jf6OGC7`w%(
z6ID))1dW1Lk#8<6R2V?RNUvH7-bkgIKj2}1{9coQdrr%o`pccvj0aOyNZLSkUyt%(
zbs-WqhMc*}<%t#hYCmDfHx%IOcEQ&v)=6`;Z$???=y$!5tnT6Ys_3mP-YhmiuFC>%
zfihl%FeQ=|J#w?x%xkL24e4l4oBG&YGL8^@)gRql=%7DGd3E(Q;-^q2U#Fg}>K{WK
z=S#Dp4M_D5@CRmDCL0UDypwOB2P3u%P3SLD!jtph$XHDrSMtb;$C?FihV+`Krw4Vk
zWa3U>&dNSiy$kh6xftOCe@MN3ZgF-yBSX`36OHozMMyA&TcYk>lVWM!qjw0C{=`$D
zFnkLmAgj*7_mzYxcIN6L=`sT#Ig>?$-34FuA?wE&nmCV5|F}z7m9|M0IVG_7;@7&H
z@bBE-w+qC2;gVNT1@DDO5yT%bBjCnjqFa!QQi~jXc^QeLq+?u1y-NG1e9yllpZ0Qy
z*h*89RAO<E)U`tNw~Q0!HXgR@yzvB??i$Yi<TkxPwkus>TX7nOuv!(WG(o~_r?!nw
zMo+FT@#7J?#PTmZ&PltCc(cIg9>U*yvr0G?fE-M3Pno3G9}^4%6!2H?=~0GhD`Gno
zBl{HXR;?(7sU~GIoDvoQKDGpw0?T`GJWVTg2ZkIB`Bf8b)`@%FxYtLfEVJ4}7eksu
z3ehfm%>2YUH-l@5()PmIuTH#W5)p7P<jMz>ne@__($zk0ph^NeaMQW7XREQD$bS-W
zAmWROF*#f~(KV`dH=&_vJ7zUYeHqgJH2tO6@Pbj?jw5Kb98u++8U#112vg#@zKp#Z
zZV7D|q*4EPpukgZ(Z9|%Pzvjvvy$Ce3d~$66w5RGfbW|3D_k^t^2cL(QDl!e&AtiV
z=FU^Fd%_@__Q?}@{d68ED{%lQBa$5-TT8y{GQCR#E`z<2i!rWFR2qHjThIY*crZoI
zGx9`j5Kdpbve&29HqmR3!YCY8Su5ClVa~`Ph4PsaoiTU7aVu~1&&A&Bim{8k;#Uqo
zeVlmJYY~-=p#ldusB??!$hg)#?X@jLD$@n{hvW$SJY#ACeO$?#3p+2O_WoCGyY>EZ
z>nJI=W?xE0eeByY>7<04eQUmsjMuTsv9rb9PI>4btJlBk8>3EpC(jUo3WQQB3*R!c
z3i`1kSHBx?E$<>73L=PLG-%LU+RYy>8jQ22>v*$ww>(o$vcB2Bn<?_dPk}}@CGx$5
zCObWyWOF<((1YHw$oFI{orp>*qnBTeszv7f_L^fO1@@qPfOgUSAvlcVsY?<e?1&S4
z-d^|4FGe16N9Gg0s_w#Lsp^QOt$|s=F-TAMnwgrMF2>53WSL>#I_vw$^NqsMFm$H&
zw;J}0U8OP3D>s2gTn%TOJA45KSRkXGxC3j3X7jN@0rO$T@+9Qz%A!oby(p8y5?OwX
zq&s#W2A)sp+;7DZKqfI0XQ{l&%Go2XFWv)E@&`wx#UNQL^r8*^R~0@Y-T9)1d@VPE
zG#cZ-SSpQeRn`AV^})z$z$uHUme;wFIz4C$pZKv<SXzdEy{|x+yR9#H(&L`)0voyQ
zM1DAb3KFAH`gpRN<p)zJt!2dgy0KG4rAm);dHi0lHOs=@I!;y08qc24|24dvaP*DD
z-4~Ev0gZKx4zK#8&W@S7okYtv-O%_0ZsKJ{Tt<{os9dOtOrTp|@5J+L0?HhqvfM{N
zvzY1FrSeaED}MZJQ03*OsrpC}m|Kss%~m{mMB}ifP~iR?G2eb_%|ucy5o+P1P+~`H
zbvDH|w)zn}k#`LYAKjksp{~;2)BBWeQ~L@`#sd?c!1eY8>=LUQ=SMS#ec~(XV5L&~
z9!ZF1=*^Xn%809?q-w!)=3IYj*ec&-Fi|wr$hhDqfu_i#yR6j(iI^DN{%%^Mk<8wy
zsIBFsBadbCq~nD9Ep0KO-7(JkgPfsH1=2%0v-O|yWM5w|Y$?g~kZQuPA4L^}$axZ+
zOR=1Zk$t^W+LsGs<I(Idc-ITnFb#zy@QauI>BeS&YUK^JFb^7kUZwAGYb?F<Q^CmO
zgaov4z4E)C`7VCd<iNhMz*|A`VD13Wb8?cl03K0VMcy~2>Mz64P#75Nr(9N<SLVi0
zIOS3K*ev>bu9N5ThZ)%J4;U!V-N}#_MjM*>pWUMtKPzQH0f{6pH1H$$CxaB%^VFM?
zWiQ>%y@!4^bfY^6o{;k1I3a3-4tf&hgNBG_3&AY(zV^xi=h%1ymos$;*W|&rR^3*y
ztl#^4(N&=`1UVuuLEWsYWXs6bV)_OF9yJ5yo5^W+N<ibHckgMN_%5F~4|Y9jk`}n`
z)(KWAX0SPFcf-+qS_Ub71pCnBpXzCMo0Pcu@-D@~@~#nt;P0)2aQ6g-;?G{va>x-?
z5&~bz0V=UC)4s%j^ABQge41sChYGLZhD14vs5b8LNz^yqpsJxvhka@o#c*%3x`}>2
z%^qPwnWdS?M|Rw+`p3plQv&4zN8+F|zCsXKVG-%^SAoK0NkjgfH9w8(e&k|G-^tDU
zLJ{)(DDZ@x<>PzHXjby&k36J$pU1A@E<EUS0*nJqMDY)UYiR<=!mD)HQJHhn_+Vfq
zP~R)3?&OH0HAy>qGGW`|5}`1qfw852En^5Af#3QqZUD6DW8$f){CK!_k)<)(77NQr
ze{dn4_;`NzY>E2a5!V(wdX9bd9pzV7-JS?0$rO9)V@q&&j@0$Vsou+Xfcgt7T(NnN
ze#*7-f}r=Tx@YxrqjV^MSooZ>eTLHnSx^8{(c<gHM8R(jykj-CmHIN*D~c;QqTaE;
z@Nr$1<t{fbYPx+bblHxaHbM+RxtNk+Qyc>?D>cfBKSZPCz<juD*$;RJ@*7wc-oODO
zQfN8>5u1Ou1asQRp3a8VWNx5Y-==@8AU9T%hAOy&qh3pk10U?OhMQb&R1p!w97{er
zXgH55gvhnAL5@F+ixh*gTZ}5+Kw3JawbAtAVpp3|{Gcl-_%mtBDP-czgD(po=4P3i
z8}b$ALUBaJb$yA<=v{2QD?*u4s4w;i6@JnS05DZo@qF@>AXx;?+UnH8q&$UQ<RA6`
zLqn}};og0*v<w~$VmN$CZ4M^O3fxPR_i*gy-1Z8%Xr@cuzN$oXUTZ9e6c1A}dS}O$
zU^7h*7M{HTt}GLym=J~?K`x_#c2ar@SaGsO0CR+s>#eS`Fh3j%Kl@9Za^A#=r{{nV
z>!vRgox}oh2u*?rX-ec7W>&>`kI%(H;t}L!Ayo|YoxeAqQ|poz9@YtL8`YF~>f53H
zkgJ}mq9W%|=L5On{X2#)H`!XtDea~<QPmms$((CkR@rJyY|Ko9Jk6yZtRW4YO<~|t
zR1Npo{&d3K=U0669HZ!)6yoa&pd=(~cC$Mk^0j<OczM{fVes~EStt60!L4GZ9@N9I
z@e?0Gi-%noUGK)hq%U?ZqA6jlEd!Q{IIQ6T<h4hJxZAGf`Cc5$sN9s97`g&lKjnNK
z1CYDLbIX>d7`{K(NXcD#_feRg_Q(ZHxC5zwU_bG!E$1Q9d_)`B@pYHTz`?uR8XloC
zE#Ru~TinckA!?|u&CGD=SzBuIdgG%Nk8mz@Aae<~Ruh=$uHN@8(?$IaOZzIB^0u_4
z#zg+rvR=`y?#kCR9|m?tJe=|xZD;`vc1238MH*ZP-bj^WD*P-`n^N$TgAf45m$B+l
zRd{-gj$^XuZeXOT%as@m1wWxBjSt6=-|SIp*T>AQTD-txO}X{=qzHQ@uFoT@qED^*
zaR6d;6Du*|6y9mAKvh;bX!hB2#HCRu!2faY5{mb+%x;TL^lUz`14@V{C)bmW^c*Wr
zWj2ufW;^qHuZ?D<;I1gz-V~^+`vo}xKXZT@>{;YUKg1<5wMyc`;azt;vvo$zs-Hge
zUcTwAXkK@3@)jgHCksyjs;7@^Lz@sc7`<|DMI_Kgt&#@LH;KtuNdatC?oKlzd_J6C
zPxq{yFYCcka(mFVus~E7$kL9X5x7SB`mmRvCHua9hOvk%ep|1^7+*>_4ogB}sEb=N
zf2MBlh#(v_oJmV^Seg6HoN=CrG&kzF-TS`BO~+u)(Z*UJRXV$d94yDW2CAi@;VW|T
zMM4<lRLbFKf-61h>X=A4ir=QxZMvP(2sfIB5T<h3!I<YTKrCqN=1|ZiJdbKOELD%r
z(U)QCxlyvhhh0z)YD&jVv9lU0k;j;EgxE$m@5aeZw@q`3my)$&k?!q&d|{*7Q2Fn~
zC-1rZJCxiUR2(O?B1>Wo7g2vSKA<<u#Gw93KAChkt`mb!9Ix4p#P?35@clSaNh#?@
zcGu1zC^Zey-ab7ZTvG&8)#__ak)>yE<UeB7WE>q2ti1(PT?=Iyp7u<e9zP<y7r?(K
z*(PJ9BVhN`7UF91j7xgL>%*LFBV&wbY(WEFGhwKr12aJXM;4(V-g2UK-zpc=ohZ11
zaZhY^I_x<=VEu4A_z;XIn~P+y!e>u9F~qt#P-+9K+r;Vb{84PiW=8W<leuO0bs{po
zz(>z}>o1jsg&&-M)6$7PnV<N8a!iPy+!YgoUG)&|NprdTl4c!Q^qhM2?22@184(F<
zOA*q^uzSA%#7<sUkjlGC(G=faLr;cUJ3Q5L#0XzV^OD}5$e1@)tj7@t@LDcZxhJJU
z)JO1q9!cHj5pApaP;~W6Smq%P^qcejYny%tv&W~U6l<--nSXTD+rXK;94o({o`i1{
zD<sfwpZ?I=&M7VN499;;R-_q*tbWb5(@>X-wgkD8pEwxKk>Vh--opdEg(Qd<_E{go
zq=9Ouuv^SdI31_tA04rvmCTGs{p6$f?{D6-^L+^~-IVP}2m}KCm|4f><F+$!Wj1^0
zm=rFl-m5E?96+zKb!DY&josheC@1{v3L<K*2fgF>4;)pyY~5q6HDos$N#HWdf)aD&
z=SR#z#EBn!xO)&C#QO_2_K-oF(3IOD?Hi$ZK<Y!SwOb&4{n=TN+dCxyu=9BPV1P_p
zF#(qjEa#}iuH8`c4j)Y}^;^(;xyDhd%pqxXBS>;u)4&<*#p~t&Xvh!Ih8)Nxz1zIS
z2b`(AElU6O6p5c>?jNd|X%bk3xgq^Rn~+{Cl9E*f`M)e#l<sBN3jR}`efs|v<evY2
ZLMmS@(wHPap+G|Xl;qT9Yh)}!{};7ipU?mR

literal 0
HcmV?d00001

diff --git a/education/windows/images/sign-in-prov.png b/education/windows/images/sign-in-prov.png
new file mode 100644
index 0000000000000000000000000000000000000000..55c92762035de375c556a85b420e975d2eb163aa
GIT binary patch
literal 50574
zcmdS>RZv{d7e9&;+}&-^Kp?n#a00<KxCM82cMT8%K?VyR+y;k1LxQ_Ag9aaT@Wc1_
zKXsq(!>zgxr_RH!UEO={uGOo%R<F-mpS9yP)D&?rDKQZc5O6*!$!Q@Vyn(-7!|155
zJ=q37ieGPUJhc>M5Nao=|GhSlZKYME5fB<uu^uf@UfURMN}oLu5OBf&U2jNOmBU^;
z$-U$aytG|yynHP@z96_+*t>Xfx_t4X<LBh&6mjAUQA0o&eEBFRt>b5UoR1QwJHIgU
z(st(M%kmc+TcmGlor9GgH6iMRNUY&<nP!R3AdEl4%NLKk4|z6UsJCTeEs-(ezWY{=
zdO;oU78vYv7JL(0L*%PN{t`|TL5Che$Nz3FMO_*nSsFhFpW*z!t|?@KaI)8S)Y~}p
zuK&FvEw_d8`brT710vV!C+Mp91b+X0ViytDhxOW)A(BHj{ofFD|4$78mO>RX7es0y
zy;t6Rl{EzIRYJI8AGB5`C`d(IR1lSIgDi~<8R844LI!rFUN{tjcb0mWriu;JzmVy_
zd7I1l$xiFr^b+afS31E`SgF6GW{JEdmAD{1se@R{N$OQTPFRj%VcdO*>0Sq&v5T>F
zxUG9?-(#w4<n?@QXwm4brJijW%EsZ6FBs|~?NxqL|Gtyva#j2CrGa76xkxZ)!g>1(
zZu~>yrAut^G7dTE(aNA4FlJT8%GC8q)>(frA3I`t(G>0BVzr?nOHIxcpOfzy6>lTK
z!-F-U%D(7c#oT?-YHLf7{5$l)F->1jULrlRxJX*C%%$AQFw^6p041@LG(WHfJm~X=
z;UamuDy_YfQhu4aqN=R@T%CI3g@jE^jf9N8yo~aQjq|bxKkCodw|;oQ!MX(+b>l^X
z#g>bQ7PJx5<U~~Gd(=WV2tBdqTIf#kh(Z$kDP>lQm?+9vP0TQe61FF{$>_b{@Qbqw
zi9f5d%Drh`@YtXU)t;|+z_ZgX<v<RC0`Vxuzzjm7^l)&T?3QzF0^23^ofLV4oQ()D
zB)R-vrsPwdh&XDN1sG0y6;!oXj3fDWnNHa#jW#${D%KrV-rMB8t1A5smd<iCLkI8v
zmQvhuX0o1dw#!;X_|lv?TdeC`?4~8kqPN0Ta^4s)m)5#CH!V4`&E3On-bhzyM2UFO
z*dW#PO`Ou<d08O!qQM}HEoHL;dpDCw@tYKie5)2j*@VVl<Y?^9Ex+oJsu+kRCG71&
zRn6MdqKV=(hwFleVURo&BN}2pwXDEg%eZk@QRKmH|IjUL9E&+teVXTUIiG5%eB`9P
z{VW17uER_S4IjWX2ApQS;OWtpc-~jU-2ZepX-{>mOl!SFr);Zp7ZV1Y3LUDD%Iaur
zB%jg3^0uBU$`OT~O}3k_{7<RH$vQnb`K!1lhlZ^JIK@LJoUH^>N6vn>;~R(WuX$Q}
zHpjc3JeEmOUq5sUVnm#$eu#zvj0gFCkbb|=2!h{pW7n+27oxQy00TxEu=)~n;z{YM
z#cK06@Pt^}2Num^=bZ-PBNe$1TR18_-I=wA5M4K23?3}`uYRt>Ag2}8RsH`kiIPxh
zl<@$AKW|&1U(JM9mL2NZ%Q5w8w6`jgC=E59z~|>XwIH?)1jbCqG8DJ#Nh9~w+j8^i
z46G|fT>Qn%OBg!XBq*`)2ie*cTef}LdczU=+n#1pj$xcWwEQ*hLkNlRwhNp&{|70A
z4W}05kAA9lEr&qUI3p8!IO=Zva6_8cpegmwPFk;R=oC+DOUqJLE*p*CyG7Vk3olYS
zG3VE(Pl1jSf;t+;s<I2V^gJiR-sF<FzXrWsYrqR^hfSW_=ayzABVu)_;kPr%*<Da%
zhi2mVBZXj5HxIztstAGwr{NIqFJ>#d)diF6$7ce%uuIP?mc+o@Q(=k0xXLrmfpqOT
z@*6rT*=q{_0rRy(tvGhm%@p1?scbZHg*iQtJfx`7J{$iGRZY{#C^lH^)&jgw5vHm5
z#yhUp{XHov&B)g64P8?NIPYY~U+&~cs+9<MK!zbD`jdfiOJ~o0?fO*V*vCFv^;QAe
zf=9YlU7{eWbSc1q2~a&r82i%X{@|<d(_|UL6+1pk3NQb6RLv?M_sL~Gt3C|Q-<ak9
z>8P^HLH#eN6RqrR;6U<ypF^wVSuGL>(iB`#uNn57$1lLt$XNt(G!%XNHlQ!@(1kCz
zA#~9+DddhWz*vO9@$J5>=LzK!$l|!PfNboKwW33HE8N<H{1oKM6Qbv$|G8*E-eS3l
zrvCA1-p@joAi!i6P5t^@w$N1enh&xCL?XYQ2sw0g*x3z8l*P|MNY=|z!Iy_0Ysi-t
zojy3iOasYwsKw&-^{maMZE&ES-ZCfP-{eOlFrA+@EU<~068P<mm9V_pXj(}*?C_$*
z&vA&Lt3?3NZbNgte76J)OaW!kMYsM-xyMt4oC=$duax)&uYYvnYO?x!-~y6}k>D&<
zAXE69#}RkBfp#-F0=?sRr54MHCi_l36v3EjH!ncb+OEIdD)@XreuNfzxs0GTvSFpf
zo@XdZav2CJIoPr9YPdk(qp6Ycd$<|R7s3&W(GZ_eUGg};nPK$%vg}U%tC8_Rj`Vrl
z`6t}f<*&SgK+923NtL$6p9?~!7M0<!1<h|{fl(<|YVVnpFlcxLv{D6_qbn@%mXvvC
ze&OKO<%Ba^F+vRW5|*n|p(iaY^(9)d()u`2Pq94Y|I{tNSfqZvXqYaq<6?k55!n4~
z70J10AN9k)#gkiP<+2N%%+)R2zSh}1P^%9Wq~_b6H|VBEs;d)8G0};I=wJ0=?@G%i
zD0;h<2IY<fg5_r`%z1H}d43z*ZYLY~nDFWB?Li}%V__31vs3b|gSG0l{mnogJHU1-
zx4!a-F0_G%a{BEw%{VyXd^A_c^5~nLHQ@IkR$?lo^RM9*?T?hkw%Fnfp=**<#*(B;
z6d=v4Tfj0?*V+OV8eaaekqWK_{rGD0vx(;OHL@416lA;qCOF3lor)j%M#SpeAOTD5
zSS(s!pL)o5<S1>XgzOk=*s`ALdH`^fg>(Uykm#BceNX-@zSwTsRcSmW@|TR>G#n1C
zu7um`AWTsI*4$fbG%g&OqSc8_LvNl5!dExNe{L`a(~9dR%8il(lQ_7%W4}yOUOfc?
zlpTLNLRdC`2g-avmh`vfR{$<0?(7TF$L85)D<%CwtpD;`SNMFL_tWzZtG^tRB&D(<
z?U-w~8)1wV*Lzbh5-lGmMKB+gMWa?w%80+bBI8P4YQ~O<*%Ebe$HHgGVi!q@_&UZ2
z=`Wcx_0+HZ(hw)5^HMWs1fX9%;PlgFtkFkW29^oM?|A<4JJa@0B@H|6Z<N-$acDNz
zqPp1F3IK6XGmcB#VInS*_}EVrN&#LZxJ_Z6tAB#eud|4@IxlUng1>P28y#29G+>$7
zYjk-EY{2hPKdp7q61bizl6217N_-GCE$&z4QXA|9F5CH^Ssn}hv%pRsNg%tY+ufqS
z3UQ?I+1FS`J;YMXCCCVCSH~XA^j0MB+%(Ml$u=N|#A8W(yx49&BWnh|9N>Js0M}Li
z>i?!#JD@@<64(B~LL4YsYm<l9^V11$cuh#5(6?VrZoQXQKzaQixtXXsrh=RrMk9#h
zn``2T>p;(Fuu_N}4Q{4;&o@)5D3P-yxn8i<f!GntF<YU}d62o);AzCo_PymlyNknX
zUC`6NWk2Us_G?Cgw?z~S5_4E5Y-0^|tVG+u&4|C2W2qytT+Y7739?Ny8lty~UeBVP
z^y)pyTU4<%uGf(P1A<<mA&m1`Be65}79`a1bp<rx1TA6&AxAdE7xP$z_kG`K>d&SZ
zmLz=z6hhkp*Meh-v*+S&Si{|XsN2iH(+@D|3RhD_#y-y(k&u1xwv}waB5=u1pISjR
zC;2RMU*MO<zg+qUK3?()HeE--lF7i;uiCQynpqy90WGQ{u<{j4z83p~thu*6S9IuL
zsT3^bg-zT*Ttmi~l!LIjd)WiQKq=+lmk3zl>>P0$%~P4Svz9@Kz<2Hk_`A~f6(T`N
z$oby7BUxD{b{4zbq@|a&(ai_TveW6fp>4OwHND@Y%yM?dW5-zU7~NUmcL-SsYr!Tg
za1wybJ|1q`cdZ{lrY+-EmiXveY`orX3aLHKpzaceIk~0z1O5uW`wr{kGqlw-+Y-S5
zk(Gm81%~w0*n%ZAIfW9}#sbS!{$@=y8je%L(&Xm4W*8#0_5)h;+lwV-$T}l!_<OeG
zZa%)68;p3ke&ZXJwv)bR2T>QHl1sSDLDd*ItSxl-R4ZX$_IkU~xIOeBaD(TQpEt)%
zGz)Z_R%f#pS|n9l-iue<6+WN4P!xkq5fms}iR8RIgaZxPh#h5h#`$-i?E)GrL2Z+2
zO79B6yzyxs$d~-hzVUp`Cf-wLNHC|+UEKG;xgq#BAOMN?w^9UIDtngd<#u0)_)`YO
zKSrW=#f)E6afa3Y#Wv55xUU<nYHrIsLHn;uFF<QhC*!+ii-QtFXv_`2&0|Q1W@2Yq
ztHM^#I5})ydXDNHkPl}PDUbm8U`NqogOpI^=0fulx|C^8Y$Fyf4LFlY$zLhS({J`a
z((DQ5GZjI(awSP6RY<ra!>*)550&U;F$(2k%Hfm*X3zhLOD$NA%rP{afybISj9z-U
z=n0JRE|}A=ofr0!)fl~BNVy87B#q&<)|zp_XxKrRjVKcj+7bQ>d^x)zlxI3)f6t7*
zI8FI-({yA$J1uipeS7rT*q)w?wXZlIrMb>!%7PTR`wbWFZ6BWNsk{PhOR7ZIuyeBp
zghhXwC=pi(?N0gy&@%lde(NUqsNqdNoFQ}YH*_@a$YRFQyiJLzsv0&LXlvI{?xw=O
z=d-YVlzMArBzYp#WA?YckP@f<R4lqpPp4$R#ePSi5%DS20>)V<=R<<wy?Qg3rK8a8
znFMlO_R|iyYO9YuC5aw+fLm-Hw!p<>AM&6=3aSq|lwCcdu|E906fP3Wah*cWeW|;|
zb+BL`&RLuOO4%RQ#?d9r`r&{GopQ*!Pv0MvTk}wY)OXIdBi|lk5Bbl~Z_@QQ%jEf6
zN^yZb|3E?@TC06)aB&gh<n`YcVm+gjNj<Fq%2=%C8}(wukD?*Za8_Q&cjd#Ly7DKC
znxP&lJYH!o=vbxCgyCdSp-lU=U$XG^Kn}S@6g5!VZlf&-Rp%DQ#n%GRO_uY*bv_I}
zh)Wzxz2;}SL#6fnLI)ABu^dBFoN84JbP6tHiDCNM0n;813Y{wo?@cs`G`K}iA9v`=
zQ!xqXVbAGuOOGR-%gD0R7eNLN8fQl7UCozTG0*~MuG^fuYWZk?tl?CCv$bnR74<lH
zW;96RcgX(8+`FljsJ6)bMps92K%egMk-O28X>8F2EXXTLY=NB=BX!u&(GjsCcP&*A
z=aJn_T8=e}IE6+Zh4b}A;C<ixGU%xLDb8sX<pFSzp!pH_q0%ZT1h0n+co6QF(Bu0+
zK<P+0w#i>o<f>s^1ZjQQ`?&?hYE-{qE;1|MZLNOKDoB=wN(mVm0ZHaRZpoUhwx$e6
z3VA=w`?0Nho4B7j$J5y>MkTW7*kJL~FplE0ehA_C%=1{a+3u}#QPu<{9tRNac;dah
zXuxogj%$AM?Bz|+=qF?5II$(2U<3bz?os0-L(;d`T8;_9YDX!#TKzjq=2wm+@sb>&
z-PfwgGMjt-qhdL!A}o#-0xyt8Td$$CQb&TjD^wjJmEmIB5sL?+?&%Cb1XRD`*)3eV
zztFp6QZ!Gm%B?7%q9P$VRdaYw!Blp80BQQR%Q<Nf0kcjtC$=s{7wpyF^@9AK`uYpp
zK`K5|U*&IHo#Q#QMi3bV)glN)!q>yXwV;$RoHbPP`%f&2Uda4m(5sz;IPfW}GKsq>
z>hFI!l<F@?{rH7^Ubx$WF}+|TV$G%!e)HRX>CQ?03cI-D`=YiD*=TY^u<`tPVO{3#
z+-$GV_GC%5+T5=TvJa}mxjC3xpKxkXrS8=RqoRsJk2X{63%+ZTPtzlG;uZ8?91}L)
z&P_#W<g6GPz@<m9t_7m2pJUZqE;)c$VAZYG$2)04WC-ClA*o-CM3U&IK<{@Qn>Qq)
zn*#enMp>cb@~NG@{m#{ilwI{N$fg=NY}O}BiJVrOQAfWdDsY@r=Fimn504l=62BPi
zIO9%c4&6T*vm&vVHf*J(>J^RDkl8Uhub(}W&W8Mr{_Jg0bZ1qO&-6_ME5*W}ncLp$
zC`M&iPpl*P1aY!NtR58BWl2h4`rrt9`F!oSFLPb))=3#KG+#aBQ!XqbdAv_zs#a1|
zRl!;Dr#HMV3{>fEH==gcdx3LsW|De8Mf@woiuXoM^-Wa;4cX}5PY`iYhid@wp5I%@
zq~5;>4PC#Do=4dJf%_lVktT~0|G-IKKPUUvi=eoKf~0c6bPOf?No^$Nxa}z);J|C_
zXx{?^s|)q53M%GS#K&h&9K3W9K*+<m!pOJ45?qUWb#n`7ZcPvB-04P=i?(gaA0gYR
z%LMxD`R^Am>ni<%It!Po4!&19H<N9M+S&7Q2uLl_Q3~-z44Ta}{qNG@Y2meD?3tk(
zH!uZnjnnWKGH2^0qLzFxqgd5cr7nYL;AQZ$Qr8qN{A<$BMu&+4!JfKqAuNHpmv{yB
zA#`D`_f-yfOzCZyDm=WO<3xffZnIDgcY$CL`(^URm_m~<cJCvU3kkpk&jk-S$cbyl
z6;3YEGp_IlB5`ibu=@|Rea=1_SHZ@!jZH#C`K8NE3@#Xb;qh>%c&0vZ=@v+FolDRF
z;jz}3CNJ<6_xDVy)I&LvYy^pS7x8rD3-E^^nepP4@Xy7(RHa1F8I#sq8s~h~(3#8H
zO2jlDn+ih>-_=bf^WPsfcxNm!Y=I;F7~T79f2Kh|y+RE8Ij$sQ{%c@36_+tXCbuPy
z0k*YG78ZKh*+t%I(I?TZ)K~rcQliZ*M0tG@?Ia`O+XZEc*5_8<uFvR6|5PA`n7UPv
zirA*)_mYoIoxKiL1CYzW(OxuW4^68-<&WF^{YnY9sQ1ls&F%P`XCkT$GT_>8(ghtQ
zex0bGCPn<_0Jaw)sM5n4Cx9lv>pIGLR#I6uVz{^kh(oIm_n%pUJ-}=s{5#O$`(ppE
zIUU#P3k45_FmehdIvj6<PAGavEy_I(cE5kY)_ygC;+Xpm_7qR@FY;%MRnLc{Q0H3X
zSP0FN-w2Q33;h_*gRFs~E=2|*u2k~&;pE-$H^AOba1E(9MXUyHs4+kZ@$69|ylD!z
zZM|&hz>62zzUM{Xn;03=xaCUZ_naxX8-H}^{20X_7%?P}ecA6$*CHlqcQ)--nU{K*
zvG*t!+(NN}5Q?pgr5F`HlV`HY@z^PJ&Xl_EWIS;xe$>lw8bBs@mu7yhUVfq8?2%)L
zi8mL1_Dla;=2Ij03o0gyX7kD4VJh}N)7vo(*`)H``zo7{+waG;VN7fe>Yo6cc(ZrE
z*)pvB_r&efULeVl+{`~MFfb}F935MdS4Qu?+Ag+fW9M9^=CL|&br{?Ug>AVMHp1UI
zb0)T3w!n<}cTm1N4HL;5u5GrGd{@UF8W!lRKOhEpwq{7q>vdfX($2Li59H84Hs6YP
zZx?*f?Sz(5=vx$XqP+v`ziUJI#!l1{$TL|5-d?vPC@O+acs-s9Kb~(b+1N>&JeMN_
zhrTA&ZYB}*n(kFa0+w}_%l}kzPIL%Gpe%-9>WAirhs_CQ2NO{^8oTa`Lkn7JG)vZ7
zBw+3xT<V_`!7s!Py++Im-5JsKSNwmEsnmC;;X<5s3y8^`XffD!sAjZ$RaUCY7@wA%
zhOT{YWsfv?xvMMlZTIm?TkPC+gSXu!maRe^l2D{U$J2$o=OfgcT!_uQ^MU3EeSXcp
zZI%V{skrgdO366Foh=DiGJg<o8WY(y6+@KOOzCm`<)Qz6(@dqzESX?)cXZP8yp58p
zquA)~BrAK+fv$UhX59v$T1+?V6xMzTT-#hh$t-QDzeh3ukS=zCIi@*OmoKpJ=9wU8
z)N4m#k=E3!Z*dk~$QAErYuw0on~zNSVF~E@L}FAw4Wu!13I0;$SkGQf%~O+czC{9a
zEAODX5(T08mB=ddy8!2~ZsqnNn}H6~^h&Wpy&_>AA&O?sitg@jTK`4BmIUk%AkMMB
zGY_{QF`!ZNtB>k~mu)xwR_-=ky%)$A`BGr3N*N0$OxlA(q(FCps_r13!c4reOBD?p
z$@1j=NUxT9FqV*6ZUnIqm5oF%u~^NVLU|v%vsO{nF9i0gF4&;AJvpt?L`kfe@wzcS
z>2b1J4V3$7<&9sluE1$_3!;=w2K#u{P3D!if!R)EpkisE{#W3=IvSUQww4ytX;}~X
zQ3xequd^tlH66Poqhi+=&V_8oY`2UVORE%1=KZ4}i+yd)<ZDh&Sb3dGtm!=>c4z>X
zG91I7*9S4sdl0)0vFmQuo_Jof$2x5J_7%32QJm6#i_mdhS+uvfx{|{jZ;LPKglzZs
zWD9VS<r}qIjjyaP<*EBu+V$MuSt*~9&z)_iOyXYXCVPs0?>Z?w!2fhc9J6e8*7q*t
zYnr%+%HF#?%#<N4D?_^YtCdriu&hpYhHWr6g9M7}`aIRkMcv?bqIy3VPe4nuoEH;+
zqn3Gtmg<cdMK+rdBjRJ%RD<sOvQM;8wvV3Y#~yqg0(B!qSZXu)7s4+SAB>LU;*y4O
ztU-UDT!e7h_05kp>>u6F4(yIMzl8(T#Wud$B@H2Zd-2kKY=R`}D!L^B)V#2(>Cj)O
zpJU7#69?CB(I8_Qic@zLA}O4=90SARgw$#!-qLloG_Ze3Ht4Q#kTB8?{e`XdNdM7y
zwyrbuPVZNq8{qfT&*Um<Jlb8pfDZ9CTE$;G-GZi*OOb69+|ZnUct~6?V}1B+=dHzg
zppjc)SjWMdZ(k_VkVWbr7KAp_w3J2Er;c#6g_94dZ9*mUac>OdEeU;hvxNJlhzHKO
z3hc3&3~FHO!8HV{_=kN-ZBhoQwrvH&{|FsQE^jwPl2y1jas?2z8K^85fMXvf(e%yP
zUkoPC^s)}evL0n+xX*q-$hF&%svKMMy3wB4;oc(Es00|(ekT)><P=-zzF#{Xr2@L!
zuoSVXKRy}|)1WOKwN~R#_u%Ml%;Ux<BU`QxtCF8XaX;k<kks8<Gx{A8?!26GEo+(@
z>R(Z<5&dC_5<#RIUGhd33TdWryz~QVl(1J%pO&uHOYET=ZZ=>BCM??(#XUOu2?}`~
zZK4*ee~qY6=r9Pn=P&C9QD3&unEQ*+@)g|UzijL(I~VzXTSH_4oFz1#ZAc%fD;*e5
z66jovuHK%7InS<GY%TdV{JrbM2vSjW{NS<3@06W}?b9`>r611HyAqKqR4^RRONlj9
z0ll+|PQY&YsDC}of&}*oClb@+Tn?w&JC)U1#4rfhrZ^bkid|MiF**O}H&!>1vJrf5
zH9xMI?RTOGPY?C~3OM9%4ZF*z&3@S9O)~OsgouO>&&|thzBtUOH<|wp_JobQH)`0~
zp-97R-P2Hj36|2jA$>yxUXuLHTj!I1E}%n4SsuOVgsi<n6T+l&H>PkPm(<c6eBGjF
z<gg3n!^cdd<Ifi|!}fWwJh$hd-*;<h|NI(kCbj&l9@pgdrQa=T>hA(2$|0wv>d!oB
z0s3oR``lftMT9FbDe#z-?orfHACPTRS;Ot8?uyd&*1gzJKBUng=x(M>i<oBX&-9w>
zzT<XXVKdYDeVpCn;{`%q&>>&a=Ese;3!>)z@R1}O#M98-bWz)hf~X6kKAo})V36$8
z=R9Z8hXLsn^fl7w28y1RzDbhvf#}}V-Zj0I5CMf0_!^7yUGt>BTkp9uLQl@DAMQJU
z4a3^R3-QSGjyFKD$6Vy#7;uOpx6RrM{f49h;^d^<xj0mEVcMVp$HPUUU3?z|i}VaK
zh#%OU_UZRmx!wjyY3=C^Xzr3v=9-NI(AIh<3i<^!g<tr206pftnx?M~ZkH_0?hxLU
zNb(z?&?DJ)67lf<g#W7CzMVw$rEZzoye58BC??tGEs7EFWo%wk#d)zO{Y2Yq^!WMg
zz0S+#BiCT`g=Q@=9I~vau&tIg&b`)3bzY3p$`k5MmG34>xQJWAV)-YVS5DO|e0H9A
zuS+~s@_F{TT|-oDTl}W{J`4J+MiP=avdsJLSpV~j8m;bIuWUh7qkt+NuM6tOQK`gF
zE4S76W);9*vVEBoec`r{zh`qW<LCO#iQj)HUS8(QF8?PaVpo)jwO>D+FPE_+<8s*D
zX@5HicJPAbu>nsxQJ2PI2t4cJ1abv;qr{+dVcQphC+2_PY%I0s<<`P{BqzvHpI>B`
zmMZw5r!e4B_W|<6w+x|MMLtN^7m?P@*P;9!gO1gwSx@d-hx2fJkNJ+f*>4N;M<|{3
z9D3=|XSI+t-QSW)>1o*tKa{w4VZj33DFF}TdvTZS6Umois{oI1_&%0cR+BsRLj>L9
z_G?DA=N%YY8_||37UX@EUohh%`DR@G`LZVz0oYl`WvKJT>Y$2}5Z+sKbf@LPF<&|p
z^A#q`t!EOU*h=dPhvjV=9l!jm2X(g7M-)tH1HmlP`ol4jcNo4cWG+2LVzsFVz`#J&
zfnBH9q;{xq=m7J589Ihi3;SuWE4j-p$Drqtr<-^$rmaJbo9C^ZaXs2FwrgVe#uv~n
zgxT-e4JG8Vb1zhY>9qf213C3C*={4@jb1_8++O3P9#6G_y{>{)ok~UmfFS0LyMp-3
z2|e}us{UuNA$hVw)O~x2*{xu9Iy3?hYLHL_05XKTLQzxc(6dk&&R>WsusC-5AMUox
z;!Vzt7tN%SC!LJikc2|K@dG~^aKdAao|UT{rnkeX8p^Z>B7?=gKPJ@zXg<*N5{34&
zG~}W`7Uor>4d0xE*}fg7pCCA965A#}eR1NFlrokJ?$6qnUwgG3`;3S$Qjzk&sHlQ$
zpJ!+eV)SJO^!?#+i&();&(gW9c2MVsyB48ZJpal^z5ZPWoA(#uf{$LJlYX{M?PhRQ
zgxyLX0^e7H0Pd^E+6I4V%qB-RgO_jDSUR}c{!Hz+z8LQ`zA^<=<9Z<<>&mb(kP`=^
zTYGa=Y9z^WJy%0d-@cLxqVWIUM=JRLPHkuhA)47D9&&_@H@G$+wh-HRpyKZj-!UHh
zD7%(<eT(URp>b=!Hg<KGeEEqv=XZ)mw9E1zYvSb%nflhpdIjvWD6xR3ej^o2r`A5c
zzX0vJPa|+W7aRsN{nVQ$F(|Mn4W0WDBTXOKB=RS24XkepJwg3}%xEX`V$N=Z9q0Dy
zA{z6hX4F&4&k8*111iqkEakdziqn~X+Zy*8qh=l&BJ#U%3r1_}?{#%Z7B<7dh{Qa}
zDc#D4)xZu%?JjnHW7P>lr|q3#PFZg7xpd1VrQ^R>zjLE|#D;PuLccIF_Ekw|N#>u=
z3Ap3HYEt<3F(uB#QenfJB1uBbT(5wOaKZz~uUyZV%$L{Ea9MHV=c0q4qbF#}dh8Tz
zza1d5eOXR85j&C5n=k2zcz!NG<E9@#7cDlXBh1pH6?2Ine5XsX9|aqJQ2vn&{>DoK
zp<Y}LvCa2iyj%Y<vD}&?+DyJg@#pj?A;ra;_*9AgReg^q#^T|N)eTpjT73tpcKW_6
zLUf$W$|5^7)QPnYgy^?S*o9AcH(wxjB=IOiiOJ{kTHm-Bo=gfY(~8EWmZ%8c(8l55
zeb9+xuX14R`W}^utgs7B*>ev;pVCrzFO$UJ5SCaj27Om&Lm(M<K9gpUreWWVjti3p
z)v@O=BQs1SgGtg#l864z<G|8-l;Uq>f7SuVw%D;8kWm8Y(=Hrn|CR2T8L50^J3+_3
zlD7PbSNw#HbLU23h{PZp%v#F@l@%}4jmk**;l%CNP9F}=)y{DPjG4ifYAUP)%V9NG
z@@th36*%J+oWG}g;%<Zl2ivA?G#Qx&bH~b_F>fO}^OFGrkB>ChNf$9~361pbKCmkt
zs6Yv?tVBhLLA?NFRLmU%IGJI(XKYC6=?ICd1;tRGY%s<jygD!YuQv+cx8jgPqrKh2
zvX1G>l`83q+?BkAKR+*+^FQs@RB%5>CN?n`{XM@?8GLRF+`e+$EWA|X>j|-<KJH|5
z`$9(J5(<~-BIU-v5wkq6`wZCH%}9eo8;Y{=F?7C$_&Yeju4YwWTVtPs8sMCtxL4|J
z&nVt+_#zs~h(aEG(26>qxi><0+1AKEM_6e0^cQ0ivI|-$!6TtYTb*dLX{Ro4K9V+j
zmy&y)Q3sVc#&~nxC@khU9E)eB)=6$glkq86*eYEm_4{2n(1SRzN4f3OG&%rPzp17z
zy||9^fCx0V)FiN_>jKM>?nQHp4+JUp!T4vTMM%-)e(P-pHohZCxiOG&PT-h4CRrnZ
zG^8DSz!nhcn@gJgqJeh>t1pUSJ2W&);z{M`6EXrfcz>4qRs*Ma+LS=9pYG2(WnY7h
z9qB`SdJU}|*73Iu<KtiMG0kYTiuOSv2EnTQ@uJ?}6_R6Jf~f#<*Mt3?84#7qAGfwa
zF}aVq+9tD83*%}}g%PdC*tJ1+Z}un{>mP>t(X++KEC6H-k7K5zIe8JbuAy%>e<t^}
zRuj4Vh0-8uC7qWDN<9sV|H5{T^cNZ&Nad^J8u%F)I=J61U_E6l-l_S@x)PQmb7j`6
z)U^3MVC(@E^YM%}BuRywlK4HZ4vgwi5s(wcq%_d(wCY(Lp<<zaI!?lXkYu|*kfHy$
zKsg=r=|>VOW8lSStu1`K;B`Mb+T0Eop*ZJHFVr)1-!_r`xb}zVX<FVuj<TjXMM61}
zVAhqvy>2=6ds|R+U#H&ohyx%<yd6bDH@1;&W+IQ#&i9s~%kL*hx^U@_%PMx;kR9yI
zS5g+*Qc%23rD$%a8iN)ecr&Jpo+F7Ce;b<Ec38vR==(|8cQ)hl>-`w%4g&(7_dMe-
zf6DkywA0*cnuzk?=%Wxea6Lvh58DQgcAc^!AQ0EGJS1hSQp)^eH(-Ni6E)zXXS|oE
zvjV}2#x!u73Z(ucc`3fytq&T0)TxNTk-<|i7(6~Ugx>DYS^OF(-Sm%wR2yX!ZFJ#E
zYxl}L25&+eEU`@6^9LmYr9?MxL=XY@7+7=k@E~QvYcmNuI}PJSjrt*L1)5;3wqhWF
zj_Jk)n7Vb81sy>&zhC;k^fK-t-kycrEsiH7{!Ak|S;xE`Atv*>IPlJPKg7DS=-#EI
zn(9AAF3Z?yNI3%<UlY6XRI{~<!S$mze%uRy&x&|f!K%o$2{8HRo)W(Yw|5ShSg>g*
zFWnT8si{K6$H}IftSvj-__W;bc}7@H{m$nh`iwyTZN;vp8p<hcf3_9YgpG>f19J1-
zhmnRC9Ta6eAovjJ%Q<>{ID25%w;@RP>c>1|R^GtPs1!+|S7t^EhVO=t1e@tW6qN6a
z5>ARN+g%UehDb^T*u&bIxbSP9Bhn_}=u+f7#odx`7djPtr9+XSTyqKwBa|B`mK~cA
z!4TBQjP;g{yFCky(CS*aE94z-lY@r;Au>?H7^l~qj0v9MyAD4TAIN&BglN`?(Oq8V
zYCeBd|EckV#D-&q<sr>kGf^KXnbZYk%PSVOGtMo_>W^97kSLqGgg1!q7=qm-DChy4
ze}>D5c3Ibfu_RQEMXAY7=Z{nt%mbtLRu$juEr-^)FfD$IB}Fd_oC_Xqeb$WD>Pa>i
z+WtiU`C}f+ZTl;M@x0BGK*Eo7HNblBONky;OkHQY#o`1nab^x|Z<vz*h$zXF<7%n>
z2qFF#$@N>THHmcu&jEHfmv9AT*YNx^AtDD}@@6$x&C-~TEB@~b4%|K3o_=>4O_Uf+
zQV+UH1q3_E?6*@N%}q?Ml!F~AOxG|daWDd`oVBKVIItMYLgJs#P6tV|46L6!g)GPZ
zWU4&A3qM{F6(p2pt~A7{`97m*I(A~mwxp$n2MVMMGx10{vIzrPt}35A&L9K@M^Xai
z>K5r@xQ23%xigL)sq&dpS2}Ic9{Jy4=I({y6&MMbqYd$Ch{!AFVxz|u-oTC`=6p%M
zJMc2i*%8Rm^zX9W9<po7@mK}1dh#YzFt}Y8@z&@_l8lxmud8i3{yNt?VpS})x1Da9
zmOYu(++^>cGnJrnA^vS$_BbJ+{2vvxH#w2z{Czkjd+T1NdBN|nW^Qw53xdOIRGk_T
z)TUg5(;Y-kqmL1%dQtnnWPKcOG1#ByY4lB($*L77(|Vf_6dP5!)4BhBT+64dnEqOC
zpU4CIr+V(NNt){t$E?ZNZ{cmpQQc~}A&QlwdJr#E>yk*JExLWmuYdfxJy%x+*3<G{
zC)uK3`6vwFqB{H!sl2{=2{khoEhTSkpvrJ-NHNB8Z&WYa+t=(9zk}wV-vWoI7G<g`
z{vBW6)!$Chf1{_C8b1zq9Pt{0R;P!rh<CMBAm`%h($&wJcX?|Y8S^<KY<!xw`U9~N
zHk3w1|94t<C<moDoh1CEJKJt?p*ud6;zZkRnw)Wz=$;;Pv0EMs<*b_RZo5_F8n+KJ
z!Cv#+G+z_yAffFk0hIacLo^*c&OVx)-^|l+KMiyG{VXA+>Rnd9t9I|8R-#!!68dzI
zBorf{{}!!Hv2;$h#5l@=e@;!{x;Nz}^;|YeGCW(n2T3$=y3c^>GxDqJ2;Ll)C-#ew
z=#v;S=%^;X^S@ha<Rapx)G+M<Z0;>-_+GGXyyc><rL+#|KnNzYrf&$u>JpMfi9Yfz
zy#D3QU46yMRw1wOS>pYUbYr&Ox6G1kacH_pAopWF5&G#mm8-AiSpf==VaWkD5x5Dh
zo%hb>ZbSkeP{rwbhR7YY+g7OgSQj*GSu@YqH57VG5*y*qx01Aqi;-tUuybz%0S)C>
zOsJBrm{><ouq`<M+RO^pkhPKy=>lE(R|yMcyB1b|oB2wMl@6SLTxSvQcxdZBDM=?L
z3@8EbkrFD`Ce5C4+n$W0*kj5dEz$%Aop4*PfPcvTk3QD<l?r+&yZgT~5=kF=mtqv#
zGK*j0YC)RX(YqqM!rHPU7e0(OdvB?Q<hCI0C+_;}p*yr<@gLPW2W(M*pn}2M34W<L
zduN?JGLW;0L@oIOuKLy0z%777maM1J)HqI2Y9%`V##}s99{YwyB04ylgtf`hytZ=a
z_aU!NdVLdtwxMxKQUqni`nAEso}Lr?JTzfq9DiG3gsSuL|18Z=V8RAQ@BX+{k|iU=
zL*Q%Q49n(AO;vd$(<yKVrIEEsV@@OcQo_wAez|7XDsx9h?DoVfZ~ODR8nNhiy{w8B
zwZ|Kc%0zi&y?@4gbIRi+qyJS>lPM2;S=0bcMBm(fV0`~rOX;kPH_andRrg(TxpQ9;
z+V1fFfcBd{$6~?ZwzBuupG{?;4qC{4%8`!ZuA5{KdtWkiHdd?7L3uwY)OcU1t{6n}
zP3kP8zF=tCm)dM323a?3wI7e-q9%#5$3Yslbnd>tctw5v)7tjvHvtHc_l2?oyQCy3
zAmL9IyuBvqA+p=u_mC{H<ay&Nzp}Q(34}d1sca9=mu!vmGXoaB62?JHAo%~`hl9;h
zKt`{+`TvhfPIepX0@vSv9eA|jAav#R{tM)XI0>DQLSygM<wPgLBlUR}v3O=rVz`KK
z`|J)w-q6Bh!nxaRgT8`ZM+lYMslwJ@(?Tfr$tB>!Yxdd$0>upaWR~Q-8`If&S3JhV
zz=a-4@)-M4b#y|0VJfKMAJrQ4${Pp$1%VI&^JuqMH~pTGh&17^{;}@43C}f6Y}iW4
zE5qH5!ehFixNRw96KK#H^kX~s72M&pkhUwoMbF~PT66R`3x)Um*ZUvpdzY2h*9ig%
z_h9^|k@EtN-x&X6)uX>iFr0_JK@lS}Us&gJf04a~nECcbwJ17LD{|6b2tsPqZ~LH2
zB>yq<NwW(3UNS<HO0YM@-Klz(a>Eo&gWgPv-@P{tfY})6b;ptQtnbEo#%pAxA}J=&
zONlYPDxd%VPL;eE!n2yYtkP(m2gBri6}MdP-226^RMm$gn5DM;d}tAiEw{inO3tL;
zpX#XtaRDD{MGzaLQJF(Rh6Aki5LjBd22P2X;}R2P78d3W+Wn<I<!B&32o1`bND9`N
zMvQl=7pjpYO(9sxg4#b|Y&IU@UpR)3P9Y2(z7zE!9=baDdzcBgH+##!QFMMgCGfLS
zELuJ>6uj~DL&HCou1~fO`RoCXbNug~YmG;kI8cytz-FvTi!37L35|hmo9|I4H|FP7
zjDDuFx=Vj?W^S50lsJNrXv=b9sIef0QJj<9P}CIUDB|;(0sr5Z;gnL92Kz}<>MCA_
zcYk9)(ebIBiXvt-(B_hH^iLp?q+24UHF<M>cM^>dJrj-!aO2Ee>V0PAH`Q}80THjJ
z(kQxJ+GqehSSR}~f;q{j_zdk`CvNH*oG$69e;0P;ptvQOS&2pZUuHo^A(5<ev2<fu
zo|WLq*JQwcZMU#SnZhM{=#V(OWEU2SC=xFjM_)&YF1jl%uF5c5(95hEbrV{Ve_?fc
z>G`5%>k91Z!m>{$w=&1cw%wcsJ&P!7jlxW?tRD)%qi3z9c%1Ve<t+K|fFXW;+@=xD
zOeZOc;a_cI@eE{Rey+^q+U~B)k|A5ctV;3+?E-}wx~IaFLa9h6p2!vLO^^;7yndID
z&MUk|yQO?;o@m7|e{X#d>A8b5TGL}=G(cE4ZY1{Ves3X<uJ%%^uklco_G_Xq0*6`5
zf{_{-?TY^PmwPUN@d*>ZadY%M`7wJe;na#JIN$qZZ%k03eSZ!sNL?kMIgRD`v(Z1C
z;UkAj9X=-iM~N{0vBq!z=)GLCk^)E)a4EHh>ww_k+Z&_)4XO^^MJXr1{}3a)$7yZ<
zG%YTIsaw5geofFQqqK!r`$(PI-HBvT$y2coLT{oCK|gYUPL1_qo^{=mP_TTW_&ymz
zbQa`6F8MJ&&VzlBrS7l%JAj8VtA%Gtz&;h6dw`51Jso1!fm~O|?jU?H2#j4U$i`7o
z@*ErjLH@e;>}tdholW+C%q4>oS(*!9Fwz=%X~YA2gHeF(p0r*y>03E%1TP_1v|YiY
zNHvxw_0K2!?myMyUjtZlkI}{+h-R+5eJ(e$9=YFNGc1T&PvMbgy|{JsLdBs0j?K!>
z@zu3J^rMSi^GfYNWctdp7Q2EO?8p(bL|hjKFTe~1O#rsEVIp1L-x}HVhHGJupUg9}
zIgE{;8MGvvg?l)NhE}u8Q!Axvk8@M>oJB4Fg6Nk5*<{<fY9eqr(8?LRo!Lb30I>_D
zY&$<rMmOql9CVQlnTP3`<tYR1YKJBtjy|e15#X1`3~QyPj}d_^!RE~_D%Wv%QFUaM
zm7EAgk^<k@>z^}Hzw!p*r$<H-ELM>jAMRT?(sO(4y+{6=pIqwMqnKJfTts1J9rtl$
z)O4JHJU!{uS!d}-=44G-kPNqnml?n7!kdg*`*1#>1W%7`Ape;^M_G*1@CIRm0_;kG
z<lcCZs>ZNc#&DAg|D+Y;i1#1<%iIrTm6N|iXlGR1K7NYGXwk((Q?yg#`H9qOr&~*S
zX5hLPrlhkK!kQJ_VO=D!W_=(@qvMmC?n|wbs&lNxqPpBc@yV8@t`CW*I&~Z=MkRT`
zHXSipb6+!rX6n~E{+bX7Rf;B^3hC9vh6=nI+y_urMpiJotHib7_ZkrydY_$wE4gac
zwixs%!!uOb52Q;X`tN+xsE|uGenn>)F;Q}k<$grg)o|pm*W0&HoX~rp{lMG<58`ai
zTBM`fz}qctKX)N09n^EXj4}EV{b&k4#gf8vWhT$dcngppBAr|KzBL8G$(Fih4}vZ0
zFV!f2_)0Yowuy~-$&MY5s#5l~TNV(^AACl##eZdIrE*Fa`HG5brt(n;9vk10^yKiN
znFTkYlRO7+Rc{MMF^c=J&~8vAgp5<USn1GiL@oomll^rz@N(7q9rjhuaQK_^xjz@h
zV>-aqmUJCP`Yv=6{NRDCVwfA!<DqvYA!7hQWgpM@yI+MpKV(<+J=^*m-Nch@3wo*t
zi?&11@y@-Dg*0@XA{{llO6n-M2HSV&Q+p~!j514HylpC=k&s^zLuv|Nw-3YrJF^zu
zU(c-Jp}4s>v*&#~MHONV=$p2=1k^UtdhN2@<XWsM(qRmo$_LB68n&^?DFO+VgS!8^
zr{30bm92B*@Rd#WCD{v==ojOy8Fy)9mX7)(l{x76SCH^PgZv&)1Vp+h5A0Rc0O1ru
zB9}QSk_`bBT@h~Qb{vOSv`TSWka45a!R-QTy7yC5b!*RD;`JLivMdT(lA?Z5E7K<{
zR6O34r3LPMHpa^U*v7AbUDiLUeaN=~)~vLC1be^M;-^Ahz)6)t(3I+xK6%GIB+Q#8
zj#Bj_F7K9%D>2RK(0hf5s!EYJ>OH{|!DUyuSP_R{x09X9Y_*ei|6%MTfH*>k?Fl+#
z(6u~kosAWQENM=?wF+@JK@Q1#wCW<7E4azsd|SHSkZSQ8JM({*V(33hQJl~>yuDlD
zaT_k3mAZmSlkP&D=zP`_ak4zb%E>v@cqSEPKT0kiH@+9JYr!z=(ge0_6doMJtsX+m
z_>H{ylNNpcec$7?qNdKb#O_?*Ejb^Q2vHn`sUKYR*1n|5m`x3Pxiw0Os+!nniObl3
zmJ9BiwR_%<sYF-Mu4{lSFczpMWh^w`+;A9&YriElIU^+}^T2nVT#Y}F)aE%#4&9!9
z_rzlkuF1XzYx}`s(r~%-l6w}DhSSL;2aEWIgfoH(#e`fwP>{4dN20m?e5nClmT`Ao
z-UMCbuM^nT$?Jv)vSFn_@?Cw4>Jws<4rQ;KL_=?~R!m&)<il#_Sa3{=OS389k4I0e
zY#h=P!(0vGx5`(TrLx~Pbj;L8O1Qnj6yi^NhC7+W3_`c~g1>gyS>6Wu&dwWXmdR$t
z=hy#>6cN_YivV{?7&JAY7tx3!p#(PA?eh?4?O5IV7L){h@<nF<oNMk*N$pdWdzaO*
z%+Z^a^?&bI3Hg_GG618rS+YQ`kj(7$n<VvxuWBe(AJ|EHfNjWVH>Y78t54ZqXU=yz
z=8e%7zY@#&+mF(JIa?>`Z;;+$X+mGwqQZ|t@D*YjlHVE~E?uhMrgJcUnrby+xN^X2
zcBD<}t|l{IpTGt&-Sou)VPmDPxkK1wFB%tp?X^DHM<?iU$q{v(0MSyz2Iz>uQcED-
zSjlRUSmub|aQT4uYHD`p3I4@}8vXVt!SQ;->*+?Tgze}D&eME&OE<mCN?Ny;6iLCd
z^<9wi-Az9HpP$&L696J;m~N<%hN`B9ry^CVwaz%{`m@i~zZF!7MOxgIcX;UrX72$j
zyfdxZnXg0*5cX{<=FfqiHqBaz_EtIjK+2cs14%Yas=eS?lc9dl$%3gyz=Vx-{xIG+
z(c>2FELO;mO-tDK0b#Fm@|j`m@U~%8$8L&{aU<{~A7QX)HtddN?gcG{@ux|k+ylHw
zcSPg(&R#^&c|E!DoEFp&nlPilj?u*<ObK~@Z0^GG*3)MiL1i5|{w`Yaluq#Poy((H
zvba1KdX^B`Q{C_N`B^HiS9d)G)@~g5Bmm#pR;LMk`83va1JQ8d;CB%FWvI@?Bp6w+
zy4e5%4m-~F4sNxb$#yZyfr2V{mbZLv3GN&{BHVs>{Qhy(;{EdIThYZ}SgbvQtE6%i
zr{<jg{MOx;|NP=M#xSH-?bZKp+)gKg7e&U3_F%k7Sb%Qg?c<(y`vYGqSs}cT*GG<T
zO}63x9rfto&@pC~{}sd1J>D97h5OFOtJ0&BA?bJLIYzjNc)Ax9s~@B)agi7zQ|*}8
zNyD);P4$0jJIzmv7QzevH${3f%`MdrPD1z1{J+FsZ9+@^*pc@K3semg)>n{}Me&*o
zq9FB`#^>aGf6Q<i;kNAVj`F`6+Ni_`@o2{Xr1<}#%(fk*KK<wNKH~hAE;PgppHqwz
z*r)x@C7|!^E4CrSS-1{hH*XQ~dBsjnuh_{I@$~c)R<bfqjY5c*EdH~@v5#nrGwGun
z_9$yHg2>6MilD`qkIw%bs7L<}JX?K!1y<)|mgO&SYO2{zjvg^fX&Vfbv3IYIDhZkH
z*4e?Y{+Mo-dgq5XAId%d;|GW02A+v>*qHL6U*at!_F;j)jLMV2RUh~ozKj&bNJY@2
zgUuqxQE@1yeN~US{?o&|i=4dwa1#Ijr^eXhA4b<W>f9XSd`iv2CyNxTEGE(_t0!ht
z#s3z{V|#|skI=WKntfQ6Hg&`$H|(>o8dyUA?SQJRjBB@WD(2&hxqIp$DE?`BLHo6e
z_I2uBpl0L^mskbc56U3gOES(u#<TZ>3f}r%UM9TpEb*1mtpVBtHVr^kBtHK;YMWwp
z=Im!45$F%r<m8+2$7R-@XdifICU`u#N9<Bao3iztaNec2%NSS8)N4k}H2*a{q(G;%
zANRk~=q!Y+HRgZ?C9L?iAJNUV*hjuKvd$W!;!0BMPmEJ_`ij^m88Ns7JyQ#5qv;3_
z<;~!FNgAG?j+o%?qc9Kk=Cc_fSk&Au;Qd?&f|mo$8+8ecMw8@1QjTenF%trR^%qtz
z2Z;Qp>QrD<5#H|PzW`=5X-DQd<5FpvBWr#YHSiYjWE4K7`CMzaUdf?wrK)I{z_N_{
z)<Etx6O13F5~p%QFP00{T-_>J1pg_NsTn4DWxVvO=qDFbV!bt;2WUQv+7Sk9El5t+
zXYH17RtT&_+o#P{3k|oy`lg+TM4Law3>V6uNv{*oC>7Ug6^+!>gDN}m{2@Ma^1k3G
zpDP*;p3C7{bpAQ|>R-6-kui`~{?Jm+d^Ega*^->1u0})@W*4Os33Q?B^C8%=<zOiq
z{cuG$|Ji@L06mK%3)q)Yzp85p4-5ozyhRPZ_mZ9%`?BMtZ*`K60=Kw)cP#0SN_Dt4
zHM~m0S=)17%R2Jh{lh?DU;D9sfP@D_vf}SbBxCH&R+>;~SbG^UmC8EL-`U7PNnBVJ
zZv~?E8($<uqjrny9Lt|3s~9m>6mW-r+}HRE(I&@oL`5x4VKHsv(vh3pG_I3DFM#>^
z8D#TSXv5E2;07QXAp)@7(#fYWyvuj}Z!;1?XFBCv+xly7WeO%}c-rye&vO8<^BJeU
z3h9fja6jwg4{K9gI49!2`&ncQ9nL1<l?>>&8+>n&Is_wAi^vm&T;;;`@x((%bjjD=
z;#brR{NP}Le22zQO}rc3bVqi?l;EbDBEuNAJgyy8^yI?f{d0kkZ+b@noLLE&bL=jf
zt|;O$a?d+kKH^9BnD6fv1fbpNiN6@&Q84Lj$Bg|~n-69NznU_(7SzKInV{zZ!mj6j
znZKLr(9^1zSYNVF_Lcp<X5;<21@FNTe0t=~hJ}a3A#iI+o1R`$dXoT4>k(G-eV?vt
zNKjXoAX&a5jtp82$`9|)Q^>=G&cATWed~tPssg<1rjxo}cy;o5=vT`kdKXB>Wc^9m
z*D7tV4i96DP<HYib&rdyHKb+CO5J6%e}M0bqyR{3b8Kn<{YC(i4xJ(Lo6+nx#nUf&
z<5r}q$e;#xXw?D#^oSH30~Enz-L0_nvkwm;JVAsm)CUnO36>y-FkZ*^Z#UeSWx$Ub
zTKXxJ)uhim(Yb1R&<YNMZN$U0ADZ#Wu~^f^u56g<1#(3zVb@J~^j(f<SI79MZC^F6
z$k#|dOC3jzTeFm#qH)9v^RwxE$+B_`2iO=x@bZn2V{kqxBz2}ZBfLr|4YHp4KdjRi
z!(SiD(FGc@#=d%%#VJd^;8``Hxz1I(KkiWIq=DEH)N@N~$z$2OrrJ~yEfEtNe5^P<
zFg@MNKBYD<a7?w!BPQH94|b8DnP1-wonJArO`?eHbB;7Rgp}6Mdizj~O;}qx`=IzA
zGL0Rw9j`PYMPJv}&jSa)ZwGj(tA7XxVm<VA>Q`J<2fNG-C>ixvI_=D9NbYG-FJ+<i
z+Bi?wsdA6`+L|lMQ>fYQ6_0*$CM+f6L^=MysC%oRxc=bnGeB^6cY?dSTOhc*ySuwP
z1PBCocOBdULvVMW;5xYT^83HFTeVg1<zDRG&DEJY-*f6b-A{La+Oy)ANM0#nXh57{
z%$Dx#C&%HZL&nf?`@Vwo@sqf(c`C>uvB#2zYHIA|bPRNYH3fXc=*iu?_B)Hux<_t_
z1zULT2YAF5m$MFM76hQQ&$~cHfc@^M5kP(yv9$vk8#?{OJ~p%{<@@rtuZlgtPKsS>
zl5^Vf7;z%=>p=CsV=_3(yQ*UEEAeFd_xip+ODrKQ8||qskVK~H4#)3DBIO^5qM)_p
z^X2dy7&kVkaP+LYo3#*#cIAk+N|mlBf^=?IjIGmf<GL_@?7~b%%?a$b<g~jYhRit&
zC!qY#YrdT@`t$!OB>xwzB026od9!m9*l2e8Zgk;-7<$zQlrC>IjQYKdni6&PDgOKa
ziC(TcEp5G+iw^d}p|B(k+-J{nx?IFT3WRpD$q@X1uHe~!3JOzaH|dmCS#Urz|9OP+
zyO?@Vgn|6XIrPQE9pwL`i=VoV@t>}<pLN6mJ{1r+jQu~b3^Zm0)8+ryXc_<Z5I$8h
zlL<NK_(b1cv){ZdArTQ5SKvYDuIsg|@RP}ry1NH27}GUoEIGcw>)ol`m>{(!x3{+!
zlW4GR=A7}>`!$`yiH5Scm!u)N0v>tK5mh|9#oF6i^53UWWFdUUC+D6=`a-O(#x&tR
z)@g5%&KUZw=(*BJ{bWW$vGlek`y$-Ht=`4PMz;Q0zJ#VrxWfR&AZ`+;DgWae9-o<V
zxu~Tum?9Z~($He~2=6@ayi3-I5A8nR;A8XWubk{8j@p|{jx&1zWgv*viX>skyU*pd
z*<t^(g)L#8^MdDFFXhJXK8$HeJ;A!}B4qKq|6z+LM8x^VY$-yjIkBhKajK%@5IY%h
zK0NeSs`0I)yTEW^eGNl=eG}ZhJVhy9BA2#B-q=8z!P`XJIfX%9LF7?(Rr>naAyLoO
zZ@s`D9-nw@uv`9b7Xp__2bmgCJ<rg3ixGy-B=D-FI}Lz@m=}4?b5cMqK@~g)IDX0`
z5mx6BA=P4sqg9Fp9b3AW?1FRwz5vmeZ2wzzF0HBzn%8bRCL^|;M^EI99-#^clB>Id
z>sqXB@$9KDMz&FXsO=e%!={D40G`{Bc0`NH&}@c`@qoh6U(dirSunte)7Sf&jU%R2
zdN~<&aeF9YZQ@OI$i4(bpNlT0&dh~gp*57d_xR#7Bs*xRArBJQ`R{#FfI`+q37P=E
z)klOYnYl~(R^t(E1$`Z^*|Wtlz|6Wkiebp|qvRchg<v)F^7-PJHwTql3^iLNK^Skp
zo3QDZR3O~MwFNMPGo=up6_!j2;Ik}A0zkIk-io`+Lh^eahwi!%*l)?YnCY3VWeOi<
zoW(8u1>?<dqu_UOpe+`|N>llgk8Wd<^CPxdVEvTlfva*-mG9;bpcSVOn&}D9(_fq=
zY->Ql%f*V_HRGq`XFyz!FZ4c~GFfT%MID>)5Y^}D77;?W!@ZPD$V*GT27i|wWZ*%S
zQC6qrABHip{y>4NtsJZ~>ky6G^7gmqpo*l~S%V->4)Eo1wexp5FG)GdC5q0o`3_f6
zH)7bubCJ!Cv?(DtQ=~)#NY5Eqf!8W<UN*#9dNh7a(ArJm<T|M3jStR)0x#`2`!{#M
znbqS*LoiXMWaWgL7!)bz`N6FoC~vqfYoBC)Eg9*g6sg9Ed?fMy>;*7=4V_^gChcXu
zTj@Qgm18m|`<s9IS^9Vcx~T{~-iQ}@oA2AcW@;oYZrA()+9{drm5?}Z_CQZ}zatxZ
zgBfZXMod)8$+T@xze|Q}K#S}=p=ye43L^7_|J%JkJOB+Z_YVBb(OpO#P*%GP87S@=
zd|4n6ydG=!K3R;=*1!l)>7i^qj2eEtD1kr4d5>?$xuj&t{yG_w@TViM`&MK7HJB#P
zDAwcG!4aqlBB_TLcfL<B<aXdZBrM{wQZ(Y7iBYr_;_r8I-sVFqtdzsE@SDoA%_i*e
ztHIM7XJEO^3^=yVde<zh>gY?}(?f>$@#plmwHdl}J8BsB3hud({MGHa(cb%V@6ZEm
zbAi(`w2MyH)y%xn?&|VqGAzdKAIo)=Dh~Z<y{km2MT!Qwtn2j$=E)S)D-=z{jkI~<
zdc~RkG+1r4o6tk><2Y3s{Zv_^Et>h#O7Lk6mA3$S01EW_>EW<|2MKS$Qzr;Vx3;q$
zpK&YopKX>aq?m58Vu}=UjazPt+4;~?nYb@rTGy|34Pa|w3<}IN`HeL>j<$UAR(6<T
z4SzC4qD{o=RpP6LJx-r8oCIVXJ;pVd?1ud-l~@^|yC;$GFQ|OyCX{&JId`sG82aiI
z07J#X%#y~QHU2Q=TU`a0+37t|f83tN@&J<1#sp2HuM^7LeCHQ2a=gtAXg8cgH9`W9
zQaR{=@81H+!k~m5`$J5Ls@ey}6`=eK$vZclIfMh9U`Q@8zv8wcGD2Id=#U0a8|6o$
zsDIF_5&vM|P@d@(GR$5?C0}z@&p0&IlBT8r{oKXIgI$m5(bg=HIps9^<9FH+DD#bf
z#K-t@mLvGry5%suZL<&=j&wG%?MawJc7@Vre6-wE$l-7MGrCrlpsoV$W+ID)kN^Fx
zjFOkwAvA-fXQIY?`s>?E^P|Xd##Y&hQiVo4e8IM^4W9ZsO@SIiWyCRJvLZyRBS}As
zKNb6zFHp#?3xVLe!NI>iyKy~TZ~rjj&+qz`n{%k%umVlHG**kK>$wxIQA01t7X!#y
zA?~jya}q0hP98*F;-=s4xYau3#F%vfRW-Er@PmH@9L1w*CINxZ<Cz^tcqd%uKd|yg
zfJ%L_Hg1Z>dk(2=y?%^3xYbwvlli-ELnMHpgS#Wl5~-zGj3YC(876i(9~x9+gEHbU
z-*!>BYnM@T@!Zu&-D(}1rt73%YvOOCLcmtFREQy?2^_*PCM?_XfI!cF2~@4vz(Qv9
z&+^&3kG_5gO`-aHndyKaERF+moVkzC{UKoI1R{pYHT|DUq?vv@T8)v9Hu!cCOXhoh
z<;chcMoIZYXi{C8Bs&5K##_vZ`cmJGXk4+wSikR=XaL_~A_TE`!=-WSwE?IstUNb7
zS@70KY}NHGr=mi!?}&Rjw^LqW%YRtRp8lb~M2sofkBroF*!l4rF(KhyuOVKxJtV>z
z+{N$ct5DF2(IsRMs_{);z`r+Ofzv53U=YDfouPzErr37TRj_X;^jC^B)%}H3o)5`=
zKqEq&+oJV09UgB=*c&%0lA}&i&KP9QYX=(nd3GvK5QYaf_1UUX_<O*bIMllk1nRA<
zlJryvajZ=Jejunbr998CiC_&t<(^Q|OUGJpj_ndn0SYepFH^Rr`0t?V+p5YGeXd?`
z3Bnue%5Xf0>gopOlyLTF91w(`A8H>T!6p@1U1&yDi=y>yg+;MO#l@Vy*Hg=H!FKHx
z;HlJ)LExpk%+wx6+RqmU=SH(_E2AAk4*~!C4Tnr2JHZpL`afQJ(_e5n?rVhOSE^+|
z`=?#X0|}B_V}{&5Z8?2wiM~~8OnuG37fnp!YMSy4LEiwOHv4+AX+cyw6jI7r!NUPg
z_OE9?!xeU3$ijhc^oFPAzzNj0)JCzq=cYG2VF!NUyj9eZH3SS>%!y9l_zp)#;lNYR
zjbF}0PE(r^#Z|0=H&?`uJH^LGzuIx8nI_9!6;1AXF)|tCT&}6GwSUJ<bo-wDrK3b&
z-nmthzq*FNHVks*7xoRL==|k0U=~*y2*YJtRT;F3vOE5ulg)Zpi=;2)Ms3+A1Yaqm
zXrh+zJ8K4j{$KVbf{#5C<P5HxxMtA1qpE-riqW844`snzUQBgX<uxKbBsDU*TzlHW
z0WPOBTwA>GuRU^c;TRzLjAH*w&!!Dbz@5wQfDcHl9Y~c=<lewM6ntW0ORT0uUlO?J
zxH&cV*D;VWE$`+y=%2`AiRi+U-KkV;#Zr>r_DI7mXHyH{-9`|=pwSPr+e8KJuIib%
zl|S<p3U*`s1P>l@XWnm=H!P|K+G7EfiF%247_(3R_>PT0^bKms>~82I5AWaWR$Nd=
zefv{1QUBrc%FixppZI#VfXkIOwNpX4jZ$&w%Pj|-#=koC$>~ekbLn#vyy)V;APQYK
zFPupC<oWtv&HKZixvu|%g<Oe<?fmMtfp?At@vKTzdrWgL-ASo9-e_RHf#5x<QF{j+
zKjM4XGudVr634b-yx?_zkVQ>${|j~LUM)PaGl(O<s4DN|dfX%Me^N5qS2yUq9_8!!
zgnu3Ms1ucE74`eTzoTYv41aP}#?&S1=ld<$Q?}-Ne{~;^(5CNN+pgq@1P*O={+A`_
zOTKsDn(J^nXf7=NRyI;1+?GFt-Fc^Xu}WiiU{(2zLl_{UwSga%xt@bc5DoY*%nE|~
zI1{L2%zGWnaqGe}^=+Hjrjw76$d2y%yx<iNcpB$_hxt=+|No)pecsmpf!+6CgS!*V
z56%9ImG-#@eguwnB8YH~#8vTa8$0(32!tKpg!xwl1RlO?>oMM!i=f#b0?5&G+iAZi
z`FK&zaF3=DBR=Y#+md)JNOIIz{>$*a{_jo%*)+d<`<SWs{=b8AnT(zQm}g^eU&tbN
z4PH%I#E#+kl3R5o1V}l-9@ZwQFZ76UDz?-DlEc3n0E9DrT9AA0mgYE%19d7WyvDO^
zMFH#D?uheyqMF#PpM4c6p(loBwrKX}qzk`?r>9A^N@WI0sYyFDvOYG{&0N}7(UOyc
zU6|r|bF`olm&K&s#whBz$yz-GpJgEYlr(s5%PG4ps=bj)u7swpKCl;r!!kr7m0vo!
z5G6zVP$Eh-D$3}J7UchH>Xcy4dtO|mv=GPjcaia<dRA?071fRVl_^roA>2bB`6og1
zlAbuPw+m7Df-uCBSPlHQ)?jwJxpzRXeQsn>l{mJe-5vM>wYOtRF`Wn<n?y%Qr&fzw
zmUJ1xhncOSkMje;>hh8Y#W<`XS7Cic!k%b~@TS_;8uaEil;%nhabpE?onpGNC#dpD
zrzzW7ft^N{56*iL|9%?W$McE0^0bFM_;HzNGkH3CWRsS`(aTZCk@IP4uv{n!TecNR
zU2Z*IEiJ)0e}mX(O$5r-y8stKemnDjXE~*7UK9OWNHS%2^EdEb<N=Vx0_%pr_f>vQ
z{`+cH86qof2O-sZ{8&=Qi|Cj7i%7l)qydIaib6a8JDL9u#^BR`K3#YWRQa~E7e&V7
zg#iaugh`Pmkta55ZAU}S!zmH8mfynyyFO;a#<M(BGbaYJ3Ga$a#PPx)eNc<eegCFv
zbt%yrBB<3&?28N4Ef|00xttnhCG`znkuR=`Aqsz|sN5X~BdK|BhK!yd3_>`M`Kqu5
zW-RX}G~$n1X-IZ9#Fly;Y{s}r+Qtlk2!|prmq@1v<3P$pSEg6lZs*t}IIGu{zt#{{
ziDxP*yEdvz1u9(y)hQM<<^gi`C<ItobLjuZ2zSP{#U0uM5+df;6%vV5rHaV|CoGkn
zipGAp&~2oiRBJYi&Pl_hWL<kLX^dl=fPh=dEVXOod$zHlDP-6mW2Md<Qf_I7*0}Mu
z3rou3Ya<kj$u7$BZP2zADprLpiTA#4e%P~`1H+47c%T%xxEDBey;bsGR0Z@qh>2k7
z0i8T8lj+sP^Se8!4CsE7G|_}$`mG8z(Aa$-oLezKJ^a6q4)DK`2s@P?8=C8#*cZs}
zWIaen%LB-W+**S>mvMEqvhKcL=TtcEE%T&_jeM6oL3uVH<##ZZ`cyAUeVHGW)Yi)T
z{a5?UWJnDa;<dZekl5Abg0ryiv~O3o8?#j?`yQI!k&&jyFR65A1Pk3<aGO2fqqV!S
zWNYZf8=v3ol0W9KN6TBVS?(oc8-FGG>=`{6L{uf!i5<USz1xa-tABBjxtHEtbsZ^A
zQjC~kHgMicwM%bkLamqDl`udTv+z2bLEI<R4})i3=+W@q;CYiv3*y9h@2K<MGg>aX
zPIb|Kz4lI1%{gg@p&(x&O%mQfVXC-2LZRcmSLN|eZKF4}EcJ!`V?1!GK9vn}{&{jc
z@8LoPz{xy%Y%noPe)vl@_CfI3CyP<VjybsACR0{ySgKy%Ei;FH_<hg%q+sE6i#fy|
zpR8xny6V9@{N>2RbSRiLmCek0mSCOlO=h|9c6cC@WQuz#Uqv%k?KH8AT5UUk6N{E+
zynr2Ye5(frznv;&06TbfT0g1jp<W!Pwb(zB6#FQ0-LVI9ku-6rcbU5I`P?KE%S!UD
zaelO>pbf|c^gfBpN6DZl|9SBB?Z2wQE8C~r@|S_R`M@}kFL`Sd+ExQe+DCoww^Jg8
zmRYa}yldB2)N8nE7iTSEcU{AY)|EhS#G<mGq}mb@%+5bQfp*dm$8I(n#Ahx{V9<i(
z*-8U;rPq{9Hc)dXPR+Lgs)mBcYxl;8@?;bA?=H$zHK_mwRW&5bp=NMsIskT?P&o9x
zF<=IE*i6-rv;^rS7FVxhH{q~P;?-cgXnb4`eT^AgBtB`ljYYEnKYf1x?>F8G@KBT&
z)zJB&fpx$*QH!q^54|4M?q;DOZH@WzQY^v!&+oTYw$}M4cGM4TO<75+S3{ULXwN6;
z>RnMLny6ePL9T@NDqZYt#G-4IddefS+7pl5lG~g}H_X6rphyI;h4iX_+F}eF{i5i4
zPQPS2GfF0Du~-I3)slobBGBFzVYwYhwf&BrCDa75cEEJyn<Q&1LddF4swN?_klle+
zwX8D)L`l^Mqbc)}>`Ikk`<KUe^g8R9<4&nJjt)xNy;tQs@CEi_e={fB|Fuk6r-oEl
zYP;bz-{qX$gccUaC?>gF=iS;24I+6&D&%46@4^;)bQj0ch+88jiAl;M_|k5+&gybZ
zm-#do@t@)k=I?zPZbmrFjm9^f^wxTR2I~FX0Kf9YJeMpPYn07IW%V|QcjLM-X&Rd3
z5VZoW$8{4e7?KJeovF9RAzynqo!!Xc$%WW|*UFxd#E|(xZ{;_mzp%$O`hC!0;n*23
z*eScPBRXA-4j(_Qj+X5uz$nQbp?OPrSMRKMQhN6IK`Fj7{Jx*8P>V4A5oes)jIy(Y
zt;3tA5uG3qi-x^Ov`Z`YaGA7wbZm+skO1ky4x^ft9W>RSmm0Cs1?I$2Bi3t03>~(S
zrG0iR-^+oNdoC&S+~42HeS6|<rbU$b4(vAA_zq#GJakS0wIk}7PRV}vJFzBxQAP!U
z#sBFKm$vW*p~&SV<*-H=%fF9qM`HG*1LGxTRh43dsycF6N&%bqF>GG<ZXy}4^8r2g
z3af4sehCSosdv9A4X+E*E+Hf>Sg0FKb5rm;B+;5L24d0-TO0K|W<`C+lWzh7Fe%-X
zkn4QatK96fVP?g>0;5-mq9Rw=`>hvD>+ko4T6OiRys>K8M7{kUuvHHe({3+r!ewz?
z4NL!D<!c*6;d|A>yM7|e*{tjoKiD21)EJ~kCl_mX^;*W?azYw8P#eF}X4dY?x2?m*
zgh&D3=4RuBMpFks7=Cre_j!`W6-x6v^A}l07aQJJ;U8`w3!K${R<)9eI*r_0Hxbk3
z@}ny<;)^C2Q>txB=G7~lC7>m#%%@b!PAA>wCX<t};fv>H5aIYjOtFf#%j(K(5TDky
z`s2y@{QHV6U9JvtZr!dhkCs>^?vRHaqjnnV<(e$oDW8Z{Kx^9lt>&ZQ4RKjee$1~h
zzn!B1hhW>dqG<w0(z}egzVM!<x{Wz6w{Pj?ZNY-BK~)(s)pm9j83`wFRoQ&OZ?07|
zG=gyv{=WUW(77+EMUTm_+Z9kBXr*uT^x64g&T1i~X392n#hYCf+kGSF@`{utez@vF
z^YBmKu<8Xd4KB0ef^FP(*lf7fAI`s3%Sgb8Q48yMpsnWICv7o)%061)u#`U6cUDeK
z`ze+Y;Z$^kzb<;YM&SfK5ZKj;Lubd3O0C${nkn5^VOEU#Equ55H8<TuT{V?3VKC5X
zbzkee|CPN197WweIVi-Nm=mli$#kec=_;_49<-+N72>#s89OcisoS!)YEkVMMZ~pz
zy(AqA<EJ8Fa5@iX6VlyjB-AB)STHf~N4EP|M8@=`R`D^Ik@mnMP2qVSygLTih{{jk
zZIdj2{gTfp9Hy(lM^D%HJ5|+X_z@*@F6NJBhi$)twY3(MI*-($4qA2k@=GyD96XvV
zIp+~OWb?z)8s>g*T?jd|OAtz6JVeyXX>79&Deq_gPwar7GhIYfNdlw*@F$gstsB4Y
z_Xerj==;-|GW^7WDV9nVevcZfuesIhi!Q00ETqzR4Sm?EcwK{FRD@u$Vm*_C2KCp|
zHOEX0sae_6X(^kL)iz$X!VUHBp+t!?G%Y|To^~-OrzV;onqNKThvm(nu2wgOwB<b{
z!)fG}i6FZ7z+0KWjtDTrkInQzD5O=a_*m53CL2972}I8~>Hn#VKHgGvTvTH0x>{@k
zQ1*}Ac;kaCHC-!u`aW#KuX?$R+>vVR67MsiET)F#<cz;35)`J?NzG+bW2hCyRcnd#
z7%mFODt`ofF^5eWKjTJ2?_MuFNP8Uh<;CLoJ$lWMkx18UWUklbOf@8f3Gas?;uYm0
zV2#YPNqiNK&z(m@Y6Z@OUI_a5^^A`<e{XLqVcmE3y~nAyqo)%`^|H1<xb63U%!I-U
ztC&U<lIjQjJ-%#p^xzsEpTxCqX-C68ERlW8zzcSE;vEkOfO7LlcwLI{O1b<kL?fPk
zF>N1X-0QNlF8{78Ta@{BnD4GRDGq$2$3itghxY2#EievS+zYWug{3@97&tN?10p-w
zhYuH&xqB|?5<W)-NqlML2CT-hzFkOZ$D?)g*YXJCqeprP>xAlMWF$i*$IQA-lT{gD
z9O&mqcP?6uHkbRV^sP+(b5J9`GY{{1oM2~cdIUXX`<Y16He94ZbNRQHG-l2(^UK+(
zuI(X}D@hOw>$O3-De8b%ZXGkLc+C9Z6X1a!ZbO+VJ;@J-BKn||uxgU+#OJqlwtwUE
z)~mHlfxhNn3@=F&2-<oo3{ubw0c~cGdylrk|3!Qs;-Apx*C)IB55zN^f}h(;G;Gd1
zKab{V`UW+`is~uu?%6rvTpR+1UN$e7$1F_M7nFGeT#9+I-G3<2?})#=+S!izfv}<s
z{Iss$Wp~mgNp5qy-P2|*3oeO_LMU$LkM&Wx$yN%Cq531nxMv=0<)%@KX0`S)`1<6e
z2Pc&37@UQK=$QM2ff>6`<Xm+e+w?nH508c-AJ)i+10J@rk`BfGRkTjoltO(xTGC(u
z)9aKrGO^iEILr5&YH!6|DiG+b>)_0$OHG&EJWXpsU%&DP!lBm^VAZi@D6}GN2uz1c
zxo=Uzj-RLnbSQSd@T(FQq(wFw;!)Y!u*%{2s6sOOWhD{5UR>s^R8@{im_G1kUfwXW
zyV3so-hEB@wWT_qB?9b#z!cz0Iu|vELc*Y^EAR58b&F^9;{D?UFip1+w<bIApEr|#
zxQF<^Tk(VV_Hh5RD*g}2@c%bh_#KasPHkV(J&^S@gp3;@s4)Y|CvCkXpHUlC47t**
zYOx<#n)&6K_O;B)x`|&D0X4QVZy$`@Rk+L3uOG6MIr+X>EFPR0?|)ZpNEX2U1wOO?
zoLds6bKM%}0N{=rt1O37S&hWI&~{z9^~a4i<#!@OiCu1f<w-EDldzMI!jn^3bOeUL
zc%86UK+!#45}1F4GqJveue>gZPaUtm^rQMNX}WRkCVu+^mPCXk^*L@0{e$pK-KtKY
zp5x>6MBor%y1Gvp<<kjTUK-?}hBOiq!Z|hUhRh~8P4E^$_UC^X{#D*pY|(I^lX~<4
zfmpW{tkRw^oRuwZ^AW`Q*Cypi$bvSow}<PezID;^T<}#<VOlA0-s@hb9nXuPW*eUz
z6WJV^=?hL((f}@xB7QWing_-82Xf1m<n4JlPkr>;VXR=B!0nNbl#^iE+43iQe@*i+
zF-8kz;Ms4UKr#=y{im?bMo%$#Z}W|nI(RU!ewCWv(S4}rA!*Q8m&N<V+uB*e(BDzd
z7UBboG0;Nr*XGYJsBX~Dii9B!^(X@lT1fq6G`>YnRJrvZf3bF<c^MJv1^E#OjR?Z_
zz1kz=@&<hZn$!fQ@W5-BTBbvBW(_Y9V$t-~g^%do*G3YJyAccx_oWPtj+PjU>DNz2
zaS~?Qq72psszl$A=LGKhqf#LWma;#}^!b7Ox2M6V)UJf@5-EqB&`~?bGC)v|SXR)l
z(Pn^JhGM`K{VT690m;e7E^iY$4pyQTX%A%erGkvrbf4ls4ZM$m;bV_Dc!=HelqY|L
zI=?_Z9Fof6gs^#I!6s4`V&;hUID&n5_LWtH!<Ye@pRse5N2JKB<gb6@$f8_`ww7m0
zRNTG{K#5x?zyJo~uL)wuQ}Yz?%4hq*d@MAK3po5`rOwy^^iT6HO#78Y#q}i8fXW(L
zmfG;%OT06i{G`0k{4cPAC2=Y*+$!&PR1y!)jIP2+OyV5(R9`R2E>pJI@ISbctsW%H
z3~T@E%R<>#OYXV8V(0-`7mqYWkTsOiCa>PI^e#f;bI3^*$a#%twl@-_VsLsaKqIuy
za+?cccyhsmb~fUR2!D}RFd3sccN1aN9h+VaOkC$xDn&_nR);Squ7fS!?F5U3;^LL>
z&hx%9y2sDcsnC-46i<x}O1>=Jlz7~u>MZ`{pfPcqvGEpez`xo_&nPsLGoTehq+QMh
zN>mEW0)nOw<iRIIcZc`RLTPOR<A=OCkvD}2$TA$C|LM|Z-(Ptg_iHf6te+Q{v|gNc
zJSw4-J;&2hsqZpmmda}J=IXBNk%c5GH{>jo&IW>{C4PuVf3N|$4e@DCwSn<myL?F8
ze#`l<J>s>;?DFbUFN?`%kIhQgb!8=jwdd<F@^1=h`xbJYrx0nTKK%xv<&^P5x2Tus
z;n}LlrOhv1S=koQ*hj*FUxe*-!ovmHA^#dA-}%D&^WSWHUp2@}bn%ih&&Q-oeS@Jn
zKoR}BOz5(hB$G^x6We}45*!lME4GqqRgr_||F(!$fzuP$xUKe^GICH@G=jv7amcrr
z<RZ<23qE~uBtZO5VBKj!xXudn<m~uzGI7M+M(N0#5_O8Qyfg3_A>RjM!}$k~d<Vs8
z<>QC7e1cl+Jca#j&c~)1qG}BU)Hg^_w~s~oGnSBBC*!->ZDI4h5}GuhfjYPs9C?`C
z@3aA<9;KIppX2w{wDG6aRK>hw8x5kT$6@&-moZ)WM!~f*?wOoEkiy3Rf|Fx><bV@<
zhK%|N0TT1jq1;2h4B(9fz6io0K%*7U>yXzU#{h0qfq`I(&5-5sbtgtuDf@=Vx;wFH
z*wQs^;C$(H$8<r=thSty4rN;2@z>m?`$qr1OGpk)sYWPYZZV0~GHdARh|e|OVf>+>
zRSxYT&3-A-;j^nri(BtgZ4Gw#oF~HJ`+?gK{&rpD>^Pjz<S>FG3(&5cI&ZRk7Jx^5
zXCv62)}a8ztIJ;_<RB#pBSd8uZFZ8YxYXV`=1pq6Arj7}88FdjIb0jkanUD1Wj4ZB
zLr_16FD8N|Xd!yf1ics`>M)V#!tNy&NC0l;g=l$J8y$>bxUn_GE-^xT>3nnOY9xj5
zi^V1}oIQN;R4E0ICBdQ%i{bXRm%;bw6*u=I;Vp3P(aysuuLPNCQe(5U1j$z`&MjV*
zQqmE`xpPH@?7llyi77{DhY7Kvwph(TAlOFL_O2IiYYI_nc)z028hw=?rAO!ouf8^_
zNR!~pFa*A|$nD)1IsI<djv#q`^jfu%^P}JN@h7RFwdL|DSh%4VY$UuY>Jo~*ltBWh
z=5UTA^GK9gPlcUJk*}QuEq3cfhOn;6$pm4-@PRWKIAmRsd#PG`c^FZZ#|v#=gO218
zoU?|~+f+g<iB*4^B_C+T#6ym)SIHcru)(z)fF|(0+|Ti&c55YOg$I%S+{R66VTv$8
z&Keoc?y+ETM;C1R>Ipa-%s9>WyrX$~A~6zziZIAzQ!cUuf_0%KQW9(_UY+j&wpZdG
z%wW7sg7AA2=9R$CQ0ioe^EIjd>7xXOF3AFiXoz)=A9(Dn&~I7LWZDMt#Sv-0XzYz?
z9ghj)?!jVk%UGZ*d<2oM;JF6^T=ySIz@xSSYl%AsK?7+w@q`tCb;*-1n#3DtgAdtY
z>o;C~QSj<XLTvx-e~A8l2x1@kfJG_qr^Ag%snD0v5-Hni>lTCtGWt@!NR`b1br0TO
z3L{ud1<xhkKa^0*-;smkS|Q7=b5!<2(1$Q)Y3Sf=3Z?DGX+s8<35)%xinLtGAS;+g
z`bA5gvt1~X_PSvAVsFW`EAwL+YOJ@}(8a0{{^hn6YxS8UIpD`9#=KXExWPPW1nb$;
zMsnXsi<*CxrnYU|*XDc0z;HpHygX3Zl7&MS?f<Lxc!qVylK-cL6;E%(G(0JCtXh*u
z|05U;Nmdhd_16{vD+xLgPLWkYl7z!=l5wp-3nPKzA0E^<NN^=EOGu)LY(p7|;lLi_
zFA$Yh({9$jE%YQ}E=!%Tm$bFT%BmiBuKIbPnf*21fi#vorEZj^R$QtSJ`W5JXtU$x
zr+yq%*O1;#!%rfQvrr}*DS6yoiNW9}^=2NS7#R*#b62FGMi>&0Z)xZ#wkROh`GvOO
zBIR~l`aW4v0d(m?*YZLZyJ!;xc*u$35=>v`2&U=UkgJ!$rAtg^-M?D5Y<3{j8f{0Z
zV$j(cLg3if{<%Gt*y*_=OB|sA?TSHE@TtW57qjqt{^*x=B1B2oFyol47lW^(B?lG7
z3MxBDLQ;Dn%2;KoZP{Wb=F>+}vk|nr7e7fKW-Dp1CC;Pe7|2_z2=zR0_D+}gpQxt2
zbnF;GrCvQo`OVmx^7!XC!=&&ymVg_JVv!`<zK3PY?1U`UdEX{5nQJTaGC{{$^Og$@
zX^|EUy11e8^H?M4J!&_+@N)gy_}OwlE9+U@dxjm=P$WlG?TH5~7~OJI;vqj!v0&U1
zcOz-@9bOKx$7OTn0B@NZNf#q}@25YW_|KVj2EuIhUA#34Je5dSBKm^ZOxpS@w2cKJ
zoLr1!eXb0UbxeffJlbudn~Wqvt;~RJ4t<4WZLJ9jx0BLgffbW*wd>Fw@eulH<;c6)
zu)3BJ(g`|>gaW$tQ{>1_0{MA>invErCGy~-iObQfAY7xPC(&qgfyX#&xH75b=>}Vc
z0xP|Bjbnk&BK;gOkV8%dh$0uk@O*C<Ddzr8d$<c`uL>hTcR|P7{)RvddNZ!C5Oe&F
z+<EW#U(&7{(X~6#h@nnb^kbzWmw*N71Sbh1P06+a=EaqsPCKfkEe4?adz*P-1Yu!e
zb+*|IDKxBmwoBt{mJEP0dFdi`Y!Qt(Yqn$VTMNc&p2<-O`>rHigxzOnYa#wf8;aPv
zwO3l2Mqy0_j=^)=2wasC;aqU4-?fTeD_OS`5w%CGsBRI<LI?J!3qO+kg?DMGsph4z
zHb+&;chJe+fxKN4`nm5P^1r4dg{j}7kC!mC)Qn1JJ4-6*#5^Gq@|{?vTaiW0gGHV_
z;3D!j;~}fjweIC4t%RM%8I)Bd+=lt0;AN)uzmBd6H2Wc<NVR;TV19<o>1I9huhqaI
z$qqeul~c?{;6(k}{0tx&TEJXG(=-s(B>2%*MLpJytUGtVp&AY^uyldQcpi&iUcFmM
zkzts)yQAqeGfBdL_rtGZ?_==3hv#p}Pue^L-o(%DCkd@yR4Rfe)`{cU1Hm+o$6-_G
z|D<MgyvK8Uz~_=<%~O#ml?LENWuvbs7m?6f)a0Qxs@!nLMy^u}|87@Q6b#pH%uIKW
zt7Nuk-x?m*M8|+Cq|n&4tMtSD`<$^R(vb@7DnhLBinkYU>n4j1xdqHsp=AngjJ;hn
zrd21(SwG{Y9z0~4F)+BG#|oy1mlIDCR)?&2&E?ydkdqWn6OQ4zOKy)sFP)-`Qx&4{
z-&A)Gt0IiN`G0K?Kp8RRRy0;>yZYIkU^1-5pGMs!-HV53ptSNU{m5G(waX`rhTv=z
zxRo6~@$>6f)`fatW&%rVp{A*KneH_}JlX?7M*5-Vt!{z6F9JpV7m0MsC?hB3(!1cc
z)+=f;!z*>87Ai{E!W8d!Fgc!rp=hHKr!XK0E%Is3`z924mHCYt6xJwATe~y^zluLz
zp2DS3Hk?c%)Nr<{0uX3HF|5S^pQl2l$VK8~P+U#kNU()G*M1sW9C|MWTgM5s%H_-W
zE+CDb#<N|+%uHixn*>rEVg9cY>ob|EFBkc9P@8rq%2-<n<DXGI22(E-@OIdb5>i?H
zJW|JOEqDW2&~sUIgXjXjwqAfq5_~1EFg*CTwy-ErtQjXW$WBCm^XH$6QSACpAZoFV
z*olBA*?|I*6jRK1kEr_<Unks_C5^#$H$r~_H&(~<v+pAe3088rHC^q<bE9zZ&Pn|S
z4x1)kzHUf90fvUetU;Fay585O#ZuEL0auy`xlmx@tDBzlS+3~kY3o0fs7d`djlG<c
zoZcA+j(yr*S%f$M>BznD^{&BOA+v9G&%ipdq}>44Aa6K#PlD*rCq%prt5kBdvz~MC
zxB!P|&3E*B14igCnwYu(V_z*XKVVU;)-GZAp;d~*s0tOk_En8gam(E){-&&v4&l!@
zhaYID5Nr;wRrpll_~`W^d3(AD9Y-yr*5xoJZuSj(Vcw^p=y~O6qtDfurlqECD1qmG
zz={$>RyG$i{F)~U6#Iqim%}QmcLz6IDZ}JjD)4F{(H4m`AC4hGghxrqFcs0q*4MT!
zcCRDFSleuUcfCuX2(g|nkg4$<Y>0<xSEfeuwOM*rKQ5uaDC(tH$AU=?1Y-MW?6ubT
zvA2%bJ2>)C=ul^#3EZ98$aP2YDU55!6*ffif7_?Be|(_r-Uylgo)xDrlZ3_?WF^Qg
zxCWKS%s7>BK)a8<CP=`LM-;kb$zeMo=DqvN1W-?!pjU}&sd$lq-R>pM@AE6cid#o7
z(|6sudsPI*(Grs)RKRSLl6dE$TxHFvxK&odqIpW^I~k<)xo_KV;*0OInIDg$xBv9Q
zRR$jS3dLk;SQ<D5i7u7byEN8PHj1!u1UZSOzg3zPfuE!ZXjw2QFCXzHPEO;lZ81rD
z-QWyQuoXeXp-GOXVRo1mP8D@^bt;d0OG~n>1fLCEP|jL3Ub<TWSA&l@C9GTCM@z!q
zoqQH}7~$=gB+*<Psw&#MAzjq>L%3Qn5YW;{1YB@NNb^M%s!4w-{q`njA+SX7;;a>J
z$%@(e_^`Bwp$pzBE*|~ODK;vFd+HT|vRRkNR|LnA<i#+i+_f6RT*83bAPhlkq`~Lg
zfh04^9oyDI16LM*FEcy^ERMY2tEi`C(gS){5`+jwtlx-8=ua3>NjEr(dFrkf$j_g9
zA6qbo>nmlB9tX4q$Wa0b*xUBj3Y>}%h%4$y6JjKEzSZV~e0RnR8?U01hC}^)$=jMp
zRC-cf%1IM0b>y=<!#P7(R`B$_`!}4WKH(7HGvjzFsN%9Rm`xeap(4VypXip-xqR@1
zd6WsUh2bGgSLX(AVE1KKZF*4S?Xk)VH%9^z%g@QvXR~1qHs?b<_ylUybmx>AYZWzT
zxJs`YDKS^01?EnY2d|<r<)EzE7TTpu6@7={7mh5mhbrRC`zgn6-XNw6;U6^L9$*wq
zbq%lX^wz=P!&8@at*+!H<`kG%fvH&^q9~kHcHz|uiBs#gi#KQDtq)&H>bC}nkw4ye
zD^R;f^w^B8-@NNrkU8FZY|!H*ojkvWsalJ%ku`M*^y=%!AY4bESVJ)Lx?<FyQN^AA
z5PpBVGc^C4Ix6vz7g-JS5?PO47g>!)IX=GnC(kLE*>W_P7Ll}^BWa^SXQ&Ur#qZDs
z%!#`{uOtDUvNtmyugTNC@c<QCWVhJ>3>&{#1`Vn?u7=|X8%4<Ay-<t&r?%Rg3V+p1
zxjJT>^;M0;Uh^}pwV?zbA9+p~0I-=Z3`8~S@RNix!-p9XcYa@@?k$yeDPwIz^300s
z3~&!k5qk%2S=MZ-mE20Hj9_eV2Jtw0-+f7xmNsLAmsp%8OupXZ_HXqi%-izCFyo(x
z{DC?1BcS`N)Z+0uZV}+Ii+&qlE%6f74myTyGqG@>8Y#DCE6}6)!SoK_lR-MPF&+5l
z)XG|=hdpbpr~+yd`Xsw1*ZS_t(!bY|<wD;NYjTaJIHn&nYfqgR*w5p&_dBZHRK<d}
z&IS}ZoBLw&=eYEU+lf^8llyhCrukKCpWVXD{$GW5a+gTdS`%V^Kr_~65@1*2`isBy
zo!@KkH0$o6S?0}!Z_X{;rvb*rUk<zX`0VlMJ0ShI-Sp+kT}BrGyG4TvUi1na!OnLa
z&T_Drk(M$3k%<qr=39^%pQ&hWPWBC(4ZCB-03&#nCvxvZF9S4G3VSsxM7q1)uL)?=
zD`2k|%bV&_su}4LvE1#+*4tZI%LRaIH@)|}?lL>JB}a^kEi|fSJ~7O^J0ww-D(0*w
z9(e1DVfZ4rJHPQARQ%0Jsrz~nodSB1AN+NqPs?HE2OXvGSCtgQfYOLM(CMe$;uWGG
zO{F*!`~<NfT{B9Sk#P1@1aL_2)!)ehJ;ZjiL3xp#n|y|=mD{$8m1YQ@DWOOnO~w($
zd`-N(ABe<+R%4GArfQ8O628z-LZQjZ%1~<YxVkUUJ0Y}`z1s~a5$YlIz53a1UvD0;
zi@RwF^O*%Bvk;IIh_66xm*AE5uG!;7qLNgv4W7&;s62`dlxzRNo{5##7>YT%#V>cM
zbtF+XE)ON$h+6rBD!LrpuPulojO$6OGS$lRhVS#+B(~n8wNvpw2?*=*m(V-U<Jhhu
z0=$EE5!`+6@ybw7!~QWbIFBpgKVIJ{Xxk)>)VM6LxhHb<-z0}$Mf`1G2H*@eB^5mI
z07Jgu0wQ5|p6S5e`-RX)O{}P(%lzO|8{#p&K14?z|5!E_r(vF9HrfwkID96~_l1Yp
z8Nwbm$34*&y*?zhgUex>Z6>k)4GKYy&#jzycVo@Ie(at*2P|G@I&8?agh*6J*0Zoq
zUT#CMPJv;EK`TkHhs=L6*02O|?1q4GC=}&oIQfj*5y&zc&V_E`8bJh`TbnVsmJUNS
zt6~7Z8V29iix}bG*)H=<VUO2uwU33gSW5cE#jP>WO<2U+D~U=xpYulIW~Z5n^sNN<
zd+ZawCszJV#<0HAm4ApqAoLT1Bnozn-1Y+pPu(c%UX5kK*{(1K?mGP>mOg`o(U;|9
zm9j#Q*v_8`+5}p**qXwvSVnIR1Yy5&B$H6wNm`Nqtb>q_UiQQ$44R?NGyWMrC%YqE
zd5A^Z(OK57gz4q!CjM^WmQJBD^nHcPGXfA|mQ4(IU9`Y4D8K)kyth3FIZMFLY&Pc7
z6>7<f_h%CR_E{qtUccJggYtGh=ca1A40T4u-JeZ%viV{3;woUM-GkEhZ|RBxN+h`Z
zskcrC;O2+y{?8|4c4fr_{Ad%5{?KznY&rWJ1k&5ydz%M8I=gao`#eDUf0m;iJ70J^
zw`L$Q=fh^_G(&@!*5dpwUtvH^<JOFoYEMnVcQ(guNHz4_W|vh^+8y5rzv;ity=6Wg
zb2C=P^^dEq8=uQJgJ(j+9-X&{;)SteXx8VR|7w}kM0j6RV?P>i2?`n&N(^i<PWT2<
z=6PSRzNSK=AAG-=;ERa)1htI`q44Xtp_tA9f`%*<+44HA_(@Lo<31OcBp_SrA<YRg
zt>mXm9U$ur^I!iw4hNOICZ&8m@aqj9d~mm?#@m#rfOc<C37ZlJ-(h(u@a1wb>*{`G
zs$lmuEolCmQ#Tg=ww*6-j*HrYw}}8;A{xSd$^+00!oKy$UwN32Fj6hZEw&Qy`>40H
z&F)F=yA_1|@p6HlG+bL=pQH*z#<|m>Wy*IZAW+xp)sj3!*=85%$*+~{QFTIu&!V4z
zet(B)AyaxSFPAn2shz8&x*&Abnh)nqrql>m!FowS{ew;!c398=HGAlRo8`6A{Mpdk
z+reeBnl1NQW@o`D+Bg4X?F+s~O)zFw^z!FoM?EYLIF`j8RXX0LwB{=c00Zos6{4sx
zY;Z5p82tk<mZk|lH|a@>j!Q^hIpkN_8rE>OT&$_21Z6?m)Ks`y>b^1&;C}4_3~}^w
zX$lKL66TX6lC*Yc|B`nZy>|GtW+1kDy<dOZB}+U73IB|T?JX6H0tAh7B+aaJ(I(WE
zS3!HSlF<$X2QZB4-4<YGb@qiS3X%-EsmvE;8l*|!tN2{lVv$yeMa2G@*oix)eBN7-
z0X1AVCPo*sCiEgDy*A)y-J3b@C8T7|#WJ4n*$PS*aqky0q;NEUQ<WHX+v+8ble>ev
zTp;10I%d0hPrXX;lzJh_s}TMb!)4AJp^-D7+9qm{PSco%$vfI*^7^B+bp^QWeAjq%
zWHJ1%Mnibeo_E-;fWO>4li1pZqjX+11Vt_lpuU&RpBs9#sV6abJ73B8{kKfyu8+7p
zR;eEcZPQt*QibGfmdh27pa4XFPejz^-bshs>`s8#Mxqm;bh=h>QEkUs1=XrW9Ly=g
z#P4wuoS%mmf{c0>N{A0gZ&BpR5#~%m?(lZ@qcauHGLc(1KGS|h=GOK{TM<V8exZ^1
z(1XkjBV)r^2E!lZZJ)kQr>}EO)yyud@4ZDA3GY)lHRckfzO1^9H(N!?WLqPKut3`k
z5#tDxrkUy@cZg*~KA(zSvJv-9;=6(cV0Odax+21U?f@^_x__xwhWJf-z>(mqG=RLx
zfIyS(P>;Xc)va+@e5+)Sl{GEOkGpL06)r0!e-GJ#V#=Q*jk*tB7Ztm$uMv&#X*Iz@
z0Q_vYa{&uVi-NP0EoB&+-r2X%YcwJa4FU(KMM`Zc#2GiG1in_rUYB{!zy5hgP=5iC
zrzfsI=?l8V?}0n^w96m!JlvEj5ab%~KX<#nwr3^(wvrK`+#fhayvvX;zSqht5?olI
zNrPR7^&~|WG!sHgTfkr-DR;ZBys*~H4)fr8=OkKCDYY`z;HrU5z`^5RUaX*{8?+%L
zzTqseG(bnNL0;g>lL^l~Rm2?HbcUJl6AIncGK#82eGu!DmGkmEgOjsr&~3<xXU7T5
zo`g)#MvY9#aB%kmuD7EMMp{|-oScM0!y>r6nv-9w8jlPpm750UTLWJ3uO`n7M!(xC
zjLgIRP(Tb$$Zu6G=sZQd8fZcub#jAt6~;>xo1~o}iNGPz{ei!UDKf7eB(rt@4)qjW
z#3d`QX2;d%B6eu+;t4Ix;sLA{^9|>empPvT(H1r?UFo+f3kkGK`b)9h&(3}IGW@7C
zA#Yhy5!v>iMym-h<y@M&{d1k*quq0ZMY3r!7z3@w=JkW~^|8c7k>P@ufa7!gQPIaS
zZb?Nq95FE!JgVd(-9;JMz2!q_z45f++(>!oOg!kl!H1fKItDGGRi#-=Oc={xZFssX
z=TY)2hiN3n499@#u~NJ38B#E~qnh>lg<xYfa+)`btmR9U#?vTIN=CI?@tPXcUyeqf
zszT6BeqoILKa|7z*CYunW;m%i2C$F#H4Rgne-YhG??}7^7nO41EM9KaP+q>KnT3iF
zwWm|!=$tE7P6Z8wx}55cp#A5%pxg(w3Sk(lfFl7T-&bV!6-9>1bR~7*ZnMudY&lC~
zzqELp+Y`@`kOK<;HXG^N<ui^`9ZUHDh`flG9#dz6`b7Lh^d81mfA>HfQ9vZP(T8+o
z`;PB<VtUxa3uQzhP&%ie?&%i9b;Nhh;NEd#cia2qH^E#TMwr{8YY0b>(EV&5P=VY+
zmfrPZyfjf*@r|MT)T5d0{#2rZ3^e>*LN`_(?1QenHt@OLZq%&=bJ^XW=2`Lm=h`)w
z@1`*BLxB9?zwXY$oBjp-FgBAL#c-8(1L2MDBgZUpagnts-#D1VI%@}Gv-Al!LMv4^
zk``c9TJYY+Bpkx$mScg&;sFIH9_~fbNGFNy&)PHgC-%2JzI2|dK6U!}7TL4lHWoG)
zGod^mb6VeJ4U@MVsUtoM5<?cJNa*%fX-QFtykZ-6e{DU<L(+cWsA!%OUfwBYv_w~8
z(XWw)u|?>@?j5(66NTu~;qDRLMOKz0K;q?P1wyh_kt?#fEUjDg$fi7EfEm}pljz~!
zrF_(Zg(+MurQ4wcp$^)528oyi92KF`{iv`BdO-E7aScmBjXkf#mJhN>umnu8KrSu`
z)pPe%Uc~cInp%{tu5s;IMAs~&3}SjB@KP4#BJ+t)x2FvkRE|0fRZ0JES+~*pFU)P;
z^|#Iq#hXJTk)7P0h_TQT(a@$K6S`1cF5m<l*M))I5H<Vfq5zwahM$b~<S8D{nn+2X
z`0>Q`vBjb<32L)XWG-!Og6}@~kF4YI5V@+OS;eVgz_e}Cm{?%gxqhQFGkn`kNEzaw
zo!qz4fr#>Ukvl@BG5siU%$j|Aa|fMpVKu_3cH#EPfq90%p(;~6kz=4k8>9t<0H(mK
zcI0fd2>eB^(eb*nj?cl=K}N@gsD0>;1t3=bX=VSZ*wEoBYASK7g>Cq-G7(8oAR2=#
zERU<HYXvI6+><I0dO8Y{epCUrPn7?GFLw<FDn^qz|BKwcC-8Z0Cd_vKwGir6gp`K7
zVSXn4;ssvF=?Nj%DPQJ1H!iAA2#Tc_xo|?^+p$xF8~#`~MUv1Ia;K`Tgawz+DffwD
z6G@G`<C5=OPMd^MqT)!D2*p8LJy^Mr<zRc8IE1UklJ8ozz?ERh{9W!tCHIETueApU
zWRvGn=nMAcx^B#Osp-UP&d*Lte$gx}lXvoW!}e+PTQWVGbW6V1p(E+EV0Ba|+t5+N
z%f*S(y7*(vpI^VK9;Ri5B1xKLnl_iycUo(4#Ab%lIqSP{crm=9Y+*@STF7kgje~8v
z{@FZFgdabU%lPPiN@ttBWHLQB76^dBQ4->G<g^@H6OX`IJ4R~T`7I+N{-9T}wNPK2
zw-rw5*9^YpxIuq;<OX=1ML0>PZsqn|`vzixGGMFY;{%V-(TC5ATx%?~U+*f)I*Q}b
z9lFb|aO?O95s-JMp6>0^o{g|hPLl=C<hnUJ_!LZu{eQl>NU%_D8L7!=V#M$>;cfj(
zP~28a@`G)cj$*~880rMIYBSXyA}4S(0gp3@&MN7YXt*7*1D1~${x!_w+OpzvThU+w
zy~y)ZYd4!`C^EfT5D2*%y*XnAf7e=M_H@BjhGm2P3^1NmE+t1zY{`U0nHNW}asKRn
z`^qjiO2(E<UhcuD>Te_^f9Ha={3W1$F7)7#I3A5uH<M3TWA#XX#oEMq_H*6U<nTBl
zYVq4*Dl1!ZJYmyOzVDr!zKQ3Qer!G6(0vXOl?P!W)tFho!X#^Q&fOS4=>|{0SKSgA
zQ(PaND2+O6dGV_aJt^<23r?!`+X((fK0{vsDWty*hRUk6ZIUX~38H79e$HJX=B6w*
z=ggj__zl}gDaO$Z28VQeczp^aZ*LyA4C!@%2yURbmYBj@ZA4NpLjEOh@T(=%)tIPl
zTsZ@b5E}_gOG!lf6mqFCM$(=j@~bIgu;rx7WrO?CUzdNviz-k4r6mw2X1Ye3DzV70
z59B6);7Zg2W_zIWj*n%=2`1y*cI0o5kBQkTq0jL;&D2;Bx3+sRfsf=uwTNqJw#n?(
zg#4XrD!Q17N%<tuJYG!P76)We6MI|ef!^RH2x}FC;CgPTK=R=FdYmZXNttO`r>}=;
z$zqz3mxzNi0{y{<zcdOh10Z?@FX9%HxDQ)#@I)XV09ZTCEX_M7Wm*R%bD%ZdAKMyX
z>#(h28MN4;5}ly1uT1dy%{@o~<=iA9y3ubJ#8<jS_=w9XG6yyzX-~tM?99Xxx^p>5
zcf&$FWjm*QR>qZ0W`>nG&3>@`-xdfZsBc3u2$_VZE>uRwLtp2u&}MrmL*Ke*dfeDA
zqA5|Q%OsXhWp<xadRMw$c*or9qD$X1!FTxagzKN>4c91sPBbkc!8Ab=ARfCde+R-c
z1?3Dee2m75mQftBUDN++@2i3;3AQbphQ_67+}+(B8h3YhcXxM(hQ{69orAl(J2dWc
zaCzs>{7uZyo0!j6e-%*~QIT1dd*@zjujSw!1SMCsS)G-6(cH;>6dnmd$;kKz@GAr0
z;)iW<^~LP^tV1q;WWzCwfkd<IXM^zmiqwm7ptL*SoAxuB!yFj+baZ{A!oQPxOr!A+
zf$KhB^v`kOAA}yfyp@5OglHz|2By6XFwC78bWvj#fVVTM-is&BJEUH0xnMF<wmnj}
zA6gBMclVr5?R{^TI)YfMihu<?e;O|{+9mAc9-S&4`Zae<9g{Jms;&6yDl6|Flm36L
zXH0fR{+l~t<S~5&EU!(%QZM{~L0e-D5gMtRgQ%?&Hdj)w1SmM;U)=!iK=^V|%2}LU
z!GjuJhIJ4t;Qo~?%^qR+9%Vt$n(xp4>n_+=p$8X_I#ZpluJ6yQ<HAWCw(8;@Zhy+|
z)DmnsH(Np3R|~CU%A8spJ6|)@lD66PaiG!62XEcLes)&K8|1vBEA8?odJF?Qu2A45
zX$#spQ@6Cd$86Bk9SYs9Jx5^^_YVO8yF~kI!@CSj^*~NUafL-WV$_z1W2}lm1{kcB
zR=CdSPyX(9O#5qggSTkg@&@`@m(%d;D@n1;rfHAIiWY_J$^L$Bx?j!cyf6D6n|Uk;
zC(E#?N*l&yot|x|15+fpwY;o9VPJY&J~Yc*5dw0Hv00YC>Cae%SuiWG;wjzEe^l?C
z+ZlWRZpY4_<S2w`OwA4{S^6f^n$w4bGsaR9SzHL578Q?H*tP-~!i?|)uM-ELPko+#
zFb!T4=BybGJ2#3Et*=10)~Wb7>Z|L>9-o}!8I3wj4~5a9{c1xg^D<Xl*5ww!HOhC^
z!BZRDyFmohHU6sI<Up;zSo3-ujCybaw0kowg`f4|`wKIV2iKOcPBP>`@jm$%3k-tv
zo%KwEi${N~=p+VgbW-fE#~D7KMlX4o2-CyounO``)EoIz$yIHKFXfMUIJ;1Di=-Ma
zQK@4(voKxD&=q{&toNI-{HK;-=-@7zyc|{AYD$AL;;1&TFamz|ZbQqh8ov9DAuBI%
zTU85=%~JyzpSo(>3D#4}mlEtrRukb&(xkeS<@PR6iMw9+Czi#~QziSpLOa;{H+zx4
zXoh=p%qk`Xp=9-FR~IOuzUT7&|BeGMz2y&7%3-)UNc!QaeOmb@ZkL6Gv!$djILm?k
z(gP?8$_@||vN@DoZojPWEC&(jBW@cF&$nqWbi6S)bo(8yo2wm^uTjeoZH7?1D?K2c
z%pS`7BN5OTM_%^=Z*7s2+`sFaE$xlwAFSFU^;RBi?50cyu6{1VZhBUshK8EtSrFgs
zmzl_%V~0$Vz1@DyIkknp_Wd?$VQqzF&qn-oX-GBC>5szIYLBIlxKlTt>B#nYl0fSK
zk@dvq0d)tz5fQU#`}c+aLKB0Ny3bJARIm>WZDhNY{@S@FpHo(T8*t_H*+qT4nCKrd
z<>qw|rI5K=zzwcwWb(rI<OGyaeJBNAnn(SdEdbBCCJ36Gw8<Ky9p>P<-$OfrQ8i`n
z7Wlo59V;zSM$sUTJ5pep{@lGCjD9TF#x)p}xq=~>s~<5WK6<Y78nIZV7Z3K4gshVg
zxvrLd^FT@9^Ri~d+nN)Hw;sOPmeOW#MBR}X&h=)(_IS+`hEikr{4b*=ZFxCZZkpi6
zq#2KjPir4pYgU|<W+?eM)lj;Irz*py4dQu!fIxm%!I95JjpThY{HEWndt50_)Y&PK
zw}K8ICm}=|<+AOy!@hof>6>~+ydhBa*>DAGvExLs!;&H82kBn*T=gtP_pe(2-0%gm
z9~$~1b|v=>wEkJ;f-)PVMSpEa+PGL5y5P(B+X(Kh3vb^wGDvg_>d!lK9pCO27X5JK
z@W#aq!XG_~)JgA<aQlZRsjD{R_ph^}NyWH+kd4m19yHfWTG-X}zJHjA;LZ#$v+#RZ
z7)ft#v*3%PSB=mmmy$hEb}tX@6$jEW6^p~Wbh6xB1B>hGM~(;02JB)PHplYbt`xY=
z9)Qp{?EC4SBV!s$eVIooT@?w#4d2t-+1td!cgykpR=v(*oDMBlYGiQB^51p%5({bv
z<2&yXt^rV!-)*UTrK4G9oixOGxyraoT;PZ6*Cyt^l(~a_C8nypLc*;b9puR$)fD-+
zb0TVK29VyO4IXbqq*ttH*D~WbW#4XFh`{V)rG}FE1y?&vG1Ta}BUIV#c|DZ9H&<z3
z@=G80YHV3kvzEVm`nnOw^E!%Bmpny^R~(UQO|C;WCJygOkn7RS?oD-e>{oE|>2<pk
z`Bka+4a{Jy#90Pzybci;_&{m>fimCIW*UDL!HKn>&Vlz)KMdorKZ~IH5K?Ua<cWC&
zb$sKD?%w}?yfxOym3HN{c3GgPKDqbXj2;9#_3)7R6*ib^ybdQ_Pc<Xz`P<pMna3<v
zN>BtSSVeUg5Ke}%b6J}|=minlR!B&LB9L_3+$0mNZGRDP+Lc+T=?H1Jr2{Q5@BUm#
z&1i2v#{e`LWx6F4o=wXQ-5<2`@Rfmxt67Vo%ANBe33k72;C{eG1Em42LeqD-bwMcs
z2&{;oCO-kpC1iGT-|adQr@<K9L*6=w-)3R%GJp|}^9EZj%A-WV^5W;>ZN=!)?)d%t
zzK0R^xiR8U6vkc|==OZ=KeTmh+nhAKc^N5@9ost@pD(*O(J^DqYwW`_A%7SHF>(*|
zX)N&D9J|V=57|8+#CJm-%hR&<V^{R_;usn%u1s-9uzu}egq0X*(b!k%c)(jXTK~kl
z3eSF%BMBy``A4H{F0mNQ>tOPPJULPHNdi8|Hw*PTsY5$MH_*T~vb({7AdhGr7uQ$(
z?D(NLnVT7#21W$}1D!W#Nq*|jyy532zwEujT#hQnhOeZ%N_YqFJmh;h;jNvNv|q|Y
z3hw38+SIi4jm#h{-_g=?ia?e`LuzB#g|$0#<Ci*>JlzjA&iDr*J+;qb@5ZS-Vbg9W
zMrU!ey<5`FOys%p*Fth*xI=WP7{7G?Qqi*b<P5vr?}D1q7>nM2YlT-2;B)A9AKZHv
z!QI)YDGaU2LU;G`Vgpbh&R9od;D5wnOJvW~9#h(}umv#K-*$QXX^n7Ey_6W?x&Cny
zi0pr+`f2Xd?K7OJ@PdC@JBcff?Z*~!Ux1?hLPqI^XNmFtk7Y-|H6QPAzRfuIz^S7V
zn9u5SntZ@Eol7STI)yShdvp2I4ef=7^f+f*%<XDRjMr{*ZPB+J=~%v@p|(byOX<HT
z;kTv&Q2p+-PT}OneMix`R{oyLiBdXn!V!hvk^veWL5_cC13P~yRLZwqBs?t=rX1pC
zJnJ!Ug$dBF;A$v}4@&decRW%j6mzNxIq5wcdW5i$){|joK16Xe?|ojfcf7s{7>;}1
zB{6Dgk#e=O$j4n*p?DG@D0qbO=y{$}yNu~YG*QU2{~JlAeAdDp=#diDWQV3gn=~HL
z!_g-)N^Td-<sH^>r4N4-vc&&!<Fnt=2s5P)F^QVKQ8OuEC0$&|w~5~E4{8R$@188*
z%%s4MhdZ9}y!YT_@MZbC^xFY-8Nl;>4XG=<GG2)npP(CJ;`oPtjj;zm7lZQsOYg@R
zXV);?lxW<M3;5`$@^`EDz7Q69`e^-ACzF@ThAc|QGX8&mscI;4b9JE11*mP^9}=DP
z9L<_$Z1?VmxUOHs>Lbqz7gJg6AdbgAuFAI8UaEhOcuaHM?=kJ&$K3Bpm%Rs2@2vcL
zJKH>-b~I~EIc9F1!5TL1y+5Qyod&w+sBe~L)hc`7%-Gx2GE=n4i2F>(A0M?}8e*3o
zeyZnS<+a?@-qv?cSg*8G-p9{7HVog-w;wt3wCPg6PS@hFPba~f-rWC;oj8>4=cVVh
zryOIrZ$rk-ZBQ8BH31ymbd20wquzA6gy|Y~1N%+67Z}IE9dvrWtgrdM6_s7{1^BmK
zZ(jkY@f_T7vx5uW1<U6zb*aQ?p^X^k(u~FzM2ur1<&B?)c#VJ66C0`gOx*T9ZUe8`
zxwK`te#+e-qcEanz-9CkV7|J#@HhWt>Ezh?@^^C+JIa3)DRX8hvyJkSUt}%=7N1qO
zAe`OjpH(bp7wA=fsx5lg4wrjYK5g&p^C@q1ry$7L>M8Me^Js4zjh#2m6vwCoqvF*!
zY=G`HEl65Wf{81Ym$6nl_-{A~%vRb}{LXX&(P#I0ae<6uoXxUos`Dk)k5}VPWrvGr
zbhWAruR?6bK$Q)G^eQ(2>ZfMg9EE#Tb1#*9#YI+AwGsXWtM0Q+G`jPWmeRYMXU}H4
zUVprJq#qnQfn9}JWl0=kxHkuh$6rtapDI>Wp8;`S-+tkd_#?#9^S(#lGd<i8!@p!V
zWn`b#9>X61iHwJb%Ci21A${Hu4byD~M>L(itWgx$pFhBQhzfmb&?wt3s>CZa^S1{U
z))outX?35y?XfUz9xV2m@N1$k8LN1=J%a{Z?>@kJ5EB!>`dhzDeM3e@J{38K1aK>e
z=n^ydDF&u2_TitY$en!)PI=P)J1LJxS}+}iCUB08j68=`2K=tqzm;+_D1V(EB@S7M
z;@brM^7|VX-rdb)@B!00&TqXLBf!V=OPd6q?Wz?K!@VV=(clS@#^d?D<4PIsC173O
zJ?J|zalwM(`40d@^OD(6a^Fjv?G^MXRV98yNCm88B??MO%up4-=n0uIk}XdFjsGp!
zb_{_|(KMjgPb%*NLTJ1)_pPi^sXUk1Lg0|QCZ;8vaGBA9OYc%pVX^uZCPqz7uhwsW
z4=Hae57EQj3yl69DD-~T_0#XYG2O#7VsUR(lrbVAVj8}>BU<mn2T;Ka-^vCh@6sUs
zToHgYkeD1S&7)lu((|IyKo14!IvpgurQY*4HP-(SNtQ-85XyJSsL{YwBd;BUzmD7}
zhDKbtUHCV>{O@UCB~-EC8(k+yz+wwm{jDw&^VS^h1tQdN_5$9@#B(~yeWF21!x5_v
zZ`*I`(}CxCH%tLi0`pe){Of?LG>wc{(&mxCh=>#TxsIJaoEQla1Us#j2pY2|$TKn<
za6eKcoPd}p?kfA3UdllG(^Y&pJG^Kmw5wmU44+oiM`;MqCK!8tlI0Te)I;7+a=q7`
zrj~~r=q-Kc0_h=&>?A>RGVc%TkscO8Q6YYadfn!<Vj1uj3#~s}QOzy+-omePqB^A;
z3}dty9Y-yEe4;y23{lrbd1A~+DKru-IQlFi`VG{MhdC^d83~Drxs{vjdf{9JON-@w
zqxfEQ8U4#3e1x?D{8Lc^z5v`#c=Ssj_A?_)SLi$<gOOyzLPoR8@RO(1C6BB2R>iwf
zuuBuwgs}e2C-vRar}4RijB?DzQxu)sGiu(q*Efr=RM<_XdV!7-a$^anpBz1n_yS%x
zbTZlvD5nPuy<Ml`j!!Jt2V*_ey+3N{!`n@M4vSdbY&Lw9Sy%NH+E?{i+g}ackr3JF
zf;0(y_2OPr%&|#8FFn=l)mynRT4Km>rHwuG{JFK4wF;Mg{<!~wR9M%_D_Z!_G+?Rb
zg8MhZG#Wco-k$QSAP{=-P<?A#YVmdRcNDlStjzNb300w-?#Um*?d^yT6^sUUg5k}l
zin@y>oSPY%=mcBlzRjt~!c6P>LMe1z-L3rbU_3CEX(p+7T_GLWjRHA(Vm=SoVtiMy
zbpPz}1ki#{I!OJQIIBAtSP>B3$SHnyaN}R@?!uL&pTMAJC@))}ej|-=hV7q%8ZN)T
zd?i`$dx8vJ&!%5O65Xq0C#?LPqkb%-W;#D5ftabV<blcX@o0bI_eP9MiyP%`c0{Cv
z97s0+k=b#P`>Mw$xDIVb;x@q=e_dF4BqoAKk!Mymjj~fF_b4qQ;__;}6u^NEzfPua
zJD-HOn7W4~&dk`m6u@-NYRPAo$!ngd!6xCr1CP$h3)BEOpoQtMU>#RPUtlEf-fF(A
zv!P$86+X0(1$D(fAHUHs?v6{QWf99lNF)3CJ97AR+#s}3JPau(Nf~asL)+VcMe%4W
z-fwHKu2ggQu@-5JcR1|r=3_eiL*Ye%?zjB&B88Vx+lsS9U%ZwdE^N&zlgS3d7N0Yf
zKtWu<B6O}xuLh!~L}R^_v(v6=#EobC6bk%?y<9a=0RAh39ctZ7tIqKS|H6S=A<JYi
zoCe9@Jf+K{dOA+LmLLWPswCg+((e5u088}L4$yf-Ss`qOyGCtlRps%oL$J-!hDT(j
zE7ti-1*vu-(s9A-pj5dtkB5CPYosNwo;*NZ?eD>Rbog#K3U_|EA>8o0S@ypcv_}!B
zhAKf?4ee0qv-&2g0B4Xs@n92lOX{0pq}R>sI?0qeC1~&Ej%~g>G$NU$$19^>DP>mr
zNa3@x>E6_3rR{R`tfKEK^Xshfo2a2DDf3#OV{k6h-IkXXzZxkmY@#is_phkwMe7kM
z))I2{9Q1g3E@qQw)zghq&^=O|Qt#9$S`^l;P|(eh$J@f_(IEzH+m<mHnMB0I^F;Xg
zav~x{!tnpu{_%`@Q9yhDPw<?G2#Ija8xau^?!f?x|2ziCi;SFz$g~?75#bU6CjUP}
z{%6MiFCUEK9Q03E@I(un!5$J*l{I^%2LZBzGmJkVt+n#acnQA#yG{3sXaMEAZ0bv8
z8FyKS?+SMlar5V5hZWuJ%p%4%3vt2nTnAV!yGP)+T_6XN)q%T^(lo<i|5rXjVMZw|
zq3DuerrSk5tVHhOP;yAk);iIe;cG^3(y<WwKh%H3YgO#q^>Y+S5M_OPBCU3!5-bzi
zC3NwyX1zIS!EWtxn2W*osu)zb>?CZh2zN@|cIiD)05Lstx1s{yPLs6Qofbq2Nlwah
z3AQk!cr=)&D#W3atn7y=VSdtcF3N=$`o-hPliwRb><(p7jQ=9b{x<9Nf_w|W@7{7k
zxmYN6mn(-23=FlL70P3G>IKJNl4i{p8Iw&$KT?RkLY?$k1|=~cxx6{OTARm)wT?_1
zjBd*ID5oTnM}9%n$ixV^Q?6%Tj!sI24cI)NSz5-c1{1=dFyMr5kNx^ajTz7IWgFg>
z5+C1V-$KYigYZ}erdb@!RKO{GhAgxZXKp<F{9S{%e%tq*&GFVz-%GCAoB}dFJs{eP
z+f;Y-0Oc>A-zEm6CqJ%`lpR$~S00WMEu9eXxxsNHUcir2G2P?0)sy^<&xBw<A5k-f
zSgz`~aH1ADqgqKRdGVGBMB$0MTOzfi)t~UaYxx4hKuf6TWetnlEbI(@hoIYf?Ink%
z=DxqFapHURe}zOAL7l9-rorj#4%B8y4ZDT$DF@ZSw}f={MO>MR)FLlcD|bf;kPzN%
zmpu$O#mIO5?%SAaShXfd;VQ>Gx2}rVx<^1p*rpYZHW8Rg(!!6_WOQk)^p?H|WDqO%
zoqtTL7iWRlK`oV4<rQ%+=?SE-+I6-y!Kz~XTb4nOqq%Q+m~Cd}04Pm9{*hwZ>^X8(
zxiWZ;UK{TvM?+9)4OpqlQ68w@x@5-n)^%>T&}BpKX@x(`A#?(@zXte}_sB3%o-bV@
zNGVcLOuUAgu9Q@kpj9gSXvRen?>-Hb_Un4{v-`7I)F!T2UrSy9^*dA-qNSRJZ={S#
zx;dxr?G>-!&K0gI9j!XfeylqUkC!{rt;qXqTY25yt$QiWlxt%xdRL@q%IbH?@e9Na
zB4X-ffOiUZv8xd@Vs)m_4^eE;m?V2;Q`6KcF4({5Rccr3%`1$aM;T@}8qVd|E7q81
zFR{karB0r&b||+BvU<KNsj9+&{vK1Iv1BOYCwY39z`@O{lXI)ya{@atRZ#@DWIUn4
z>)$gIHGRSuZv7`?1H0==U<Y|bZB6dqJJ8UGHWvdf4}t4qi)+mU`0Z6V+uAL75@$gK
z+iv*dskWkHsw|AYCJZvT^JwbvR}6d$RyI78wM<g>o0y^3znMD_TMS1kY@v^32SFlO
z1{P(*;@XvS<tq-T;VVXCfkM1D1A?n>o<Hc@%pq$|Hqi%Wu!1xXI*bQOtrbyZdqX)U
z`!CJi2Y2~B>&Ue0y<cE)gBB0OF%AIRcn)L#1S4!{f@{wyCr^<3?rhmG8GYHWXl;AF
z&#f5G?$S@rT?!o@NH@8<p~#;mhxQTPNI6t?pJ!hRtQ~y~5mJ2gBB|UrBQ$M;HJTn6
zr#qjt9vW5mGoniktJyG~kmQB!-dZT#*o{n8sUaWFgA{!`_pvqov#VmCZH^T+?UJfo
z{&JqS9Z;z66>M)YT3ZR&B$}4Pv)5ukTvDDbVU+{5>t278*QEI(`!VL@Oyej8!D~aG
zyQzNTB1_{l{$&<-7S<S!YB)2DEz`C~tiw}<QG>Ta;62fD;J}Cx%pG2DrHchHOs^Fz
zxs)BW708W?_I4j~#XuZ>lvmr6SPg4A){QbJcOOZ+4<|Mrkh_??j`22^9T*bkF|>*I
z@p)g9lL5SNZ?Y7Sh{@oF_<fSot}TWruIL0h_oHce*Fj#2gK**jq34@C1c7cKHT;=+
zz(f(f@g2&opeOm&i=a7bskwp6n+o9e#SX^Za>R=_&FyUp)1E8na7_4S8jmDFbMZ&2
zJ~Jx#W#{eO(a%?1Cn7)QVh-|$$-d*1@0$YT7@qB#Ckx~;NbH%8`Bk}G#ykhOFIArE
z_CsL)P@8X!_YQiNR7Y}Wu|qWKc~ohk(&qXBYsONurEPeyN(CA%E+kgPhA_cZ?!*OZ
z^Im)&jX%UWd_oW;2C|(Q210|^$Hi8loLBbJ(pxcBra#z@rr&VE%^wD?QnyF6--JDY
z#i?}$LxQ~p{Zh@yK^6~ENZN@x{z)Uzc@GL*^ElE10DSk)6D%FzyjK>B8DYbcw93es
zL6ATLoR~VjlN0U<D=C&XzgFNnK+nS3m9VoKPMdwqrD$bovB>KX*>>h5$ClvWb0eoe
zI{Y$iwg>!ASp3Ltn7`3c_E&7D{uXSw47Y*QP+Dbp@7pj>n*W!-@loxv;qzZ`<ke36
zQ_)KUCsBiDY3;!ju%v+i7v&!*(wK5|5BtOC{=w(?df()K3u&;4OhUr+4b-8vhO-rd
zM}7CZkay`%Swh1TK74*#XMCTJ2KqhXgNR;Gxjk=S_@6t~5_M~dhU@VoejmIw{$fWP
zd>D~1cP+!-v0)H^$B|>EuOkYFuM9$R#0kqQ*Os5KqKO=4lpU-!Bb#qI!>&Ca-y(IT
z=g5ZQKn)GxI6FhK%%5?oD|zeiRj(V?Y3}#ejOKI5GAG8V(+)OzBcsOF%-bHXqPE?w
zw2sE(buM|z_M3`r1Q<KFs5RavY_w&Jd;R4f^{>qs&8J@v)w(CFR==iU?Ry_ObNk=l
zwgb%v86RYnys3O{hR^W+aEx9i=`{e%1q)e4&;fy&ey{2m)+Bs(8)m#WZyy@1=5#e*
z2c1et<qotOzT40l-z!@20$TI&?YnPqk3Jm`n4x0D{QSV^Pg7%{j`+gP{a=t&KJV!^
zKkV?>YqcUf{aPXTrum_4#|4ICo$>o@YrPzni}V=Rc%LUwW_HyyhdY<U9Tm&*h6=;;
z76Mh<UUJNDX0<bCO<JUAG9t==ps-$vZ<+_||26UUeDFmtG`&jo+!sMFVQVb(wkhZF
z&hfNg4n>xR=k~9eWx$BF-!9c9CbYA_wxoIYkD%Q_XUJ3u^s+5AR2F((1GaZY)~HH;
zxx@_BS#{sAF#A8QjsjAOAm7SXLtk46aGnf>EZqK2@}&(9s|Aixe?ypru5eQ?D&(r|
z>#(KdAo_IlDy<$k32BJ&I3w%ArtiPzXSdA;`w>j%73IDo;`MeUz`dw3j2CE9)*}dY
zz7}feB}Glg3645>?P_*lK2@<F*w=1HT0^>7Y&Tb?j8VGQYLj;fQM~3Xpw9_M*G**;
zJ|!i(JP>A>@RhL{)@hhB#n!D?1x!^{FE<2-D^PST8k{g%Z6T&LZFdq&qprsGE2i$h
z9NYD07sHf2jlajC{B@$jLbTZ=p0KG01NzyNv*#rZguRn;s9karo~zM4`7Qpv6fWAJ
z1Uzg`focsnm>-6=0(}@`BjY{bngjIxa5FP~!NEFZPTF%sJb2n_c92R*foCLTk7$H5
zDsg`^t($>bU5)Tm>0=r%eQKJyO2eH<1XpkcO`R!+>#YbCEy$K3miAo$^ZYO^o0>!l
zc(V)s{b1>3`Je&PcDt|%`f~|y^>~up*phXx<S`pX^*97O6y^-}y*Pi|ew3N*$d_Ya
zpdk5a!qc)*b1&&RfAwl)BV<k}g`Yn|P8T;$x+J^CIR~-*g^OnE%HCr)B5N4!sEo|e
zaQ0F|x5>7vD`h2I{ehfFsR*cq^}tWp?kT~{o@eLZZX>}#SZvR)M3%;0{Q>Q4?+@Q-
z?~kcI<%!t2DR*hm`g@{qCsaRZ)<`-brzfQHK}Q+y*LFj3yhzOGSPFl$x)KP4xfBYo
zlPvB@S*8Bxv)W*b(IJN)`Pn_7;arE9TUFUR>WE@kz7_6!h%k@%yrQPjHCPo|1Q9Wg
z2%&J!mZyDelb0{~y@JonO!MdM%N$`KbDgi2jStR)17y9mE>}uwCzF*FkyR^wf59*%
zxh(bXk7c|vCM<=IaRR27tJXwrSK{Fk9#b$C-NS0=_WCOa>=JmJ@c5nTzP(r0nCl%Z
z=@i?<-M={&F?}XNB9~?gJ1}rb5ZRK{cz<6jZg_@|g?p^+2e}Rj3|`rKhGx{+hy^ce
z_`z~lVy;5xC)Cb)=fV)F#4hfCAUBg0TH~Aoz4@5=@xU26AUMoz2UOJsqP)>BLPrc<
z@4_XHHf)Dw+uA-+bew_4&wKOSbk`Z*Azi4(?Df=ZL^Npi(tb70)+=l;KqA?2okFwy
zP+-;=UzEm@=6^j-uQyf~@uor1ndgMTPDuU(Fa93kt7+F*rF_|4CEhFsUqOWmGf>!_
zYi|eZ6De5D0_0ZKz(#}|^GV+>=-GYuoH5oeZDee0ss=pW`EZgVbVF~t`T>BCJ51)E
z2Wec#hMRX2NORVYmzbKj9aS3?w-blJI?RHbQ6HYe_J1tY=S(CpLzeRnJdS7)5posF
zaL*FZk+xojSFTA83(d+78>ZQc^?p!pJ{`X**Rx{9uRDG^AL+$Z&RkOA3>L1^f^nJN
zLBOA8EN%L-NP6J$MqM7cJ)d4!KKHeEDP|eXp%W6%ls;U?pMz2Z;iQheM%PNyfhyaN
zOsKVp)TN~YXAbajj#|-0OK}rlJmPHS1P#SFtz1o^ep)_|?LdlKxadY>Wm=URX?xJ>
z%bXFbYgW)((Wf)LHA9ydPF7!`#?88xONSA*T^bV>()KLO1V)vJt`W30wGXDknb75<
z@M>cr7@k*$gU5;+VGmACr(BBbt3w;LyK(Jnq#hue0!-C=F#d6x5i#?<Y}NUvD3zK`
zb@FjB#%VHsGi+i;!<Ge$1!fJdYJh^unQdwg0F_DV#(LssW|o%uAx&IAQyD`|&%Kk*
zJXt;0VjPnM&sdm9Cvqo7jfktD{ifrBil@C7Nt-)J;MDu}h(deLa!_NF&HKAun*}EE
zo0Vd=W(>|10KPE{jd+dt!#_#%XhR1omUSAjmNUj;M{nJymR>S&ihQEU3??NLYH#nH
zVt*TFdSLYe{Q3ONG|gk}u<dYNvdvWps_Ok8AMPYp98_&)1kQ1c$k`Esh8|k)Fu1q^
zw<UyK8XH*B>pv1fCuKVQpemHcjC$4t8@EnYcshr-N5YIbZ~=gUf-{N4#(Cj-h#2Q0
zK9OZISp~2tmaUKIoFOYQK2kj=+>;|KT5rzDrouL))`+Gm`*lAh+RJEao=pOa{m0Xe
z8<<_YC3e^YU2jVDlEf+7w?<Q4opll{xnQVs47&is-k+15e$+KQl~78Tw_Q{sBGnTC
z6FHXIpP?=OOHna4Yd^7zOVJ+oW)r>E9>*_qEiF>5{${Zdo>&Tbx{?^U=T|@2Z6U;#
z{ng7(`8OZPLeVixJ_K3&=<A8;3N*}eeGxqY7;|m&D<BB71_-OpzbWTqA<3~J1!Ij-
z!GH|8B*pcI!)Ya^rGD4d3vz4U0p`MzO;E6{d?h4gMT*Mt@&9(sFUUl`D$?*tNqdp6
zlWP66xyw@nrr@0KJxN)ZloIm@YC(VzJmS@?1VNecH2k3}<DL(Q7>a9h!P#7Lh1Nis
zW1k{2#1u8w#k1o5^?MymLkSATBRE;s6<a}>g3m1a2Npe4#hHn(L_|sFMOnGMh{|}W
zdC35}g-H8G4667ySA>Q*(oLnJN}ZjPNYjjW1`A=a4Ux8@@bz67q7!?eLiKI9YEx2I
zP#X5jsW6|3w(HcSN%2~kGvaQX+ftpaRzTbeyCF*qB4e|x43?OS;z#*1WyU))1TR7v
z(rQ8m=3nk-lkW8p(9zp_i=K*ohf&Cn4M{T}X3Qcro$wxdPr{VX=T|S)8kR&0_Fj3d
zxM?-5yAtgB1h*29)1?hva7ltiD<LH%gwz?LIVX?x%*WzEH1SVzz_1uce*-N{1MOX3
zfH<~KWclf6Q%Ie77eNKs&&b}yKi?Z?Vu#CQw;6UNs(s`P1eG%IWakg$q$Putx5eUp
z$m5pZnx4qGl+Pd;5OFO-*vRnO>5~@8qh3287dsF}t&$+Znc!PFq5@jg&WwWS_>j5o
zxNgg4$^gh$UK~Pn0`Z`)DGvntC=%5It3uaTCG9nBJDYQ{%HP!&J<t-Y)En1btH*KA
zvB!<s<PfZqrI-p)3QP3kuB^9*4rq{A2~>)KC;PRLil$4f&7M{aDIKH6Xf+jpip+{&
zbV#d?+m7-?C-GQyfu%pCakAPpD4B9TK0e#Gr{$&~1IYH;tHBjP0Db+KC5qy`ntbIc
zrIxOoi@q%5r<QBw)u0|hZSY;FYYk+&xexa3-5E@^RlS#=A(sjkRykU9Y7$g^>PMv`
z@zcS%%uB_K)qO;)`ng!7ygpxTiK7ozHGaLLRg+g0f|Gu1G(&tvC3bC@rNu<?_|S0q
zll+pftca|5X3wS~FlI(LR{g2@NeaIyOAe3|)lyZzLT!b<&OCluKO=k*nc_-FY(-X$
zbMs|s6^w{-*XbgpbqHot=JG|u3c{JXN2V`W7rjIclWo^W9Y7UUtG!8i5wtsWxPk15
zh_W9gpc?IeuiToyz_1$(hSlve<pe6sy&h?C><$R_UV>qpI(P>LK(xE@zhJ^VB?po?
z4&@QAYLWdj-L4SaQwB!Fa_foYD6c#sj^O9YSm}EBPNj~J{RawU%r_Yiu79IQ4e8`7
z=CNz{#WssOkG>aAAzW98y)<>bD}vCzkkS>jM~PEeDcq*Xuh1=@Bs@6eat);y4b626
zWyr6YFV?-387@C=zP;1<WXmn(f8=)6_pTC?TvMp3+MGJ&|E`|>qiS7gOGixCQKl0+
zEh8?Zvl_)rjzMtg3eV!EJbG}#`F6z`s2p$XI)6sF5V1nxN5-T|q$-wacW+Vc^Uih_
zWue6cUZUqoG`|(@SSN)o$ooN$jO;63jd3%_crg}wlA;@%%XjxnPv3U1cmb-=YDF+a
zX(2KDPe|OFoQem6M6v^0sVU)_Mm%|LNG{ipP*3{P2aqGsCc0>Qd7Vg5nSJthO>(pO
zQDKoVdBZQf1`#<@t{@O&G=K~&^s)iD!ajr*qo^vT(Y(-n1-EHJHl%et3V*=Mz`~m(
zP6ZSJxkIXgd|WIu<5a{^|28Y4rn-!*`f1K%TJ~NsbM!x&xLhWOyJ;%rzDhy(NRD16
z#F?nWb~MS0kE+KSXn8--NQe*WgSV<6gOSWfuNM^gLh6t+RGbGpn3<Byor;XOX^u)Z
z7j)Dh!+2gYnQF+BhHi0sH2pebejdRl2bJ)5geoBcOMk=l@aR^Xt8sJ6kjh_l6}k$+
zl#gRZR#`EKuds3H@WR{E!Eos>!q-F*Jp5gMz!w|e7B=dv?oam@ZNE4ab28aVz_{70
z2X<8Px19zl{lnywI0IQlFW_;OsxyDKI}yZ)ZaJ<r8CB`kqsUgAUrY?QFN_!}6hNt2
z!mC_^aU)Uvb~HkDRgGQ6kQypB?&vpdG@3o}li*VTWs82-k8&az8FilCWMVRzF@7%r
z6Pi(hTj%vos@O*#9=wnmv=%lySdCETed&LqLlCo>Dr?cAF)l;er3EH?@=$zYBQg1_
zz_BMDi9AQiJPd@8vAc*Ku(;tx6NAg@jtopzcr5|X3U0fEac#xZ>-gV5XtRCk(i50?
zA@XxDf7+ig!{35r71&lkZy;`F$lz|~`=@?WhA1?_RPytEQ`W=CqXG+-TB!3{gT2`3
zMvw1#N7wVR#Y!1_ZZg5~LcD_f8jimi>7gCS&GpCg*Kmi93*jZ)|GlzFe4*EZCH~#2
zrwtyNhP%1ZXsY!3z+X=<jPDBX`T1Td`LF%JxpYgvb|=!z_`}!xo%r)c17ky@@UzRF
z+(mh9|2dq1nC|f$W{MNU%;&8xpkbFz#7TONo$s4_Fa`mg9|~NKMrcC}F|O__();Bt
z8fU^1LN=T;<0(MN#%qu7{c_2Fx0%l^=E5voU>77oO>=YhML!%JJu#Q>%|5<d)0;8=
zErnh;8g!QQ<zU*3j5z7ETna!6?;pKfMM2u}<@-E$LeT?B<8f-)2Eiad3;nWShl96D
zZCd+oqZ>Js5JaThX_WB+t*3PyUhGZf=dwZj{<tm8*er`G8wd@{9JA_uk_TW1yXg#+
z6|bAU9&Eq7q`W%mT^D9+NIvUyVo9jO==nIMhHrbMfB($claOQVwP5ZyVIJd^Wz74T
zI@yLB|MhOQ=_mIq<`de0t<Q#4a!H0!OJ|gUwtoiy8O+c7Nu<fPN_;krHa3M3aF*8_
z0VdmkYv+2C2f|;kw=UJve8{s{4t#hYZ;%|6-D!O0Xv>u#ToL$ti4QZ}@~3Ie`>eu5
zy)M+E7ys^ou&^(rYU~?wn7O;lbB77xuh<QIKe&yvKTQG3`87YhV+4r_TBxfw%?6ti
zx9V*#$qAWY8b^|i=HO}#wtX249Gic*QMHtgg(Y@*eaq3xtAh~bLeqE{Lyp1Khc#ay
zy5ONbQ0=7=v*c_`-B%az!2UY8inV^-_!&3qY-p*&ipA(Kt|_qtfObCS3l&%MGGxLr
zWR>W}>9@FpLN2cu{A>trJI0VV-nNzB2hsYY2gH5ros|56@{on=)is}E)pO^9g$w~R
z+kQB$n|BaLJ0GYyUgj8C?9NqLw4HNRU2>m&Htf9=hseppKR`I3`(g!{eKMgl=Y@nD
zR}qJ;y7;#;)DTs#t9ilYG+Ojk6?-i^B-_>S#RpcK>Ko~A-t{iBT=ZS8kU7sw&6r1j
z@VmC+WbFZgv7Y7!OXA0SPwK#sYCR*T0W;k3OR)RT%d$HyV`-``D|hipZwvYyZ#VQB
z*^Thj<u`{mCj$5%2RDNNMb0KOEN1bncmX~psQXv0-9RklFTJXJwB6IU8gauRYCt<5
zPLH<_f6m8%&!+#BLYhefdU=ltfHwN!p?dk~t-*mk6M^0sZQIikJgT-E*Z+0E*5foi
zlaX~PvThANbKRLRX8v2frfIq`vQPJVG}b*spJ`V%yeBBkfn2pOuz){Y&lUJg$E=z+
zUiD?8>mX`lR619SgAq<|tvVM}(-UHzM(<%-j&zql(fPEO4pmLz&vv=6YQ-uYnPE=?
zUfdr>1af?Scz@KO-zyOjEXDy={PvF$PAhWzJx#M<wWBk_dDRxR>c<9)#1U#2NvID|
zih{sY!&j-3#Gs3^gTy?2gBEv4TlG5_VzGiZ*@sFhUr%9}w*q7qC|l=~#1(Q<{p%{<
z_{)Q3^s$BNa4R`MOV>Kz0p_nXW)vbbdOeGBthbI*!?8V3cs`yfoCM+zc#G+S5is>$
zNeSw8fW5h^6Bj+cRqFA920q2aJ%ULm;1u4pSJr#mqx~o4=w5MoB&&t>gmGi}U$;9R
zs2Km<6y*OMB+eEDBLI8n&s(N(FRXV2#Vi-%QukhQ(#2py!k-X6=rLU0%;Vb~zZM3V
zbBI9T^TS`cnE>^^tHkY&p*X})O-z+P(Sr)8^y<uaGE}2RZ6Fl;L%USJ7Yh9MXp~~%
z+n#)@d~euSM%auWD;kG%ZI|MYo&<i-Tp)kol*;#t7pvpL_opaEsN=Uo5KLl4q<76L
zHXab#dEW88&l~&}s-i?r6tm@6#OFh#a922gITu+{FU6I6y^-CH#ssJLKFUnx*Hj4|
zfGh_f*$&4JtXso6dVF{#Z+{^dh|w6ZNTx$%3An=Q<t9dLFnGZBw2X2V0>UD?b4@z;
z>NE`!h6Ut4)MQ#0&wxLKp(~AZ7lTn0_v{ks)5hije5Fak)n5tnVZG`-7<5^XU<{2&
zA$vC35ft<^y$dsbL2P0e@8Z_Tss!jsTF@^y9@U)w;~WSc=_Ohf_I2Mu%po+`LUTo&
zRXQ`XaY++)ta{+A;$l0QMz>Wa4&ryu;sBb;_EbrV@G*FmD+sH{QE#HBp5gKx(OS2!
zwCXfwTj&y`lMwA_+MB;CBvz5(Z>`1seDEGZclihUe2F=sq%uPDjf-|%Sy_V1_79m&
zdBhD{s)7W24)bAk51UI~pJ8&oz2QL;wkvQmaSlWcj#%{XgK(Th?w{G-JHIYs`EKXz
zp$MmFX^2OcNkMtrSJrF56O<xzJH-X`Zi+xE7<>6VM!&9B9KU7rqUT{Q>^UX&SuyhL
zuKJX_<(x#`iub=4bm3wsTew#PV0N)Y{n)uG7bw18Cn~?=0U+#S!TkO1wRFzbBDV!}
zVqC>11Gw;Ss5c8wJo_YQa}vVy=E62jP%5Z5|E#&Tz0M)kmGQzbd{_}rw?OT#q>u*v
zo{ft0L`?gqxK*<x(c{iWTylVeDB>ap7dlr>2<6tO$@4Ev4zY1A0uSwPnf)KRrJgrL
z{#FPFvr)55yo#h@%5t@4@gUotO@YfEkj;;@GkVou1dZpJfwHRP5&h?HW4@hWIC>fp
zl^oAa4(iOz!EH~PFi!}*!cXxdnkD2ao*+D9IK0k^+X5g6S7pWhpNx*Av`_H?Y&TCk
zXcMuhJXdp2thES{8amCfPd4dxMbT~YeQoD<^BA9S2+~qbN?H${sG!?BRq*o9)5B2C
zVc}1$d#u+_FL3PO`8cNBS9_9(6M+-fv%c_tB33UU=n-xdvr3pqW=w=I`?)UY!ezV^
z*?hFP+Uu<5jD;2`0)d;E+PG$`Zn)-BHSW*^xg0nBw{ecgP51onZQxj59Ne26l<!w~
zwkDs4C(0SfTv6a?H|fPU!CpZedN{{QlHZ^%<mT1+y1-)_$HOib$ziO2jDRz1o>8Ld
z+gew>Ngwce<D&a6>&J$BwMg!lR{U@PAO#efDI#H?HYbSzw+myd&y|v^kC~DlZW`LF
z8A1^f(7uhs;jm9W0N}2Jj?&Kn^;hZ#dy74K;cP6H5*Lvz`;Pp*m92VXv0qh3lzvY7
zFpoM}u%)oc*XyrI4m0+-5x{u&0b|QQ9Ok>V4RVfmlF^h-m`n6fVMr5VVkure1%D|I
zRIO?Mja<QA_aF{NBZ0kGWB!RZJdM0bJM6XwpU&=qy($Axp@;DxXY-y>n5cEai6(-#
z-B8pP9>nuQk^}o0pi1&2g@{rAY<F=)Kw@PCeZ9UilH#Gd+W@p%3_lalbm#vhm_<vZ
zh%_DZ_Km{4@sbjYZF+c9@TTjBCcoe$y6o`tYGwzBoX+yy^m3zqv_r~L@2iwN7qOIi
z0ngNc&r6)H`}jTZx5tYgDYqmGR2v%sdW{@=DOSzVzjJIf^?(=hY3il%%2|HQ-i=WH
zI`lLQ<$Tj}GS+&h6r_SRUUwB7+jj<B%{-&mg9uymhl1a<Tk(>I17y8`%L~S-u*j!5
zurGBsGk>xhE)#86kD&%m{#XPF82l~`dVF3(^S#Zid^Io|VO{khdM2GsYFuzQF7~}m
zi|KK<K%bW}d?uY9m}87vCf|<(x!>tZQrp14FetZED<=F!pnX-j8z9W)O2UZmQVq1S
zM<qKxGStHecl*V*N|(mQM!=w#9_~GCwx5EWzOGLA!gbo_YCv4W#ep%SpB^6$xnauP
zP;!t?w`VKoygM9yKeu8hA|(cUg`XZWcl>YPl<KR~k!lLY3p*T8v0ZN3YBUi9bQmD^
z|8{wZph)wKQ^TlAj~P@?ilh#d|4}i1dw0y=>ve_^9nq~%oXB|A<@b;D$XG20Ltuyg
zL%bB_ApD=f$`v!9y%~E&e-1}<O-&;kk(b?_ksH6J|6aSokU>T?Q1^!?L^Dur(*vY}
zm{*B*ePt;k!A*Tpfh%5}V1WAd-Wxo&g1Voc(*Ux0zEJS?5<T6OnY5?L1}LE3+n+>0
zRSCX7&1<nXO$`?+&l{x58FfQE)-u?Icgo0mIO#*P(9`zDtKN-(YunMyD`xRf<9$>^
z7LifxV<c_t|20Co+CCATne+6hEEPSP(|LDsIZK)~5wl%`oYdI-=7JT`lS@`j-~4uv
z8RDZcp03;WGGDI{TMI?tP4Gqs>Y&vJM{X{Nu!)|;8uIwqw)F7#15=~pix?mN_Uk)B
z+t<)v4L45sR*1e*WH@pO@`p4Z^oCUX0X(=TgM|)okKIsPjZ=0>0FJ}<3!j7a40#rh
zKNjM63!{-quYcrvG|l<#0g`+F^MxXOTNPXZl54NasY>MqGz5tSe3+q>UHr~JR>Rkk
zLyeA3m>&H$0vv33Mx25v{c`W~Sz|?THGqDw_zI@u=g-K&XE1MKVxk>Vroz{3!@rWq
z0#W*Ig%|hSyp4nLpIt>Du#8hT`!zsa+*B;c!@G}}7kH}1+e8x)@{WqRWNN&`lc#nT
z37Pw_n6xlEbU2_dpcUIgs}V(DpLjbz530<_iY3A1kL$MW9^2;);1L)kRw8^dcm4L-
zA>U+t!+pQKFp4?-6G;C^c}Dg#td+x1S(ya;5`C49ob%F5gVg04j~52I(U!onLG=SZ
z9{iL4jHRH<gyI9h8>Qr$c~`!*Sv=AtKp)soCICNV);1wrR{N){5!<jCgvN37EK;5?
zZ|#aUNRF?^)JZ3b0A;V$eFzHZt^VErNG$RzCtFZj`7JFeYc*ZCuvm`d0la0)+^wb@
z0QP9ceE5p*-CWc6J-&tat*@^740G$-5Ja5SdmlPBW55jY-S+fw65#l=!|**-4;M4o
z{N<4R7>@Ht6j^+Q7bE#)gH9@q;jr^56|$f+I&~7-*-+`YGa>D8pwDqIWz|cTSx%<M
z(y^B9@EUw0DZhXMO+vasPXh2TU!aFicVwq`ds9G(%eoqI%*NIdm$z%~>S~xuUG&@A
zf(76>7UYJsrC^eS7w`x(nq%!rr7S**??#Cw6eA`@R4b#c(;=Nk`G~fSSgO<82!2TI
zgX9_^017m+rj27kud3QNXNVk8-oTKr?3c3lkC!%cCvnm@Vu{i5J~s8(p}i-2u?2sG
z5m8G+z{?9dEia*c!!m8sUi5ix#7U7dj-R;^F(kUV;qy&R8cR9KGW~X7i2>i)h2;r5
zA;CQq;t&A0(M4o(_3lB7Gt6z6?HJu~H$dq9xq<$Kj!&3^cJ-zYR_9g><ScbYyqRtp
zIy9Q_^{bh`$oRPvs$&o7nAE_a)MS%|6@#zR`X-AZhSU}Rdo;}6u<vuO7Y06dc0BSH
ziX$-eGQlp+qEt??=h}T;rBI5gmmI6W&v)z3*&z>E=AxmlnI+?Dk<a_8ZKbByN9hZ`
zF^W_PFJ`B|Re3@x8oph{P-e9I{(!KogZ9PA3LO-R7e?R5JY<o4`?p%1WEg2(Ha!i%
z4<x=fCVU-@K#L$zy$J`3SG~l=2^mLAoHJ!QYTX{OV6>Ohv6Bq5zQ7sweTqu#IZT`W
zb!zZ1)S^DKs^J}V+`hPRNSn&)A@L2qlMO07vT`-tRS(qM6mR4@@A}(39BDPxfg}SV
zEhUIf>P?F%%$_@37K%)6P5I^xaDN4Er4gV(ykd`;)MUz{v;tDbNVX00L^eJ+<RPcR
zAL~$-e|^nx6|=jxpWW}j)1fNQi&5J0@oQS>V@B%>9t}w5nJ+wSMe(eHkyVzx>;EZ8
zoZmv31Z_|QG&IS8@x^Ugzv4M!(B60{Q`H203z2d!o=AQ&5mFvL;oXkEq4TPJ7O{+)
zZz;n)pJiVA$1d#3xKZRiCOw-LlW`{Io{CfqL<DzMAWKLJDrSHI?-22M&r;T<7o<L>
zKPvfMM2hrF=h83w6B&I1{eexf<fmJbNb{s@a1xBKOHX|b=}LS;Nn;SF2E?dQy$r$Y
z6V^&yf~SIBzQ`K1W}f`t;~zu{=RM|1oMAZ}OM&SZi%UYqTltEr%AR>n^0Dd&0?p<c
zcx0u1J@g#GN5Ee58m%IJUkF#~B~{gC_()mlF3wM~u7Yg^Hod=!_sX@3GuHPBBX_l`
z{>?zT854IeNS`cNujU|Cgr)19<`F0TkK!_U-r($$w`hz^OEmL~Au|<1X|ea0xSBMJ
zRK1Qx-}AFV&Zkf*)*>m+oC;myFM<wO58{H_{s4P4bDLfo>VJImuJP)Uy5%a_>Yp;M
zX4%moBJc^RqPJ)EuaL<4JsHHO>wy1*{5ywL`65C#MM1OYa2Iy;<%_4PL45d(;rxt*
zSPy(dxFzHv=4J^cp`4TrpR$>cD=tVHFk#*Ot%|p~9pD1fL##tgMA(JtP?V(ywRRfI
zJz8`1b5>){=gXRLH}Yh%SXVD2vo1*vh}&~zZc6<R>xv?m`)h&&+CB7tzsEb`|39ws
b)weGwI33bTie=#XH_#<1DkoASWDxXUfR>%*

literal 0
HcmV?d00001

diff --git a/education/windows/images/signinprov.jpg b/education/windows/images/signinprov.jpg
deleted file mode 100644
index dccd7e98e2f123b8a1e4c17b2944cb9624e22799..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 22869
zcmeFZ2Ut_jx;Gl6sep*|uJqnJNCc&cfb<R`9Sn%{8U^W1KtMo2dIym}=t%D%y_Zm>
z1VRg;B{%M~_da{?bME(@^Z$SMxzBy>S!BXwtywek&U(wt`~GHOW-u#&yHAzXlmR$6
zIDi+}KL7>>U{UgMv;zP%GypsR0N^I}+C2a+Hiv`#`^$lu2RsJcz`^<b`Rjp;kNf)|
zz{A7ECnO*w{GD#zBD!_+=Ixt=gttj<-zFl)9)!2<kdhGJ`JMk=$?w~L--Z1U-z2>G
zyTpI*!2AG^-NfO*8N|h50o)+N!6n1NbOM;MeZ|L8^qZ)^9ym8}@$d<-UAj$#El_h8
z+kITz8`#d`<KbaT2V$=S@W}A*JrGtPAlJ4cWO1Vqd6$rVlU1>*jZ$Y6!6y3hP4KPT
zRMa%IbnG0QT--cj;u4Zl(lU>qC@HI`sy)@!(>E|QGB&Zcv9+^zaCCC_@bvQb@%0ON
z9~u@O5gC=3^f5Ul^;24UPHtX)L19sG$@gkVO)a#pzM;LNv#YzOx37O}d}4BHdS-SG
zwz{^yvAOkYd*|@z_~aCMhC09aO&1OT_ut6+J7xbu7a5kW8`x)nNBEmAoEzTQgiD5p
z|3H}Fo`N=^l^Z#W$h(^qiV4|OZMRrObr6&<-;Ca-ViSY0AO0roFO>b)2n+s0l>MEs
zf2V5>K#YrneR#NJ03hIed2Oqwl4(1ONzNApS{tD^H8n*g>4ec(P4BP8(M;_>FDhYc
zF9HAv01R$X>lgqmCy2!j1E41A$wFycfDikD4j~u-E$JZ<x;xeo15oFvkP{%)?V-H3
zde;V9V#;`JdHYu*bDz|p*MpZlf{ucbr-8#AXgbza&T9%mCNNCN7X#?w!T`b|P>~pb
z(%<V{J4TOdXCc!YTJpm&fGoGmgn`pNm8+}NrT^CL@x@jcz}7<0I<rM5c%(0IZx0B|
zk!JyqDjsg3DGal&-o&FE;v=$7o;P7T5=yy+0WeemfpBqJ48XDIB83?p*t4(jM_SIB
z_=W)-?*reER=xyot+yb(m=UAQWWZn9KF1iqZQc>Iw91v3N~hKZmxUY#&>n?78)wLj
zB{>EIfJ_8xkzxSyYiIW_kgVt+^#gk>9VBFj<mf2scpxID2?JRB2<~_i@B{<M30)hx
z;;ICqHr&pC_j=?~LuCT-|J}yb{~YCiYS{nAZ65;t$uIyQ`&l)%x_{-(e`TS%tKUz|
z{<<J{#|V6W##~Q0UB!HSWa%$U`X87p_g{IRHy-=El)-aO@_%LY|9>?N*6qLmM(VD6
z<(nh0a-MiOJM$md`acMcSrB%-MA73qe?~z6-%}0$)AD~)5f@+oDQ&3!UlL2se=<q`
zAeLc&u|NMHme)DJ_0^yU;F-}93}E}!WY3vvxfe4;<?6Fmr{E=>xaBo}dL0^mnv08u
zYhCdkDa2s_zQsEjfKW~psmYF1d(>VFyN_~5M+*SuALvM=;#ui%ytq{Va>=GN(EX+q
znt{zhNNP131xBcJT9QMyD<Lytmw_Vm@!#p;Dmu{da=HM5BLm|_%DmhCT?%Xjcq?R|
zsaO~?$212<E{<gKLyO@LKYRLbZ@VYuH0%Cg{!SPp=aDHFx~H64;zPA)vf01CIk%)z
z=bYgakZ7AMQPDRTtdJ}VAlxD-nh)TE9s+}}fVsbfOqYEI;3lESR#}TYg9eQ}5X0Rr
zzKSQRxMdY)wWMF};(f+Vo&L2n>RnUml4{s^BxW4wZ}D`xxoHn>yXiYbS-i$fxa>pP
znJQ!Ol|N|G8B$f#7_~!1oc*z^N|g0R9@DL>n=DW{5(H~!>s=50Nj?zdGEhRz<fecp
zqvpI;+>w4a3MSg%8&eMm9bSmZRC47xnb4az@E6UL@=Hu*GbqjO88x>7;|5p+1hi14
zcFcuBBjg7KErvIqkm9$dZl>i6Jc<*_61KmO)7Rx;L4Tbjr(YUifN%}n&#ej#aP&!;
zGD)t;cJ{UV#r`BMQU9az!QEG%&cda&<3HJRuQ@1K=$KjtWu$lDT7ZcykTb`0ykAji
zh!H)M)~YY0+(gRyi#p9!W08yG*EiXbk&6nlTK$?T8^%j)i0<r_%Q~w`e%q>))#2sm
zk(SKO(7H&wFol?_O8QdLvr>nt_la))J2AG(ZXoe0#i)G`tyySy`f`MvLcx~@9_Im^
zZpeprAmt+>dUKIAKD>Jxyd}5P3~+GxyfUTO?42<H{3dN!);$uQU6r~^y%dq14>aZ+
zVf({k-u|C#6?Ke)ySLtml75K$8Z|6c!au7PxS6F}mMR(z%^nyv6ssg%c21#7p8Qgl
zH2({kb96f41|rg+xS@;`8M^1Tq@e4g(r%I(clDScId4vU<8%rhLBms0#5X+H$-`2_
zXB?pqNK|s#QL;DyUB%>TYUHJCf+!b_uEd)Wg0U`;Mbi$XJa+;_y>TXI{IqBzjDqS&
zs)^jRn&3!6EKEe%>+Yk~Qj{PPd}tVVB}!0kYi~^wyC&zQW9eitrBN)ySW&wxTKuUr
zpzsAylF_Fu2&(QiX5t*U4?5*(WILGap;z)s2kvdJeR1zj4-W@j373LF+jk$k7a8{k
zbAF4`k4;pA-euMJo_lYBOZpYSO=Xq34GxCAPq#<rmqR`{KOHJuG_rUc2=cE%%JlH@
z^&1<#)s+o{?TAeAL?=ciwp^ZIEkAkNl=h~Z*NJpGZ_}ac-sGAfo{!z7!Gy<v!^&ts
z*vYi3$aKgzkI;=SBg4Zh1z_W$X#TpazYy=8whtKj<}f@efY-j%cpF)IC!Z`sD|qcW
z6xuY&O5E2ncZ<<B&6}5ttI$n{nj>|Z%QWMQDQMIg*L)x;dHLt6u#&eW<ScBjiTP3$
zb*VO9ZarQmHWY-MTbiUOna_FFe;2p+2TfZ(kjS$#;-WPS(n^eCejct@kGL{yQGy(J
zazJv_C@UvTnM~^Gy#yW|9mybaqe2SlDwWs+K?SK3T7>exx+Zmv4w(%zFs=&ds^AX{
zfGmK2?A0lW!BV$|{DpT-)P9FHwB@blThaCrqB^x3ALdO73FV^J8w@6P6>~O28jgfY
zl|7dECO>H_QD$SmC;)#T;mib$G9S4C@3!taOoC5poz^a)Q;no^tY}TnRqE?lx=M7)
zkQvzPVp@RkdM*oPxE?p?eL19Mcpgd+b*p_^yEoqE5Ico#rSw@|*=qMMCv9)xoPvYD
zx#WsEUMO`fScMgOC-c(@joe?8u1H)~x1<ajvA_iZVSKH34LhoqwoM9W^CwJppEf(!
z+uEcP8Pd!3_EUOUW(?R4KYzD!VIN%sVw$w7o;-Dy(%UC9T^gWxaS>{8qjdYCW;4xi
z+5ieofok4vLTDcLu6+K+mq(s{WdE+1t4Nxk-Z==mH01p-!j1yQ$(C8n2~`JqTrw+K
z82MzZ3PuERJ4iC!%1}DwkM9@)s?{PkKDwJN-7FV8>DK2OJXYiRk@1P)ds)Cc$h*yD
zT$V$sj0&GD^=gDf;hHmVtaRCxQjUVF+g5plxnf&nsEMkDYy_+W{=gLH9bVK5pFqKw
zz*=2RinDPxXmkKCOqx|b`(rQ=S983^w4CEqfN$TWY+v^Q2Q)1^L18ychZJa1_rlDI
zi`UuZ!gMPr-T4h?oX%%^-bKm4S}?EQiOfN~CCOe8b$|kTaD2Gf74$H<`LJs828oKQ
zuP(pio4Y*cqX~Vt-xurX8zozetb*IMC<4q8mL0LW?Lo{_O}g1Cu*N_d5}tnbuJOvX
zL|u2h9HA$gW5TIhKWsk;^$yFu*hp(ZZnA$$n#fcG>JE8ZlI9?2e;Vy(@}WXum&H((
zqB(~-KI#M~GGh2GUW><&m6b?qPrSo~E}4@Z#k+~1etE-|tf}nqa!pT8s&ZQ2xw&QN
zN+8K9|7~Yd3RFiM)Q==SUd~*yqw=N_RTfjeD5D~;tPj)v(vqn+sa$jf1Is<ySIhL@
zz8<CvR2HKi>!B<QcEH4}D0^5&WrSZ4B-I=4lc*)e&!7XpwBBGLYY_eZHn01ARuXQv
zJYRr9^r}`o+XS4?RBaq&Rr_tMtm!~{j}LC8%Kx)3boqXqINyqZSrv`~z<n<Hy1T}2
znmU!5I`tl)oWHZ2FGlvppxXUF=eRgsLA&~k{AGVr8#sz_vf7~}w*BIv#H3|u&Co$K
z6JV-^F+gEb?Argyq?qiQ@9R~fUCG*niKn~u`fnHVLc(YXt18`4BCi7c5!3DR@{>)C
zMJ>4Jh#iD1x1>Z#_m+y{Em~5aBhxdO3e8Z!nm^brXlI(5+^mnmnZ_|+pua?@<km3Y
z7vUq`y6Gn0Y?Sv(2}-3ycb7WJ`D`k^HR9j^WH4l*%98M+DvCWtON1uVH&3KWmz6@^
z<Q469x7C)+>%yta^787-@v5GX&UQ*pZ8#|NY%z#at;EN@bD0SPuy4L|{P_FCm2Q#4
z1-jgSl~?_y#nF*$X>F8JOClS|gE%E!=8RxmWxWroi`Y2{qIv7R7#P<_)GYjxv&*lm
zFe<2{aQPdwt_C}~(m3LOkZejomA)da|C;oG0zqTHIZvXvrq-&SVH&x&pNq$bJc8(O
z$=#(@m12$ei(1L(TlY=NPxKb#?e!Kb^X2P2>daJosK)W}`?mPrL}KhdWC{(PKQ_U0
z=PHELxo8;g7G|a_pFS*wRko2*`7p1jbjMm+{1kU3HSK}<%W|zvzS^kH+)<uBNpa<7
zdv5-mbGTze=P+d8_Nx31OXn%z-3&C@GRcBZyK}kB{?w&%*pl)5^QuHD(~tAi2f)e1
z`J_#q>_$WGB4@+7vL)Nejni@8mkdL%kC^!w+vHycJ%1#%o$%RB+jMcj+M8kOSi@D!
zo|{cm`{zZlkP?WP53c*AU}GJgqu!bjQ>AylvR&{oVDi*^&mS3%Xy||~caF$ve4F;5
zIwb5kAlo7TMb}4C^eYi;XCct@Ks#Mh|DN)2#0LE)A$<n*nqZqNRlv*WHkqFHR}ag4
zayz`2?v0+5-h#|a)<ehl`O9*mj;0Kr8xWedLY^*J;l5gZ2Kz4eMt!zIV6!gKF|V$U
zZ>;}_Dp6;a*f^g5^XIJ!P3L+9AMnmdxHWp|P^%Lpp#Gk>WLri#9wa973BNXCpKf31
zZN<-L-_*YC|FANv5vp;hF}NB5Wn6<R(`L1(pVn;G9hIM{S7z@mGh-Lq0g|h(b97@G
z>hRPAlxW+O<aElkMSyoMnoaTXX2@ml;z!2W2Vtbr74Ar<Ly4>v41nNDdO|$q{jUq}
z&ORG3q+ay_zqM<a9p0<wm$VW0-`4N(_O|d|DQB$4cbc1;UrLRyOr)^}_e-nie<|Zi
zFg4wZZRdI!iNl)3$3)`Z;{NeyHcxoVtG&m?E!b^bY7GeM)8ci#Q#>>asVsEJqpW^X
zbthjur@6&t>t}jq=xSvsRgh={6m^R;e823(Tt#c5CT(kytvZ;f$Ye>)KrR1>eQ`5{
z79T3n{d|T}Wo`P$GEKk>)T-QLm<Ex-WB~7~L)jJrU4!2kD?irF>yR5KEg-xxf1O}`
zlxJuw{OQgcp`H%=i3$M^6v(c=A$|B~5*{h9*z=@`lBCcbzdH``+I1Qt&f<0T>aqo-
z;@{HVi+t-Q;_#}XVfdg0nA9EEy5+7=;VeG6UFf}WMy4xLDBdS_?iv(r?$2NIkQzA>
zr3!RDh!P%R84*F1Y8$f~F0fm@K7ZlARpEbHsfM`Tm`W6zk2dCn)>*za>}QMl_@YvL
zRr28@p21e-$_%@-{4aAVzBbk=_Uvi##hk^vQ(utv6oLl@7=Xb`nh%Jqh21kX&bZGf
z<@u?{+Myh1iqysIWQI0H$d2hM7@_qD5ww1tbmf0<|A@MCjtGzWwPZpG@mj%az}mM;
z*<r^4);w3{PnTxF{WPI3W$wu)B!$e&Z>IBB#4@RHE-oX~PozqxwzSQYgQK|0hhOAG
zaRL57!u|GNUHVm+kzUpS5tV(6pAOE_Gb@j8%Zw^{GFZjXkv`?hX?x8n=A9D-5I(kx
z@z+*%U=}5yg-6{SqIgbi74uWsAtyN`Efmi#ifco`3-I|l0SSdJ(Kkl$ZD2TaRx^e6
zi_I5GgqfRBTz9S0H6W1Zvfpwkw3R|%{{f2raTNXxb<Wjz)^DGNywl93t;kK`oG|ge
zB6rfFG#QbIULASpsoqS|B*{4RDfSd3f66zsF%S2;g_M}!Pk!5Ly?Ix8jF1`wAQoPA
zC3l)Cg=Gve>p-Uj_&LTw6)v4J>D%7ZIl~>=_3sIca?+L<LcMH{KPI;gxd$;{e?znQ
z7zh&gSg)#OTN3_CMKg}2_CH3N@-D8f%B%3r4>N3}I=zUE4(R~b5_Xc_{AEHCmR0fC
z6$7}rW*p6%ZA&^Ymm%HNRbG|^KW49udQtJMngZW2KH2Tqne?;bRSnCf<>~j6pz;&>
zM5CA-M~ly?{@{*_%DSBvR&?id3(obI@+*(@sZ_9Q;m$=tZ23Zm7rkcO=90S4N^MP&
zgJa=`KDVRzR8ZqLSwl|N_T?(c*e2WTU*1%LuyaB2UOvH><Mhvo0zuaPUMXJF-wPJl
zNaYeL9#h|V!VZwG2n0JW(+Rd;KW+n+_6UZastFX-kFVFp<|dj(uGabb(%!per5Gpu
z$c!6jhQ5XAx-tL^3&d3#-}CH!VM&^yUtLf2JY$4qYTev)PHrQhk3aW|fdY}RMsE{i
zF1^3pnAm4)u6j%5sg&AimreO`-sC3>Ho3M?e+(eOy4~_SFyhMnP^D{$a_kgHytwGY
zGUYsEu}|NVK6#H@hdbbVLK+7bJZvWPk-;lCeQ5>C`SPZPPtLLhbXrae)=X_tjficH
zEcZZ8C|^?5HIC;%)vvmr@bXE*ekhvV{rYaKsRIV>X(bEbL`Ax-4$*1w`9%2+%~_f|
z{xny!e{Cajj_{2ND1LlIEA*&$yX)05dWH!&2{Lx6iI$Bn_V@%*&o~<|AG*HI(={ET
z@TR7h>#Kd3UuW><X_>!!uv3*-wX`Iiu9~qk$aT8V{4uF1UzBDUy|<qSRI@RIn)zE+
zCohp{uT9MuwOLK-b5)2SwA9JF&&mTNun`KF8|{&4u&Lv(iV6dy&t@RWCIbXvt`R1g
zttHz@k5`(>wd;(<)N2|d#hvM|<)_xP>e!X1Vk~W=Z0-@z#7uLRp=VpkYIgZeWaG(5
zAx>w8(^_E0JmKZJjQM!TqKfNl>cL=cy8(#XHyyQKxA5hxE^V$94kyEEoCC{^qg}~N
z%;t6yOdY3?eMK2*@O=RncCxP|?tCe=d&kV5&tKT%MUBjE!t=QmrwyUb<q-I>n7+uT
z(xSdb&x6XW?5Y*Z8Oc@Z&aAL>>S(bdv0^cEuWLTskvCIt>jv4#C&vema&Q>S_H2}2
zNH83^=|Nm)4mvZrqSZj0Mu?zN&dAfpc_=>`anVhmC?$s!HU5yCO`5sqwCgiCYJlPX
z_zqz0R%az4%2jpjWSQ)-t7}eREGXkresR+QP6gv%Nl^^V4`pqviy!##k(-yBhNIX7
zJ<TLN&d>j%Y63DOF4k;#>HO6BA;;7$G2UQnyGwE&ToC=I4^3_`OTyQ(8R7%!$55ZS
z3)kA(mJIk&tB&;de9F8^Td=txC=iTW5Q4-z?9MGj**_n5mE$dSSQ0v<EDSw~)f~|k
zboTduEr5JG_%4{$c(6j1=7C$?U1!~ugDdjXE)0OmMUIo#xrKc6WQ0P^w!v4B&N)_w
zs4*kMh$9jId6$L1F)KiFiTg7F+Y5(Q=yK=59dnbKu=1R_x$QHri_owvrcfI`vBo+k
zL-kSzVmm4OMY*oLN3>1Tcq@kqFs*rPU@Q2+_}bXjquSE^4r^BsI+Fa{(cYII-f-3L
zUc2f@pV|2B4S@1<@s<ETw}Mw7$bO@xyQ(;;xL}Q=0nHRtn1zZ~Gbie#p1S30U({pm
z#&%<WGVN>qOjkfB9}dq<Z!aN1G1re$KO~eh;&dLa=&-kv_58~|Tig_WFrFQIgz5yo
z5+35~i#xLVkJcuFJP+EhN;BNIoQ(U9_V_7Wm>@1pH8#efzjGPkMPK>4a$-BCu%EZp
zx49M`Iub__^0j`!vE!$(d+YwF3~N{be>DAPKGBK}B-YQL6p0GO0IZcuF@XGPL*~Vn
znt^v1fL9@!@|?Ar5q+#XiMCQ$aj_tw@X)G!x?}n|0*x(iBZ%T?{gD;H{2kg6=x&6v
zf<?m(4G~jWzP@g3S}nd7a}wUKBt(poP}8~Kj$-T@1AM{OLXH8nYGD9fhPs!xm{IMm
z?^}^vj^GP*M!y#4b9bQ;cdpf)ZmFo0&D8l+?@h4ohA)*VA0@3iDZ#lll6BUX8HfS=
zhsv}ufIEfPUoe1Qi6|}fHMR()<s&<++#}KU7=VH}5FrgtTSQlGWSx*;8wbRn|97ex
zy>3mz0Dfv{UEQ(VWZpp=V*rmPFaX3&tYXH739n?bklxt1pE?Zq+evk$&y3gs&n}}Q
z1>a);2jdvPq5cVh!w~cQdDb-^_P!q*XsiF}%KyPpNfHCQZh}w9buj?k)bsF*))eqh
zap2Vr;JOdtAAC6A|0SR3Fr(O2_V$6BSZ+gL<K(E43qr9w8vpc!uiyQ>7ht~Dn&A*z
znATj<DphL1T!($(cFX;yni^<?)%{2gTYaV<0NxSN^i$G#tA6xM7FI;|>|257jJpGe
zQRw1a-tlPvS<8LkM`5z3d5Qb&*g5mF8&O<e|46#?e<Se!na{8OHE<uxukEdDUe>Kk
zPJXR}+`#CpjJS^w7Ft_<X5U`ztRUXv?cxE(y+GrYEEK;WoCLAe)}R%BVo75<>qy6+
zXCU#ML}c;3Q0F_cH_wwopNqJgfDzYObN1-)Qt%a}Dfp1`C^b^$y&UVR#$&bC!<sVh
zIrG63=*@Jc`4ZI_{kIQZE30U?l~^JYe5n6&&%Gt^q4=>#oD#S6(`4D!eHE+_%I5&*
zzeUA3>8XJOF@Utw=_{Z;5-YOVJIh$NyutF767#<{DtN_aK>$2{Xo>->q+o?OG8cW1
z85jKX6gwFWHXT886wa<QAMa$LahTChg2u5LB@4TNkVM;00}<DibJl<FKLxl0+3Fa7
z!Bmdb2>KulpwqB-`JZ|#){6Lm`uEO@`OAf%1F^jNgB1hlji19RsAFUyng9bByx2lB
zS6@EE>YBfFqtq465|0WRfs0}Qk0)Evx64~mQRmeE($RR7Y5>W<6}aUJM5RB>RKP+N
zu<CXN8!}&4`#la<*Vv!$T94%$Fo5tq^f>V3FLam8V*nAk|DnkiB@Ezw_>bj(EA*cZ
zPQ3jG@JI<5g$F*r`#%l*&k#lAGb7Bi=A5B%<*kf7zuBrX0SJ45kh~@}z^X@fEIww{
zku;*|whU@#IS#x|<cpP)(Y+(m^V7eWV+?>rr#K6XJivw%=rI6MtyR+4Q_{#F$;kkP
zQq}KH>5~(wsfj$H_nvOK*An8gCG}7ym@skwR0;D;ftW^AS_^f!F&yTy3@}u&6?xU(
zlr^(qI?b}w(9E-^<a&iXk$(wcza^#RS%-~_C@UyYJjeM1iO}lu3AnHGN)ZF7%GJjJ
z#%4?7_m@rffDZBJQdtp}NHM3@3sZ5o>-k-?I_5JcFw8PhR(Sb9{GsJ0CHp6=Uo;%u
zAb3p4C_e~qia_4uzE<*3w@%6Ge3Nxo?53RVrTOj!X!_F>bcwqmOkZWLOQXYv;6D7~
zgWD9OhIuw(7Xxr=K%nyrJMfd!7Z&Hum!jjp_f_R30wGVrIA)?~l7dA<7pB6yT;Ewp
zHKMjwLGCK!lerlt4NcYcaThZ#25C`s17~=irzP_DP*#WTKTPzd=;U-~j2EhWAH-e!
zEauCmi5+xH1~6FPC!XFID>T&95Ca;=KJ|98bw$}M8tsVAb2NYL{kfpxLW|#b&o}Fh
z!ev>6(F$MT`peh1ifXiGwagLA;Wm>sU$m4)_g>UQ9r<$lerk`4dYY`-#}~`y@Z%2c
zHI8^Scx5@3F19J5cUn>Uk-^cytJMbz26MDVlx8J~U*D?s5v0qJ9%k1(@UWd=t23;7
zV>3~1V<7syY1ZIPo-9w|O;#Q$nqs66*4Lb7F;03dN@#MOE>23K6mW)SK`iF^IjKGD
z46R@zdlZ*YhBAtrIbgF=Svs!=+)$A`3~#4e0-*9M9BSXF^H*fJuXi3XRL7RMe<szP
zFW_ydMR^`Zjdb4I8NDvr5#=jpI{-UANU#A5cM!a}DHyiyiA(dNEdFlLNb5a0!}3KZ
zla%!7hR~BR)5!JKT0vf>JlO8j*Ck&zE)sO|c}+OewlYubuXhfxSiRH$Pwd1|9IN<u
zU4Ns^L=NIwe-X5z7_mm9hZhup0gyA<F06>6PiZj#zecRw*e)}If0BR^GFXX<!_IMu
z8`ml?a4OM+Si9M8a*lp5*!Y<Myp#((Fa-b0Rp7rgr`!ULa2MFZ$vVRV(k8KHu|oj0
zi++m@TfduH{tdhP=e8=dRv8BBf8d^eWiH3gZ4m=4G8n*DI;>IggkmvyxoBGN9?KJ4
z%d0!JzoBoZ$5)Tjyrlp^5Zs=_|7~B?ErFfVsqSwHcOL;w{<kB;RsHwMXEj+}vn#RY
zEzJCI`Wi5eo$p~y;s#sR_vN^BiSDpw(yP|rL&JwffRP;wY!wAyW%a{p<#n)F>$T+k
z6wS8jGC6<xNEa`zNE$x`E`LixrlB<d<L!ZDHio+@gf%bXk}s&RLCth<e=F;8OwaXB
zAu4MVyWsL<c<=`_#&0e2XS4<dlOct!+1e4-hbI#@x%iV#q8R8Aq`%id7~I609iTr!
ztvBX!AO;8iICOqJ*9}WiuN{Bzx$!`*;+(N|i*|nIWlezbCFidod}u=^2B3RrIqP9m
zgWq6R6((9nugdb#+~{7XcwT`<_JR#5e+#HfH+hx2*tqh?UK~|k^7xe&{@mBV<+0!>
z(r0MO6aM8rYy14Ur9SbVm_l?{GE0Kh_{+sr<`Zt0G{|y>2rI>-{OXSjGo0%dmdN)g
z_UtPb#GO=$^cI$ei7fs4nuf-vSk^GMyQV{oO-1!b`yZZZkNeW+rWV~umec2!H$p4$
zF&dQ)9Lq&?6Cw^DJ@OAq-q#5llBce%icu@~DTEJZ+!>H{zuhnP$y53M!Gf+$EDg=@
z3cXaXlq3dFJ(>CCFsnnJEXgF%_K*@b?~RAkZq)aH3VJi|?GWF6b?AMo3HxT9&T%l}
z2ckx&b;sADix9f;$Px*DdO_5lRaKK3gKMVZy~@whzokLmMOEySU}0h=T~FqV_-ei0
z&;O|u5QQ5%EY!FXjno=5*iKikq%<?CNTA9mXD@klW-Va<kuM65h%TFj8(E#`B?~_<
z-2GVT`m?flYWY;|F6X5f9xlrHm%8Ol`qUCUxAl;6J$PZrmB+}W?E8p^TISf&-A+RP
z3_RcQ%zTv~r|s77cF}?5G;9-1+D_Bs+uvr5`mF9w@MrG#?;n1xi}#W{r3xjZh~0GP
zo9z!h?dL_)$QK%81v~RL8MuMli&Wv<5PW#{0~v(dgn&@_Srq17H!8#-9mKhs8ix+t
z-{7Pv{0NMCy8`eEfiOg^IOlx+xHcH~wCW?<YUj*D!VTrNUqBucUUgP^JC5I332coz
zqe>s#g@5O?zxk2&r$q6Eq(%PD#fJP0(t~K*Fbrz^&b_kSkH=m$P#EmUr_g@(M@{aZ
z79edEEWoSh{K%DmQ>{MLO17Ri26SN^<58#%c9UUgo*ay32zpA8obeLuVS{K{<l*7*
z)ixWcA4i3(?$@j`lQ_yK?=nhijjkJK$7|G@it_bm8l@{gqyF&V1<m#1!CRtQ-|ps2
zRTIf{`#3eZP2~^Cj?(zOa#YfCnZEKhw3{(Hu~Ov;I>p>B19zQtO%}R1KaJCTmhUtA
zE&-rnl?%>wWL{j$e>HHZVv@1S2#u24^_(nQVg=PMQW4ok;<-IZz^SoToz#C$49Kb9
zd+sZC&a$}2G^Vbe0<3YRb7YrHwNv|`e6ZEBr5$s_J&}L_XXW`t*Lse|bZYEo=ly`;
zo&f6{CSUDeJ|%1M?QtKuzIw7Re6Se4jYfl$6M7CviF2JYn;)$(b-a70&VO<=I3{*1
zmZ-{Z?|943ZM1KMPvo`VkrNNs#*^dk>ZSFS1&*BQ#(A$2kEFe%*)p{rssUqFlqjD-
z|7@`19|IqM%m0}G2yHO0@CsL-{6`&`^AOjwFw(JxIMtm~Nl)f53%1c^9n*4LBPfVz
zb7}Z;5aM~scD&w3et6XMNmgN_s@n-<2_uaXBc*bbp+tui&+MA4@yr;TDO#uhf(!v}
z7osy*3orXsoGz+iXIB)|KN|SsLts;4aHj*Wc#`E9;OH6H(Ye87wjyffU@+lpmBwDr
z26fU3!}<nF6gi7vTz)S{ScqyLJ~qi}-|CRm9gqljb(fqguNi1;*6!R3n58mRe_LnA
z`+!{)3kT?|e$~#8UUN0~@T*KeFQ}FOVk_<cbn?t_yP#C%2<&Iye?b~@szu?P>Svc>
z?G{*Mq~PZ1=6ZWSk>;y`@0V~}B?C4jV9NN*4HtpNK(*DD?~v=ND{`3sBGp;P@eZ9v
zTow#utuAu|Wis-LuDmODohWGfeoCG3MqO-_YMyev4vi9%djQ#`=9TbIFv#406>ko7
zni=j}F#9k@qJgqn(G!qj2@;vz*E`y@Y5o!Wkt$gYhc>0bI{js(ywjaNb6*JD6>EMt
z+y{8u{Y%6r=he<RD#0m(=YfS!UebQNE28iapDDn%`(!(_x!HNo5d(0x44Fc6Rf7no
zjyo*qYwM<|rqwL*XUqlCeBIpqrs!tu1BTW+#K@wRS083^KcE&1AisQZC5-3^7ptA}
z*o~)9D{P7{cGQ5GN)blX0O1~u8m|^yIH;&fUS0wf&g9pGi_z0vZ;tuonguH@1$Q>U
z)-czB)6naHk%YnCuNxDf-K4Sn#5vV+SXyp^Ro%kNgb$&qjvb(fcSs2tNdg0N(NkGB
z(ex@Zza-A+@~6`R*$knXB-M|Cw>nd(VRFSx`sZS(3M;(pDNt!BXtFD4)Dp5B8pQ3R
z`@>H@+|$iD8ztJ6-qk6?xc`o}8anPG&g}xC0R{9HyX=yi-V^OzctoPFF5Wqu6a96<
z)URdA4?e9_`G&_<%0c%Ha=T@qB{Qh-Z5u3BajR|ICrnm)`7yL5UOn+#`GtBhYogwJ
zs0N%tM~JaqGT;7uyQ$)Ip;_6N@{FMP(kFnQ+R$L&PJXfD1$LdrSHthO1SX!Vd7rYK
z?^HY1<w&%#8f)8BJ416Gm3_$ZQ_>1Wgsek}=cAZ9)TYGz)A(KFWbJcIW;sJaY*<Hu
z$e~ALsrt2={Swp3qL~Imm*y1Bf~rq0A=ehokngv#b1y7#zkSK>s1M=NFBJ;4z&a%Y
z(x^jEZ(TibTg9vX0#TQpfy^ERqc?fetP@pN?S9cF(i)Mf&W}|r1c)7ylpzoMa&|0i
zH$Sx84}C)1ts(uP7i!IX)cKXawLrSEB!KnOD&PTPBz*5gvTCw|4?f<}qCfBRhQQQ+
zo|Jfp?p1n{N!n9&7E7}ZDP=nWT!~dZg7qfdOB0m6F$yAHUnw4|0EB4)-`O{Ucz9JB
zCpAKT*dA#k^E6mpdZlsV2Qs<GhlIzIEZXw7f(Fo7R||`itr3?pdQo!2RTdpSSfHeP
zmRcb*M*pdO|Cn{|j%b}{Wljs_l^e<`=jzt@$+gqeVSsi4%CwV?@Pph#lEvnYuDwHb
zXRq-zy?E}&g*@gyw-u{cr}D1r<cZpfoeZ;Pgm+99;my?=4@W{@qPx;*hJGfgL2DMb
z6r4HJT(Ilo&oo{Kw<Ap^hN^^<VqPEl)wE`!V}?_7!#?WeN2sgAQGQvBKI5>g2s8tK
z<RL*wnS-@n2wcMMVsz#5SwKKv9Z5&Rc!84DwCAD!YU&k-AK`n5I(=W>&j8u{Cw+FH
zISS~6os#6(y<xa$Qxq_u(^j8SpHgv}XsOwZZ|7-xvcCPbDMBtrU*>hun%bh{IX;E9
zIib)W02}^i0L4E6KqTBi_U5Foz4@Nd_`3UHGjIMmL)F64L<^lyyvpdFYo*6SlkNfC
zVD(bj=nR7}-nv{sW49^JTjIiv5j?WbQSJVpj)pb``+d(#f0?_kxppiXDpXC#DTwz(
zHyLxpKMdXI^pl-w;{(2oqj`{Kp{(l>OQYa^gKI`o*shH!;Zix^+0P&n)SFFY7eu;A
zqnx8&F#JJkyNsTQgT$CdE;a<BjOezFzuV>NOZRLe()LYb@)<MHr4EFhMn)4pKcMcn
zy}9R)0nF;L`|=bkIb9r_dCj0U$GV*d{3BUn`WQb4c?{pdb1;4`j9s|N#61L)5x=>C
zvydMck6kkY`<pL+0O?w2QLf11!=6YNh>>NRU-#Ek8I8zM>l7(#y7DgroU<bXbe~wi
zc*PJ)4CB760<}n>47*zI%8?fN<P1|+XDDYqISgnBigtCmWKV=q`LIN=f%t^v*l87O
zU*gKyHK6NFGf*y5T43J!5$C`j&WWNrY`Db&c?AM@V}bSSeireb6>`P)#HpmWZ!xma
zf9Cd#c`Yq%ul+75Nwa0t<)o2_zBJnS1$2_dac|wTeWANTI}O-`%PXMbW~m<lyoSg#
zq8_i>MXx$Pyuo-IEFe4ITLz(FLyt6RsAwvwiU?PE>~hMcx*oW&Gn&=BMhji%K^}r(
zp$DO^0-#fra(Gd9>JV&(f1`dfZ!&hMc}#v;0{@8a8Bem_vGMKC>FqREdWEjmwuP0Z
zC)?IJ#$J@VjpdcFu|>a3W?R_&wPOFyD!ptm{~kzw`SmXCJV{-Gl}OU{i14K39Z3n9
zN&cM$7xS56Q8aku=>@0yb!9H%tZj&HZe0IZP9X<%=eUDPB9)1$Hl3cRb`tKAlj>ir
zrq@Q+_CZ)By1>+}`BFLP=ko0U5F*54^okzV4Af|7o)Qq?UjtEs)?@mDripwhN`PMY
zwewbY;3Z}KtlczvZZpZc31eO^(=E|MOPvFP9scq@Q-)8G&Xu;s$I=OkNBzQmavoT}
zZ|iXC(4&q`vxH17*W;y@SOl<#G^~Lj7H0ak_S^3BmiN%@Kv-xd5owiU!<X{T?9u3_
zV?%DvLJzcf%KA6?m=ed4Us2M9zx)ErWNusZxUQy5xC|G<elZ;(MN8-_q2%`>I_RJC
z4+6@p%s;Ax)Y}!<8p|q&_{C)!D^&V@SLrL2p=$r0DMh=hl9{1*9v#LIu-xDB0Re`q
ztSlO8jGrvi8nw9<E;x=4l&M+4GH`q@vXD*gZDMa|ddOxY?-IZ7px}8-w~bx5S_Via
zbt0kZ21)tV=As<cygpASQ?59&<hbvv>3=hUfo#}7Yz1q*JZg3{p#qjKE>6df&=7_<
z3!?F&6)guS&c2|RYY$R4w?~$k`#<)6P3CKI@B0PJ4-^-KOCzSWQQE5xSX-9gw>omy
zvG$D<x!PAH2EUp!q!NUjLYRvRZGN$6b|cfITBfeA{WcI^UiL~5VfllfSz+2^Tb#s>
z#AQIgky?gLQvS(@os@$IQC7j$Nm|Ei4$EGf{fOI>U<ZTsE##fEr;Ga)%fGacpgW$-
zugdKXe(j}>xNikY44b=a*HqWUsYjRgr7YdFrcZaItu5i&?}`9;Zf5x7rGq9uEO3W8
z*a-K=AAJ{+;t6b9Z7IUSI*fhrRC1k6#vjA5f@i!uH&o<Q%S2e!K<#HkeLQfT!SMK{
z;t;thC{0g@s$JqWU_|s%Hb5CM9qN(AuzOLC{8I4PZH<ISKYgnsWo~j|iZ4AcmFloV
za)F$uhrVvb^?4`mhgL{wJ|~aX;&+n+Z<poCe)Q1Sb3LbWS1?<mysu;OW806E8}+}q
zj;ROd>%IMO$6D$US@6dQuo@!k{i|}18AxL+$9csd6ipL_1Tk_zn@m6DCQBuqRk|Rm
z^D<QN+uC{_+8!Rj^fKuX`$@%*eSPyvb|j#+hdy3&wArES&e6_kX722;x~Li1Cuqx$
zHuTi8#wsF}mHX_i=kLEa$*7<0I-^wv(N0*MqcSlLpIBT}A+{b&H#8chJ`ffDL37G^
zqXjYwbQTO{ao99x*7|92vB~dm7Ai;YSgcZ<HaY+N=jyT6{(X^~F*-#=5bO1sug8|8
z*d3d$c#apE35C6*C|k%EqGz?x306dMK`EPPkGEJu3{4X8n3*DI)FsY{C@_nqu|^Qi
zr^P=>c!u@sk?u7~ifA^VTkMDDTGHIUIzbI2fA%^0TJv_e;g!~^+9>KLhrhgeKW?VW
z(9i(rt9j=Rsa82w--ldTW1l6NPxu;Vv^a_U@LC7*;$tTJ&&}pI@pSXYa1kPPQD#0J
z&w73q!G8QY&d~A$GW5?Zq5!pmZKTelDx*cy#d(t+>i7J)No{UgIcBpob9yf>!dwfY
zwtPVy{Q}sHNdz^bbXBQ5dCUF}AzD?R-}LK5CzYf+pH5#~j(kcE!9j}!>y0d#tw{~}
zA#)Fjel%3VsaN@*@J+RlPI(ZOvrMfx{2H;9Yml5}t-s`Yfuo+a#8_TO{EfY?(geG`
z75)(6t$v6<aW?m&Va)oFb%#nOK%V*?@!Q#RVY9`Q1tux>&SJb*BK`VPO0N=Ytqg8S
zjlCHKqL}hV2ONf4oQj>M7bniyM845j9eebE^Nqfbxp?y0r7tZxzmHRjIJb6pc`=yF
zsHrHt_B|cR-6H5iYH(e23Rl-1gU|n9dQgQPZZahi)=}Jcy`|op4Qerq_jP5ce4A#>
zPXFjl&Gr%z*03<6bbFYXry$KTK;k8h()rznyxJhfVBG>Uvw4d)Fy4dkAy=}*iSFo_
zSk!Gjy{SQAGWC?`Mzw?LJ$;5&5^i~?KDN2zQ+e%)6VoADK9ij#Q>$VV{_E@nuj`z}
zXrBI-qNh@LZb#`q!Qo5~qTAe12@pox09mn|o2S64KBO^2)$^QZAhvHjLcaIoa+<YP
z1>uA_sGb!al%g`UwQf8>v|!fA90RaY!0XVB*3EQIYeMAc$Clgjls4KAL0_<Xx@<E;
zpkW?@<b7-Ef$p7_bKaTEke|BkS_NU_CtG2%KJS;TRbM8~k(187h#$DaX>?RV(c4)y
zldqMgGj*Wh2_IKK+kUy03S-o?bS_BWK0bx+_;gnyqC4kEnop+F`LE0TYzl}9l5a$?
zk?{?NXEm|fz9dj377cbY`<X66I9Mo0OxAZ&SzHr8Z`sizRo@cQ^=-i?`f-NIp+p{^
zsZvd3fqECjR8Hh8HwWuys*%3Bds;MAj+a_j(p6gY*cb-b4%L0E8w;*>agn1Y_(C*`
zUq74gt4+E{;rr56+H3vmjb~5NhNZ)VdG&HDlg9l$Ek!m`R+b>Ujun^ip!oHG0p^ez
zUpaQk2x|2SdPQhG)tj9g1QJ!x^n_ybx+h=Wl;Ui5-fqQhax7gknV&<cbf%J98Z$m!
zk~-NoE~pt^mR6RIXCqk@aV|yaA98lc6JBS@Y2+`Pskv7;>zcl*4sN%USW)l<iIh$A
zOC}(7s#Kre3^))SIFGVxb~m{$Zec`4uLch1*^KjxeQ~o-?R?()o->8tV6q~o4q9at
z`jglDrm;e!VXRTZoyfY$052X9CkjYo^@;k(#g$se21-roX}<bHF?oZUaRFDI!)$0>
z@+($RvyX~O4K8{M7{DTZnjt5{H^!ZBX`1r3=M67TD_yQXx7_!UY;Q%RjFcLMj~bec
z)u@bd%!;L6m`TQOn!MdB6@8Gnq)X1A`ry@Pn^?hEAOss7%L<>XP0by$FY`&#`95AI
zE=VT$zFaH|-o^kO(_&GKM#luym#wfXHnrLktM-=X$CksJKRVVzrkz2pSHRs@29_!_
zmnzzvGYBab=h8Yj%phgePA^W3K2w<!fX|Sq2EbW9Dn2;zFBcfls;`HpFD)B{?(=<_
zc3M>a-o*FI{~g<#2dvqOvW8<Azzv|&@{IsiMC;pqx!T~f4yd0Vl+Ht*3X;A$ha^$6
zZ<-u`?!Nid?)xI(?V6)hdkO2O6U({QHn&(@l|$Pvt#NYV`SV&FdF8NqAG^tl_{gQ}
zr?U8oG;`f*hA+S0cU;$L6&8<u)<Kas;ZU1&P-+4%EYx-KwWDm4Hc)Hjm+`&0?iplJ
zl6^gJ?6FmDI(gz;jss7*STa>^s)@V6;ej8&_(0B3x)Vd7aA0wE`4~MWPj=`PvRVox
zn%Nd!+AS?GeR##h6g67;Ahyz`PKrw|Ro=7gNoQ#@C@Be24e~KX<{}8bz~XNR)Dt-)
zP%g|Q^8>leMDxDi`mDVvrlFRvycUK0J^VdG<EDs3DD}v}mYr|7FR3flcfaqoR<Z!A
zUtbL~%{oraxm>pN3~CF0k#iFqVjCo*maArZt6Kq|*J??hbK4kkfipyC8q;dtT>Cja
zdO_Xo8oES_=-P~CTw65hf(<Z=Evdj%SDPpISL&J)S{#YWUQ1@U*bKAVD%70a*UimA
zPlAa-SGI-oPA$~mCYwk>wa8sf%R46dT^lop;$2%JE2?^qiEIi)5eO3&0NaGRNM~TW
z;DzP%5^%3cK61)(vb8ed=w~twx1nz1yAjKLrZ=F)X0JQtnS^VWIzAo9B$R7K&l>*S
zZS60Q91FN#U2#QoG>Q>3rU$m^^N%bha&_KW73bOVH+<-M*xJT>`4S5=F~wiM=OAi)
zGryq$vEwT-&7|3l-Ei~B`qo<(Usf-g^T{I(M=haBw)wot<g?v^_Y(tLN_nN6-k_$X
z!ja6ETL*&APD|-PF>_5rj1A{wd^*n*Gb8D!y)N(#<m?M!mU`R38s>HqW>tg-)e=Ln
zgNM1^qD4=!kKe6Ib{6$if2a+US*A}Sg%6ZcU!x?ds#s1l{8AAmaMqCyI*Wk#95iW^
zIZPv&I6cN6=%qVAE=&D6!<|Z4N7y?xSWDvh;R)x(aaIwItuLoXPO7x{J2+BnpCOde
z=<^aX-8$~HB(s-k_`5R*m1>B6=Tl>_c5kd|FTyRo_XxMXvfRUUt`HWKx+X|z;Uw(1
z#PWUOe#j*OZx+7k+~a&BHYh1a#Ax@O)g8oxIvO@*l}}$c>v)&rm#D{r*sn+r36kIZ
z99i*?=C1MCJCTBeUctiry}0iQiD(GldOd9ZMO}o#mao5pHjG7Q1Ih1j+LB>8JpgJq
zcA?`|n=%(@IB-E8pU43_WyGi7pEeFj>V%fn5Zxj+y!-T#kC~^zRxnS-)2iz&?QUQ3
zla{1QLmz*m34Vj4qmjoGY-27nKJS_sZG+~5$^}Z@fOAX>Uyq?iVy|!DknO|X5b4oD
z;g&0loSIW3@5LA;6%!9n2b$$+uY|3nA$94SqbHmAV@ff~35$25o+@pE=)-uZtRib6
z=GTD%QRt!eW_?>%EfnXl^xCeHCo}z(LN=;;jX6pjNIX{_AAU-r>HkH37Sz?yMpV0!
z!@ep6Y>;BWd1uz_ce1`gF;~6kQ}Z&HlVTqm!!!Q9A@Wc77FZEL6BAK$f$KX)`+<=w
zma{#uma0SDA2K!F@lH$h(aK|D<^C%ETly2?r9<*dM(o2_PmRrh+_;bqKth!C<6Tlx
z(!JE2B_GkY^rXkDBsyA@9P!TL!?BbQi6Dk!7=)i6anm?m_x1d(*}5lccCU)gr-uUP
zp(0R*klr5LEUU54sUpg>29C*W03kyjde_C?5tpSerJcrhECPpR7lI=r<ro0#l5YW>
z_C_-0BwA&RYWX{9i1;#zlT32#RvhbiZpyW;!4b#><gw=Hm9lJG7yGo@+{~tr!Ks7k
z6_@13XD7AGn+`-}J5xs*s~>B~&+nQkh>;71f2GoRogP-W*+Ws)#Ty$<u0&p#ET9I8
z!T|Up*U7|!Y%<N_*lZU&gno5;@E>UU&*nL%6{MxZy!yKppMCWp85u%d=&K8M?UgqA
zu~>h40WZfttKPfWLK+}+s1+VSmu~s?v^2W+;EFnbslg&!ImGB&rfFp1QLdrgan!2H
zOa0ELjfTR|zD!<3&2&gjG2eb}np<kHibkvB`>I<!7{GVf8`6BiFgf!QA6~O?oiW!6
zK36yfFgZeQH6ENxJ93{qWYRB&$yuygLPTxuM$G4x+w-`=rQu1NSt5aF(#OP}3{MQ%
zC`{l-x4CkfANOIu-~KHT|1{*3!fx;QTU-L?cJS<vkqT}<Z6%!lW!xiI3cIO9^lx$F
zbZnKlLloMN@M*E9x&9&jX9yDWa5xse#Yz76H~H9A02>3HQ~&x70~I^j>&?Q_D=ZeU
zA~%LBmmuaRjuPW9F@UzR&(}YMZuuQ*`>&=y71JhHV$|?tuy@bC!cGR?=e8y7m<0BG
zo=PDFyUX?mPt98Uyf0d@Q?fDS#MitkHVZMf5JWk9!*1@grEK=4O!j0@Asx%tM8wot
zVO}4MX{=~7>MfM)Dq}n&3~-pri<N7u&V@o7+%`A~osN&<WQcE@yLQVIMnL9GWe0XM
zqD`Maag!^1o@kW9Dp$p~aJpHwQIxr5_)wPrPGJ`qFQa3`9~o#eqGK*xsGdNb#t=S`
z2*Zo2h(2PzA1qpTPu}dVQyCENR87uUB5r!_nY-y6Q6I;mY^U`S`T9JWuaK6Wf!U4u
z2-*s}wa)a=dDU^trQUIY9zj`hmgBaqgaPof%2WZEZuj2OkjGqY-Zb^|>r6+D@q-lL
zKKbWlq@4DE81#;lcXM2{0gAck7Y6XEE=haLdK|>@MSh;QzvQrsRheyuRWQuv6(BDr
zpzTfGkzYlId}N8a(W1)6qR}AonB(y)kC$a4QY*ny<@}PX%FTI@A%e;x-e=#r-Cu8f
zsMpymlqQ~6R$Y&Y>arK;%5WEDNYqq&c;u8lf{fXb65s!t6UF=ZZqC26{NGsr|J46K
z6WSwXiQ+9<lO2+Tg(a76)2W%O??ItdKNp{+T`G7cx^l&q;6#KwyzP@F9=c)`A$?2z
zW~O}1DFwvX_4y3hrk|E6l|baO4Lu9ZA^hB=^@Cv=cT-53cy_xjTVONh>ie_CRI84J
zWVwVB`Q&)E3(<VN5R=^6Y4k0LNZ9pbZS$8?s}C8?UEe_y`4a&-!ep+e#k{FcJ^*e-
z#t8>|T3vr;tCwLfGpX{2+kyFnAQ*shl<2*Nz9zNLRI;i(WkPCZF-$m3x<#$wrfSZq
z=;1_%eI~}z%br+cUH;fEJz2PpSMc5=yd*5Zti~m#v1Qb~H9lkL72+nt);G4mTlsym
zF7kes1E?=utv`Au%gSB&YSh63Fn;~m{+qP}0zX$sy3+LOZvSBHBn$0!7(?Tek|{By
zyENOsE|A(t8h$(P>v%uO>U@SkHYe~0!&@BsdfZU;+1!|t0g+O`?eP0|?>yR_IX=xH
z>MPGPh*Pt+{iWZ_T3I-Ow#%x{a`RUO3$A)zWVL4mGAm37<V~VS#lJ+<8-0bmqV=95
zQ0xltzqhT4xbrkqNW^DwGYc6>cqpkTfB4HS;bbL9G41nY`|hepF;{D-5mp0M3;jRD
zW54;!=Q>CJfgiYCyX4>A3bV$R<%cAlKl?ESCTV?z4SmgNW=@mXH54@wcoSdlTgB~Y
zKEh?P8F?2+K=@EAz7qGa0=w1U$%<PqZde!`{E&D!qcFNu)3jI|6-x2k&(LivltOrR
zx)pa}Dy|+zV%kCF7ucO&u)K}fsS-nKxw{+^)lJUQj=!dV>uJm8aX%_ejnlsV={=`y
z2YW0G@k!`!Q}9O<C42JchS+rpL}8lPJ{bjblNP{W`U-0Z?}C2{XkA`1V?Beq++8k1
zteQH8Q9=&o2Pl2?eJq5_ChH6dMDv6o8ar{(R^P$PGr!^MS)e-`ffj|<1W`-a*RENv
zl3oy~VE|xjENrs~d&2ymP9P^PzalAt$)Cgw&aQY4uq}%GwM7M#`6>XsPS1IL9ghJ-
z<<38DAT6EP8>Hj)xe_=80FOwL(C8lQ<_`leC~W?KWQf6g3hv4l-K_Tw)FHK}K~_w)
zmnM=cRSMC`fruRtE$>XVcs4hxk+Bgh5VGz#xuO(2UC)nQFX7<shPBXgcAu{KpPR{k
zYO{TTzxr}&T4DH;ty@E_2Q?S~oh3>^{3UP=`wJ_CbYQ*8tN4BDDQ>XH<!FKu7WdYE
zs}wwvfdMQ#qs6ii!8^;xo6Bc&7(gtu{_mosWus`%vs{j-DXf*E#-doWBrt%M=_?0$
z{K@dEdgwK>bxmcG7dzp)4A~WHP5Vm+@({|!#IJ^&`iqF}nfu@#mL=1N+UtCT9hTB5
z=h-6~GqFf>d^zlfn-f$524HCb#%`&qB&hVoV$L(ceHQ_$7(ity5DQf^3^9!SfQ5%Q
zVjYqeSl3`)?#u`_aB3fc1>dzwP<UNAe9cVW&D43Q3tNsZN8b#fsW~hN5uX5({a=-w
ze>~H99LLv>%Lz@Q>lU|a&MDGG=x~;H+LRwl;xe?m6=scg+RTsb8%l??lgf`_o!QW2
zooE{({UDn2BU46}UqgtQSYht_xWDdkf8G7}{^R|4|M7Xe-;c-p{r<dP&uXZl&rc--
z53l5sxv!r@@clFRmv6`Co{@OkI_5$ye%q%^Vw@O`%)SjmKA>6%u0<8^*6rd!EmoW&
zK>=df8%1FMi_-Rk>MqN(c^<+1YxaKnf4WiT3}nM_z53k~4+^1@S;wo{e&SghZW+H4
z=XuSd`#|kT5@zd=Lb~&4jZ-SYJT_@t{n<Uby|X^7I_T`C4=%?C%}`I}W2`E++9A<~
zTa3dI^YH$=oXZeu9x+TW#eER*+gi`W^UN5NOW9QmnO=Tg;;M>*mmZE}qk2W|JUz(I
zWM7y?KFotZCCiI!{UjnwIdb&du`Ak*8aDb~hYOXfQAN$?L<zrnIUPy9d}->(1Dmop
zHx1TfU!T=qckvNSU884r-_Fi?zqPd4`soMrPn{vkukr`IjucBc3={1%RByBImeNsg
z7r}!X#-O{gf75?$hyLxiL6``P(7KS5bI6s?1H?mhj*SK&O30fI0vTBxjiE5=i~WR^
zGr(d8n3!{_3ANy>9-R5@nSQ3+bz;&}J-iAj1k*!-S`J_O0S}b3w4dO^K`!O<lFSM1
z&K0&zl|ok&g}vY4=m?vqMU5VdJZT&h$SAhWS^UGV5p{F@1BWqXpF`@B1wAhc-ZIGW
zwLF*LW|IY!_7W+c_d|kn_VRD7HB2blUAXtovt)cqUsajQLhce;BgDL9Hb)75Y>w#B
z<+Z^Vs9Z*+Y)AZsw4VvC;g|y1vG-Q_N!vG+M*!9PGOAg|HWJE^<@Vq--MfTt-=;1r
zG5)3*%={)n|Bpm#w%_J^^#Mc(%j&gq>u61%YKe7Bju%R2G(c|Cy9e-IaN8i{kf;kp
z7}BZdw1e(>Oh2ph#&C-1=5{{554;9H=_Q!VsCXxG6d47k&U{TAHEcHBKSRi>Hr%tL
z1-a*<4t|e_17Dv1`+Y+43C{6-g{15C$*Q*4>}E<qv=3NKp`e(eEiOQgfX{Uym&SpN
z*plW`{$4RY@>a$8h^ZlP^_9N?l62>ws?s|PQ$0Jz(L>Kz0ZwnUi*b)NvAaqxb3ePm
zRJDJj=n}!gS0Qx`1x#V$4SyJH9z9AQZz%VEAu#JE%uu=>1|oZ7{Cdp0$jjfGE&i(P
zsZvFgqQmhxD@l8A_VYB<PHAS#c?4ZSC|h&SSXr0zyg}UwI87&5EurX~#?D?8|D9@r
zMvG3B#!-291uh(kly}QDv~T?(Ok)mtk^DOJH15WU#-qC@Yda_S^6@s?Rfxc1I6a-%
zNA9Uvz`+82rk)H1#|?F!1HZKxn|P*1fkCJ{2o&w*Knr0bA|_0d+7Y&nYh;{K4k9lT
z3}tnMw?unEbQpn1ij9eip#ZU_-{R7#m2Wa%yf=v7c5uC6KclBflnz8NNZ9TR0UgE3
zhm+kz)oCWjaM&}~2edd1&oa|G!ha}~T>3laq(N=o$Q09tB#*hg?|`MfJIkZnLM#?1
zxBmL^x;I(cCaxH)ow~L1`MTC^O*mJ^mtkA392oU-o@jVdp^Z0_A#NR^T@95rm^s)b
zcnsDmbm&>w&JR|!%I+$5*}018{*-Wwj8-Qjkf`EotE*!Q<B3*;T^00_XW2}9l`HRV
zM0Ps0Z1M|VMTk%JiT1pJeTZqS@!6bw2&5gNe-io~a;)f8hcA01XgZ{ILB2vBp;Hkv
zu0Kq7MBWC5f+?$zAofSt+?l21d`gHAuw^6-D}z3IDTEv93JxtUTPZb39%6eXV=HPa
z*Le|Lw+d<WL5{4rngg$794&iV&{$ejzkMetNTR{D51*_;JkY(Mx@XSrDRAvHdn2^X
z-DI*5vnK1X+RPY>rGdSV`9H_N|7+{vJ9PKT8k{V7BoXtOMbD$S56A*IXUyGLf(3<?
zlI8K`Rfv-%_oj{=v|Y_rFOL^p^D~v&qJ?8<<}dNoqBOF3Mbi7nS9Z_6KSwPdcskei
zvD4jm;PE@~mVj91W=)ZR!Aod6Y|d{`E>D1f$K&p%ZOQta8OO0BK8ty2mP*E>)Arqr
PVGKCvwli9htG#~#-VA*#

diff --git a/education/windows/images/trust-package.png b/education/windows/images/trust-package.png
new file mode 100644
index 0000000000000000000000000000000000000000..8a293ea4da1bbf90bb90e33e5761c201e435da42
GIT binary patch
literal 43329
zcmc$lRa6{Z)TWd01qd2~dw`I}-5MGQ4#5J!A-KD{yENK34Fq@hV8Oa^cX!vuee%z&
zHFtA87ghD1I{RGITD7Y7e)n@Ceke#`qLHAzdGiKSMp|6?&6~H6|MU|o^1rkFJ?84a
z%UdU9DbY8TqhtsF2LG9f$cwyrQxl8+Wbppq_=CN)rqi1@Sl$0~yv3*c?*H#5k+Xz`
z^G`cdXEy^!lQ;GT7PihTwkFP>xmeg(fYzM83UA&N*UE^CsJQDMXTFExt3Ja0mR45Y
zx1ysn)j0F!em0?se2W$txl*<AYksBTGa8+=8?UUjo7>ro-&l*=c`fzB;bz&R@EUf{
zs({l26xg{3<aC3f)e$y*%bPIgB9U+HTYOUgKT<#<s$KGb<Ovz`4N3GrS?^RoZ^iXb
zPK{0&R{igI0jd8_K~TTgdETZsGnn5@1joC_I;Ajs)Yz<z>OA0`aiL#-w~eaY`Y~RY
zi@iVk0h50?Thk%@_XPJTldguWkQQrsKP4TBep*Z%3$bbXk36ok8uliNOs!sjBj5_i
zAunC%{02Q@Js-*UAI|W+(Vov)UZg!N$aFHTUwx?Q`zkEIy}GlO`?=#GbSYyAO<lq&
zn8Tn1-Xm)R1G|Z@?-M$Ap6E<Utp59M6|kAE$CJftzRB*BZoU}Th~pLMec!qj|FY=r
z-YW3q(UsCQ=J%4NuurzDpu~1YqqfZdzJ;2;d+W9@5HJ|7LHR|(vwLag#hv7pK|{)p
zP(b{FuM3vm@X9+Q68YVzz>e3iywm36ae4a1K_gRs@^so^?!?otevcj}`gu4pJ5*Tz
zT9`kD?y9EC7WK-NV<dK$11ygwK4kWD9MLzuwRGf!YjE~ivL^Uv7gu_xT!zO@%Z^L`
z*6f{n8;@i|V@-Ep)E~o3@@K{Ke%cw&tS{Goy|QkNJ^N-&zxR;Js;|x2Kd)|g#(j0t
zZhSfd<0q&1a961Re&9JSiEh4``Q?6i6jTf`@nOD8?}YsM>h1Q6)tkQv1xjZ9!uw83
zGgb^6qt9lGzZelN_DSkO&)tQxt%U_?YHdE^1FJ1;OE$)E_O~=s>S`Kp7Q$8Tf;+vl
z|3Fm)haShQ<;L2&hy&UE9hcLkbB&0EP0)d-9nw})42>S?eRh1|wgG)O9;CEX@))RP
zTDxt6>#Ldt$zLIfFiLE7d78aPL;Pa8-ST*n<O_m?2&$%m5gLW}YuogX+o>iR1By2d
zF*KArsr6H51y&Kjn3O0%hNDA+v3u2LK!$TjKFv^KvI);*Vy9od{B~-v>b+(#Z+Bzm
z5hZ<VK)wO-Z7djHR%=eAqiOW9>Cl2$L1?H3vcvocuE+d>Nkg9Zl<YCIhI=@3*gVb;
zj$bX|Qw6?PRkua{^wM-_7oj9Igdiq@E2#3|7ZQuuy3!T(&xVhaIK-rML93n`nBaB=
zKD9=js+1q7A5B=c=BpAt<YOG32-RnDUVE(Ak47@@+*L_BmY`AEYfC{zzTf+Hf~e&#
zxYBvLk=t3?=AQ1ydT{sCFD3@{ee8S+2fThlJUMfNe&HPK1+wXx-FfnH$Z=ZI{-*ki
zyiB>j72a!)Eq6@uMvqW{Nr6Q&?3+5?92err90q>LL0y-5oNfxk!9N@|VnIc?s?B=J
z&?-`kOq$HUp#=1XH0K06kj@MY8G(RC1)!Ho)N7Z(lng;j4VWizKs!Y$4mb7j(fM5M
zfNPqYT4*@)f>sZ}$3LH|VoQYgr6br(%NImIz8+~m3mhN9u^nxsW2iK;;snRX23Obw
zV#mU(V?ObuUg$ur5B}rIiBR(a9l86S>4P46l%{2f-_Pdo4sGon_<Og!Rhl$-erku#
zQ`n;3LO_}NMpi)xOW-J<WEKao#zs`*b^fz@Fq<%?Tj5WwJeCai=0&G>98G!7`bN0r
zC*|Yxz2rE@Vls21qsS(XQ@`E!09Kq9UZGKj0*d;=u2)Xoi+Kh1ZZ7)l+CP}*E(Gp>
zhx@H8uw;q};`H*+8NYHzy@i9?feQS!-pYg)xF{B8Tl|GJ41YgxmgF_1XO~%#PB2f(
zhNxecaIB>c)b@sWRI|#Nq%<c@>UFBRA{E-m_k2-E>gwZC(>eJu@Em>2ITKqHXha+5
z!2e%MiNo31L2-JWGOYcxN8PY31=jxOtzZvny=JH3lxeQt1tNzQ|8YlmqQST`)py$#
zl1F2B_6as}$o`VFP$fO`SFb#$Rf6YY$gmw>q<t7mN##%AY&gq=J7?Z)*0t$sT?nFs
z?|hnwWC!|_Gs(OPX;`|+qjopDxt&#X2YK6%LGPmiX!6Fqt%%U*zPKV!Yc))TcNU&v
zQFbXFttrJ#5t;7?_SPT(-1sQh1008rCYVg>iaW1l2yg6&$A&^7nLWETM58<{)<5Vn
z+TMHBF-&)O!m285zwwQQNH<F8S}=c_ZaG2oin-@VuF?bZqVb)k8#8HcA9eX2!aTl%
zQB>6f4BGf^HUn2wecsJiV%^Lh>U=O1K&ck2A}5Y83Yp<k(F&s*{dHgd(^8?pVkdqt
ziA25J>%YB}4-s#h&xV3bky=#SxzdFL@J(5FiLVIh%ft}qG&9d0G}+7Hjz9z8of!sJ
z&tu)63?vzzS@(w`yyd%5+lFc1cTj8FtYw^7#nb$+u>=GogOLE@EwHC2Zt@x9-%0HU
zn&}m+s!BPy(VlZ?UIp~OLR^Cvz~lLHLS7*x6nE4p#kGf-CT~0=`EqvqlRt9T(}a?{
zDalmR`fA8P^O;kYiX*O$6`y8v4RnVU+;@C?oBJ~k-IfU7M96#-IBWLu=p_fBReUOW
z?l~Xq`?X$n2yo#^vKxJDy*R{%zuBUAr=Wl&aK9Nego`sU@HZiX)ut=AK{K`Y=JBCa
z_q^Gaekl<GT)L_(sc~OFc5f3^TrZ8i$q8}EoEHA?Y*;QB1t2>rxm-Te4R`j$$hPa}
zl83$nREC*;(SJ#e`5`jWCWd6Aqb_V*gM<QVi@_zDTF>9wFc?Ez|J4MUes)?CTqEnv
z%cgv@{Q{n?rmPY!qsbCVIbnj-4K7V%sgGNEJeLKT-|v!vI;ru+4BN*Ar^O^>@5U^T
z6<Pc8J96A3eemRIx{9OD7t@_}288&sOdX>CbliVh$^pOghR>VhE4T+{O)#IGcGJ>y
zU)&T3Hp3GYgy1{9gpK-B0o3;A#nqjGJ`~>#JY7A_<W4BeS1lqto%MtYJKB&`smpmf
zYv^D`J_}WAzaanV@mf&+TpqF5A$mOini!eWD=7!Q>=Pi%Td|1Ks(t!K#iHMdj~79w
zMITgux4_=Kew}$|Y{L()X<3#tQpu(CZR?=4efdhP=sWPDUu5TFP4`X^dNI(bv&<K`
zN~Kv}^%2)Ym!E%Oy|9Ly&zHaSS#sfKPtEWSk`bp!<(M1yOZY1qb|$$Qn&ECqcFe|0
zNSG3fr25gHx{)@`QR?K&T~@610SPI0AvSP0-s4bKHt#CWn~l|&^UUk^(z&|;1NS5&
z_QcT49S;Nx{Kz^>5z|nG{WOl{MZ@K%o^!JiZA>i`&N|=#9U&(Sc|X-^xE!Tj<7^dk
zKvo}YV4FUVqi7E*A=_^Ixu9V%+uC}uyGe8RG#ZdPJ%fVHA{6Qc=p7U}9-xEY5jIh6
z)okovuWMNg58jLI;s=EG_4Rb0v%qH-s!slPyAYRV$vCXuS-UEVPxNz||K6|^K4Dz;
z(d1ngo-kLWkAUiq@ZC0K-dT#>u<j(+jBr%8wo^vCsXMp1Mp$G`8&+8$Da6jFOdDE{
zy<tjQBfNdK|BuxP(XinjbMBCXq93B_h3*UVz~CDvr|UP+#d1HIJl$X4@~^zD2qJAy
z8BXBOB4fTg{Ub!Qwve*wOdcv+C$U1aKFU|6lMrrj#Q?2*dE3AtGrrm3<@xTEk}~KN
zyS%S5NFtSsEwFn52^Yw2EzkIqH}d@il4D+f)qLjb5dsz33-xF_>~rWZ+_8g0Dj&s;
z_|zNh>$)rOQp-Z63^y5<YQh8QH~c!hh;DWgHzNw@4}&YW{(Bk(pQcXs5bE+i1uM5)
zCU5XdxEsDci&e9hp&4Z@<zLCR@v+l!%=@CmB<fH4|De4&#e0lA{to42_>?_z5E9m@
z2+PbS=aByc^%lxp!-hweRqJ~&WW<|(n(}ZlRR_o12CZES=YmgYao1+Hj4n1qGA~Hp
zBSc6f<(V>KGsp?_lJeWyXz|iNjM<3fF>%iFZWgtM85x(ONGj#uOwoJ_JIaZuN#*`R
zMt-IlLUXVKIFTYmD?w_{OEGos)BNSl4mP4Ls;8j6%C|(6jU(<=ctp@w*Ajx3gqE-s
z(T1sJS=qbE1<okIJ_|EM&sUy14z(q0iCHHA^_#!gUQX;UFW3I=gQhiA`hI?Y1PO1w
zeZGw(8JVZH$@WNrgU}NK<L>_Q^C;1j9;GWGmWhs~8T;%>VoeM|nR3<ixqB1(Uhdze
zp!eN8)79jbK#N<{+ivW+uNz-U7!`doyd7hsU>Z`M@ke&#{y`olsR#rMPb|LoKC#pT
zzu``op~|?}>9;exlaptQ+XbWXEvp~WG~%aykw(jul_ybRcn!VUeufl{_C>c^H%}UJ
zy49F#)`R>a$0&e1{p%4V`|Bc<>UDwSi078=(-$I~qoUx7S0mCNf9o^c)6F<W0Ic8t
zM$_c6zg|Ay8Cq3-B5;!u=tbr?z{lL2+|*hY;>N=MxzFn9gyL)LQ4so^CwM-y{6z<G
z!_wBuaWdzU61wNQzJX)!ST6}*^5gMX<S5o0rMQY~S`++;tGgU{Hfw75?e=qdYXzmN
znVP`^skV~VO7WL!#d^YytSQ_x+u?3n^hP#p(yP3U`i;hy@HU(GlZZ0KkB@0wyQ?kv
z0-?gK#Efpc&sxWtUkOJkUBPv?t6kDt9^98BzlwM6SPWn1#(R994|SW1-9Ez0Fg=Cp
z3HoZgd)*bRAO9uiB2ABKMv9gT9}N9Q|LS|YN_>KK)Z-8F{457nn#i$kf*dh3u{34s
zn;N=MM^)`u1d(}1EuzW#XIL`>-ZTDm07P@DXVGjfQ0l#p=gAMaU2e;2PWIsf8#yPX
zrwmI%Brgep1J-lMKk##(f6c(X2(6`bMYwCxt!e@c9hGwk`PPs23n&K4c0HEMVQx6W
zMZ0Q@7d5*MX&;08Th)#Ba;Ue@xA_v4BQu2a)Ws?b_E;c8RqJiI$1<_$Ou4ArKkPX)
z3z@^B{IvJAH}>_hUxC7(wfibWJZ<qSeXR(6f6rY}MPpu*Iw~CYP-;YY*d2>%xxVM%
zWK{aby0PijRKitBL6VDsla@HUyi6#-@qJ=vmU6^GjV8!1<)pvoEsj!DfuUw#riUr`
z(*wX)x+~M}m`C38Q)u$5$Cz#J$yGWhU8?3X$3et!9wF0Zu-3D_U-Kj1rU%;dztYQo
zXDTDU%XP%`@dT(Gd7eSfw0#E^eVeJsDitjB6q8-!?S!@Thu|JV*sDv8jJ~)Jea}^u
zk*+iFS*0(cIrU&@2Q>|@Ow5{r+we!%a@6>;=9A6?3~O74(p0TDo6@G!>N5`oqhv~J
z3Qd>|w2wIjF8nJi@bW++bAt9`01n_Kv9`Jvnb*5ksvujo#`A1Qte>g83qPpmAk#(y
zt?w61m%e>=f~(YXyg%~Fl}El35ae@t5Q@>O(~5yY%o}Yolqb??Z1i<?^CtU(%%~Gb
zbrOv2oFioyTcl=O(vf0vBv?|QQBO;VKdE~Rxi_Nz_?NAcv!hpm#Dya(pVha}jl^XS
z%^BUH&u6MNv(3j3r6uiWug!cNm*p)XL%{I11{lrtr>Gyr(nSj^7FE<^okk-PvB{mQ
z6U%ptlGceKHPJDL=eL;72N^nzOLJCr=iQ~wZ9;jZWI&jos^5X}&A`stspx;0HQz2~
z`@S1#emO7C$vJ+MWLnThtzN}eI7MwKjpMVTx+zF5bCeeF5fjUO#U*8{(?cC4CM&@h
z?F=S~lBe5g`F<2uq>CO?E0hLRpVlze3wK}=6+UbkneS?$XRbmc1}0gHZ5iJorG{-0
z9(Qt$(ko}<k*M3fxPt+|qxt=;YBiCSm1l|vAp<wUBKw*#gp~&c!M@W!NoyiQs|h^i
zwYw*rN%TvBo4XKF*3);|ntux46nA+s80`FQDrlnJ(!+EBZWwc7yK7U>Rg{VmhbS?(
zMy*dw4KP=!&Rso(w$d9s;)7Y{=7MEM!?|f$0O`H2NTRIEt>?f0;Qc=Qe9;@VF7xNq
zK0?dK9@~Xi-hR{LqBnZ`)`@RmqyXS8lg*YCn#UZ=9uo$^6tqNHewi^y?t>=hTjVqP
zG4s`BP_DMr3kdD~XOA9&xmtKM29M{MfPCLy51~gAV>fdI*^&_EVO>XDDBB3PsK*^1
zoB4uz@1WplPw7k&tvGFi2TiEXw|Jg2irt9vPb8l+_FJSg1`!p*<JNoEQc*ZNNBUZ5
z!fEE;CsISpeWm9XG&w2R<(ML$Mp#HRCjrV>B~e94uNqrBGsB8%X8Agj8TL=s1?RK1
zF}&ad`#_P~g;|hF|MN%5)|Pn#G0*o9b5Z0zz3Z^!qN3zvy}V6nNcJbyuU7Mp;OG-_
zuq<4B^RSMe8cJ<yNAqljHAgbLg$g&t9O8BR!3PS|k(2yAtv3jF*ifixEB7l#ocHp9
za?b7r0WCx(GxFg#29$N0zKmsS-N_#KHQ8t;+;DR-v<t`{ZMC3fb-Ljf8|SuHlP6hX
z5^XjJg%v*L5iQpzl{F$CUDepzS<}Cxqu+mJ@J6^ZHVe1sBLjC_+>JTL*dtiG?)FNl
zaNOM&*tyhZY1pSRd$zpokM_vmzSfjO4|UnRkzoqmK#Jhk#+Ob}7}*})Jq@F-Yi&A>
zM;bi$;^(*z*YJ9;YrGLb=nZ8znYZNH$N$7V(ii39Y5)NLZ3Bg$J7&}BLbBSmew9Q7
zF&;FzY?3URgQe)v)XZ1ujlndhTz@}olWMgnzPjTnW=#<f{Ih0^@O;LDlyI*HzD5cA
zgP*l<rquv>&~KafbJ=qH@00g}u8Hs5wOLj>^3h#|`S6^^^3D4b{xI>rysh0|U@)iy
zy#>~&&7^_Td+j3y1=*#ftgH<m=&`YT%+#;C0}p=L-)a^fJ!L6C|7yI-;C;+VUmY#^
zN|2Y<k(m;V&9k$<Y{n~NA`b}`kw-EV6Rf_8kDvD%)At585$blZy)|>WR1JHKoaY>~
zXH_US9$TfJ5;uy-pJR$@f9lz_FDUMN52WcG`hX$~4K`wp7VIGR^m@l~NSe<QAYNuh
z^_1dc!SaV`r4;SEmt!sI!ie5URk49rBMary{(g<J@ejE_|9PZ>88{F3B9#Bj)6+;P
zN07|h7nyK=XxwcSGKruSyxFR_5*o^)45FR8R!d2u0JhRR^tu1NP=QfRrKqM|t}aKg
zXST<`%+s|wxagVoBO>3hS$Gu3Ej!<|m)mC^gMQzU4>L>L+N(F;3uGML>V0-$$>AHK
zg>2b$-yDu~EN1D3>UiD*$eoUZa2!_ak*uo^8ejMjhj&{(zIP25cQ1>p45?5vK!}B@
zsoMGy`F(R-Zc&!AOpk$c_GcIOowp<(%cEK$79l4?C%d$kvR^D36%9<7LtQuTTpFM2
ze)dsHV)&Onc)E^65I;*YD`G_#U9ejB?f<8@EhO}5Y~&QnEsOH-LsqByTZ%>_LDqf3
z$TJJ$=VtaO!0+X=f0i(Fk<{^y+=lB`M(c)O56721wasJ)@^Qqq%GJp*MB~33#jL*9
z85#4>4aTlhl)qwA1^gs!e9#GW;`|Y}MW5$mbt`r9UdVfak1o5+UljxJ#`7F5UBpKM
zFQDT#6OZu?)#*31<)e?E0;W17kpMrZmY3e~N=*$s!G|$Ex3=N*Z25d#n^^iHDY;a$
z{EOec%qmKr%Q^Q{>qD7Lc3H(M4e5RyFC`(mfKftnBd_@Sm;QVJ?jLu1$IR!WOihh?
zfxWv%V?CBEJqHYIUq93qL#F51?N@>DIlnd$P4TeVcdw*eQQU?TI2@Wyr-VJ)k5%kV
zN7_!F>k}544%bp%1}^t*)#(rKm&aa_=ll%+=v-w;Yih(w9M$Q&Y|PzRTk)7)VT%uG
z<Fd*6>d8+Cz6}3&nGK;Turv1izDC>?OUg~~r1ojjuOj2ygI<9F1vWqoR!j6-_;gG-
zXRLEABMO_>Y<-5C9^_`8pK1M+di3%FbG~+&ZONQz2eB%g1e@U1G<dz-U7LN#$tvo~
z<tced&Ura<d>x?QRxidcRtxIqvwQi`!L{l;55+7?L%$ez3v(DLrb`s$B;i$z<|Oqf
zVkrizE24FjmX$l3a}@;$^YpwB8#g+*eG`!pgbB7`tx#&nv!+se>AqXuVLAON$6xfG
zJ~o9W#zZxDti6nFdq5uV7h@YoUIx^rQ=6h?;`>NtGJqw7vv*3O!jW=0DeOqfQ4|nF
zx#nN-cp$<l+zkAjs~-0!rqqz53jgt72FHXBO08$4OZIYwe2v?cZFd;^M%Zj8q{Q)j
zZ2!NhOoSMvUXY4r<W&*M*#WBGu9Z<Ah?Weuw3L^b`Jr!IKkhF1M=;d7kB|Um1Z@YJ
zAG@udS5xqzNw}4KuD#_p*ycss>!No~N~xk!B%4p>h2Fa2ypD++*Uc;j6MgJg7jjI*
zjd*htuB%CsG}Q>oBGHY+=cUt0k&Why%OH0%88o-SW`}q0ez8-p)@wO_&!5`<gey3|
zaCKvNsu7SBCVP$m|L2Tx`^_du<}cjMKuZ!uTeKz`{i=6%8ck(Stwbok<A|Y*ZgLiO
zx230jc^y8hdr+k>MBL}HzkY_Me!l}BfRQaZOG)BCw!Odgb;FzMY<vtB>df*H+Dlr&
z^ST+ay9V}oKcBucCYUo6FDLZQ6C9`N$EO^O4pCNvL1f9gr?XzZ_Dp@EC%C<D<~K|$
z_g3M})%w+BC!(A<7qJ!SVqb40kc~C3>uB_Kgn9R<1h(d&@t;=<89;+4@2Vve^YlTV
zHPBX9fu`hRtm4ssfEF^R(v}c;O*oIwQ<%}6tyCpPDp&ec*8!=fW3(<$8ln09>0(xF
z%4}hdS+GF&cKU@K*w4iSf}|@Lp(sA^v9U8yJjFzwK2}bJhexB10n;i5FIPL2G|)RA
zR5ZHvFo9DzAj3nCJB2`V?wZzpJD;IC=)-)@`-)e=ADhbvsF3@Fr_fL?Gkq2eEE&u^
z>Bbk^?jl|W;Qm%pr#C7~3QcTd&^bR;JB%hz)?1TeUXk^kY+UKqIRJ6>X!)Lg7RdJo
z35~RQm+sOhn=HJA1UNhrvoqleI?@QEHKGH)U=y|&%{v1+QAd4AuncrZ?IZFWem}$=
z41E<YNoY*)qF)r<e~%NeY<Yc=+tJ1GM!^~~=y_E%A9ee>iFUcNUWBAJwA!Xz$Jk@7
zBK=E~fYdkHjN*w!+4g`E=PRLrv5AV|;*hqg(|ZT+>1q}|>#;7?o;;OytvSvdsgEG2
zO`MuaNv{}~+at8s1Zh4ydbfJlVV)*IR9vBe7Oiovjxjb@yEwyhyB@(44KgW@n1D6<
z*m^|%5%4oFkF_wZK6W}dTsv|i7FecuJShId@;Y5V%5dlP&t6Fo+DbtJ;?Kux#yswr
z*@hfD4Lzt&8{~rILh)2*YMv_=z|58n8-L;r4t?XdOuqW$$q6q#(I}=S*3gu_KTIP@
zfSrje71_Gr?#80=wu2AdJ4W`Ik^Q|nCgb?~>&WxRGEd@CbVnUL<;Y1Gg|(BMX5^yt
z4W>0e>3cPtpTUP>HX7`(7=vUQ@+7BVsiuvMg_R$8<@WtsjPhm_|A;<8*N1SoYkfsD
z;&p;)98X@1A;@ks>fD<}?f0k`jv}b-#2(FIPhS*2>|}pCZA`-5F8~U%8)<wAJRp|!
zcrt3A5FR8HK4lcg>bpvW5FL;oROoi&_TF`M#Dqtm|K**#5}|9q?NYRU2O_IZ+#%3y
z;gJ#4fM>&PGqU_icM3U>28t?)&Dxva6JBBU3jF(TW3R+<4D<+^M#pryE8JO%@@@@2
z*sc8ZXSuBq6^$dk5f((Vt;7>oAhW9+%rDe1GJXAc$BF5|7QgMWr!j@;S*iu<Fj9ZJ
zx|SM!Bqd?EIz5W|y9<BwDA=GqFz#|6b*k5dD<F^g^pS;_9t!?RNfz1h>q)~55M1XS
ze`U`r#P&`Mw~v!k{*NDV+Om27mA5&jB+SdGj~prX_UFe-K|2+^)y_5)-Cs$OQ0J&M
zttM{ka%zP|FAm0Yn&{H;A8s>q0dFgdy&RY#cVJyVyJVhnyKvn114pd^yfYoXA}og&
zV<t1#{R}(JcDAsUHHzFy?%(?rb>r<pgrb^b`Xo9u=D%(J_`I2=VCfFhOU-)zA!X39
z*Gdz9;nZWZ=d6aE8;^1`Ohz73RMb~yttjaDA><~Hn|MA|Ie5f+$)cwRsE`Ucn$4uR
z6lAIro?>Ds?V4MvyBH`x<+BqHMx${F|KJKQ1NpI#5?5e!{p_x}+|128jCqPe3Eu46
zIrwUj6d-+3nS0@Nx%arfbLc<98Z9B3-#RGPI6y;vaiS`CJ~>u$r|dg8_y8zM+DMv7
zBf{AWa~h3Q+EN?s3IoE-Zg^Mj9$M|2nO1)WvUBM?PMTw&+pA&2?njQyxsJC}n8#QY
z#j4m?b?jZs2j|w{#BTB@!AGG|rTX6?9$8ruNY~F+k5q|U;t!L;)A(ktm_H0U;`emI
z{W(X1Lb#iq?TP-lU8`?wQ;8aW)|d+SjNE#JONC~DpM~|?%(-5fZFsCar*f0vc_eeP
zL;K83&DH3Wl#~I(@X$Q}cS)+sVP$JeJs-eo)xhNs{R=&xd>RC?TXrzPyzitaC}ING
zR|g-ijVXj2&HNa*v3xx?v%;7P(r^M2Eq-`df~ZLOa60`od5zgehT&l}XC+D+KJ`Sm
zETCQx@vd9>fws_^VqOo{f+AR);ONU(3zlP@YUe`b$Jijqa&CpDyZeQK4v_EDy__DR
z`5qjDQKwr#wWEH%t=Gm#$+@-=ed&2e^EeP+8m&zCM^P?XDy!{Nav!@b@=u$=hZ6yn
zKqW;xNq|C!z$r!W8?=GK#7}Lt4CHnr$DwTiDXOrgCj*@3n=L_x%GPCrav{F;P4%XY
zC32v<fv4FvhtAid3mQy_K&L#c3#vS$R!aP(^TAY3vl^eikNYryPBS)Ed@+xS29Up)
zEO{))DC|M0wLbb{Ut1^OYXqeot!Q^*msTERyG}aUKRyd)YOJf5;kkU?j-+ru-NPHc
z*Uvs+F+rDm_NKNyMi(GmP#{}9RK{R$yVdLJQN^3nJUfwm3)c%JVWf$>>_r7NUlD~2
zZC7MQwhi(xvv(jZS)`Jf-7ChzniW<Li-M%;%!{k7!(x&QrXd;e18uI$f~oiRay1=8
zd$)a#B;cQVOBNjF`9Alzb<Ds!|IkGmyv%noB}~bC15W%K$*ebJpdH>NWDZyxP)(uP
zPQ<6N`_8Osqi1B{?rBiB90J~opTEc!*(W$I%~Jn--TAcAey8t5Ae6T9GbEm$%)^`x
z*85m$hL>uq3w)n|-*;4J({gy!BmAX|pEAtI@O~H6u!ys{7ukM`rD_8msP%R+QEY4D
zz~_z3p<z@lec^HUKESyq^B<!N=ddkUMtm#=q)g&|Eo!q+M(gGAwjMATm65k(Dss}1
zKNMjvtnr*=X8^q23ZJ0jRrYnZ$Q|TO**kduEPB3fI7-|r17i!KU@YzicLemW-&6Ud
z-A<e9@O%+{#+#^r2mfXrw8R%C?g=b$x*ZSdkxL2T<85)$O-sZJS91QA2(OxeA}{Xd
z@RR+{>{*_kROe{lCh)bdZ&Gt}@^V1L*XWLkWNT@J)N-J0$$b6SWLA~6;_Zir=+*@}
zqTM(oB(5F6{`>PcEw@_AH;e^0;LGs2qaY}Yq6nlY%)M4mM)nPxuD9pyqj}C8dnKo0
zBikt?dqAdP$ADMLJz=o6RLc-V%oKL<BlE+*a>flBjw`lIg^ipb@ESWO#pFgG)eL7+
zOks25ek-%UDQg)A=Q*G_%A?3ipqEXd=J}Kikw-nkTi-2qjmU$ls|7)oBL%18vn~2i
zS`1~s(|3Ni43?DT^#nLV)<%aNRoLaVQM8@&n>GhKYmd`3m7~0E1&I`V-=#5DjU?V|
zf((0V;k6Yy!!87hJQBV~&xabvgC(%wy~bS4WEx_fuhdd#Qc`||4Hyg(#fC3omu2H$
zWaF3Jl)ro)qKXZ;cCG27@c0~yffeBQIMwrgv_dqVNG2IlUN2*W`_y}snBBteLmvqe
z110Ik^V_0wlgd)0Wb}FNN<V|2!5=q|Foe}fq>jB>*eCZ%y>5Pvp<*9z-<2dGw9#?{
z5;GkV)rT$^skW(@yoljbD-<=>Q6mU(Zlfp7?q(jQFtEUVMLTMx4oQ59_)h<rM6?6-
zc#zYjqxctizJpUPQ9m^qqS&~>*f!Y2;~3~GFrMeK(L!UB_H)$J33?TI_03X=IdXdv
zBZ?(<D9Kfz_r^x~*<4AISf4D#;p*E;rrfjMh%4V$VL~p}oicpdWKN#HJIxnNa|=_c
zQXxbKlX?|LHWBrdJyoq<s8DG6#A86i;f6e*z9G28NVrZ&<ZutHcAQ0!sLH!(E`&)<
zun}C-ceQL@J~(xdU$H&0plk|6Y5lKt<C`sQY5o)7NKpi_)v4d;7G6XHu~WKKkthJM
zG|dp%%;=7SPzqMa=f6&-&`Zn|8!oh7k_rFisZ5lmR%1SlUw4FL5~VseNMPJpA2{Vv
z7GRJCAy5t3VcW1yF($EScLazGcCov6=zjtqPKi~Rfsu@4|F-GXWn)q{`aRgol!4)h
z1SF1@xmQV5#Ax{NNeb2h1s}Eov5`JhDX921re4kD=X4{g#BF|2e0bEx4gSl8Q6qdi
zLw@Hi|Hq=6C$71+fhFpXq}eDOHSa6Px2e2S$#&?Uy-mN9<k{bAwr!Bsq2!A{+NQ|1
zIV3a$GWnnuLvHtx`dRX<bEn}V_3=fwt@f(;04FnWo3<+-1395m3HFo9L6s6wS72X)
za4K>SpX99oQp9F-+3nD8(mpaRsjxk)a_DuLkF6cu>LrOF)=iI_j$>z~Q-5BU(3V08
zHo%_Wt7i?OYe|U=OtPQ27k^)S%#-Bl!iNA3Eixp?ooHg)%?ue5&5$mk3xu=i1!o@H
zK>_)l+UY2-S_%{UqB0Lso<gz-yZMTmq~?pXA6mtu#HKW!D)Nhspc=+@vq@_<)7q>B
z`lmt{N@zJo#a6bZwFQ^o+n915QRI@HZ%HCdYbFsR^WYB$w?6=p5;|M|S!IR=I1F?6
z;Adyx+#2u1`@CX0BD7#BAO$sofhHHC1v5>dF1lO00{R_@PqK$bp<SY0NS(CQB-;(K
zhw{EzG&q!3P{yS$*FAO<b7JW3>F|r^UuF$f-H=}PxHd2cQAXli|E-F&&Vcshqw0MD
zxHBGh;qLcYF$pWSVb}N`P4bs-)l(-!5YW#^@5q@s-l*vCr>sJMP=?YNB!qi#mA~9O
z*%`yQ)4EetGQvspe)vEGQO33lQc$(Sk+}cmVInBhk_&K@J*uWJ=*PP?me%T2eT7W?
zTgH3%s_noO|HO3k<sS?buvD@*6i%}=fUwDIv_`bMqyremj-ESJv7&cbCtb6Ayn<(2
zJ<-VpAJKJ}0u;9k2(bv}C|~6hXLEPz=;<me;kT`bA3s!!PTMFT>#=OCfMvuE73kuG
zYKoRXaKrqCRD2(3OfV`NSkX>Cy1yN5B`oMqxb5-m*sdE3h~D+X8j%^X>z4Vx%kI(G
z+LmywCuq^K*z*X>uI6aL5bP0TZ;?Vp?!7alY4^xJO4*EH#rpTPe)8b6MRq+G2@Yef
zywj)Djl0MX(apPu{}y~)6Pwnx-GoFOHQ8=IHhrFR+6nz!0=fD#+*6xK=K?VikKP?K
zWZD`^O}G??CH}+t;J^EH|A$aaca3q~`yVhd&tlKKX6_%z7+si|_kZUIy#CEhm@fjg
zj=BF|L8Aw_ULG<s9^^kvSGR4nI>UP7_ZpjM6S6KGKgxb#^<Y>niA(v_pV6TZ3Nn{k
zh2FUR&N6xB-JxaOiu)szF<_SWn$N1pn@|+LX4laAne{4u@1dy=mzoI<&9~TQ)jo2d
zxhH|=3o7tbzA$k6RaX_*DR8rFr-Hu8#IY&s5}zT?Gp0iFneVka_;$1ZmcS;@sB8dx
zJqOlJoq<<npy7RIu!MZ;=2f_$Voa|&c78h-fytTNw;m}o8lK+k>A)@-w{L-zLd}J@
ztdKLkkb^c)lTUx7yt3Rm*s4|?I_{1iIywow)6RFccY}Af4*bu~h@OrH0^yv5;GV<|
zks`fd&9J7utH0ZwG_16z*Yh|1_E(V?ZxE#uhy&xq4kv;`VZO)dXFxY~RrzyWwQX02
zg87T_r_$Bz@Etd7{`)WTUG2^qcrQ-AW{|s=Bw*^6{trUGHsM&K%4TFYg&2v`qb(%_
z&(Y(?g1t)<FEJ9w1fj~-lZZj_o<{NwoyQT=)xr8qBZMjBrG|LL{&c<i=Pmc+z~Ul_
z-tsbbPwT@o^&v7DXZGk>kQs}@4<8=BE|fmItPnf96BI9$EJTr5b82BlCiiN`AM7W=
z%okwb7<)Y;i^@;od;!Jm1{0QJCfPHyFw3RhzkIGpRrD#u4jMu;7Axvax2OIOPy9K4
zV>tG~{V>k{xXlao0aW{zVyZI~el5HSCw<&}k^Pfa{v+*Mk{b*n72F=P27GnrU!r24
zUU8O_-`<sx`5H5eoBrA0ONVtbB&sGGV5ak%QD>)pIUyN}vHPrW!?RBzDN+Z9*9vk8
zQZSy9_YbrqBQ(ykaJcZmpx%!kbxv?R7u@bFjT#RoeoG4GgC*16-!r*DMx=ZAsAkxm
zfV3SZK;vBA?n|dRef7Jj^ZqZ)9?~EYA<_*dfW1*?qPh^N1?hFli7_rxpXZj5*g4`*
z#d=9QIN7eK>oBtKyv?2J*vuQfSs=B$K_SeqiU>C%@jZ>jXO*-;)_W4^1u(~u9?-Tv
z&D->zY~eO7HrAi}(y`@S8|<ymyxz@^uIx)A+-Oo=L}U2$OAfa=pT>gZ#8#7M=Q%t7
zmodctX|K<_HN<|nhD@+$<zg9Obe{e|`-ws)sJ2KdgW`2@9E^ws7@9+Qk6E=)$I_zK
z`(D<(d!KZ@h8(OTwyBKTukYd>q|=z;A&YCdt2C7B8|IdEo}uiEN{cexB@a9~Y1yp4
zP5|AGYR0xU;#J3|YK1+)nzwVE4N`qx*5A#pJdMdmJIuHbkBAfonM@#0%u5w6y0rs)
zTPBUDtc)%dhm3o&>Wu~MZN#HQWuNpWlRGCVlP%C3hx><WeZXw6d3IRSF|QE1<YHiO
z3fFeCcQV4^h<xBu=Z5s2=py<Y_A*-*3u+>?8x~zwmHi>pbGv%ERsF;=iWxEkNEV4Z
zlhjgHED6dt%eMh5<z+J8$^xU$KEeJH@m9cVerQG6osxrZc?)uSz!H4!^}{O2AMA*V
z;ag6eu&^C>uI}%|+jSGJ>8=r&p1<6y?wyvtDH>7=_UsGzN~*B{d=+#s$;!uk{qXek
zX3(q7w-01v&EEh<Equi6FXB+=CurvVnu*wPD2P7pgk(<*vbDH<bj?piwx<L9Wt4*H
zKd(ONWo?W`yhPSaG+R33g-!`9B`d{P5?3z^8@c1{X5$3?{cMJ@zaAyg>KLD-8Ifww
z3v#qIgDwD2G0CP@M3>JOW8rdkwOcat^ozJn;AoNHCfwx%6M}KN)Olu9uR%-uv2DID
zk{*ULrf8rR11+=T!3uFC!482Uw>~*fBOiWG1N@^2Lns^c*%Sjqq&XXRh&agNS+qLa
zMp;L>=ffO{lca<J%aCw+9qY}+ch)N7dk^ZE6Y{_%fOBt}AW{uP5*}>pJD;W+a3XN&
zFtY8Q+=IT<w6`8}*}A#el|wWoh$<|-B;9D@k}6z+YZ{9xB^QUDVCWsE_bXO8`RC&8
z0y-`mJ3Z=BU0ODgF3gGtNX(}sekQ<4Fm<LK6_H0hk$n%k?b7`gJmbDZ2?(|)p&T3A
z&z)T8a$K5USkIAh2)}X&EsMpq2FheDaH3{l;gw$bm>27CeEFn(yS<U1G*RtV-xqD>
z{I>;3bOD>0&#{<@S0TdWm3srSQ}Skt@8utjCpoI%>i&#4P5t|1O>VPpZWr~ni~xLs
zAL#Um(zDWs<z-x6jn#47v`6P}M*BWjy&gr)W`w<cy{I0mNg=9dIA^1jve7sxFSi=`
zU#2Q1;J(#B8KaLTc<ZR(ElkNM!M<eX`1;v6d1kYmBEa6Y8t!4}AO3OZaUuFfpHg__
zMcC~dswn**?F5TA{X{$Nhm=Q1goN75TtWnd=k8LCOQ9?8QL&u6Jg$huo}mtxn&hei
zEIQdG2^q7jc<@N8Y7;M(Ld;kgUKUCjuZe+N_Qz!y`vmJODLL`l($w3q8^T<5fZkp6
zf)V=C`CW_1MXUebH|8Z>wGX3bxZpSHD12T(BRk6y5`bWC`*i7F-7H>1<8U+ggK^aI
zwe)DJ^0N~&ID!mAl6Xm&x$fOW*J<kDr759slfB-nyB%2Wyst7(P7z^}K09o;>(A!h
z2E<LmaN-;yJvkd5W8TNx4P^|KS`Q2`C^i-@NRRI3JMDD)4k~nH3D=(=L5Z4RAI`iC
zVog|(qTnhw!@}sxd9s|ID$5#V|2ceF`#m^f=d{Pe7`5kA-k^1gBZHR(8RfF<hx$r*
zT2J>6Ip&Pfdf^3ie?r#7$cdGA=g+=bjJZB?b}zj#&DQSuT0mKrVo|Cw-s?f_fW4ZO
zl)Q9BOW>;Q?()Y0A@tu!HH?r;d1hQfbg5Cdm@U#Va2Hb{ceqb&^a<Y3{ocgoC$_AU
zgN;G<?_1RX_~JQ>P^tg}@|K71l7lrYta+0lCJ1NcU5$9VCS<E2p8#8TIr;=YG7Flb
zW;4W{iJL&V<f?D@rgHCTV{g}Al4L^=ShRS#><+%v{;<TIw6`O+=hA&|ebxolo2^?T
zH6O-SxPk+HM1iA$>}f`a=1R<x&KG@{TLPc^=ZIVD7$%rP1Ge)l)KjHgNV`NfDGo!Q
z>jQuG9kJ_%Qk_{8UZ?A7MJr|cuz^<5DMt<mF7t?EnFS-q_HF`s70*2t;+R1e$0rpR
z^V14n%OHSjc^Vo%s;S4#fr|B)x`(iHGOI35;eukPlZL2Ii9Zy!*E?+G@N_jZW7t>;
zuP~f)UU;d(Aqy}8<SnNxE_An_TtFPYGywg3K&gt>u@_%gzEkb9vn&gOK9s%VrWtA>
z^pE&{!Gx7_3eW}ZW<@wK95NF+cl|bZW70?qJxi^G0?;TDr*{6mtQuTZ*q6gSqgNbH
z-j{FE@Y%~Dyvy#6LYGEpdr(u5Bi4|j;%{Nh6e+sz*~<Asg$D5hwe#n_kXpGM1N)_B
zX>W;~Y%c0|(bk<sM8e^aXRj0&RoRitBA2cLq`-^qTD&X$j1GGdvtT9AbKr9I6D+{}
z?vdusR9#4IZCO#C4sNidH!kpTX=>gM3L>x_2nfn#rbwc-CE*_QGEDt}HoK^eQsUgP
zm=?w@SH#y&mH|w|Q<>dp$K(ptxOk)|2$kABGZ>4g&9iI*a-9mb*79Q6*ZL*<+&;Vb
zj8`eXp?ExG8{OUJbudmW4MX_Pr{3Tpg0Qjras}_*{lo}(l%`4Dj};n^VuqDxX|d0A
zlZ!#*!oq}P&333f1u2^a*;DqqRi8nQ>`Nh{4v+Vl8lhP39wz*7Ifk1xf&a3)Y#Eqk
zNeYnqXpFMM!_u|1Vh02*RN881jDzi=WMQx!#kt$iXd850?aTmfj@{_nE6$aCX+^R&
zJ33|A(tn8o-Y^A8^bkzEduV|mHhb!QEObTb8Up>gwgwcR5uw}RJ544EhXdfXRZbIS
zUY~`sGQ)3qO>=`iIz(|&m#6gP``1njmHvLvX-IkdXvwqGV)UDnpth>c;*IZ6$0AhJ
zAQ^Gdc410Pk%5QqCE#n8u8tWciV_naPGnc!oP&+I4a#B!y5D!RghyS7f5BY8Cv$52
zlzqYpr4~rp8+WK$1VeH0k8iCcrE+m491c1}Js)i~+=kwi3#tV^FYMe|Dq!;g7pQ{`
zo3Br)=KF<`Uef0UiLjxh*m^hj&t?)mk(ZK0eK)GJbMbqn%ptE|Z(763rw3%la>-2A
zgg9tpy5+^vwvIwB1sJ#F53eZEiXjlpqNuM~l<nv933>lIg2DgT+>#+4UWKT>U%31i
z%kq6g!bL`pf<5NvPFd_A@7)c!(~&F5-$x+KZD{$2N|2(vu39*+?WrX@N%G2c*!9)l
zBP)(`%%wl6lAG<g0>$hvJ25(Kv}Ng_wFK(r3#z@28F*xT7l*g6gj-BVrF-h-kTgGf
ztRBq1d}^!ClPcLH>C*b$Ua<C<33*@hM?U1+@jKyRCv!d5_Z=HVz!cau093UNy1&=Q
z@$G1!{1fKo&{kw1-1FitrbmK4OQcA%G2pc6;J<f;2nyk|fBmQ<N29)*o&l3ELLIX2
z)|jj(T~s?JJ+PT@tV}Er?cwKH|KgAcX>PALXsBT{?^?T^rP#?V7t-;+^hEwanoiF)
z%O`#2XXlD9d5xw*OP2I8ypCc?I`)uoYoj%K!957KJSZ9y#hdtHQtT4TzKfHvccU$(
z$&i!zzEyW^v_5L)3DjUlN1^A6Hv|lLu4ci#Ws=+NHC8hY2(a9LCLb*mxAkDgI%fVx
zi-`#=F=NXVgZ3A-cc4#shLu8c5&*hJPIX$!3e072SA~31H~iv=>FP*YA8oY9e=M{?
zU$S-E-3(P$>VkWM?#1BsQ|mENnc)begXEbeb7SMgAG>NlG)iwRfRetEQ4=NYFUh?A
zWvIlu0tpEfFO!s#3}%OBN(kJK55tY2Pt=n^%n<40d>8H<2Bv5g%Ix}^A*YL;qXV3o
zoKRfEFEi)fqq5iu`i3qlt!E%t+iBK9U%fM+dMLLITFsD@Me&Hrq<(IKj<abI`%qQ1
z38r}a9c)X18{{@y)D?d~Hd>Jzpc0Z%1UGt~_>?#^O_PSK$g@-vYG^Uui%^d^udB(J
z7qTk{M$Y}S>?st!r?fSp?A_#=b8&TB&Kl}S^;GWG)oswHV9+Ta{p-^o39p2)0xe{`
zj2$)|3&ZLd>oBsJgaXfiGF5y(0x#)wQm(Q4j;vF7I|RWi<$ik$Yg0jo{{MO2&&5WE
zoQ16EqYSk`d>+aAb_hHrXJEYw`NBp>I`JRRg0N5bV}ssf&ckayZP>(q^85z)*BMmz
zG`MHl`&vk!wd8P?USHiIOitHZMrP%e5aqB+s_lR~q%_Low#}#5d~Zf3$JhrB<N3`Q
z(n8pNt{gdSzWaJmUP*L*$A3IV*E7X6Ke|h#)lP%0=vyC)>y8|jb`_65%l6Ap@m~R}
z`T0aoaf>fwt25m2ie|_m(UA6;VQ<WlL;(eeCEA|3L9#C1(@XBOwi2z*dJxH(Hn(}5
zrqS(mTsU^SwX`7kLq)X;Y)ZTu2rZkb2-Y?KUE?enNI9yA)@4Ele~<SC=P(2>r-13T
zE}QIc?Q`GY8*==!u+|QtaBL6VQ$A(zgkmL}JI}CY<J;SYW|;`j|1g`CJrTSyv651r
zGZIM+T(A+Ju8MG{@9(4Yh&-zl_0qy;q#{339_L`FX?~M66<i@Zv0pLsvR^l+hrO6_
z7hZ2_e7#l7H(<Z!JO-&nGCv|5uHjy6RzJ8<x>>IiF0=qf!QIf|KikT^CQsAfS9U-t
zu0<ko(m9>m6E5?qI>FaubKTosb0sq|)1t7EiY{@Izp7Bhn{nx9;|nFw;LU29Y8a#N
zVo2UGd`Ng9Dn9ew$Mp3m^hf0N7`ucG#WA1BvL*YayU{~3rE2V<%d*6p&zGt=@L$YB
z&Guf%LeDRB{Kzezr{^%uR%@UqT7hn}rsLAq-ToSS{3^^)x5;yu`hdo;)3t^#(DwEC
zjjv%UoUlm$9j2{Dje?|<)gq=1;|<h%mVzNLyDam7Kauunm9{riS5i>$E2DApq;{fJ
zEwmZ^pn?BqeQYeNnLt}Tf(~%T2HwXJXKd8aEP#ikW%-0jWA9|@^0VQYxnA#i*zu?8
zs>CX@^BB{EMK#upOLI|2<8?g2)W*x%>NCBU)6(M@igFh^*2dHu#@0if1>AB`o9{hE
z=|KzR*4yH2@7-#e`UKZ#^Ku&BW}K4vM~KmBIS%XKFeaC@{lS`Lwno>yG3l7W6BGtm
z@lBQK_&Di#N^KA+4*g;PY)nOwTI^Tb^j2@=Gr1%y$DAI=wh~YX*{<B~23K$HzND@K
zh|JtB&7RXY`gy)@V3@H6(#ZN+uMIAGCi$br$|ct!hZzY;*lyK0GA+s*ZT{zws}B29
zEF-t*kBg8Pvli(VwAv@8rB0>DGIy;{;WW*dT8P(;u(Q~1u5LFmgt*p0cz8%6xJX2M
zS0)Qdrx;ZzWhu!E-$a;|iHD!?ASzW;uO?lO|9E{YZzJE>+6ZI?vIj!4EU|B5iKI!>
zs;(mPsa!DfQOwNDqF61yl+@EQ0X8@yRXSr<`xy+g7%+Ef?kBwx&XXZpG<`MN#R8T3
zD~>~?Y}XqzZv<sEd14}R{q1u>Zwa23d0h=Yw{KM09Y*<n5VEu;>F3jPNJaJsOWgR8
zgba+1DsbC0CWcXzGXP%IRA#8-{3L#`9*_oNH*V9UY;JEGhwZ{78*{)^p(ZQaUUl{K
zk1~roYCQ^}SAkbmU^A2hv*bNKGQHYv7XgWSvs6H1esbxKwg6X6ED+hajia;8a@VHM
zJHps#+xULrTZg*ilebV2;8f4MpGz&RioB_T+Mhc8n6t%rnR%JKi;E>msTi^Om3p;1
zD5L>zmINc_vakM&-?Cy}qj2=SIf>yAc2aIKa<!#+fK4^99Slog<i#cdpu~UN_Ae@Q
zgQbhLl*SqlpA<D!z|fbfDkn&kj?1_P#(F@N?ktqM9%fcOi2BOZzg%C)7xEPj$#CY^
z2p!w3^J}PY5ky8RjUIb0Fekz<>yD#JI2|#dCXyCywF3<)VCO=U0$J>V1T^JNFetPx
zFNhp;Ts~d8!repTFyQ}j*-1@m`KC`u6}DAPHd)o^xLOTz9JQ0%0(J?>u7ffXv`tCQ
zIP7ZcdfznVY)uS%1fC`jDxPYW?(iv>aa;RoT3{w*Fv`<NO^vQgn~U+SJMIG|CUHro
zg*7}1ED>94&9=Vv%D-wH#TpT4Nx#!^a@2Gi-=b^~mT`=SL5g*FpWN&2J?lT$VW8|W
z|J%mW7xQk|%aP_ZZ+-S3EE|;7NZv;7(LEsE)7eGQXxX`qBX%YuKhGV#PqAHoRlrUC
z#gM4K*EmaYCW5wK#sF9~c+24_HP=y#<fa^+4JzW)`C{ip^udZ1kVv#`_%v>Xe&yIT
zCiVS-3lP}X8fD*yOX?sX=*#T^p-UE?h5$;$6B@T{fryDh43M9QIwVe&r})D<)h_Tg
zZN%O2Kxro++=a3WqAD)STs4`8j$m8aHXTt(2Bhe()@87}b@42pPpTcu?F4_uP5H~9
zHp83C3NUbK5g%kUS^v+&U5_gHc&x|cD$Yd4nY(@W-(CUbgJC}d^aT3vl~AVb+Q{A!
zrjig`0JF<2M@0~--riOqs}1Q_*zf$26L6LYT{5kPs-A)<-hKh&q(-u5WHDfn;b^=-
zFT6C$65EO2l|v*gUMOLu;Tms$RirdiRiltmc9(KO7W2}moxvEyfxXLJm<RaIU`c$N
z;%uzrTT6>RSEI|@-nsPUKkIB-ugi;4rsu(Yrh~ykkN`=_6&kz_TTd?~py_`R_m9za
zzF+t++BQ~W8*P#XD=W6mCTVQjUQuJ)jcqozZQHhuz54zA_jz^38Rx|wW4}$FWF^n7
zdChsv&kc}z{$^7jFv~KWX&`&O`%VgO09Ec{PA*JEpGm|=+{1~`^0rZN(o$+&GEvUk
z4kgV#oLoX?K{OB%TAcrb-gXPOGP^c5G;4)%zyR8h*bY&j-9hfMd)l5hz?tE|A?JM3
zEnl_h<g8m<v|l&*2v!<!J|;R9j49bMoB6_Kl7VlZ;&%|$h8Yp8tTwDd>CP4IZjHd3
zp6=g?f?d#6gKG5q&jdNOxt35E8V4mR`A`@Zzjzwk030%-CCCn{f{^Ho3!d172k3X8
z4_Cj-y`UGzn$rk+Qdh?ow=GM+)Ob78ikUd5g<Tg^Nzy7&sU6NWH$c{HT;wJ`RI%;0
zZ~Baze~Z1MT#=omTuob`{|>K~@arIv)?q{yJ9#l9oY4{Xy7vk=?3@~X7{xUa-W~l>
z)?J>K>ufw<MOENWSHK&<ND>@e?eQc3v*CzW<M|cRF+u9vD^_cBbbnk;s5icoEJL{v
z2WBvQj@^%)bWiiKW*0bHewGPjGlY@s9A3PQCzUZF1-9bcC(W5!WZLmRtiI@ZE3bR1
zo->~`9h}7|oG$wb4_x}kS71nP>y6AAIBy`6_6#A^5-}%)dKFuZ3@$yJSkM*CD9U&=
zO=}X3;!9F;aNVaR8M6Gio{_%xyv1>nt}a03-<tDfi`@>^j*B0k`n6EH2p*8A7^%|o
zMTfmioc>1T&K{Va&KMc$3V0%7BZJ(p{u8Hd1LC~W^4QwbFC8`}f%c2n0(-E-u<tv=
zA;a-8B;~8c=qbOZAb9zFN9+JJRZs>hP+g=fA(`0fdmbDx@5awjk;>*^Kb)Tu)fN%X
zp`H7UMCu(ycmn^#%|(y5OTG$!!kR|tcuhYub$gS3^lv6@Dw17GTWnGxvBq8aEYCYW
zxTfMi;j+7v`qUPKvKJC{jw@&|AW$yZ-p&ejF?Q-J94L3ZALR##P>h?lTYM+BnHZS-
zdMj&|HpWE`A2oIw`fkU2IK=Kr=6T7DR3-P%d5gfwlunW$dp#l@<XaaJC<NJdY0dNH
zCx4XLUbeo6+lFp$pR3+yBzzXOYd)a(I}`A$2{M8ZS>I_zwY;m544!t{0=mO^a95|R
z&h0V&sB^9S7v^-Qb-NdSX*{$*JvgsR1Y7yII@rHHOnmOsQXoAeJY!_UF4{=0rWE^w
z5reDgYm8aLUz^3mU$ZZJBo4c-Z*`l3oUeOmFie{ew`qy~=JmASMW<f$Ld174&Obif
zFE}eWs$brqlh3&(dNt|(#92KI@%EA;zCAoF4^Ka31cjbfPD$(ZCxk~WG5>mYxf^he
zj9D=LzTI#0wWf96wyL3fUMz?#v45`MU_f`T>q~r9yVvd4hka!|NT_YFX)L<8_Tu%J
zfw!Fu6`~ntlm324#1o=e{`6P<o=6+S)fo|}T=LCZpp|v68Wp#v97^;|7mx3Bs52j;
z=d#Bu!+`cihM2f>+pW!Z|M$<duCq{qnB=!DUJC4AJ@fNK=<bmE`)a^O8-=oF`RVJ|
znEmT)(uQ+!I8nYfRErB7{|xS^Uf5syHlpL6)H5}nPhc-MH$4HmUj~7RJ>6S*U9oxo
z&J=N^o^H@5L+ly$oX0a+nqCf1GBZc4>Wckg@xZbm&3^om8_%nE1?D|vT^nP}FFXX*
zE<v?n5zVvq1fq86Q--ZA*hKtWNe3mF`}gO^L23})S4*sTu;B(I8I5J?L#vlPU1+x<
z_age(eDmoqhClxTTrNh1q!b}|+ua$S`=7J8PGYqr{TAjw+fA)Eemqkko^KYM!(sRd
z<eT&d?DX4u^afrTf0zK<Y@D%l7c_Qa27!Dpr|jH(4K0i{v@uGbn}o>*7ZWfsaA9Cf
z(+)6{^sjoz=N4P5<QPi+lvPEDHqUC&C&0&+*GA}B4)Xjs#(5F52016)@FRG&WS?F1
zA9R`(RSdMG{++!B5z988N8aNIS#$`NnSLD>&9H;v$R->tRv=Gnk8U1Osp!L;=3Gw{
zjf&IT?$)%+tHKIfxPh##HRm8w3^k{=mBs0fvl!b#^JpQ5S>Y(I-1+_W#<>@ln-qCp
zNq_2G@N}3;48G44so@ACcJULNlflaQsQqb{l9xx0p<3kh$^DIk^4|IwV?O4bE>jyD
z9C_(GqmLBm4zcB&fs!Z#VTQ`X4kH_%kL&lBK$RoA4$PHpkI>f!j7?bq>)U55;Le#=
zQ5Izbpc1}~jGG~ta)%KVxp6+cL!lH>o_0xNIvQT6>j-Zze?}o?3*$gj9iyKnD<`+z
z+V}&Lur-|_F|NyG#lGrC6V8h16yRV(l@B}I=#4Koi8FfJbL9XgdcraBa<LUPMm+Sk
zv(#cb3S4qEq8lmc)C_&a+pjY<_zFGnqKndJg~Btvba4SrvU68fL5JOAZ#Kusm%Q3c
zTda>b)}(k5D!CHe$QbdpU(Nu-bCQt_J~ZFoiHrs<xirIR`ujIil+19@&H}p125#A$
zH&xA{5*0`)h|nU(yDD&|r(kk3m-Ci?Ry<kjHhrgr&Jk;b8MeS*d}mZPw-vW0h`;Lb
zT8dK|avZ+ApC=eS#SdLS?br(nz1$plnN@gQE^n%`uj#_6Uzk+2K`da?CTHulvme=M
zTusytgf94YG{`c)b4E6~2uct1=c3fdozW6pMcK8kL=<XrWDNO&Gw}}gnv@@QcBmjn
zb+TzJdX;^MMpkNL-1efla1Q|+z(ooX11ngl{j)ocWa*tlU2T>M52F@!XzQ#-3WwG6
z{30vk)QmMA6q`x@!Gg_np<J4T^(xvmufK)-YffGhOIM8+dW^%uu%mJHS>x1^GqEMm
z3H$fA_HimdzL@a?YQ@6Y?q^1{YGMv>L|Buoni=z@Bg~#~Pa_Dp?8{qH0{bK*U7G%G
zgh5YQ5b&M2X`dRo6Y_ZnuNt-hS~S<JbVLnmuwN|U`ozX9cGTU;!)$*Wuq0?dsxbd5
zsCt8*hJDF6=u+GuWJy0MlY=@-v2orfX=p}uU!;6-<+Waovr)fp$O<*0(S5eD)0}fy
zFS0i8?vF>i3qwB=TWU~FTpHUeGhwonpy>-dbK{QEU}(4a^jyt1u3d#`#tk#KhsIPh
z`E&fW!PdjjZdIg;IIerGD#oc2%TH=KZqLm~Ch*vVgRO_-!=sTEJ;;<qi<kWu$7lN?
z%bsd93?*ig+&twm7k&O&CgdhN1$vWO20FFljd(4e3$srH!h=r-AwK~ons<x?FfRi&
zABL+VYd4JAMyKbys&Un{XAk$y(iD&_x~ge_G}TNg?X~Ri9^?I#QM+#sa&=XJ-FAc~
zftpyS7@CaYv<^d~^Y3`ND{2R5YUNcpDu28I%E@iXLLbZ|Bm4y71M>6LZVEp~(q1iG
z$IxV<s|gZauT$bgMvxE4_s<j9=gkG>2kmn-FVIiap>xB<jI3@d^C+>3f#QAY39UvQ
zc>pQ_<78#@AVK;c@Y_6+u04~{%zG`n<l5D*3HFy13WF}WX^0km=oTYqZ?+3;VpaZe
zt(?~W@_TFzenwAFOO@Y^y%HG*O|GUXGHBf-37#x#a|zHX%4o?)t~pL@$7{zQFJmhT
zHU>vx^ZnU|e_TbpBC0m<6N~L~1L1jyR3p-1*ah&cOx4&%9P_jyhUAxp-MC)qufh``
zp4Kf(F75|Jw<<2;uHHhK75~^vKZ`BT!ve%p@!cBE*_P<;5*x48B1e*A94XQ~uqoQ(
z$C63DdG;vAcqKW<T~1?PYvuPC#9CWWWDu}zOR-aTgxchpMVgF%>`SC?p6iFTY^<9}
zDlUg!J@>iqjL<Zb?>6rhILFvadgiC0skBS+M7-{{NN>}6yRz}+@vx%NFVJ@7Dsp9~
z^>1h~Gb*WtgW%Crjw#(jsU%i#&ZxyTY;{KPO-k^|l{9x6ds&uW{Jjo%kKEzDZy7Ni
z(~56MX^wcs6acsJy^T7+*r4~=YxQ}dVJf|FTT#Bc{zLo_nj=Y$e65J8*hsstQn>j%
zzj$BiGb4EG%1V6*;y9($(Nw~JgivnKttfWm9u%A=)ly{W=}P=0w_2j4@vqU@7I&8*
z7-@w}38LWffj+o$21av^(1+M875Eytg?lMj_1OCM0<Yr|5O*}AJ!1oV6F6}k>i2af
zj?iED5Ma)pAcU@_%7_|w&j?*FC_{Z$AFplvC?i<pve*FU;2e*MUIK00Fr0I<u9vg)
z$J$7Xo<hT?aTmHl>SBRcty0%$%9^xMZ%B@<J@uMZ?j_LnOX(zv+ru$MYZDN?)MZA9
zEB)-MBXGyHKN_|XjMl((OY}nn&G;{W>n6PZ+X4reT8Uk1yrZy&n`yGOO>P!YXyt91
z=h+=XVyAe}2!0gb81^J9l+0z3zA0NLRdsZdlLlFFwQC6p{puA4x3_7$yXgah6MoD$
zswM`CyxRzu8UBU2Yk*CS$=q@ZQ|3~v{V1CJARHX-*_b2xurMSDBcTCI=OFiHp+zZF
zguJ81Bszwl)S+qmKULO)sZ==dlsAbiV9wfhCiVZIYNpHKtlEWh|2#{gH*!M%FX7bw
zzaZYs+^Z|iAcv1-SAU%NfRSpU-g2S=Pmdb{PCXk*N&k`IK0bl-_|&&@I<ru7#Ay-X
zD&zdu2nIi|&LJ&5Y^gwfpsmtWn0NI{>f3yq^pNV1cd*Nd`ZiNL$sf4(5!m{lW9uns
zvR?nfFbscv1L44-y;mmlObqN5SRH?Xf3tqUUCMU?pUTW`^EGp<f3_Q!dTzRHsvS*u
zbxnl)y0%@V!l=VZGEb-`?^eT^g{zD@EYY;@C0+}R9Viq`)&clCF33(nQDKB60u+&X
zlsH#Le@7o&n_p=%@yE=hh(uj`Y@@G-3jU$&#`s|IZ<{Z*Zw~6aBJceoSf2Ypxnhl6
z>r3%6<eguMFcwoFdhGH_zPd<<i#TS{u%3_RR()a1jQee+W@P%KsNW#zuJ`FpC>moY
zB=Z6LvvPr9xmB61bq7l06nmqmpqTU#diZE4=Pt(lWfrD2&c^2?@Ijm9N_;w4#$Olg
zpafCyHL^2e$AF>T1ZCd-<Ca%I)u9&W<sM^m9HE(Pb^+J@VRt9e0o`^gnn79|zCUM-
zmgy!=3WZHNQswA-75x>db&-kB%}wd%$xgTmy-e?tgaEsw(09I4f`0<!H#@+RQx$RX
zc!l)8sW!1`qnH<1fF<m{vNKxY<9ZvE+vw>*F`gUj>+89Zr|R^&rN)DLW)PL6l5YU)
zQx(<}@aqiB1mL5EAT`_$xZ^Wclh$F-SRWTcdMZqOnq_6)PRUf*+|><wDd?p^_TKLN
zx#}Ux++(s8H>O5qq#bMcRm219rqz%i#cMG&%7>W@+zNErJ8f|3RM*9&a{I~DbyXTd
z_q^&ScM~lX94Wo4r!ku&ob%^XtE%()_Y$Hg;P}H$>?byuGR|MU<-LYf|64N1TQ=zK
z8t}TfZD-&nix8opFuNu97a%Y2CtaAzJZo-K6RzHRB)fuUnAL47TgYOVv3iQXqVoJ2
zVL9*-tiBghHz;=e>Tq36ywKX!{)Dp48+QAw-%h>4hlkw!R{4#P!3p?!(B6t!>awS|
z$6KJH6eWs>`H(h;s)C3lHgMu4Z01Hd4`xBk*_>ugt{8NcAch~JK}Jy_YqG@ZS!??E
zndK*6Z9)?a77KHnRBd+CtJ-HpkGCW+65SgoY+V%-+HH!%Ip-&uRsQE?{GfVgRjMg4
z#a3pSiL?2Xb`~A00tJIl#Gpgu;#}3|1YRClVTALmQ^W=@L0>S8cb=O}z2Mqh-SI_p
zOpwGhFc#)|hSu?T<+W8EH25?{<-DYQGn>n-O$;L5mYl?sjJyJs9v~(`wmB$K;SW6t
z#OF*Qj5BhQm;ELS_kFj#U5(KiJm{B(L{0fhRrZVnPIW>`GHs0fcuSVqL|>D6*bx^H
zqk7v<%{`iUkZW0MC;t&4_lXBKN~Fz|wBJmwZ^t+*qc8eWFdJ{1%3Zeym|IzMPwa&F
zQO3Z3zfk__Pm^{D!1M?v47|nF=`Cby6DRsj#;Si17P0Xn7BgD|$@<1;Z45J~xQwUo
z&BuYp9<9_6I^#!HjNeW9x!I{dBe)!F;q`YMypT&yjwFly4nk1hE#MB(kdM+OW>fmA
zQEF_-t>ABwvF^`-P`_1>)Sx%hg@$?Yh~)9l`#JS0#BQZ;BX{Louwcb6hEKo!^e4vR
zGSZ%j*v_d|)JO{*?2_h!zJvD<iX*I%G@k=Xl^o+&9o@g*_P$+Cf?Jw$HAv1q-H|0r
z%~6Hr+%KzOX&W2y!3t7d^_O1*tC7Kz%p0&#<5QsHeSV!T0svd1^)C>A!LtUT?n2hz
zq>9GbC{f=ylfRb|YJ2V|M0$iMKPdESt6$Ty)dXdm9BjXZ5JEZCD^#W;QUxKp$OaF%
z#cfaKh7q&!Fnu9fk37UU4(t_2rhEMN-#m#;-Mj3hn&qUX%4>$D<L*fwX*{;YYF`&%
zfI92vkCSZj=OT_dUEAuA=D%T67k;#^lLp^Ab(cLj=SsGkSEC)utSqYQNluVB<!XJH
z0`R^%C)eoGm>>FF7~}bIf^tn7DX}hw2OivSs+s<NIr)kK%)uPbA{l^b)^#`j2LI!v
zI&*8mdRzqRMhfw!vxkpBK(GqG-|@aD^<<`suAD%l=Eo(|O{m_VTr(<<HX7`7U+&A}
zX2d)qx~_+yFdz>#tY;3lT7jkIn$mAG2qDy+3xAoR0#5V)oraxYGN}e_Vgu>++Aw32
z>w|q)TS}%8$Li(zUW<Rs$pzW*wMsj_cD3dtb~ZN7e8$nMt*6fFgA=2&%?PWO7+d$C
z&AO49jyV~YA8nx&$oKVJ>zeUi;u%e>SM@sK?RqJ=G91Ax`sDQ*|M{8|^W4|$3cTwe
zH)_9^KT~H*7ItYWhmacqy$mX?MJNAlH~X1g;J~KdU*F2aB*J7|uJh%DvHECm<C4o6
z{*6oJ+g9tk&v9T|?D2PD?G}I0PXX(qw2=RqkKYMjxq7uxE>=}PKei+e&dpqnuD2Yv
zl)hczBmQSfermX6D>lX_Av=+-e7<PKqJMH@PiA$oRzLjr?Hj=E2KoO97~V1dfB2Xq
z|Nk*N|3CK-*f#xAV4RghL{-XUmGDaYQi3P#{V~Mc@Y-ZQ&mhava4(4YQdU3px+h0+
zM)|h>h<srKejjEBX++h9n@x?2dM5@w^5B5sS3BG16Jk6>WEFQ0RzA3{b=eQiuENO{
z&ZVsre0TEilXp=`ae^PmrxYGtt{+TYNi~TxRpw#!`I9!TrWEHH%U2!fuh0&-cz;l~
zcY?_$A_W^@|F=kP_<F(9XePo+==hJVXyqplZ!2Qq^>#F~A(7wZLj}R%*PS&_ZNS4J
znZb#YO)vb;jMRt(2}CNC=;=Y1B|v6`=eCtb>cfc6llFu`zgL&fK-r_(J^nV?i)C_$
z(X;cb^}t)AIHwavT>;i&GuP%Igdb3^%lTA-&V+y{?lCrE7ohjeO+o|3&Zu=KXYdjJ
ziC*tphF`fE@rqbJr4i${hQ1o0I4oZ2+L?JEsnK3@I?m%8kB=UYM|#yw2I-;O#gBN5
zxlhdM;hfZYr_<Q68J4j@;FoDdFGwe@T~nECCeC{wZa{#Z#~WK;TUf0#EFrvzJ$@1*
z`%obw11F+$T^Lh%oyeVkDtN-1D2znjcgXZazx8c&=vn%odEPs?9{VL$J$^Ed_~F#p
za#;nIT@eFP_7>G^{L$5!tbIx8H;&ghb!Feoh{8{8<tSOy^JFgOFR~cFiIFk3|3;+P
zx;S($Lh?N}a%Pz%(|p}m-oBf|Eh;JtqJuh`w*v-ecb0Q0OA=Of(eM>gRf1fj_@yuK
zyQ9V$KU#XIeiR9sM$=dmpd+#MYc$djBQzL)kP(rAXgA`poqg~FzH>CdgBx`_`!3G=
z-h29R)@fjwUIMbp3Q!w7JW+Z$UH?kgKbp#5_07O%zmFf{Z$*SIgMKki+`S;oUf*dk
zp`mVBRWhH0sfG$n<+dldQ(zZoSFGpLqoq-^1T2#9YFWA6TQU_m&=Ap9BV0G)3O_*$
zK4_OxCNmX6P2-_Ltfb|E#|DVCx_bFee?+Nff(srD-oKc!&PMxO+~KdT9)j$a^4M>q
z?(^!^xA?+hV<gCFc&8yC3|dj~cfTTw(VR*G2IPXmY+n{}eoeYIp6_@v|N3Lww`fYc
zo*HFMdY;_RT5e-5$kMm4ybQh2(TwD`NYC^fR8*^@oe+8EeqD7L*@d$@1+j5P-^q2t
zgtEKm|IHo#=OFJP#$HHi;NPgF^AknMtNGAhiyX^(>Ix{5G$*qg$In=+uYI3quUq(D
zl%Hv%`)3X`94^=HHUB#}ZYUX=46LB~hIx9S)V|#<_QDa#8r#fDLx`|YPow8HKktBj
zU?|v|p<&R0KMJkY6-b;7<F{|DI9yE?Xq$yyyEC*8!3Y<A{bYRJrC7fw1N}*!RV_CV
zvDT8`cm}4nYD}Q4Plc-+$Rw)(?ydQ8yIiVSx2uGCcPd%cUPf+F@n^@M6^LRe7FT!A
z@Arn&8f?lC{?qDZjaDRrZKqeaQPdcDKm9>mxqrHoP%a`?CW5<mq@uROLLVt<qcRI2
z-kC_}9c5CXJIUj?NT|Cp72Torgei4Ey>+hU&d3!0En5*RU^0yqt9sE6@x=MKrPby3
zFtaAh4`^_Yy>vz;N$A*Fs#_b%@ln~f=U=9%FDt$;<B@Cu1}N^KZ%EA0y+!H{4&Jn2
zPQ{-PPmHTMX6b7)L-E#p=I_R7m|-e_!|;Q|!flvD&l^IBl;3nKYfv_t(=u>x3oSR*
zn>qB4hu1{l#?G%R)3`QT^9WR>eMrm%&4En@?&`R_t7!q)OY?e`*c$g?>6J_c_Xzze
zT=v!H;=mo3fUph(tg~Se(h-ukWC?>kP-q=kym)w|RUg%VUhJ`#+>krm4$`0;C<fXw
zMTA~d%5;-&5C?Rm@?edfWcT;B{Ef4vYQVE8AL(5`9Y%lo-vUpr$9(AryNt1dCDqhf
z6SL{6_8;Iu>niPS2rUnon-=ihdl-m7G@>l*wryRw8fp}asQAejCqX7CaPj*qGJrQ6
z6Qg#8m+LqF;TX&d2l?s<F7i(TX9C)8p$%dIV~!ig+OCA2+{;lp-0&4&IaZUNiJpXv
zJQlp7dX@+o)d5fHCCmaNeIKKAX@Tn;l63D6PJ*1OzSVZ<yE3V7Q1@XYpiKw(Kj{&e
zca?B<UXhE!c7N-uMYxd=P_yjd^cvIGtC0AT=9zU5vwnsjo(3Rftoh3Xg;s;)cvsCH
z9TBfP!D?i(_t~p~4#7nx*r$#*NJ_)*#vq;SZPj)ssHJL)AC;B(hr&?^o7JSWAAdLs
z>bp3xSeaqtT+2;#oMJ%v?WB~M2d&YH`d?a?3|xq$6R+O&+;5L*qNBc<ie|RAKg|lT
z=k&+pQmY(|I1_6;Hcm(7t+@Bwop3M@ihGrh0lRxj`cQ4=e4s^nupjj*j>j}B+u_aE
zYA{F7fus_C4{09u-m&{fVpF(htED%oLYVo_g-&M^u<w_@>Ei{Xwf>U9nF3pH-Q>lN
zD}oKEPq4%XbgAe^O>}t2ewkv5J(DCK2uz4?*QjHKC{FbJr&#}dgx06?PzPIZEWI=-
zbkaf&^V825PZ?NZ0Or@B>oC~GV6c2Lwv`mO<6%5Gc;4FOGbAa5xfP|3rThJI>Fx@l
zGU}y+wjPX?bBY_)%ZY+r6CD2LGCVR~*nxe$7C)1(al9Af{A#8-HJ|T!(>4GY2>ahi
zfr0wQnij@tzFL-c?3wHBw8czFY$h7N=H|jOa{BtA+j`dQ`l4;6FVOwv8WdDVj<2Tr
znMa9me2#j^ZAnV~Gn@%ayU-Y8TXK2Y*Oe@<h4(;gBP)Z=qOM$E?FT!Gix+9ihuvEL
zgK*5AN6V7z{S5Oc@-4+^_>=rXd7mGaPn<6}Ifr2xmBRc7OLGxQXJb}JOE!AX(Tpi%
z=g81+d)T~D{G~<~jW-}LzT6GBwYi=s%ZL0;*T%vRO)Xy+r|O(;{`G{eKam4aEGC4W
z(MIwa{BihqN)eZrjz3GW7osBjMcxEe*~FmDjMWPm*{e>ciF_&0Pq%`H|EMbxjWT5#
z72D`H;p7D$ag5x#&o}+@g3{}IOSo&iyLme#I1PomdC78zxrmFT{!ef4rYWtU$X;^X
zj+3>W0mZqUZ?u*M*vJHR=Rf7!k)do)Y4fo{vw1q9EOb;sjeNx@`sN`}E8F@DBIXbp
zzApH8#Oj<JfN^@{bM`9UajLxXO!x;ar>{lEhHn!>y#f7)WK%3Mwn49u#g&6S@H`bq
zYKsAosYvpdnw9W%Rfey@U>TD|=JLT-J}4C*FP=*0?bLYG(+vOI-30lETBVAL5$W^-
z+`$7}A13jsJek?#<gEV|P+ATVehDvC4btLtq_}^q^5WN#=H0fkM-5p*w#ca(pSmE|
zQA&^^^WOAtb3ln9FOM@@(?(^iQK^-1d}f@)C3Q)dva#;5V(QPI+I|le(!WGwm=kKv
zs82S}j-_+^Gy{)C5ks5{vla4}XL2MkYmToGq;<-$o+!LcX?d7vP-*V>wqPSTs8tm5
zu)+RP{rQm<hKsXw_IRE0-Zk;Uit3|AJu)|=nL!69{k7c!k;K0m!T4pVrn<HmgLdTZ
zKv<>s(?>!Wc%_z$k&51(1Lwe89Ljy>|3c{jGmUC&Zh}qFnw+Y`$R|y{Z$uE=o(y?^
ziN_1sXzT$*X|7qmJSNUfdKEeKK7v|N2ywm)dX9({_^2XuSQ8oJg>7ecdT0>*-3N*D
zlP8wlgkV$VZ((olPLI_y+@cCpFz~rAkqcUPanttp=sZeJHIjswlADbSRf4cBp+Q}g
zl)Hld_IrmmC>~@QkW_gQAsdsy{<!&xbC>Sexb4MDx(kd>?NtR`qN@b~&W~ZZOt^M2
zRHh{Ax{Fi+PCF!+zv#r=*_ZT(<}KrAS+{OdU$W)O*r1*7ML13l4Oe_kDoz73)?V#4
zMy(rdh4UnWp%N(@iUNI2Ba-$Xgg)4b`|sqBA9^yrygu&Q_KJcw3-O_I5(9rHB#~>k
zwF8=KWRYa(;-zV3F&9WWT0h5uAdA6R&_}A04EzXspf<aUCNuQF<MwhCa(C*U3($*@
zU-Ps)3SULxt5djlx|(;BrS09*RWchl8W_7VzyP{}XnrRDn+L6zai2WN2l-dDPnQ8H
z1S^m(@9JAAiy{cJL<;!T620l@y3dIEapI9m6Ie|SvX@?E;KYlXTC6rEGM7%~S_<_h
zJW~ziH(6z+`|9};IH_y4>#CbRruDzg@azAbz4M84BBy+HVKdqar}sL<+zKJuI;YBB
zXnhxlGpG8MsxVSCGG@Acnl1)#gXpug0zrL$K>Vfu#0~YrFZ(U@aBTSQxEygq+(s!J
zs;Qvk#*`ZCf~L2M9dMf+)O4gu{i=0#)gMTkH^a4_tmJbO`vpkSkKf=O7hbk)-V4*D
z$1U=sbM143cd9f@9GQhGDl^IYBL`GmobMFhG6J#naDQwY)Nw&o`AcYY&$IL))^Afj
zlh!J3q!hQgAItPa8}Z74ZMc{PAf_fyS{G407T&c#e%f0^IE!8Q)!_~PdvCgm-@%MI
zef9wE${eB#%TY$RjvW1(tD7JV96&dc5a%<=@4%Vy)gP@Nitx~skAK^F8z0XIsR|D|
zJXLs`h28%~cqTmX9=x>;lgiQ+_boBopHi(8d${1JMbIVB)1ah((PVfomMO@$C5m%i
z9d*VGEAa{JzQ1KOobtoIsm$10bgdPBTT55^3ZQh)!(7m(5NWn3;$o9)eV73n{v|M(
zvW;;kUDwPEfUu0>4jd^q?PO16^Xm^=jc%a)`$fbu&gLGo=+bZTyUxXEpT<aJSELo7
ze}uK(AVITTmuZ%@R(CIw+aJ2IhS+aYVrTbVWM~jjqGa^1t#`~@Y~|y2oWFPW8n3i$
zV)#y9EhDjmtQIYhjDEp(&g9CzNrNy>LJRUzWlK#HG@F(66EmKFovRS0pAtH2!dp3Y
zJ0)oxGq!%0PB6!RZgD}9c{llr%WX)iTcZ71<(TvdzDBOX2SL<rx4AW5sT=o-f~ToV
zCT9pJcEbxt{z8FF9rRiUCYEHRmSy7WQ3TVTA^fl+!oFy^yLkN8TAMVhvn;SJi5p%s
za%T@`P}{P#Cbc4tFF`N_uKj3ANG(fjOSwV}$xX-F4|^47G7nwdGhVPw$GwTR_a{di
zOh+m(kMOcC2NQi<dBrpDHTM3Onf4w7tLz!5zRr=kuNKxvVX!vX`AkyC7<$ViD^r5V
zH!5Tm|2_BN@a_q&Ry<I$%?#-Xv?@HwbYOx0%RYGZbtn=VH7$&3uOSw(J`JV)pRdb?
zDvSU3z%oan%4sRSS5x(AL-d|&Q%EU`eOzMiM@zKSm)OiJ#m4*K+P_l;&v$kIk`W()
zGnDs6b*@&jHmkro2&fM>;Z(toGrBjb+E+{JM~vqiXvm$prL_+tu!J9(d01~Lp?vNK
z)yZ`w-PhH0C$Zf^!IxC+#Y{CCz`yKwpn5b}w0GZT<uT|`61ZD4a|Se7bb*Kak2gD*
zE=UdS34+wM#MS{fj#ylOK>}hUt3!$kr)jvLBJ3mwhnyA;P(`(!5l~#j9RLkFEED-Y
zGoe(Y`Uytj^NGbV8##3jN==(ah;Zyu>S_tCZc_1GFoHY%C2$P`1n-A*$UUFbQey&l
zZPZu|j0C%-aCVa8=fpQqBt}?cGTZ7zuNk++*#)NKCeYT|zaPQY$g$?i<k8v(YapB1
zz-ZjI>%kGdzg8VlIwl_B(*P5#=rfz{g71ZoZ*sRb4THkVB!wr`d?AjE3Nm{`d<^|n
z_&5yzC}hlA8OF;G+r(cOdj8Yke^_(Rh)c+Snie3#_LTTN9TM(E(s5u8j#esX<V)W#
zL`8LBlIQ3i=v5N6Uyn}bV)%c*J==|NFLdsnwDz%es><G6+3_P*oNP!XK2M*9i+c{-
z)YZle-37MV$7S%7BHTIjdn)eO$#$R!LpSRyN)~f62W){a-snw}m%olABB=97ku;;*
zPoMkzS1r;3%w=j>b4#9Qite-M!bp4zC-PZLQ1ThR20glQY|g_G+HG|*IEL5`5W#B^
zBK?*M^v@B?gQ>v54cO9pt)gr}OR!h-{lc1Hw(g-U)*H~AqY;lCN|lozFc*yI+y`;s
zs9=<UJvi87oMyJT3NnV#<fQ%bc|CG5QS*AlW;j89${)G%D8g<HA~}O=-eyDq773j?
zs-Y0#JZ%vb+zDR1urIlYE7Xm;f8jq8B)a|TlYN}cA(kg|S`KtkrO?()4yOV8)yy22
zB!?FhnJct2X7EiOzV=Rzd#Towq6?ux*u5-OvvX17;3CG2G`I1#VCzGqp^mW9+n9H6
zp8FiDA~pC^$*nSd%djFsBnF7xZIZLipLpC09Kf=T5-$kwNZ1+KqyC|K|I8bCI>SDS
zg8}W9bAei4*FK~G9!^<gE4~(mQ9>Sq*|-Vi?@8McPPoalJd3+)SBvBaPJ$ESa;=XJ
zKb}RONW!~G)(rvhZ^s(Yn`2<4R+37{k`VbUxdVhg_tg<5&(;1iqDLc8k;hIB7wHSs
zLe~(M#syBWerQ=MCkq$>IH8@Kb=_=f3;7?QcP%zI!_sAyzo=;7?7$`aGGJ>@$;>rr
z`@3AtjcvhU25N*{z2QutY1aw1Q}!aOfp{5P$qD||^zbjl{evyL^<gH@`&ZdUZv|T3
z#rS+8wwGC`^n@#5yl9UW#%9C3NoW5s9zp>nNhowkR3$o=&I&$)%kI{TC)A^%wauOy
zpM!u3`_jsG-Q1C?i@zX%?;CR#>g{luwQHbgRI8T?5fhhx&gqG96n65t6WGn<1z>~m
zU?`>h`7^?;r~B%>OndN0d6$OeM}UL7u5M1p&<mC+ia6&LGk3I3fD$sIh`bfVx>`~Q
zp#Gqfd{8Fj{$Rzv8ki4BJfZ*Ok!FgLqOJ3?G*7TQ3EQkE9S&+v@902a-C*VC36Oi%
zmDK-at^1bWM4X8ggk9*;oy$icLNMd$2E7uW^ZtHHaXMC_P+7SK5KW$9`<GfbbC3;N
z3{vRa>oaoacmk+qL{hi;ZsMN?iidU!gF02bt6)};v9|V+UC0Z|lx1$Q?-BYIP1p=}
zGCW#kCT@oE#Yid>Ff9*Lu$0(JRH_o?i=q&OgyOCPJ64r`!>q4F5DxV<o}~&U3+{CH
z&qJR_D&ySEelJ_i2$Kd)4m;#+I-Q;R(NG1$u~qio_k4RaGs%z~_wjX~596wi+0xNT
z52VKs;=*?Kcyi#xDjU^>r77c6D7dc8Pof2kro2B}gBxnYT+D(g0-8I+avsO?wQQ&G
zxvHH_c!}J+k=yedM;vwroZ+%`u}BMZzPdBfL}#c(!c3g`<Kdy%Kj}i;tWoOQxZe5Z
zBJH<U5sF}_xh1`o?0!j`xG&3*pPF3sXR^_VY@;?xep<ysJlXW2fAjq*&~to;IdIvX
z6jbG<!uy?eF%s@}Hs5B}o;PLyCCtZhCSU7labc%IrC#qXo6M5?S2*MS&}&jXS(5jI
zLa@ajE7ZfS;JMr3y}LR-A}W4$dAj4p_qw~WMq_D=b5&Oi8#>+`Z5{VH$`{*%#>ivL
zrU<%u@kSGf$SQ4cmcsuk-E(da!GZ=a09@QzC<q}fX#02kaah&9AxZ&xN=u1fHP5c7
z0xY|3#}5xrf<J{CGqHf=v?D<EEzQc(pP4-CeeijNOR=D%2lA#h09baphkNqj2i|tD
zav2M_QQ8@>d{0_!c5kWMm?Ab!Rq=x3k7z2rMX_Hf`bEJ7E0Aa_=(d#fJH{F;0ES?Y
zo+Uwm$jQP)=qkqLY+<I@cv-sePlhL9KuL((?FsI0K;?0OnqLpYk9D!OOfBKRwFN}S
zA#aEPfVr75)LsDnQa%z@^qxmC!pZz386ZA8PS%b9>m*;h!+mW~9Ngl)V*wgMrk4z)
zLrPt!kmyd%+tjH@MR@g?%VYOo<U+;1Ll$U2ak*JJD~nbW>=Dxrp^Qp5;@v|+I_?vg
z<__v>jA7jZ(pXqPx^a~@*W;MW?ZyUll%i{Er$aT4oOr5fCvJpUz20K-{L6RJpJV$n
z$hmo1g&iaB+|~7mS>%y^!EGPjzN>R%Ha=d$Qs~dQ#!DQUt;DRU(H&sm_8KvPiN-k&
z1WOJ9{o16X_AmbejWn!L_{G3qb32ht`d3&y^)`n<z6LVP%Cg~3IuqgSL^8~agHHfA
zC2En;^f=E(fJiWrJx5=4z<S1?Tk6H?clz60xV{}JP_YSL-RE~A*+xfkfAw~ig&Jyh
z>HwC@J3~DCTx^~p96rj%71rE<;~yZyvPa^e4H}EoNsi7r46%$ISyU`I<^VR4=#RZI
zy9$gd6%)sP1R4c~i;xJ{!xsY#E_f`6;AGrN$NapK4jI~{%v2<ic&B(NY+CQC!iXP1
zJUgCkTsm%J4%n7Gt>9~BR(!}X_La6c&)r=-u`)VHKEM0WfA<T#b1VejY{ritzHEY4
zUvIyc@u>^9#k0NKBr`#&D|3#r4K#6akhax+Wu3LOaljA5UL&2v6-x=4Ra%cUA#o}%
zwdq{adL2EgIy=Fiq8vuh>fr{y<kK}ir>}|A7b%1xNp7fhsP9vXM#ItUCeC&Bfky&-
zQH?4K0}t7m!EW)gWX{y(a(l-o6`mH{Ap25N46p{SUAX#B1J5MZmM<z6i6JB91~c!h
zvpMVUfY&3Jsy}5SQGa;59#xqcKWE!gX`pD92_^9=a{)xUt0F4a`Dowu2`Jabm(N)C
zFjx(doUQcX1oQXO>$=~%4o9Ex`kWU5D95H!x@T6HZ`IR|?Kb?Tt5q-N(N&D-4^{ki
ziSo+)NKg1*dkcErMfKoZK)B#Uq&Chv9Y0)3Yv`OT^`FBS%z$<12wGu!9&mdt5e_H!
zmywE#E`#qv-2v+*uDhbHE_l#J7>g<k##=Ge>63+}#MY@8QJ-nu)tty#3Ftb(y1jFE
zYD!!`BkUa4Kbl{Ko0<Ic+cPB1L{q4~MLltH5$5n;8hI^^u;Mpgpq@T0Jt0m-uVOE2
zXCEFPHzQ*8*15QsH8U9I8J5-tRb}+0A^apbY~uL0z~}*Zrv;M@Z`Z+--B>`I=H$pQ
ztfhm~KReyyYBDY3*r}ICzb!^hJq#9^D~*E$LnSh_>$kW|eosIGk}cSqIZN~z_QB2{
zVr6=29S=Y&)zyP;V2gY5y|S{+?iVvrehg(LdE#q0eKc!qzB?H5vdVauw6HMTa`7)~
z;qYv_(sD&z1;OcR0Bl=m6JZ%H#k8ZNE)qp;>(70C*-NxU%q0mAf9M<D6)fY>45v%k
z6CWw+yl=(RTx3foGYm5EmX@y+)AA~U1UI)0n8GW7>{zgV3gaQNrD>q^49V3W=u<?2
zyDlRlij7>iPYe?(Td`bBL{pks%e(O>VO6Vn2{U-DaZoQJ&TsXx&&K^)y<9BRIV2Ci
zu_-c?nx|ILH^G*EP11KXA-+@W1m~4>&tlLBhKqB=Sqx^X8NXeQNq6}BwsYho;zuQP
zPs|ClZ9k~Wv$U?IU3NzeL}#i**gWiQy{>m1D>ZDK)Bju;(g4?Ho;n$N6(27&9ASgh
zpy!;w%&ZOHr_3|KqOOm-nqKMM9cw)~bp^Zfwbpz`ntAcpeXE9Fz1w%LbM(H7wpGg1
zm7@e55hdSrS)b~14J&{kl-wO8sqsuz!591pNl4IXuSJL4B!im?ThwblES;e3%~aDx
zgtBA%2e|NSW@Q|&pO-b^+h2XjBJN^Oo?6uE1@BK9UJ!slAb;ERgTwtm%PF5mXj@s1
zr7WGvza7WwhgFNY2``!If`dC0HN+8Ey;2!2KbJfI8$*!k3-%Vyf;Lh$WAui`$}q1n
zrPM(UB7i>g71Ks>RV{?(yfus4*xH^){XWcs+L!J~9ln9Y&Ja%Boa`#R)yPewz2W{G
zY1d^PO)TrM=<@nm6Aths@h3J>la=B4o7>3uZi<1uO8+E=?d<8npGh#iox17hM<F&%
z7N58))kKlgtw^>gGIZmW5;in#LI6(nyZ+8wK(F(SHR8<i<B&@!>_6*Boq7D^5{Wxt
zFfF8we5a0vt12$*4;~4XW%cP;&l0}y8YU||8TjJV+o0Q+(<HB$ZE=sGo<)G&H=ZSc
zUEZr`+ivpiP>*>gs_3>vBl@%n4hOy6zk0rd`lCzx-FaqcFmd12*hsS;XWKled828M
z1?T1zD{t@D+w!O9zduh~rVYFgPhF)wED1LStJ$)$ulg~0stmn9w=X8IIlKMy2JGvE
zVZGFgLh4wDGjTiFsrKzyTTCc%dtQyx1+4QcV^Q$Y-GV<cmlSkXTOMO%^E8zDD*Ti6
z$!zsVH7Ai-?)$CpZY3By29{pN|DQWeIok9ABSSTLo<DX)S=FAcBUZ(~UwzQ;267Kg
zsCs=+lAbB5ArCs7=C?sMHBB~>R`BS~UKySNUh=(}J4mebSD8z|zptYQOcHwwU8xsX
z&Tq%%Tj%+7M=aC5z;*{6YJRzSTY)pjvw4B(F(gIQeq-XVvP}i#lW@zAgko8ITBJgh
zx#X>W!#y~73G7)Ky3YhW>W9B!?(!nKJ@j16#aY!{9NFQ-Zr+SkQvG`i7~m@Ufq#XL
zodx}0@SyhtsY_$pJ+Nq3^6qxE)`I2RzR1g4AiYcx>t74u&*s{3J-2j<dD&CieY47a
zkFA`_NK_4sX;mL!x-SN))uvi1$QG>djl*bU;Fw9uEh~28pOIOS+I^FGvP`KsHNdX`
z*+Mo8gGvf%Gd>{&XA%>Ky08}L&)s{>yupgDuY$zfI@P_JO=_F$q>s&Y)v$&XhiSbd
z>Z32vRH{zdmUffnwMXug-V*g7hZMV2>l=2{RRR*_C?T%Xyy0kG!W${^-4h4C@f4t=
zZTiN#d}nMGQKK6%n+*t*n}(pdx{Qac$6OJao(9Wh#Vj4W7dfv!IuU*096lm2c!B|$
zOStbjO9O_uY$GL10&LY|X!!CHmDoKuf*O^!f_w0QEPxqsr)r(>I^I3I{$*uwX-qqS
zBT28>zr|p!T7i9eWm7M4Z}mM}Jp8`**}%xOpiz^73S*7BiYX}2Kwp6&5@Rl_C=32#
z;w->ahtd(wsfTEv6nVGlV^y}%)Rw)Ko3JX*Ebx(YhU;O#KMzHdl^JpCeSER|y%FR{
zQBWmg@U*tF0;Ta4^Uv|%HD@E&Hqedd+|%N-9A#D!o{i1|3_1uZyMG+spc!&IA9LWR
zj%FBwnDAz^9WZ&83n%{$NnFY#Q<Agnm`8E@m)fpb*b_6AaTPM_cWgxpAJs%R_>&q>
zozKRRp#qgSE~9%Jz_qt(-Z~5yxp1XQ=z2YMn8gA#%0K-Zf0>$f?K5>xH*x4`iu#ub
z6oCTt1Z-0!bSLV6Vw9Al@C$qOe^Kf{R(T_1*R%~=T+M?cz!1As)%soOuxiTwPY-P#
zW@H8TNTN(P(&OcZd;>W)@swnygF{SFaSvF!>q~@lI0-74BRhqA0g`BH(oqhvukzhD
z`&CBE|8@biWv{@j<P()u==w1lYqj-sT+Bh5@-AMyA1`JMYar24y9>o(OA*wM^JOnp
z8F_biPb{KzEM&Hx9c)!uK0K6E8{%-nBO_NEA*{qx8eygtkA*detu4bSD4H1@qQ}SK
z^Kjh&d{MEjwh{E|ZCzAG$>YnZQ=;Etgy71m7;8kP9P0r|OBq(B;%KZ|0c9d#Pp|bm
zjtuZYAD_Ot8QWvk^6FdP(dSUt<S3>@rgF#7JLIy52^a)g|4OJh_eTRA<&-1J&^{Jb
z#|spAw>VHaIPXN!i6v9C`@m%8-wOPTKOl>jp^@R6z=qWMvp-?s*}AEXkE}KAGO#sH
zPmG?-BkeMiX-Roo=`RwR;2JPfH0Abf4qQGR+@%M*Fv)Smg=o*VwqQ;0d9L43!MEjN
zHxIZK!+g-TRj?6h*ds>SYj`U1v7CROc~l?d<rehYrNpDn)LKGUJ}sPR*e_v&8)la&
z(5u?w>j6WvvOP9vE{@syGj0)HT;{CauBHksxvQC>9vsSq?N;embn-H~AE^g6Lj3|7
zp9I5z&Af_jr2<`fc^`?VbUrQQFUyyY;P_*ojh#-vQpavZw6f92E$rxR#2`@dh^~VD
zm%ly8o^c7`dNN}w{q?7Uk{>N-sqfaffq<q<#R1J*t-D|{;tVgCn3{-KVOB-avVkcb
zwe3r^(z-uQ=6Wz;P}tRD)BwufjxPyl9ZC9O+U3FE3VexE9X*mPD;;dkz#G#JCNL_$
z<vJSYFpx-(h#A^^_63r42H)#_RrOA^-4Xs?=(Ois_{U`qx$AD4Ec;;lkkQ6aZXojD
zaG1PUB5<__)nbM!nE8BPCQPKNfw02cnCaf`m10~Qkq?hqAu|bZ4%c9jq)$205_a@$
z^)Fr$BBB^~n*$e&nC5*i^c^oW$9KR9>J>}0%a1_|A1F7`4=5X}0brsV%8Aa%v-ayC
zG{JuIYP`a4e-srD)>1Cs<;2|nEM^yDI~L=pFa^<p2C(yD85`#EXghas`<;62%{Dyn
zC*jR%KQAOwj%lPH9r%*0k$TAlm>;<PNCT%vx6?~|MaHgf4c)^KP_9NGN+T4B7rFyi
z#5=oQC33Q;s3{|9G19<_<=;8OoQ}vYO!?(dI$&+}<pyy!(DutrWusM(%Bp<_-Aw$>
zG?67K!tR=j@}-MY?`?ZmGMlD0k)enj!^|zLy3buGl4JinB50fpZ5rzpU#wbo0>JjB
zocVHG%qwCE(6F!wHH7$sC*vthD4Y+{qVofK7iYpcA$)K$BD)!Xq-Afx-Z^*gNXY;?
zIDV;?T02BPj*ZD&IvL_Kwe}{sTodawRq;naZ0j2MB?PI_tEESCHZG=|yBlDbb%^5e
z_LKiUGn?e#TGj(ykl^WIsHwQE0d}f96r`n|6!(DSdxOy~Y*pT^9M-dRkk^U)^+I}X
z<eJIW5ONV;dB>B-csmk3>-KG_d5#3{zGQngB@|rsKPy$0bEl~h%}cDQkUZTimbo-+
z@$DE~?nQWR(N-d}_S23`jn--<kB`2SHin88rkB%c=LsB*+f}Y34zh-Bam;|iOWyzT
zx2GiD{hRo+$(U70TcgGQoBMBCy(gCP3-30r29*2lwMYvLW0lE~yQR8r)6~)S$o@Z&
zPky|7-BTu6-B@${OR%yUB#66jKK4B?JMY*ils<DW*PPf|lG$uB<c{p3q+`Eat1<LR
zQfs{c8(;&EvD3Rs`=fmohLlU#5G?c)hoyF9yghrCh^7BFXQTS%9F<FMRJG1~jbrEp
z9`FI_EuXa3TKlUpuunrzV>wTA9{XWHg5hFHd<8nn3y3i8p=FYVaPP9;{YLnQO~Fwg
z!&!md+_bdaL{DoWo59x;mz7ekXuH~YPgBNrMCm&w?-)VJB~wdU^%Nf_c5TDG<F&As
z5=JVVxj*)qLJ)WA^(nVYtp^RdQ-7q5sEYHJVDgnBI`DFTkUOkMDc@U0Vc;p3uPB0}
zD)pIqeYvU0|4qa{F$>+CcIYucZTXX4P;gSymMIX7lMOfmGxthU`Pw^N7{~;7RS+#H
zC4w`aYu=u~y`Kd1oaE3#oG+x=er(E?V?sqONZM`LnV|BsJ-_ZMo<g*zK9&-qVF=2S
zjQe^^R+{*ER+8zpuZqvmTdERt$3>ceaam!qlc#$bPX;qb3cN*a1^OOX`z&@zzQMX{
zgC--Kl_i+;oK|VJVz{y!Hh1_bK<o>Ze$9`qlVkspf?m>UKWyc-#Y};vby?@+mv!e~
z+<aJTT%cTcN}X0<E&|s1U~kd}foNkA`g%t>-?JU!?f&9&JqJFF=_I$i7IAnEjOWKL
zdz|>pB}%3GvsAQs$#qIhjr$Bvo7om=D>pf+;&`Zl+`P>WQ_p9B*c|;dF*KU?F%@$+
zG`4LS{6@76*9ZW)tZdFat|l3B{^4W|>JV)|B$fU+^jzz$`ZT-iaB2)$jA>-)gAQkb
z3wDL+$K`l|?~Z|^uu7!-eODEvj_Xhf%*`qGnNO>IXj|SI=syE1)H7zo$F0gL+Ats3
zs7K1tA&HBW8kvw4lVe9x_(e@E;nC3~qnT7;*=ubIjh3&I`CAT}J5Bu5%bUFmeSssg
z@P#<?owQFm?w+fI*7xVX1VRR$(PF^%CqK`ER~#D+P*XFm!tnQn_J;ff($qk8mJ{w!
z&jueOS0f|NXN5`8%a&D-2hJ7I>xBEn)X#mnNwo^_rPZl{!p=qz{gaEfF7*T7@7rKA
z<12j!=(DS9+KS-SiuWEJZFuQ(`5(gWd(rs_d*0K`|6LN=wTqUgJiEnRzwsLfFbcB4
zW<8_%!cBNZ7QyS*R&ko7V^?O};hCu!K4rHajBG#PjYZfGtlyB0tb>NX-=9@b0=S)7
ze~TEDp)PR$#;!0+<Nt6D=r*sP;^6U{OzIyhEoF-K$itAa<a(M5D5DA?o$LI*-pwer
zf-yg@Cr!y`si)SKmjB^7CF~9wFD+0(#($I7P>Vut*aIh<NuFoGY{dF!eW7|zZv`m}
zTkA^xy}^#>CvDf~mQvs{-Kd|ahEMa*<xg!)_(h$Cs1WcyK2gPX?%j{`-~d<oP-Rt;
zK%gQ*(iPkY*Q(BF1QvO;ad>yJtw!kCu{+l)-BQUjccB{Ot-CaOedr0-ID1uP9j8po
zGiY!Ivt5HK$5b!0J8;u{Xrj}s%L2pskyn3D!EV$5RGsU%$LY-2B+hZq>m^v5c!BBq
z%K{_J?wB*3n`w4LS4TqDpQcI#T~vO(NsPnnv8))hE0W!VKn{wnJU+S;+M}ZC{x>w)
zZAtbJ$~&fE@~!;U{>C_F$Pj?h&w-~kQ)Il<ft6vZRR6g5_*Y0blAkB<(FxcgG^+P0
zF@?JTH`Pe_+>I0b>YHNVqpksT21buEeV7@zwo5%}(`F%MXn)}ExeVTIiBPZNEY5GA
zy^T&yy&`H8aB%cz|CN9*vijP~QM;13Mv&yR98Vlux0U}Zq45PPXVr@)>hC?5fwf-!
zznAkb<7oO$q8{*1e*VvNoOBX$O@Xnr8{*PGru+e!N85i<{Q)QLwrk95u=KGJuGt-(
zI%{ZwkS8;XZu9TQZd6R&s|%yw9T!M;+kixv7qXrEVu2~bosFeW-f#hP;F_!&AhPe0
zzR;DYOb=x+eZm{+|7z~7qS}hqaP5{BXmOWfEo@u@r4)xkAwY2`QY5$(mtw(+yK9l)
zF2M;9ym%pKad-Cs#ZKD2Z~vSB=A2w5V<aOhD|5~D&2PT%^Lj)-4vfcMY-+35{yDrL
z=V!XVhyG3yBQz<m_#-`Tas!|t4Ppllo!>s@uJBg)ID)jn^H2UO%p^zIu8LxN&;|Z(
z?ykJQlozSnU_puskVK!!s$M?luZ6JyVkKGJj3TZFECjj4b%}Fg*K5MG2gPn)#s}I)
zotCPGv9F?s0d7sz#U0n&1V<|JVPtP=+xrkL&Wh91Q6|7wL~SML?6efYVXXlQx#fda
zgup@TFfabIgtHexQ~kc)Xc(^Nyp(vrS(ZxrlU-<LkNcfWK%QqR)xjp-H-@%?Cv?#E
zCYy>lZ{QM<=HS;aVqdj*tW0^kN)S=S*M>xr&-4^f#?2wu*kcrYpUH#jHtMYZ_ngYg
zGyy8t)I;#c+K~CrB&U~W)1gIkNxK7XH#Yg~HzzGE2{d47*ttLqYA{4?DNi7wu+0tc
zLzpFpxOQZB4_`mjsw2qT|75p8B=YzO-=5zye_N}wcLakMBd7$kYGy{;ggPebU@u0H
zfx+n5GUEPhPAR-+=IANx{6HILe=Wq@V~T}*HF22{`>ZSJ$0Con;fr`7_qFY3J)g9T
zaHG3$*YkK#=BozY%z;+4QNb?a^FEgk($2iVs|y)(k7sD!)I9kKbQmaSXByAg3;b_A
zTiuMQyli@+=c0psFa3PDwA&k>XhlZ#PUYo|F^)fLK{Xng=^1<diKJKRXGOVlv|gW|
z_BP}G5IByc$XI5k$bm#xxix6vUlH<rbE@g7-F5|LvEcv2Y*{muzy-P?f%3JaOqaMl
zsZzcNhze6tRxrt&-2KO?eHYJOcVii#;NC`c8StJpUQFTfFF-WOLr`$8n7RKDQ6iP_
z!qS`99Ped7V~A)5&B3JgcSPY+XIK@PR#m1<?`<)8Lt-_aOzof}-;mc-KZ_JblVJip
zHiX_26`;ODcN`=i0_;fl_%g3kExtAbco5K2iHcWy^|99($MQe8I~yOd$Fa(g8=c9<
zoY2fxcL$1v#f&OX3$88Y-N=PKaN=MoS~r4%2#Xx)wv}TH7lGn4RePyQjLg)D;;WMU
z38N-f<`gUSHU2B!@%5W<8U{f!n3Quqf=Fqz$YKI+E?E@VyOT05qz!+zq{wuSP?Gt{
z8d$(o^V=Zv@~tH{r%PUN=db+V@LXhK8+nfkMtxy|R0cM~(qS)JUzC4%<8@s_yF;=P
znxa)`bb5rgNeEGVwpPfSJ6WbDKARDA;Lj%V!Livwjrs0d6#?Zt0=uF&1P8m{EqyJ#
zcpI5TWj*0-OwZO^ZcL6+S<16>;s+hh=4PO-8^&xC)Jp?et(D(cgAA6`ifGH}M<=`;
zKFO4e=tZKs=iPiH&;b*MlV{zes#T1L`jCi3iPw(#(b#UAImM-fboL_>nsT^9Yk~3@
zfh+qof`f5B2XL;^s6TGF9Tz^G?mp6`e}*5<d5IM99aJ$e_#1l8Zshv8P}`#WZ>!RR
z2V*G!BJQr332u6t5!*#>s>f)kXqhAJ1}FiY%`fw79gQ|M@FI$h(3fmd;BE-k`gY-_
z4lO&RJ&Kmc2x0Hu&5@(oEooV4+AMMRH0LjGEfCkFVUyHxq(Nm4kY{ZAaiO#c+>gi5
z-KTDtx*|0j6n2!vVLA8R+(MniwHO%bBH&kGg#IWx;{|dVW=4Qzy?@$|FXJ$LLJ?UI
zr^adYZ^}#&<Q%%Lyr56fU&iDVSCT=oq6?Q>)I@O=X!luTQu)xWRb$v~^WB&ctSK_F
zgSX4=e^^Pc07BtEx!q>QB1rHxmQLHEb9EWzyMndky<c9s{v3<fvB}f6o%?~`{)Ak_
z8$>;#Uxi-ATFibm_9Q!dl6N`9S0qw7nOgdNcf`uz`R`4^YgFPM!Yd^bx8>Xs!H?;<
zpXz{0r+gCuDH5SavY?Bj(whaP>p5h28r}|rd&TX(3CyfiULjYDyl?h?>>G?~|Hz>5
zcM4AG+p#m8jpn97U$3hYJA+)m4PPA>y(um(wMZ)Gj`&)hd+po6M=WQgbaLU^5mMW{
z;u&6DH^v2C`k1#!_yM5*vUP_&;x(ci0f2S~(|Gg`S9UB$;G1k^%YOG4J6;&ku4Bdw
zIWHZvnJS0awu3)14N`(Y*1FON15mndhC$Sqd&$$D296ot)+9_UM{HcO?GNM|n(tR>
z8xW9tbl7fL04&A(ToBhE>T23OT!Jok_FIHC27RxGpXBB!?!n#FBOLrPh5}nFCj2M5
z{XtidcOFGCWxyYFBVQ$4ky*R$b-h!vsP`Un<531j-3;nNwO;@HMTMMyZ+zc1fAbm6
z5L2ys-oO3!^76YcyzwoXjnwPmuGhXeAt*mcEpr|YXHDI{X#^R&^-uIB`qnC-N2fgW
zI3m5sMGdm$$nu)sr-=@7*K#!SKp~CL9$!w-54fN&WEg7OlF9w8X2{FxbLK#`j?Ur_
zr+uFnSXmc})gy-!w}rtzGpAElH@WX<HYI@*6$~tIF(DW^pfhg9v;A=FJQ9d^ZRv`y
zw;)b(pC`hqCNd%<r&;5lliXBrg!U*T`$xo*p|89`6{H^1ONNR;m2XXyU_>}+t3DUL
zSsQ$_D!|Z*e_W1GLo923m2<M`h*(~XkVh$BhOH9_raOsuF~hYVtpdLxC9*65BDEqk
z1s)oykGpR~1PX|0A&WGtXPTl;aIZUdjJazrADEM+z#l1()t)R~75({q5IZ{}+Tw%2
z+-z5Gu<c+&fo5KuqJ_xQSt1^#E_%^P&y&r|DlHtmk7|LKVhgc;XBlk06*9+_4=DAc
zwn+5_futqDpjo6fg(m1xSgbP(C|&aw^6%1`UR78|h8DeAIr^S^fwfs-Ap91{*+M?a
zr@o@VzsL9PedqMR+y*+)rK?aa!O)`>p!KXzd?AEK*}m)G&70J>9KZha3$2^nRKpmF
zt$W%ZPXhNc(jqNM$RdVkuoBfg=itwE%(BcY=%?xrhgFbv%g&&r*#dJpg>p;s%Fry#
zO<X&tOi}h0BDeNx;%V<Xa^*~_5Id)BI5jcF)mQLn9_{>hD#&ak-R>-vePnG;>=2uO
zbJ&sA62MLV=2`-jU`3)VhCLoU^?3qwM`MUx1?uya{m9#%f3KjNNW1IwxFOSn;;bKx
z0&Vn7Y`du69+_oiRUTs+XjxMij7A6mmQ#Zy@GDghIRRAhXY!y@ul(#9JU6d|$R-;^
znZZIh`ZBF%3Q?k}F;}`F7i1UENNjB;x%50WPBS>;OlYCs^+$`L@D}&5{j@n-z}5&9
z-^4iPbs$*K<V_ToTxrnnZrt(^tlI^14!t-mi{QV${9%Lby3kgR`Ec#<l!rSMz&KCV
z?TGMuy4Y-pH7ZKF9F>3O>m&jOy0eWXXvGY&>*4-9CncpE7bdtG*^8E?W3Jz@|4m7J
zQMq|p+8yt|DiNcfT;seu)>g|(HDrGn)46!ZlV1y1u_*&#mchT#)3a?Rh%hR8JX?%H
zF|7OZUwiQsVRHG})1|TRRRd~?P>i%UIeFw<G~`jU>cS=NeCCcKc-TogzrW8TqNTmm
zvca}cHkJtlOL<3uw?6^Rkr9?P*&P@wJtdEiE2r;h)e5?22M^c!sc~c!D^IKZkQ!~j
zb=m0v?$uHb?;e`I46bl*8Mj=pLB*twMYWD)LSRxU{5b>XSM9o4LD#RfysA0r3Ys)_
zsP?0T5y~GBEXtq9wTqL<7h{9}fb|xb2_S7sGjTeBZsx8ZV^HOnEf}rx$E0dlYgxdd
z<1?v0(wDe#N%&e@1)A0zvFqbYb!nrcqoG%{6onu{&&v&gU+EnUIn(We1r%<Xgi(A0
z9(#h<1{}&gZ40lwZYN)SGszP5RHV}rs}9iFbeQ7b`nz~AC`2)jm@hxKT=soZ)mtnE
zh3P05iN$M0{mRubO_^TDQQ8qSi`oMpjoq;&j_;?qO&u3ua@v^^Uw#BdH1Arnj_i^K
zc9JXrSoP?*lzBzNHM1Rbcn+FK_9?*U&f+r>;d>b6id?w@U&^M3dQtXQU2}9S_Wf$c
z`bguM?_^d<FOYNHjG<?465rE_@ivo9-VI&s;P+J-dsdzWs#^-+7`2_1&K<jwuE3Wh
zc3!Oo7bO=MPdrGf@~I25j9AAc87jbIz&%HB1d^c^Mi#Q+QX0g!r;kLEv>)#Fx_Iu<
zperZ$hNuO)nQ0VHciYLaeq<d2K=qQSw)5e-@e!(^<<OUlXp@Lhhz=O1$LXr&i-T^e
zk`2m@>xx7XH`3Ub=f4U8Iq9Z(p8zTpj25X>d&GA7oFa{AhOE*j_YKWT?k&HH?(al7
zy?TPrDG~`YB#)Fo(dt_QWtHFrfE&((^B4=wJhwc`v(q*!RG}9YhBWVMGn{@%Q3|N>
zJEzu-zk*luV7D?XPO*RMsRDz)gzqh5y`pM*rvSO(A+0xlQf=oX-ct<fMDZL{+P}G9
ztb12ER)3`Ji&(hIrV}jxTL?lX&grRdIO`Qg*6apNx#W+}GSPCx)D;p1w4JlyYMStm
zggEQ3Dmd)1iL(5S|NP<(?sz4uL!=xFix1ggmS0@E|3q73&?T$$=|$5r+)K>XQlQWU
zzw-tk`ks=|X#usQjk_rLRbwEAoos~jAJOjhly(0=9;E#2X3Hu%l`Z|@>szxQ25WMZ
zQD<Rp9G#r=@<_^E>|_^G)7h4CJT2w0o}On6V^<@apJb<WTJjlI^TkRz7MRTvz@O4;
zD2?(nkas9^r#Az9?6(@;kkcmti9r)e;2`G}-~@5%wF&*11UKcAL4jNJ)<G}ilm<Bu
z>CGmWTL0S886O_oE~6#+=*Q^t*6tnqLRu8p&g_HHtYrMWeKqNUJvSX!cTm6AS_uyS
z9QTiWkL?DID58&h?xSlCKS9hFP04(vBfPE5ziZu_$7m1S%SYCl$pug#D3;Nwi8|-M
z`<-NWkN>j>KhQaVdqA{5tZ$yAi3e~f4(TEy)8{rih0bn{CGFlP7C1J2QSg~FU-<s}
zRi2F+=)bFJi43u7Kv|EqGk86^gl41BZY%SVkwgg-)0zWr8{5o&7r&}Hb2TZOaPmOo
zubk8FrSQ%!iy9NtLf5oi1kZa7?#qc12(#WxI_~@!t4e8^sbBf`d+2`dHc3Ep<iggr
zNp82utfll@U#K8d_-WMJD~LMDHnxq=&e;i72;~?zhysmRGL)3w3*4Pp27=lXX&Y|F
z8X(byuwKMSWR}Z7)OIgoV59bc*JqAVc8Lfy&c8+}z8`-a51}9g>TO+SVG|MT?gkEl
zW^9DGJcbaH`59;WD&jxZ-M;j24>D~gzKhCQe5uB@&I|^&{uN*32@Yo@hwO#EP@*FU
z*1$X;6CR||bz+PCp<A)^)z|2e;L>U~9kCZG*BVfb)Mm9}+Z$`i!_N)ScN|!G@r!~e
z7%~RYt`{YLuhft#%z=ftcX%#p?9H8>E{>O<!u}@H7bSree2caElxv0_kX~ZnTP)?f
zz{g6)(EP{5*N1e_bXQ+0Q&Rk0C;7ceD>oC*liFYzdZw9YRE^uIKT{>|R+=&$9y(Mm
zOBY>A%!&cfzSlmk+o#g|ypHoh`qi4W#obkHVoL6t<5C&3yaa6!SC$g{&Ka@JnUv0&
zF$!3iS%S!2D|NMKL1M22Hp)lR<E_5NT`BWqNHa>!L#r)O@n3^wLUz6-nZ!s2A2TC`
zBrs{9z}-Y2gUJP76VxOEylgn7IqimvxtnPSsbQB@??ZC-bledy+{&9u==AgtPkzO)
z!m{01jzq-qTzWsc?8xDVA`7btO5y9bg)X_yHc@>kv>&N^9>Q~0_q_M<RTae5>|=%`
zs`Wnd`&f(!FbI3Bug|uQ@^nxtqogy#CS5#N2LhLDOVa1Jh7RQb5a>sAz09Yot*wW>
zN>>kIh(E@!fOqt$v@)7Jk*f0}33p@>$yQQS7Cvd7aw0PqB}Jis8+TqAxcZl~h?r0(
z{(1}M=o6GjncTILS=afLXPqRRFxU4P6g4fSwfjxbBXcgyD^kyvF5YtdPYX)7m9xag
z3{_F|vZQgP<@gzJeAJ1YB+?V(q(wQdW>VCnbwP{K_ZNZd$GTzGz~1!a?%_%GlTE^k
zHlLAqOlZ}pD(Vd9q4kFu%thh(LWa$l0zP<g%(#3W67k97V@A+62f#0`Z+yhti5IUh
znSKvB1+$TTPIQaO@Me<uqrG-8jg0(BPcR2HSGlUaU&3}RRsXulrqIKLy3l$s0N+@+
z^^Vl@EG`~oB)0TI%R)FZ`m!_T_I$LfT#JtFXI_GE$MPabl*8dL&bZusmd)~=<$n<*
zzL>TE<V7}OZx2&k%Tokw$IOwsL`maKv#K1U|Ffa4X5`yT-3R9e=`Sv#U5kf_N45&k
zclSs7l@{BYrwD+geVD*JvZ3KuAGvdIV4i#^Cd42vx-J(*3}L_&AC+&vhd-ZKJSUqO
zMU&$!<gT?jE7o+AvDVH(_cnpY#cN@}1XF2Ot)~2ctqENUY1JA$VlS-9Lhs8sn>flU
zb{qdV=`Tg5VjL+U_dJl!A;Ed-u~eWtLE;-y7k67lp|;GFKpBACbJLfoJ+Xg(9?IWd
z3SMvoaxCej`=PjRt4*XOsBwy6M?+o!H^mJ1(%@uNU4m=QewX!i;}F!AGO7nsNYl9#
zX6^SNUwlv{6+KVjaEUNd(bS087h8%c11*GmEI{txe&MVazghK(^swSJN8<l%V(3=Z
zrX(=w9`ZwppI_#ys(qP`3{L}lH8PNoNkHD=v2>_$SzBM=xJsHS1~h9y`D)S#s19<^
z)cNlRcvpr)X%h4`Bj&}HW12Wp;9SW1<CxNKSvMO`dc|5PO^D%+vp>cP|8YOYGR*&y
zm&)@(f>pE99gk7M-cuFA2G#y7Z7{|56<%JSwR|58UHEZ=ZgCBMy5`bKxOo_gOI4dx
z9KE{{!p_{AD~|~%hc)oi>Uqg}+;DA?uk?GaZ6*~371Yn97zD&r?)c@?`ney3Oa01R
zAVf*#PdW~0Ly>%~M2+=oLuP@h`gf=O8ML7h7auMoOiqz$IHq(gT}u~4<zO%lnERNu
zHNeQkJ|YXByff;iM5}?wqo*QqTYUMTyX_H2(zv{_`3HcdU&Cy(%Y^hD%CcU1dVsD!
zh9c!{)JSCrbKr#0w4VN)k_*Lk07kw2pkxk272;9A31r>j;`N0C=C_mHwZ)qm-OnaE
zr9~>qB%kxLD+zl@x(G>H@!xM6%9h9cA)TAlYRH2uop!j39{|ezvl3{6dv8`2aeug5
zd?{_FGLQmKR1>`$8$z&@boxbNd9^Upp%}6h2`drdb4>7NHX51p(kXUFOqYwU#uluT
zrSU`qP#8P^j?1~p3`Rc5<Z8LygFCX%#QnJMbH@-N9TXvjiFJD7ZgAZqyn<3Sj|*7>
zYb%n#xb{vU(!H-X{ZPztr_w5}R-9VQkUSLeyi~i9W|x$uxV*3J!pW;yl)SY|l)JPR
z@TrvQ<aA3f|Lwyhq?3YTJ!~pusA^@tyAE$|ED!wmhIAfNaOi7c&yik+eNLuwvEZFi
z^{~|jTNz%QVGuV;*k51cR1bxU<}qM=JL^SNKfL;wDJ`>+@BX8B!!fk!)CpRXD=};L
z(rO>rc63aRYPmA2SU#I7{`I&@nHl#1aChMOBjiPeo;5!xoqe~zrukIZa~ANmAC=+D
zxGO&gOp9-HJcryJfx2FqB`iAW74+P<YrX$hA1E={wnPF#s|J3*s)Zenl&egSB+Z0R
zbK)oGTyG{%uf1qBnD7ZEttQP$9KPnrEe%Y_!tG3aw*eF+w3}sKHnZj|6oH^vHr*HF
zQ@CKFUIH-6PbI`AYImkj(A`}eW0qEf=$9AMO;#Lq65)KfZ>{;;Ee1Njy7By54ME)-
zg9UWxAypztN`WfR&%dek!F%?}o}%_tP(9_xm$t{VSy<gIwwxFK6i?Pvv$%4|e<n;z
z{+s0=E$&*4|2{*#(_ZHP9T3~te-BDg`2X55vHt=s7(e{2(9^^vZ5c+(i$>JfOyz^B
z-}>HQPgYgve$!>QnStQhOpE*dD=u&Bvquq>#8Ie*|2wNran_^g2H5HOGp4u)_P;fu
zi52zb@Sn$4TQh6hpt@Yt!a-zH`DNSxKFU(oJx1O~KZlrwe{_CpQ+fAvSaJA?^q#W1
zT0}CUD7D=ZX{M1q6eT{E=EQw`v;HsfGwl&0{61$Jm{&7^*J?L|37bvDw^W&qtOZ^h
zjuos{HLrP26hyx#xV?IBYP2O<_C(9`-0#uC;TO&Ii46)~me)5tR6m2NM2EljaUi39
zBV}RR1U(N3{g1XODhC#LCqIR^gX&6Vd{Jebde%&T!^0yRvR>BXEA=PqSC4fw`z@#c
zD#icr08&Byer3d~G(V;XzN6^){h6qRE4TY(g|p;4okvamwycBHYJ;R%<HvTIJP@v8
zyUm%k--N!*z{lQ>M;PaS4{i5*LQ6m<-yatTiSI?Natlo!Li5>fiM%5EHcIU)>I?qx
zgE5AMFZY`Fu$AI=&CpY~57R2lKK#cC!-H6kPw{p-Osv`|p4F288IIZsSv^g#Gcs*P
zIme0RXy8pAoy!wrpZg{>__4fUS-j2C9vve!_m7zWJ-ri8`QCO6<55*c|NP@Y^F16R
zyM|C%@x{+A>)e&C57pv}&c5Enc2ty+hv#_&fHh7?MTa=O7~ODaNA%4Y^MPAKZC7xa
zan(hQEMu&rgc8itEA-}im+R!KKcqejO02m&PS<io8OiB}xAFc3RDYaQ^Xzl;ghoXg
zP{iAg+V$RoJNHiC=j-<4(|^s$t#2K(e4<dYtB22#mVnpIdE}DanGUJ|e0WtG2_>t>
z2Mq=lAj60Erx0lzOM;B5W0b3L)yWyAW;eCfH#lhJm;dG#M#_ypyZHL6I$VSL$ezVo
zO2UjdytFCikz}%UZ_Zpw#Px+7fL3*LpLFf}ZC^E7yfV%CUE`Ze*Q#CwKT>A<wHuBv
znAqR`;bpZOv<o+j`a^^j6nx1mPBLBPy{BNy9wU`}T(Dr!)qXbX{ta60Dl0I{oPK(3
znuOOrq}jQ?pfzGru<-fz5&yqec+oQt1rCdu?dhb~MKzRk5c1F=ut#U~ZKZy!KO_vq
z;$BFl1LCuF4*t_U_!~=nnaI~`*+jidiR+q#!55#o4sIO%sKXEU{PMgf)nAfE$Jr!f
zZu-neIfLdnGA)>FQq>0SE+h6zN~;bY7aB}XJUW2T%y={~)Wav&O%x{xNhu0i4<3lS
zc4!_bv-jX6)T)VO240h^Oow_h_cEZ|31e>ekxBDTvFe{Ay1$SLB<q(v7reP~+`GEt
zG*Ia2l>v6mVZfZcBLDbUc2bJG*YJjT10#v<MxR(5xI0D8G0$IGxUM{4czNu9P}jB_
zI-)71MVq`9C-Zp5`4?^F++0-;lmn51=2ZNAR*^9Ka)8}67yj=~rR$430<Zd7wD*lP
zg%T>kDMf#}mwPa}=?}RdqBt%*#c=o4Sb;UaP<#ZLx|nAuek}H~C*HcBSwZSpH_g$K
zQY!x>d4TZ&&(%KKh0hzBHZG=W)}p=#WRpZyJvvicdJwkQpmcWn6jXC-%3s1Z!U>f1
zz)FQ*$)b5HED{&o*pOT*bU*J<-v}hd%~>%0-P5!58M8i2!aNH9y*d3_H0jQHzs^OJ
zQ{Q!^A4_p|ijr$#a!%i~{VM(zlz$*Bai7}V!kk}f!lC)1RaD@%paK;K_p~x=hLFL;
zo4^-g^$li13heVRaZ=;9+5~p^KKb7mU$cn_Au}tDsmXspCcg~?&*cU{ahaF|jF&Hs
zVEHL!LLiIZLEFqXd0NH1WOjKlh{8dW{rU*KyRh#1`tB;ME~X5uqMt?J`JW)6RYM5|
z(3kj#3eQg`r$;&{y@M&G$A>`PCF6&P-{h+ihm6`ONZ-RnY#VhAYK#;6a{YPRL)y`|
zTdB_$+!ex{iQ@uUh*OzfJm*^{G>~{2Mu4smdFn?L)hiV#fu_3t><uBes??k3xI2l@
zb3^@2K7KF^=$v`d_gnPS_M`8dIVnYRb*E;V!Fb)3<I!QOH8RurxasQso5G})`?RUw
zHz!(2(>TX~G70rOWwmws<)R4QW$l<cOU13bxu{0MbosKXYrpg=o4H~0&+t~WB929;
zC+$b^-mLRkYjuMU;a&Ox;ME?Ng6o}h@oKwURq6#dqM+{a*p(eW7v%;2OJ^s=FUs)x
ziCe=50~}BK+>!iM7FH13Q$3x-6f$#pP}`T!5tIgyu4~dHiu+E-j7pmiXI(^h4#iK8
zm7Gja@)kefOBU!PS{FX%&`Ig+eU*C#Cc9f^Z@jIGdEG}z(N8+1Oo(?gf%-aCLd8(a
zfhuPoToKCH<Lpk-hDq$N>-?W*xv`rz7W5MW@8YbWUq_dH?U}MUT}AsUp|w#I;<*4H
zJ#K2!BCC_hxy8azF(a=05TE2%aT>?~gLvUO%)R|||N0ki7%FO(-B9VCaY-$w8)?Q1
zH%M16SOs-;#Z+M>cd#g-szriI)hA2KP^lr`#k64aiS~Vn0%mk(iF8FBmp&OCQ`E`p
z_IBb4EjsD?M#_)s)D#(Uq0+=)69+48d+@+MN27+$$#zxs29A^3Ge3HdfcS6>9Hcfk
z<8nZppq#r1U?ih<I`21QU%HCGWDrkxJdd|K(a{chK<}eK(ZT|?Y@O<?5{`rLgZ}Og
zo-x?aV~p^#Y(F6V?Q`c|ivb^{o=E?vEHF{rpeFCpm2;CRK++B|V4gXxn~jgNnl4-2
zH951VE9@DMktxQ}h@v#m{A~lRKu|`VKz`4B)s-dgc!ujtHyf@NRW~Gb2TRsbI?oN>
zQ&(4}#Bcn^qK{i>BG?<T@SVnaf=6&V3gq~{+?$2;fxjkpCA6!SN?G=G-|EenUB<QW
zs2YE{s=JvyA4XH2>Zv4I29ICJX}(Z}yRCQA?&~%yD>^T6b{b*4X@(^-^q6wbv!al=
zIGfJGzVRwc1uQ(xn^*`74?(gVSqVSvKy`<bc_{JsL0f{K^YrpCoYn-h2~BjYg}6lD
zqrg1r%8HQ9`rh5b>b+Q2Qpn~+4G#}9x-#^pdm$j(vePz|w-m}6zf#rp75_ke;%&<P
z1iKgpSIF=$;hWa1VTovf`L<#Af(VJ}RWF>h1(nVaF~#ewf&_~#u~DPB<>H1_ll^C~
z#<<S6L*r-B5+Px|v}YE$C<VUz=!vW9J>7kN$r&=KXu)HfJv|hv!gZZ~dI^7e0<(d+
zs8;7!@d-%my!3%4PJ3Lcw170XV^@A3J%D#JA&=8r84X;QKdYC1%1mo86JLnJON!>R
zx9gG`7V6<XS=y|5LlsGHg=V>eE*_p#><%ioPJH@Qafj<)#E+A1(^z*m%;?;#d~p&o
z!fa&U(5SRE-M6<VHdO;=7STGvkP}k8N*XCT57`<!6H>yjl^soQPe`6Pt{k$*7rTrO
zElwZJPEKxoDUPd&JN%qdDKVwZn(>2fLeA<6Y^r^FWmB<_QDp@C3nyKgmd@c;ZS=(E
zesjG4#Jm1W{Q%%IIq`kCkn#>G7Px>kWTko7os(DxQQ+TJHgTvN8>`@22VXNyFRxLQ
z>oh{0B)8{}WPfJs4$Q<YcbI2~<IvQZB*gZ=ah9F$U8{J|6zz}SNN&ziUC?aoRc3~U
z>M&P~#Q2u>{#hP*E}2rCdA<LJesA!Cn>PT$MeHjfB_%}|O>+?%I!8YvaeN@i?zDaQ
zG-L5v#8t-n#6-_W+3V609O629YpN?q>+{um<?gCp*2lSrojJR0VEG6S{C9q8i1mfv
zrjTT}3%?ie=VAhHVO-a5dtwHPq93qAJEP9|c@M%uh4fqTYkQG>E^@Bdb(^2a9cDRG
z+Y2eSj4w_g54M|^t4+5UY1Z@5OZ^IdQ=!kBJ-5rWIC^hqfd9T>T({!w4nPrL(2|jj
z|58*l87)P+fnkRfb!mmNbXD_<5fZ8fn#>Rr5=sl8rk4MIFQlG5JY~tz!huos?ma<0
N<fN6PDkTm5{||z#wn_j1

literal 0
HcmV?d00001

diff --git a/education/windows/images/who-owns-pc.png b/education/windows/images/who-owns-pc.png
new file mode 100644
index 0000000000000000000000000000000000000000..d3ce1def8d69747d6bda659f8f331c8718af07c8
GIT binary patch
literal 38019
zcmeFY<x?Hs6FvyRoeKoHxVr^+*T6-C2MIxgT-@Cqf+jcwcX!v|?sk#jaB+v_^Zoq;
zyRY`eZq-appFUNmrcO_v?&s;A2vv|A1}YF01_lO0L0(!N2Id0*1_l<0jQFmpszFeC
zf51Aa%SpmiPLLeF58y2%lqFzbYU0qIO%UG4C}4SACm0ya-v4gcj|__b?@B^v869U0
zdvj+u6Gt-`u!)tOGn<{6GX*yr2b+KmmoEqgCh=N9T0+y^@FWw#SaWD$=<UaHOj{d(
zf(CmnQ=NfTy#Vw%q;c;3+MDk<pI=W_KN?tPm6yc9*=9>0e>`)WP);FmSN$8LzTxJ(
zTibRwktsm!HsSa0H!9aASPC0n0vjHpl6Q8G_n#zjuMr;pKV9zU{|^co8C1PiNGp~O
ztwLJJe(VPR%ZN)Eq+JLS*uifyAW?wC2P%$cq*n(I%<aH-Y5C_<V^~NK^CWqs?n_<{
zfRYk95Gpo$0RZr#sV<`G{0(?ciE|V1m&FZvBc+^@y_j!O<9Af8SCI$1jR}b${SBa@
zGN7V*HB|LU>u{J|?%-^)$7?_F)0Bq#lAaEFmxmw?EQ((&09SX!ny1b^AG!5lg&J7z
z?CWVa{{3+u!%JCZId_v6uCJWGJ-;1>kj{1L7q7cw9;482YrnrSY-~q31#Ci=2*z2q
zeK)Z{?wkO*jC{2}xWITGYjJ0tY>ty$S-xJ4-up}!{Kidig_K~K0|wEbq6v{uQGh6R
zohxo#P438>P4cYy)Yi$Zj{PKWEVWFJxJxap`Hm;i_(LTF5v2JY{n}yAjO;YG-|i&4
z{90l4&w&xs4xzX0BntA)RviN<71`v2N`wKKn_sI=+$@C`P5W%&;!l*rk`kRNWR1c6
zWWLWwQhn;ptbEsUKiNZSK0keghwT1aib8I{51Bu%@qd0c!+nn3{*LU(vGL-aAa2wa
zC!YtFa|G5`jT1C|R~7zZc5h;fmZRZfg9{?jWY-c2jXQ}c3q>UDh<!r`5}=k^C)j`5
zNmX>LJTldtWaIuFu$>vwd^E6^cC%t_@Os2#@VEjTdvavwe(^LptkZB%z+&Co;~1LA
z>phZQsSeP&ynfJeR7U0XX+v<@)XVSh8MS%zoeUIC%lj4&kdsUeadKx7^>anELuDBH
zdS2P{5%27iUgc9cOs*-C@%eL)yt-~u-n)zO>#CXjBOY?)-_66+B=%3Y7bQ^HPZH-j
z^rA=;)cRskB(Bg{3SOzN(Q(%ObaaI__0*cJN+z4%GXX_Ndc<S#KEu0S>Owud+xxJA
zNkgL|_ZL@!(DPWboYjif#NqPmii4w+%NkC^Vpeu!gmM?f#Vb{JHc7RGz7zwmj~m^X
zSoy&HVpGr2=bJY#sAV?1rMo|Y^|8`iXfX)OitB5^dKM4bWbjiF58>@LUAOjPP0UJe
z)J*t!0Qot2OvD+LbJso6E`pkn=Fh^@aaLr}7bR|k%<z8|tDFZnr^C!eyhDv1V;Zp(
z810fixsAHUCK4n#kqRiC!|U3SGlJGbKujgr!!p-3ohAFDSc113qRO`d6b?)N5AQCP
z7`wxPE1?F|ulAiKJNll;!Jgzf-Y2IoyiWWtjB@8^P1joJ)ULb|nSAC6Wxn_scpdo+
zHyT3O{Zodxr0#~F3DPg=(&wicV?M+QR4glAkB6zSwG;~du&r7T<U!w{p=ei_V~8Sy
z=57wGayUuAVrK>F;xgJ6kj{K7Y!tfZmJu(1`^Fi#&n{<Jk$ju$<8jfS@2%ZuZXGlr
z@nj{B$IZPJHcrdHqbB;yK&s;T3gpK>>t%{8^ir38s-Zv*1pjnAk%7mWbOx1I+H{LP
z@|b%v7>ktW)12e(5=Wxp2JmgNNY+hYbtE2!1<8WR+=0tx-NWI8@O{xk3u^QyMB=WY
z7NSb{K+d06R(S=>V_6kGZ`6{<4<A|<Ku^#a$u19gkNS0AECMghOZ3d0@A@oq)dSMU
z$x+9GzHWo#jnl5jYUmIjWzybgQdPA5)YC$!R%9akuEtE!jd#!1bS1HgmjGK_1xe>s
zNPt|Qgq2h0?+Okza9Q#Uw7=(&6s0lh?vUh6ej-r?u70MmPg%86A?GG@G-Zb$|3l~i
zs=)nV2Wt*KOg4q%i2?7L>@yW~=D`X)|IcJat_A$`&^YNys;~tW#GlHtrP0}v$<zK7
zz>l7p`su;AUZaI1W8yuu@IUZlQUz|sy8hsD)r9Nd@|3dJL!%UefGH>%2yoOQRIaqQ
znA=ci6Z^0gws&&iOo|Td#l6pUa@Yu-S~Nt_!(vDx=KVkaQ<6GMPtCo4(Pi-Tq1*UH
zhBY_a*hfkwL`~g-D#c*e3_(BfHO0rA5-m742)&6@?)O-4|0^+lE9TNe7t$~#icbpq
z#fz_RlpTT-o0yWxo*98O^pllE_5R2&l*Fw|pIv4n(<gpcj#oVetM@}MFc9gVkv~0>
z(*|Z;{(Nx2Vs_jq-!6r&@~V%|#Q|69R_dWik`b4B80NtCKD*2^k|w6TQTX0nw4}5C
zvB@HfYKH5|;&#Yrr4aGzhFwzwv?2<69P@(Ri+OGNU;ztQ#A+cojM%O!+$ud2Ux-Ix
zxc|mGBAOB7GYRUi21)iRJLn#>LeGS-%ZxgZ2hP=&+r1bU#>r#9ixl*^ox4{H#IMkk
z{t#`(POXu=T<R{W|E)Rvi-Ux?*yb~%JyLP!f+z>jG|%$8U%9#DaJCb(8EKCAU%K1q
zzLpZ8_r(lQvnOm)=h+RM{!b`I_D@dNLd<%4<bh6t22mhIMmq^PAU6+?=0r}mp%*nA
zturS7XCkr4<Kw~X$zThCT(0W?>>Mxe&Y6sBe{`gzJGTJBWQF~%^mE`d*bKk=C?Afy
zbZ4URs(2jJO&&{=trc(bZo&BCQpA1tsY6Hobnt;dMfOxfcdB~!ik})Eo7<n%Ys0yD
zQv^5e?qVQ?6bZT;nCb4R4ETM+d4E40HFdjdeBb)o9c~cNn|309CWJhI#x|g`PnY{o
z9L3P69{0}ADEjNT;8=^@r!}-msU{fI(Fubx$-Uon&crjsx)6yZqd45%Q;;R%0OV&t
zPnw6~=Ix;~77K@s!@aQqa^!El>aLIlt9f~q8@bXd*gC_ss6hRhfRRta)y8}qo7R%j
z=SrF^?Iiob>T4sJF!fN|Fxd5KzaComx-QIBzLP%cC|6SxHD+~L%>K_Wj7uiJ&nZq!
zjuoLSd*``TcP36jXdee;+@a}T-EF4Xgj@c=cnN0YIhF>IoIej)<epAs6|=JpIc=VG
z6R!dxiN9j<?$`!~IZ9RHkSTf~r^hi8JrdzJV`~hHi^1D9sph7m^CD^*I*~)2D=~b0
zn%(hffo&?Muy1dV0(b^z_1~X*;#M>-&Sq|x;bO>wYU=?1O1oQHG_efd_M&0;|H_^+
zRbnlyr$x|4;csUt*S~hfXuqe0@Q&Wn@cDPWjb=P^3W!uK+V@?V2traWpX`ufJ6VdQ
zxX}OL+^QC3hSwOrMslfv1+hu8B3SCTmvMj{4nt>$_9aqu5djEy7`<3k-f{6|UELVu
zw%yD|cHJjJVlpSDPk<B=9IR+`JGZqHhLwzPVji3*_V9r?qgV8|GSQw8cGiKYs76Rj
zlh#&J`liHMzR=WK8TrE3H4Hsbvnj}EEUJney>s8?!;8sk4Z<(&j;IJMw!S_i`@VFe
z%5D$01lGmZU<6i^VJ|TJ3_2b?N_l8r#ga7UZ6(e5?X#m`JO2$o4+~=FH4m>KY#-ck
zx*J~D_H*4#JSLjfDU%g>kGg=4JYh&|R&-IjD}~c765-v!xAxaly0yDr?E{BCtR+;x
zu`UX<0Hz5n+Hbc5wtVPvI1vGV1jx64YA<dlSMlu>%5_SQd^Fm6rLxA6YrB?Kwpsx)
z*b`s;vp`rfERuCn=G=I)p*DQ9rZ#-4A;chEtXN`bF)1=Li8W#kHF)KnaQ9}+(r+fk
z5@~{2US#X%`{L>C=0si`^QOgOhhrxk=b&o;b2f%h6xHod<JQr`xe4mt>E1c-PQaqC
zB<9}D&+I7U>9<sB4<Vu>(m)Hjq8{DkxTZ$0hDm<HIpkxR8x2kAhg;2FzkmUB8Z(mt
zDe9cf2812MGWZXBKynFekX>wc_>>w_3oC(Fv0N76%3-e5vrWLoI`-$Cxr(P@B2SOp
z83X@2s~cOmk~?#(UQlqm>ir))pl&L~qI}=kMALHumvcf<6stklC_Y}#p0Z?rD*MlT
zTAi>JS}{{1g!G?jFn*xaN&B$Doe*83;-wmr#EoU7w$O|avC|=f_J@mC!K5nvpd_r)
zsUIWQ25B-fPE+ZmD2^<$eq$ZR$lK|q4hv!n-<l$BA<R$7Xy?Nz;vzQ5A!)u>h|Q*6
zTaRirk;OIj4O_Dv-CGwll}SWc6I`sXhVtY@alKW{Q#gQV$_@n(Ly?4K`h1LuX}*7`
zEX$@eX3370cGfU5a)Zggm$I6+1TFZ4ogK9M`zvu#HiK_6TAP;6aWf4_t_ajz-Tv!d
zuK9l=j)t>GV@@#s)UN>JH>Dk(7fzE|XzsVAanQ<5xq*>=P63b}G@}w<%k-*3lqT<1
z)Z^b)KE`soNRKc#X3c)KjL+(=kTGN&fLyv#&gJ4Q%7@!j<G--DW^)=wNqmobhRc#S
z_e1H`1K+|50=6$$c*c_gkcBUxy3L%*A^O>C{)m&A#F~g5z5Xe1vIX~X?xg+X10X8?
zaspmq-Vc->Wt=A^%1KyEId62J_jIcZc1T6Kc&SfwE5*S0x>%Lw=bJ`G+PuI1V1J*c
zYA`$RtRV0rcQCl%^9nYfh`vK@WKbjg_5*BpX)*>wp~NaBL9yC?Spb|{XL~jYszCAt
zC~kKC_XRsp{1(JTK~=mCdq<8Jci7V{a%XGn1`RWU4r<(VGNl>mEA$Q#Xgn2Y?EBSw
z_yiVBBhl=X_K4~<Z|R?KBwSqxmh&$w5Ds@neoWJVHJBAcD0z<0HAib?qhFnMj4wt;
zMm=_<;@|+f6{Le-+?b(>f00Z*X%aD#Vn2D|#+7}dj{ls$q|6ps*XPapBZ!pw!ilSb
zpT_6$v`A*J2q_5-9`0FzrrKDoDX)4UGHd-4fJnY)xQ6LND5MQFcKV8_eYi5OVE5T+
z6()<7pODpOx~;|*OTZ$N{gbEqiX5|fDYYD>z|*b{`e$0s=?5Q1gGN6c@n(}6SZa%C
zf75{q@SD5O)8+9v*w2x!^18COg|9PgKaxSUXf<Sca`n{a-cOCrTTzxYM*Clk?8v`{
z1D89k`ipgXKgnn0K#J$D0-Yki48ugkzQA!h$Y0;lTS#nBQNb4d@igs=t+0gV0+@v0
ziio@-|1KZSa2k$MYv@sVePf7-FtTPc5qjR{GK071QO6L#+j}xmMe67X$l%!rDVrD|
z(mcq_#F@8SP@lWj8(cMzbei3#$nN-{cOpMk$l)eRfl%ftBRcI26{(ed)gb`NCv;Em
zrU6vtKw#%CT5ioZ2N!|c1RalJ_7}R%;lP3Tb%NJ|J#KNfzPi;+!bMiXL*LzCd7TnZ
zBopHg(BnlKQA|;7@qsuk@o`_rxkv`Vc9uEt@sU+d)n5FFJs}V}h4ceV@d@@RD<haV
z^k*yA?^Slk=a`dM0S2DPvb_07I?$EaSl-7Q%(P<Pug@8w`4Xo^=F^|rb@2n6_A>)K
zG-j}Si_DTVl>G*Ek{uT<ZPf&_9=*B9^r|u9rY@n{=?(*RVienjA@}8Tie`PMHKqiS
zT^W%B*~iCSjD(^wsQ@J^`H(Q9Wz1lYrhTLLfam9*@6l-rhmlCE$ZN{?!NE3Mg6Ia(
z9Pu0SVFUvCVq)UfZi&>qV2zz0hU4L4fvM$JW`PKY8dd$6;dLFS;REPqwZ5>Y#TZCR
z;_!`!<G}l17Jca4Ws8XiGyY0meu^@l6j>#jB*a)TxXP%wtbpIIjK;$WZjX_Ma6_~n
zDNfQUW(o9Yy>;*GxJC1uMaw{xmQcubE_dmV%xmvA_nT;0WA0_!dE@Wj(LW8-Zt9E2
z#=Z*XPm_tLFzp%9I~$7oiq_hH4Za(Xa6fCb;)h;x8%zhyK!yZgbI}z2$Un+SeK?l~
zssu!CHAN}~SR}7Cr1|XA^Sgz>y)|2ZC^h^Q(NtIzk4y=<rav2-QvbELk8is1qYQk$
z`hz1o#cN~TpHGX_U%5iexiMHwLF2RxrhSHbW$}e^+L3UskiTjJAE#Qbis^q?Zu4~L
zjd|FliMw%&M;&RF4Ydf+KwfBZ9o%KbZpd+A6&?!~o~>@ciMkWuG&k_e89=(jK$ZJq
zDB4+CU>lb0dGLWPOY0xJ-z>qD?Bh;qP)h2`be;kEROg<&&fglSQoG@1=cXEDTr?@J
zP&RE<36I``+X-N}q7@ZAri4BXO?ty#BQhN#SiSwZe<>@~C-}S@-tR&Qn*mdcRFrFW
z>Ph$!_F^*$>GX3WcWM%3h1f9g=#spqofWT2#G8_35>u`^y?>$x8)v9jxAp^MR;dx+
z`?fbsHS>Y8a@BH>F*WPM9pC;|63oiK7MEMBoY|jgyG0h4H(Vo<n>U&{VQ8OUZEJJC
zU%=w{`Z$z`70k|mGU?G-h?ZF;j$ew~b|H%j1ibTYUQlATOTumyO77p)_McJW(}Ki}
zFls{|cDk`1NcYc0NSS>2<{-&FH{lUcl6Q0R*D6z{UT0^wpx3Uz8P$f|wP6A+_#Hfq
zmY4iTI7j&u%M4P~UEK=H=L%i4m6X-*QUIS*zG&IBuA5J^>7>+8UU12nIu9tJBvpnX
zd(1!lyE)L0lsz&?(7Foso?Al@LV#yl#wL|$`_U-y&pu!+qpcgG=u@*tV)GYHh7Y96
zB$B)hcsqIeo3d+HZ6+tvNJbz`Dwpda(kq9s5O||9z}9Epbm&T*5ry5vozD5k5Vy*+
zAWNS4{R<B5{qEmz2s-v~WbN%j4W`HTXao5@jZIpR*az~Rqnq!=Ycq_<y>Hk<y3$j5
zHIShrpe7XzJ37|jAtgw-Hi3jzrHA}P<q%C^z5|UpiSg~qT$XwW>;C%K-0Z~<>9oql
z#6y7<HMeivA}n!7xL3gCbzB8ZvW(X8SHGN<Js^m*d)oM^iI=*Gg#TtPK)eqCLI7uA
zc3N@5#nHiv;d4_}6-dED*O}8V)x>!VWXyJM$B^;%&%3plC#O_loQN-*@cO*OnF5_f
zII+LzOpUpfJg0ssT#}wp`YTq@_pR3`=ra2XIv|=eN#U55C1mA`bbDUO=CL3KyQ#aw
zsNKmGd@i`09apElioMPX!>E>&YRX2%V5)~<gD}u+s!O^Z7S}HZim(z}?;}7WXB;)i
z8d+zTTN*|%+xp=U>!geF9vlWpi~za(j64SEr8V_q5p`AkA0Y)E_YJuvKEIo|ywfEh
zTF=HP-KY6aRE@5D8~=pJ7$V<*u1Wf?J4aPzoEN=y7sFHjx6CgO6Y#`FapKvw&lEYG
zOB_}7iVJpwL1=$Xt}?0Rf>ac8kS%=Uqoxc6?vDzc%?2eRQg?Rsbp=3Q7|480KH&gw
zcXF#56B&+%6CDW@I4hTr`gLa!cg_Mly`Qamy6j(O`Jq45h#E^xF9ybmiVgHaJ3>-i
zFJ{b!Bdprv@uW~=?6tSTbZaV})1cz4RDl7lM@M25n!|`++WOF^j#hWJpB)9rKFf;-
zONUVCC`$&8&S+@cu{!q3+swC2&Gj}q2aBaZqvM+3M#-N@wCy=eH<Y=cd*w>fo*Lh5
zY0$?Fd`Z#X3cISSVeX;m`WBQuld#iXx%zr|p0eueZxP4*?{xR;*>hIY{W)Yhzl0=v
zmSIh33T>5_JEt~9aQTh@i+Ca7?+X@zFZPZbA<Tbs$s9*^x&pS5RUwORDLW8W{5768
z5^vudV*?Hr6gVzZPDe0PWrroYtEj+-m!l}~O4N@nWV-!(FG5Srb{pD>`%;qG$+Tcr
zx9Fa|qCY0ilRD@pnW3L8&<FWc#=6%JS^1A63Up>2m+})8R8Q_JKlE@S!Z$Nt$cv)j
zPA(I7esVTKYfNh9tPDepiX2rN5_;ns=vfSbr`hWBD%zPHMcS^dVI=%T6og{x1f6MD
zO9L$U>x(kwdAsml%E#OO7W8iK0@U~*L2fnFIT?gVwX-(R*6+Vk4xuJ~+~07-cirIq
zzz3S>Pcw8N<SG`bY_>-2JUr~>Lc2BAre1#Z`sex)-xFZn{<y2%?5coao*{&2_Ldfm
zWPaQC<sGjqlq}bOhpcct?bHYqQQS>yI4ITz^vB6bPZh1lWG#18Uy)lFFOtHUYzck-
zZ|mjwU#S8+vQpvD8k?B97BrK4#(KBqC*m`#H&i~3EXFlXPo2eUki89lmLuiy-tvLs
zN54r=67(UszdTK&2s;^Dc8jQZ$0V@tQ)ZIvBQ<42-e4*9T&~h@71Yht*!AG_Z#KZU
zo%mhz3Zvrw8E7JZ^=}SKp%nXsU~j-h_L)2*@a8UdXf^d(X7`np&~rWY{!@0wF{H?x
zTaY`|{!3+9_rI?kE?H)({o0Hvi`BC=ru&VbM(%Sr)C<(8lMr_SBNerz%ve%oH+hP;
zfmoZ6UWcFZf_LjwN?9}H_7frqqvZUgVw)W31W0qHN9{8Ajj^($VRTOL44gq|qZ>~s
zDx}b!ohIeM)~7*;k%noG_C{E)1pEL1k}u?`sVCC@x3U|gr>t_LLK`Qpvg~yXJrql&
z;H#j|>Tsk<S@Q#?#H)JQ%Hr9zzB#S6R<`>5`{zdK)tuqo@!Gzz^+}^?JG;s!tXRKu
zXtn^h`L12U-Ru_J?lRAz7rIjrh4{_Rh+X)4u<E{MSn01zDS9$-gBEf0^SX6lh{dn}
z*+=!Ar_TIm7)Sm5vsBBG<Joz56L`47V1O2v#<*qzx}tDBD%Kyi!F1|h6+_97Kn&c)
zP7YIZDK~ZZ{G}oU#q-^_vdHTEceRjJcJroWG`Zg=qH!9gq^&{Y{TP@n)*ZVij~Seu
zIj!VzOJ#pF^exAUFfw)Xz$(8AcGnO~EV*Y94Z6yCqlqbpi-WoHs|pt4xPQ5us>e{I
zXKA7#@&px$f996=#ra3>;+!Gcg)x8iT}70(p!kE{<YM>%qi84GwmkH6cQoF_Vpy+B
z`OYkrx0gL~#T7D&FAGl>Thc5vZNO!~O}kq1S*r0B*2@=HF?|))=&GCd5^h?sw!E7T
zdc&pokf0oftcp5(8pA#|moQFa^Ii*j)xJNL4u0o*DUjbZoXPUh-i7z0*+g3UKULrq
z?f)<QzrG2YX%C@oJ5M!zr$_fx|Cy!tZ&c)~r2y)Xp>(zX)I((ae^t)lL?V1FkkFPR
z$rpJNF94(-wnl12?A^rgG_`=*4;WK~DZS;_7vy*P6CmQBgjPcE-xM|oq-ou)sZ5o3
zR7@qwR{p=r>HoueX$C(4;s|GsG$k9=Hv6^kdHu}B$X=|`E&G*I@T4}oJIt(w!ImpI
zV25yTv*&_TYl0rN((SX{!z;$vd)A2EIuQW??8;wv3K|HoepLCI7VaA<MH!cejQr8_
zkIYss+6>q#<%}I4Cn-fY>UaXwBO~&hBMNvg*9H4=knz*Qn&NQ3b;MJ^0szGR5Bo*N
z;dS}ZDtIgu&Ojv*R#HBTCm7I3**s?bt1^7-`!@|O;y0n{O_%N;FB;fNnMP?g$w|&Y
zsj!gSuISq>S?BOm;;u9SnB)Rl<i2y9xVwKpy%1>6^7A605h|U?`*X#+k=k^TSDybO
zARGn>u@IM+Uh`07sXRMFVif{U@@{l-J+I;tu#?2qcJ4IckXP9oRczH1U5U0&m~yf6
z)&@xTci`fHt%bkD6=>+FkjRaMS*$`XG?tc{VT8Hq@J;zoAk~%^!FRi}rdWP={eRJR
z82w_S`kWg>`aXsAF9VRIvh_Of@04SDXJ336tHdXuSxZ7)LOw;+a<wY&CcR&E>;+jc
zaNX{59gTM%;yPmQ<xDdOB!nZ2tz~V=5{GcE{B4KApes{`^-T;P2CIZ)A<{iiN-G1Z
z>t>4qsf7L+VARhh-rgNkeB<N^kvlUKw4yLXx!3b&vhv~Vh<^}_#UsU9k;+y`Q&TaC
zB3_5XuX}RFjDsJFr=@#Vht*cbK>ey~QaC<aWd+GdnUqBp5<pwxBr^Zkh)!gRjy{k^
z{*5fCmL2EY3umhr%r_qamUF46R!wA#tG*n&0K(t@!WcxBl{~Z#oe#2htNN31^NYG^
zXe=EL+vDREFEqSOHojL;S+5}@-^lpsi80KRmjwL2?fq_XrbS8jd)p#i{TX{yZQ2@X
zKcrJnXiN+_imrpKLxX{hDYX-2Lp9NIM>o%R{R4I>G7QGH>GQPEN)9r~mmI7|b&vi>
zs{{or=_fT`p^-Ti02W?Rz&6cOsJiHrv|10iHN&p~HCBr`bhCxXgnZ#cO+cCe4IWYb
zx%kNEKUg7<TAcqJ3Kf(VZrnc1&ZciGrP|I8I+vKJ9*@m3wbIm^4?WVl{mYcWD~M2L
ze;jndi$f&KTG_%ue7s*s5egr&omOwyeEXBdriBy75)nlFGjzP^`%VNN8a6QS{Cuoe
zjOz=sQe0mt(xY)7hDh~xqs_^$><9%)Eeb)rceZeFL%((BBB6(HHy^G5zHI>0){z_a
ze7LtrBXBF<JZwa3){m8GOn@Et>7SX&#TTL_{wl1LG4!CG(OBq|rcFx+mZQDmz(Yr1
z{Mpdcv?QhgBP)>k{4j=`O}>Az>3T4oQFNEvrTMOQV@ZmarIQzpxKdu+z#mr@M?5w9
zJk+Rad{8#>JgfwQ4Az0H3c;qI9R|hlec#^KuTukCxET<R#p=c6;(n^m-Zt|5qGHot
z!G~%mFOxA)pmh0+WZ+99dzQYAv}!lni<NZy&qKi7#}YdaN3!~`kVP0rffhm#>{i^~
zxSkZ6CWt1hbQn5*{nC4uyCi8<o}L*JvUuH#h<bH#0E0t|xaQ@7A95b6&3+PF!8fQ*
zmK^xw?RtKv&+l4lZ%!P3w|}RR+qWbNbJH*@lxX^UVmR`D2WTiR6BYkO;k;Khz%wHS
zAAXJ)I!Cef@@#%WH@UBJcHXuIOwwp(4x7~xq`}_V;a+NYpm!YCGy5KePuys00~<({
zyYK@bpKnUXmcETvpvEom(zIa3alS2mUCbbPK$?#2Xat+m`T=^RJMI5B0RJ-i;R)0D
zn(N`da!_(%>gWLM?W)Xo!2DxsKijOBM?)`zEUw;*7LrZveX-D_4{*FQNB8Z3eL*bT
zx+Szv(>cLL6J_jAK0hC-Wg4Lsb6m^qJBYTto@$^vOTh?l_o1%bn2nx__|+`-Ii$t@
zOngivJ^r-{Cy8i2$<5f!?jzzx1EL11|LcnsfGB6ciC}=5w+a~a&sO{-zYSWVO<^cD
zDn7C7uU!<HvsLC3-tI-cy}>4<AxV=(d>(iK{@9Z@SlQEDF1@xX73Flk>VF`#Xu3eh
z#nwiFak#+Cl0!941frssjDa7i{dyh}pyr8wbth?M!n$Ga$XF*s>*Y%I+IZ^Dxf#m1
zgTui<hpl}*wKIgZKzV$7Bkz@E9XC1-hZ2EbTlBX;c9i|0*_=5!wG4wO?zETqsU)Yl
z{N34t69eCEmS)`W(W1i9_y`%;V3ZZ<Yfjy1pp8^SkTahkx2zf#cPGT*D30~#&y#Up
z6|q~FHPUbwV-?+(<qHiDxKgWu&%X?t8CC*++@(#^GZHn0A@vODgksGDGe|MLZ|u;3
zdM6wN^CmJi7yv-e)FqzqVS<Q9GB-t`G@}BVjL$+mSShZN>Z*{`5<IJD8%AB<7Qdbi
zA2}a-p32u_?)c5ggtAeUhPu6eBm%j!d#6CLb~-(i>Rc{rFmf;CsU~j#tMG2fWMCJp
zqtI=@Jw{O3F@Nu>52rW0O0f7-$I-EYpV6E3_wbJ0+V>Cg^h*ihTs{G*Zu8%yf-ouy
zDs-C1QKS?pyj>IyWDX7Mi%<r&h)3KSjb%jQH(2o|`l@)gvN!bp+#<sQKSOnYeO$mt
z+gP4KRVACT9oNaQm(laYnTU(^H=FgfskWNFD~Cr1&6v!y(}I5*Ulm$*>WDuP5?_1{
z`DHWLn`PgBrLV+)^Ai9TONa>ge%JFW90c|HYFrmon_J&YhZE$=w^&rG`(MU^!VjU6
zEL+UE9+FH7>o@Kx0Whq2!Tcy2mSCh-zhnsIeKxHFBt$^mJ5?A|Yskf>MUg1?H>5G`
zO>x01jMK<=#eH64bCQ`P;a7-A-!`o;{{VR+&?%@hGl-0eOJ=Czalrf}U{#<2vL5Q}
zS-0laC^0WVV}kqCPQszuX_LO^Geu14RrIxfl_ZSO4~Ywb_1EyiDi^#$pQ(z#I|%LP
zK+Crj#b{4sX12G+53u=()o116Hk4O$lu3E9uDd_D-PLB)6U2(-<%8WXc+I{NM_>E7
z+2aUlr7+vUhpFo7u<jNqSazf3&(~wwUujVW2dDI{EF@Hcp!RLVjfhAk{BO6=cIeGV
zO`vBgQB`spHVJ7Y@zc@8aiL(lA!0@*QK(ucZ+o+ha-K{C3Swtv&<JSqTZHsiV}0r@
zPfs+&F2i6fV(*J-TO#>yt0H@gL`*CgQCw!`!I$H@{|hrfOg9%lA|^-vT~q~@VhAtr
z!tNKUh?V8jvC8h54>w1=*gMY4OK|9m+bh0XG#%j}_kLA&dK$nZn;Zru2KW6|<ie@V
zSM})*SZKH@p0bQj{L||t^jCuD^xiWa?brVIoxM6-@ZBC!GpBCQ$IqYT(N*>EVk$Kh
zpfqwfXO8G^tq8M|<NX~$a4Q2yI|ZRPsc;+#H<L!cL()~E28x{8s8^N)7lF!nDs9vY
zP?o<EOA6MUrrx|8!2BTs1lfV2L4?EVL!rwFK!T2|8C_*YMzl72w2U~15n;}UAIP#5
zW6hS>Ic0tA-dopPKQC^_@Yb9q=nNH+I$x*J>sk=cn@XV9F6$1&16L;lR)i{h4`WUE
z_e67wy3C1GWEs5WD@JfalGS@D+y-17#JtM1Uo>a^u_EiMD|mXPJxJqih9vVbHc#qv
zy_(rSq%+l|oLtbsb{F{wJA(3y>G^uSWVb5xXSdjX^pJ5`bi*_qsUqagI@V~o3;j}4
z-YdNv&`4D0V2kK%%EtJgJwAY<!ztb%j?L8-3y~eqB*^(6#h%q;U-rH<dlDEOZ*`x+
z;qNZg1?563lA9l4d>ZFXeGy{HmrX7_LrKdwLWcO>*_wrLtSG%<d!Fs(Oji<y;@+@v
z^GjP^;hRBTgRZe)tNd-S85V}&i!mG>yM@VCcdWY5Es&9n4Woiszigb}*wJ`0?3jan
zGJtq8d@$Y}=y_!Yi;r^adB3jhKX41PCM*EEu3yFp>9N((``eaYQ&stqRk&7ETAp9k
zqQ-bC+>W7H7^R{N4g1avcjY#P;&dK03E^p{^8zwF*9^(KT+*D6oY7K@lTI053hh-N
z2}?yJ7i&PQTU_D%=8k7~Ryk;DZ`T)HAd4eFXYhOg68>7+6Z4*BJHKfexW4ImFXaRb
zS`T?Lg^k=={d8@Ur@$*`kc{I~goMX+ubWcm<X>KPn(`f?(_mSDzA%Sfu4y29N<ZPK
zD(Q_h7wUZZB~9`%pkO@KWgK4<oblaMs)I-$t3EfWbZDDA`rK}^-weRo{2Wlhpa#-#
zX0hW#Rm@mg5;v=&45;NHx5r!IaB`-=x!?ZsUz_M3iI89RB&%8Jvd!US;!FXdzq$}M
ze=f<!22biklXz8%uGl)S(<gJUaPhx*I;&twYlZ{a4S&Jzk5Hk%6_Zrx;Q;GLDRmgz
zV{UgeNOvhrsD#$84_nv*s(iMV;X7>;GKq}rbJxBp9J_ZAM8KPc2K8PXqQ(a8SfBD+
z`9U8;F-h<Soqh*dNVy*cUqNVuRxAtnmJeEDB?A^NxG3&hu%a8OeI7Lyyg;T<Pth;k
zkZU}o)qa8>wL~^>a(~V84fe&wgdg^9Y;gBO61RjsZMLE$1VqKy_%IIwwpBr9&P)A8
z&ffeOm{O~HC6b!g>9Z~x{J5-!@2gb&nP&v~qSC(fh_Bwa4Ivg72%eZW+bQ__AFDF@
zp$<PlU^bE*^jQC60x-6s7M13A(Mng4rsTHzBf>XB#y%Z$-mPu8o3!J{&RAc2v|_jM
zuSosd`#)IoU&b0$pb4eK1yrNtJ`aH$SQzR5AJ7cmnIy*s;BB9yt2lVUQhIh9(SMNq
zZ{k(<d0giIP!N9F|99vHP)0b%@+x`tZUA}n_dhPrWC&PcVTb5qf5OQ_`yme|O3xHD
zdz4@5W687T7=N20igibl$GhMqzVd<v!0$ny>kT;zYCBZ27K=)2p6~pS`(=oB9dzNw
zhU-hA!_2Cg+)ExX5*^1pN?!3N7V51;rec8Shen!Mas3y|XeTV~!ru45z~WxQsr?jd
z^^G9sTK74=0T(toD0AlDYs%=jWOn8z)^!)m{@<(8z%HCyIW0x~3pvtb%&@*{c1Yuj
z2ShZ2e0%708=6Y@O2qGLcRm7#&L~Q2s5fcW`+7|1^i3Mx<)8f~7xp6NR;rkq?4ke2
z0d9<KoEc^1uTOtNrmP2MuMod&ROj6G9-yNkzZti?7-1GRG;>($2sW;hC?ka;5*W;3
ziGlvOFY7v&kXd$_m#RJr!Ixf_osoqc9Vf<D(i5*Th!Zc4ZNek*U{mwqkJP6Un6J-a
z*_++JbjBO+TSI#@JgC*&e867It|e=)EJ@+YF(`d?&{NG))1ewr>W;R_+7t`R?mZ7s
z*jvtTEyd2ihn|S}TtQ;fSX4(S&<%l2h`K3xlW_+ZqiJ63xcZ*4XsxCOj@N5v5bX()
zILqzV4RCTdTI2Deu>M!1+Ui&9FCYTCyAxFN#f+gvT-_iEX+%oQRTG-p--ZQua-n8p
z%&BKOpG;m@p*OpnVV4VP-yxldp_8rEtLhmn4xt{MQz6lszI<H=yrrU{jD)Snyz1(L
z+h>pfqSm`gXEA&Ga=qDDp{8l$xQGIy8AQwXm*wEc*G-ZwKb%{A=e6tf8LTI}SZV**
zqg!ZYK%Wjt^In!(b(bJ|vI<srRuN+U#XJBkyoO=elc3|HE%+1e%U4_+#b=O#-;4Mf
ze|MO-F1(gVN(3VSzh7mfcZGQy+c`R<ALVxhct;^0R>d5V^0yo=8>u5s@08FdLadwo
zz<rP|ZUEX$1IOarhv)n6zTBULY_-PLW*Q6$(+=YJ9e)SFZXA%F%Ul#=f82}m?U`F9
zRrfeeUhNcPJ*g%Hr7vFeT3wz4?KRtlaNMprW<6IXHR3uA-EUrL!@XOPpN>xDg?}&r
zt3Z;*9St4Z!tP{Mr-#n`tnX=ruTxmRtNW#6JrOSEe$6O#=u*qo&L5A=PqlVfrN#|Z
zG)zdb7G62TUBhb?l1druo<zlK!WSeq@uaR$!NwqM{qp-osn390XDKh;tNdyKR<<7-
zapa7Z!RPnuL=%fWr}fq0ChqG!?v?@!=9WTbwwU&gJ&ThBK7GZr?@f&DnRhqkM+TwK
z>l(gUa^6n5PJ(2s!Y*5yl%Hr|sPi5Kw#7a3uzofx%^{*IUWRt1^m@%03%l(8MOy_|
zSAa7zXZE~X=bH~p)b5+fBY5z^VciZc!TZgEsrvi8Innr*`upA<(h)@&f>owMnE&3Y
z-y2|qucmAQCe8Yc+bIFX^!sBFkvQN!f2?NF_a-`4)WW8)o+#2N-4J-e%Gw}C5+RX|
zxJ{3po<tQx63xyHI^oBvhVbSp|IS(a_cPWhsUGuebgu%V+oCF__s59ub^39>Qx-pZ
zs!<SD${QELv8WzOwm=)?Br~W&WHsLLVv^s2RlvvBpk1ApDVj7RTEF8n$1|7jUq88w
ztY@#I)Z<YN_I9XeI;n$5zOe@nu`i7}-c#~p-d5I*n!tn=gg=>AVw7@7O72<F9W}q6
z^6{ES^=%JL<h<{uJlGb?Q(CZzC^m5x;$lFSY5Q-JL{@;8VGQzA+dNZRZMEuZX<;j&
zoCuc-c_qY#AdFKYNzwDOs;ut23)cSGeK5}AKa0gUi)|;Xj}aBQ*=RYvxXtf%a1P#i
z5!oB_fH({84+ZTn74Vi~UC4m=N$<jFBuoUxrADF`NbSV>ZartV+QGsGm}`bDz8>i~
zor#&=!lm;|?c7+Kp?|jjI{U^r7V#79eSy&vewlJSVABf)v^hiB*rcE#qdA#PNGOz|
zgh>Y&JYBH?vj+xoVM(Mu`!_bDls?Qp^g^u#z<7YtOX=4z2|y?Ete`^9{WsNU*p<Gx
zo;Mtf+KJ|_cXBkKNafk|@T$7^7~K|)X5DKYjIpt-9w*p=RhfYoWlWB7onqeJ@r&f%
z|GV(=dQ4bnv9whk{-QxrC^J&%_I1|Ay~|fz5=5T)OpLNyARq$}i-u$CzO}D~4kU@{
zVdZf*ClGM+wTJJL`1u$+S5LSm#)@iThS0lUE+fI(HN}MU*35v(^%O#-X4@C4$jX)h
z46AE>qT-%H0`PKaX{pgV3~21c5GF*I^{z9-A@|LiN+tmEWF~3g7S1eX(MCC~zjyk=
zHk(OuD3-2HNrFBxF(NxXd6|Am_y~tMWRkb?P6Nh_K8EJSH33GWirevoR-;0Rtvs^{
zg*h34iJoB;^VYqO)<@4TKH%wo8UrzIbZS$7(qvo9hFQ?sk~-DJzg@6%+#D6{1d>-H
zF+fNdNQt23OiU1P^@z~Z)*rm?&Cysg97`z7!3iw7Llw7;0GMg<JYuT!jxh)=@U}S2
zFIm<K5%OVSNV=2&6gqIhlZ*iV{5JAi)lT4jJyMr@6c$qhqK_QycJ4GJO=*=lJ%*ve
zHRo-K20ez$*!f)EfQOsVS4+rMOFc6lrRIXu9Xe*2F~f>&1uNL!st>)4<+YB{3{N8O
zy5?U?*bC{{qe~ms4H-n(dZdKa$+QS&8za9eqJ{Ln<`NQNl(Sofe5vUBRYXV8G9T?T
zzAGO1%;9A~1B{F=rYX`lTnxOqVN)U}jaslxzAuP4vW!M0FE1Vl;Kj)xbs0i3rP{lh
zR!HD4@WTEEhkj7$NR=9r*TgrGnG~KL8j`@Ersl(IdQx)OToOjE9(WUu0ye!69SOSZ
z#ETp)@4Gj-Xf~CEFH{w1(yY%7CgpJ9=M<rWLal1}6Ia9wS0cX@;KR$p@4OOS@W)*y
zTY*jGB+$w^r`^v^2s0E;xxW19ZT(>Vj%1o$WIvc=p!PNMZw+~K1@;Aj+0R$`;2nVU
zjj6g@+eme4>EkEFF=1gLd2aFex&T3M2{UAJdjlWDhCPYgw6wF33bP7Jv$qi!#l3==
zhwW)691h_zw7<EYX-Znsg~8Mn6_~N*cw>j;f#4q^jSK4Tbr_sM8qhUqYjS~H4$TEq
z?R-S3&_PH$H{ZgX75FTeq5lyPlB<x*P*IoD9x@Uz`)L_lgaKtT0~k@#AqCl73yg=9
zq@~-5+Y}R=Xr{pCO7PdE6aTo=*eD4i5u+m$VT|h`;!NY}CQq27{E;W+VA2J%t6KC6
zco@_%w@|h$0REyXs8K{`x?20GoWYI4$>zf#Av(XQ5*`}~UUat}nk%o`n$|~8bD8be
zzcpzor1C)oxRKEk?ngffci|I6Bt+#gxO4b0?3%Q6wlFUTP81x%mo@_fd0Ay=Yeah5
zKI)fh5()?c++uPsbKGrsY#D6osVQc#7BMj-U?S@D9}lLF^82p&Nev%c@szC~?qEgX
zUZsYmb@7-BXfA2Puj+aZ;ZL-&E0P?&#4MV(yfl0LkTn{y3_<R|OY-29Pe*8VI~PmA
z^49s?lLMM1bBNo;e%{88B<89w*MDvsTW12HX&h_9lrTROSFl&9@%In(p(p0nPS3%T
zY<yVW22)!{c~(Ttz8npySpmiD<uU?1Hzs}CVC$b`haIL4%ndd0nWV(1%FgJ)TmSy{
z$QQPz@z7yvv>hiHO-F{}6V$&NHrwejnQJ_q68ss=>eWgUu3{ENzG1J}Nb`{WU`K)<
ztMIFnA<wsSLh-cJo~1B&mDAV;wKC^6tI)2u6}5KyTbR+gd%LqIccJrLC^H424~g>q
zV&THA8ye#W$sk74Z=8&vxSGC_O?o46PCd$DzB-iRX5T@OfcIm9(UhuA2PWTyeBa)#
z(;&SEWmP+hG9Ay)F#4@)e!npioRCfl*Yah^;5%jquMUHi6s`ub5Gue8I)A<W+QE_d
zSg&hyudz83)nXUc=Wgmx13M(_)LE+_1jSwfetzWCYpMi`yMdTKYEE8I%s_#8v(7#I
zBjk|_$6?^Ty$7Yi)FA<7hrY;^qI|gE7A6e;rS2Oi^++W7Xh7aJBHsKxB$mkc-t_@C
zsh{2$6i=kWZtwp9PLB=UekumpYR0bd#&(lO9}?zI=Uj^mxE{mh-q0bGyP19$CuSSr
z$@O!@<Dn3eHG9e_C`9<dRG;Q!hJPl{3rWZxfzTjb?Z`L>a|16H0&z}eN^;NF4zR-J
z^yM{ad|N-^2wnZCzVt^lEm6y3LT5f#k@)_Vi0rxMBi7hitdmzuwXqZK(Qtz8-?ARb
zBWKJM?2@$uN)-2Id+aq$0kn}5%Szim0%D-r5Gj?^$kZkuOdKdewpNUw6YT;;!aYeE
zA;TK|h&Zn4>?F2+{);=)WCWVUZQraELrjqMZ%i^TY{N9dh(#@}?NxJ(tmalEoScE(
z!w#rY2EwGRO(-QVp-2z|%lV+yB5{qsbYevRbe^)yaK2%;iJIxkUQO{=?J%GVg=iOT
zGJG(a&m*1j@)%5ed;N!WTS1l<(HI*I6KIb6TI!xMsXyXk_OED}d;@n=TR0pqI>-~3
z5A>6OLE8$_dfv67=;}D_G~P*we%q7ja+TS=A$d&IBuJdlW*7*Fn`8$CtbFfpdg!?a
z+kJSHo$)n{Sn`%bKN>l{uysJAi@TN)-&bQb8!^7>4cZ^b)hFB=&+FN`=3ZM3$_SxD
z)<2sFZf*I<uF>LkcNj5F0MB3srgZsfQEOX10(S`W2P7c3FWb|p-d-Jo`2k1?y#Q<8
zlQ>kNpQL>ZjHF_E^4^O1tl{8;*TrBM<B)2x<C~1ZUO^-GJ2SwDF4TDS%(I-URaJE=
zyy}t>V-oj^M}Is?WI7@&x%$`hy2qV#=8~@(ZK$6y29DA{O*J;)vwsodjFd&+;C?i8
zb5l8prfaXOLm?vSfnLUS$MF?X*XN*Pz3dLQfA-uup<!hcVa8pQUVuyw;9rAK{QYt;
z$-l0Wf~?`lXFBt1`v7ByT$*fV1+4d>(qEl2QOMO-&5NKLnF48wq?5$VKc=N`YMx|q
zUe+8OJJcy#6f)kVzvV{=R<bwEn>xir4I+ZBi85ne&CGPRiNpD-Mx<S1h*~L2bbNf_
zQ{FT~<&+WIy?j*uEVgp|A&<Dt<;J=CwAHJiaDQmyIIQV9z(UcS<}Uq9#`a>Ha85Pu
zu6&i)31?2Hp$+h0PJjYI^wu!$i4Ul8w`?|g;*=cPO5#LmE~k$eYNtz5YkuAq^zJGn
zGa^_uw%fbi^v8+wH%5{-^O6bt*!EjqSk2=a_}gE_UNJ!1klHau^xl6&=kqsON*>^6
z^AHnAp(0C(6Qu6Pr{P=P=jJv9R($5pKaVSN-)^Rf)bKV!s<B0~(g>r3TGb@EIr#Ul
z-IZ!fu>Bmwo<FHZ*)M3DxYQA6ul)*1*zHH}K^zlf#<0Jk>S?bDvC)=N4y>42M7lFt
z$87>e>!|lRF!J2l7iR=2NVB&IB8<8%K=N^f&e|L42i?m6t6Z2>V~PRio#wlZ(p#x=
zh~Jh=tc9yrqfKVLwy#Kl5x;#Lh%ta#`|~?HILwtT_4J^tc?ud9cr4`z@f-r4&rF5+
zQnm`2;Xj^=FKFf+6s%c9`J+}oN5x1>3mdj^popv~yIZ+n*rjF0$UQ!2h~fGdP09}l
z!TDSq4>Ilk+Nr)Mbhj+Y?y>?IWmGh5SIp0c|BaBoO~Bco=EnGQHp&5+HnN7G$Mnb5
zNiit%$lgW{bX6WkLFO?1R3EmM1(pf*<YK#2gn128(OC)`H6bzSpLj;#d%AL+<)t&E
zs4iRTa7<Reph`^=o_H6t+o3vb$IyDVJ9{uq97}wh${C78a-13(4NTS6%H`(7NH>@3
z(>Ikm$$@WoQy{rb;@PhI3Q`j8AlM*Z3PtiQ4WJgr5voMiII`i1kkinC&vX9=RoN<p
z{>}lnXWI6d?qYc<9mZxqs?kn6IPdZ3HrKZzVA)$rJck?JTl<sQa!<M2N+S2V7mjJi
z{Yq-e^<*!9YQgS0p$C+pTgS4~%Sx-3YURTjaeF~J2r&ZlTB*w`0mS4&{-H_68SCR%
z`*crR>EyRCf1b&R%(^qrd8zxgW90COIWLpol{Dt4N?JCVsZk5LEOQoDAcc^Hw$0O?
z({pX(;dV`Q%aWlEeQxAgo}J(7B4m@OGRKwX+^Y2L7Jed*KbrgU;RR>FD+a=FasRBT
zQ|9?itUvASXO2_&t&_!q)rQRe$nO3caGa8u8JRV#-#FCjsW(OXuh`b{`F6WC2H${(
zuA@WhOHTN;a@ut_X1!V-!jpc&@o7{^y%GFj){#12X;c|_-N{2oec~Jd`D&SMj*CyQ
zVv;*y=V6!l4XbOs?d1J;Dl<3Iv$ui|#J!RZ^e*2MC*%6uHs`K>kw3RC1_my12%nwP
zC9AkH&DNZzti2k-@t#{tR1ic6I}x)CY8hM|fxNqd@EE&>f+>rv@&JPmRVO|8K!BdB
zR#0eYIEDlB1G}zaq#J?OR{E*XMF}T7BO?16w-~0(=TYb|UxQ9#C1BCVJRnAe(>>>T
zZaxWOr0m<AfG76sOeka+7S>fPGxJ4PeoZZ4UyONxSMj)&9c?Rp9WLNIQrsWbEX;_E
z+`mWG*$&zpkt>X^)RM5QOx|3~Bxrt2lr<}X1Nu=8|LBNUG(ql2{l*fAjQ5eAOC+u~
zn_pv05_i-z?D{bi(`C72ZPrvsf9?D45hcGA@ShH#a;weT+1P}zach<&T}}R#hWro$
z@Bc%zdCSF4+^CcuoYw{0GxS!Fr+m9f(Hrv=z)GA@>GuzPX|B_WGPV^kEV~+*m%>dD
zmzhzQb<x*|<c!1XmZ!FC$R=h=CmPk#+G*FmRO_?1KdsJhY5f>=oN4)kcSqlGY-8sU
zLZwe?_f<9g<_XC0mg-%O89CJO-1vo!-EIg(tfjX4!-@Z5G>eX#yLs!hK<01k*R;B3
zglu8GK-Nc!3>QTTG9Xc0EA4}h)XjNA>4ygi%4Xl+sLB-}>pMKkd4#4jd$E-e)(6=+
zC=X8L!M}cVdClpAdGo$XK0cFs9Oew}-)y-rw~6w_d4R5nqq#Y&-^-G{gA;X`1r^1G
zylq|eupuGJI(iWQ`R@ZWq~n%H*iwo>Yq)FYDc<=@w*lHb2P;^zCH0t8tt5!k{T8aV
zX+E36VAe;BVxHETmbuWFo`8G7-T?AjHGz1aQ3Ypj{iV?7czJ`;8%b+t;mZTn1J2(W
zvKa()mcJd;Op$M6z*`wrXcs<qXd5rhIB{p!y-v9GmW`^UY6@eI+HkHPoAN?e$}kMw
zzq?|ZC!YsSu6``$Yl;J5^-_i30v%*|y@xkiWr<5K$92|?yTw#)@_a*MS7Q*Ge`tI(
zTx-V?I;APh7W9AlJOW+$sfB(bbt*m|NnG4fQB|AYI2ehc#cF=gpjiphVP%uyd*%He
z-+&xcGV!9|{oLG11c;!N&-biJ=wn_p2zg@6PQT;cE|+m#;}%60^&}X(K7W=OxcB{m
zo3+_Yuv#25PC1ZQP#>jGea>p#os4Ba#QrS$rw?N4x@zd`HxSNYkJMRVDJ6*$1-&(0
zQO^iN^R?^=B*5Hy(lW~6oWkP6P>?uyjA{PKWOlwS!fz3T0V~IUwp`@b_MJY<a6a(=
zqU<e$;&}e3-vGg7akl`$-Q8I%SkM4L6I>Qw+#xsw5AN<B+%32}iv)+oo!tHXpQrBY
zd*97g%}!5sO?P#F`<%}i->TMl+9c{;4qxzY*@cigehZtGJns7x&B+hxO+~A#%0*Q3
zZKMz}pPd#N$#q>wx&8iNru|Xrr4#xG1Hpo=p61iVK*4kLVM214My5g;L8!1;#H|Es
z)7m@c_VXIPT&wShM$gr#<_zI9jI4xHh>6`cyuDNNkp$1bIA1emD<7Sy3|CAQuoge?
zZW0}|o;WS}WiOcggXTO+P`WzQ`%|n(H0srwf91iICyN)FL?*jp167dLc4-9nKxPgp
z&U;E&4!x<Hn4SdOT<I(@WBOk3(J7ybapk1GJzY?~doNUU97bw*TY%c~Rk0vMIWZxj
zFmI+4!AQ!l)&1N1YGQ(5oagb&Jyp^w;(4t*W}9Jri8ap<FLlj*@C-j6o0mf=1$;h*
zcFAuSmVD_Wbd+pNo9cowZ6luQA{-(&I?ATrX{mfvK+kDgaIKlwd-hROY33^Tl{39Y
zD=P7;2;ifpFKBI9J;bVv&-+Tv9SmE7*Y_(6ftLNQ%)cjL`RCm<DutIz3*Zu^fBDer
zqlfP>ao4v~MDVbXb9bVZBJA8FqE|R`+34jV<glDOc!i9-Gv{KCP5SB5+l#XPYch6l
zj^kMb1B3kTX;&b$SQL~p-#ASSZ{e;g%yz#&lE;0v?{2D$e%tlp<%CP?7fy9(m|~B`
zTG-6>1BmygSl7C&6&H6$#>J%`s?Daudj;1A|C3w^2es0vk<9mnj5}`pHBQEK1MbJ7
zpoY;Fc$(k;e2bAXbu9;&<CU3B5n3THYijilI;)16q}cR1S-%<@9GSC2!$nAe7uj+#
z)f?4MYwe2n&KQ^0ri!$HCP0qWec8{sgS>Y_gV`>3Qp&TJT;2*Q1)rSkXoc-SOc_`q
zKS%>s6WScF=q-^rFqc!uRiZkN5@Cq1Z(QLzXh6FW;=}vy!o$gx0X*~Rnn!4viESRU
z*C8tc+NYBc6vuMY9V|*phaj6EL)>MLDvmU#G$&r<pZWPf2eQxcJTvNIEsvV*S8%v<
zw49a-bPj?aiM!dE28q6V?PEeId6TqEQLDC@v?ApLLl5ti3@=^q96H;m7T2?5^C*Th
zKWApLzlyt34@!6JvLKpeB<&{k9Si$;J9Qw($-A!$?^pdhQ(wR7Y*czIPHGB^?Po>X
zjJit5qzw6@Wh}7&U~+$~<RcZcoU`-S8Tz-roD*^&N=ARLV}43addX2E`4uFndXE-R
z@SBu0gCjzhjMYaerauvZ_sayQdRBW`;Bh6EU6ItswF;UwS3jh6?&ZMoZtG$sWysNm
zLg`_evI0sE;{3k}3bKHqpGu;dcHw}7EoB7bv4$|&?3R^S`xj<ErM2y%pcuK#ZaB-Y
z;_nPNe)NXE1|`T0tFK+Kg!{`F@f14Z5^k&_PsO44e^1{m<g$*J%@8Dt@lnlQd%r(g
zF%T)Ne^Go@{~3kPSfXcNk~W2gl-D^~{9fb3*zAtFw;G3`IL&(-my+gk$>x<(vAgJ@
zCBVUUpr5HALkx3xjc$R8;V@>lyFyf~`@N!eFZSP|#h8v*+`M`y1n7#7u}<B}_F2!o
z0&`-*XWd%LTr2Hp`HZTxH*l37|IwX1PRpbHFpX4RBFjdA*|sds#R|LHEm2*=9BD<+
z7L0!$>$*ciO3mk#&E(k}Q2C|_qH?I$D>W{RPKYs#bH^QbXyIsl>k_PSq^qVRiTTt*
zFvan~e?dC`EkIy0ugePh;A;2PIBrLH^<Lo0zcLS37)Kq6&sCBn1_UgDP$lqJ7HLp+
z*nxkm1|x?L=Q(P!b<I^wuLH9L&n_3|+R~oAD69Q=0QY`=??glo>iq#Wu39V)Z|I+!
zTO0?xrRu<`?;~a^!`iA*J;d9|TsBAgn;iFc_t{)IH4COSY?~Sw_JYqChso|W+0o1)
z2)DWY`3Ot)vIH^Q`pHoUU$l=Q<3v!m?QLt9Y-a(Hct}A$z?o91MBdbjjw??M-YA+)
z4knQT-9H!U*|_%`$kSpuQ^$2RBc|8PT3uISU_{W?_|(d4E8#QOFRdQUzw<~N3yTHN
zhEA1Cb#4*vhUwm!Od5E$9yN776h#UvVtHeqd!ZiZX6?s-PYT2oz*ZbKPet3tWqXC-
zp`bcJr$Ns$XnEz3b==ti!9_|z7->U^{=>Bi!3?`ABlVJ$bYH67!3obuoiJ?^r|Vew
zXF}fD7bi6en|>LtyCem>4NK_=#o%NuEg^B?W7aZ^NAeF8l}F$1X~sOnWBAWR&AuZm
zWiupU^+;^$e*RTXsI|<Cf=(UUL&TG?>=gf7Kpi<h2#2%<@tWwg|F&ii;$;)=BEeSj
zx~?Uwbzn%D%?$xGA(ebO3(F(JGMRU2Yqc;%jI6YaBO@EV;UZUUV~n|m^Z`rI(z^=J
zMTyS8tg4ThRTd+*h{@l|p1H8IT{v*jILc#I|2yFS=C2(WWqCIMwlR>CATk+y!Axsg
zA#*fNliVM-PsKY5s6WVmu+yTRR3hrjzeTw`W0Y|uh`G~Ro)Z%7UC1r|)5tt5^(=he
z1CS=DsP^bplx{VdGFrcy>P(Z_cOEx*uJy^uLXytv!&Nd6eIF@lIq*z%U``jKKqM@E
z`Bu~$Sqk}9Iq%f>T`qJ%RX74;`$O(%0RHh26N^8#`+`L_YFKaFuC4L-ZyBLI;oN?L
zwNgPWR*vCy|MOnH`Qi1OCnF!dJvy9TxTDq`ex=)=%F<>~&f}cbRrLo?A+*jH(9*V~
z-KfiK>j;W*XLbkyg_vQt1>1`P_HV16icHnw(g!cKu+WH&Z$rB|rI-7evidSZPTqoj
zSxoG+O}EJ9Tn7_kt#`LR`)R&eq(5^QxB=w;!@5JNmm!HL{vR7qOFC-tJi3~ws8WR2
z<Sua3e{=0m@~S=ESo3X{H6-S4bWrwZuLqM6@iWCP;00$rlU1`EUz{=t3yzg#eesMU
zqd!Mz+thNnp>t}8UHsL8zdJe1|6%{k;$?SM>r+hL4XM>-4{}utobI1bGCj!coJU0)
ztv*g-6r@RJ^7-Zcs~<?qvKC9@*MnzwqR7hp56@+W;~2=g;g-<dz92)mCW<W>aDy;@
zKn?8_?<^Cx^*+s<jG*|Xe<U(R|L9QYEAd$S&c(RsPVMY(iom_O2zrtUTi-g?=|1;f
zdx8ExP(hL28gfXMM%kz7bd}bf0w2SBeM*PiJI~#vg>N||QSOW8BR!IaIXgW+oo(z`
z3;#*Kt<DR}AX~275mvg9an271uKQ}47QRGElmdB~ddI$N5sU7uYXy2LPdvO8z>Q2|
z$o{JoUv^T1=OZki!E$AFdhA1anw!&b9XVWtNM7u*vbMH}cqM8|h7cO<MR)l(qpWG}
zKsP8ZM~-kpSgI*P<mJ^JWmLODum(|IcN0idt3u-{V~0xff`@aoCA4c7tYo-j4yUMq
z+<__(&^MrF1%dKcIK6oRBpG?x?d)q>tM{v2-C4pZArYON0<_p-Q^%oza9gJh2`jz5
z{sl??IfXQi?U|6Fe1m&NSg`|juI#e;@xko8qbp5fkjRNtz{e14e#YcrE1uRxKQHRC
zcV0?rTGM+WUhV4EmGI_B-qa_9?P0IV`A=&DAPj&Zw`F9#d@Jc#j?OH@%p-BmdGzkK
zs9tL|PdkcC?IOyXLsb^YDI}${@52d>Ox<}cUj8AK@IjD=jaW^5o`Pv_zV+2b?BR2!
zlKRtB#wqIU%=Su+ZM+yWQcE`Oj|kty%OiEnQC77O3Xm|}A>psS+T3=E90x|YoQ{p>
zRrWL_I<q&=%fm#92qKF@(|>?=Q`?VHzlQ_KV3i@Oe<<sGA2E;c2S4~Kgky@TYidqG
zhRqVLOC`xV*VF1M5sBiI2PgVpxIVNKi7RMn<P?St>IL$+Bby9=-{9nCKshj4r`R&Y
zm$M%q^q?`<2cm@0d$ypXPNKQ>dA9M(0_MygpjPF>7==)b*wL_>P1Ye27j7;l2I5zS
zlI`*I1n^m&nQW};5Ur)033v<C!CgW|=%W|prWm2;C$^w@Z<6V`q%O)SOiVR7HIx(x
zcX*&Sne@K7+n+H-e3eL(wsSiff~bN(GT$axCQiZTPR9_oJ+|3vWza#A^9<Z>A}J$I
zqKrfyE~53_V(<7vQC#9u49FOb5O#DFO(wwjhuy@TH+Xx5x-HMr*QnCEdw_7r=Z2r1
z|MJZe$sB@?!1Z$=A_Gm=$$4JJ<(i*-k*U7_lOPKjqAsw&APo>9C7|?3V^xBHSw))Z
zV!?@P-T~b`*9oz3AI3X+6TE)H$Rq;NXqO2P_>^WrzhM>7f8Unx1}re+Pj3b+*>olh
z9UzQK9kqUC=7D>^vM1C1s+jx&9rMG;%8F=UkezW#`0>5vfSN`t7>MisI{-U#kp%-a
zkKLzv^GDAO@eNIH?bLd-2)Z`0s8ZC__2`^P1(#I;)>d{-*c>+kr>zCAgA#ZCQXGGX
zX8-l=EaOh#%(RtY&swNFq5a_P0vAXk6{$O0L+|o0qaneN2LZ@nr`DnJ#R8cW_<eif
zl56CcAY$rbtPg{kOoZV5y_=yuEA%DlA^9+`<Owx*x3xJBr^?7wA@A+mqBT=1htc>3
zMq^`5w%ra?xIXk`@qE!_$-4lgEWs=%r!WmvAxk;0%e7Qx7CL%g`CAx1urZ>dN9oLW
zq*h_w+v^?DH+u6kItB~J(mmzMZJGX(gRt)=thZIylT$$GU(w2%Cdjp=ys1$=oRpE&
zJd%Db2Rn{7Rdinws}V6j?A-CzJByfi1-*<m@$&Ad4tiH&pH!V~cPqh|-CASjZ$EHA
z7KP1MP4&0%F>lH9ORGSJ7lB%>DtN97dCf^a<H$;SjLC#bg8BL0xsIO~p5u>-Tu$S=
zb?yd%e10Mm&8FlU#o}f)U*y~5#TT9RCpR)e(KXC3Vn<+cHuQGKsFImq=p;_!KWyy=
zn4<ucnIdTC;Z`8$_aE}|T9=UkqKuctUe*`CwV^wWrCWB)5&<W+wA1c#G~7&8<A3jl
zS}fmxPH(NXvgHY)zmWvGVG>s7@nYemCK(GeKM1R`Q6zdPootm+kg5LJAi)qIJl3jE
z<U60N=$H4@8C3kDu$8RI@NeTc{i#{9GV<!;0#I+K)5#`?3aRM#<)83SMpumm4_A72
zo3EH|_If&Y+OeJavlf+A3?hP<PdvhG3b7xCr`fRKo|!>|0t>Yvzb@}ok)IeI%oTo0
zyx5#vzQn0m-8Sv=kfz5)UdnV75sW{aN5_I6YHb)Ddu^_^V-_$Oc^*u`L2zWv0(t5E
zQ0d2&Y|9{+_ay9nSuIFgNC*E*ZP%aJ55YU}wW+`&r?<4jn!Z%yy<G}Cs)Qt*)no%z
z%?M0etBunxIIB{d!Tdh@%JsEq=@OzLH*{$%H%>L5uOZ1k`?tMACDIvLW8*vFTufc1
z>x%(C%s+Ns*_Ovz5@%+<(Q-Alm6EIh(&{=^V$d5D<3C#0g5^*b=LM6jTYfq-x9Ep+
z|JE~@4)Ur%SfJAjD?u{jP4=JpX|~=`5E|PYTm1{GuepOXDRk~G8?JOyJq&<0v8-gx
zE7HiwW<B&*m~0(?QYve9@)d}WKfirVDyDiu67mf<?%z`$5)0XCZCi>K4%Mw8)=N$S
zfw*;^p!QNgdJgH)$U@KehV24-dW@1->u;F?q|N}7yIK0|9w{j~o~8`RPb!P%YuThP
z@s0y22vt_<`I<D}#Udy|CzhA~1`Te8?IYTMD=9g(UeD5vQL{t(#E?L=vlNs==7X)j
z6riU3iILGx)>HDGs>-d5z%uB*-iwzstCY<;lv(WE3h&duFKr^hJDTn4i}TSwy3~^@
z*FZ%LHoplzGlUqkld%{*b;tnXo-6VroN{TFV|h(~_}T{Xh6r|W|LyYcb}U=86Q~iB
z+w5iUq5K(7aR=HpA+g3qk?uL?SmEx@<vlu7Mw4vb6plCpC*T~5_U~*d<C0SL%&tnA
z%IY0ofzT{+@NOsc)<MZ%lcG=YCPwWtu)PSkp{rabW6nji>0-C=X<5-e&oM>9Z~|CP
zg^X5qHdlS-RDQOs{!Mx&){E74&O{PxB^x_n-A(QxHz?LO`$HM0nM!CDQUSXiixm(q
zj$2Gj#Ftk<82cx7bi|Q3XR^*t$J8i}=E@a?WLI6U!h+D{$xoZp!X_~nX>83eq2A3I
z8hSPZ*+8OG(qpp7QkACi2L}Va3>7_X2dNBsQ63+QUJ2rs;$`S@ijH#!sg`>C`bY^m
zBNY~|sK~v5Ir74UhZYA<Jv=9;M)-umICLD2Wwms7Yk7|*?=VWo2HktKE!mnJ_DsGz
z(osc&uTXZ|A%XVjc^7N-&I-~KOt`cJNZkASi}JWAb$QiLWR<G<ttv)N=3oP&<lywx
z*J584JzX=|jBzsa-Hz#Tll~WNzA=}Xq_>bOv%G|-pRa_t*iyvVhrw4tXdSZlD*HNl
z#pQ@BEcPIEADsqFvO{9ca|Nw-r`(~C+jhnYeTK<Dr~xg5L24}mCT`X&cM0#Tc=T&K
zYGaV79U@CmS;nM6YmAtiZ}k|6*>{re7t1C=#=iiQ3Ow6u#uZTIriiCT9SoAJfPqyc
zRvYx5FB`mIKPj%Rm5JBSj1HNF{Y#IS3Lo-F)xQMV`j<;5$_48O3jo!Pxdb-@pEox{
zG2!Z3c_yNx{L90m<e}@FyzZyv`P`SNy(<x<tSc)46P`&^pLsI1ibIomA1Vu_3+wAD
zO6_MPE#~-1U8j4+%|VP|YcXjJ<pfRZMvs%ts%O1Y(%NMgUgsWV6fMoBa*Aa7ZE-X>
z$?|KF6NDY@%_L%T2weOt0HY%9*5fra-s>0E$KqcI^J@IdkiwbWu319-6->d@D_-i5
zrv?B^t!@>}md?=MocE53P{fqRSWgn7<FUL>;(&acl;fs-=6=;=1Jv~HY}DwirLHLZ
zxYb-jK*p3)1=D7*Z2*|;=?%LYarg;0<@BR7i35)ZMW8kW6``uu>M!oWh~sz7`LpF=
zWvf5-iwFgU!ynlmz^_^DJTTWO(({mccp@6D*SqA&4>J1&l8P(`j-%>Da5(ETP+k`0
zl3+wt(}(r+;m_g+t{}3iJtkdtdmWRpn=kTGl<Qf|F2WrWRB4n9Bc@_=|FV{@+eDu<
zRg2wY!%G<3)ICv7>JkO6peai%uFC}j$|r&bFWNQ3m`hkaVhe33-ic}((@3%5S+SP7
zp|M~go6S@K=M`vDwPoS>^NTm}2G&~tod)Mes!Rb&ac7~+7mkZ9r|NT)muNGDs=c#J
zWUQ%9@|uGk=w9e`&k-d)I|X<wu*Lg0WIRS~tyb_ViC}H$#M48~=s_e^q-3p)yp%^4
zgwo|Fh^}E=IUK*=$T7w1#%`eIwXO=rJ4iUQ5LDfq-2Yofl+9!&vVwFBP705>?6M0+
z_8X&-*od(QoCSvI7JyE!*Px3=?t+aH!&8^enTA-6?LPsNfP;m(FcJrsto{a)4uJoa
z*Jd0{r}vi0LHT;=emtFY`)@|vI?K`+YuMA2ENPD8X7uDHYajqw?b%Xf8CWEKC~(n#
zNoj<IMq#R#?0p<Bg7Y0;{^T)FCHv;FLohuzw-E=e|G8dD^v~{v5^0AcgQ#2aveYwE
zLqsE}ODIlBXxed-N`BZ>kh7-b&2SVihXKM1KF;*smRV&8-3LocU!K5Zv$gIBNL`kp
z&Q}>{H}eS$|6tlo4&*qlr!%2y*QEHAE@+Za$@ur)X67~F9q7R5iB&^=_KB_#5)*rK
z+<4&GzIa%i_NIk1wIx{CNUhoI&%r(?^I1|e%d}s%dDw*J)fNteF-GCM+OYfEq&o<#
zqf^KL_#3t4QfP-j1)%iCUmM95@2tC+*C~{!&p`?@ETw=3OuL-HAB5WHLht`j#qv}{
z%^VbcChbe?v?EH5;~}{7N8IiR7uXqxj|_)N*Qr($;-q3Db(}KNU8VSqWSM5gt&8Cb
z%uGbGn|nceYHMO?97c*;ZS0MP95;z45!a)pLTnB-;VsAxJWAcNrZ8n#&nrzT^2LR<
z+WNVW?~@=ny0-tX^XJ&$Sg^>FfQ+eEju6V)5ZTQAxv1U8z={wdt7}t`k6}2a2*8@5
zBWt(#EYqXtVz<?*vqbb4+YgeTkyp03T<&+=touhvv8DK}=MS!Usohtfieq2j7&CP>
z`KI;dE<cmYZ@-WF@s9z7pl$7Ro-XF}W!LZ1O9JqE9VKqM_-#uDp54rfgS=G`g+*c`
z7PZ^eFvPQCe9TP#VdYhwXDEQ);Ws}|wXe09`09lUMWNRGC_06AWMVPad{mPBfk@z+
zPJGts0GM;2Z$~z5bSHg~&shDzJAS*%PRB9Yw!9A!-Db_+0!+V35T)($49RP`+bM~}
zLiXo<5XN?|%|aX)jpo*aI2WSb6mbg)E{hF;gtgoSHpFnJWSh*M#6;?HlNUWz7sy#;
zWnW?rOI^RGgd}fA9MY*0g6V(A6C2Gxza)PjoJzSj)EZLSl2i?s?|@kg7(`u$VOuL|
z(c1X!xkjJfF{)`=X(H2{zKanP$Y|dM7$rr5nuak1n%bi}njtSuL+wXI2!J#4_x)05
zwe9M8Nd)%+r8{CahoZL*Dmkk5e!wZ*H<IICR|_y~JG2X+rum=0AcWm%NA|t(e11pl
z<8ro&5RH#&;{wvYy^koOE1mFKe~t5gJE>JmH-V3ENX|#7<@S=%b?1SP>VuW%0lNQ#
zGpGwx!sElWLFFeWI5_3lxYr1V)SqGuSItWeU!``t8^TNsf{U5NI8s<5+}vm^2OctU
z*xK#8;zqRr&{;^YH?Ze*(!{V&^#Nq5bQcmTXErECa)`4nJr6a~bCDy*bsJVx&|8k6
z{QJ!xfQy}IanrM-Z2qq`9<-V_`_cT~pupreN8an$cePDGmvAQcp?OcD$K5bnS=OfT
zFue3dXvG1h{Od&*O(vo&BcZrBb}|R1%ymV-21plawu0^K8QL}%@UG)&8#~R2BrHW&
z-sE6Eup6)BKP$Y)!N3m`=Wj+vFU*dPhYvL5?xkb)hNl`<kTs)+vXG8!M{83s{^m+A
zQ%mv;ga3g&@~#!Y8M}Z$>@UVZ@^fVFuix+&&ao@$+)AR2fWd;f1TjT%=*;wez@2U}
z=|f8PWG%v9mQo?M<|%W4G0MmZ_;Nj^aNSSVRLBo&JT~Xeq><Y6NuBp=Mi8~1Na3*G
zWE?I-iQ==@)f9S(GJja;qlsjau6Gw;SQDv(u?6w7*=-l24?EVyKU+i}M;74oS$U&g
z6-wkt;O-;kA?!eTo%tKxQ@mCF#)C>?CcnHC#K_Z1Ncxcg;xidzX)EZrd0s{YVCT4r
zorc6Br+fhY{cPxnHhdoLP2DyTlzW~~>dA`!1aO9Uub{nO{}tuPCQbo>2umCNU$5zP
zEmLX~QgL8wWgKBfC6b|lDBAAMg5H-^r1meN4o8qyZzWa>XhlqwyB#yX>0){rikn_-
zcQ&xeiy|yed7zMxhd;wG&Cl!C74s_BCDJL2wQParoSzhBM8b3?_{Bw!a|gcZkfcD)
z$yJd4S*WgH48EloeHS=LT~>to-NyJ2#ow5gRPBCzieOvXiHC#VNW85IZXm<ckx>u#
z3!*q=1|V|{x_g>EBO|}Gm>_}Ur^ue9Om(`GQ$6ElpeM$_t!95bWoiE(CsaW(?YP-7
zFXHx(+Y2)v#%u??=??4IYcO|*hG~R^i9MpRLMxg`p06-lZzI1Mt_t8=-e5}3{1Tr3
zNz(Z=w2j}1s8(rX*Bz%9cxuzQGtcuIQjKFOm}NIDplj}t&QY967#>ycg9E9NZygIv
ze%U4vcS|6T5GV;Luq-5us1q+;UWwf7FQ{vo4RiqlO>CMaNU_w@^|Z!V`Z#_xn@_-r
z?BJP0x1+5xlPP53`@=;2UMroY04pZ9{cf7Uwbm*^{B51;zZ`qDd4iyi!aS6}+0c=@
zHbc;tG6Jb_rRWR^9R-*Hd7out{`=7HgP#w&_bYl({r1b4sqr1}n|F^W*c3#YMEodD
zRR~Ey>_YuPJNiE9OOf&%Ct=Z?n555xJGYtGhbpR8FK%E9XF<~Gu(|5PI1!lg?VyC)
z?jkj)W>~g=iD#omC$Fp$XG@?}-FP9gMFIa)CUJP1*lX^7LZfQb=q?@zm`3zaX5Sq#
zfwcuER=3|Lc{*9scZ`b(EGEgNm_ztT1T3)g{Fwc9Gm^pLzOPB<HISZ4)LEZ<lZq<V
zo@@*oq=Y6;LV}RfhvYL+gHvPMe{e#kesC6wuBJ9{e*oT{Xli<BTA%`~CkCGc+g$e5
zGuvUt4Xui_)7H(v*@iRy3$t_3fc%W|+D+sV2M5}L^VZ37HrC1JW>p^eT1fbkrp}&i
z>S{B|#RX9OKuW<l=+0GE_6<AjDsIclT<IIkqMq)In_uQo8q~;BzT#nZx&1K4@l#8I
zJI;l%bX4#oBW*5S0?|tD{?6fqCzHJHmEbW?&3GVwFjVFr4l~PKjaExhr`<!I<$S3n
z+BX8@V8b9L3_J{<WNQ&n!w@^Sta`c@7Qnk1NEqq3h%mls-qPK6h8e@yn&HD_QGca^
z7-6?oOq#}<LW~;?bGgV)6w9TYr>OXphWX4B+B{jK)k_^|dZNq>OZJW>vOMiqOKo%=
z-u4+i%f2x&;J&a-Vz4oy+_b+=2Hx1Xn;+h)!(|@_5%Nv~z<syqJFugH2H@d$G$3FJ
zG+$d{0a2l5i#;M^Uk8%hV_}3+vN!exuKBU{l&t-7y7rCvK}j6VDbM3q^>S}JU~N}D
z->1uwWV#Ux-1`=?y_pT96I}^dpCx>`o{U*eAdS5SRwNA*lf$FuiEDtjld#v_H+1Y+
ztOsLj1h&_In*5<8MpZWAA!V%b9K0Q=DvoBM3Bujg4JUH#5cbi<v$5{X0n~1{iQ27c
zhZ-#67YKd8>0e-PTwdp#&7UbVnHGWA@$EJkUx6l&_ro_g2jxmN@^tl4yb6&_7j|Lg
z%U871+e;wWmW=-w;|AW+>i>**J*X#(k8IzobkKbscI3pmf2Vwc*rIf}wLUzNvr4d0
zrv80zp370?US{f=WER0jys_Yw=@kYy?!n)awTI|v#aZvjTTMwAfqKL)`YMBfr6;Uv
z$w@~iXyaFhYK#YhvcB7Or|PJLwB$*i>wU92D~0H~Ug6<Ca^*(|KRm)2v>dMHv;tKZ
zN`8p?(p3Sdsnnj^Ml@XBUaZ<%YRH6h+`S*%cE)T|R#;cRQ*}ofRLCUt64?_hoLxGR
z`dOUXeqgvbKyPuLP+%B&Ly6@0W6{g-;>zoXMxVU(8z}Pm@p9OwJaG454k^?BNi+At
zNQ>}=U-V6@Z#e+oZ#6v?=s8M!ke*}r2eh(ca17d~q5W$(OEhj#Vge!^yl87KMDXjp
z3ityu<Pj#_@~Oph@vA<N4qzVv$RLzD{8Rt(A0vqY{gh3Wn3WC;^1)8Ud(+r}`oOBu
zoxdqsI(2^tl&{nAGOAZ)0M8x%9HsnV30{S+%v$88W%AmAZ=bVTA<3eK_g<9e5Bc!P
zFAr+&zrtls9-QF`n2<#zaAuBxkvVrDWAJ;yY70`k6Kw3taOXNYiRZ3?Sbn_tOx5h4
zyR<mpRBwZR4+Sm~vaib+AC()@_gT*f6MeK10^`sNIlZav%Vur7&xu!OoGL#^57TjU
zWsov+;A2w#hs~J%i=T+J1A}<H1>_8FppcPvW89Hn{tPY9<{Wk%spz*x?9RGTVDzkA
zg`T8(&)9C#cjU$ltl^nqZ;twHZk;vmHgViD*4X*mVG>B9Brh~evxZX^gd@qc4W`)d
zMJYTI>a)xE;rtv%`k&EuCnN%;>Gv*QB}HtMvF8}Ar?~;%uNRCFO58}E@Y^B0OW`Xn
z@?uO52S&N|k99xRzed)qj+_bKoBpL_+Z6YIH#vzl^hI;$a`0o>kK@yI6u+}-j+km~
zIv^T9zv*(J!XFZf01}>hr$GPbGEB^sT{XxuMohD>g>0LJdZ5nnNy1eWNnFkxx-J&9
zzlioXB=4vvX^MqwH*%)6CWFe$g3fFUk$Jto5?`l@u(y$_drdAPaOa+{vHSCiMI#Lp
z56S@m5EA%lA+d(9R+9Qzr>bJOpy@;DZ?^ZHxGzo{1+O^G4H$9k$U(k*S{BGLHaVWl
zI-!peE!!2k&eI|@fX*rMA8|pypf7RzW0gTvB-?e6E!gN5T}9SJM*fhA)}vgP=UZ{5
z|J`bYoS=hItaCLqE$!3GgM!)(){GQIQE0`Y=dv4rV;nGw+Rs;nV{Es4RHurfz)?J)
zfqi5MMv6DFDwlWys125%>|o<iBHy?7bJAvE;QyE50-AN|GeVqX@3(3;lM6(x!Xn6I
z79c%dtL1IMi8^UY`-Su4oju;B-o}qA?JCCRga!fOWS1KWJJEm*dUq}T(^bRR)e%Vy
z<$IZOsZia;WSBNlsA{e>YtDwzc4!fZ9L<NhY<Jy%IPmV!rsDD;j1XU^Isb<xPNkh1
zS@hoYr`xldPkh(d83i;KjvHS?L)oc5jiX3b=1^=oR1LqyXg{p}jX~{v<>FP0Ya!f&
zWZCo1-s$ugx0uRh<9xRuSl?4OSo@?`w-xzo7Afi4b^z~oxwR8@ftUC|SBvQC5h0vJ
znZJpeT1eUx)85bpp}1Qg-XK?JRGwtz_wV(wIi#B?!cO$HrKLR95h6?X>)~xl<a0k4
zB0rmt+LESr%*cyG#7;e*R9|!FbbIX_rK?x2kD<U*nnVwR&tDpalJ6mDYpi;0Q$Og-
zhw85^Ui81qO1r*ORRl;51j4dbzL3~FZainzT371HJi~I0Y9^r9i}sjczpr>^?a1c%
zs9AxK9-=KR)6SVdeujO4?qo+!p~A`kCSg1b!25sAHSh-pn2+D(#}MIfGD_N#bsy_z
zL>E*}mP=~QHHwiBHCMt3DJQSne1@(oktY!?)8r4b?I|Btu(IvRv;8%BmDb6%+V}&P
zJeK=Ch`~lI>q5*^E;NT1@r_uX1l%j`P`)Po>>Ar#iG4oU!HGa@V$AmpA!o`umrNzW
z&A4qJFQc!MM~oNoxoTL$&x}s4Verg=nd661O@NYNV~|<{*zWMtf%7&xoyc0x<3T!{
zYB&ceq|x&qZKvuhbz{u+iD%Un1ZMmj?vUu`_ZrI_pGoxiZ_r=#Qi0)8I|eoX=luRB
zySc;kKXBQl^#6s;ef|G+vGX9xKx0AeJLW<I>pPfvU(QoicER`swi-u3Iazu8KMx;8
zjY4sO(W+C$?tbCGwub*r(-N$du{6|ayR`rNqtrvr!Qs{ac7^XD0@yhJyGJ_p|I3A-
z6HVVf{Hk3*qWC`>^2yl7{c|1It4JL(!*t5=0n^Wq+pFW@yFs9wZXE^K?_t@U6y-3;
zJO~$$A9>ma>CesA|Mi8$A5>f%2k`T=$>!0QR+{x^3Cs5|>#-&Ja_`zvV#~Gg+c|Y_
z@75Ra@}Ypg$D9WYC>AGi*2v+g+vhPbK7Cgh{Y{iljEqQ553XB5)O9Ho{BNDJ$4Y{?
z61L2xMv>nS$(jTu#9I|jHTNUF&-n`~$0ooFlM*Z7$~AcZ^VPc3Af|QRYESk=fw~n!
zwjJIjMvH@ri#AQmCxlz3;T19<mundUSH?6$JWq?8Zi=6c7|uY#!FHwN2t3S;11(UB
z!6TJy&-O|Y&x)ayq54f%VBt}~8V;f+Pv~9>O%^TKUd%s8!&!b^$EeH@Ks}*K59^a3
z%5RTDYB<P_WxKz9_bXs-D5n1}a>-7_xdk;hfrKa*!BiY-&&L*({%Qu*{+brGzTe@+
zH23LTBhF9^nQ-n}5p3~VqVhL4@lE1yJx#mZIPw*mFh@p%%Pe-){z}YU?*Dm%tnSnw
zpx@gBq>)55r%0?{(Yh<dC8udmG_ccyh*UBA$Ea8WuyJv`DB#->S=tBo2H;JZ>89@m
zx^03sfX0o4H(hUEzjZeg(96&`P|5BT&Si{d@gtKSHq;fP{sa4qxeEudRixx?b-U*+
zSMLi%{@3F{P?4823mO_9TrM31(FYa2Pq3h#FNUGXgOV)+CamJ>0i^G@i{AWN1)E7+
z+=*ve*3{Q=C;**KfUagM?9u`&_bM4>dop)IKH4eF_rvPzg|t}m6AgG4WO^QgXF9pb
z$w*8nI5_`nsr{u>_PwWLMulAZ$3r4TqpeS>VtT<Q61YgrPhAz5WMqMJC3ip*Uy{v#
z%v8S`88bzg;X{@0;DpDpY~Qglp<?<jl|KO3yX<zXth8Q`!xK4nl1@JSZ%D;C_sNDR
z6$KIb9t+1kE!fQS>Ofv$4iS;!ZHNmpWM(bQ)QcE8bKohd%(s}-{2|X#xcth%MBn*c
zvOcEs>^#`JGhH^ARG)3IzdS&rY;8`EHI=yu&FiV~YoJAs>{Frf9re24N0J02Ts---
zrvJvmdx$!WnX<hC*N(7O9=&Yt#N185ySEVI)_U2?;dCKP#-5QKa}9IhLc7#J_u>NE
zOOeAmr}Em`nBuFtaKv}J>1-C{%NcP1vKah0vi(7zT?MtaWDvX#dNYwhZA<#j?OxJA
zRR6c3VjJ2>ayqWaYtZ#@yHgK#hzmD7<Rc*WKW<BiL<lTAPLRuJPH`u10qG&0cIh%n
zlHuVC;BPF0($BeY4|!rjGD4OJ1R_)v{SwQW8Kl;uxm3TzAChGDx-%YB`okrRs|xCe
zn2q2hG}8h%i`Bm}CvGs@M*Zhs!cP#Dany{Q|1gIkiQ#w*|7R8wEKA^O`QLE;|2GZ(
zzjNl!Km<xb+bf(JWu<%WU{G+)sRb5bj>IoMsgAY-R@>VD!cJt8@AiWKXZP|ZN~b<N
zCxI<)@El%?p*Z&HnPq#aTR_u`(1s!0yy>$+!Jrhu%Hy*!YKyjmno8sHo(3B%CMWa1
zg4WLVnI(H~Q$OvR9DGDTbgx+5nK6t?AsZABDiwvJCgFtoHzv*&)-oY>pd$F>v4OK{
zB~Z#--h3_C_gy<Bk)a2c-(ITy@^5B3tL`EG)$ZLA<YQ=!*D<r!)*9dl$yuEqtzT^&
z|Lq+sHO=L6XR7IzFG5^*ya^mma?EW_R-EUq8Dl3bF-VD~VT)<x-+?T~59fZzd0st<
z^f0Hgr*75%BH(^=9{)v$Jo#a59@oIzsGQl~U0|$4(~I-Jne~1|>Dx-d<HdvYC04zG
zxfw`jRF9!w#YYs!BrhJUM0qp)49ez~Zu=0$8aZ|MTO^)-QCZsO7gfo8v-0KS{D|x1
zP6QtuG%d0cml=SjQ3p9BsxHE+X$Z=_aCd*9c)nf}Cix$RL3&VbjhR;cvfr(hwmm`?
zKJ;34_aH{M#ve7|TEN7(i6o+-8o1jbg|au<eSM1B&7HI*eyo^71(_%?6&M`kp??`U
z3$}KT?B+r42R+1czNCTtL<MRN<lQ~K!SZpsg;W4`2qmMY5A7wVg3*=|$|cSwB^IU`
zM~UMRbCA$oljpWSV1KpDERCH!&gdwN+kt*3%1^0X&pM`?FH7-$_rg7r6S2D&nNySB
z4@Vg!>NC5&Pf!1R*k4ZQLT0zk;;1*1fyT}8aB}|gW4V>enb7xfHz%DnN5I)}lsw_c
zk&(DXXWf*)ghs8k#)|SgbqP|i3rwO<ft)Bs!Y>8=rlQl#1TNN08=}Vkn3t5quCC_h
zfGJaol4yMTc3bU&(YDxs|F^G9>^Vo-4IHm`@g%ofYV30HVhvbEG8q0n+3d#7GW92V
zHe0akE+;Z8`)U7+RJHuajaaZ=Yem!Y>qe7cO=?&y=2R@Ka_kQbuH-qtcz9cq%JQM!
z0d0UWH@_G}3;R-6i?%Za`F7+wvJ9_Pj0VP$Ml<l7fe&BB7_07k`CNcIV>qLNVl4RG
z)r^7t2FkwKs1@!yFf|heQDHMA(6OA;>JvYbz&<3Mt!htU<jdtVFDrAQ`$g#U)I~(Y
z({P`KjhqxgQQk$Mzu_7gPdFW|hHYP%GXlG)1Tu^U@PStl8)uQQlC>m(C5rg?2Q58T
zuQsn2Tb$y+T%u+?&T(jVS)g8f9XXo~n#|+XZPXy!9IpE3nSc}><owUOoF1|$I%j;Q
zJ!zY1rI$kw*WSDJy=8~H1~L2IWr^qD(6*q7$eX}U=s^0HG+t`TvJ}$F8fr3l8PLoP
zT&v$FQXqY4Z9yem75{3S$o=^d_}e$Ss}`*SIeGC_?9danxW2%8G-5W5*5@&)Rx3R;
z`oc$3V?QQR{SCqE$`2#cO{R{B5!6%&7OJB`P0d*Lmtvr^9xDv0_%M<UpSrsB*e^sF
zeG9ajoQ(4^S>I!<T-=wH;mw|IJ{;!pP~pZE<e|C&k=fh9ynmxrdq=)e?KxP<UT8j>
z>qiohk@|AldLc=#^*OzMOcyNhrz_W?ko=e`lZa|QMIIr-;8sv;WTpHG7}ku6$hS8y
z>S$T?dm7_UFWJ0>Dph=lpgk==!DkXrqouJvCQdlr?439Swl@%wwi#@<Y96{XLLTNH
zd)*r-jO=IFLKM2_y6z@Lr!;mvZRbksH2qFgxIm;B5KW7`ilJ;rQ+-Ah67m57^t~KM
z;?xfK65snUoc?VqS2kqz&$7;J<#Nh$+?`m1Nby}<SOpA0H5QX(fkxStM>R>76s=+1
zwcM3YTx=u;ojN)?B={z2riU_HT3J#UPV;eqYG!jnFJ0~XC`Y_G91eEKb@6?FjQMA-
zybM6IW+x1~<4@0lL6RK&IL8eFb_=%JWGJlv!WIEhuK@1=k>M=`nC(|Kfp0=!7YmL|
zApZ@zyXoU1DK$4vi>g|1dk6V<dj~5FrdBs4#>guc9Fcks`jYTmV^x7aS@9v*;fQN@
z#Gtv%x3r(6L9Ov7A%e<v)gh<X^ARw*Gsn@P+ds2L{Ukz%AqN@W#;(oj!>`07%aKvd
zOL_h_gfY&n#0wnn*pl7!G*4qzS~3Ggez$BV)U@=ku%Js!=5e}dgHQTnmW$>nuN<oW
z1ptpeaHT&SEoLvbwZCIQ_vPegAZJt?93u*+srM40d@08P82U3$o*ncBE$o*zh}3>R
z5NBo0OCUo>2_x6NIeY_y6<F7wmFfbT`E-|dqmn<CUb`0Vb-cWqUmgl|#*-@)@R9Zo
zmJC2<$`tpod5L*lsW-h|@C(^Cqe|R`KoA0=?IR}((nn8V>K?hB6WCNA&~fL&-evz8
z60t^43y1Wn3(TFZXx-;h!ECA!D?i0~+~YZ4TKq4vZv+QxfMnzG7Xk}B5@7IE2*+wv
zc_6MPGwj1A-@^f*ZCTVxu-R}8xl0vqGGh^$hsSzvyx>zXWrO97j72=srq<ik1ZAXD
zRTbFVk;h_F9C4|ccV`e&8+x7`Vn?MkWzHU>!;!X$O!UodV0S-soH5(M&nDAv*L9t+
zVkjKlLt3nn0qNH~vBYnxb8<?Q2PDXt3)1fMNxS*c(np2K(_jvVQ_Oi@^J$^oS}O}-
z9gfx5l8(8{aXV*2You~{wfvBUKx9jc0?1kwxOEyZ^@k$742N!LBqTV#)P>KW7LrPD
zC_WQ+oG_3wgRGmCji!7K6VP_#x{KuAe}IFzR({^>wLWJDt!MmHH;RwC@UU@G>Q->Q
zP+8-kikhj;0=rNM?KKor|I4?+ci0S$Yth>2eVhZCw@8+DAVX5y>PEIYDYnj{`)=~Y
z>E3yn?knTPn{S2^b!}m86yoUl$YJ?JF+;WUNQ#H(eOjuCw;b7e{TdK#T>vH;lo7^i
z-ZVG~33xG4jOI1}^aK7@LiAjLykHB4hJWD7HYQ5r>ak%;8wr_$GQ);p(<L_RQns-{
z0fU9K^|;l?(!h}{0h9@?e^amX0k+kG1b}Q+cts-E41FBM1t&@d2}u=)neG+jI@Y2c
z%%65Uh5B(IHa+rWG?#Z9{hXEIm|Ha*z@kB^zD^Vg0!>p*JfioIe**uxO_3e#xpt#~
z5*<V(GU_kyL$nD@chA;lrfD%O?<4!#%JLp8dgFSSR>0przdQFam5_dEf`$GeMQ1LO
z&AIOV!Qef8+X##&6Ani5`pU9CMA-5C*wXr1WKVoGK#gI=IMiv|gmNt$V5{T{1?R{%
zI#kFaxRra~B~!QjB*&ZL1V6dr;?f_BWU$!ORrbMY`ttZ~e#VNzEf$N93JIC{8xUO5
zi5lJ?p_A?4(Vm=cHTSp1={8pB^!1Lxu%#YOSLIhON|Jl2?qaIxtjbodN|h8`jDm}A
zFjq26a6Omz`(5MdklX!h<j3buh3FY}o2SZuBymge)5O0Jcx{}9g?hoSB^xN6w(sbF
zje(wgGhn_nq>IgKad*o^J%y|A1fSv+7tD7ntH7Wh)ts>}p}!5+TWrMKFL-Fw&w_E2
z$vzsi?EHNuGIzo&S{n6CV-scB!~vYy6@%@PEIa)<f7!Dwf7OgKu;`3)d>OSiIJ4TH
z<6%$Tx!CeQqGergM^2QOlrgK34UxYeKuEpmJGk$R^|<FVnVO^89du^Uiqy!0&g`78
zTtITX93M_s!+pFtpDfjhXHl~*wbw5H?5Heno@g05<et6$1ZnycS%|I$VdwZSrH(qt
zca8>3{iWZHX(5En)Yx9$mVZopzH)!?EHf>ddE(<BFg5VQxSCSyk?4LTnPM&LoBb%)
zy0_r9?&-kzQYMC^nUq4xLil!rQw=UhYp5CNdpF0Pc_&NatSGq7`E2=+JwwrNMh11M
zBlt^5o8nj_dA^CJrT2B&NIin$SrO%m^?iXRZQQ`T_10Nf@>r#v0p`!&&yp0R0Yrc0
z%!XbDAHK^7W&64ioWC8t6L0^BK-GPZN%>Gu7`4bcR5Z1)6XO!r*L<h~lK~QXyVuC?
znJ2gU`H<3l<)0Th8zbQx+INn3_xRkdt-&X((PAO8>ElgC==g|MvlMEoo(bnEGOn%$
z?``Wx;-0GMImQ}7{nCB#J_1FldFBVjICDH$pOahdemKk!eZBlu&-fyy=TdB1WHnaJ
zfBr)}Qky=^_4gU@hjb0^dXDsRTE1N!Uy1UDbIVzFUSDhJY)IR9VYfNMV%Exuk^A>i
zf+W@)3oph}_AI7u=C2r>$F<A7zsx-b6*n>ZY@SMQ&LMuEt2Fwf_$!#Gys!?^t4y?h
zsrpusvFnS9s~5TFw?&2kx);|C;(QvCZ)6yz4nUH41hFgE96gayvrePi#DzcM*fU6?
z#J_~WZqazVOK&}Elnpsl0E4eC&SEUPnEG?|jIA1wc9d$6d|qt1!k$QLyUQ^g{7FX}
zdc7#hD{Y8jqQk>~VkN8E%tWj}0bVRzbbhifKXU^9d(x0!{wf0m{X3BUr3zPR?+`Es
z-FX-FaPzVRD&mxCKa5KCJ~~zv50SZCLm(3E=B&nuVQrr7W(R%)8cHGYH=z@TCXd51
zVx1Q5FLCTJzZ|ijgU-1LwSw(%%{teS)o!Wa7gVgA_%>G;f7ni{%1xa|OxJ7%#*mgj
zPr3n*`_IQ@IsAFXBFPkd<5j%sV+JB4`&QPXYp*Nzn?B$#MwjEF$utN4aTSSCM<kn`
zZN_pTY=q<)ObwF3@*3}D#iaS(Mnr0np(U-ZM(U68dbP+s+jt6($5s;Sgd?h$MFr-U
z+f3>XyzG2C;W3hLyCvJC&M%2xh*EMv!v<Lath!=<_|4nn?;x-B2^1!Sf%#a^k4<-q
zT~JIH(`%b@<*hq@%VpaTKEtRUE2ZH%KjL!1eTFKXxw;w2zS`vL(m5Ghby|b*d~KCq
zzx!1qRk7a(dIjUb-D>HxG&d*plZd_l_oLCwUI??HQ~%O61`7~71>71k^O27&N(cU7
zf4W~3i{iXbH+H&p>E7P-Xf_W|5N?$)6GKl~)baT@Y35oobK(v0y*w|(Ag)qPW2pcg
zyh@m04SJu=DMPPT(T;hWrZqfl4$v`HXx-1PMDp^%UwL<$p}cRs3H7A>x<ciw%#Bxr
zv4ni^*zb+)he2_m<*GBH)21)+kX_7%C}H2hJPmSpHhK)=NFuyu>bsN+(0zBaS=p$Z
z-(u+RbusYGky`xY9($(85iy1$O74j8&VtQMtu>xbSlIUD$xn^cZlVnR+vS6LT6$h`
zX4;}r_n+^6+(Kp>&1zN@J@?!i_3RWlt^Tpmm5wZXN}ot>#!j@}PXajiVwBeXCO{ZU
z^p-n9O_EY~`mL336l$V_{dXn@^y|J`x<9%k07S-uq^WmJEK7*)VZjt3JI(@aGvDS+
z)ji169MwBRKP>3Fjih5NlPjbp1&eSS%$)t=a5_M+tu0#cg*yL`(dZu@{xRiWCbde^
zfB83_QM4;8geImLut0A!<|t+@h#*a)$Ou~XnW0I>DcFIB<yYfryOnVIv_+@LN}(?x
zBwrHM_=k_!iVrT;eE}at(>0Q2U{j?iJm$8Z^0!WK{kZ4uv-ogOGw+Ffqh00R|A(l~
zi+kLDEO)p-_dBEju>!P@AOX4KP@XBD)o4o1S0O@+8A?5c(N9aOR%}f?;z1GTwJ~ds
zie#(D3kqio2}HP6DU@(f2iLssRfs?bRG&*awnbiv_n%j@Q^w37CJ8^8Vq^KM^Qri&
z9UZ)@TtQb=3t1=fu*7&>^172(<y;)Sl`y1AZA4QmNfu|1!~z(B{89oPhoVq^KW@z`
zL=MY#pYo4^ERD$#;>bBg@Y}0}$?zP)s)!OIB}sw+O>ZwngHcV8v1Qy&ZN5iKnH~(C
zb%S+{l&@FOdig4rQQIlc;dB2$z4vVx68YG0c~~|Nx3;PdPxXnI>s`7AK1WW<;UOKL
zkubMLRWxap3XtwTuJ>`*EcYNbN92n$ze+J7t6Qkq%=RY?v5yq@hFNHQM-+0jdS4aN
z_z_$h@~2%E@qGl1!cQC~5MP!velpA~$LqSk`}L#iFl7PZnu9Xrs7t@`G1TlF&(i$O
zGw(-1LOI|T;+E+fM>Sgtv9js4Y^S|6u|P3;G!eme=ovz8HnCSwdx3(CZxo|?J_5d?
zT+}R@Dm#$9HC4eis9nUsyv94xo<!8csRM}n$}+Tiokj?JTM%r*XaOT(s+PDr`BLFn
zU{95mcp9UW+r!Qf>7RUXH3dlo6TX^6WJ%dV<bilAmfAfEuu%=)wOV*pO$Na<%h@X+
zG>c=<1*%V&J#o3v-(84*!CKzK=aCtaZ4GJNqoU=^Zv45i!K5;F68M6a)^83{lV+Xt
zbP}ZxIV?LCVIB?EN0-3m^~!?NYr>Axc`&VIp+a{VhwCKl;tg7|8PO=`;{`3z&bDK(
z<Y;f-DXR`nnA33j4iJmFd{-O1hh;m!oPxd|xW(CqtMLCWa%m8Y@FO~Y-HVxVB%lSo
zgz8=U_`3pNoVrppx2m3Tsy#EyF_RY`TMVzFq3zIAdXqKFwg)GoZIz>EPwQ3Wn|VJQ
zR<A!3ic;NlHU*SU3eqMTZe;9n(SswGB;dPj*MTENfkuAwCwO$ijZL!MC%N5}ao~2W
zlg+oz7AgTlZW52^n4TolUFeWoVC%~q-yzotn&<)xxfl;}!QNk!^==SPxm}T-=6RHD
zwGcrWiO{l>3hRy5q^L|$f!9@$*XLN8r?Uw>8PVr$=e%Sa2SZg4I^YoqLc7%e3Z}>K
z={+_b<bWm60sd#n03aHysoU3^-p3+5z+_bH$Lnn6N=fYt4-Q`t-7kL(564z1mzyY}
z4U{n@@G3R!q%Y|dOe?|{$gs3(!B`thrYl{9q$=$ijorAmk2ZeaTg!rGRwDNvI6sX<
zOG}=s8eYyA>Cyax-Vri9F@&3;2<df?iHiRFPNM(13jGp_R$vy4<5)Ia?~E%z(XVs&
z9dj^Q@2fe`Tn=XpV}>{zHvp4teELr(M>x+)ov*yu{7M2bZvJ4Oaf`W}5ziu#0p~YY
zdR+H&S&h&5^hmAH{dQ%jD$H&#YS5>sPOgGTUuo@TdN-}Wo1|@~VML+>W4Y(izT5R0
zqG9L@U=Y`fNJixSrJYIE`#j4jA<BxDT9|CsXRycU3GAsMyzpBJqV&z@5*EXiYIkvZ
zd~Tn{Jw`aG7CpU>9r%CRJI}W!x^9gJLJut<y-E=jBq&9sMFPQw1f)nWN=FDFLWq<=
z2mz6xf?%PD0YODV2~9c(k=`B!1*8*@F1^2j=RIG}hw~SlZ*yI<X3gGv&7Qet-}lT9
z<7>JyTFS?T%)ffwpX1LrZyRs#!s<N6GoM8GUIWtlq?vRYJ1VH@YJ(<5(`_)!X}oW1
z=hbJy47<VchGPXjsHYQ`3+se!6TF^?3*w*Yn4=CB;oG6PbY3;U9a)P(6F1z5YjcbJ
z3;A*IWdVDAY0D*2<LeDsc~<t8j@n*7<OsevTZX*&Gd2_SAr1A>Q9nfKSK>xc1iKIq
zzOeCNo7yFOzncWVuHZAToKRG%cF)y8Ot^Yu(8|4uu-I(n=qwkeC-u~DMP$v(1Udff
zA<%L`I+E-vp<Bf0Y(w(Mj`>;WH0`k9EyL_+jVM!7Pyv4HY?4d4Vw9t7{VW`{biik2
zyx0X_m2)$2);{ku6f|C(xMhO<(5&_5^X!m{P*Z<X@0Socr6bfO?rW>uJ{zT0W?s?F
zb1hx=XTEN7!i(R(`gI{;Wk;1cF1F9!)h`fHpT_{rx33l$ow?-HPRDyLc$p$>E7P?k
zhGRL`9$fz7T~L#6Xpgh4VK#6yzw7GZA6RJL+lH^>tAc4W*yTD~f_r#Q8LvlkdF2_I
z=Ivhp@r1<D;h4-fZ;FZvS<f4*os0jJmv1wEH}Zx>tpbTYB*9Wq;o)7EauWlawiW$a
zpv9g-A*>Snfye=hS~+6lbF1~Ir*J2$A}G&2Owz=O+9mZ_PxyacFV(+0F$Tou<xZ^C
zGb8?(i7Kkka-rFfM89*tQr)Gs^|mumx~bilUGbgNaiNUA8`>JVYv_!&nW;d0b5mJ>
zd+UIJd{7_q_qV+w74z9bJVIhclaSi9%P<~O<u;M=7svAGeYQ>=o<iz*7NJ`{_UZw(
zc+6W4)q<T|U!XR?(koh+N!2<aBJ_ZNr0$c)C_b3Fcck@xnyZya2}iv0vkI~ceUzOP
zj_N(Eeg@ffu_YucJs_h79lCeG5T4Mq`~V$BpZ<XAWX=I;N_%ej0+~R<j!`eD_BZw~
zxMy%~`Oq*03j?bc5F^3HuQL%@$)=PWwM>{>oAm?6D@l?%JJX?lBWFXV);+bTSK&b>
z0gKb{`AUKob>P;J{rX71Zb(ZjZ;VR2k6v8Tgx2lLCCr<4HK=X0lDqL8PnG)++@!Ty
zqK3;h?Vsaqo*}<@b6Zv5)xYm43<yZ@;)l97a>(vwsk5R-dP5qD=hF}bd?E;;McofL
z2(S}{A}7C0{I%rdVQbpSy+vE}J(@i6NEZ@i<sz1vdHt+MgpKw;zOTXR@{2*Bb{^Z;
z29e+DyCoDU|0HfUf?YINwH}@$s!I$9j-a$vFB+_V2rn}Xgf5$%VnUZ|DIe=kNL*}e
z9h>V{V@^l7w8r#q0%3zf&(E_DkP`onHvA$dt0*H6$@qC%oMSDWBST2&<QT?{zD7rS
zg#KRO@E25mm{g_`%e&s)>*pn35-zg+^>n14t719E$<&>f`d99m<@x^&z5jC%B6z{$
zObbEvE=1CQW%4?m2q3tD9v1(*20a;9iG6y{KlZ<vGfW)~dv?W7gD#2D!-LVwvuI9P
z`O_s|kx>Dx;wAxeq6F`!?|8$b`{@QPSU{k!l_h70>v)l|!)e0~Phb7?gl4Qr+2+%K
zBRh9!0K9(I1O$uH7bn%Sx<Dn}S1C_cV%$PY!kNQ+JhSdRjOIO2E3?NS++bh$mA5$@
zH3$*>*85y3LyN??^6(gPRb4YVci`=yEi;MGbCNerRMZ{Z>wkcClqt|62?Qx^3(u_y
zTv3~p-lwrET{+x}F-F_oh>s@{vLCxf?UHR}I}ESl#@-O0`h)`d;CpJy5{O3HkTEHY
zUo&+Q#{nHOM#t^Y)5xNMQ^x}vAu{4yw+H|`ctuFLn6k$gNm1=W%(W(a6@3ia8-MLs
zbYvJe@C$`UH$N6vX~`nB;jSWWxk}dj==7v8%WcX(oy$r=^eRxlHlw=@@H%^An$0V!
zwZsZzqa&_CRSXSx)ovaI)866qG(!BV@*vbhyOhZ)(LL+X<C|t$wK9CjiK5`x-C$7$
z%N{K~#aK$VnFoW(>CyTVJx0SXMKRgysz&oUlyV857GErobW{Ptb^fk!F@$8#iTcS~
zYC5aJC$i#s$AAjDhv>6i5v1&}Abr{LVA`mp1=84dA;3e^#ZlZOK8b0rlTY=fTxQ4<
z4T4mZIl`X41B!@p?heY<trmtGhvims-S{yV(*`{S8hsggR?Pd=a_y0jnS&C=8`<5+
z2NqLEj3x?xoPz?wHBZ!ZIcaUpO%BGpdwszngJb^s@UDSAdQmGb55ma7Q;Mm9ayFV%
zkPay!8J#>65i60A@YawB`U(}-5m<Y!hB_?e@|zS$?)8Y^Ih{aG&#laRX6@12yEPM;
zH>$~B%NziPMyPq6KQ-6zljFDy*-?AJncR}^6Juj1S-HrcrxI^o5;Fs5>HQGe3J!&~
zJZ+*8gg;;6Xc@c07nD+7-*RJ?I|2b!C3m^CJhxZ#kZ*4Sj{XB|__FDKQ&67x+eT8E
zb*pnRF|Y<?>!t5M$F5*pgXDWG>={9td}NKMiOYVX<DjYOz?M}!oFTKz<8oQ93W3P{
zKE^rd?q;^4wvIGESl4AAJjCp3M8Z{l6ou@YurfUL80$bABUXlVRH`Nq%}V^e5}kPX
zLj<8n#<DwR`{)zrZj|3U4T8f<go^oCR_N~QGy++Y2T(x#V8p|2!^4Gllx$`D{;na1
z*ffV1`m~u8^|v_dUCPA&IC7FF=i@dUtZLuJ)^3k)6v;6B5^ZB>mWXjb&12^0@5XKS
z-NLG<QmE%yPfs9^@V|43n?Q=~nKLPKS8z}Q@)&1gY|+mFg;l@Y1;e>&&on9kN+6;!
z7wGCCqxsGJ52#gICzrkz?C=AQiS&8j2xlDr7_xxOnMUaCJrFgvImEPUSzoSIdIfoX
z|6>alNoxA-Cf(LaBSr-KObW#jlh2W;TIyu<thu`RfRMA|V5C{yeTGm2z2n(R0n*fN
zt2LPV@K%nbX~@{=^D>fWGBN;L(yS4%Yb&*whPPKOqxo$PZ$%u%i@KBYZ!Z<*{j6oi
zQp2Mei^7UlmdsWc$fw>G@r~u0Y35}MC89jaV7%b?PgLWUzMEg}&2vE|_X{|#6dv}>
z%bxV)<pk^@uhYg>%gx;F{_db7mom*>ufHrTH1EMo0(s>LW4G!`{F#udi)&YgcB)zl
zvw5g|O$8RT%8oi1Y#%LF*A?eR1Z62Z-R<@mM)jT@-0Ryx%~dOY-FeO$x`^#3V3Jj<
zcX}$nMN9<ld;4iH$?n0vyF|Vy)lVHQKQT!~00LC@9lkB6SUPQQqtX^X`3SIzZ}b17
z3CyS{)9UDUX$(MKT=x>_<K;C)xhwAPtb)QFP_7P485$~lj|$ddSMF*EXLQ!TI>RG+
zgxy!8GFx3k&70Ob3$0T_qqO+%NGa>G4|ItV`pO}c?`oPIwd?0pp%=tcH$X9|MV#H*
zJFI~N1y?@U$_d<NqZJ{7)nO{2%=dodRHoSWEbW7JrusHfhVB$C4%B9fIr~`%W@|^Q
zHyFp3vco!9UdJxs1za&J7C^gZJHgC=zDEHP&mGi>8YCvVOEcp)`DKpVB-My5zr^~O
zUwd`kJ+^k*Hf?JLtzF@vV#!odgl<9)?@cqMtqsCt9JbE-TKBU@-$uQPJod31!lJ^&
ztg4FHs-z}X0vwU%wj*t&hq3+6p~5D!A~*r$lco@zZ@671r+_3zE~UJyQ`V~}w`AZN
z|Ffe$FYp{u%JiM#%jKd+75$?Lb(RLo!sj|9ZwIScYzOx84{x<FExgNo6y!tEUq-f2
zMZCxR=7uuO&+Z;S3bsF)CVAiYYRH3pu9%sSPxJMw|C)NW=Z}0T2s$mY>R$kkPrZ{h
z+K#gl$j03x3JrZn8~MF1^daF4461;WNvDs9srvH!8&Zuxs9oC-XeA3?=?fb;v`0wk
zyGhXc7R?)1&eqw!<z)O2ApS;>E~3_{_&bi{vln~$zT=~<WnMKwivNDU*3vhNo_a9&
zvL0lChkl=zos*y}XdRdY#k4lJ;zl|<BQ>fj1QS@}v20jYR_Fs^(~6`?K<2W)nlUG$
zpv?0(Dcf_8d^4B2Mn2H(j{BW2HoHN+_x(@q?vLk7zaid1VOJBedgn(fLyMM@L|6sZ
z+%>%<+|2?`(*rQ(tbwx0yYEO`&U)RJTczWid+i1Oq^z7&Ji1V$AQ!~<Sv&tv^P&lE
z?!xDesnY6Q3xq@1z`h+kv0!ud=0Wc3dsuWh(!fl8z<{Z_`mr1UaP;)Gg|_{j!8Y%A
zx6O%`13%&titKGAIXGSfDtOEt825A3JTk9w_~+J}a(RvZT|@oSNRy-*3c6}2z=y`z
zPBtI*nN4~`UL7~#4WsU^tX|v0F;EsaTc9x(+N@vzW-8n3tRINSw<L~-Ncyw*k$wJ*
zJ@$agoo<^{r2a-?Vt8@rMRfYSsfBYO@;P1O*HcnF;pYH=zQ%`SbyI`fBV<X}z%Nbc
zjl;|3CQfhCZD$MTgKh?nY(|W}G5r~K5dh#;fH437E3jAq0N}s^1_0_o--T%BwR+f+
zQ>?1_BI?f*c2GbcNuqD2s=(5nTM7VZEqZYQB>Um$SM!C52fvaz%W~|te*Bd*005r5
zjz<DkB^c~ExMR5K0D$V1d$Rv4Ijsx;)M;8Q020jt0F2>I;*Qf|nCC9BO&Hltj#c*4
Pb_1@%jSUK5PEr2>a_ga8

literal 0
HcmV?d00001

diff --git a/education/windows/index.md b/education/windows/index.md
index cc96968ca3..ee04b99e62 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -16,6 +16,8 @@ author: jdeckerMS
 
 |Topic |Description |
 |------|------------|
+| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | Learn how the Set up School PCs app works and how to use it.  |
+| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | See the changes that the Set up School PCs app makes to a PC.  |
 | [Take tests in Windows 10](take-tests-in-windows-10.md) | Learn how to configure and use the **Take a Test** app in Windows 10 |
 | [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) | Learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. |
 | [Chromebook migration guide](chromebook-migration-guide.md) | Learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. |
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
new file mode 100644
index 0000000000..f4966f227c
--- /dev/null
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -0,0 +1,262 @@
+---
+title: Set up School PCs app technical reference
+description: Describes the changes that the Set up School PCs app makes to a PC.
+keywords: ["shared cart", "shared PC", "school"]
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Technical reference for the Set up School PCs app
+**Applies to:**
+
+-   Windows 10 Insider Preview 
+
+
+> <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
+
+The **Set up School PCs** app helps you set up new Windows 10 PCs that work great in your school by configuring shared PC mode, available in Windows 10, version 1607. **Set up School PCs** also configures school-specific settings and policies, described in this topic.
+
+If your school uses Azure Active Directory (Azure AD) or Office 365, the **Set up School PCs** app will create a setup file that connects the computer to your subscription.  You can also use the app to set up school PCs that anyone can use, with or without Internet connectivity. 
+
+The following table tells you what you get using the **Set up School PCs** app in your school. 
+
+| Feature | No Internet | Azure AD | Office 365 | Azure AD Premium |
+| --- | :---: | :---: | :---: | :---: |
+| **Fast sign-in**<br/>Each student can sign in and start using the computer in less than a minute, even on their first sign-in. | X | X | X | X |
+| **Custom Start experience**\*<br/>The apps students need are pinned to Start, and unnecessary apps are removed. | X | X | X | X |
+| **Temporary access, no sign-in required**<br/>This option sets up computers for common use. Anyone can use the computer without an account. | X | X | X | X |
+| **School policies**\*<br/>Settings specific to education create a useful learning environment and the best computer performance. | X | X | X | X |
+| **Azure AD Join**<br/>The computers are  joined to your Azure AD or Office 365 subscription for centralized management. |   | X | X | X |
+| **Single sign-on to Office 365**<br/>By signing on with student IDs, students have fast access to Office 365 web apps. |   |    | X | X |
+| **[Settings roaming](https://azure.microsoft.com/en-us/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) via Azure AD**<br/>Student user and application settings data can be synchronized across devices for a personalized experience. |   |    |    | X |
+|   |    |    |   |   |
+\* Feature applies to Windows 10 Pro, Windows 10 Pro for Education, Windows 10 Enterprise, and Windows 10 Enterprise for EDU
+
+> **Note**: If your school uses Active Directory, [use Windows Imaging and Configuration Designer](set-up-students-pcs-to-join-domain.md) to configure your PCs to join the domain. You can only use the **Set up School PCs** app to set up PCs that are not connected to your traditional domain.
+
+## Prerequisites for IT
+
+* If your school uses Azure AD, [configure your directory to allow devices to join](https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-setup/).  If the teacher is going to set up a lot of devices, give the teacher appropriate privileges for joining devices or make a special account.
+* Office 365, which includes online versions of Office apps plus 1 TB online storage and [Microsoft Classroom](https://classroom.microsoft.com/), is free for teachers and students. [Sign up your school for Office 365 Education.](https://products.office.com/en-us/academic/office-365-education-plan)
+* If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](https://msdn.microsoft.com/en-us/library/windows/hardware/mt703369%28v=vs.85%29.aspx)
+* After you set up your Office 365 Education tenant, use [Microsoft School Data Sync Preview](https://sis.microsoft.com/) to sync user profiles and class rosters from your Student Information System (SIS).
+
+
+## Information about Windows Update
+
+Shared PC mode helps ensure that computers are always up-to-date. If a PC is configured using the **Set up School PCs** app, shared PC mode sets the power states and Windows Update to: 
+* Wake nightly
+* Check and install updates
+* Forcibly reboot if necessary to finish applying updates
+
+The PC is also configured to not interrupt the user during normal daytime hours with updates or reboots.
+
+## Guidance for accounts on shared PCs
+
+* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
+* When a PC is set up in shared PC mode, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Start without an account** will also be deleted automatically at sign out.
+* On a Windows PC joined to Azure Active Directory:
+    * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
+    * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
+* Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. However, any new local accounts created by the **Start without an account** selection on the sign-in screen (if enabled) will automatically be deleted at sign-out.
+* If admin accounts are necessary on the PC
+    * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or
+    * Create admin accounts before setting up shared PC mode, or 
+    * Create exempt accounts before signing out.
+* The account management service supports accounts that are exempt from deletion.
+    * An account can be marked exempt from deletion by adding the account SID to the `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\` registry key.
+    * To add the account SID to the registry key using PowerShell:
+        ```
+        $adminName = "LocalAdmin"
+        $adminPass = 'Pa$$word123'
+        iex "net user /add $adminName $adminPass"
+        $user = New-Object System.Security.Principal.NTAccount($adminName) 
+        $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) 
+        $sid = $sid.Value;
+        New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
+        ``` 
+
+
+## Custom images
+Shared PC mode is fully compatible with custom images that may be created by IT departments. Create a custom image and then use sysprep with the `/oobe` flag to create an image that teachers can then apply the **Set up School PCs** provisioning package to. [Learn more about sysprep](https://technet.microsoft.com/en-us/library/cc721940(v=ws.10).aspx).
+
+## Provisioning package details
+
+The **Set up School PCs** app produces a specialized provisioning package that makes use of the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294%28v=vs.85%29.aspx). 
+
+### Education customizations
+
+- Saving content locally to the PC is disabled. This prevents data loss by forcing students to save to the cloud.
+- A custom Start layout and sign in background image are set.
+- Prohibits Microsoft Accounts (MSAs) from being created.
+- Prohibits unlocking the PC to developer mode.
+- Prohibits untrusted Windows Store apps from being installed.
+- Prohibits students from removing MDM.
+- Prohibits students from adding new provisioning packages.
+- Prohibits student from removing existing provisioning packages (including the one set by **Set up School PCs**).
+- Sets active hours from 6 AM to 6 PM.
+- Sets Windows Update to update nightly.
+
+
+### Uninstalled apps 
+
+- 3D Builder (Microsoft.3DBuilder_8wekyb3d8bbwe)
+- Weather (Microsoft.BingWeather_8wekyb3d8bbwe)
+- Get Started (Microsoft.Getstarted_8wekyb3d8bbwe)
+- Get Office (Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)
+- Microsoft Solitaire Collection (Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe)
+- Paid Wi-Fi & Cellular (Microsoft.OneConnect_8wekyb3d8bbwe)
+- Feedback Hub (Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)
+- Xbox (Microsoft.XboxApp_8wekyb3d8bbwe)
+- Groove Music (Microsoft.ZuneMusic_8wekyb3d8bbwe)
+- Movies & TV (Microsoft.ZuneVideo_8wekyb3d8bbwe)
+- Mail/Calendar (microsoft.windowscommunicationsapps_8wekyb3d8bbwe)
+
+### Local Group Policies
+
+> **Important**: It is not recommended to set additional policies on PCs configured with the **Set up School PCs** app.	The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required.
+
+<table border="1"> 
+<thead><tr><th colspan="2"><p>Policy path</p></th></tr>
+<tr><th><p>Policy name</p></th><th><p>Value</p></th> 
+</tr> </thead>
+<tbody>
+<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>Control Panel</strong> > <strong>Personalization</strong></p></td> 
+</tr> 
+<tr><td><p>Prevent enabling lock screen slide show</p></td><td><p>Enabled</p></td>
+</tr> 
+<tr><td><p>Prevent changing lock screen and logon image</p></td><td><p>Enabled</p></td>
+</tr> 
+<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Button Settings</strong></p></td> 
+</tr> 
+<tr><td><p>Select the Power button action (plugged in)</p></td><td><p>Sleep</p></td> 
+</tr> 
+<tr><td><p>Select the Power button action (on battery)</p></td><td><p>Sleep</p></td> 
+</tr> 
+<tr><td><p>Select the Sleep button action (plugged in)</p></td><td><p>Sleep</p></td> 
+</tr> 
+<tr><td><p>Select the lid switch action (plugged in)</p></td><td><p>Sleep</p></td>
+</tr> 
+<tr><td><p>Select the lid switch action (on battery)</p></td><td><p>Sleep</p></td>
+</tr> 
+<tr><td colspan="2"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Sleep Settings</strong></p></td> 
+</tr> 
+<tr><td><p>Require a password when a computer wakes (plugged in)</p></td><td><p>Enabled</p></td>
+</tr> 
+<tr><td><p>Require a password when a computer wakes (on battery)</p></td><td><p>Enabled</p></td>
+</tr>
+<tr><td><p>Specify the system sleep timeout (plugged in)</p></td><td><p>1 hour</p></td>
+</tr> 
+<tr><td><p>Specify the system sleep timeout (on battery)</p></td><td><p>1 hour</p></td>
+</tr> 
+<tr> <td> <p> Turn off hybrid sleep (plugged in) </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Turn off hybrid sleep (on battery) </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Specify the unattended sleep timeout (plugged in) </p> </td> <td> <p> 1 hour </p> </td>  
+</tr> 
+<tr> <td> <p> Specify the unattended sleep timeout (on battery) </p> </td> <td> <p> 1 hour </p> </td> 
+</tr> 
+<tr> <td> <p> Allow standby states (S1-S3) when sleeping (plugged in) </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Allow standby states (S1-S3) when sleeping (on battery) </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td> <p> Specify the system hibernate timeout (plugged in) </p> </td> <td> <p> Enabled, 0 </p> </td> 
+</tr> 
+<tr> <td> <p> Specify the system hibernate timeout (on battery) </p> </td> <td> <p> Enabled, 0 </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>System</strong>  >  <strong>Power Management</strong>  >  <strong>Video and Display Settings</strong> </p> </td> </tr> 
+<tr> <td> <p> Turn off the display (plugged in) </p> </td> <td> <p> 1 hour </p> </td> 
+</tr>
+ <tr> <td> <p> Turn off the display (on battery </p> </td> <td> <p> 1 hour </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>System</strong>  >  <strong>Logon</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Show first sign-in animation </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Hide entry points for Fast User Switching </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td> <p> Turn on convenience PIN sign-in </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Turn off picture password sign-in </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Turn off app notification on the lock screen </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td> <p> Allow users to select when a password is required when resuming from connected standby </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Block user from showing account details on sign-in </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>System</strong>  >  <strong>User Profiles</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Turn off the advertising ID </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components </strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Do not show Windows Tips </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td> <p> Turn off Microsoft consumer experiences </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td> <p> Microsoft Passport for Work </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Prevent the usage of OneDrive for file storage </p> </td> <td> <p> Enabled </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Biometrics</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Allow the use of biometrics </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Allow users to log on using biometrics </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Allow domain users to log on using biometrics </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Data Collection and Preview Builds</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Toggle user control over Insider builds </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td> <p> Disable pre-release features or settings </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Do not show feedback notifications </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>File Explorer</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Show lock in the user tile menu </p> </td> <td> <p> Disabled </p> </td>  
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Maintenance Scheduler</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Automatic Maintenance Activation Boundary </p> </td> <td> <p> 12am </p> </td>  
+</tr> 
+<tr> <td> <p> Automatic Maintenance Random Delay </p> </td> <td> <p> Enabled, 2 hours </p> </td> 
+</tr> 
+<tr> <td> <p> Automatic Maintenance WakeUp Policy </p> </td> <td> <p> Enabled </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Microsoft Edge</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Open a new tab with an empty tab </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Configure corporate home pages </p> </td> <td> <p> Enabled, about:blank </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Search</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Allow Cortana </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td colspan="2"> <p> <strong>Windows Settings</strong>  >  <strong>Security Settings</strong>  >  <strong>Local Policies</strong>  >  <strong>Security Options</strong> </p> </td> 
+</tr> 
+<tr> <td> <p> Interactive logon: Do not display last user name </p> </td> <td> <p> Enabled </p>   </td>
+</tr> 
+<tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> Shutdown: Allow system to be shut down without having to log on </p> </td> <td> <p> Disabled </p> </td> 
+</tr> 
+<tr> <td> <p> User Account Control: Behavior of the elevation prompt for standard users </p> </td> <td> <p> Auto deny </p> </td>  
+</tr> 
+</tbody>
+</table> </br></br>
+
+## Related topics
+
+[Use Set up School PCs app](use-set-up-school-pcs-app.md)
+
+
+
+
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index 742aed682d..64dde75a76 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -11,7 +11,7 @@ author: jdeckerMS
 # Set up Take a Test on multiple PCs (Preview)
 **Applies to:**
 
--   Windows 10 Insider Preview 
+-   Windows 10 Insider Preview  
 
 
 > <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md
index f62fa9805b..e1c6bb189c 100644
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@@ -11,7 +11,7 @@ author: jdeckerMS
 # Set up Take a Test on a single PC (Preview)
 **Applies to:**
 
--   Windows 10 Insider Preview 
+-   Windows 10 Insider Preview  
 
 
 > <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index 1360d736f4..7d15a79d72 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -11,7 +11,7 @@ author: jdeckerMS
 # Take tests in Windows 10 (Preview)
 **Applies to:**
 
--   Windows 10 Insider Preview 
+-   Windows 10 Insider Preview  
 
 
 > <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
new file mode 100644
index 0000000000..2e0fd6199b
--- /dev/null
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -0,0 +1,142 @@
+---
+title: Use Set up School PCs app
+description: Learn how the Set up School PCs app works and how to use it.
+keywords: ["shared cart", "shared PC", "school"]
+ms.prod: W10
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Use the Set up School PCs app
+**Applies to:**
+
+-   Windows 10 Insider Preview  
+
+
+> <span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. ]</span>
+
+Teachers and IT administrators can use the **Set up School PCs** app to quickly set up computers for students. A computer set up using the app is tailored to provide students with the tools they need for learning while removing apps and features that they don't need.
+
+![Run app, turn on PC, insert USB key](images/app1.jpg)
+
+## What does this app do?
+
+The Set up School PCs app helps you set up new computers running Windows 10, version 1607. Some benefits of using this app to set up your students' PCs:
+* A computer set up this way is tailored to provide students with the tools they need for learning while removing apps and features that they don't need. 
+    * Places tiles for OneNote, Office 365 web apps, Sway, and Microsoft Classroom on the Start menu
+    * Installs OneDrive for cloud-based documents and places it on the Start menu and taskbar 
+    * Sets Microsoft Edge as the default browser
+    * Uninstalls apps not specific to education, such as Solitaire and Sports
+    * Turns off Offers and tips
+    * Prevents students from adding personal Microsoft accounts to the computer
+* Significantly improves how fast students sign-in.
+* The app connects the PCs to your school’s cloud so IT can manage them (optional).
+* Windows 10 automatically manages accounts no matter how many students use the PC.
+* Keeps computers up-to-date without interfering with class time using Windows Update and maintenance hours (by default, 12 AM).
+* Customizes the sign-in screen to support students with IDs and temporary users.
+* Locks down the computer to prevent mischievous activity:
+    * Prevents students from installing apps
+    * Prevents students from removing the computer from the school's device management system
+    * Prevents students from removing the Set up School PCs settings
+
+
+## Tips for success
+
+* **Run the app at work**: For the best results, run the **Set up School PCs** app on your work device connected to your school's network. That way the app can gather accurate information about your wireless networks and cloud subscriptions.
+    > **Note**: Don't use **Set up Schools PCs** app for PCs that must connect to enterprise networks or to open wi-fi networks that require the user to accept Terms of Use.
+* **Apply to new computers**: The setup file that the **Set up School PCs** app creates should be used on new computers that haven't been set up for accounts yet. If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost.
+> **Warning**: Only use the setup file on computers that you want to configure and lock down for students. After you apply the setup file to a computer, the computer must be reset to remove the settings.
+* **Turn on student PCs and stay on first screen**: The computer must be on this screen when you insert the USB key.
+
+![The first screen to set up a new PC](images/oobe.jpg)
+
+If you have gone past this screen, you may have to reset your PC to start over.  To reset your PC after you have completed the first run experience, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
+* **Use more than one USB key**: If you are setting up multiple PCs, you can set them up at the same time.  Just run the **Set up School PCs** app again and save the same settings to another key. That way you can run set up on more than one PC at once.  Create three keys and you can run it on three PCs at once, etc. 
+* **Start fresh**: If the PC has already been set up and you want to return to the first-run-experience to apply a new package, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
+* **Keep it clean**:  We strongly recommend that IT avoid changes to policies unless absolutely necessary, as any changes can impair performance and sign-in time. Get more information at [Set up School PCs app technical reference](set-up-school-pcs-technical.md).
+
+## Set up School PCs app step-by-step
+
+What you need:
+
+- The **Set up School PCs** app, installed on your work computer, connected to your school's network
+- A USB drive, 1 GB or larger
+
+### Create the setup file in the app
+
+The **Set up School PCs** app guides you through the configuration choices for the student PCs.
+
+1. Open the **Set up School PCs** app and select **Start**.
+
+    ![select start](images/app1.jpg)
+    
+2. Choose **No** to require students to sign in with an account, or choose **Yes** to allow students to use the PC without an account, and then select **Next**.
+
+    ![account required?](images/setup-app-1-access.png)
+
+3. Choose a Wi-Fi network from the list and then select **Next**, or choose **Manually connect to a wireless network** to enter the network information yourself.
+
+    ![choose network](images/setup-app-1-wifi.png)
+
+    - For a manual network connection, enter the network name, security type, and password (if required), and then select **Next**.
+        
+        ![enter network information](images/setup-app-1-wifi-manual.png)
+    
+4. Insert a USB drive, select it in the app, and then select **Save**.
+
+    ![select usb drive](images/setup-app-1-usb.png)
+
+
+
+### Apply the setup file to PCs
+
+The setup file on your USB drive is named SetupSchoolPCs.ppkg, which is a provisioning package. A provisioning package is a method for applying settings to Windows 10. When Windows 10 refers to *package*, it means your setup file, and when it refers to *provisioning*, it means applying the setup file to the computer.
+
+1. Start with a computer on the first-run setup screen. 
+
+    ![The first screen to set up a new PC](images/oobe.jpg)
+
+2. Insert the USB drive. Windows Setup will recognize the drive and ask you if you want to set up the device. Select **Set up**.
+
+    ![Set up device?](images/setupmsg.jpg)
+
+3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
+
+    ![Provision this device](images/prov.jpg)
+    
+4. Select `SetupSchoolPCs.ppkg` and tap **Next**.
+
+    ![Choose a package](images/choose-package.png)
+
+5. Select **Yes, add it**.
+
+    ![Do you trust this package?](images/trust-package.png)
+    
+6. Read and accept the Microsoft Software License Terms. Your last step is to sign in. Use your Azure AD or Office 365 account and password. 
+
+    ![Sign in](images/signinprov.jpg)
+    
+7. Select **Use Express settings**.
+
+    ![Get going fast](images/express-settings.png)
+
+8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
+
+    ![Who owns this PC?](images/who-owns-pc.png)
+
+9. On the **Choose how you'll connect** screen, select **Join Azure AD** and tap **Next**.
+
+    ![Connect to Azure AD](images/connect-aad.png)
+
+10. Your last step is to sign in. Use your Azure AD or Office 365 account and password. When you see the progress ring, you can remove the USB drive.
+
+    ![Sign in](images/sign-in-prov.png)
+
+    
+That's it! The computer is now ready for students.
+
+## Learn more
+
+See [The Set up School PCs app technical reference](set-up-school-pcs-technical.md) for prerequisites and provisioning details. 
+

From 6bebf4c3a5aa88dca328bbac824c9fe28dcb9933 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 26 May 2016 08:46:34 -0700
Subject: [PATCH 08/92] fix link, art

---
 education/windows/images/license-terms.png     | Bin 0 -> 184465 bytes
 .../windows/set-up-school-pcs-technical.md     |   2 +-
 education/windows/use-set-up-school-pcs-app.md |   4 ++--
 3 files changed, 3 insertions(+), 3 deletions(-)
 create mode 100644 education/windows/images/license-terms.png

diff --git a/education/windows/images/license-terms.png b/education/windows/images/license-terms.png
new file mode 100644
index 0000000000000000000000000000000000000000..8dd34b0a18da1dcba98834674bed57d26c3f3b79
GIT binary patch
literal 184465
zcmcG$V|XS_|1BC#Y}>XcwryJz8+Sb69oxo46JsW}t%+^xj=kr3-uJ)H*<a6f_J{7i
zs=B-C>aOalwSH?=N2(}EBf;atgMon|$;wEmfq_9Vf`NhS!9xGd5!{C^|9b#;Q<D}0
ztC=D^`I~_HCaNe3238-B@MikuZyL^7M%N7t47u;04IGPB?)%?NTz5$wcXcN#cP~>{
zOE70s8%K9$M@x57PG(kSUVDxJB`~nhAXy1f4S>;kCrl3J;G)o*!sf<GPI^-))lrV9
zis+~erX*Tpu&%^l4&-4390qyBJ|*u_PCrDp+h%5N?vr5Iw{U*fUWTs6_wM7RX(!*Z
z_O{bM73vEfc|U6|7q^F41XT*f!r-y!HOgCp3-8~5{!h}NUIi}t-+YzA-6)`(jz;-^
zPH78h^cDTjExU#2*#F%7_tYR3N^0GIuc5C2l!r?Gr&tx2L2)X^|6CIm#XwANs(LdW
zJk<Q`vQz(W`A_=0Ah_s5<+~5<;N+*Rxn46!cn0vYah&UJ*mxLPGou5|uI~(Bj`>QO
zp2j^`5X}U%rAE3XBGg~ye`yb&vy%d|Q(sT{b2a}~zUve{PQl10C7ieCv6@Z}xogoV
zf6Unu>Gs<F{g_ng)PPO?2}d`&oY@t^v|6gWCYH@yPFNy518nJ&+y)KC-eWri__`M-
zTHT5K_=(>njT$Hfc+$JGQ^ly`?b!Lmh=^rrx;^N-gp#Yg?#u0Txjwt$dFgjJo}q-3
zl|>Wi!pj!M2j*Rzf*}v7|NCA8<=?#f$T=9K8@5+&Icu(RAT(T|e94XhO~_xdJG~IN
z1HB0pnE5t7D>&K=U}YPY>yN8vukF2aev}-8zUfJPYepbr{(w$OvZcXaj2cRayGOH~
zxy@mD3q<h58M?QP$(u|%w*MrVIDVs<A(UFRvUm))#wC%<)#?7k;4x%vh_(JP^<m3j
zh)5K9Hx)m;8)uib{aT%w(N2Nkw7E*Ok{{DwwBfz%*#^5K`a@65=+n4a`rj74G48cQ
z#a`*i>n`s*M0oOQIYEUVV;W)jHIx62LbPfOej5`3D>a|BgZuX4B;p>iYt4c{34d?a
zU-uS9CZfA=m6OwdB9*!UzVsR0z_vC=&(Fx6l*%wLEmzOPO_TFEzrsPrASyNC?@Fq-
z5KDvi7Tw52nMk3(D6#Pb`=|Aczk|!1Deu)xFc=YEA*&T>-pDv&SlB46L|^&)#GxO7
z)_>kFi@^szw%Ez-r$l#cs}5!0sxZY~{H}o<G@PWX8jrgV(L?S8xM2F%H?<oUXuiE4
z<tBHwSzxfb35l(kFMUl>0>)2aN6ewZQ-M)9utS<j2K2eYZ)Qi#1B1Ip^c#P7h@U4N
zBsj@OAX08lSn<_G3B<tE%z9yYYKY>KChHX*INxb(F$NB^NHm!m9ALO?qE1^LWr->|
zDh~1pQ-?5}(Z8R8f%lVq=mAUr$z2T-ul_(a*a-bi_!lupu7gxx>2+R#{4qeo$b#@V
zS#u_cp`+Pn>e|5b<VyM|#>*pGZ`rLBw)G%|N=eR2c8)Tj@UeNK50IWghBlmO6yt`M
z!jK@Kc3XjQkDOuS61{CUR#>dDZ>6GrCh3?AX8~TGqPZKnDf#C!kX@X@rUdbW-SWCQ
z*s>!-Mz>iN*Mwzu-s+oQ_L66io!<|?sOqRr*OI&+F@c)eiQ4!DWoEvW&B%@N35xs(
zQzPWMpWdov5jF!-;161)p;CR8WYxzSeV)CpD~M9(0^0DvKVQ!1nL1%h7L+vTxxZzW
z2nhVQos8e6VdcNqs&5mJeXdPJ@euR5HEw<%yo#54UIm)!3S;qicVP5FZ**g)uummy
z(q+7lIfsU4)}MyJUEAkJJ(k^-g@DG&MPXh~<{?!YUeI`&l?GRpokaKW6Dj%Jdy-J3
z*AuNEAATJ6QCUR9oj#a4s5ZT+E^`ZqH$9`6gEDG1?`d#07q?w<jG{5dY4+B?Hq(mo
zO6QdzEAO7+gfoB+($aI0wdIFj-*N?2>Tg^$9DER816nYuvlrjqF$Br;havg@^vBg+
zg?sdy(;D5QZgza?^(X;fwH-rvGKLNZLi+i4){92#oV*Dux|RAy?DXe^nu59&K;pg&
z+%P-I6_BZZ)!C)nGs<3thPhDdo|@uS`7Q*Jn7OSQIO7(-`B-gD<Z}#p;IIgYB?n)m
zZ}vltjQXgQB@K190-++6L2g^eHMBY(q>R}l(l<^hd-ZHYsIsC2-R(rbpC4&eQT&`C
zt9<jNc793+%|8PUg6ysjLzcXkE})XIlTx*>x}h0_@um9?deoaALV+iF1nY>(D7N8d
zhpN9l;N=cCVpB3q2n_+k_WJn+{+E(x`?y!T2LBlgnnR(#26zW8bwOEB1~5wNy02M)
zrg>aQAz2AJ<JeF=aW(^OQEjEOSWkZ)IOEC6&{xh@`V-j$0$97&oT0}(^GZlS+gT5z
zEw`uP$3hNlzlmkkVW+Q!Vp-o09Y^RIO|K#e?FG`JgXswtuav~i{4l2ixRD8vOZR~H
zWxP*bW(rGuxEt+kQXTaW<DU7qn-EF55H9O~yl*P|XSzHYOD8wO`l4*z?Qju_S3+%s
z?SYy(Ke@j*s?ty-8_pMT>n%n1R(|ym*(ysfQWB#@K1?y$>T1m3`N_YDKM!5;MU%Ec
z?|K7N?Ci~Xyj6ouZM1>Qb(I}*o<m+sjKwX${hMR6t(C$kvl-`AEgB8)$8gBkCUWW9
z?bRck;-V-E5$tOtSWD~@{0d63?h8Sn@0NbavOabOb2c}sqOHXCMXPV3szF%zdZ3#h
zO-D0`hd99Z3o1#eKraS~oz!N`jZVW?B81<$md`}i>imTLK3t*U2Z-$WvljcqA{Vsi
zh$@$;oN};3H1hGJoy)<f$;ekpDNM_r(9MBOTC*G}wimDaRvm(N3_`|k5U^a&n8@D~
z5Eq}d;~$56w76`}HpcXF_9IjbHrU`GODCkKYmjE@tT?;c+6hWO>R`%bbJp$6ZkGuA
z%hX|de$1QhzA}JQIP7(6YUspG=i$a6Bbm*3j|u#VKpNCU!eEO!U_186sDESSteTQp
zyvoLCGg)0)QxQut^Wdr9(ZL?GOrxsn`e!;88{C3Um)421=x=nwx2oZdTYq!K4UK^k
zf#S_|L_Ar+g_*+IJ3L{)qQS(o@5%ET+6F3?-Q@5H@i|a=h7pbP>QP_xF0e3a<nf&>
zb%JXtbt1D&tN@R?mtlRFMWo4;kdXb@v4QOJ&bMdd-U`!nQ^0Pg%|NV|rkcn~;!K3-
ztzI}h(;ES|ONq1Lz+O>4hfr1;np>oF8mR#nm#r(rchqnCI+3M{7%q1q^)pTWU&_%g
zsYu=1_JCe}US6KPM|R4)c_=#A1aLrsO9u~=LEmDN@7UVPSzl%{7b#TvZhL8)a`{MJ
zsRAkX5@#f5R7vuL;O7s|2b-fG)$+Fkm-fW^Kp(aRt8v;ikHg2z_p=8l-n0q~*L-*M
zFh0pm)q$R1=$Fsn&npK}8_3=K_-FA)W^?+K{AS`SxXo_EK00g;V6J0C*4$B{B}$yX
z7Pqs0|Eha8K^{AJNRM=7^1Qp$B9Sjek}4Yx=&e6D3msc6i2sB%CDXMvpn)E?iBD6<
z*}0BW-vn^eOvonIjWAV!=%I$CdtNr6nz9?fUOh`7Oq)VPfhbpJkjYZ<?Lse;mC|6Q
z&)4<f#~J9+M$^o}ok;^tb8%luPLx3<!;ntQmXt_EyM4~r$u7q(N6j+H`Y~d#B_BWX
z{(}Oy(9@Sf5Gcs-7nMZD4@a#RejqomcCYDi*Mvd2p&G<gNzlOIEwrQY2BSGmuI~8T
z(gerR1$WQ(X1rZsH_7cpv=$1`?S>{Qadr2Fvn&x7LQ?c504UKY=!!L6o6@U}Prj4m
zF%N|7AGL4A73->T+Wv{TsaZjlITVuq)|k+7tgGP?p{h_8Y8+YxOBq9Pr{V}ti88y?
z3|JB=)3&W1YQObVhmw_aFGoD_HUeIK%@vP7j1)1;aDCkw9__3LDDypB37k!8gTB2r
zys`Ur-(wo#uN<;Fs;g|V6XX%jAx^*5A%&e#GO$hX$GpsnI_bE;K8G!|G%A~0Zj6v7
zWgY%1lF>T8>({{!{HQlwcA-Qtb`TIvej2NtO(JQ%S&QQY!4iziXF@CvdY<N)SBR-W
zS-!3OVq{mRdZ4ZXO%W#%Qe8c<>g;o85CSuFei;#Dhm_=HmL=em#RNxd#BTf5Nno&x
zH{ggRQDm!W3vf4HB2xYkZOHhVbCA}iF&gy`s(!0>@$PJinTcH6)Q=SP@(&3>@teK?
z-s*pjZkeM7b{Fq)jGssIkaR*X{i+CISt0>WU5JqrAsDtb49=?Jxyh*-Ra1=?nw$C&
z5p864xLRPl+%Zy^CyI8>R+uuz?Wc(9TS%Hk^fH8;4kXg1XzL{!83bKc+tL;Le%WQ^
zh4@TutMd1NU2U$0G{l-7)x+r>9FZgS3s4U_e~r6$50y+sPSH@M%iKVXh@<2@Q^I7G
zk%m!#5P!~9+hx5dGmI#uQ2cR$nOmWS=}_l+#QP`CvIAjh)&O3MKg)PQWknFcjKk*M
zrxqYdt>^&Dz3nW;b~=<az_Wq7#P!A4f#+gDKc`igfQ$|qXQ~v(Hw0pG+nLm$Qd~T#
zI~%&G&+YNPcX%F}EbB*|US|DEGAXa1J1xeR17F1i=<Yme*ARxHktiSuQ^$S<Mc|`R
zWzIXYK56|^`T72m-lO<m_Ve-ZB;P-EEEAW8LD8Wv){}-?As~h?D@GO|W)S8~s2l3L
zwV+t<G*rEOyE3_avG(9EM9d)6iI+$S%Wtrm37yNs8BYn~#rG}>rMOydf#p<=>ZuQV
zG@YjT>TSt-VKlZ5+SH+x4DG2xC3IpBOPHyM2e^H~cHjpd%tM=<`F<^ODu%kM8p_XQ
zYJvTsAawb_!n%bTvXsM2CoqkZOjr%DB7F$p0QW7gG(LjlpxIrMu1Tfw)rCwNs=Xum
zPFZX@sblFi${}8NRk?<#OYZi!;=O&A$0G4Y0PevTo7qBGl*JtlrTSV3W)-bs&4`6(
z=T$NBBsaq)=;hDnNu8T>u=V*$AwHTgGSM>0)c(C_pP(Fh(V{Szy~QPMvx6y(iR?L)
zabw~rRiZPxfwSoZ&eU)J62vHxH>y5YVjMoK{Pe^xzu=EsLY=IC5&PBclR^tL!}c5L
zh3|l`MWm<iW!Xg6=@J)mouvN4WIjkV&qpL<)kM}|s9yH3!CVslU<hZ66@Eu*=<HBP
zyx9xi+dK&r9-wOsee`d^@60!fSa_W>om``EdF;{J95(nIH=1QpbU8~Q!nPO)jpsI9
zZj=wuzC`=uMH^_jQ|?NzH;oF89`CnxKGX8JXm*ScJw1-GQfypEq&rmBy*7qRNlHmI
zJNBwbIT&_uN9(6pK|==QhH*Sy!yPX(0s@7$f;W}lqw<<=zgOI{feuP&YhC-Uoe(dC
zMXWqBKCf}oijMvmyPO-a9V)aFqioI$wbQOD%dkL@wb*~@D&7(&^Zu77?|ync<)fv2
zg4OP&X?wS*aLmT+(YV#0DSTWt{}DLn&kcdkyjQUzc)RA6!CSpGFs(q6MJwcKJb;=%
zFeIfxX;(fd(7-l@mxT-EnHn)69H$+cC#mgs;Naew%;qary;u&c_G-m_`&hXmWtlfd
zK!Y{g<UPPz4&+2=pMpNkj^AK>%v1NKw1IZQ`@{&2)oFijYRFbs3GyHQFg&bD<{e4#
zsyTKaVXhcZ+)$U1I{%~(5s`r(m3HuM&D&?#PcSuaTNq|QKsKEPy^k<9_$(n)g;T^>
z%EZBi?YU+K?^E34VFY8emH_tm?ptm)764a^j^*h|+f*@KX2!HDCoXg>m-7*b!V*ii
zILRZYw7cvJs{f&TPH(m7*wwqJf=_@;rI_P&T!+;^57lg@EfYB-)v%q|Y_hXsA5@(x
z<#6-qBqEcvf<CcV7ltTg4XJC=0#~!-%yeqr``Ruk5YMS6xweiCo|3!xP0OwV%4Fzh
zWR&nh$TwmUd=UKeQEtE720meCAqx{ba+qU2oSBfjTp&lGZ<DSrWm=9W8}P+LP_c;)
zeX~x`O#+fiib^}Qy843OZ7ehRN+BaN^IQRaEb}K)0DIbC3m1l)eH4D1TGT)GMhLW2
z;E97ZV({aYGgU?cLl4$6=%Ct;SV|mj@2kj>B!fy>cbS;HtaTKrP6X!qgZwaB#<s|d
zfd_K+y`iLjN^6NE#yTo+*H??NWJ@Cgw_>HW<~-5IQrU=9$(Dvo$-aXyx0{`e^=`Z>
zbZyd~@B>2s=~5)I-4Z$-5(8e&Xx3bMTY8wpP$%^?)v#Agt05P)8{b8>xg-(d)(L1N
z3izd08%es6uQr!Q&oW@qs#BYSSWi?Fje=#3o%-9pz3g-m@Bu6bqzknBq5J@WPJZsb
zETK@;#T=Zt_fID`0mpMZXo?xe$@r=O7X@E?zPu2~6G<a<XSQR`5r)Uj0Gs({UcIFV
ziE%wjO~!=dvSPO-g8}F$L)ZhFfrwT+CDW}|wW@3(cz?YGG4<1#A}JmzFU8(cZO5MP
z52KXMLPx%ADshRF3M|d$p-`;vNLN)oEsposz2e%%{u{WQg-EN5Q3LyA)h<sP1f#Js
z7BUm?2n;uO)4qw%qdJHe8&H#(zje(hr96KAg*_*+QS>z4V3zdsc6ApPL7+cs?OGlw
zZ8nPfot&*GFPss>qXG;Hf9K|dqrh2d8=iDqNJ>ni(_z!0{jOsf-bop1{RR1fvORt?
zC%wP4W>PiJacr7NQZ|)nkB_D}V3PLEA?L@4L0(ooL{e34*`0V}R-*M7`-8PE0Yg4<
z)t_jAjUUT8prcx?yPFjw(ssGmSM7xV#Kp4rrZKQxkh`SCQ`;faU7-=ZoZXq6LNo<{
z_LRue)2m^x-7CS<SLb0=EJ(veN8#JUG_}$`Msz~DO-rwFm_w;wD!DUbVVy<fHY3rV
z03XBxtmYV(=UasG#&~h5EGUCCD2CCn#n?_$D`8PRwJ_1dnhOyq2)#w$pv|7;#p_Nl
zX0Le+TaMnj>c-38`_`lbW=_hEQg&yrnoVEjL+Vd|?cln3U`V3Sj9V5X#;b7~`vn!%
z!eE~k@F;uB$sUQummN}2R6=o(TmVa0P<n&E!R*bl<<|Sn%T{R_xgYt?9h((U)HLxP
ze;W3MWAcy93;G-D#0*gi-R9%PSTZi<*oZqjytZWs+0n?k%6BNUB<^><TyS?Nwfp%w
zIWhWp<EC}8La95QMQR7GMk?c6g~;aZqZ?NAXS;drRjlyWy``G!j5-kCSD_IE&9X3w
zgiTn}9vnys(pM765g9k!*PZJ&8N1h^F>K+79Izk`k)PUdXS3}OQf;nql8H1O{Fvr8
zx6dD1zMj(Q@Rnvdu=KTDcl7h6ig9Gp>K1~QHztfBA-;<DCQvdPT2<HRm)3z=ujkdJ
z`B)+Q7;PXtxUmT&{4aqX&JT3S`L0x`s{yOzk|OW5?NJnjDogxzR{`3(HJ_##YJZ^^
zU9t52#4njV7;VRGZr6GWOCM{vs^chBiB+Ofl9I@VTY7U0Kca_mKvwS};_z5NNTRl?
zm$tDzfv%A(sd+^3Y818%1KOw7VkrHwedIAPZv63EsLQBBmN3X#tVPBae=xkS$2wCB
z=GK)w#ezEP#ZpC>#pY(Tz)>tPX%af8Ud8K^_kbG+Gn&{7JF5<JsxHHiIm+;6`5wjY
z=7Kg71An2;@CS+^Fj_M1Gfg`cQYsnQLrj->F(_9Q4@<K=%?}di2A-|Fsn|*Z_I`0T
zM-P+L!Bh(`uf6Q6)V+*obbUVLuj0;Tr*p?Y@oe)kDWjkq=F+&TX}v@;T2h;ehmF$;
zN!JR$O6k+RKJIOpX@qZfsAxqJF6<YX>;wj4UHhF35G9OCtJJVo=v582I1N<`M&zT$
zAx81g4QXMi`X|?<#dTuO=*=lq@{UYV{&W;s9^`tMqgj;UHh5b61EGxaTscXt-Esfr
zD%gL?DU_H%sENTCTm<I<9f{cP8#A#oyzcc8Z5gvWtx(yM(@qeo^!fO15jzA~gG8zD
zwD8=!m<*pKUu1%S#qD^zPG0)l2FaB07j_OZi}Pub%!=Ksup7v6sv|1l(Ipf~uTrc<
z)QqoiA!(r|TX%_L?Jhz&zt&#Sg+vST<nrEVTqWZIKh-Qda4GZb17xy9h`t=%?o)&O
z8UgSS^YZMxNAUz1-3=d+*U5Y1v#S5b65p7dgK*w3P+^{=l|+;x-88MFnPY~{UHHhw
zxmUVb;|Prz1yIRf<1L`Xa<okH0x=)OWDElNx{L3}+cOB^UW?gt(+4l6#pVnd158>|
zc)-2qOy#2}y~piruu|?t+0Ch<Q<*&1R~ykzhb6a<Jjx3EP{!g#1P_*s<9hr92|sU0
zMBPE@x^$0{b2-!MNAE}yCO)6Mfvu3Y!dshu!|BDv{|)SKgTCo#7(6?-pkm;~a7`ok
zfduiE{RMC|mA;C_fI18KS`tGKT6x=VHv9ZH@0ov^YyUgTYx8LIfs{ih>Jke6RANP5
zU0y{~a}}HZ@!qCnTk)fXQGRd10;(Z&+66Fw`z`$+nc+z|SWf4oBEf^O0ruBKX_da}
zqWcIw%ClKh2e`HnVfj?mf1qbK-2Wk8Y@+;c!Q<xtp5XECQ_*V}{9mYIHy=r#OT_{_
z$I-YaKQ#L$m$_%}=F1z(wu_HP9q7?)S0Ip`h1b}!xJvHQ?k#AO9h<$X3f@^YEhh<p
zt~IsQtp-hCnd<CjL|)y0xgZXrwIqgzxMQ&Lz6i+XSnq8}XBU`(MuzFfRh~@-y-Bvg
zx?A(^dvA69+rlb0(-1`7)ztSlyCc6x1kxk@7z9hEj<61n#9+LIV&c-?dNF?h^+!Sz
zAOqKXIB_mtn?(S$BgAp>G#(NSh4`-=^gD}Z5WA{0FQ;|Rkp68vfV`Fr##kQz0^M6F
zfTIL~#U*c)Ky0L?d!g366yPYl)LNT?utK+lmZiB!DtZXuCE?~S2iv#VgucwV8a;xz
z4E6DDOOVCo0Q_1TE2XCd=Q;{3xREX*W`?;dmFNH{!^AkG#}H&eneY52%yXk?Gldio
z?%<O86(_B0L_9Z+w>1iJs?g%#uH1zDv!~a9OspxIm(UB*F&^fnw7@?K{LB*ztm%2M
zVCp|wS5zSLPojtlbsQ9A+i*TI_ZDPy2qq$HQ#$A03HtR;7SnF2SUq^*xeVYSIW)a?
zJf&_wu2q{+bo$oFZcqLo!cwL>pGX<zM@!G%p}i*Z@MuK74KW|UO`WFu#1RNE75n<q
zJhY6x<BZKQ$vc{@Pc}X7B7yOviyM}ROM%8)mX9}o$_@LFf)B^})155X+-~P1NKtjz
z@dmxZ7N^K=srN#Bb-R_VdWJsAl!`fqa2cx^#W7aapMZ2(5zpq&I7?#|=)8zyTsb(z
z;1U6C)O=+Snv&<9fNMCEZBk`^?3M;kOA^lvGE#eY=m&pIpJME8!g32Ybxb>S?E@mD
zn4QVcpEK4%b%9mH)8N{x%Sb+-wBeM{)cm;Nr9HiZz^F{`#vDpk<#i5J<CrSoz)QUh
z9LG#oia*@{2!wBLqA+&N$rh;GIJt#sp(Q=BYs4flk8MDer?pN%V<5S#40x7j7j}t0
ziTL0uKU=G`A)|LSzwLtT&}B2QKr)vUp0wTtxYy}LvwJ-65X8QHf8u4bn1LBe*)-Uy
z`M9&k@3Xs{R<Z0Xjh>(v)OMe3@;FwZbL*&#IX7E&#5-fDV*H~PfcmA9c%b7oo2<!-
zs4908!v)S|`ECl<fI!**j9c=fjV9rJPY2Pdil(=sr~Fll%y$D4Q0eqTjkr?Z6os)E
zMyVvmbAL^2rb?9)6+3FST0GHMBP`06z_me9r`v^IPFv{vov!%|O<(YJ-EW?{ZRCkO
zA!L}X^S{tC=(TJEV){2t!q-j$&(ids)U&>Xc1Mw$O*%jk^M$tT9Jy31>uz>_TH$7B
zCN8@r-a}%t!5TH%r2473L=5Dk&@)nv|1*@@>Y~^%E)qGvr--ml!ino#3^CxRz4dwx
zh0zs$jBkEE@XRqYl0cXbQDSx~{ri6v-9ce|q2|ligTP$K_V{l*%^@p1TIKzF$*-gp
zsxV0jhjpa~=9jDU%ehA34rTj75s=x)2L&_qjR@qTAyDSHSyI_4`ckT<XfnazGcXjq
zJeb;Fqx%y>!j8Foc%Z+^4$!a|hP+6g@LbN3rrB`e<IJ&x>JL?*f9L${LlXDh3sXYV
z@hMQ5b)2l>kWsb|zVoV;Qt{-AqOjXuve{4#{6ji{mllHoRPM(jtQvU7q1Be(AY``Z
z&54#(+(TP!!)UVx-K;*?X2kOG`66InO$_}Ed7c?w>|3SrDd-r9)2dfJ78hf)^GD9h
z2tW~PqlXf%;S1TLq{eS1Xv624nb{uN@k22Re8=Xjrj*AZz~`bJXNIOdTY-TtU{buk
zju9_kO0pPL4W>vHoyi;fW<ZgYT&&u5&TlPMCElfk(#eX_4ta0408YOSumI@*JQXFw
z6GU{!UH_l{{R!czduOv(`nAAO16BbVg?pwqB(zvphk0`)C4L!yC!$n*QA>OKmuAKH
z63qC3W`fo*<kI5tyM!`;K%GX?gob8u)fi;^FcX7Ogsp-vNIK^2j&$H64o{1KPPAv<
zxO(^<BW;hd-<?{ph+?7~&uM7!!e%54nRa~OE_NlwaI{6gFj`s6VJP?J%(O$mi)K?N
zBRr01u=Shiaep-H4RAhb<++5%NQLdRp6P-R(INTfW#Dl6*8`~%+l0vOPF$?WD=HG`
zR=)nk{R`??18oP8Z(1j63Fl~M(Xlt98$jb2V9o8*-HxJILBW^_xV)gs_+1L?yoQE8
z<Y!?ejlCW|v{PK>)U#Lp9me?cOLjCOESE}6&hI%PGN~~y4*F^g?6{dMtAs;uQMLpR
zfpEEwmk+VKY;WveHK)P#qYC!v$)Cvo^%g{Z8k6#|W45vK%|eep-5gqt2>GG^)$Xu?
z$ZVH#0xz?!?s;7pu{E|pC+VePbuO?&);nud>7y}g&>vLO>lPD7Jp?i&^O@pEXy$Yn
zV%-defiivg)h0PH+IX$YNeQe@`{_298DwQ}sy=M=aGc@a(n~)HJCbe1$@@9=4l(2&
z3gAS`!Xrm2$$80Fhg(^Fr**4V^ML9{RWTTGUAeYJPQy9}e%r1nu@fIEKtULe`uVi)
zuLP$uEpw=a97zJpDve%W*O&RwZ;>quXB3M_ZBol()@Sf_T1=Q+M@8Ef<E6yTEEMo_
zg8ib83xhW8C0Y_)GJ*Q7NP`V&)@%nKWG!ViU%o0C2csaTh-YKQ6a(Q^D&mKqE@iE`
zo5)lg2fGwbnGpj1#*2{?!HS7jRw!*msV&xWopD3Q5@6dpyp0h5S}^`aB%dbMCIx}a
z&JYNjEqGJ;SAA_eNcBRKQ7+~+y`Ww$urjP+485M)+v;WBUnp66ZZ1broXc_fePq6<
zo8Da{ZJez0%JY_5>D!GCc(l<!qk~a^y*U@(=ZmQ{(fW!8L%fiByI!+*Cr&4y0(9A|
zswR44y%2-Wo-YNizSpnDF_j?{*sUO^qI@-vKnRB&+iZ#U)$@Ds3%nZ>j^o$H+Wn~y
z-G4i(6LYBn>HDpAkW3NxFwl=c=+sc1E>o5z&M*TAO^puLVpxZbW#aU6{Wo17=v{K=
z3tj=oiHeVim1S`Ke%@xwFYLV}5hw<APDiLO$*iqEormqt64kqrT)%CEqO=2j^2=RY
zO(+ZDxa&g~h;gZq`cWOFuC&NzBqhy1D))AtZOD}rm3n)zvac_HGYWi8FfFsw;!X$r
zM$EpI71M#^J7rjHL(;RJ?B%I*<1ejhG(7+|n`|g@T?_0nPr;h?;+~NI9c5UkI{ybU
zg>)qU<#VC3C^Q=-M#Vu3wjuq+(iRceC0I&Oz*AMt1Bvn#sN5mQ>|gK;3zRhYe5(m6
z1NiH-DPF)4KD12PdJZ1)2%*g=+gLO{bYi#8N|gsI41t$@Z2(OOadQVeY!PBQbRinG
zMw({733t-<@{Y4DDxRf;jVab$O0ip;ilGe^T!dIkZ)5{IK`Rj2bXIhxeS`Lw>aFc5
zI%W)OF$|U#PG3I~ZEXQLUjv&rL`1hL8Fb2sueyR%#=WDC4mZXDjGX~3Q+Y5m86k8u
z5_c?ep+-r=SjaVOh^y~7RU<xjDH4*ndqkWmwuYTz1ngo_Ri9L!sf0ouv?NF(HSVCu
zsFV~#0lzs(t9GGR%P`h9lV}bP)ruOfsFNXz!KTV&HO>=5UqzZ`+zjJz=ZB(Aw8<&%
z*eV^ZiBMCjN^-R5e;q}C(Qj+&UZ715K){j--fKS(el!MDIYG!8mxBXj%qFB|aogjS
zr3jVWPN!)$rHqK<>j;234=4gR3h*cH;vZy1hd<~TNogTB9+lolN2g{#=tw~3bxL0&
zLsZu)VPEfkA~&7|@)se5U<pd3t&b(%7L|=8x-~FMz{Z@9|49mYMIY@^%%e=w=YR)H
z%o_=|6eqAH_CJ9*Q;#XH{1f-1I&qaBBun?{T;5-3hr0kpmB!&owJcpd`QiIgbnzm0
zX^N5KO=gYqBLCx&8vKOXoe<QcggR5Pa_ga<dPE_tjp~LLUQqili+IDLbxOD=o&K4W
z`l<LoD60G^UrZ)y9a(jB>=Xb0U^xF@3|jx2ue7}343B1?zR~TUFnNc{_d$X70*l7G
zYXx=(A-xlGg=cW?_@A~&X;nbi!}o(YIiGVFfvL`p-O&ufAFNcnB>g1DsI=1C!Z;aa
zP%m51$0!d#h8KW1rh(k%Ro`=Ehlfg^-%+Z`Rz1YQz?Y*Ix?yzE?Rqm~5{Tew@xBk*
zt{nc_?5iigjISf@d+9E4Ps*?JP^<D&@605ZuV;d+3gn;6p9p=H#sN^EA=yBKAmIR$
z3^kw-9y(=v&_6|E`L|ptyBY;<c?YpX;dD7u3G;T4){u0|i$5tF(`xTSjkU}OeYnyM
zk3|NCRs17Z3*)BC>fmbf1v<_N(tp0!5|r-E%sl(-YjzRGf`*LKC6bV}y@^-@58}It
zy(jAjlHJjP!tncC{f<MaOK2RqY1wO+pn#&)9TNej`EhMFJZ+=0iQ|MTeq8q`Ks@Nh
z-21N!h$;zWYa*r;6|x9g#@Y9PT7UZ+HhZs#C)X$K9^-W!)8^?M-6(1VCDMgI-)mc_
zl5{f~Z{nBovncP5*#Z5Hhf{=+=IP4tC<}=t!&zzqlQD|AQ?wt591p689O<$<Ksu!P
z3XcdkAL@Tp=Wdl{S+YMh=h2Pt62z%;?a`G8Xlp}Di3ZZ3y?=4`Q?by&7JFZmOFZLP
z<Xft4j`(#srjmY)usvoPt>6&Q)tX{wx=!IxKcookW1@6E*ZavCp)(Jo=XaZd!D-tw
z&eG}A5%dB!J7DRe{Q^T0v5aUh=4)F<Fl08#jSK!DeSI##oj$`o2dxYe#D9CPlt>Q*
zF(kAl_Q|=@Wq)>v^!X(i2G+Tf%1R)9rOO%~CBhgV0t;+;#M*#56PINHs`1Qjd7b)g
zjMe@#e!hvjc!v&BY{9VZ4E0{Hw&~)=oePB9AgBc`JFm0VVL@}o4*d*UV`Wf|ZoWGG
zeig79t_YMz%TvRMM{x*ysE6jEAG<#3qma3rA=LgGo~aWJ`58>^*Km%ySeDKa54-N+
z#*g?D2f1@9w&d1pXKyl7M1wFdV}@AJE|fmN=j4>=X**rPop>HPxt&YoM{g`>T|mLd
z3nL1{cDLS?X|_HM&#D;t;SGYYINs5Kf_O@f!N46bYud}x;DJJ{pH%4nFv^6#HyZE@
zjl_(!_S)oesvodZ<_7r4C9_uQv;0BGQ+adQOi<Ug95XESTWXk(3>JmGh@66mWqKt#
zM3Z`~h?imgc%zoe@hl}mMsO6<V7c)O%E-VE{-X9Yxa?(M7NjQ;3cYuPCv2*n%M7UI
zW&Nmpr~QGk2raqYOU5)ywGzWRRy!s)EbsPc8d!sL?{hy0^G@Lc7$@s!VaCv`N{h&l
z5a21|<r{?Q->%zT3-eVmXapZ>j+f>cO<mCn*A7^T<+AZCL8id_3?j%XHWy=!nWBGd
za3|<mR*U=%$-iA9#C6QL!Bcn3c`pd2ZOtSg+=`J^X8_`wX#kNEG9gGku2QFH@NF-i
zq1Aesi3edQ{w>4q5T9`xk~+>BxWiO*ecYrwqUac&?&KI<&CqQ6Fa`0)W(77L**df>
z4r2XoR!gHzQO4SUWE!a)7^+g-cjl^;JD7}s(vO`IgL35*DYH6Ah#qq%$nU)L#>nTH
zRN+cs<nO@)??u$dKR$2m`%J1!yP5ZgXguw*H))cWbunrfl7hcbIXF(X>1n%hVaD_F
z`%Ubmz+%6iR@{l3SF!%5V+;LeaQoJBsDUDD4Z$)#iaV!ik74DkpNYP}dN;T&E*Gt(
zzQ4mJxPiYRj(e?*81DUuoM3diuJAVokMbqzFC=j`L8l;kjU<bKaG0Hedi#lKXA^@X
zO3EyxDs_~u{B|N53<5K`H5tJ2M-wG!`)|S?hRQ~l$zMb+-{N^RzU2-wT@mfxV+9A<
zD}Qa49asqg-uzKs$zUyn4Cjg#MIG;O`(*3r+UKm&`z<US`47g63dCjZ_I0zHEs<mo
z|5Y1Z_PPjepUNstxt(UGX98H`JI1$@U?m!7ayTnA!W{&L@1EI+-&m-dT;wG$+bH(@
zQlxNEOsB@hvg_Aglb^ZG`kldBNR(jO|L16U=hhS{!HXT?+j``awVrT{UHbR47muMc
z$gJ(B8c3a#gQ9cNfhMPr3zR#ld=&((%i5vXcYd>v`P}aUUtheOqGsWg{2B#`?9`*{
z&fM7!9eKjjHVAfCeR`Jxv_$%iCzqBMV`%Q~285TFD`07jCp;SXK}T1YvEeR-Ej5M?
zcTq5DR}4~RN=P>s`+2aHpaSJ)YFwhLp7u&5v*$>1%obW{=oWU)8qZ?Wkkyu7ZieT)
z?#P3y)*a5u!gpmHaX$?azPd+9pWbl#byH#aj&oWsG-21AsbZM2|G@4m;wmy;8p6#z
zE_%bzaqYl;R)U}Q*zSs~W-C`@FO9Q_GQmr16mo1SWHCC%3qxvGHuEpRW7-v;E!AWn
z@`xH(I#V*c>>~W3on%ih?k*UPcol+E6V+F`QC3$-j*CPwam-nOuqeC?$2FbTJ7fS^
zy1s(bIK&-HVI0k7m^`~|F${vlTXt>&Yge{3U5I4AyG#@#;9+wcx2d9^<LKtYRZW%<
z!-*sCZ5}Al@|amY7gMuPRJb%CfMX_bsFqyvqyrRuV-LS`h(}hH>e&?mXmDO$<U*)>
z@^K&8x-1=U0^%>mcaVDrJV&oFadxB+8((r3^uLKUIv^uDsAIenNcsqGOTOa8La#5E
zGV3)EjcJQ?``U0CU7*Dl1LMq1m7pB0@#2`P3Cv}Zuy32o%yu>vFi-kj#FsD;PuB6L
zy^tWse$F(h8X9ahK;x+pZhCLi8xU9xcEn1%kpBd)sWlx)AdYoTttTX@;g97ii&8x#
zbDObI(b9^P<e%zA$BWeW`O_Z`X`>^a9Y#&Hlb3hzayVk+*L*<ene(g2G#VOLO0C^D
zkh%%Z1@K%LWL*J+enw^L{%R4^-StImgDOf;+IRupoc~Yn0uuSmPk9DEH+6y*_UWCY
zVycK*U5rtw#oA?wf5OKfg)M%4eMYkvp4&Yqas@8%N#>K*OWfdbQMLzFVR8MkWp+CO
zE~;>=v3Rj)vyv?b2V4N(2h$GFR6M}8^NT7qlhOrm)EAPPUSFU?xs4TYt3c4muB0EB
z&or2uUp@R|_;3e`|IBx|NpcC3k92qY#_j1Tl@|c;B;NF?!Xa$^HtPy9@OzqMzsoTE
zZX~$6Q_8Khui2L9a*ccF-vLg-BoOz-PI>33mfMT~i{FDAqxQWHqnntvR6OZbj+kek
zV`(5>*r`XqvAGDg5I2D^OfCF^7XY0<sS_KIvaHHLMkrN=fQ3xMC~3LuM~{*{okAuJ
z&&dAsglFCHMeU;qg2lg+xR!+n8b*<*AFWH%aaiZ4^AjP_XQuu6=uCn%Yt>lEx;L8I
zPT^j46aNlv>09#ia*|&7xf$OpboGr6;q^*z@<@#J_u)0Dd7HnY4T(~bdH-ed3Bcj>
z5nyY|Y?r2KS8w8LE3}xXQj+=vix5Jwhr6X3>t8l^b85b2HinH;8fOoj$<3a5h^+>g
zzp(qskn{Q(eEk#AT$JKdz3vG`5?Bw%flW9(#s$2-?11E%V8<a6jLZ+<`)+7_(f0sf
zpq))Sz#S>lA=^q9BKodZNFAA9$%qh*+%PEt+zG!N1-w>L@E8{M61>~0;?U$YrT@?o
z2*lWY^P%zN`R=nLD%Z)g(|1y3b}l#B|Dryjad}0{v?Pu&4pb|-?ATmYT;ssOOxGfF
zyhe>7JMq0A<ORH)nLk~3vap#}e5n^D#>CV%p>b%uwHIQSr<>Rl)6ycl><VOrrpZju
zCcjuw>LUtW<<!<xWwUbPiNm1|jESG?Lz|%V_NH1Md)fL+C<nQJZ;?VqHG<g853Sz(
zSo2S+0k^LgI&DH&TG`se6jhIt!*0&(<Iuo<NM%)Up%)(}qohosV>D$p=4J$6bzOFG
zMycP`e`B0Qsw^6{ej~s7F2ywLY4;#>S6ZJA`!!pRCV%l9!jjdi2LHQSf&{K)t=r((
zom!(LuQwnX?dl;)a!-$|?hwH2x;#v<ZzN3iS;+(8xJ3?YNh4R!lAjxh$-lr#0rQNn
zv2tO(-2L_N-JKxMe!C|(-~LOMB!f--QJot~aXKwiZ?HY-pncC{cW#d|48qOD-K)#_
z#o0`o8{=tq(0QL2rgj4)%KYB`j=Pn;SjYfWihiX^yRtH4o-e<Z@C=+sj61MbDuG6{
zc8Nk~agg@xOA2Eu7r3jh<;!0<@Q$!V{*x6+m~cYfuV=x3)%-c#YrABKSm5DQ4l`46
zCb21F?RQ_{Qn-mvw^jMcY_W$cqR&FC6d(fGQ`a}d+5W?w9D8#C85pn@q}z%Wkr2ju
zh}+@fBy8_(O3OEgj7_4d%6%owXN!YatxpRQ#+@NlwZu2@FqikKG7z|(lw%Y!jBS_x
z4L&AUZ+2kyrk5A-%Sox{t?ZSQxmQL=j3CR7J-+wJLrmKJhkr^#TaL~zGlT#p`5q^y
z^(bET*8<C1m4QJpJCu2f@cD9Pe(oRXYz=rfhbkIse+E>wP2asR*lsVaSVtMr9c+Fu
zc{E&(DC}aY1wY$(4*YV81Ba6x+3+GHA!#oDR=Ik-#Ef2sY(=)_C@GOkjcZs85xrE~
zE0_&GYXk88v)F1<_Fg^VGN#^avgW%~EV^p5-gOPtr}N0Y*ym5tZvK87a^rq01A?uu
z78%KVeC)d?U{2~<M52&c%~(Q9$^qE;{+TZ*gv*h!U4WI(!;iRfybAv7m1^qcv!~JZ
zInIG|QaX#%^C81!)R&^p%XdRZ+h{Lxo$7qre$bjpK8FLh3DBfD_w`0KYW+<&p~YgV
zy=YqR55;g6U7oDFnkm{kdANOZmJDt3+9ZUVijHiTN|cp>uX8<`tK(xXc&<}NY&Vt@
z!OiCXg2%|>u@gr;dYq9IQ+20sPX9o<2xYGm2<voCKd|2}y>tGppY6AKmDtNvv*ka!
z`xDGA3mP_)^cAr$^X5iU{0_#enS!Bb(JP1PH{gjE!JL<^hhB<X0d68@luYIe%i;3U
z=|fG)K5gr^J@ed#&$0ZN^RYc$0!0eAbp|dJm8lM8O-1j9EdzZVabJsc;6T9%5Oubd
zD(@;iSS_0XEm1Xsox`vKBQ~3w?H9&3*Jv~g&Ympo??eRZ^+(odgbgYjJ!N$5K|}(O
z7BvUUk(`W1T}T^w#vw%pFvr9$4+dyax>n8eQP03ATvh2n2Z_;DB<q<^48&&(il6wL
zLmej+^*a|kEfwCJRqXS@w)Q**Q8N-0i^Mw-?PEw3^F=%a=ETp~i6KHmH3g&+5$u%c
zzu^fG^d-Bt)$VH7>)_~?{DaSgjDSg@JPMaNB4((e72>PK2>vb_(a`1E<Dq-m52gcx
zTP9BoKvsL1Zvt)(L~I-mNl`E2!lI4e(#+-I;EEZyIZvJKj{=<D(veO7lsf{-eI53(
zyk{zSbA4JTlyPUO!ee%sMry0nWQ=U}gnrvA4URG*2#momf{n1r4)=MqMkpxsb>`a5
zP3QNiSGuai5144Y!dCGad_NUHctJT6akcK*N6TenT@~@)Wi520q-RtLBP13|g~1u!
z&*b>Rld1m&@*XLSD88c+EK*!}Fl5bo*rcK&P;{hrITk6bV_tu>fv0^=4nnGLhBK40
zD&e9c*rQM34jNL)emTs?{9D1<A1c}?t`GsRL@Suhz(A(pQ||sfLtAzUd>O7ozh;PE
zj#<$-&HAj*4_&yMl(-A{g4~n3acz*o{jpn@->GsO9+IwSB>4U=Tsoui4|=L^ytxe`
z2MMGVj|H25(Yy||uD1xRagA0U(T<H^7m)nD>F+G9a7qwnsjsdIo}@!2@g+0k<;|Y6
zI}mA|>1=PI{z8Qz^dK#4{2#N{4a(q`yrXGRSowstNZvE0Bn`@f3Jw&QX)V$S|BAo@
zhF}Wv2_0@P9Ms(JPFFVZXxd+U9L#HbL#?PS{}=@9(h>)_ASo@Cht(1vBc3nES>COn
z#Gb`ShyNZL0M>~4j%EI$$0`Os40VcU_f4WTw)}ZIWfx$5L?pK>*=`56nQ!+@J$c$A
z@gNiTp$rqrAaWGF?aOw&omh4Jx*>Gs1Pw%kj{M7y#8?y9Sbcl76ka`rJ@-}7l8JZ2
zr+(xOD%Mu_*3ZyZ0b2Q0G{WKefY*Am$DW4j>obi)!SHHqfH`~jfNLB-X*CRb3Ol~`
zvTlROZ%f#_^}t%GdF!vB{lZjMju%gx2!fYpsat#>4UPHPP$`q`1x2=oK#rzLEJOlX
zd26Jxt1Zls)di_ZDUVquRbb2>Rry*M_7wKGU^(mhq5$&J#xe;DqKt@77;M=d(&CKE
z{7Sgw_Rq>}Q-fM)nYdCRC6{HNb@w%q4guE0o6bgv@Feny%~as^l;QPM1~#sX`d5Kj
z3Tzs!b5YMoVpVt0+C$#J{FePtWo3g&`j^_>iLkN=uzH%&lL~VhSscaVxy6XRZ{w<6
zmzZI|g03!n-|2(I6so<>n!DLSt<Xh9F(iK~rXSLe%&};fRa!FrNzZ4_!#L726~@{f
zo{EG~y3}(5?hcwbA+-+SL6b$az=tG|DokNm>?yUG$tQLOPXU<%aymLTzD3VNSbHl@
z@FVeM2;BRb>G|>5wY4+`yi6Rr?U1=f{t)hJC%A3m^azoFn>DNRHfo-3R`@b4nPii4
z=L_KVLkKs+UQ8D&674>goHw~_(DrM2Y~>4Ae*!XBs^r$Dbn+W&vGZ-RnWQmO&DkPu
z|0}oDd)v-FHK&OtUS2>TRhNKTSb82w1gtU@DECj+4~Neze`j2Z*>Rn4LrOnUN(OB7
zhRPSOL54j&@(~+p-V*4>Y8bkbE}i~=7K23vLNn*rjRZ?mBcMF=c(M|?mVJoWa?_73
zcQ#JPlyV?&`;agop&&>OZW38@_zNpkukNN-gxu_Sz|r!l*9g!VP;f(x@J8E^5Q&@#
z39|Yc5Fru@qqrfEv%T+}T`$aJ0WKGK0j8qVaxy+b8Glg5^De>@D85~fDElUK0lo|c
z2118G-}fa|7^3=vaK%X0!2A_>Vkj|PToFVrAAxha3?JgrsL-wML$}IM48&oK452>J
zQw^ICsxg$!(Z?#s<ES~9aEc$gi1`78vHb3RNwODcx+-vnd)UjMKCp@QMkXJrRu{%%
zDE`KAlfwMyQh$-JN$A!6UcwH&ZHyRk0mA5$x3bNMXn@PSfQ&~KC%<(j2rQ8GZ#rmW
z;W-pHl8caUuS-D{E%4UMi26o^-v=KbdOBX!5@hC$`E8J;l%Bs(5F1B!N;329SVg#o
z?ymTTn@pcwBzOUYiJwlOY{#m34H*|ZSy6?BHWA*l=4Z$ES~ZzNIX>ne5r^`=@{@j!
zkO>HT2?soz;a%z&h5|_lV~nY}`%lC8XLpmuVPlb0BP6VU;I-lE^`BD(%$%X^x%ZPd
zFG7JZHUCPzswUG6gCAmP6;C{IH!W}OLUFl2B{qD0$Rbk?J2UN^-$UG3A2yAzhtN>k
zzE(yWDR!QPsU=PDbh+YeZfX5>OE?WNO>`veU;w=ai-v1^%P_JV2q~?^z+}28AGs&9
z>pot0DuK`iowHvG9l}*kv%C;x?NO-ckgg|F3ZG8WUU-_*=VX*9)YVvhPw$^B)tnHk
z9lkT_!lg^~p5`}N2&d&H>5ENt^u$>i>YMFUinG3-0^T_NnK$_**=2)On&n}te18iE
zbX0Jy0_SMQ_Ew<|vO_34<0$h|OPg47#hQ$}0>J|Oi-hw!N}0(O@OffQ%l|Uh`FscQ
zJT64(0Nk)NZ*1Hc=nMqcx&*0}fI6t*M%li5Vu=PLCQr!A_KL3$egT5`*r|J$e@*P}
zT(_;X82?zC{^|OkgD#E@=zNsN;>XJ;9dl7Z5zfeGE4o(B9XOKc<Os}e^xvOk_`vvr
zToF2viR$i-*h`3%YgJ^zF)*Pip=RsZ49NtgAm*V}a}7#UbzyE|ZV(Z^WtoLXYNJVG
z4RAKhqzuTwrGKe#We{1GA-8NlX#mmA%ao<|um-|eO88O(UsNBVhHkyC8>ow8E`NOI
zTa2I*M^lqJF7JoqYhfLWJksjz0A*@ZTCP?^hy6xHlWLokNR!O@EwYcr{;9@S-Nu$M
zT$niAgg<1?If$L4GKP+$DE-ZHg;u-IB1$eI?Z?eHPIhDsC4sffJEg){#*_~$d@H(Z
z&usTTL0`kD4-y}HiaajG_yuddHtm@_h|#LetW=mJ-*Ud8%609B!n&Yna4>G3n|io_
zBk>7^Yf`g_*7rjdCD{Hwe{N4Uh1HO_I3d~d-jOmHn-E%QM>gGM<beRSGBmLeojk@N
zuSUN@wc#dt@(U^pmh_AMu`SB6DfBhfv|}ao7^tyZlKeuyuaA-}tz4QR2NR~N);7sa
z&0*|ry3IxT5<kU#aZ+fTsi)Vp#x%!xtWF7s{Ruo$9?XwgUnW>W4pLro$;DTjx?@-U
z*?$Piy^p`@Llx<Rd(f5$o^lA=U{j?S(^k4uA~)--E=g^i3+RSCIM;VImQ1Q?p&qPe
zcon5|j;tA(<K;<qDk^+C^iIMrnLN`ii)5@6*sA(xS;?n~fsiTM(~D&ZWV(NMsQd-O
z4-D;|9)x)~W`#49C&L^Bizk=*>+c0yqLIF$KEi%w0YHR<r+Efgp6C4iFJrv5EM!XB
zsJNc95<*btdBWACq%{Mo$Skl315^&4k=F?G2+Y_4h5nxx8Tuypyx1~2+pSw+uP9K6
zPlhkiIS45fEp=66JCc0?=|hjcrf;|R9v>t-$u4C3cUKlKdl=+2q^%I$)o%$KJv`lO
zC_Jz-|NaZ$Q{$-=of%_J^o4)4X9}eD3UN}9IvIHWdQWk!^8mT`;!=nx%#6+aiZg^^
zz}QKG6MMDxc3q~;z4Az8j2N^d=XZ74J@-Wd7BShxvi&+kpA@1Wau1#v8#^L8H~C#Y
z%oq^|;j_63hxj$%J;6M1IqYT%=yqi01IO%nndI^|++aw_h$=_;*DARCiiV4g`o?d7
z8z9tm75WA>bTbZ**u5|0^>*_w>HUOxvisjZCn((gB>VqQF8hBw2#1XUT*AfU+NK9w
zkDxZdfw((jy3-QuzRr{^saNV!YJ1C7JcZM7%AKoH+`)l1`8-OufpAKTYo6(cz}wCH
z^V99!8AU>iTvu0<E3-<C$ZYPBBn_{Z(bs&xASEMjW^b7c7K7dAy_XyQPX8Op-@*nD
z?`^p-{qH{X&m6RMj2{hfwF1Wfi?nlUuPa=`bsO8ZZ99!->@>D*v$2!Lwj0gZNn_h+
zY|q%)S!?a1eY$_ZI2z--zH7YC{oL=vk9QoZox*71z#~clpf6aDFYn#io?`6^-8VGF
zKCu1+9ThTzAo0>3TNxZ~UgGk2@w?%)?b~+rBfGPCF%l~YK)xJhwvj(R?QhrbN7L&;
z9f_B|Lfwv^bvKL*yIcG0amLsNt+q#JflqpG-!cME-mlj+{zs`U=ZlS#PQN~UvL7Sd
zpI_UAW^TLk?KrmOFXJn-i$iDi%lGVwR;|X6#G@<Ze0K|OqN!^)MB*Y9k^+}aK__xQ
z=W{>ioCFZ97jWbKMyU$VaPF6fvLrxSIp7zCa(`J|Jb#mqsg#7+OCEo8NAMnC4`^5d
zkM^C2kE7otfIxSvEL4C>LX{TLR!jaVhD{KHM@1-_0gxS5VMGErF}yXgIjEu}2D!l)
zr!P_wSKj`$WFcW%$v;My?qbBmTv#1(K0#H;5l;;yJ10Wi6+?iTw?Q>u=qG=0RI1@&
zD}y!<qYS~>G4<M){kuDWMx(Ktg~)f{%P^{&@h_GlRZ{wDwh&N`s=d~vO^c60h!)~V
zTghV)o>PBcj%qI+p&w2&R)MmkLP4A6J3c(>+b6$};++T+5}tt~Q)ZLGtcnI})C)5=
zr;f#KoS_k-9B!EV_#0&a;sjOZU6huaEW&NawYPeie70EQCVJniax(BY2{~HZm66}N
zp8~(yX@c9SvlOrI3k*$vJ|~TxxKL~|21C0I=JU@bx))zT<8sMjV;%6I5!33Q4A7%;
z9D9H$p&Jo-F6c^8JX#HL7vYGV$f_-pQ!FFXoCbvhQx><#k}302#3QecoQu8@chkbI
zL8QdoLVxD1y_D&jbl1i@UzYjHA5Ffsl4R?;Fz~FTsSj)}m4yWC^TTXgC~IpB;^7yJ
z%10tzoa>1)+W!HtcYC77vyAFil`E~-QspjU6}R*wr!|UqmRg4Po{MD!uAj9TgiQVp
zO^2EE*Pa0vb%}-V3fS>lu#g2<QIK6>dUc4|CZ|+5&eq|CH)k=pHwCesz+bkbdpTEn
z&Q?G+j)tF30<12`NZ7x#)5)$68^E1Z|DjmAA-%o*GZ)}sMpV_ujSXD1!r}2_k3q~d
zdS(}NwCttZ09~-gcsqkpg&yu*636XrM*d?hRHl$lffoMggi>S}4@!zt7sAl2bYkpu
z*I>S@{30tPc+GtqQ0JFTi>_kdL9;;Zu^$_9&@cVm@YjdR=$pA4@PcTuFeUSA?MA}-
zTdIK?!_8t{G~{=9+;d2|10lpn+qxM%lZFCp1=LiJa(~Ba({^*sRwGW=h$^Yve#DgF
zN&K`A34tm~ASHg0)&YVp&On=z^uTfsB1wbuAVD3Z-2#UPvgy*^@GJQrPdkFG7fCse
zl7l;;{4YDrHK>mB)PMp4JF3sG*<ymwvyw@{ch%f3q!!Ltah!3jR(Ep!=*tj`Aa=+3
zyL%qPKha6Gj{{Z2ONPPSNSiq8;-qLNUju)?6r_GWuCTI3f<?T<>SGk!7cW8~IGNsw
zN)u^aDKII2`_3zq;td|C_!gwTsw?iDQA~@#0iI5ONyUv7I<R>IgBawvw0VdHX`$p3
zj-3RbT9F)=VUV;mMC!je7$!a!a>BRvk~0=3ectX&A&jnmftjQMjGXbI`7Qgts6v>x
zCr{+YXn267CJNnyon#&|GP&YcSYn>U=xTIVe0J@9B-JYQr_r6ix%yvZRsc^hzQbv7
z#qttG<XpdL?Lgxrc451VLFaNg80@3nx82y8j3k!Z9VSa+;vkkpp7mb6W6-7l{wgO9
zN1?C~0b2N1Ey-}ZlOa@q^J)RZA;uxLd6w#U?AB=>KWo-XmszeH8wq_qg!YI7z)(JL
zJ}cb{T0B@$k!vP1c>AC8;uCX*(E#e0W{fVKW+EogjR$Noe6L%-u6!LxrM-w?4xJN|
z3o4+Ir3V;KN{KH=B^$9?Qv(V`L>Yv#HgL=7!bfcZSu2_l9l8;*@e(Etga&@CDBzny
zVc)yfcZMSgQSG9J%BGP@OgN0z&~LBLGo1xIx4sFiGk-x}M0eI{A)ac5?$KPw7=$7C
z+QVWdu!A$Xpcxyz;{ZK=ff-uZc==bbBH@*IwXBI<AOaV)apKv|SN!MbVvG7BEJO^i
zfDd|TOu#|4`o+bDCQp9;v^$xS?mrVneM#`k1|LxPvmb{*y8{;dDm(PZp9d@iz%BsS
zV8JlJ-k>tur0C;2*VTL@adM3(jkDe%bP7mkHTT4~%(hQ9GvBVm#@^1bldv@4h8gcR
z2>#A&C!(YVvqmXSN+$&$D};ksG=alkE@*E}TrvU1X^#?=tVzDn?$`-BH!OL}^ZUTJ
z_j0Gr)zXPtfk6W=$X=q$m(}Q;ZGd{1)CmlnuIaCFhF+?bm$-e9pDp%>s3Bg&MI@JH
z6{d$_-uy>o<g>in9-eA^39`<nkj}jR`?!Kl6ip+EO4Zd2QOh7NIc)Cs`}ofQ`}Ab*
zuUCt`d``HFQ$W6gEkx;qyqbA$=0a^WX*IesH5rDRDct}qoKwTfOuMX$!189qJ-%XM
z0H8>u6W5@-0m0y+qR+17PI5W3z;crWff|{huUt~2(EJR_)5Z`Vjh}F>B?6qwVZaUD
z|8Lh;o@kx#gQhuS2yo?J`A=@tdr@1@{R2u($ECn5`_p)P3j4z+oJKYbld)u8oacSE
zs)>a{>3=i>%kV|r6w1!{l9iHasjx6>&5-X7??@g~0)e7o_z0}60hWRbh{%J#*7-eq
zqzG}Np@;AP{!nGA$>hLiW*!$Ol{P*zk1W^o#CoTm?3=v07+kvNXEo4)o{q6X0@~5H
z2>wsy5CHkrmWkn0GsQGnSLSc$hK1A~EMg31XRn+k=fbm8kDmI2)1at%tU6#-H($Ev
z?9#(S4j&3jtI1u;>g>Yk$g)A1Rb`Oh@Go0GD!4M$_z4VNyD4@sUu2TC)D6O1Kp1)}
zd#oRu*nSWsvz@!y<aDY@hk_Mb&VpFeLx)wPLSLA<7}gCySWD!-5K0d<hL+qF&vS1A
zI$gMb@f!?d$Hm)A`FclCtz1~?*KacCii`u%J?BH4bd0&(q<C5-Ncn|m_#U|f)8WzI
z6Duj=@~cybIPBDrH4yE?@Hm5%bV<#?o3DhUDWTz%|GtZsaaZY8u37Gl4*x!pMAhQP
zMaRq7W~%x7vZu9@B|mi3Y%;tG_SRhctrx&(E4SzFwXM7~;OR(L1mm!^mUP5HLyBBc
z?w+rnwdC0-fnnZ#hp7L4&%s5c&<{<_&|5=Lny_wRY~O|`!eOfg|9qsdJH;GNesyi+
z>)aRH0)0QQ3~tQ2*VV+MR4v9s7?5;GTi%Slos*#hn*5MC=gAI~qf^y4>WwN|<w@6r
zOj-~84ODVHod*MlUI4hqp%YbqG1DpEt95=H%@q2*itn4MDEImBM`XRN1)f2<{;fzl
z(R8ej5>E`gw6@)JgM*L9Vhe(G6N`0ZnNB)#uCoz?V#CokcPvP}C=A+}MLgSGOJMws
zf&D%FpLAdEB$Mf1aOlYVu1+-BmYm*01bS7lRe=LnmN;Ip>KePaZjEILiO{T3OX@8<
z*1(na>>F~Lo~`oKauJmax)!nmJCnP`l-&xg;Sp|YV^P_)#<5t#wtLLHU-q;B-@5|<
z0gnn2wpr$`F{`r@JckvYVu8Ew!}#|*TLa?dIzN#cwf_QYpP0HtMhVCE@LVN_WcAWw
z8*|N+1YWD2Zd1ICHh6*5fF<!+kc+Fg0*)zTI2fX2wYORxZ+J~D;USD0&ZS+ANNB)Q
zMNE3rm^Va7mg6xCVaDb!C{A)yf!Ka4SGEMwyTU<D9pzXcUILGXZbX+oIv=(B@C71)
z=WQDKiYig)^3Z}fT8`CP!Ti%ln&6YWEYy%f=l9%DbSKF(n%W{0RI;L&WZT{h0V45q
zL;C6;=7H$dXUpPdKRHpdV%#co#h1EhpUhU7-rS2(w1c6Vl9C)Hmrd_%Fu;TRzqi{m
zJX_Jpbaz6fR{J<z-OS$sXK~i6QR|zphIi$CeoL15?g3M0e!Koyl7VS6EQkdpmXV|?
z5p)obwIlPJ`?f#}uh^K(3f?PgiYKwFSjt5h$D6%6&w?HTfmJ>jxrp(`)-pJ-#AZpF
zM#I(ujTI<O>+YftwU0aZpxD4dv<bZc2v)tsgkz@OhV^ncb13~6FXAO!{Jnw4N5e%E
zLZdlV)S~bEiu;1v5aZSCT}vG`JQFcz>kGY4M6oDl4Pr&eqDBC|IPG8-7dga6X_mcL
zlhu(zuW5~rU*b)YdfVr1zGHJD<O&A(L2mT9L%rddJLiF2n!be)OzQ7n=y3SnzA4A_
zXm2tuzf$!)J;=nG+Q_)<<rp15>^PqVK`L_a*URi!CRODkl*uF%(B2!ZCr)~3nV4ya
zS3R$4HE=Yhjxdq6T$$|@U&?-9#(3*C>lzlh(1vQaSpji|IS^t4Ehrq&BDy)N*4gX`
z?Vh9~<g39<a>S6E*#Lg4c*=6S>ck^tf?{lZ53CckA}?a?6cdbbz>3F7Ld7*3bc6~m
z0wA1;jaB~720@Q<^?X#oqsFa3Kr5oJ#*j;-ja|Y2xC`z5Q^S~E&f2=q0e{+wLU#B7
z{~}s4bu<+S1Flf39gjR^c|Fle6j5rTen|ksL&h}8d@!RO{%S7+1xNp7(@7AudbyAJ
zK9w-AP#$PgC{Hs&^J6oEjDXLoKLplpHoy3rft_&R`!mtTY!5gArNq-iI=a)4uUzY%
z3rBV*q1B<3fRmVu_;EUEj+AuW1XQ|{d?g7<HI8y5$Wl)-9+H0^#VU0$_2B8SOg{bL
z87{`#n$S7cD56C8^}2}Ha`Qk?;A2$Ck}Qb!dphV=fnmC?pnL)fUs_tqnBj$Ep0q&1
z#@Ew;8-iV7oXTy6ED&N_IHtAhF#nNhvR763vY)dbdaslP`p-YSWURFL6R=>P#o<8A
zEY{O;beT6tBUZ9hXuQO>M`9o1Nb)1&XDjU7)-L?pMw9U=mzAGj1bP8DUZF(kWUfyK
zS(wNC+b+KC%V9QQjYHL<zQ?~(BI|Ci|Nbye@p{5oi}6Mt)e{nto^<@GVAbE=UXRB4
zZoK_PxnoN<S?~3=^!2cv3WlED&&0EW$BVzokDq9t%<lT0w51pJf?OLa$dh~zR;A^F
zLrl=vXJ7FnAr{hjZN?CBY4QoTny)jmqh||I&zXM0-vp;SYYtz}2CAPF-k3h>dackz
zin&s>TQ1{w)v<J(;~@<mvM2FB`)4d@JG_w5LW&N;5qjtw`kfm0ez|9zp4{lAWZ|7G
zy&qo+u!V0@wra!%o15TnmWieEX9aHamiu<AarglL2-vF}kv*<S)<zTgR_OtDZU>2Q
zA%~*z<P;j?V5G!1EB3D3`*$Cc{~8;kKEE@?10%4FqQo+^c$BSw6hRn{w+pE4>m*=e
z1Zl_AB|!WV<Pwe9Z6C<8He@?S8Jo3G1A;3m8br#WLdNBvIATC1qJhSWKc0@eK%T`!
zKwC+?C8qWGTE%a{RQmC4)5yKd4tEmd=+}pe(1CyG2qtJnhEt7bT9V043{cr*=}=Jd
zA@qiLF|0(LwkF?!$CX(il^&i%^8ETSxUvoZIUk_63thA0%;$MSKj@?(nB}wJQtBaj
z`>WR=6-N<S@n@j(C-n7L=lqXgn)G8IQ|Z0|&^znis}AT*?*i4L(4=r<vB$2r*dZ?e
z?EW81kt9ylsND<<*TiN{penDH=Ru1o#geS}^vezfvcj>eT*)G>hZ9Dk2=p*P!K@7~
z!^0dIm0I}3R`X7V7?-#>E{Ys<ddDqK_cYXyuq(KK<_grm({Q?dlC>V-ymeri9rFHk
z8>WMzZ5-bi16mF{Ij@_713{bF;5j<p!tfii{qQ5RE1((%Z&5i`249N`H#9OFYAm^f
z8!V%$e31fIxW|Y6(AR_Ad&t|cB(5%(ZeoLp+fg*1esU<1EnFpz#GtM7lVc@|a@<eq
z;*ai310sx(R;M?ykhVKk1bcrmd4?fTh1Jm)2MIY-%+dGQ(h@jp7QXTQ)NB6!>8WfT
zbdhZDn7bMY@OX<*S4}k<%#axnSE}g`YO$#4eGRW<xj#|1GzS(cMd|dA`oBC;y*<s+
z+&N$b(Y2*u=wM%UauPJ;okpK&5+l*iI8C@cc|M5yItAzqG};G?Q|Z-TLOdMq8;vn*
zu?&b8d2~Q|UY^XRKhA!;v;Mj*&3<Y$(6%X6>hSwM9N49QY70|HSfif9ia4e~mQZ3a
z{a^Rx*ZoXoM0%`g2U)VhY=d%Be{JZEX*fE(OWrmz!52OlF7v$sD}$HdqIBLU?D%)8
zM%cx(yQgTda)vvUho4{SM<oJLTu3y$tYiC1<PhW8PU;k_=P5{$)p1Cfq%TmCx-*`C
zNqu*%GRx3Y9$tIv30DZcxnKD;%5RlN<D~EWIh;qP#Y9NZB()2Vc*01VFA;NCcBWH{
zE$mUgZ)uUA<$Cf0_*<&?Z}l62x8wf%r4h1ycRQ*moI?H{qwt<1q#ml|)9?*pvh*Xq
z^p$+xUU~D5lr`)hF%y<zSv^<z$gpwkxTMe&$I#I2i5J22RuV!nBBHQ&ax$RzJ*iwq
z8#wV>C-S^S)$ouncP7O!eTy!`0amtvg+zA_Qcklg&jwG5UEus_NI21*ZX2f6A_b|D
zd*|DLb#@4NNhk%ni28=m%})ev^}xWcEECZV%WOVZgm_{Kau}{_ftJN^<<yODExM}M
z?HhZRPV;D~y>d4@0B?2LIIQ&)YK@yIEYj&}$sVD}nW5}x9b$tBtqP=rRNV(${2TT$
zBW#QD)(qU|5ju||w`fy@b0uufN&9RbjR@OQy8@FfJ?+4&<udx{*l}q%MI9+P%-pd%
zwUcm2>e(JiI4Ev-QGW&0`UY8LObod$P2`xp!du}Xca=+1G8?4!Zl`aservn5&7uFo
zZxSq`hOX^LkJo9SMDVDcW$i|4OnGCp_suc4bpe!QLH|6Dirk()TrvG~g-}R`8yw45
zg6-|j@(r@IEpaNuPFLBo#~uw$uQ2XxH1OR-1y=n3ptKE1A(-U2J1F5ZBSa3bf`7r_
zw}emoY5$%+{$Z}zE*3$aT`<6EEl<fi>QRI1e>k#s>nDZ9xWd=dH@4Q8=-oM>B2#C*
z={<V%eUO*c@kH|_mRJ6#2Ojl_^q+hN3|lhYb*a7_jgxmbx#Eh<+XwntQ3ax8&I<E3
z-5-ln6gO>PPz)MVwv?3oN`)xxR%1?GMS(Y`#FEr`w@}K{m#}Ljfz~%}D&-Y1(rB#D
zfKs1Q66kD09rYY}OJ9_2>>aZrr8V#)LxB0p4z*2G$e0%ox!B@H*OAF=oKBgK;vhGE
z0xm_#q0IziymLR49?Xkat{~JF5c1`yVY}go8Hu;>rwWS}9MC#z!%a6p82{6m6bcwS
zXk$4f?!AT^t1#3=I2gyn%2=f-u2G&akj;Th_hJ~wAe-k)&KqjnNyZeTW~Ru`4|$#;
z0t3HSFxCBZjmWB>EARP@$V+X;rmUFphsLxOCDihigb$NNQ7eS5fv-@OC4f?|xr)>{
zo90j&b%gm<!#}ZS1Y;eamOi__p(5|t-muL@tC?r1LST*o1)o30b2p*)SjiQR+rK_`
zAf|mt)xr!a?zhKqgrDf3P}MNpWtx(3T}sM9oodaGQvY3?;T|bKE(Tq`y}}{pv}1zm
z-^QDj295?5tL%`CxTsw({tImpzhsuwpCgu(7iVeAA&P5F7<|g7qBllu^HP7wHPxXH
zlD@p7zcX^AhQ^IPZl*{gtvyJJx4!Kw$n@PSP7kN592N*I{V!?ZeB<mRyM9Kzy6Ztk
zdypIsgb_GOqiofDi$0)yQhe5<%OOr1dlcmjiXMD#c-CXsEQ$M6)eQ`J23bt&$<+{l
z&cD4GVaw7#&Pj2R2RG7S22qG_$D6{u4d38Ld<8aO^Dlb_=?{IkLD8d+<ScozquAMs
z(}bz>D7K;~qjsU4cZy3uU77zi>050frg(LUiszBeS0F!6cu)e5-s+h!KUI#H5IR;s
zgLBV2!U1)z*t^C~%&C`sEWLxfkYv|S!h@Jn=>Z)mX?z}ad&207juovze}U0CX}ARO
z_$6%oq(pDRqbN`D2i%SwIRA-Mo*$XrH;J)430nX2c;D@ZNd{=%dZ(OBE5UfI&>-c%
zmW06o%z&J)emls5RPp$@?R`F{b;Dm}tfC(CzfhIK|Lb%9@88(}zurLiBg_7PQp=t@
zfb&;wmTw@BQqZR$2HG$s^TKX-XSi70!Q#WsqOg~|gdyK&bo2gR2pSdWVDW5hIo3<m
z^kpaQY?@k$IFjm!qU#3mGY{c_^9)TfVOwJRl?}|SopMvc^eG<PNhqf?D5uB&U82Uo
z;(7b)2srJ?4uT!fn>|RRI>IK&Lr4*P<a}}j?jN+o8X!y44fo7vfh5EYaZ~QlR>R@P
z57VyV$&M)EI-At%@5M}|wNhGzR_mFa-q_xsU*egQFBHk0_nTgk4tKbf@(JG$P$AZ4
zc8Ya}l+Q6>415EGqI`!yy7}?MX^G5AV*|HnlFvUV0}fW=g%jPn5xRlDOph+8ua9=Z
z4N6yZ*P01r)vOe;mpcAB2#<<I(my+)<2s+WbQGs}2D)u8gF2BC;||pJpVw-Ou{)l|
zPnh?-1mCS-dDXjTE~2TA-d?2N$1FPD4?t;(50vkr&1o!==r}a>{@8gvG6ME<Jv8l}
zMRYL9UbH??YXhH%Gyy)3>uZxdGI@{CFHbuyUWVy&3gC0J+g<@3zn|v1H?R|!PxhB<
zleR8p1a&Ed6hANV9*?SZ4TPS|Ao>gpK8nfcfz>$<4T%mv1Oh*^g=>VXiT(dU%Dft8
z{~!dvhqYY?`|1phU2okdG^QD=UcTP*GKWLoES>zwUfzPHB#uN!ao2|~eQaT#l_(rN
z(*CI42)u|sVzPxMn<lPVQ89gf0KcGgl5jL^1GjsUw7WOHN7r<(YdIz@`xt5!=-ci1
zRy5gLZgjovSb*s?TTo7$*Hu7+9_v;QBsgGVjG+?5lYr{gw(8A5<G(ZNwIs9v*xS?A
zGq{V3hZc2fA(zd^k@Kpzo<vN>BpHLnrE2bMV`8IY1(^oJ`@q}kOHM)&6PSty8w$>i
zRh9pa3+I!_2>xAsyRDXj&sZooLRUv(@SGe2es64&U)fx^P$3}-jJvNWD7DX~Z7R?`
zO_G4)!kuAIi+>Nrf`EiB2-FIXDU?a3A<ROOFBDbMS1$3rzVbCmy#kTo_*p|4xhUWg
zOz^V`5j4r+C2QI7P!i*r9%12I0pz)yx$zTxjgAc6S#^g<4zgENx|cSxot($$l=qhk
zy<AZmZ9Tp9A&{~V!w>jn<#fo&aNI;2SNu!mo-Y+IVA#<tEB~Dg+BQ;g#KBA8uuIX?
zNQz*>V;YO^;joX%%KkQ47BS(-*DFrAHwo-F%)f|@g44z$X=p_YRUjH^aVSqxFA{T3
z|6b7f%T*gWir!X=xdLFS%X3=it3V6S9|z8R;D~<*gN$g-Gp=qZfibSKe%yOPM$gdL
zxMV3l??~=EUa3TpLwVK>h{d6(f48JD5nflCEN3}B|H-3sC|We21OeKeXK@H03@R#-
zLl^C`oJw9X)ZPeHmG}u9t-Q)n;E0G0D*c02R$YbP!>+{VglrAm+}-DwtrFAVw9`_8
z^z($t48u#%vX_X|{Zz?A%QJr%^Pq3npv^&<u4B3<HD5|dXr3tqHljV_fvbojMk&s)
zPERDtV6+aTZ)9VrAudQGNHQSmTD9z$refxIB^8RHOixXVu^F23#-*zF(%HovAR@wv
z>ZPj6W}V<3=^9Z+jSdzTiYAnoDa4!^QvW2U0!z5GCMb#HVA7^cPjQf6%a~4JgU%cP
z<o~Hhvs%Pk3IH1Sv){bvx!Zy|a}!;W2xy%1x!fWRMFq!AJ$M`$S_p_-aQFt4*fWc&
z{=iu{)1zkM1Os|I&866G#^`=qr8!5%a#{}9Y?)UWt^>)_-Q|r0&ng16esWH!^WsR1
zK`j{TAUgfrqo|DxYw9xss_&>}5F)M74-f=}0kBn80XiY4K=zIhyQo;{n|!^ys*a%q
z(wUCzF^jyIbCW+64q=nQP(}cK3(WFeH}nDj0#5iw@&>dz2Ax9X@l(UsJ@?X9goB${
zng?RkiCU_`vbo&FMhk)00#8Lwq%>aT=x6b>Y@TFQ*m&jm{NE^z2p~h^b$Lfin9Qt=
zl_@rkXynj9J7%Rk*Q~7NvOr&HSydZLdU`l5_Q~?1fNXUo?Z6l|q7YSV$c>|W6m<N!
zH7b1@+gn@-Oqh6t;MI5LXQtG5*ET{fec_#j9+C3KHo9is%t$Ld$t)v;nPCyMfSR$;
zHCq=BaJzDe$i*lZEi8(KSd)NBt`YAs<Gdv1<*pt@)fbNk&K;_f3z;p`241Ja{Fr5V
zh&8~m({DeCCN(5@Oh!MnS1#=Juv|<=F2*u>H#|W+aY&JAp&Lt9W~dVlx(k>n1PS;D
zdZxqN=?{)A`B&g%YesG0vJTTl(#7>D*}DN;tt$ALBGVbzX{K388Y~=Ok0v$xJvq*<
z{fqxm3mdoSNhAwSFoc+z<1#j%t#g;7DO`mHN-8g`<SB!d`9f%P*9|?G8TYKvFu>rg
zX|{WSj8Ybn_HWo~rq4h$evwJ{I9Rr#MJR@f3YcgnE49E4JgcpNlSDYp5)X@4w)ubv
z19Y9Srj*fU>bx&n#BGCYCHUf5T^z``h&;cercO(@DlCKVfG6D}v7TzRnkI>}(o;`t
z{vuNeS$4bfJWD+&E}kE^6y|3e42w!yWx(j3$Ef_`ofPT!{p?7o8<LAu>>T-Q8A&o^
zp?YQ7Sd7YV;aTX$A!?kO0STGN-w>yCnNeb8lAh(h(ucLWK>r!3Fago&37j3cT?HS8
zH@fn?`9s{C2r%|U*?Lmo^u?YE@Wp+g9mK8~E(Pbza7~SrUj4mm(J($ORJ-$XW$^D9
z3oiBe{I$0PBXB?G*{Q~k-aae4ir1eUPxXMq`7H}TZM?7AW2_J5Qu2P);{YQh#UwUY
zwmRa|fo$&IL(t;qLlB`5W;TVW$!kI03@F~N{@@&7?p0F$WyH+T+t(nlYgu~qi)qEv
z!eoJn6TLbNxo^(N4Y<F2kMnZ>9b&OE+K(7%a5p|}w{B|=bGXQNp;jeYhln7yg-nqI
zGzi{$`e!Mfw*vj^a5bt-r)?R;EvFtCogR7YHZAqqivK{VO_(;X?n8&4D$I^m7AnX7
zS<9ueMHE79@PTW9y%_TTkBEbvnb`>?i%aD}gk&NF-+}0t7Wcxy6RX2+*+}ZwJGrOP
zsRQ%dnjVH`Hi%vCSWxSJ_Ap&0-FVqFKZmV|j$y7D?n@IID84^WuRV$Dq~<p~?=m27
zu#&9u&o2?>yPG(=J`}{cS@h3NiRYdpa^gJQOS5<>)F6;XN7PNo2qRSu5F395?9AII
zl$*1&cx7w0I$?)(wZofGBlar#$wlBlz}x#CaQV(q;t)?hAtnU~#)S~&IGSr?r#dhR
zX(~so6Q9RYhc}CZXQBcN?)A2IBGWEKS1#RfZrrh^sylE;&-FdqL{)!BpOw7_Vd72z
zMO?BoH?e77;N<*`nS}U8+sQLl+D}E2Yd2!fg!sk5Rm*kb7Z3+Uo*uIBon#RUpgI-k
z$FDbZg!csX;FAT{zk3M0!*}yh5r>!_i5f?Q0C?^{nvxA7CG)bQJrty(soMUm<K+F@
z!VSg;MD(rP%%cgIID|E|EIl@PaTDb{U~cmEf%9?j$l<UzqHhwf%bf@)>xHnYrWsBV
z@pnIgur`#}_w9mzQXbzg7~75+ZvNy#=sDnf6DUQMCgA5oO9h9H+xru)VKU%?eytL#
zd*|oQ8)vZ&0(A~M-De0M->fOiwZ7AJ@|QQa3i8BViCvF}Cw%mK+CCYh+HVmD%@gZ`
zPp+yV__{+r=mcFK+Uz+w9K(kE^T3G~YWp5s5xu>ifZqDtrHA7+jUs17ToYoa-wen7
zX+7BDfDE{jV*LXp+mjwC0&lfW!tW~W=6Dk<!gKd*i=b07IH6H9TrKYzi>AYUH57r|
zLb{ADXHh<AQ7bP#d`@T?@F_&F7J#g+hGD$VKF;b8z~wFA4bA0NpTB+<4qC;3ulv|*
z^K@k7H{$btX0fcsiUmFo+N@CRcWe?kDt+we4TJVcv9aWA!@65KBV$Wuk6Cx|Y}+}B
zGN%lT);i9)+a<g%&fN`Hx`+*pSkK}IUJqY~w}Y23TfNuN&iPFS;e{0jFAlz@vn3{9
zMI}@mT#Zov(uqNh_1oF|x(?vIH+AMFA2A^{(vZh_7Kevj|49b<?2kK;5^?6?Q+JZ5
zYZ|11oFzOLHzcudJ&bTTXMZY)mf-g-UlHM)LYdK;g$<~mwiX<Xdb7?1dLn%T$&M`4
z-J0e0HZQ^V7Uzz&qr6Aq`NQ%d!v*JVjqaS^qMtucp|777@9la|CMM4fOj%w9_<r%-
zve?M?lpOtA8FKDWu+A9hdBC0E2kq&0WyUy*Umnu!)>-_JO3py|)x-cez9l7}5ajvt
zU9QxGryGvFjbTuXPf)d4`t^q5ifRi!lDu`K!lQ4bUa0Mn#NXr-?%i1Toj&P;rWBL?
z1{c<=2tvJAkD)~9HPUuA?8ufWKrVYoaB`-n&)8yX9TBw6K(<5L?){(k6(2<x2XFf;
zg}g{fE@fi<9@?BWllf$YvA=-xL@zGHmhO9ecQ3r%jWP|=wKVI0of5~d_gaa6wKX3v
z4RupsI&XGV<aCncnX894QansdX|mAxzdtXXpSNYP_&uYZGoc3=iAC!Z)_o*QMHC27
zA4tEhHJS?x(I5?P7_nLk_(LhE4;xNYzq9(_K>Oz$?Y%n;?FE__$n+T3()7C_`$op5
z(m1+CoL%9CnsG0f>$PfO6BydBhNC*zioWVV8_h;&TGo6Lp<fY&)rKt&6gptf4`+-1
z6S@H2K387v7Ht_y7*iAYbhfdjyRdbYl7N5Nga-TcPCR$}!$I}W5D3UugLh@ndkGH-
zp68LZEPfWWd|Lu2>kbYfQ{=*f3W>RA9gV|pl52FqxU}=N@Jl8e$ivEv#Dn*XpIfNi
zsouPX;WG4=E5A2Pfg+^d`+5A)tcq_joAIAfu@a48tKTHO@u(QaCI5xp&(=DaAY7^A
zLu*v^U*1sI`n5q9&LbC16AEun-D3&7Xa>mHqQizGNbuCp*4Kv+WTY!M1w?6VXC?gV
zEl~>r8=5~k-sCx@5%NUhrzw=J%#7gF{smw>9=Om1QiA6y>9<jqp?F+`TRMHBRZXTU
zm$f|MJ=1aQm<qA=VIs5_p!466yokf@@xo&DQEeZW0Lq%59@b!D{G2%PxEul(<K0C!
z!|pAekC>k*^x`%0@PAFs+Rm8XrtoIqxLnBzG&X@f#+*g>IxQT$EmS!Mn1P8n%>~s8
z>&3VuPxb>>k2(!7mw2w{Gs#IH`xiirGetiM8|M#pa^vInx{m-x&S@|LpAWhmZ5Eun
z{LKStEzM#K{MJ_GfQ%`Op$mLO80p!>S!kyT-owaMoVyFy#^YI{$EJvT{lx`Qz)%7K
zrLBHFl-{LY;F$JkYqf(|98tNfGFFYxwWL5-={K?3)2Jy59;`ZIerx25BSN=h7AsMH
z4mPi3WX*73h<Y@-vLD~>xH4m1z%!I<`WreR!10@U4iVpjk$r{6l5o@C)4{CS<48^(
z)U*f(dn>s8R+cIYL9^0cExVy6!6Zy-W^xJ;vO6y4NaL?sZw!_#mbexAcmmPjQFxGx
zGK{__5Wnh6<jIB2N!h(J{Achl(S3sW^TR31-NnzesSwbgAmDkI|1q|5pp)XH=rA?6
zu|ganXf8Ess_?UQdiJUG>iV5`?02oAhI)Zm{AIeIEPK_98>Mz^PHgSU>ie53F-O#_
z7;#nT{T=Jl#q{y(1l>8aVYMuNaSb2Vz%Lnbq*n-!DgN-K>MYU(!K%hM6uLjCW;wQx
z=MJ_6@>%N~{rD90l|rvjZdaNi)as^=j#ZGfL38RQV_q5gfMBR}HlWbBW_67A#aJ>|
zTjy#>e{>r8&WqygW9X#R@wy%<eY}D<;Uw`Z;?;Sx;kKPdk%uMb(AG1Pc2^@|)~!T&
zx+0*eN+W8{Nqn<O5kIs_;A2;=(ckd9{;FzCjDJelB%iainA+*GjsZ;cpi7Y|MxPd=
zfe|-UzxO3i%?BSk^2Q=IV(8;jcVVsv6MX;WGb%E(qKS`t{%4Y~$;2zalI7k=7Otr|
z);Fs`g1|4aKK<7+1t@%Fr>Ae;aUU4+_8FmWDdrBf)hN)2eaF_x^zv);{e!HntNt-J
zgHCohr7>3#j&__9tXQ>})y4D5LX!Pb)4d};0RzQ@3*i(-$LubwH#v4AwR5zl2bYpU
zlEDcEyU&yvFmS1);+Ryzx8#|ft+?&UroNxz!V4aCcB6KX;ZS=HS0Pvj7OcB*iZh4R
z?_Wek*gExepCJ64r8PG|@DV<2&M1eby7XV7lkljFSsgk!|FW3fLl<S67mmv(!-ilU
zXf<_M;1fQqrwNz${KFcUA;e||b&C8+fXu)=1djY5W+F@aqUeiEsJ|81McD|t0&K9|
z_FaA{Y3E;&@?Xn|f&B!5&<>W-JV`i8MY>Ef2Mvf2;ZVJ~UQpHc9|)6FA3<Ae0{|-B
z`LJch?~h{Wtc60WU_Xg@T7yN^hyLATtqC;YvB#^EiNByf__oNu5YQ4Zba&+~i=o^b
z5zS2xH&l1M9x5Kc-<ap?vuz&h#HXc4n+^tAY&~JRN&1KKV;?AoeZSXP5=j#$zZp?|
zX{rr(T#9WZeU|!&43=cw4!oN2P^TM;JB`$Eu!Jj$b^D>Giku_fBi#Uc8)D!>h0mOS
z@Nm9XzcAM!!<U!0c$HxWM7o;Jb)OTZf2py$?6{$~@(L#XZtI4ppk#?DxL9TIX~+9l
z@P&JS4~8DkburfbA)I)iywj?2OPhm&6tnMwitQ&LU<Tps)McFro+IC%L+ksQ2xV^d
zV3h4yoAf5@TcVa&5b(c~x*6)+2f%zBNWRn?xH_KGvo)2MRy}m_8{&?Ry$$NjT;^)E
zz6}0M_sR}t@0vUPTzZnFbd+|W89L~Gx(?c9tJ?I&!*3}qSP@BJ^ZEOIGSEY#!2zK+
zhX2Lb(3jT!a~H)r_A(4dl9%Z1frP8{Xm_32V+Iv}rpymfAE}B<f5bk63VDPYg~%ZN
ziJF;1MnZNP-J1EY%h~vBvARHE4r;518e{7%8%R|fQ*KwSD6wvLp4Iazu30LP!53m6
z3-S}BncdV-jG}XEt9h-a$Tu!C!+Db|ZcOH`KLcfCs@O)OXr$MSs$sANv6g5X^LfLf
zkUide<bv${4J~XZr%>72t)RRZf?mU{A5*4-ht8>QXo#K*O{s=MT>_R8nL3V0DB90P
z(b$KNna;_QO24gadOP&s*;1&SxSKdNMr-S;fAlwxz&bn5nfm3h&iI_u?y-nK+gKD=
zb<zw&;AQ+DnI0N%pYoP-xJOl*#QrF^EY-RmC2fCB1&#XT?x}Hu1=TY4Iu9LGW|Kda
z%k*^GGO|E_7py2-v{8wmk!Uqkh8K3C3kzC?zPdk3=K(-Ox_LU!j5eiG&b{U{ojK`)
zo#!tT%ygT|gkB4_1-zEPU=^97tI6kIU&Sk0waXeD(<KT97%`pUy$OePrz>~*cCLzG
z0NZKWVIjp$>AT=S4W1fMOmRISQoza5sQ2#K*lwvIF@){-4HYk_z-}+0&K>%4Ln+Qa
z)~3h`=3*8IuFbyWBW&BRxM1;EC-!8hhssMaKe*7x&m8wxaoSx{eh_P;N@0WN52;Li
z?ohOF-ax^wtHA4q5eXNO-Kpf?A-QpvXh+XI>8kadSh$QoD(UFaWJq`gnzx5E0?XuZ
z(*bwzao8H<=|sB%*y#Mqei;El{~+B(THQ^BITjCgyNKhJBR0-Wb=SnkEb`-5>o309
z<IG|PpM@3{&+T;iN60kyVs&*GKU<K4j%T2%Qt2q)W_@bH>F;3<ndQT)Gw1HiH+cV$
z&vD!Kp6TFFuT<8WlIQ`GZZ_OYu&$TDyAqloAyOInVi=%v5_%$Kv(Q5|)vfG?<IG6^
z=x7Kma>JHIg?QE@iihSqu2NxS?Kx?nFSXs6IWQ8qLqFt=P_?1I3#>TtAxk!lNw4Yd
zLf4re?yYoeBQdn46w6r(H&hsB0!w2-qm@OV_eKSleYTCV=tg#GH&lMwhr1K1Q>zmO
znTId$yM*k<8a1v2g%_HL+~JJ}k8N_{bgu6SrtXR#9kC?aIB%GfNcr_VGV*Y(gI@e)
zQ@^FKRldUcG{aEjq7TdYJo^t_FnddBYK38HN1)~l-#zQc3xJ2kfpSxDyLYvb;oSU_
zJapBEkGO+&OWR&zV$rUkc4YWMm<V7h!`N6r9<r$5R}Ykpyc+6W@Fhrnn$Tu=7}+<{
ze46^<T8kTZ<2(c#JNR#zyWfA!`_MmC5vC9FH&sSPQn+6wTe6LTX1$Vm;EMF>f%(@e
z56wy}e{VAkA)kD7<KhNb_5z1jOM&}-_bNK~z0u94Q6Qo1mh->w%o~gNZ9d4x&zW*o
zeIcmxL>=E{H+!HE1#Jn1+=_cr=+>L~F~b$sF}vGZiWBuPphfPmJvMwfmwZ_XmWSq{
zC?@^*7etkIr0-r18Thzle?0O$WZ04yIzZaBFgBok^|wPE>VL&ep5<G`?3YMjLJRq5
z<%LHTbJkr6=0>BR-x4k&MIjE?X~i2)cSb%rdot#xVO<6097tQOV;FR?LgmTXLn<Q8
zzeq*sEoF!g?6e(88ZB*W3Oqc$rn?OUk%ThPR4Z65FItrWH?Tr5<K4uFUiC-y)-vYk
zblnNY7$oSRb-+uB4vxv7s`14OGyOs&t-`AiyS_JfbpRO)i1cy)VL)Qx-XuOjKpM?(
z+HDKDetYz*hYv@xFubT2)a*P(kj8PlTYbEO+cJAwR-RP$x^=fxsyngrY?c#+)~Q(F
z$L9^7ELB6$vlL-;Upm9S7{1hnM%%@;cj+U0>>HiY`-#b;I{G2Zrq&if)0H*X25Ql!
z8(v145<^Of{d{``18@THffwst7+8T=%Wi+8<waQnR{eR#bjP~%tQ^an#}bsS_qK=f
zSWwQDR@3j);V%y(ECb}&3364S56m#G;+fkaPiBi1P@<4>4jd_9dV4#wJwe*poiIFq
zn3-Eh@-CVcd?^?RB&fJ;VAnIsu8ru~C9AiLJh<@FHgwgmnFT}CMwA?1sF8bJuBC0e
znZj}<Vn$m{cN>Ja{$$q@+V)N`T1||HNQG%u;!5_zFI4S(Q!1SgM#aRN7`phW5o1!u
zh<Vaj7M@c%{ySo~dYa^R7Q^>x7S6XjkQ_5^C7C`fvPzxX-p3M5;MF1MaK=gC^HxL+
zM8?H!`F(nm_9+H?Z}Ksqa-ZJg=i7`EhC%AjkltEb35l(4O&&gi5-e)bNxsII<)RIh
zu>Nxn6p`@KstaX|VuCtwLcUK$Urz#o%3+c=GVHG0wW#DuenU?a_QUG6ATN9s)aCN;
zL#|c5n<9KDqE_(rUdZpj^*;%&_ng<~oy3pDD=eVy1DGV8Xs}3nd<hPle-PxEp*v|Q
zIzY>DT=9}(L(41*9DHZbp&{RE0=<OD7rF-{$v?-ZKg>mVVKp%SU=|L?9+62cj58u#
z!7y$>$Vv-M<D$yV{hU;wtdm4uyTbMKZ~K06z?3wN`jVw#&6T4QiZ!j+j$~(zHxk%s
zs#+nbk8W#DkP(*edIo6pGa_GFMXTGr?Et<9cdLz_T%nc7iqV)cWp<%^*w1ahQu7zm
zMsFL0e=TUcz@o2(Msv<Wv^lEkjm^6fH-BH^5&AUhd^CjX&V2ya*U5<rsq`*%y)SB2
zE=4$~T#u^P4;7Q6Ky6swPGv?mtgYmd;T8_0eB?9%h!Xj_;eW$bb<p*J;STU4sO=OY
zKsV6^&O#CKA-7iX44K~JEvbza{;2sR32t#P%q3-;JEBol`~90e1CqzP2It7MIz*AW
z#Q#raLV`h@3k9Ej#?KoO>KjY&T5EkD8DD8K8!4GNXO`WP;HT};ZXDb%Ao^ctg&&(~
ze((1X4dNT_A_L;sLPZf}NR?YUuho||*cKAfe=+J*5Mj=8d<Av_7VbN<)Byw0XD%~t
zPfgdh0btdI;;f9(=Zv*v2J~Ety$>DMdjrkE=?(ASunt4F(|TihgABpBqJ#>GZ&mIR
z?)k|eY3OSHp1jeCd&7YS_E(?W47m7WPoa;7Msa2~JZdRW8e>x^j{kgr-=_6JtFCtj
zLA>S=R6c4akv+>7Oq8}~OHI?OF12de9$0Ric<Yu-iXH9<dVaKkE#SFw0w`9l@1bQu
z$5r6v_Wxkp=!tq8>kySL$N7882`bvK)Sma@iv3sYOqQ}Olmr@>;}|zXI(h`-u182h
zJ26tU9O*j1B+irWnv$FXS}1IDTQDn*rbrmsVA0#1f6y+2AB^B77-mcsC|PySL7$qL
zD=OsHDjM`AKa>a><WaN3IdN1&WSFV=*9JLH^><6qa<Au5=lgj*>eA5A4!x15c)nKq
z%=QH4KEKq;1$kvQx+CB;z_@wZ+2LwH|ExFv!OGNY(@PV)V8}Seu*pTfTsddzcMU`k
zS);ql0b-&%T!p6b1Fi*N@m|TuJF0`SRg!Uveh;3_Hu%vAusi(F!)=t!_#FDp_iS^W
zvi>*vr#&p9mp4(ng4Qo^Kn79LZ43%gsGyEJ%{i!SPeP`jMqms{fB|kfL2la>byu6K
z@0&h%xPrxwEu;^918yBzr&@3rD&Y7J4pr<JG^I}ceLYw`Ouf>zXu^G*vuGK6LFX=k
z{{-t!LV-N$IM>UWg12N6s&|IWxIm;1lwVZjbanr#3>SpElKvB1zkwO^z_0RpgqW8b
zgv`g&So<A!Gm&*K7GYc`iHy-pUb&II2xLw)mPS(iS6q1Q#;S2;W}v47R^dr`)Ksa_
zgd~MZ@@9t_+BiAlF#T9o5pzIEulMz;MfB`L<a0VO+{BVg8&afE<HgB$&}hE*&i9;l
zA5whREm?Y<OYVmX%&@2yKn_P6{Q!56C;cY^^`g~c`g2KYfxCEwb3s~SmDF&R7;8;{
zGw*}T%wnNChp5?ur2Q!BoCLnSwyjq8_er8R$mPziK<qMxC-&ZqtT=q3jkqLCyqJ^U
zKZdvOUUVrdJc{wK3c~jWoHlwIQN&(6#5#K;qu`+3k5*8KG|<WU!y7JFks5a*xLq(9
zo0SA2Ha@<oGj2t>$4^THzhZCGNb=g@NsfjPmI}C0FGaAMHrTDR=u4BQxrA<XkDBX@
zV40sV2LG6j>)ahdZS=Qg%2ddWcbMW)62n4c{V73emnH42VJRjPY&nCumr&thI9ZG(
zv&O_|^Vk1JY1TcC-%mCzDbkBdk%o5C%>)?$UD(D4B4D!%W_aJcr_qbA&Tm*sP3P-_
zMGU)0<J2J3TE-k1p$Vm3`8FO|WGU;%*HsT0o?Jm+;qs@tanN{!<3kp~&w{!hHHv!O
zT1x*s;wu3CEys-sSwJ6cXGTq^&J267&Q)}EJq<bygLA#qMm9&Y7@YhZhloI|9*Xa|
z6jAV1-B{s);VL2ZIev0m=|1L;A>;s8^mD@D)EPE@SeBjf8W3QR^4ROuk9GR_>L|c@
zV#ATshy~4Cp3YfCbg}KGOD0zDWO>I@7Gm;%96j58<e@nUWXj1Z{7IpcRVxVl=9B1i
zL4n9swGvOM<@9CXC!@pMJ+XVO7nd_y8w2%h%U{_U+|b)}u9WOuV*CG{jAtI$r_2y2
zM9i45oFVs^{*I8v0$wDoBFn>~@^_x{!5V@RKq79w=8Ske6zIY!IXD&qJwLX+cm5%k
zo~D65?HWl@pnTXsVIeUPdL15xo}_!3^MVM7c||>YJWSe)QZ@bjt^A{R$McS_ncM;w
ztF(Ss!pjdvrEtU3{zk)+)vSZf<YAr0%4X`;ImI9ve+UT_k^doIdlA|1u=y*n^Df2@
z4+xrf@8M1X%P3A=4~`djXSBz;XFMcw%9rG41jM`%<doTpQB~}{Y9!&5)*GbyFH`sT
ze-BAmo*eB8cU)XBn7u7A({$S?+%QMCV>>BM7_^D?iys>4U9FhM;Q+zM1o+~@Dfl>!
z$95(Lp<l1spkH77;8HL2xq69EoY~1~2@n~dm90w{?8&;|RC(d*fb<ahK!l1-56!vB
z54!S38PR^_-qZ=1MygjlxF^E5QA<TkHymWYVj8#y@BX`yBVqZE1Zwn-RL~wT(vJB7
ziZP<*0v%IpuAZ)1Jvn>lew_;v-Rp)&`m#>Ni0N}|e5>YdW~9(x0~a9oin^Dl8FI8N
zV?eT84h8j6_b=<gaAlI6#p%>rO+sqYXC97M)E$Xx^ApqF%N|)Q24{{cEZD(nUZ1An
zzE>pTkIdjx3FYxxHDo3P@3D#RGk*@vIHS2o{%|q>>XsI7`O)9LvzksP3_o5PiBr-}
zA08NPk6N)w9u%`JrQaqJqVeXfbfsubVbcTbI#o2)z+N)Kdx^ENE!ZenCTt^$Z!F_o
zT!>^m1Is|R2g2!rhrL0^5rM`n8X~qqloqx>aEU)x3(SizR^s9nctB5L!FBiJuqzL0
z^lI6>kq++W+XLJ_$~Ex)Z`{Kss}@C0K7xpw7?RBJ*S?sT6!4Z4PEU8Ms4Gu{lj&}X
zCO8ZNl72BNMGE-p_S2$|P-+vIVOrtGJG^Y_>axq$fhm>510Pp_ofj<E%<hVF!-J2i
z$j%6IJX(B0S-EtgG7IK`7#D#O)<o23Nn;_h@S<3g6E4fF#ex`_39W8u`e^y5<Ivfs
zi)g2(`#30`HZyvEKF!c}f)Yp@!If51MyLtqfn;i^y~vt+{SYtJ>?-<*(%!qyr~5?i
z$8l#kV1Oc(!nh!zaD|FDN%)3}Bn)gy4Brmj(EEIR0bss#<zbdl6ErE0gT2#t_x$Sg
zp!r?@m62F*2&w-@3mpjhz@m}okENuhL&c=xEbPx!rFNRP2%ojERP^O#fb<Su#)XBA
zHHF@$qwTGG*BU_^l2$~ctz7nst$MSAF0C2q-(H8>-9$1^<UY0Jn&HsCkx!~G6cU;U
zHW1Q`xMyRwLl7;j!y^u8L^WeEnZh>#Uhd&1yqu6Mu<;cf-4oHd{lJ%G^$slodqvtO
z=~)98GiDe<w*3L^3gOY+gr(Tsfx+IaZs^&A5i+PkJVfj!PhIu#Mnz!ytkb%3GU~_7
zb-}|&96THr49(^Q;G=o?MKzdP;Q0z7UHQv#yVVV4!pAAz8)(vcd%@{>nsbm|S3w{a
z-Y6~#@)v0Cf)jISg_9KShQ$}c4_EAvEGmx5QM@o;5qu>&Pj^GlJyobSL(1KEy?m^6
z8bOWKs*N37%lH!C{$*j%ZH2Z`RLfUrjr1Rjdk?P%p6T*FYL<1|3^LdluAuqr@Zjp?
zoxo}lefVWU`=k;KWL#%z-Ym&i4X@9n<jiqL$MtIW@ZR@8+X%H26|IH#x^YRK{5~F*
zig9JB@5jtb|Lg5S%ohTER7_V)r-t(#`dgx2t&<q=q2;yix~)5%ryPFCj~n*P;5eq+
ztx?m5f|yZKH~hV4GuAChyAX4||K{Cl(|tIMz6EBGFw{wWxz0zD;Pr&*?E$oCISpJ`
zVAyv~u0e6MCp9fVWivL#Pvw*`LM2#8HcLvk3rTfD!yP!2?Qh0b1Gn@1xOU>h_M)3X
zewZSKbK>?6_WB1wy9}o!9JtI1t9JpBfrySRzx&sQuFgWz_Vd8s_Su}_QpSiLRRy=S
z|K(uV@ki1x1A`va{{v4zu)oWHz8yoT*7vJU!RgST2KAH?JPLDh>*w1M5-$CL2|+Al
zm^}F*D{y@C_I`b&TNC|E((e&JeQ-CnEV&PF+|q)&viyb!{Pg;GZ2Dvj?rCDg3vaK*
z;R+T)%E96OeUFaEp`UKW><Nt_bAR9Mrj2<m1S!N?iy#>lo5Juw|Hg>ZxpDKub1?P&
z)wtukQ#_x5>Ak6w)lL5=0y%P*JgJ{a7FQBqy>}<JEWHme-_jQM-a7=F=iY|7w>5#>
z;P`BJF`oZ;JYE?=;#1}&Em~fKkzpEWtQKrLn1SPkY}b)SRy$8J!s1uQVB1&Y@zU7V
zh@!&}Z_*T-XWfTAzl=k-Td&1aF~ItjTX`+5#J$ff#~zm+eY>~BJ>z;{<4^Zv!&B|h
znN_tjHHXcCIvdTH_X%yb?0$SUfUQ>u7-2FRmG)b7_6+X-cnfSPjdA?Rjxbco`4D_M
zZ4@>xz7Ib<)df9zwnbDyCT@Fs6`p%%1zua4joPhRqDSLk$fS3V?ya%mlUs1|?Q0S2
zEWndr?1xnrgGrHmFv}ung>riBr_AK(%&5<{1-7x;a_dPsFHKX6jvR<>`}IDo|6(+5
zNMHhm@v^^?fpLvGSoZBC{Pu2FwwH1&J5qt@P$>=jUG|ZoivMJPO20Pi`{nrdtfVy|
zL}p&3gEz+F{b?hxg8j!!t#tTc-d=1uUV)@2BSNI_X1pl5p2De5RXLvgdIR<f+ogUH
zZU^Sf*@i>GaacZmEEYY~19!9y@!quvDDU4DI<y?}yl?+c!^6(1G^+?JNKo8liaDv-
z*pN}-ebiL0Ge2k~x7Gl;W3qXFI?`m}lGcvp8&2VL6*~itu8(j?I{Mx1IO}0W=nC=G
z4jW>UO|Vx~;H!CC@Ww`t#AV^B4=!F%ZigLb%WNnm+dg<I6Pwa(uojnL<?$le*l6;~
zDp9RB;J3wluql_0ioJ@9jjXu1l4)EhF0)|sksM@J@M5ICF6tQOuwd!F9OZFVXIUAR
zAI(P*oyNMuR>Z|rVb%5woGPQ|7Q)2*cTuh9hPFo8*~8d+qy#@~O+&dMm}PZf$?E;M
z>-!_L2OVmN5jhz-*ebIg+cObVF9!PRYV15o=^T-}dC?k;dTc$Aj<Xd`#nCU{mx)wa
z3#3d72Y~i81ji!hL>ktgDTkAdHuL0Z{K5+&IEszZZNZD5tiWeGIRc8-;Na3!Sn7qr
z<Z|NRvC|m&`W9G%XiKIuS}L*nR1wmTXXAv&fcOYK_MRw21>3cU7lf=K+j%S-du3i$
z87cBlMpS9}Sa-4j2Tm2B*kD3(B1h_bOHj@FT7IYi4tAWmS$SA}x&)QBDr}|GHECEk
zv~5Oi7Cv8<17}<)s!0})Q>U-D<iO0)=ZRzK*pqFAv34l7?M}!3Qg%$tHY79}9cyUu
z2}#(TLwQKeEyuxP8_9?UD_KVs+9(v{6(Nr#!cOuyZ)-X#6>>>^WpUiG46KpIiWO4I
zy4LBHkxY821qF5&3JNVKEHA^?D-Pr51C*avj{PN+PlvIcWnH@HAoh@S8I4+w>nid7
zoC7#Rn&e>Fa;()PFHY<_l7S=g3^E<Br6><SZOVep90HHQja93+<L+;cvLHdwaHN0c
zL<Ux8aEQrK?D^58a-Eo9tExg7M@U6^`FMQB2CPVTz*Sj*H3!OJt`Q7JwGHony9!@y
zD^za9hS9@nJuVzQdJ1>V*o}PZsgDWA-o0nBtI!S;3DT-P=WwFhjnwoCl=4D6b?_YP
zoo&bHK}K;EN_ahFaMV0!XFAN$!R&V(*tq2oo}76Ahd7vSmK=hDN(&Y)-Hu0==D-ok
z&X)ShEm9AO=;l4CSbeq%5pf}KXk6HN;1ni(ybbw!dVd+gvK<BMj5vEH16$5jKwB>w
zJ9nSK?!qc~QcI9Zf{?~*c;329^m}?VZZxD~?AOO(kq$Y)J}yHDVyesV%f2k?sDq2w
zPKd{fMZ8u@*?wJYvx%Bw%-fj*7yFgcQmG$1ida9J4)WTP1tz@CY{dmw$M$Nf5d;UX
z<1c?+gXybtl-qY6l9Qu{(y%Vy3dfl;oF+-hJC%jSM+#7(2||2Hq0&a=dT^1s$2v->
zPqy+{wcK`c+HFXybfC;;$HB9C*q&X1a90&hRk~1KQi_*n$hFClvp5>Lv{^6G%wwZ<
zD6Oi%FLO5Hxh<6>RtC6fvlwRu=IqUY)f9rJHA0bl`Y2xg^$bo{Sa2Y_95xONY?T%4
z|E$W|g;-Yw=FvWtvX+VVk@BTg*imYC;OOBD{CKJYP2)`@lNNma-D-TW$Ae{$cSG*h
zefagHTq8PG7Y9#Fd;D}ZcI4V<cV0`<C-Ay)SKE<esYWULuY>3Eu#@GhmdA}P4&>!l
z^15>%H?I)W7ahiilO;HlRf6MoBQzZNEId*ObEt{7s>brQ`!H?J2~^T?hoc&&N~%%L
z!P4FnS=cS>LD=uP<<^G5gSCe;aW<_4I|`jhY#4>3TQZPF;+az*uVQc`E4>tUy&Wso
z9mQu`GjKY;61#FL5ghEnk#x4N3Jw7C%aKb$k$XA~S3kD`M=EK2aY}y3^`~R|vJ_)3
z`ze_zmA+0_QG&$>a#2NMDh~w&TMDsYUjaO34T?&v$f>fk@2H}W$V84TAz~aieW1o>
z#TnYYnsxKc2P?7kxE0#4aKu?k6!{+Z6At!SOOKbp#<+)Be_>`TmTXVMIkpGA&dvc=
zH7vBrx8E$o3(GS((x47O;ix*Dfu$$dzjIJsekKQt&z5uCDvx$MU~m@W*WKC3%Fe^5
zyq+Q=LSQ4|J#{u0Z!X=3{p=Hz5%1raxcs#j$5patlt&Swc;T_)l$T6#boo27;)k6^
zDrX}MBSZB$4P~KY1#4LD1qjm>LLwtyF{G99%6VQ!XL8>$TslZ^G6hzqlLbb~!d&SM
zC11v85F(g|baFQ4SHX=Jv65cahDd%gt0C~~D~?zoGG&Au$@J`WlvTFj+!w-NqjQmW
zfk-FAMxsF0UF4Rb=ba<)c_$b8KD&mU0ON>WGP)NAElgO%m$E#vm`u{kggqT3hljpn
zLhjX<(Vk)K;I)(?q)3*wD?_&nAT}v3XFQ*LB?@&B{n=3}29#++S!*HCP_}q6sWWys
z9Ljp_Eb--;e6hR8DCMz-JIXPC<@SRt&<hHbMHyu*i_E6T6sSBpEa|j7Pj!@Mo$2sU
z?u#S#(=$xkiV#()8yN+%(_@dWsLh_yYjbvb@-7)!{{uP;S=%JH<rK(T2zF?{3zH{=
zEX+TWHj}jedxA1zixE5WSXO$L(AIj&r2|lGC-AoofBR9$4daqf{F{8yS&A?9Bezl{
z4T&L{gZI2Z)?P^4Rz|o!C~clHm_%9oB6jubLt>)5hr_Rr9~QBb)FB}<&5Wn$Lmj2Q
z{8RrjT_G>rk@o<V`r4b+t>Oe3SFT4Xi#!f0Z7H1brJYNBv7?N<#U6C%z7^RFV|t0B
zEHag2o)>v`9+xwn<ST7j!u)E>H7qhn%%GQj#$}d@F3}A0$CGkPJgI9bcOGpJ!m=qd
zJ#6nqVp|7-J9Wg)N$v6ctKVZ@mXx3I1L40$#r{Hss+ga&`6#&s%{-Lz{EcB<{O($p
z_R2JY<X;|RmvRY$8DI30)y!f$r5*BEY$>|Qbs_7mBn`7v<V)RIE}~ChyOR2oUu7{Q
zA!+0mvj2J#$Td~LJVlNeO!_+^graJoe5n*VMn#tx_6>49%QY(3pIoC-pVEGm_&lb=
zh1^P)h4ga!(yx!yg>Nm25~ooL&P-~J$*(TJQj4@1#uYor^~u4OqKhOKNcrW~QDFIG
zfvK#Y6NsHfrrZXUzE!y%xG(*m=pbwML?^1CJZ&X5RqF5(_K|)<>=_YCy?89;mp&_s
z2hy(ndPutzTZl|~dQXCt>yKeFGcR`Z-<lL>tz6U8<wD49Wm!BgZC7Tg#GXoi%wL{3
zB2iQPf~+%;GWpjCC^CI*K=PLQl!Z}BmJE=7P{@&lEAn|PZB?p4`aVfxWnQvGLHaW{
zPXyXouJ=%}3HLeBCL>~gw1Kp7Stl1wTT8u)eH8r|U;00>fxn+s`V+<rY<quGTs~p>
zZ^Bn6{{{&c{E=pVCeDTUD`^Cm(zAr*!Oq4I$4*2ViQrOk|F`i+W&6L<>5uT=)aj4P
zekojTnhWFqne>-i#y^sIsdJZ`M<6aH^Fn!lq|=4?tGbA@va!RJCx)WJ*}-4Lp<FKh
zlirt8uFJuNa{o*||695UE~Sq^NI@a(9!Hx8EFAqqTuR=b)m`ET#=V^MfoU%{o#4;v
z_-F8+Wd2X{{BP+ja{im;{y)b5En)d5;2+i?RH*nrgL*CfzlUmb6@MfAb;2UklFH&n
zws`*(n=)1Dn<^8?$Vtxm<N9-waAonMFI=XqWdFiPt|X33cLj)4){w|WrhxI~wvr-`
zoBYaZ?7;W}nXZ($BHpj7+$K^UZy_Wf<u(G3MSs~>^dm%`Owak{`w>_s370e?Q}Xi9
zwkVKz+@x&&e3URzlKV;-eaC*g1nMU7C0xRMLFe<}pBFqK@+FO&6I}&<If3Pqd?b!c
zN6R_>DUkF2GGB;5n~MGX^`yx0?ke!-_d8jV55xWGm3yeZFcBl^CGLf`6<LzzclAwN
zXd8*^J5(TXMK6gb?aFTpMF&PyY|PDX(~H?BFx`c50^5VYZ%==EX+QpYlqi8V7g-V*
zn7`;GY2}xH3gno7=gTSZ=kLdPT^Xk6<&&+nZ#l<Jf-YPKCDZtRu_9CC`0G>Px3|CC
z0?9)X1w>OId7amR`w}g%t;qTZ!Jo0SKP)hh3(M?>VmJOu+6&Vtw&$kk?1NwSdHV!}
z`O{v^=1Q3)UO?F8*vH=n{C%RLn=ecv2ey@q*~D+l^JU_`^mn4Gq`A<p5?><8u|Q-7
z_Q!J0-yRej`qGMA$=e^*uaCc7_;r*BN`3)0kTjCF?E9iCkTjCyLVHS+_+4HMka*|8
z_>#u2n^OM)VFC$K^yZEt%NH&P>@NcANZ^-uv2aP_Zx4#@zAZ4Wv>iF;udBf8UXJ~C
z^4m_5@$ldB3bd`jua}Ddh`&ZyghaTss2^#9i7oF$kp*s9MCjI{VU!65sXSJK)>ehX
z@;1*16Y7K*Ay3ZAlQ>m2J5uF79pj`#hrw29L8;DwdLeo^94`6;?{|sv%d2297?Et0
z_jPz*I&~<w6w2BZSruBPL9-gca8}uI&LWS60pVdGs4urid0~qjd0|gcr47Xz16l+F
zyNav4ownYDCNV+E+aWVctSFJ^;7tZJmW7AbDx8(~pD@Fiuu#Nn95`9wP!{$n4O{M+
zRs;3oLlMf3#OZY6bfp~$;bs_E=CiV%<9w&%hMBfW2{$0Kuo6YG&Vmg##vF_Utpi8p
z`F>txwL(n@ayf9ig!<|Hx&f88YGhDeGSAEV%H-QMB~{hPly?|N=O!JhJnCoAE8kWr
zw^Z>Q%R)QLO8drU9Wu&TKDpJ*&Y@vsFe)ro<T_bbq2BKa$#rP4R^yDk%R<)1_*7Re
ztja2cMMt832qO`x#g)ppb>g%vGi|QCKSSaxouvV-q75jvP(OK+Mmk5U1L3rbd<RLV
z)gimM6a`gU<$D~l@~8@(e@2A`Wo$d=FMgIs-X@zAqEi;x%J(*uJmfyQE(pzO8;M%Q
za+Dj*NYuHMclKylKT@8wavRJcK`^@=NR@RV4hMp$bBZix^f+-c-wG$=8bWAivmQC}
z-50s1OhYt?2vNS_l&-uZ!UMA@SowBKT3I#9s;gl(N3ealaJtNfD(apR9SS?^JYDWv
zJG5w-6s)|*B8~YveVtRI2r~-Umj6HY-U2YHYg_pLO=KqSE+ixYLV^Sc?(P%{Ez)8w
zw53X^ySuwmH`>x-#i6*nJ8^gS`LA`7@VNbM?``|;egFG?Zx&4E%sKn)z4r38&pvy*
zcsSu*U&AqDj+W|(6P-QnjLFuXP7b(8r}UNcqKYbGq0k89&8tSaPb(4~(RpJ!*F<R~
zpI|o^yy|K=Szb@Lr!(%<a3W7=<m4!9bflHD9S3yCzxmag(kk41g_oi}`dV;CQ7I)3
z&W*g4%T5wtT+A<~NEeI~eT)?zImm_b+B#}QZasy#x*D_^YFEMaSV1X%US2rYRB&Ep
zPWXX`7o9xpvD#TVlq9<9Dst^8y6tJEEU%PQwcv7pOAnE=np!UE!WgP6Ld!TWClP0>
z@W^V|iDJ>IG+l5^>DUY+XHF{DA{&PbDv0*=z*%^z>kR1{O1iMvMd5$B29+u#hGQ_%
zLgdL^WcGNT$hgo$WhFx7-&y*nucB6qo}I0<(#FdytdVn~lNHjRq*@1Bc{ms=5$NmE
zsUp9|qKS46wDEHhiMLWwBl0Ko^wNp9hU2osMQC-gxRjz&(X&uj<NXqAeI3V)iTl!@
zS}Xou!oPZH*O(6_I^ph&o5+Xil`gjC>g7QzS39v~b)43@Zw^kh4|1lYw8D@t#5Q&m
z8=N7sm0Mkhx2Ff;VpEQ28%i@FU5wZ>v%xd5g{FEATr4)`RhXU3v=iHKw6L67F`Qna
zqhZcM7omMxX(jbicZgYa){X{|vC{=rG*~Re`8bhYSZ1t|;vjaoz1Y;#VjF|qorDh!
z#)Nizp{IlJ<f!fq=55Aa&N(_bh<KE7KED=EvH9UnCWG$jg(c+b96#lif&^GDYA-z<
z$&x<jsC^M~dpny668h>2xVrMN`W%%>Z_%mXrXb8L@_RnNgi>9;Sjw11?pld{s|YxV
zjAi7NkS~7AS!A+>vxA{mx-L&nc{$l74Fvg#t(P_$8tR3<)s&VA9i3ch=cD_GSvjAk
zw#X5aw9{Jbr0Qw5=!(6_MWp;TiG4VyenZN73T+~Vcc(<&TKI@hY@$JSQHl6ExhAw$
ztd&g}LQj1fs&87_;2*<Z3s{7~ehJ+;{6r5zDhn8M^Vj^MOY(cfQ1I0VJSB(`lY@O>
z7US+)%JPOl);=?ip@DYd=NqUkDdv&aHuCzxLe4Fj!_IHlu+%Y@?<eUS^j6VjlkwW+
z>#wflMDPB5*xl8b|D>-6zw-HN9$t|m`Ygia+aBw}fl!da$S2pa`cO909-qh81KdUK
z8;za{#TQ?#VToHTKaCfI*yk%jGnBh;7{VjH{ER^V#NH!Z`}#HxmxqwQWIX1yBt|{H
zj;$wix&M;~xsy}$cybFD#mS2%NSzK09o&@_H?)&u6ZP4d^nYU~k3VoFL2Fjf@uL*M
zO$@RIb`qC8bpN$H-PM_`pD(4~H>u#_&XW&K;1Tyzm~Pn)EkarR*myc->?P*@bG-Y?
zDCQ>m8}mJnZQIN2btQcN#9&&=Z-wuETF=aH&rqWiO4TY=+cRtCKt8=9ibK2h(f`Gr
z61X_fbLud5%!+2o((TMzxQ}9=FmgVd$g+=r;r_Fp9DSw_K@N>8!WQM`@!2<9xO-i;
z@KF^<#G<%{9{oD;%Jn_y<=1EwZhqiH9LG)Le%Fh{KfRqoon)yXPGZ3H@%%a^j03w5
zG2xYM;`B|#w@YB*{H}Blkf1~0!>8ZnZEH`K-PM5zaXMlixch+*c;%$jqmENwt#<L{
zt4GIiO|*sgpZbh>yVY<=Kg~Y8Ie!qhbqg@~R=#~R@3iR8{ox{0*2cxMOkxzLzqyg&
zSB;=|>Mmj)JwQ~KwtTdpFN4Be<gR)?U$}wW7M&z?>~K!r7R%Z-ySeuLJ>)w1arWD(
z99z1P3Gbbh;Gltaefx6c?gSovelbsfm&#k~=5woa4p%&~jAaG>RDXU2KYZ{r*M4^n
z68d9(tsAxJ$&7qr9UF4$aQE}z$j8%o^@SyvhK=Nn$U-{a@DoRJ>ly#>RDSMhWy-s!
zxqDt865R|E@%@jRc|X^kpXYVPO&o~51TBXSpWv!DcXLiRGSuFS^ZNRYnG8F#1^-vG
zS^d^{h6mR$Z1!iY%XeVLyfJ(}$^%pP_tk4jbXQMsKset$H-dip?zm9?)8{|n^QbG>
zbajx#h`NW7iCJ@=<nz*2+;{UJp6{<ONyG7zsU$hLGoqE3v28|`I1y(m={$QO_r7~8
z5&L)3>$$xIhKKRm{bQLLsjdJPeYc4jA0MRa;J&PVAd#x$NAaEg3v_J5YOx1?hjx<q
z%3+Z=;k#QD#UBmFL*%hSf)p2V0zbX8iixW)HU`lKh)jwjA2hZP8)mh@cjnKm{B#!G
z?HdGtUF=JGRaC&}Czcv-SQ){cBu7yl;`!x)e#BZT={@ZOc9dA~jcvo0Ck7Jds^-s*
z3)}ZGU~L^KV$-Zv(Fk#dyT4n`oYHn2o!b&!8AX?ISTO&2UP}w-<~aj+XGExh)%mk&
z9IJC-WLqBzU>d~6*-3y>!N|K-)4qRao){Ntyl_oX76Eg<CfC6OvKn~#^Eu4OKS0D&
z+o*I5;`0|L(?4rFk@FAIX<%z!y>|oygjY2ZK!5q!I_4}Z<k-p?lx^HkuZK3#?#A&P
z7XAMC(`C&4E}ah-&f~hg-8ek7Pn@3+qb8WlB@+k|oGJt--KON0=Qr@}mLo)r8_U6)
z+7LJMW2*hy^8Ewd>Fg&?SI~UorNv}-=)t?gLya909P6rh<ISJBKO>yVS9){9f_M1n
zP!+9bP382}W+uLRnEP%ULN|9&UkQ$Mvqe+VIfCBJB<;n%5*X;(+IDRIb`cY{2eIby
zUUc<qbj}|=`!+Z168>s7tM*bH_kz2o@=6~!j{LBSjvt;kCZ66ie-tkc3^LvxHd||1
z@yiazzI23JpP#{7y*!Qehtv{Hobx<C75j^Es3CFuVD{e7npzDO#5f!~aFqT}Zl%4*
z<I3CGH@yUJ<%w4ov!X1N@9*zvY~o6F3D-Qim~YOx^5MfHnA=|XC9q}f5w3o9H5F|;
zaNvazEd6{1cQ3w(eT#6GKQV>@m1l67z7irsc>S&`xFg^KE#Hw~@3}70`$qYB{ke}=
z7de7oriN23cv%Fm<D%O)eYA&dx+1fYT-f0EpwSEcDG;HmFmqjxFx+&OzLOVM^bQw;
zC{9I;hT6jQi#8Dd&_>RC2l2_R9kG+>+#=ED&p)oE{gvO6=i$xtUXkKEM3A&fiE5Ys
zyoGMFK4wFMiIc}pGW`A@cy3)f5&o_eq$hFJ&7br5!D{ZBIfPNVQCN{3!^g$y-PAk#
z(J#tZA{r;wEn3BZM^~~uL(E3<NjhHt4Uex+lSo{<D(YBg=GN;*Nw8wiO;3Nv(EGOG
z-n9eY%!rqY8uuu23yb95v5kA3=;CX-M~h}2hQX9<YT%$mR^QNG4Du?v-u^Q;e0h>Q
ziQM%i3KtETHKbR~udl`1HJEE9SgDlcv+q?MCCimeN$S#(9pfz;@xz*3YF1*dt-+~F
zC*~#k@yy#l)A^2{cxZQtkqxPfzWLejX+8N99$1z_P4hYel98C)y|}Vt2q{U`By?&`
z58cLD*S(hPNMZaH35<ymYf@Q<tNb=g;HP0%fb{Ln*A~&??v-q>_Ta8Nu4J&YSPZoa
z;usuSMziC-UU(-RVbJ_982r)!QgsUiaVEMpg^}qi68dHVUOX@)h?1NdI>(38B}7^(
zsb>7_-gGB}nYVsK;`4hsXz$IO*_{YDw~u}^K4$ED2T86GsyB~FN!uNwThJ@gLZy&u
z;*<_jPnj4IGcVmgT7ngK?s(=~y5F~vw@;Sw`V-%A<?Fjh6I8zbX)`?*EM<L44gM|;
z#s-a;gZS#X;Uw0jGWw1$nfhZ6Gp`@U9f<+dHLb%lY<Nc|#(NokHjJ1Gfks3+;&3sG
zlTvp_Kf%v8gc)KBaq}QDz!j5MxW4en?jt#Zw<~k6ZX*}#aSRNkXS8}6sb7q+a>3D3
z!@}j_e7ys>I#zk-$((L}B%exRcS<Fa-0}QdKM`})$K3JNDamHtjK%V9e)Jory>pQE
z9piX1wrTwy1;NkBqOW5LUZO|3@hB!&-jX0kN5zaix738|aI`uCk<Ur92GP%>f|)nH
zA-oU+ncaYoiv*Hcsa!knBjT_5f)(X~+&gc$1S{^`{_0}-+_Q{_)?VP{4_DFo{*~m5
zF6>ylgMPOy<>2`e<E4vA<-f(BFD2-n>YdEM>%U;^H|Lo=WdP3)4yIH`#sqxg+jCnF
zk<Ee{<JDw!B8Cj<8$?x^jC=TJdfo9I5C3>ZXjjbVrzLpSm0K?d)fFA?5IJ;dsO9>*
zeq`1MyQz?>9{YGbeIH%R9vz<2tXu0Ao76i#5?^B!!<i{PLPW1?gnTAK#HnxidO2P0
zT+HOpjtVUs1NHabUPjM*mT=vYbfWaFk-|*o-tq};r+vZK+1}hXXRrh-LZ>$b-@BJ`
z_lgU=DFH>-`9G5;+}^oqFMa1NVs%LnFG{eo{Ks{~-TWQb{g{MB-w;%&6P}5^u#>F3
zGBpoUN~o%rL`@kh_UGeAN6;z%DD7|fng=%&a{WzXnGssS!ebEa=Zvoqeqx6pqpDVs
z5|FwCGECyjO}o;BHqv)xztBp>b>p&aB;NcZPwubco%=^}qu7^PL-y^dk+OrX>O&X1
zR0hxagpsdoWplRfYAv*=&Y<nw?|A)0EqBc9P7A}C)*2(fYU6a2N;^@Wk;&}4zGC=S
z=Z&X;&%L>V9#3zhszEoawDSIQ-w`!wAyXD*G3U1abgfTg`Yj*QRqV;>Dv`ft7K^=f
z7kfFamz$yc9VUtHmo~lys0&$AmrdInzT$yj^B6O>KYh%0)LSf+rlc@_&PTML{uRGg
zi5@!$4I4!7#7@agJoNZCjQ{i`?K-z-L7b<kxmAL<V#bP1i<|N>&z-R6?%5KoWFH}T
z>ZeS5e;=DNU4#eYnA^6J>+b%BzV95N->?pRHa$*)p(+$@L&fAzeO3Y6&lKSt)l&Rb
zJr3^P^l9VD#wEuo^>W2rU&#IUd`0W2pYg&GE1{lpb7=<G-1RLZUOzyv==RSyCKBi%
zdZhYlgWm<UrGE}|h}PGG&anaf{M{~IO%a38DH0!N6_Q3`Up$=5=|jcFf^j8jg^g<h
zh|L;4xGSGNGn)Lv$C&i-Hbb%GE>Rmhs&fk2cR1D9GQFg<l(i?a$SJBe-o(nzE#Q~s
zDb%`4>AEt`=<AoB?%dofki%=X^XRT>=5+GGLo%w|>^wG~%ppr3NtBmx<X8q53u{El
z)HsTg275E9j|WQ@?&X86nQT0KlxJ6z5Z5ydM^}4sH&)3gljuFR7adx;8*gFi%7lh*
z)<5=UI&>37N;<_|-(TcFau%O$I?ma=y2g>-=3qtth_bnNk0UZ8hXp^M5~C8yxK^Uk
zl~$2UDW}4zW#y|u6inZ~vol^3H1X&)iDaF+z_RZTNyh1DWJvc+AH-Kr4rfS92|k*a
z)UK;1G~Ac268{Z-VTU*l53Y(616I@cNK6gPf#h;Nm?@5|rq<XSq(K~*G3+kKXHs%G
zvF8kP-`;QRJ#x=rF>yLfU)w;(zFh^ADxUjr8^4|@W#f)LtT<I?yeWS9R0!iyO>7JL
z`q?q_wH=&u^A&{^9E28i!YTq<Fl|H(`@dhq`}-P<?F3vpbY#W=KUTc48nNSocM~Dx
ze?q5l+)ke5+NH_(w~S?Apky9?QOxY%&bIH?^X8@;_MJY>gKIL#&d6rng+eOizSPVD
z_MXfpr%HFB7WRwdw)AdGPp4WQSh$~+Cvy1i$6c&1fzdsJ#kgt@>e+iCpZ8{WH3AGV
zkHU+lo{7_|61hAgKA?Lm2|zme;~@xMOsb=chX?L4;xOv6Sa?CA(NI6`=<LbQ-)!fN
z6DF>bvbyEIX6DK%Cr1nAM-EaXR1a?@PBYY3f(LOX>yJ@b?_j9atV#X&=GoDVZSO<5
zt`Q`6uh?{oL+7fDKzh5r)nQo4Mo=E;rhO`x4q}{-?mCKp_a3}5AV_pZgM_Aj7+|77
zSCqAPWyaV9POjO+C)+CV(hdKDf_U)GD_HY(f2xZ-7}3**9gBDH&bm~#pG#xu)>CXc
zoyU>0xyGBl8M%dQJtjd~bz?AADF!^OYYanz;i*SAuqh><74PlgNHI(r5QUxa)}cC|
z&(79JfH@IQw>t7G8!+|?Q!oPSS~j0aXXoi^TJ&hc=1m7#DRTSwGEQR=ECC}sJ)X+u
z<RarO(KD&J>^Pf8fj&BGrjx0G-o0Az;i5f!S5V6|U9#Q2UUCy-M=eesI>&)kC)szR
zK)9uN)Ua>g8FsBY#)*^)%=+lg+h2nDF|2!UFs5Qx`t=Or<VxZ5nq+pK%V5d&Q*2cF
zoXQeCh4kDawjGyXOCQY$Ts^uIVb)SU{dhZRb^174PD;X3QCx#>k3<f9cN;suzKWUA
zCSz@=Zh~WH=X!2@ZX3sva(QRTL3S6xgF^yYzbhTT7VflYD>@%#;lR#3V*LDY5BE3T
zZhq;o6l|WSBA}E?%_-vK>5Dve=Q=~jdv^$LT46%Be2}15UpMxN;iZ|aSpC*oem&H*
zd1Xl<=hvR)Shm;$cZ(s%TBBjRRGxHxhxDUHg02%M)7hGCSQn07$YS?7vHMNsCQKX3
z%J;_7-NVgz%b36jrVNc{-=a0VA`aZx#$KVU0`J6DbjizQ!H*{-P6=gNoFFQ;+-SSB
zkPGY2bGlGDSIh;izgB{r@F1SPZ#;{i?@fKOK2mSwz0rI_H5-3DC-zxA4ID4m@h?60
z<hk2N^4TK;=-}oku0m+gqCJld^WxiAH<IBV#FTg^7QVHWPY-5_-8sl7ne`0l)0$vU
ztMP)B(La^lhH^gJn<{lW(>2J8Hlbd0ajoXT1BH#dO-qtC_om^jes2U}Wevs}hMK`{
z6}z)$<qmHDQh3@fln6hO4SjrPgWrY!lI%YOLTSl>2lVd3<d$YO?cK_Ai!Kn?r46Gr
z`>Sqrh&Mhv2kS2r2+KM}^bI>P2Rj+Yp-Shj<mA$_V>>>W-chP++>p<>sL`;K*@)hC
zKN_>Hs40S1Sy@Nhgw9ygAK{r8Ck9Ucf@A4*bQ+k*IDb1{_+&M|o=C;NZ!fNiP=-sF
z<X&T|9$jNYH@eYCLO}&gl-X5&=ILg5y5@qDmCQU{%*n%u$aQDowaX84>yiQve=rh%
zF*<byf{kD=p0Hb#7`juXk|@e~U8_Lrmu#l7l>9Y<Ba!IZFqYgB#j&#|d4KV4)UUlb
zr?(KILX=U<sN@Q0up-9W+0}!J9lsF!rUXEB0c5PXn+<ohGd8Nzk|m<;8AX*;7=ezq
zre__vx?c~1E}kPVX%A0GayoHH7h)`R5&%h=%4%+XNwTIE32eEu75N%~X`4-8(FM9B
z(5sNlT`<PYA~ZDcveHkt%`Glx=UH(FI((!-g*I*6sVK;iu`8-KuTJTRb9oj^_HX0m
z9W^W%-X6a|GcP>)Dfg|*AYu4GtOp*ZzfUpOKkz*->@H)@b>p#~x{U;HsYmx&sjb1)
zza{sL4Pn!sgZ%W<0qLF#H;!$ObFhQ466oe*5^XpL&6}V1ip)5RQ`3PhW3^GW#Les$
zI@#%Z58}>>bdH6tMNm^gssxweK5mlOOWEow9(;W}-#N!}_@Oow7D{oWgW6F?>gx*m
z=|BoTt>bugXeaVgj&a-K3ykX@EJ0uZ=^IZ{QEkuA5uJ&bre6DcHLDM2&|z42#)LYF
zVQZwey$WPTF0UW1rC&lUH;sys{xq=Q>kD{#SqvXmru;3eF!rI*;JQM1o4)laPQ2EW
zPd-}7J6kgT&*$7t%+Q7Hvi2OO(+8<6xO)h*TWdM#vtCy{FiUp*<afNbDT$UN2T=a&
zy$tB?MS-zqL<0pS6(r?U5-z&hTKcj1M7i88bk;Rf)cNZiHIWm=)1aH`RZ~!)hTBc_
zK!0Tw2p?5eYDzdR{IvMG8*>ZH7Bjcb`h>0CE!cTacUnm{Y3%o?px-(wAW>WEL7kc3
zvYdC8CsC*SV>R*ecR_UBN%^mbIvQi}zlkVSr9`wG#EqfloI16KnF~|!?b?+EZQLmn
zdCRS`if-H`GWalCZfr+`F%o3qlh5zNdhB67?dwjmuI(c3vaqyL=u=KWfSGtt2{ezD
ziN2^D%10YF?3ZH`eFSN-ClqbN^w=Se<U6tUy}4Mw8Es_e8ptbSw9BfW7qW`vQ%Z?6
zW#?cOG1UvT<d;f6+(m|}D@ZS@qfM+YNB10~$TN@|`u1d`dj(g$vXz=hU%r~x3ZJqZ
zc4wA026@f270_VT$o!0vB|+C-AH^z-Ot@QX`Q)8N+`c-K*1h^-O?raSk{Fcg8ZQ3v
zSW_P1<AG)#cxF@MyfnF|F`&0nrE)4ZK<ByW{681N=*pq;KxD<R4+7=om89lZ;_hb0
zyN`at0~<0)95Wc}z6Tf(Eca-=y8cK_0AJkPh9l?B^8U}eI3~90xmyN`j#e0R8}W|C
zdhs!Sn&io}1xv}0fX~&Kt5a{tZ@R8Cq&PJ7y<Q`FJ6HB?eT?Jx#Pj7lKk@CBLfnis
zeyqm4vh1>YT#Hk={^b?CvOSlZW>27g|1AuTcQ=CId|la3*T)fUJe*O5#nTN>CyT+t
z#{Nlr?xLsbPjggE(}Sa9=-8<(rN_>(KfO%ssY*lx#UejxLW5fIX@+<T&78DexxK{L
zpG(qqLm(PyW`n;EN})dv>c~tEw2jrlYIx<Tn^--wg&aB4sikDpA_O|5zGTr>p50P_
z)!vVgHcr%(%XzV3UoBeC%t@c}%uyKH$rtsFDir#3<Pzwyw$tRy9Yy&v&Yow=`$vr5
z{oCpwr#)TUXr2zQzI+D@uW4-@kL(j_%)3yyyvj?Ul2Tg3MM*-&3=GDzS`G@F7&k()
zuCtk<7sg`gc)Qo~&GLhsc57!Wja;rX^P51G;Q0Ak+74{Pz#vhG^MzukT<{WQR0CY4
zLzud+jZQdh<wqyECs6{5J+Dk4$^}AN2IK4FK#{aXD`_`Hf~7hKd_Bw(bj!U_Eh$^M
zgf{)Z;yZDyJ%@H6%EyAGp^BTH|A7ftf6h1CvKk$RwH^nnGrjr?AzQX((}#1pC0g)r
z?M`fjy99`$2vW|WD4pkiJWbzz-HCOo*SPW$<YtS9mZ<;A!7YtP5by5Em3tZu-tIGU
z&C{1_hXz4%rj&D~RiJ~hSzVQ6RfU<7LZ?VSy<Lb27S6kdaQwrYd7`rz@hE>HJw5R9
zw&%rr7Sd||R&u1yb=P&IE+>oo=YBx!<Hw{$4<73+skx3ANnjSzIskpJGI7diw!S!2
zQKVI?U~2Qq5zLr6CLZT{p;<}|?L%F~$Vnd+r0&c2d(mTik)4_gQdYvy;ql&@`eF)>
zU~H6wWW-t0oU|#%)uk+(rxzWkL$BWSaIe2qr6COUCbG{KQx@#Y^uAu4Sap<x`l!$^
zo{=67e6>e-;owBqR*lcOzj|i@Z;aQuSQZ9!_NPI2NH(qrO)WJn-Eo1)_+V}rs+*b|
zq{!@PjP$t3<)_|W!i0&R@a?K(EUp&8x}NKwUCH-Jwe)H2he_x7Xs~)YH2qX{2?#Nh
zvU~?iiha4dd$^p{U_`z&6Lxf^L!1i>Zdyp2n}6lFB%-Uvw<KL0a`lBIrrx%YzC*s?
zr0935T)S>e4E~NHkEta%xqIMYmWrgB#^#zD70@F`aT*uWON{LO%5h;5&1XZKD6a4`
zbMbhZ$h8vGk!~HUnf3H>f@5Ro9p*^Q-(-_=TxHMrL2b!Ckip($kt=nw#o`6>B+^&s
z_&3J<zi?2{Uri>X5!9&UHjtou^We(skIrJ(3_UiHkQgF-sgqd1#G0>`)8XEqnY}&*
ztFfGY1Fyfml&%l`%v~od2@@QwscBqy=cn`?^chF%?2IkUW{+!43$u9CloA}>-0@bQ
zCSL3k3OX@Assmk*tfb?R&v<Nu&?G9BjuON-_C+Y->`2bRqfEN%8?L!;4U5k=;3dIM
za(0Da;l$MbBD3f62o4RUU!(&|cBDW~jW}|llkNj_?mQP7N;z5J&%m}pTs)gjk*K5*
zy*GijR9U3^W=UVBv^O3JpGnF!9*ZdGL|Rwp2Htw`1AL}zk~4Np>Jve=(z+sp*xSFS
z!~CCkerK+jDZR%`n6I1kyV{swuEB1l;l2Nh{>Ha{42NFJ8!vs!u)!bl)yZ-qLoGbN
z;A7e>*haow{pD)i4@qpHKEjUhqnnVYL$5^ky*81Kf~;?7AYuMaBKC?;8r>e*LUN@u
zgIbIImxfIC4rH88V$6*nGHAjgN+c0!Y+Pdkr9(A$zws+O#g=w#D>QS}N!@b3Hisb#
zzGU1r-?FK|Ov{FB?w<QDeIGiBou4n!5-94#;-LdXk2In63u1OVSF$f=a-pEohzawG
zg#Ws)Qlap=R&2<@QaTN3$8{auSa~W_M8HlGTxqLZ>VEKR`VU&j;ZiFeI{Yiad|t9x
zG;d#~juyF0%_Cda^~w=m8Tw*_zX$&%*?$CT>u?PV=0<T~`_}E}=GQjy<U4El?2MHK
zy0MoipjKF(m%&5tZsLT$AG=-{N-MKu`(lr7m_CA4D{kcJ_ORz@fn*ML#@;99CI_hs
zuk$@!T+EH5dLpDA9=f}!l~q5jW7_Ic9)Dyc^Tx+Brduebdk-+<jm_Ns{06q1t7Po>
zPB^)W@aS9`9idT!*Q7k|#!}1@G34d(>Nm#;?3BRnx2Cb}tt*)mRLkApNfcFUZ#>3w
z)71&jpQ7Iz$8hl!hbD&1NFG!H8|wL1cLg<ju<V6NtbTJU+voS7owuFw=(N+=fvo&!
z8e3l-#UoeumYeE$@bP6l|KS??y?F-rut@Ii=EkSX&QM|(%%0C@vgg?m4DzYv(Jzh?
zl-Ql*FRo|l>w_8Y=fH*IsS<<LO8ZWH{^%4oEuG67H+RBAG9z8dGO&LiCR(h#_vI#`
z`L8T^eJ?o@C{F7ghNrHSYBCexW@6jotvqv341;7>E<ziNX2}9i+&hKUA57)*v0)t9
zyoYZj7&BI8l+TWzwy;gC%3}|XXUiLt+4k-fM*G!M-e5;~mpHb*KAF`oP2`Ikx-%-w
z%=_>C!u=m?;r0*qaIwK%GBbDjTswtRUrp!h>)H|^<ooPc4)Y(so<pBc=B0@eu!&RN
zd?81izFe%a<NC>+vCGNko|o70@`t~0+xIzi?%A4At~p%&!C9huByjwVsjPZy3VW`R
z`-^If3{pqU+>Ff9ik<Y)Rb(pI+nxG@hj?md88c=NXWKi|+5co8{0dWfdv&tNikfdn
z{N3$1zI-$H?vkw1!5*i^@$yCxBfUF0jk6^V#v+m*Z^$J-qmVQ=ixJ?hIFpA<Y)dBh
z4dDFR9o+EF7UsXOk$uT^+;L@`RNpvn$jCa~967b~EC)<3bP^-{`tl@npBA%S;~NXl
z-8G4g%WmSe`Mn4>R=2e0)Y0QCSh$af{@pk*TLN><A{E3K`-pD17^|{Me??>i^iM%1
z_b%LtP*gyq*|6R6r`pPxsbkpl{q?N6A&z({`rV-v>AN$Q=onT?u)AgT?L6q4!^0n+
z6#a;2=j&7X_07qAHLC;u`Z!gz+gJXYwJ(NVS&hegUViS>2%fhu&tmXZW7zh=wH$bD
zFfP@F-1NmUe01YZp|h8#4@uj%^VC)iJ;A5B9@TX<5Z>P0ljta!Yz|2hyii&~?<*#8
z@PR(`^O8bZM#?wt{Ux?W6A<}rcC<4_-<*x?S}PRLl|I8-@na7s&K^9%O)qcY(U(^6
zZ90tW9!1v>dkK|=ELqtc-J8bwoGM&2tCBwEq-3#gPZ|Z{k32<JOyN=d^v?BcT6r5U
z#gy~tM@NL`twjE(utDha!|X1E*=ulUXY7?^QT@@Ch3!Jw^W|KYzB`K9UB%LsWs)kH
zwvjlAZS$1OJRragmmr~Hum=(Tb_98vxv=>d9~~;=x?9Gx>^-qj4|K;l{Q~!G(G6pA
zSaqg~08e}N9TG=cQpNGSGNb=TkEZG{lhCt?24b%?1e<!*0G53?oilg0<Mi3nJpI!}
zT#bp$I_1=kE2dw`g|BDu-EHy4ZKuy?3(w@bb3Lc`Cv!AY0!CkF>W^JuQI?fQ@4S*_
zpUvc#k-n^1d4yeAqBo8v%=$JTI>$}<psJ)&?Z|@<U(1^1^Vm42B|WBG#R;(oU(Jd&
zWa*m&7lmL#uUZqMuIwQRua&2tS-~?OuA~18CvXi4<AxrA5+F#OE++PF+{?pjGMIDI
zIBx6gWz72tiEqW`kLR*|=}p`mB@G+TTue9_{IuuvzJpx#!4WzP>dqI}M&Y2rkz=6P
z|Cwz4ZaTM5>%`qRO=SPq*YfmLnt<1kv41a<7oMZjz&;#*_gc2RK7s^GJ@a1OB5}2=
zkuTnH%|O<FIE|m?_oGdKJwGgw1k5>*!M+u&+Aj&7;NYzDqFjSn_{t2??RhMm7)Y+}
z5f>c8y4R+#>(win8dl4#pX}yhT^mllKau+rMIM@05VpbJz@OVosIDG=QLuP%;;$?|
z#EN6toX#xabV)5?64)+1oQr#anQcc>IeapQHJSCqg?VxzO$@v^mhAFs<8j8?&4;=D
zhf`FT#L)WraO}`U_DWWvQHsSUl$7Ha*ql@%qHDrIjBr*`Cc9Gd*t<6amoQ%<yc{XZ
z&f~=;M~rz1XT^aWlG}q#^{hOeWsESI%ocJlWbw;6NjWU`l07*QP?FELx?jxc6jn-x
z;N$B;QB^6=eYBB}cZ(6#4XHw0*t{o+!(}y;AIQV8ojZs2C$aH-p=6MvG@^`!V$i<c
zmxsm8g$6NH2hSz5cz>?=1P3xpt0|GpF<-t5YQ&fvI>tjw&vG)qoRo9<c(?Q*H6x$R
zo6oT#w}!S6ZsZpg@bLSa`SC(24aK!sT6v2xuH%%{JMFnm6kFVAFgK7}R847pJ!dcG
zuv0S7`f3OIbPc9F`6ACQJIUUZB95dMk!@$DPK^E5^fElEOIUg|lf24Wc3dbU#J8SR
zyOTItpc^UHlTj%dk{I{Tf8Nf#Z%$ID!I}nUY9MM$_-@5H3O(J$?3gGo&*J69r>S;v
zp{}fgY*BpO`zEWbl2aE`c<9ID#vUifB?Zl>b;QF|$%i}gh>LcSHY!=Rd>eNy&cMUR
z1z#V*v964l-&xIvM}>Jh#9(z}WTH1q)*RxMP05_jEoEOyDIo#Q98bv=hjD~;6}mB_
zMeJK8U#&X9uKYTz!e0+@0$Y!zaw@+Dt3Fbcfb6hjoSRb%`E}oU$x2Q5N^p>T{yei@
z-O8bYdK{!4Z)+J#4`z^6UBk}PC4_{)#$8DqR3ohckkF#uFdmXEWu<Wcj!X%$YN={4
zk)3>wk2a?h9vMs<w;G=K_AnbHBR-c_!0{Rr!4CC&qdFlO`2NEeIb9%udu<uX6%sJ!
zr1I$IWJ;wT-Kp7XY9PBrWJh%Dd}=P+Q;Wr4RI>J121zM}94xgXu7fWtR-U6;A47^w
zHaWPGbuyVXN#$51Biwf~jqN!icX_2;thC3WESvB5Wax7~G2(TkO6Jx<<gKu}lBFwl
zaqo&uTy?4Ws&dlgTD9P@^UzsV{CbXG^J{Svr&d~1&DOoA*>t{)1_=zEeLXmG=z{30
zI4RXv|1gq{USONh`M{<V?00Y>%*&pVymZFiznYU(63Dwb<78LGszd3LK-O?7wS)#2
ztFeF9PM!Clbk>Qxk_5C2v9Nr@362(vQ8(4$5gI}ppDI=#&LU4A!AkO?`|SACR<Pnw
zCS{W3G&q<gsW7qrU@GbQ7L{hT5_kJV_!I74&uc#&V99|T&SVvGLNZ)e(b-)|MdaE!
zvhzqXhbyJL1Un7Ve?R9sX)BGSdhtlozXr1d*19Uv#2!>jHoxbX&}ZX$R%KS>?qM<Z
zd)amHG;2>6Q781V`1*3}@Ok#?at>+5m=l6=&}9$OQn^_I*>gHuQ=fYa|LnxJT|AS@
z`U^r2soT!MQG$hZHl598#kPy2Iye#PX2<>`XPEoeZX`}I`ma;?d_*@N-FVJ;1-Y=H
z0c&k3@BMO;)F!-*1|%pl2fK1Mv&@)Vb9&EVhCI823TF#;;>?3hWqiLgg$hX&0z+M>
zH`TCk(I#HqkSTW914juQ7oRE=C)^km;~<WBbvg|#T%`*Q>_2pzt6x2URks5WJ<)x1
zTG&<a^Zrya^bxGsN)Hb^&g55$t+(Ui#WcP+QbJryXK7PpaOrmLS|=HiPQI}^(?7wF
zj3Y<6TkWOjezNG2N0f)ie;#}CYH`geV6pg|6Dj$Wm>mg}Byq=avAcDZ#z<j}wLx_K
z0_R27ji69?>RDUP+LIZaJCe;=i!)I{&Z3LCWZKnJqOUGX5PW$5MGlnJ6X4@aenlZK
zeZHNaju((Fa=yOQ9)CY4YKn50`}`W#XVl{8ZpN{}p4^fON<{uL@`~7UMsO-Dpw>fl
z{oonC+9$H9k9hP^s(lS9qTA~4j-E(nW474dh8psv?Sh<qo_%{YpC1%DxOy_Qr!O1D
z-<;HSDAWeq;BVm1zt&tOifHT&B+;v8@H!l*`!1+5>F|i|U!a+u?tZEJ9q9YW`pmFO
zEQn@E3e9_!=!7;+V{}~=HNxsB^CZB~xh0wb*h$@bT{2Lke1kACUsTU{)+g5#2UR9L
z)@QEzyjf@U>u=p#L6uDR&rux3sTwl|{RB6?F2ZW;MWTXj;45v^OZ~cTMe}|<x))ED
z{MOML10OX6P0+k2jdn@*vrt;-eiTi^y_x|V7d67xJ(q;k2L4*V?)4&By|JH(vA2g@
z)B5#|4c%=xUlEmh^mP^8J4E->(Y<M!sy3dl8PCq;gzjr0w!U%i9;s8e=GVPj^mSw1
zV@0zK-J?Ruq?7BkP2HDA?`^JAKZ=vFzl$7S4$XVU81rTnAE`^%+i0Hjt2fALHIBx<
zCu%Gus50oU<t^Hd)S-RUtj%4{DX*HIha3CwXhtfB2JX3Kjq;%M&~w^%9aS*oP0DG1
zjkcTaRleyn97FEp9+d~>qxMbby66ny=HI%$hy*hRt@OQll>yy<rI|iDlTNp|*S0R7
zD`MQQG?2cke2HN+e(TV(kMO5bj&-je-BYA_4;9^0N!h6Kr#LHpRYr_^MW%IgOWl)6
zCpTWc?}vhB$y$xhFY%W8^{p7iU;Yy$zqOn`PSL$ZR995jv<-d6sv|B+f8F;<U&9Y*
zDzATZ50j?daE&%}evj%!^ANO-PIyVK?j*F){^@zuNyWXnUfmDLS^B9XKw59U=&M=i
zsrsvUs=n&H9o12#m1f(zH<Rv_V$6dQT&v}`u0Le#sU`Or_z5VTb)6*DN9DCbxzr~?
zkAbVow}SRV<;U0?tBHPUlMKE#-KUl6vrj#LX@4y_rz0FvTvA`DTMi`YxWqH%zv_pl
z&`d{bbfiMdUrrz0+eWtzP#ISHp)#uaXatdh)8E)Lxi4Gp*SeJ+Dj&vBt$^08v@}UM
zrGeTC<>BQrt9qx8ZgezMWyR2M`EBfTBW<btD?OWkH{;z5hP{zC6iK<ws7Lp*Q9GtI
zRGz5LN&t(lAEMCAYn9)6Dc2N?Tml_A()F4Y53Ns!9kp%+wTVg-WB)3-M<;m~N;?W#
zM(1qkn=r<!`Ep%lP}k$p>Qyh49{S3V+DmQolD(928qn%(ioe<<)fe6GNM+8DQ@N&p
zyqaks4Qe0NC#Zhw<1FQkuKD6D<rGij7CAQTuGFvkrnE6^q13JZNqM05M$4&usjX6b
zW6-Cuic9`Xd8qqQsqNL@@@2@r?rWr=G*F%yqvK6DYrV}jP-!a(m(h+PlQ#G*{Iq>j
zbY(%iZ6oN|wmY`f=@=a+J2pDDt&Xu{+qP}n&fc+Y+?;#<bMNzgxNmEX_0?E4R@M0G
ztGQ~<ImIwh1+Vyc(O7)<N?ZL7n7>)$dAB6;se0Y&JDXa36W@+reA4txy-<22d!Tvk
zc=?dheLwE#I_ujC5LDdXg8U#zeN}ku;CSDB>I$3s$YOhS>G25`_#kk9rTzOPe)*c`
zW%f@nV9Dm>z0T^5^^x}Ot;55+O77#Zy_d-Bp~?7Tyn~||A}I*`@jZL|3BYuyJFx2m
z&EV4*-354mn0!lV{rK@Z!{eh__|z%resQt!0obnEd=Wo?D&u;i-LASnnd-i1xO$lU
z&{^?;^4ZJ$aD2R&KIjsT{+R5Txcuw^nK47KpyvJcwNGQkXGB3~m&??}!d3L-$7aJ;
zug%zdiiedg%)9A#OuXf8D2{4B1WUbut}l(g1OK`Cj`ungK(ANxUk|?jSIozi9-P{L
zt~siEeE62X{ol5iL`eTHO<$jUMUz^Vw5^>^&iA7k&?<@e-)X~l4q2vJ*{*F|a^GBh
z8}nSv1>aeQJ6gY=>z-X~eJ|+ofvz&~gilXB{wq+_K2uQj!F%_iz~s6jgU4<C{*w)S
zb1~TS-@U*5z<+I-KpNONWaxtFoP^+61|J;$N-o2(;ci@AK?Co|xT#>U59$c|Ag89Q
z2ZpnvL?IXfMr;gkDt*4sFK(Y6N|`cJjW-~mmwfN=%!&~FrlIwXmNPts>&PbPwn+or
z`GGi!E0c^bd1>FXq%3aTFui^475<JRfo#IeJ3F}W+t(8?KQAdm?dLa=$&e}Q3gbTD
z<lOJkf~u!07d87hHUAMTbe!PZKWCYfcRP^Ny0~n%N*r~$B0K5g%!=21gh}L+djFqc
z`DnO25L4^_8q^4DI&(6&d~*dK<;@aMVWT~v$?C!Cu>S+GOE8iF;V4GsD?142c+>l;
zI7}PhUpSF_Jm7a!V;zyqco0t8!yZ$$)tuPpV7R*p8oZuZvpAvDd)kY{Q!=y7!|P0t
zCcw2sAE`;CFEeW|Oq)L1H%sjS47=obrg|AfHXe*K+Q^tbyu>B1kzl{r^HV*tFI5>k
z847L$jxXPq!UUU4Parr*6IX=2=RrBhKl64oAUK+CnV+TmT92z_JHhHqq}iMO%6*`z
zOyX#nbC~^?IhJtEkkfv(?0SB2O6fYry>TkbxvaSEI44jc&WSbW?qtYQkYgQTvaKbq
z)pU;k;mR|FDQhZKoj0#8db{m+`eMsNm5C$ksmI00$Ce1q>%nHdS>QDl=j`ObRRMS@
z$J<Y!p)cU)Up#qU^WAq?h2D6Tkv%GO&=BLySM~;|=-DF}Zk({Lylsm7lm4=5ZmVm3
zh6h{n^yqle(-~dpU|6n1)?xMEv!CNJ;J*gp^z0`M-CkPOy+iM20F0IPk^35FdlMy0
z5oV9pT2G|Y5NtA!fM3|S%<SZn!&XOM$^v~v4}llA=OKPW;t#@B4ouT<G|otA;&qMT
zo^hVa!zIFpx?op!+CZX<Gdjfj2yhBTGY|Cj?4M8&S2%Z)>SV~3R|>Y`*gcu37Jm!p
z17hT0UXFiX5nRaWyx#$3<97F^GAVBp_#N2u+R7j49^P+^h&d>S)BCo;FUgZN2#ptI
z%d-|GZbQ&}x8XlLLQl+I5^)~D!`h)lOaS^G>R5ab2&IdNim@Ayyivw#^T%2|q>T(R
zN>*!bC946tHkqr0_AW)8{KPts9dX_HP2Tzl?_UX1niAG-y6Z!~4uR|6-yY8p%QZXI
z5Kf?jwfl&J0cwInqP@|bc~nvZt(Dq4zJwX8l(k8WqQx0LHm=y$Q^%eP{Fmgvn{AEX
zy%{Paj<6(!of)Y2P`T$9z$obb5dxcR@oRCZ-kI!F7R@%!HqWk0zzpr)Hate;*})92
zwkZdumh|Sz8a`(ys@BKVxKQ4uhiFnJ(wNYSvz68+-x|QZUe6&{E00RGnNJ}EHfCje
zEvrjpRDnk`+7OaX_BwrX)4`pA{qHZPlZA1bJKYX&gUl@rWWo0tM(QolTa$7|25Y~<
z=IWMB??64B?{r$V(RrvzxV%rR|4EgX(A!gxbUcAJ4T?Y|nO~mhtUQnQA4R-BsV#|V
zNWw}8zGKhTVT7LbCKH}aN()jlfAr+s-rAe!Evb%2G=hV4ahGo`1q&U+vz0uV0F;3>
z7IKt!{Dvi)4l#kjL#zWeu}hdlWO+U06AP>l|MbW0XbvK+o=!cj&<lo?%$V~TiR7$>
z)tVXS{?$_nQpeRM61dqYLI`?xq&?0AxY>FBWbA4QHfLnzYH>K&odjhQTwT{2zT}t_
zwtlKt-oX|aJ0jl<l2@AzeC-WJ-0z^Sz}esqtT&V_=hpSN78blt{c73V!5cc`4FOAy
zn6$uJEc^xSr9T#%sP~Sb!_{0LR@1u!m<D<c0rC_@ANIFoh+iIWMrXKC%<_zflkl%i
zuOi5*_debM1^U}Gf7n);F04RhrfuR38B$3+$ZgkYqT<j*b?Oe;g78n()67i99P+Ri
zHiP{(G?;4*e-<?n8hLa=(A^<Gi2QRfM6%(qX3UX}VGW;Lyg6!5<a-sy=p!q2wUDE*
z(aH*WdbEoYt2enI3pgYM%W2kyz8O!pI~oE^oT9sxl><#rL^_)*>47-{5vN4q;lddA
z6{|I;g|ZN>JUe@81Fc4^v{`s#t}r5bn!yeS{fV9*7O<?9N55&Q(1c{2jJTj!X=X(Y
zM5%DE>mC`V#{1s<AKjn4WfRPhOZtTWJ3)Ugl@5<L)Rj>5CeV^mcdBTZ;vR;(1G3({
z!zoeVO#M+!>SpK`6in4YR^8KsHz!kdugdgnj?QF$M_FP18^TxQCQT&61F#evQSr~J
z!ntzlahDR%bJJo?mBc7Fk32x3hgUG2xYp(iuup6okT?=vM3chxGs5`7Cs_A|)73y1
zLoO1&XQXq}l}$li#niK&z|gxWj||<!7W{o}4|+WH0pr4C#X-~p$vX87HB-3L$T%^y
zst5|GO!u%y5y$k-j#(}PiFH(@i_Cdz6MYjZoNPcubv09A#J&usaJp-`rl#!h{t7MU
zp%HB<uFK7N(fME}{TO3qe0f}t{R|(mH@=_YI>0ZLWn-Vb$QY5Sj~EYQjmLp+xaq;m
zm8wepD4ap8mB$4jM`3y7u3Y&FMD>lp#{J{Lh^8MJjr=lfO%rsl>IJ_DfuLqr<6`)-
z^4+x&ZhI%K71Vg~<zgYt7A28gLfz{(;6QJG6!=!M>4WV6Vh!AA3SEbSZZG*fl4`?z
zSP&<Zj@!eTMb{??qCV$0*<01A>3?REr$3|9>5RtPT&A?@pJty1I`b0^cwM7L%|Bn8
z7fFfnx9dtJ%-X!$pQpUwUZ8ic-f3drj5CzRH<D6BJ-d!zmi?zddWZPbecP>woMVQ-
zeT&8r$Aact7)eT0z+Ve~Ya$1UU|_-aZ!F9!P$ACK_yvZS;iThTlvLCi)Uqlh#tRpA
zpb=;uWB;2kM_ifd?*x}vmcbkKMe3if*awn{A~X-5Rc2ZvgUQsp_=9+W%D`$)6nv0h
zRh#ofX=M${DaGF_X54<pX@c;k0j_)4_`lS>Xf9O43<+v7-)fI*X-?O7Ta)6KLOz{0
z1UibR_2_%C7zN>E7Y7N~)bVZY<K!zU{Zb1h^K;%&M@8KAQSrl_oJ$}`C;h9nBOtVO
z6c^2h{1Do(Ur#y8ujp5<&)Fy)k+N$GnX9Xp+(%38kS@Eolo>zWTeVlX#0Tf7e5;YM
z#&L7mcJzF6sdZlv3u^O5vv@rquU7t{^PT3~b(HV2g~7a0RF`qEZ?DV-f6;}j6x&w%
z(*lth*ev~v<jfUTNaG0wbm}YGn<v-xn6N{1o_iNliT`nFF4q6!te~+Q^SwFH4Mf73
zFwebxPWvD!Kg%*q;NJm*j0)xE3c{i58iRfMyP%Kwm#Nfh<^Sa6ohmm3JJ9(#Po_bS
z`dbc{tP3X=H`5M9=7s@E(cYQNUtw_Igk45%@`CKQ??iA6s9eeY8}8v`=!^`2iN}*P
zu}#qQgB5u5yY0us_m;{$8?cC~xJOtlt6F<e{Ld?3RtOqpUQ9Hn5wq(tva=^s=t|9f
zd;9yhF2Wd#s7kueFZ*zZ5Zju;j3-R@?KplSQb?*9f^^|U_G+*OHq*zOC0K`0)TPLN
zze1wuPY4#KOWlrdq{k`bl)r(1h6nybBZ1_zCzS5Qk!*ewW{h>}A4S#UyQ_ZpQ}nIE
z_?ycOF!$?~tNU7l{RYy3ddoe;jy4)sr!5pw#I^p;F&dlWSuZbI?hi*+B~|5LQj!P)
zsM~?f+#oZ|=O-?GAo1kf*e5l!+C~?4D8Iu{SN0$P28jDz-#S8+&ANL<{W~NKNUHAf
zPAvt0;rgw{k?)nS8tvJgD`ketP#=>vJdubp-vJu2i$7B3;h}e`c>%)*VfH%Q^&yE(
zOb)-hv#N+y5I6IEkB*G$VP_{Z=aF{}n58-VQ1);w85@d_HKF%`_GU*j3@(}Ac6GBL
z&a+}CZMu-*Cunur4Yx47!dP|wyCeL7*{hk6Zu!4A9iJNwA_z1kLF?;7pKqlWmk3A(
z5`l1n=dy)5Ak?nQFVAAF)z&X&>%U2lPz;Pm8sXg$tRqeJx!qKGzh#uF*%kZGczxq?
z=1SRx(yf%T)qmNs^wj(Z0>lqitq{tbUkt2}spAhbByCIJYg)6r2nq%yxwGpn9XOPy
zR`4bt5fX{zw}s9}d~;48TRI?cyub+sXtN&`sA@nZtJP3LmbGyic&!c3gi~vGtay+H
z+@vTr1@n@%27)CC#2HQOK%O`|XQXBasuTBU>hXta0f+`{65GlfzwlZTk+&tJG`^bV
zzw1<ZF4x|WC;DRETI&zBdX>bdX&+@x`+o`MVW2dw0UY;__${lF^g~KyD=YRg2D92B
zAR7FQz`9>_pVW~6OEiY&@c$kWNRVk=$?D8Opxa6ka!tctRg+S0;*EroL;6NRoNOm5
zsDpn#(afDy*RF=lwg3i!`?41|Ew`LddApcegV*Z30W9|wn#|*Qu_{GlM{&p^Gc86r
z7W5Ts|K<dyMg60-5REjB<`x6Kqi!1|&}86CesYN;Ab`f)Zsh`6zrvU0QTr&m%PS80
zQ<P;3VBY+{rA%)ULBq%(WsL5ZUyeyWv$L!QZTtpDfXvf9J8<xcMBK!n(!wXS<|flJ
zg5$V!NexWX`V9Vi)IW>urEi#!+PcEJ#tWvbt%c$huZv4I+7w*VhEF!|UCPSRw1Z3$
zo@;)hqsL$bDuSGt3!0W85b@rC!s-ZjMsRLb`>_+WM?3xf>ANRK#qPW2g?F&aq|{rb
zVl;y+rC*$C&K~YboWrN&kZ%;h!WfYY_tv^Ff=0bnc>0_vU+Nw}(#@;h02AL4RWfM4
zq${Id_s;|Mp~bw0>Y7u0t$T&oC&>xHOGUGk<+y=kp#-u%ecNVTv%+|HO~>29$0-9H
zykKRe`9c$%pg2f(W^SwzRF}R42!=GxdW2x$+rpBgH?`W%LrS#oJC@1mnilTK{;;{6
zc_|BeNAQ<s-DseHve_<vJbWcQldiz0ea98i+5|wG$sgr<Ekyf^+Om!P5lfqmfyfif
za#Su*XMlenaRWES&p79s=SA&X{GYl+=<($1*aw7KMKVO2td+*Ldh9?I7R`WAxS{gU
zLl+FWFVjkz<lm!!D#xzo=J*cN@a_s~wfg_;`L{pp9;Xo1&>az_R3f?d3xS~@74Paq
z(kdfE$$-527`Zue-Ty%k-gSdNUhUingr<iGWk13LFdz|@BLI1+X8Lfd{{tX+baMdz
z2W$BM0x!IVZwq=zQvGkV!sWk6+m0zuvot^B<lH{FGUp%G(*>txjySH&VXYN4474AD
zU!7WCJ?CO?KT4+C<KJz}a_eWOF8r=%mI=2ReK$2<@LI9YMqF40eBwo0=>ryvrrYK9
z>SWBa>KU{*b(<I-O|#cvUQ-%BRI;y2TJ<bdF69p2tG-#~xjD#feA{VqFV>_go_r<z
zndNu_|MpIsy(acI&Asb-uz24md+X!q^5N0u@&IWWxbN|yOOZF5t-h2dba&TeUs_wX
zR{oPfx$!;YUdO3P<~G|+e{$<uR%ooavUux-%=u6kHfhIbS+xgTH7k7b<k1O=_PrK4
zyX?YMCVVFr@L|xKnOs~zBSf2I&s$@)62V_W3@-|(QqB{3^oV!|_?~~=-RV<-=_F-C
za6Fj_gYcp1+1r}eVVz&tJ}3AUt;Tq&{F$nS%&aedT{wSAK`ehH-7vfA_i8UCSvZ>~
z1^n<5c~OlBy+QQ@cD|)J9UdQtgdye#hm`%WMbpmLhK_@&s~kQ#l&QM!aZN7R@SzM=
z1lYzfZfHR3&30r!EFr?shu+m;Pi~E@$V@qtK!`yxmjKkjI&xjXW!u|-?ef#6d;4^7
z-(5z)HbTaIpwU46GaUSj$PR4XI?&^VrOpfG$HrL!$xO#|G3G5I+B=*Z{Il}XHU`1K
zLg>4__TjT;D)l6y$skfVnN~&jRvgd=f>dy`!Vnvq7=yQ!rB)Z61kqmSVdr@Z{<paJ
z6ANum+MXP|{a>RW9U9H-$72`3;q4L(sut^q4}*Tv&`|Mgqz;W2oFOr+fh>_G1XH8(
z!^q6JxZH=$9uloNUbR?XjaJ9#T<Pp^g?nAZQfOI*2)vaj1*?8cSf6x^VChETP70<b
z7bo!OSG#fSxlEXizDvcdd9B?o*x8U|7E|t8r8R3CxeLOY{*%RbpT!Tetm6vDqiKJR
zP6OSK@i)|RE+`0=&Wh*oE<?F@nvl-^M#RDfzbQcnOdsRGg3bPj9D-!jvq+VQ+$M?`
zqzl~sn4d`c<!ov?Fm44gx-%iZCYYjo@;|fixwrT<auf`_Q{oeD+-2(;P+I^~dt=;W
zn&|$RBNq|BFA;ZMO04oTrOZc5t6_Jj<Ln1eulA)nC=|2&#r&SGHBad0@4bZ~CN?8a
z{yh9dqs`YIkekBb%uqsJU#pMU%go7P+eMe)ou%r?|E)teq|y1SlilKH9M3#+aUTQF
zVYM=9@~5|Z980sv>NLWSJC~C9CBu#G8l0^CMq0Ko8=4{~YV9<kpvL-=GrpWiu@~7&
zK7mfM9A|sE#B|1)mx2gkt}QJ*$P)WX)ink8F}o7{wUlC7dQMp-vNLl*SO~$rG$HpV
zrE)f)M_7L6zV|^QwiWy_=1{uqG5lWoeMPaqv#`5;L)B}g6L`kX?oqQKnma5Hm-Opi
zOJkK48#GVv!56#6Dw)GyF)Ggn*V}t-;+LL8C2j2y+0~8h_D-}~(o)4glRV0=75LKj
zB=>%q72b|h_ZT@D^#n51D<gFETl5IIRmir;N2w@83XJhXb?m7f{k&}^m$qN^HF4MF
zVZ@4Gnz#jICN0EHxA7x2I+JjB_`i3oveGHTmv0-c=iwPp6Cu1d2(;+3Vl2Q_6iIl~
zTGIso7EiDfc43(5I(pud&*Qr~sN+7{cKzD%DPccz-y6baru0N1V;1v1f4HBE`-5fz
z{w;0`wpFn<y^5g{{WkyH-V9);;MUPzLSv@+l1b~zb|WL?Sk*V((>^1)UN@{6IT{Z|
zyP7zwbx{)EsBBW7^}H5ibJlgQFa=YIp{U~|b|*O&62S7jN(T<Q_Hx@wAR6$OuERf~
z0BfOD)MusA(-N*$CeFxgOtW^#3DDHJ=N+dsx{atxrkL<%*XA^icWZVw5ELl+y)HTw
z{P9$I$$vFF5BL0ce?C0@D|AyzC3CNHl;-*2sQ)cvLli5#0MV=}C2`MR*g;o>@)SQk
znI)gVZ{g2@imHla144q+LXQ1Y#iX{e`ioLweNrpBPeI43+*#haW0jX`YB7JiCxomm
z%c-wlmZwDqE;8F%?*6^<WIYk=1jjk*@EvN2?oo~x%cwN}YNmI++-m+}S-S*df0Za#
zG<-OwR;nxU8y<T;D=pEXY(A*y+JK$a;rdHwYeUDjqGZML3lssjihNq-S%L&_Yfag;
zv|GU)4hz{M+d~(QV8V+Du6AvPq8LHdp>-C+)u%gl_~<TOdfUB$j;7>4xB_d)oVu01
zG*fH*;e;NBSq!uq{dbWz*d0fah2pYMXfY4Ps?qXU)w9s!+?~1I^wH(5Wuzx;&sKPs
z3URl*CFKM3A#>>S^yN_Ey^hBqjT$1FYbd+4v$R$Cf-drvB-c#ZEXrD(=1@e4peDU{
z-=B1Ys*Hcmw4%B|<&R|q%~}^UWmlo$hBKGQ5|}>a&KoiMXL4wN?$S4NTbC@e7B;cp
z6|aC>rJNdtD;J@11cKT8XnFhvozlba49j!g>)<~_KJfXInKeE5TVDQhoSCLmBj~WN
znzq^&oQY>#av~QZo$V!@bEsZiwp@|8p`-iJfAqArIQZBb_)~%z?KzrIrDfQ*#!vdn
zbAa<&5_=KST+t6OCcF8Y>tqjvf?0n|OsD}9ghS$>>TjA5vjsW6SR5wI<)-M|MYDgI
z+Xa#88<?z~zdUm*SMO*sATXS_J6!xd$3+$qam33#w&#kc=x26DtnB6Hibt}+8_(!7
zJlfUiI}UidJzfOjiPeJ=Lo;xGBDze3^5Hrrfu1$iJ%3{-d>)vstZ2>yeA%+$7SE`|
z<CHlbhyzgAs`wM7MHR7{%bTupE!fhaS!c~dHigMBlnSR{55)GV|Fgq)nvkz#+N%Z|
zV2}+t>&Kf?w9&3V{q2!I$6ZW37if5`?eZmg<B2`gq+l!78;$Q2N!Yh*Rg3s%twcOd
z#6%3_G;st+=`-W=r--<>5O`_4Od}(YpRl5aVr^EnsZB;MA(`}CN|?396JTU|x?9*-
z;}ePpDq(0on9dpNeG{TK9eD`f&t$G>c2|S0JR$7w>@XG4B}lQKAl}Sc%)B@7d?1j;
z(6$2w6j9m=Z!sCXu5&vuL{?x8$V+FVtX9%zZB1ubfV~D75){DOzYk=Ad_0X6KTH^c
zW5bx5tj6}+o>@CBzL<@)<j05Tt!WN)F55XBeBr=vlMvSXu|yfDS6ZsKvZ&;WMEJYt
z)~lTQ$|OV+X02A+?XM~pC54#%$GnKFrGSKcLB=#Ikh93eSh*c*AgJNheVZ-_Q?Rqu
zg}ezNlyY*c|Cwxs&uPu}S~i1fiaxcfs7dc?68%|f5cNdASD+KE%=$zIS`aQ+)=0jv
zEj--sn7x`7&gOVBL7x)yOtwJ!Lu4~$BZK!}6X~8O3-#pJcHSneD+X1T@X{2H2EiN9
z#!rMFJI{?#ueH=kw3H9KG*f(y`5G-I%Hnh&ViWC+G;vC&Y?tDoGia7iU%8+I_kXO`
zY7oJQ`7?&E#GR=te*Jn>_e4sbB9!a{OwKcyc>-R<NFi68p$=nqcexb<qur8TDagme
z_W@W}7nu@W{&kjRmj>@nZ?4v2rv9;0b^HMMkVP<P@RUo}TOj4n!~5(IH$OJIm45W0
zRmyp~j<%$pC#Ndo;p8}p0{&K()IVGdf(4X3+?Z)UYwn@P(&;$K8HUrAWZ{GWRz^DP
z2{JI)OxrFK0qeBc`u>+r=4PnE`QB@DRai+LTC?*nHW#^bF(X+PO%@rMwB>L>r8Id@
zO+*6~9JW9!md(`R=yap?X`Hik{l&3X#l04%@lQtCli_uSbI;a$($=xZd0LOlYxJ2d
zXYYDPH1|D?7AG03{Rj)u<_7<O1|3f?4?z>8$Xo&bI53v<6>`UxJHSTF>2hzkM!EK_
z@5$2>KVXQ0MQ}1Rqk-hr(S?Yog}e5|6;}n-cEf#%Tqk8d@qV9X@pKZL+R~RYw-|?4
zbtF1g4~PFFY9}pipmM;i7GT6jtqWhz)lr=+0cs~WWF-aix<fl$|7J)*ofdPF-d3U(
z%nK&sbxAiFzXM!NHvi=Dkl0_L&m6DAqPB<K8KBMMcBRC~;;<4aOkYVb+)HT*aMkmq
z^F!D><;#Hc%XxL3vNd@?D&XM_Mr%25_m+0~=M)Yi1eSbSAc_F`HABGChigC&aE7`A
zanfVIs@76Z+L>vX+m0U$s(ihHd_JpmR3S29N_S+(_$gPiG^lt}Yfo$PT*fYn<~wTo
zM6)ycg%;javYOl?kxWmIU}{m7*;M{ltL8EvWI-zd>B!-g3Z>`Eeied4Y|w8}SrX~!
zec!x}%Q+E8U(PE6@(^wpe|oG^n7<gkhlC2ZbYuIW3DodMD1VG)IjGG*pMY*Rv=SJ5
z7ckIhFPMq97F8xD7DMuEe!iHH!0Bvae<7jB;vgwYL+-q8o47d}nmOrYa5DFovz>7(
z>@As}%OA~jR`LNB)W_Ws+LTz+HrqQ_=V4nmZJ?_`VoITwyGY*Hf!9GWmwYuN5ET-=
zLYXBqquaJvvBJ_tqy#MrmIqAcfJGxZY6Tzet%M$I;TAFN#xFpWjU`Af_m?JpJu;yM
z7DtOsXf_k5FU;laW|GwDjCD-HmhTg!a~bQ$#f}IE8EGCYK902a*1W+5N}2-gmC$i(
zt~GaBn9RVO`1}H3g65DRlH6_$N(Bzl$)KG0tgRi)Udl-;Qw{+BAtK6XBXKUilz~>l
zfWx}?m%Yoyb`sgsbRz=ZIevFTK(1|_YK<IfmcHS$z3zv^KbKpKt;~Qx(#VlW@(V;E
zgS0&Sk~88*U9_>D4XhwUCP!CBf#i)K%|IkwIsvJUCc#g&gs~d~n{SNi#vY+TPjl`!
z{kI}KCEi3MJrtzrE;iWR@n3i9Z|wJ{YmDxV;W`LDuCPZ1JD)v>qvlR6p<E;lH%^zG
z*zioHzf)e=X5#EjRJizzDGg1u^OZw3U~*zcgzfA;Z$!M4WDybK{roo@urwHSH5)Ei
zvt7qF7*b<)Vz~o!`~G-ZVQk3>&BQ<{4=;tJbEGwpY}zQVd=OGp_oF$3e}h+iX0}I4
zPg%P1WPdUp>0!oN#*}oxWz&1gl@IaUWc`GyStp)*QmM5V*p~6rJS+h~L?HECwU+XD
zZM_<GG^J;UnNtIdh<4uYS!zUPFBLR=rH_30u^g^A0L^=|;nLQOO)%vIBy>E-9Qu+a
zb?&220e8bcAn!~(1)9M3Y6ltYyThn~UN@?dtc2Q|aOn`J@s@#mBc~)^dp+Uuc!KO7
zC19cjc+&kpfwe~vVy{TbVCc>R41Bg#^)w*&sPPjg+bit(RQOF%)%y$Y0)M|3fV9Nw
zY{wwT&(j|=nL(<-w8|Yl!g$)<;sA|FE@4~qieGRrdGmUG<Lb(NIaySe{C>#s&7FdU
zYgxqAlh^&xzX|ZgA-H}!E*em~0T7q{7D_N5w4-8r#QI=5$<?qOrusha_7_#aqmktd
z40e5X2N|OXEmo!wND4anAtAx|B%K*v0e|y2hxYI6+7Yg3^sA7qf{#ncjP&6%A1D~D
zs&-q2DlVBz!1Z~R)xLFH$c6_Z;qnUc8>U<~7yhOJyqrjPrZ1i0t^@T3Mw%n?7U{`6
zEKxTe_pBcw>gZkcIy<N`&Uf1@OF=|fTG$Jtq3fQ|naDb(6>Ed}P4{RsdHiI38^ds6
zdNRfQUu)=7cp3wy=lxXmb-03usy$OV11{7?v5LlQ*}}^u3%Aiw&F0^ZEl%9_<i8Sn
z(>Gs)*>=8L@`DBBcFv&1K}nf?Q=nZRbr1iCCLN=-cO%S7zW!jmux5RO^68<dPJVEU
zX*~AcZ@3N~NIjM%d&d_Yv5hCVqp$QWER)dU7sPhOU-@oURoh=4w#5#}-6!8O!FN5q
zH<<nwN`<s+bK5T`?54wG5<4wfvWjX8-NWZQ>+gfO*K7R_q7iuKGZi?<2Kv)64E3X2
zee8@EAj^zfX@r=<znG?CPLbWTbb)KFPnVD3w651i^s*CT!r{$J_EQ_WET9AX#3{L$
zZ6y{)GW%)sUClZwIk|t%h=U|~VJ8<YVH{>J$*<4)&ZhIzUY<xW=CVw#&#1>kh^7$^
zke}2)@@%?{lB{&_eH#=S{osjIm(;nNH(8c$agOkBynj%t_TWEoZgu$-NRifN*fNmf
z3gH1%at?QQx|bOae2jNDg&ka179cvl$92WT6w(w<CK1#>&?Yj{#13ydJEq@l<f3*9
zlDzjP<&<zJdaOho;S!@B3SZ`@o_6EO9G*oDZ0w8&^B3E%o^cVOU5p+YqGXW0Y8<V`
zAVw<tst6`79W)O;-eCFAcv!?7*($~HRzHnv?oN!(eQcR9(xPtaAR34&`RIDujbi>O
zVX}lyCC4N83&U|%(`nmgOiNWlUfw1M@wsj_t+&B#rlfYug*RQ_ZKCVEUqP%0(KnYA
zKsM<Ko+r;@B)RiyG$B%TD|~CWyV6>2j0=sn8mKe$a1VsIeEpN*dh>LV{G!5=_dKxk
zvj@BmJmYGyBN`jyPi71y+)E{Avt?UKfeGjxaQ@K&&Mk?f^LWiLH1jzB0uX3Q8Snm^
z3G6PK>`5ZD61kwU_+f@2>*AyDt3S01K9#s`se|t_WL`7>){<w#6otuX0uR4;AiBnd
zJ)h`SBXBDlQPc#0bm^>(Qc5KD_w3I+k_hl0jtTZcxTqT5J{}>}ja_j;UDHiY6bD90
ztgg+mlf)*HR%McjU8(+N00^`s*hFC&UhEGcfXN=u^Ulbj2Wt1ti3Yct{HZuFuB)eK
zd*~B&P2BA_I%pqN(`zKZg~(N1gRhbRtX{^<cv*z-9t_n6y0C(0k|s~9eeJFMS$kcC
z#&@B;gV{3vJINgH>6=*$lI4$(a#TI)m-a|INo{DZXA=wK&-;8!l9y*x?kJx^1Xg@y
zu6Hlrxdt17<V(?1TiQd5tHhfbboO+7U2>jVOIcxWkDv4Bf*>p!Vn<kfz>wSN-%^v2
zf+}EKDf<0a)rHjZ<u5G7#!S;J^1}z8#-y78rfO5RcVl+)O_ofc=upb-qsG04#^p>P
zcDWO2Umuy;$BnADUBnL1J4YfYl7{v^&my09D6Y1LEF$ats27W<(s=N|v}OPJJWzsb
zy3oOb=XvRBR8AZ@4CmEsH*TGwM>SAutIOa!r%kE;23dy)W0~ZL)IsA~m(i^^%<X<d
zu1^(W(&@yGxd+r;bijO_7V`nLRO_9IiKfpv@KcI9Gk~xD5Z~EPXZeWrmJ;|V{)yTr
znoM`HsSSj1P0K6zU2J#CoTE>SR_#|?iqX1@rv5E11qVl(KGK!=`ez|k53fW+ZuB0_
zcG61=q>K#~xli|0!f*Xz4d%4k6H!E1V~9sZ-5pnnMeurimxUdZcC*=_zGml*(NR%d
zP$WC!;Z9L+J_MA?CdDXh{#sl9A=Xg5542&B&-BVvFN3{AH`OPm!Ql<{Y8jzU5%-oQ
z>0(NQw6JffXhI5Ff%I&@gEx(ZTZz^A6D@%<UPvP0Ve$RsAwwUW!q>^IHCim9+uAQ$
zy|aXdk6~h^Wfx0h<AOVBjEsIBQs*Ka8(a4SgUq{+m^n<7HG&upU>e5pDGBEzj_Lsc
zN=%zHsfyy;$r|tyBnRrI4rNH!rL4^b+oKHHBP8da)rJjr;>xQE@s8M+IujThyTiEQ
zMP1e{giE5B&?qXkIJu#62er^`rHc+F8W`mh@|NVa=4Q@<v5uJTXkvYu{cD8o*+S;Z
zic6U@`BL)7XD5c1lT=1)3CtiILrwgQr~whjV?hm^*RNmXj=yQzdKBSWdp^(^L$0)U
z(TCbw#62EL1VSiLfRw^$X-aB&<n7-{s|ZK+r&4~0ot<IxlV=h#({n%1O?V1ceSiCI
zju&7?z)n-OJH%>xK`dtgBIByQ`gtH#F7j~N{pG+B)0)1|(mGo!7;7NpR4}#w8SMyP
z!$-ltl1a?z-t?f#bR`im)kweg^zMn_tj$x?-Qe4nq(d%9m9%t^X{Y3YrTXEHc(GW4
zjU_)Y<WbuH^JRPgM0zyJ@Ra7(aD(6qpVu=p-kiA<(HUL3P-7csG9!*uV$&(rcjx;h
zuXFr>Y0&$NZ0*mX@%|qk_OvI()K!J5f3>v$azO%w-0l(4*8?PxFuTj8H~6;*`4%78
z{%|ZSO|+2{`UEA~4g?SP4+BCX{XIQ?XJwo~EfO4$t)KrSrtQ7o==nG(B@E!omL)$)
z#{S0{`17GcF35el^edSIE1?6@P4XEkwDww3Yl+ru67otafH5E#2R@lA1czSw=_ucX
zSqxG!=upv$-&p<0h#TTE@0MS8ciSM+72vh5Z!_rriqF~ZgH?19M#UtL8owpbwP<KZ
zxks8tfnw!Wr}Vu}ms?2H4pmx?$L`|MwNMUkd_`rBA{#Sva2e>$6PW-ahea~Bof(Kz
zrAV0{bOG1sN8xiP3qSNvuCuq3od6iNmw*h(^v=nrcurl7`BA@+bU9w_d83_O(4dcg
zrw#wQw-gxp3QVae<E$ge)0yOzsP^_7x;NV1qKSRa0IN0HB6fv!m>HHD-CnAJG{qcD
z-p)K7|G;PPl~y<N*y@kLOlD9U0-SLKUmZ2lO;CoWFcgR|M{fd1k30r!Co57%9`C;f
zN}mI>7;D>hm{dM}9c4ZLp6L8>7yT}p+cX#tCp<_IjZ$<w!w6k0!FX_^Ju<JlfX4E>
z)<IIj`_&Q=&)Qsi>!-)4R9Q)^FL7OaIuS?FOoIgzaCXS}Kq`4-H5?H|hxFh+LfUew
z&PAuEhOu)0J_MJqZGg2*1)HdYIc;O=_JAhzkJdW=iUWuZ4#~Lo)CeadZ@v;nF-mqm
zi?4g}ACr6iLv}-S0s>^FCwq6OBqJedS5ErDQo*#~qLNW@s-j_3T7vzNQV^vq?D6oZ
zXs505P1B9*ahQB=#%W1xxBWsTYq>z&RMJa0_UuU7v>v1PhW9@uNQ~ENYeDYRM$WMq
z<pc6skE>~&MS!@(_K9ebgpDde>#v5@KP@^cDu4V2;vTFcb~4vE;w<P56NW<<ddB@K
zJk*n*IJM||M$+1bfvyHGjjZ^k&ZIN3Bbib@IxP&UmSVU8MRycWCuf$_CFD*6c9?At
zOq)&rjAk~>d)n%A!yIec24;0SR&~j$n`X0H^~NX6kJ~OQH?|QW&bTM!%#4ljr9eaT
zP?h0!#Cgr>2%1r`x+bw|3!}Xk&M{fqy>qmTsK+M~w=tW|q1tM6uj6YTu{I9$GG@jk
zFIuQm=aL1=j@%vfelMHNnKv#j{l_GHaoM$6j&xn+ik6j!zRP2tSwB>@NJ8H_cz@cK
z?ypcBkSE^_R_3I#drZ|Gdm?68O%=-V$_c5R{ev|mw(1DuO4AT}jDc7s?CL%!f*s)j
z_8v$&txpg7jr-esZ@B-6Y`|kHF*~mHPSZ}8)aeS>#**T?Tp*bgg`O)Z6e)Gye!IBP
zyIA<D-26#0vgLWBLNIX`fw7pBCS|7s9_%B6mTOPck(EW2J-<}`E@FHzj*U+ptko`w
zt%R-m_`>FvE(kLVgw3#trQgxXfLpplFnlY)w^KF7*KO0TjXHqAzl9Qr&LAQ0{w?B5
zYyDi#v7AL1wSZ4oN^x>&*9+AlqxP|M_}XtBmB1AWL~$gqb3zwVP_IC~<!QS0ZKrwt
z&S&e4oTIQ}_FK3|hgF~IsPczOM;r#DDUw0^-tUx@9eOSDoWC?yvGx>hs9cXI`_vIX
z&9jx7X%8GqDfHPTYl*GKh9o=7|M_xk7TO;dpGg(&(h*q*^RwsP0=+9Er%qq_uU!7>
zT>!~vwJ6ANcZZt7T?~ovdv>>_1bEenA0^j7^(8dm19aZajOEZ9EX90XxB1pb)IACW
zjQLpPok7u_A@$L<qx?z(v<gyf@-US>APcIIazZ>ZHaWrkLH1;2Klg%zEW|p9VsKn3
zP*H6*w}2{$2mNe2ByX~Jyzw9ot7z_G+gz*7b2zEwt~q>emb@q>5fQ{pFd)<>xwuO#
zRywXR5`g3*t=wDZ8l^srrO9g7_&_P3hKw>a%`^SIZg#|X(8dY%j)%IjaPmh;dtheN
zH8Y%`MTJWKnV`tY<P<XBBYSQp5MHr={)aQ2ljW*c*mVE7%<WHoaTCmwDb>qy|F6o@
zmx?>5mR$RTsxtQB+vb<rk0gG^9hU_vF_(G85WG`gR^50*3~6(FwId4J)>Smb>#Kss
zad{aCd4qkDAf9<8tDoQ8Ork>i8d#Fz|0$ZtdIY`1k*<7<CXg?~c@2!rr;R4NY^?D)
zFo)znP{~s_w>-UIM@utt&n(VG<=1|?ZsswAvh$+-)1VmCuHBr>7@Bl8B6D8@_&!~S
zkt$&fz{d{oonE-y!eva5`~%<1SR?gBb988H(QxXjzyqe8R6IL4ui~9k{zR--@OJ~y
zz;J09G@ip<5XiiyOm##tA2FxtS}~<;P82^Ke}vcB_c2r#mBS7Sx)K)sojr2C_)Cb+
z=aKPsuY+KCZG#-OZ^h0$55+p8=uo!1Hz}{SZ>%Eg?JLOw`Vh%~^b%eo)ieZq#oJ01
zXOHRok6t6cQB%1ms;G@_zzO83fWloPJ(4&l-O;v5pDVaDPJ@D+=dp^I@4^7;dyCO?
zj1PIWq)Av?x_?frr*^ns$tpjXRnp_4+!N<2&xku)dLt*bGmTEev^=#$OttCyA0?R*
zbR&fInCRC<HuEnUdXX4+f)<peS9=T%Y;>4U|3nWt+gJBz-d1@0#rPl>>iZ0Ok?ge)
z2Ws|cUfM6ZE+~BC?3of0mn<zSab{<BxnJui@ASQBZgR5`r}vxf%+SG7M~{q6>sNq5
zDs|M6xbfuY)}~q*{1=*wm4vc=Kr(Pj-c7%E8r9K%hw8z-&AxsvNK?B<cQ0p|a_F<T
z*w^fQ+S^?G$+JA>>I-fp%aw8@D@b;SxfUDu&cfW#?RMCQRV8A~E#ykz@X8{qpQ3Hv
zsvSt?&_mH$C--nd^;-J+{kyVkP}jxj$X-iXFzQ^)M9v&eZuI%Bwb{RNDGjJ*1>&9@
z$;aLD9)p~OM4)vto7uE`X~Ffd&}l1Ke80dH)9>0_nuM<{`@}4##AmI;MLIkeyOaXm
z+Q;<e#Kdap3tL8W_QZl4_{S72Ttk{oa`{#>IQJR!HuWR++Tp7(omlo3NBMcn&xgNG
z<1;d*NB&l4-umOVN`m~S#Yl<2Q7AaU)|(zzAGncl#%d!W=Fm086stwD3|M<KquKx_
zfUrABIc>8cuQR)CvIj?p>!|$d0P)q8Z>@Kc{W+?hYKiL>j4<wQIPWvwgNKd8zw$qw
z4+j`<1166d1DB64@-#v!ewJoC)pM#8#15llfeEIK1W(gL;#^53&siniIA=T#y8m(r
zZe}%IcqSFQ;RX57ghX-_XdNVk2-d;sIOoC@l@j2fGdeRiq+jZ}n2(tUZ5r4Fnes>-
zm)2JG&voK_6~d%O?G}AZp`K*yq3s1+#_*h+h1fM6IM%3aR3-C2DcSVOd7kgx7j`xx
zPGK4dN(Dj9D9R}iLhAFY+u7j91@nu}hZpVDvkn;8tjaz5UrMqr^H8XLdsnt@exNmI
z4K0^_kD_{5m}Z#$u3KZLyoQE*xY@twgGhtogL~S~EnqkItJA~eTNxqIzp<wqPcop!
z(Z4_V=5rZu($@NG2Xo1*W6|rg8X983b%#LOC#M~W#<%t~T_p0F1<=&}RHf;{L7khq
z6m5-5RQ)wZ9+_*KM>EQW#Z+x{BZ}J_gleZJ<doKossRGCMsGQ>E+?M|b-UL@V5lI#
z1j03(wPI=yD4OEgU`r{;&mF-<ghH1WtXPt_p62Dh*0gweqdBMkeoStCGX~z#7DbhJ
zLnU4b`CZ+G^%eCC4)MCPoioY&+DeQzBN5EM^pnV$5C*ar7#$@w4yx2U%}IF$<xwip
zukAeRQKDVs;7yivks_Aad0V{1-^exdbx*%&yoK)Zd6h`T-te2O=?-3+FtW;;1<OOA
zn@oU-fS$mszNhPf8Tk88OE>XQ<!dc1u6BJqN#K=bV&hULdpfx6-nO`xkO+X3*<tll
zTDL8%Y>lJZwhO}4j5}GA;(8jPVkI+G?sj|Av+Gidve6bx+_ZOSDM-&WPWeQnIZ3_v
z=iA+7c7Qm26&+8n)0B+<1Xi8eJqUyRai97A&Y}GM+`ZG?6`K_`;7XAPM^^5|bkD#X
z2WefvU!C9I7L5u-DmFV~P^eN&1-XV)-Cu?goVYn&C|Be#_DPrZr3|n}S<M=uq@awi
z*|&^^E610n$xS-E8)V0#7<TMmm<atL$F6uEyP{#cpf_?VB~dK;&6kYJNlNb|4RABj
zKyZ2E*dzFYU#EIdcfXNB=i|obKvC;6#&nGFC;?@vOTDslU-#&E{7YE~_UXPt{bRrp
zv)(DbaZXafdtm{DfjzKvA*1h|3yr4~Cb3l)%zw^o>17OCwuLJ_vMKx;yYMR}i<iW|
zsBi&i;O<kC_{$P}1nEaVj=%7m8S+rafhS~!MsN*fOW=(<cRt!Umf(be?1wGTG;X+q
z7no_VT!F!Nb;K|z=*Di*nLdyT5T6@a3Kzd1l4Z=WEya`|@D^jh5UOx{TC^4k%lToa
zqR+WQGPt}o@Kw$RiFy6rkw73sSC>G>!vaO{&`1~|6CuMkJE#dQvD;S1#|d@{5!Ptz
zye|Lmw9&A|*KmhpH!a790$vX=I{EWTx<1^Nb_b*`r=6k+>kcT;tCXeXY)#4YYD8wS
zog)PcjOTjQMy7Q$e)syifFCP>69Bd9Ctw{JjmA9Jdn)GW>9P6tC?y8LU47<AQ`SgC
zbsi>UslgV!XCrImNc(Azl7IBe+lr>d8(98mge&)OKeW~2r;;{>%wCLy7bM4s1e>Q=
zYs@>+sR`A(L)seWcnEKC_I>%iWI2to61<X9vC?7*-3D%}c`CwNzCU8uS`c<6|LPqv
ztq|GJ)P%QVZNB@b`Pp@LwjeBxP<yD1_QK%Fv~KyTS6(as;@u#w{~fLcKh*KETN~d3
z2vHq9h1b2k&v_ZBY69~Y>fU_H!$!vB>6XJ%FiCpz--IR1>2Oa$Q}t7wMGEK7WR{(1
zIai2q>mzDJfwYRrcbSM%@bGcn<HLnSS*=Vd<NoEq3~8sEAqTC9prBi}AmI^}+iU)J
zti^HDio>P3xmDQDcmHr)po;Y`gHz~~g<|;k%9XO*anB{t(KoW}rGxKC0_bo_=G<z_
z#Q2oNIeV{cCzX^k)5jF5@VK7C1F$eI3i}h?{nZE>c2{9ByZ7_Fn^e}pS^8&-<$*sg
z8yMO#FT{t$h@{cRUTt!M^ZW;QG?kO`>d+VS(VVUL6c9r^v^1x(I~4j{VOnB#Ht?h!
zJMQKVA_=X;gulKco-g<(uA?y&LRD0Eycg=p$qdCAjs_IyWwi6$daDjM4AoYDStaM-
zpGisw7cIx*4X$LFUjFhBzemTc@fs1kA96Mh9)5mag0_E6deiDo`QpO)Z9vv+Q6WQN
zv^?bvd*SnMeFFCol&U3PzkcwK#&)hyiYcugP6xD-6$f9_Yksc#MP=1?me^r`cu6sf
z5SVKgf3=|NFmoux!_gO;KZYITur}6Hq&M3F_Z}j3qGv;EhCf%GV%VQ3S0P$ptO$zB
z=}qL!32X%U{EE&`LxT^Cj>kvLO*?%&$uk1zegousskciHny#mL9n?r%-?)0Rl0?MT
zH~2%)1xq)_)nEU{cmA2rujPTYCDs1c=ISHmOt?J)Zz|jFML(vCBic4AgGm9HqnVD=
z1GMBU1E~n{uXOLlXl6K>It(<gddlXw9-SFCpZ9-^+)?0D-*3Ng7GA&Za)@Qm>o5P}
zXy*uY9m!0}->bd*#nQCS9+a@P-d%bSyrU2^nair;Nqv8I@&e7;8PJ8Y`+>s5d<Wh?
ze`SuTp83N=SUM?{t6BCcz=&ehVL}#*p@u&p(o%9`v7Ihr*K@XZEiv^=N3C9*R2^Ct
zJ#j7@N{OXyF%z>d2@BS+&is!EtW_L&trG_?$O^SjSBG|TC_&GRMiYH&L1RiZ^zx0o
zm7xkXZ<jnuI(IYO-Q(K;vGT&aJl*7`9O?6FuT<uvs{js>_jve0K1#+%E^8izoh3DF
zL1RaDeQX3S?YXQ8bI=`nnD4WO<8pnJXK0iY_Pl~Sh^)y3u(U%8f77@K)LHSZsz=Et
zgKbzyPk`Sn-L0-eK2jTk49(~7*LVF9H^-K;5TfapnQ+|U(evfY$E~D@kaD<7m7gc?
zd~YCDlLEEV;rLae4g<(H2=P-H5>9|87L^ilYoSL<U!5SqU%X^i=X=1a1`I^MP&1bl
z+g5kzE9`N<+mqD4%3csPR6%xb7#%?ZN*^A>x2hFMsi1_v1Um7=ITC->C=X62Fw@P0
zOemp4ohyu%<_$3gp5e~s3bX|osr)HC%2Dx^Xej#18)sLi23$KTMGkWUeu$cXVIP~>
z?lUKqT^+{QWRnP%?sr?#I1^Eo*^O6Gvbd1oEvXYy{3s98fMw&ifpvBqY)PtHVR|ef
zg>z@<9Z@(g&G~((kHYu5D^MU8Q}!J)p<zA*UR1i<sk0bL4iJvbJ~X&v2(vy$zFZtv
z&#}6MVW#j`QP^azom>}K#bZ{a_KdcxU#L-u5e6aBrrF;NM<7M>vl@18uS@b7oy60=
z$%43{I4t)Wiq76A@RRj!vu7y;sX{tsO$x^V8g~dpM4Ua4$Pu=4s_^qk9=3=wvSPRI
zEWo}C=ONR5MnBr2W6*RZsnsT3k#68h{srt~15d>8c&<~ZHHM&6l<r2fKsH3z584f~
z{BXd!mcZFD%-%jFtsli8Yzg%=mE77GxJ)Vdpa9i-ofO!Bv`9B@wfM!^rO{pyQpY}Q
zuS`m2J4e%!>J!xE#X6%rOU7XlOQ$L*UPeoc<6hTBAt$QYvw_|k<nmW>&vSUEFepd~
z1!NYzLy5l~0Km|8MW8S+?h8!zYd(QT&eP2A88evE(%t6r#VAZr`*lG?*R0y17eiON
z6p(;%$GG}(i-u1QWu;^q$OSp#8nB@yx``)2i-j)&U0Xm9e!Hf0439G(@WR8*`Vx?V
z+Ruw~h9|scZWBm#?+*YD+ZWE8nc7iq3OlMX6os89z)opO-TNpQ&HXW&Q91q9co-9W
z7|&oKudE{+LN2{&P=CDpa1?9qSrFNpN)t8!)qtKMH^&(-LTHdLh|}v4stsArCE4~q
z3r%&DBzfqrb6ko=$OG$@7sUD7?nsWEbo5c8>$|9mT%t0FhO0GvVx+WuNY~XWf#=3?
z8Ssq0!{99Qs7&%zBX*naw`loc5@N_MU`b-DA~1YIx}uy}EWCI3cWftn;be{)Dy3cT
z2+>{cTKUC@GujYiJKUU};%LGMzvT0N`u6F;Zs2~{0O@yj(yGWt1p!hy64W1VB^jmV
ztbb!^aSURnnWQa!MJ-FZwlgU?_$7`XP;h=GisWcqPATC4z>IH~s4oSc444F0XdN^d
zZMyU<_!KNoLeG0AmN{a(Ey|Zy5B99bjA%R|J`^IJVyUY<Jp;0*>byIj%VDo*PKH3L
z^$9po@|Luses!8zoXS)q{51uliZw`OUSiGq{{CO&FxneCdvXXyS`0lKy*z$HmVH*o
z@-X%lfF?+VG(eI<MQtGKC~yYqDT%rZE@)|!l(P`3g|jGG;bC*!X~=s!(My%@438_%
zraRQD<}dMzk>F%VJ0ScF5#2|F{I&{H{}%ZT9t$r?Q-{jl5Mxa{JZ_py<MkNwN`10-
zjOOY)#_uJ)ousNCas|t&HwEls*T}`USnn&6$e5JRz;XdmGx|nmzE%u5M5H|+V`EtP
zDhgFkq%4fQ*Yvx4O9*2*4V7GM?eox@p3m8ofeoL?R?wh9od)dJa*&G(W%O~Ha&Fz`
zBx-(Gq#R1tjy@HKgd@r52Hm~b=;4})y>4|`oxbkzr`8FzQcEqB*zO9sK*#S#09~z8
zp?yW?E>U+Dk{bH_3^uUUcd=?Pza?Ye;y5HQ#EPe3zjD%h{r$<gl#PbdAA`EcIO594
z&xHK0i14Ig-;kZ-e*w)vGQWCk6p=s1IXR)fjdrv?`Bo*WsG!%Ff!x{NLcX6rVfzm-
z=KbRkDv`R@p>TP-ieqzo&A$!fCf|l575E!m<e=&FrSr{Y_55$kD(JC7X*umB@?1XJ
zpF2KU&(c$p>1w9&d-(iK{Y~G^pyl<tf(XN<{_73R_ZaQU56y_1>$rr!{+5pjszJZz
z`!2Pu$MP}S(c(?z^~c}T(R8gDn)_nZBfp#P(c|X2^}2%ozWiPVrM*^q2@m-+%huoE
zrNxYsP3Pp;z*RoYb^f+JJ+J5V2BQyhte<9nD_m-$>Dr}pzd7IBmcr%d^cFpCZr5l}
zK#Lmn$$=j0`Q|c45&6?p)PUx;n`K|Wy}aq;Ue2~;QFe=12?OL}Gk+EIOFvCyG}^dS
zS5sS;>uPhqn#=0(<$YIZ#=$rxf13NG@He!R&*lA6xYU37ZPcOn%eR4_92;^gA3gq?
z_M6J+IX(U@&dv4feUfAZM+C88e1Zf|6<GW|dGGmUY^{`Q`l#k|94^04&+BhJuW+ec
z)3Je<9P6i<o_e1eZiP#AC=C=pDX;gaJ~p?d*R`C2o|FH^x1KXT^82?qG@sLh=K3!`
zZob#3Pd|FO>AL<l?rl0J|1b5YxvU;bz!u&<j-O^HvUu@op5K~-L`MJT{aRLUGH}#$
zP3QGvfSha|acjP&pr<a!*ErW)N7HYkZUs5n)J5Z(wq=xQDsR-I=bEoeVLh+MO~o$N
zb?KUZnyxqFr)4g`|MGK+n?m!kw%2^E8U7w^E<bm9{VD?m#f(`nhe<~kGi#GLc71U|
zugibqp5`{StRkd8_1dNDO~?92>u$csXjf0mceBhj|8B-ffB*Kl86?o_(J30cf;@Jl
zmHpQ>{WkE|dnDcT@T8Ah1zS@tvp3E4UBX@Ok?-H)+k8&HFZq||GIFvRx8^d<_vp2M
z0)H)F`J>R(F^dE#)e-?WGUwk25~aDiyBeb{_SA7US+WRycG^gl|9?SnbM|n@r=fy$
z$uf<{ApZeq+2H>Y&^b*y@+7itgUdi1goC4Gs2<K(#1Ix178y%G7|DPQ{ys?1<tSNk
zxC>m!5U1s=w#a6T{-q%HUPn6|>uZe>rT-ZEs!x`n1)Vde0sZfR;IB_3{?qKuzc*k}
zFrqK{=*Y_d1ZZGnv?&6j4{!gI6j5<gYU_}?%|O_|2LBq+tX3E0QqZKxn1f@3e+W8K
zq@xe|c*tgp{ym^hUq=|4M=@;h--ds`W-GIPH&_vcsg^LVX>P&41avZ@S)xZB#`-IY
zsK&2Ka8i_X-3#N{@V^KYH;rm9$4gh+)czZhZ#9i8GHO)wPr$%a%4=};XF%`Mm0g<+
z{J$G6r|18TpybszK8#79e*kKvoc8yRg7UgX$~Ql1_(!0ti2f^e<+q@?=-YfM^UcjD
zUVnvub#?z*-Dw7ud8P5?ph1f2ynd8ne}?{l50nmnL<bfA-8}g{P`lZ@GPZ&~-o2#P
ze*k~A$vT1da$BTzDF1b3YIU|+pT6~{ZRyI)%2TE7-?a5xXlnb9(ogyM{|Ej4CqUn}
zu>~vtQuy}=EWZmPq}BCAwGJmC$Sgwp2L=4!394ig5qF3WC)A-9OGr4Adxv1xytMqk
z8YEch*1rQ?L!87&)Y7^`8|I9R#7*BU_(!043i<R|q_3kK{NbR*ik-a!{d&jJ%2SMc
z^Yh(*8`O(Ew9vU-2tj7Wv+4BzO(3*RNQ@R9xru@P2YgYxR9lB<urDLKw!l*-c>hxn
z`ddx3YaK#Mcj1Rl^7}my!|vBAhCTtJvi}YPZ#bbU68m*za?eoQm01$3=qr-lJA~t|
zuOR+W5Xa`^=g+i35!jWB!~0j+Y@tC+$5;ln@i1)1|52~-$HmKyZfydw*JbJdig*jZ
z_4Q<n>exTJU)!#(!9O~Zo*@?D$sghOzXAj)k+aaKFy>8bhmYDOV}uEM4Tz_+m!lyc
zg3+I_3j$h4O#=f4b>xc9e%RI9(YtpX<GKeE7ZXB{2%)*NJ0sfpOIs#-^lnXpm)Py!
z2HMi3PWsgc@&Ay3P4tUy7ejkraqPbhLTzA!zXN|QV9|`Qc^?a7-x3i_9VyT~Z1f#>
zJ=d%(s`$EhioV;fD+C(*1j%_Fy~wCw;)uT7+(ytyE0X)gxG9K28V{m%?*ZMPL!aLp
zdo9R0RZwleK-$skIzzk}G~3Zx$*K&-u|)5xh`Jzw;+iLQC_cK6fzH@g(ETWM-v<S`
zX6N9@9pk$*%-@b`Y13NWK!au-2L4h;*FRC5w0^}wang78F9*#=6n||~_ju4Yb>9YK
zuOz{tIWv*$ra||G&^=3>g8B5icGPFfJ(oc4YsTH!E28N>buQAxld}d9Ym#f(LWkyk
zZnQ3alS9kszBI;&inOhD6jaGiD-D_*Nl|0p3*9G0uQk)-5^d$9{Zhx<ycdkFGN<%1
z_Nvf+Xe9#5AFW4uu6tQ1|MihvS-GI$#(h_Ip^Jmmky+A+n?hw%J%&8UInA`1>7&M9
z`_bIa<$;x+*UVjcp~t#%r^=GS3;F0<FxolglhKwOYdPhK_E+VjnN|uKgs3blt+daE
z1CVo<_V%cyPH|Nnl#bd@#Y@}KDl`*q-Z!JH&UgdFs<NWxb$=XV&nc}(>QK-<jP!nO
zOL4ce=aw;D7^m;&HwQ#or_!RC_d4oURzbH>LwLEPI3(@A_C>E5@+J3Zf11lHZd#S@
zO{BjKUNzC(04du{f1`e>PuG~J2xH})@i+>v)op8?-cC+Da&=dNDy5w6Q>C(R&_~;l
zdJNr^W5vB0Cy}K($;#_Re)KH>gSG~J<$gnE<fA&(%wIjH`{n3wl?QcR$}_FYkflbf
zmFW%AC#$M!^PVY2`KG=Jk6T8D^2q2oTvh({S$%UKRmYV^O500&8_Bs#zom@QP3i~^
z59OM~utpxJ&M94u>q0Zbwy3<xx#S$$_UpkjiC#h%spoG%+G^H2wGoEQ$~kSz&^e{0
zo|B?#kN%!LQ_xY3X4zI=t8KKpGXIK>#EK!+^>;8vNpvB>Dv`ZfJVJw*-Yue$FRE9U
z)43U%>8JH7|0@MAuQq%$HIj<dB0Sr~^5(!`O7n%@LdOP?U&pX;zMdR!$d0bJ<e*(P
zbgzj%DyPEpgpSdSZ>8&xNc+wDVO*E88VIXy=^9pY-P_BP8;7=+#7lW|8Gbgf!QX*D
zzn72-sFx3q&+5bc(d`-B%7Nt@(unWhi96!mxoTQpt_*Qx-{~w$^_?ft$g4*r5NKD$
z#S?Wr`bb|a$4_wHrwwoQb7Nh#CnF<W7&NLY(|oJ>@jwm)`t!u}-rP5(6D@L6*;eSv
z^?l>GZAK@8O7b~X@4*{44`Tj=c9iTp#_0-ar=b?R7Lj~%MFdMXUxcVuESeI^kDD@?
zHghn~O>EE2gM#^F`Dvm%v}I;H7Y?1v#V@iQclCB>+p&DCIz%clT<>;aTsU}=>=tbq
zRFjUWV?4304V;(q2_yP3J*bo&mEL@LOJ8G;6;oCY$8y9l=<{HukB1kJ2>y4CZO^dQ
zPAuJ;N=(=G+|ePF*;C@kJDEv}zFsJbKdg5wS?M_pp4gW=x_EQu&_#Yp7G>7gN-G<f
zam{dEmwQIGa%c02Y_W@SUhR_@pWdCLaB*?wzG+?Q>1|^5foz5j?@kZbB930Pa?7o~
zjislZy0qi{IX#%3;KkbgsdQ@}%GtwN44u-K*)g76KdlEXYfIR1F%LWcAl|%XDD%fg
zW1p15;an3Ft{KF;GZSbdyx4%y@V0*3&^wUivzerp)?w%4!(-#xa`a3(W^)Ukm>kaW
z184E-)sNdls>yWqrcWDx=1%I0`Rq9kWmXd0u`Qp>?ZM=}Eyz85fzrq}+}k;vS<~Xl
zIGRR4=MH=@yDOu+1aM;S1@iU1@ybeijOfF}fLeAR&L(_NKb~w|%IaKKUc9M4w~lJh
zfS_7dY%bu6iCyVdm(P)07&52>Eh{RB9-PR1oq`yY5WwN%*_4T~_i%INmWkaNofyGG
zS0~Vrk<O8PN3I#ro|~@jKqqg>w(HE~XXoRT(22*pcyh&6y_piwz?##!)Y_T3VTQ=p
zWZ|_(0pDjkGr$*i<k#`Qn0B;?i{Xvw9SIjNyXABaUQuoN;?`c=I6MZ&oB|F?(B3Pd
z1zG3QIG8U6U!0n~yC-)IXi3Y2I9{99kuaBfw(d<OxMvqSW*+6+BxmN&?8Ac-6ByCf
zg=JflC9tkz_|=2>Y-$I3M_D*<@I3aNyRqT6ZVYSd#i=vd<W!48P!SiobBT%Jvm3fI
zb5Jb4_GRo%YheDop<Eeb$ELk$Y|9ZRBVe(&r*DsV+J(4t=ha<sDa>SlmYG||wl-D)
zF0uG>^WZ4blM3lOx(}buXeYW}!G#7-Mmd+TA=AQblRI;DVmS9qP9$T;K`xe9Y2Q16
z4`+8{e78_8>^?!JO9b!T*_*lj#9>~{z&@@$3+HrWP%CE+9!jG`_d}_yqDzks1f-tj
z7-76G<>&Noi8VEY<NE%v1Sy{W-gNPIV)?GK)P+Q_Wd1;A42&Ysv6h_|3#CU6Oq<f5
zm!@=NN>~-&oT%rK8wc~~ggE;6HL(0pA&=iRfd>b*prd^;i}x2Yea1jux+a0qJ~b@f
zk%db{5YNu;&z&P8aj>}2kaB@#=Ovi9{A~&e9-KS0XX7nBm?SusloWI3WGT}m$(YsF
zgE>=r(zY;z&7$kx5n;SMw;y+2*`BIHCpb|ec0?C4(O}Tt!b3NY;J#69nH%TC=bO?Q
zII%a+3=PLMGn=>fW;H$vlb~f{LQD2vOykDu$MNLwmL%F0@qMlbUoPm+b>00rFZ!A;
zXc~(G`bF^hExovYXe^<2qWd{!UbuZA!=;Z~FH|vhbSFkfxNu<KIb)wHOH~<3CO58)
zGV|W<Y$n77u`4Zyde2banAcZqT^k~6OWB+cZ{9hITe}70RG!D?^EKRk%W$5!DxMCN
zd8|8GLGMvLSa?GsqXMnGwe$pG?V<@Wm2*5x0vX%<BOCk!_;b=>WcC*B5eMmza*^Ag
zUCWX1L|z#kg4HdEho;4H-&^a+X&uKk?foQk5F;WPgHK2h6C<4^5b@*w0qqzZ=}mas
zmb4H>K^$(Vk3Elld6>aB^v6{Me$ME&q;J{D$Q#$u?S`@Rm*jKGRSBHiyq_OW)-!KX
zEIU43%Fw$G^UCw%2+>s+MZX);tPC903a^qHMhxkI)0s5F$Mogu;0o@3el2%h^yARI
z9V9Ptr&qKm4z<;|`2;bzy)UNA9>ZwDVwDV0x6hvx?TnL?4`XB8B~x(ZhKX?$W!3Z8
zmC?NU_6qL)ESV7#x)W#C%v0!7@5s%QI^$W8&YjP%V|PG1-WnG{y^}xpPmbc554Lc)
zOxn`-;w5YDJE$`W<}$wCoXnB)8N4h8sd2eMLB!dSv<v4MclS~bn1Z>Zk7Rw#S(#)m
zPC?#`a4li>2M3Ajo51*JHv%HUNeEQq4n2EC5$)#1%svsU{B8>m>@2|5)lB~$vG|KI
z?Aos*L;cHn@aMA(6$9m!YtQYs_Tj`AKQsLKQ`|bcClRgMa$RI8b6(uWmh5`wOzTO(
zrXAe8ESX|OMCmSxVUKQ6^s%qNBo5`i5v>TSw=iN<JL)nr2x%EeQA!H4R~GW(f*xXw
z{dsJlH_t!$15Yg}V$L<)i1GB`zL{-#;nnq&2ef2ntciQ?{hBupyGrod9(&C~B|EDu
zb7OqpK*`wbd0<W_PVUX+=GomTJ$aIOPpzZ4dtdJ99Y9EQhy)uV-f~-XOc*U)9EtDR
zfu24UJh%J=`8w~RL4pxyGq+w5NA}56O!+d2r{)hP!rg)468yMbILAAiv+3NsHSw<Y
zxCVxD`-BJ{{ctBCLp#yFqJcqEhH<4=7T3MDpS9u*TC@mcV0@5~El!!zi@s&&xaOl%
zjJ&cN{em2+b*|^rx0W;H{foSQTTjVyD`*gbQ<fSaIMv%ZFlAyN;;NFk@two8?$?#c
zlEs(n$dfulZwq_&9%atFZ&>2fkvDpJ;n|}vpA4`v_4!SFzPm`AWjmIRaHj7yU-NUi
zD>n{oiIZmQQiq*a5T9HZ$KoINaQ7F-=`f_1=%<x87K?Mr&*A%>;sos)ov*Gj(NT0a
z>D)!8FFeEin}^UT$c6T8f{n+K_6{y2w(=(?p(BsAuVuue>-jOG7T?HlCU^1@Ido)-
z1a9T$PcUUGe0gUV@C;{OM>CH;{4KApsbT*0{dsI&XOh4Fl{*)or^r8yyZZ<5!kepk
z>1<u&!ih?uiYnr|#nI7Mf~R>sNMF2(yOt!8p{qk0qYV0`0$ER`)sqkI?ahuKw{YDT
zrx`aPk#=&u=cob9iY(*i*LL$$vN%W&J2r0E!<Yxw<I}4f{ew*W^y_gJZ#m7gKVPKV
z6+P)za-QLHmQgft0F(Uen0sXx%Fdl)mhiQ|J|bxzO>PDW9!(*UY?&V`c4rlL{gTaH
z*LKB2$ltYp99_IBnDb*Qci+_qvK_g8Tx<4xxtyU3_Vd&;SJ0wHgGH$`yM}9T96|e{
zGt7Nr9lwTj=KTpl{JP-`tB+;!%xX!@nip>r(HPn<o?yFLR&G7TV);D2G>yA%=u6tF
zZOmUOL7$<o@{!`c-VVI~`5LZ&Y9}oQ_LN||lqXlGaWpA|uQr`y)!_`b>^Q@h$BG%y
zIg;2ASECJ+wq<W-NY@DboE@-pv9jdbjSPG40MoDOgMCpEE4QEHYoXzLt1}okcOXFr
zwlVa^jdYzkh<?$5%<b&Tv#)OA+Y6fHK~7P%v7Shy(X)XKejol^z)~YlJUWz~ZYGv(
zx<HD3DL=k`n25d+L^)ge;m6ICq*ihELJ4s#b?p;z;0<;BdMFoHFL%aFY{~mC9;9kW
zXP!=gm$p?B;8@Rw%|}T;n#Zbqd#>%_$B-WFdHLZhNnUmpU8~Dz5#d0_@l$-bBb|me
zu{<^`ju&5;LE3kNs4sUU*jEHyGF@_y^UQu%?wZh&86G8Ev#XW|#<gPA*9SOdSIO?D
zw^2VZmM#vJ<W<(|;3Ty*HIz!f{ts0Vy{@aRmFu;v-<w3sP;dNtv}Q!!89r_ZW>T+s
zmVb0TTb}DnKi4XJ-Q@-`RBoXG^zw6I>Bh5Mpp>8AJ&J!~C~aJ=Y+ARKGnrOObt0A;
z4*676TB*~a+Oj(88)`*)#lvcrp=C<TDQ<9O>vuQu)VL5@Imx-^VN-htEQKZ9vg8zn
zk~zJ3xR|RWEXFRPmHLQ9XkRM9O?h!C`Bo3^pV9`?(KBRJ>(bM;h)Km-S;w2p_Hf};
zF}ansxJuUhT8AL+ef(O|KNw1fU@si<lkkg+XHKFct54>Wm0Zd-*Y=`QX&T3}C3sS2
zQjpK0Q#EvL8N}4i_I$V~9pACNc-%jY=MPDHIhm|Jm`v`bB#MFqxkj?+Vcj~g{M(yZ
z^Kd7E#S(f;(0X9wHcn-j=+--)`6Cio^V99Dy`hCMkHXDK`sC!osr|b+TpvRB@o`Mf
zJje&uSjM{5^37UtT=s>$^6nYh^a;UST}83d!6eR0`dcN2)?Nb2FIMd!x6DLs(?oC$
z71r)b=G((r<Ze5`mw9F;gj>itf03tlrcxvhzFHi8O<e<KCo`+WN#>p|Wp7R$o!g1=
z?d8L}?;RwqB$F?96ya;OQm(<TIQ;T6Da>1yOy;p<zDTZRif$EgG==uJO(E-*{vs<L
z#t^!c{u?j}Z}U!`=H1oloX<)VUCW_ETW=ieL}nFlaVn;$Htb!0D{r)Opui`P=O(n^
zkw>?aX02xHu{7e_wWmv58_sUNgSRKQqMc_o7V&L5GS{<L4CW)Lthrdg*(CYioX3EU
z9$1U2L=Wo7DHXmpSq2B`$G#&uEIpJ#?!i-hd>+O`I0_AGjHgTu68M(YTFE^p4zWci
zew^sZ*&P?jtFcn1kK`QfIB_bKl?PJDUwICf_TfzF7tK@&mRBsgjpYxv#YyVecPxwh
zo}Nz2q7!V{pGA?qA3xs_N6Om6oYlRJ6d%!->Z&?wt14N)r?Gr=;W4%*iQ{V;+)${g
zs=}vtCx+#v@uCD@S*O!@|70ao<GdK#H=Lh7+0TWNTt3;JXFSe`NNCUTZ>BM^wFg1c
zMrLUh73EbNtu!&`iUj6eGk^=f%-~u-dpae0;vxN7yC;pDv<uv`E**D$^-~`m8G(y@
z>P(Ct)q&#02ia3v&8e-Yjs1Tn#F$CVtK`SEhbY-Ccv)QN-Mb~X_HWBe&(9)l(J<`F
z><RIgI`pw(KqSxfapjS>4v}do<H;8f(`#6iT&ti&5~_54w4@XH#VlyE<&`zmik#;Q
z?p1RCiLy$PE|xNVW-r<lC37lQ>eLA)5)hXjJxBbMNu>NRp0R-vc$gX}FA+N^Hm|Cr
zO60zQTB)b3ybi0#UG=5M*xHtqmHO*Uc2r!<BzpWXl0O_nOqkG5Y)WQTjo6(savlA6
zVN4WrZXCzO6<3ky?L&YmlM?SJ=8p?v|DhCvrzz5Iu$wb(8VuRM2LAw>%+enO$x3S~
ztFd>r;O8QWl3sy(n*i(z$|!5F7auC;%uV~ehyoa3F>(6Hd8&e<nHS^5rzdxkPc(h)
z3)o*=gI3d^k5Vl5m_-3hb|UaeDGZ(ZJ`ss85_aQa7NzR4#U`AjjH4Ljo%>G_HS{II
zy1q!81<Tl9=H6(qe9SEW;RI79D{;!nrK-G)axt7OTS)YtUIsA%_!bnCQ}2N8K~j-X
ziC3g2E@H%+uobWx2}|S0ik%Mgp2_667|>6rb>h2Khwzkp(+?dde9$X|^m&<<_ibfs
zu^3ec6Z-7lP8?gHF7=;LflIV64q{k}>g=%UD{k7?%Rp7sP*XJo3dXE*`BX`k)p|Jl
zZVMry*Ru@&>>O3P#eOr0^R>EIXzwNXNsQAW#Dx>$L_H+yancEgVl>0ub&2e1-h5;s
z6PGt|Z1Ehz>MJO3vJ1K=h1qzc%0bXF;apcik~rSj!7mcp?FB5?EarSk89hgTNKvPe
zTwKtJ74LjQ)We5)>BZ}~F;0TgDyht+mQPoorN{K4bj!HF3&+!$*tad2n~oZrKAJ^t
zbbk>YF><J{$Ldhaj<vf8?fC*h{a$6z^Sel?b`|-NGJ;Nn;Q0Q+^+a}k4xj#SaOFoQ
zD7HEYkHultRIygF?$2-S#aBy@8X2D1)d@dcDmcB8@HW2G>!^jJBd!j@)j}&RLS3+z
zz(c!jXUyEcoCj73c%ATQ5F$Fc(Z$z})A{vM&V+{!%L|PRS&))OcBwKhGGQ;gbhOrx
zBR-==px`F=ICwfxZ3L9^5&k&(c+t{HoIe&iN@l+Dj00bNF$edbe<WzsBJy<3R#Sqk
zcQu3VSLNjEgTK%fabS^A?v&(KNnm55vZ8^Z)34yYgeoH1JjSez#RQrgNEV}?5aZdj
z*NFuO=W6!<you<xPvSr1RR(^XMzMXP<1Z<Zj5fj(2c6#_`1=LBP@;jd%AO!{IeAnE
z{Cq69>!c}@D~TZvoXf4p$JLRNvI=VKoe1-B!lf#Mp+lZymDd3Fy*&)?+Nw+Q=uJW^
z2Mugp#WAYm6aIhq?G{>ef0n?$uW|J!hgtRg2E51q#5=Fw%bWepESUE`y%(9OSU;Bp
zYlV^BD=4kZUS^Ii`31L8Kl1u3ck|u=Z;ZJ$g1phBv{zYLiY3rnx-0#X|509!oGY%S
zvZjvEAh8F!9I~mBanr8lHa~H?J>TG|BgME2p1OCCz0SQ5XI)%U%H4N=NmSzVxDS7W
zM~-{aKHLRQd%bQ)&lVn3X<#OD9^x!*E1q@@<P}xYD&D_wZj*zBV3E(XG6{N3R!nLi
zb*(6?346OLb{{-L%&?aYd)E5SCG08{d#18iTTX7RnfNe~uheo}+xk<j^IW7?IzX$d
z_FfLnGNkyMl+KP0EMB;XHcy@4otI}bqqU19RVq_1eEsrF`s`nWQ|I^jBE123<MrmI
zIz;B>zwzCCuCeY$+t~P{fr7$n9)El;y;64&*6(AsWS3(R`ssc=4NddV(hAENKkaQ=
zCcc2%n78;b-JaX8f0Or1Vn};!q~KCTxQ8Rz8XR3Rf;O<h--pXB_df?Q*5%n*e0V62
z+wK_6qGzY^!6YZ1`0_MP0UktosC1ifcX1`q*^HeEwk}XpP-rauJSwP?qZe!Nx0tE4
zvq<J!hrhRnMAvGy?Fbjc=aHAq^0Q^U{OT;e|9lS1ALwpua2M|Dg0nd2oRg<mUEsj>
zA8umt7jyY+YNR+#bqWGzXR<O*vbWeQcA^AbD*EHa`-q!7j3rNB&Cb_5^5E;c*nY7P
z_lUM^dh;r7?G%i+1Q&LOCW?MaMj7bqj;Gjm-B-uh+oiUUPm}E!)5F3?dkQH!dy%zP
zZ#I2Ai)EkA=EWJYQbr7*^tGxWk5BfcbHlum{P^4yKAG&vYl}`{Ck`k^XYl`5WF*H{
zLIQMyHaRw1Xz4FbyE#kK;G{BzH2VM+zB!o}$F(;0>S(eYa@~rPs|zpQJe03rpTJbV
zD!$Y`YEI=b{@T&Jc;6sKyQ|~!X8yBNd3tD|WHiZCI5`NNU2qkz6ck{OpP;0p0inS@
z#Fn1rfo;_sUUM5urC(poj>bJYkpu6KVz_%5pQRQs`o38#xh0m&GZ~!JiN|U*&C-Dj
z83eTsz%MPG3wb7n#=7#O4*9y83Gs0i=dU=MY3c64*=<L;7!kw9FJ`m+<LTT#I$VMk
zbK|}j(yyiK4&yVpE1SN#jwSD0!>leI5`Zb;)S%UJEGY{wyGnjYt*0S7g^!Py^3=oQ
zS@it1yxymdS682A>DD}^&HDe?dkergj%0oOTdioN6*IHNXxWl1Gsetz3}I$w2FGD$
zX0{V2aS~(fnAtMOAZDf&tX3=de>K|iDZbo$m%QBl?!CXtTJKCxcXf4j;Y{!JbbN6C
zM9d9xR$hng?PWvfP82E+31$YXK7PJ<<>smQ_VxMbK5_&<H)t@#OAkjSU?HE}9F<M<
zWUrrKd4D`*+{euo@peYM^wm+Ech@3(^Yj9IKG}=$kq!J^>A4uNSGC*Vt-EGn&5JV;
z-PM4#wJkW9*MueW#$d&xQ{d^$0Hc?<$R9Ul*G&sy3|N}XcDVo6DOmI5Jd6$Mz}q`&
z;pXFtP$vyeRMw!zIRxK*cpk1u_kq8C7oL1?7c#Dyj2|DJjdw3jLhhPhQ8;cK)_!&o
zetmlh&P{jcVCh7(RycO>BtGkK!dDN@#_E-`G1<$2H+I(2i8{f@M`W;{3;_-2Bbko!
z<(tmI>em)>eox`E6Lk!1?eWIF^YPwAX-KkT)97@3_2EK{v8Myhtw4{f9+9Fu%;p2U
z?4VaNdwXS{u-!i&fK^sJe&zgr_r@|@Ho_m5UN{5aKb(fbyi)A4^~8g+x6v3+>^M+>
zGK({nAkf2I2WM*?&cAdv>kmaSGyFZWxYQD5>6k2p_`0Ge_c-o8)rXuHmSNQs(=o2E
z5#LfjzWV+U##}xdYdBv&E(pi|l6<(wCE&#u=i%BUcO`)mM?8GYP<(lQ7+&~jKjz<e
z9#+v7oqm5FdP__2U2ZELykj0#Ju(&3W1JZ1YcY92Caw!&AS8G7Nblaw2k^dA2(~`A
z0BfI|2yIy@HkFzY#l*tXu3x{y9X-)=`V=-aXtDY8%N2X}>G=`;_Dlk6a|3Ss^aO5R
zu@qmfT#P;E>2cM2C#X}h_YUP#jVwiOsE2`G&Tx{~<Tsm;nw5ah7sg=jHRod06+=+M
zq$^Jr3rl8aZNx9s<;V${`0R~&m=~y5Zj{Pqs$t50ZhdgnJ0RGFff5<-<>~-;c@ZD&
zwsM`c1-R?sqO-z*q6%bZ569!r&BACO57^LFS2mh4chMN!Gf9uTK0J=+KfD@WzIO=@
zugr$lH3(n5v;db3vBUcOYT~kmm$N;pWC5_u@gNMse*u4LFCn?D973b)!U*2f(T-Cs
z-E{8Ea+%7M8Z~gSvw=e&4YoKLNd+jxdTN9Zjb8z?3^xZGW~aTV?dpLmgAltOGisQr
z2fEs!wYdW=8ZE+IbV?hOu@k4-8L-fjRLN~f_HRWeGK5NGN8HV=9VnsSRQi!$urTX+
z;Qsk2_~u7^Tu4Jk@8s#^hyb0I*?kudFjJMf?m9aqvah9a(oo4OB})<<3>bW9^xE04
zkpWOJ$0Yj~iQ$z5<+SW{D~hGHMw|-+0@Bjd(Sb6dL7caRKfx{zbaHY>%7~LKUGxPy
z`1W<9Sfy2<yMK?3jt(OXOtr&l01D;TI&!B$j1aE}yXfI+-HRq;51p&*6~l7c9O=W0
ze3r~evcd*tD&@*L94mxzZfr@1nU1fD_*|VG;YZ(5)7*{<qW5DEQQzJLSJKo?+GQV|
zKpLbbW;yM>R*3P`!JgSwv)ocPYmw|>2P+!8Lk&i_(-DQ*@fzzE%CCmxj)O!13=RVv
z?a|rMiH066f*6EWcXYu_qbhsC7?{lq?r0|)<TbX_cj=TpJH+PJ8kkAa(Ffb~qDb!8
z^vIneJA{%>$?(fsjcBH0SNK-f4DZxbJU`JJH@&?bHOlUm8fMTs@<O)fZ$p95#Q->*
zGGb5fD|?{Gqa8cSnuhb*APkgd%(lI0WS>};fp<UL07I`W3Yyx`MrYzrel&2*Cid%1
z`i)&CbZPA<!<2D~kT+?QUw4QM2f8`Ii@{B6dk6BnI9|C+Xy=TrH;%%x=YNI=gV73(
zp`P<2n?c6YkvEV=2S)U#C>yemPM6t?7STk~srB~3x93LV+0PH4mP2V^rdr+63kTVc
zrJGqR`v~TEWerKOp%*%h8I^5jc)IBk!pvPBah`7MfVG1jNiJGWO&>}qAI<&Z(I2=_
zp5xpozvNvV`Cp~Tr8T1U8k}mC;JaT2HPqbz@=ZtH%f@#_bS%x(5gP`8QLgsNBU5<<
zR@b9JgrX1ZtG*Sjw)Ti1eFdajHic~J?1Hh+8ZnMqoNVfVgQK0Y-;Uf9DVJXm+1V@m
zr*v_wC)+9aZgi4%)cLv=)X2V0LJ#HNRc8+^^}NT<4#85N@^(^wZKcpFv4R!n!U~m?
zPuZ^|!P61e)P-sTc__NWV?XMYkL=OJwkIeXQ4APud%KmrrCN!*g)$ZFOnG8(e4H}x
z=g#?+yStRj0}UO@BfCiQU(cXa_Bm>YBi^|x18;mT>%7>nylY7o-_scnb+;qgl<SsG
z7#PgR8+pwpBO1-th@$-|p-y%&(TTCxvlh`gWpOlRT^^~Ew?XXR-Bv?gHR5;+@lx;o
znRqnHqfUz{kwhqve6H&-DKZ<RXK+aR%X(~RxBBga?9-;uMqSl1Nr`4a(o3E;vb=*f
zxQ#j(p%WWz=5*M?he%7=zXy-IyU8EwR0PGofIJJ}{ME>>g=qicXsbJ!uvt+qifC85
zIR_Ce>!r>VF?b5~W&+4SxwoqmM_c<agh8jCxKC9#!6PvacV>FvkxzD`s)s?5Y8wY(
z5Pk>#+?#I2nJRYz2y)v{b=2a?#ULuzEafVw^?y^>a%{QvsI1RWvWBzp%QXe1dVJP(
z!9xR~_43BYmrh_7bP&tlXC`9L)Q<*Ksc)$+8Ri-MQYQFRS_G83{7?}UgP~qi`?Rcm
z_+1)Q_`PfD`M`PtG-hYUELHvy9)aKVW4WeYR<E7iW?<h^N196=IhOJ>eM{K@-Uz7m
z)pHfUoGRBW*A-x)GJlo=1-Io`#VvCob%cj<UCIT{)EjUta$&iwlu2K7W+~${@#e%p
zytw99e7wJjb1Zk~SaBfDQvWw)mhv-n^cPFO;_K&$l?&5w{~JG{%w$7@Zn-E;)p|-h
zOM594HVJMi6ByXH6v^E-7k6yGVFV^W{0%zftr+4^g|30)5>R-d>Ht4%Yvb*UZ<h?g
zb+2znq2jy-wEep|viv94MV6FP%lYr|P=$ZUGoBB08UyPIsCdq9FHO{QsUsk#3a|K4
z`nI(Bz4@18IXxSfN}CEQug=t$5Ams0)bcaqkrRT7=j<|Rr=AN8v_DE4o+^*|EFiQG
z#344qPNyt%KT+ArV8Id$3;Z7c)j1rf3%^IF3jb&f@=@ql>ssm!ln><^zxj8ju3BBL
z3l0G(Q}IZV^r7~t9;@x7SdP_i0ky8c!11X4ow?2vAx}MLz%zVo8hVc(#r|eqU=TS7
zgYaL$zy8(y|1J<iz|1Fv8BIlH3%Z#B4o2($$AFokgOeUE8Z)Yx`TmdhV^Rz&(b#HX
zk|0BIR(}DAMiI9Iv)K;8t2&E+1{5cvfsO%=QE5w>2F3V48^rd=qab<w&3I)H{s73G
zFnOdbkNpN=5dItZzZ0+sh~ZEc^+}d9XyyM;LU&JpKp=DcS4^>FdlDo_u<}=mjNnu<
zXd?Y*gB2B&K<ZyW(;y7OAPmC)V)(xm){23bU%d<lEB|*v0u^}<|5r`1$co&?{;Nes
zf)sfS^hbjg0crEEplJ{WVGsu4e=+>u3RnhV5C&lo24N5e;r}EI1}uXx2!k*PgD?n#
z@E;F@0m~o^!XOO7APmAF{Kvy!z%mGfFbIP%2!k*P|M4&wunfW=48kA`!XOO7e>@BZ
zEQ2rzgD?n#FbIS29}j;%V3D6(4*u+N5C&lo24N5eVG#Ze@W%rd+3>E;090E(^=&{q
z%UVtN%|7|v-MrS$gTDUr|BWCo@KWA9`VT-}%iSV7$@2Su0>Z0i@=9J7)<%4?chP?u
zNO0Op8e1)UDV+^xcwsqLLE)k0_^$#J<*l9aHW07cPag^BF#h{_*iF8)bn<{i7}$R&
z=TtzIAK4kXiRJ%WgZvJT&3G11h0g|#>+CTJFT@`F2a54u4g+mOkI2ATa`}%y-nC<(
z?KH~UjCn3LKsEprTyieF?I1p}2eQA|e+NeP+eW?kcgvT^b$x5UysLcpSAy`#Kv@*o
zlCidvPyY;m{!1XTHsa~}69OxCPi&FNqVFmw_JHO8llkak`^Nu?%@`n?vd`YXLOxXa
z7rcr+_}9wd9}8Hz%<u^G$20fM$43uN!}||T$NP6p#;o)ZoIg1N9$HSCyrSCN11o2D
zytra2LWJS+23m3I%3DP(xCCUNQZ65ru>;H0w~)$5#UU^dpTNNDYJK^rc+PGwFz~v1
zu9hkN%C$atNSVAnmtSW<%H*}_W-DB~BoqF!sj0lxbRZ1^zelHXZmA<5@>J{WiaW0!
zgZS=Fq)r)ub0h8gjg{I?K#qS8*TDYddmwH(R)uz8UFDj5t8FZ0YCZW@K(6szt{d8s
zHhnA}o*qcSCv9q7g)Z`<ONZ+&$b!FyL5-PZ{FArR+Va~*jEvHcg$8vDDyZe^o-ImU
ze$K8d^*Xx{5*~naM@PV}*Yeg|OI=5yquUx&MkOIDoRc!ph^q9;M=ev~_h>uQztmUj
zSjq<CkZ;liXD_^bULu{22@95t!14r7#gMwm_4ZEq#6{!PYtv!fWC?1{#v{1Tra_Ux
z0p|iL9a41W*z$dLdx5{hIiQ}(ZxxiWN|~jOdfeWPgzRCsGS!yH!gH1}fC<dZz{|^{
zpl#v!rA%;Ao^@_MxNdqRJRtL-;<11n|ArPhmT#elpTE0Ckngi`$VVB21;5(9zrtDg
z<eVQB$G~Hyt(>dJg2VDXkRJISc&-A^MaH$_T<m;t$I>|1b<yU@MvH3I-)n1V#e{{E
zusl}RALu%`;@MlrK`+5>TPG4TQ*dR5JEF&r!0nTQVI|H+=u`2W!Oe5dg@1fBZkj;d
zY#mTfK63nbV^qs5*VVDgu?hprRl3hUXOQF(5r)_ApN1LX&d`g)@8X=R_*Fj2v4YR?
zJ&-o3qg)$+_xI=#kj*dMU2*M#^nPE{)Q+(1blf_@pK{4@|AsybPPLCS#}-igl=>zu
zW==`Ns30xJWRdUwN`IqO#VOa+kJ26(ofVC-(e4U;O1WYWe5f1o3^*tk3P>9Z9(8O3
z=~d48QL6HrfuKG#3UAz!2`BNP18Gs~%J-RLOFI>Z6wnttN*Q_M9T|=L&hcepOnTJ%
z0t0C{8>Fr1@7aB+^_8}L&`Y_Y1Hsu@cyVb2G)mBJsi(G6Xy^C;5dK)eVy#7UV-p^J
zXA^SGj)*ch;j%Y(;b5yhmZx|_Z*L8qY#vAAdfQv^)TakgW=|m?t$I6K=y|9NQs|aJ
zP^q0AY@nAmT^8qKGQ-Z!2F^A-R+*&?Tmu&!3wd40c4s@S>^dvg`E9M$!b7gh*6e~u
zu31~dMfOdn<FZzc*^gv2;^;V;dVA@IWg=h#jFRnjwy+g~+nL#f567u{Q~M)Rb%uq0
z(&`}l*l0DFIV=i3j4z~LE3Gx$WHUYyTpDilXy8Vg?5%`G_S@B`>{RV&%{~Q>?B45W
z4{KvP-uo#R$D2Elo)V4G-o#;T1D%!h#ZOQFIGu@0cKB6zKpJ$UL3V`h=PAqiv6alt
zB1~F&^REPu<f9|U>L#0uS)8~s@rnXTKrHq7Ax<0Clbv~$a|=!@){xz%j~~dz>j&z{
zewI`CoXIN(4QZ3{_Sj<KDDuMEOwx&6?t*k_aQ98~ap@4p{s2toO=sP|zo6h35ZZ~~
zg?w?4@scM>zogmD&KmX_mMMl%=G6)g<Zq~tJH`$1g1y{Lk-D6>;gd(=odwYxUoX<4
z0+GN;k@gDTMSeIoJ6mhG+EEBqxe<`|B6}JuWv=XGY;w+W;kP4E^!Lqj;?meqUS<A7
zHf7u*!}c7nlPj(n6-2o)VZ-)Q_#wX*2#m+^$40}JG}V+<VC9eb=$38ziQksAhzu)t
zECrX~Cpu@5ADM6IlYb&F4vO9gz5MV`d3mnXXPL5HmRyryt=9^kIxVcEy%-0{s-RVH
z$iB!5Z<V@~6C3KPI#vOZ7p)bimSsYZ)EB<V{E+{V(P5bB$1=*Lt;h}QR-DSiQ(LRh
zBXT9ik+LJQZKHF+yaX?vvk&2w!cRdd{|Q9|p@aOhmA3&a*{KGu<hM@dTh3Wmkx|9S
z^+6-`<s%??2I{x5i-%gc*s(7onWl_I3s+^_#3gzr$P^qhHa3+sQ1I|0EbPBVeo8%s
zCqj?y-{gVUMBa5G?<&v8XN|oBZn<nKmW9&@^toVJroUpl6d70aqQ9+^J#|HtP4v;y
z_JoxWo|_S-+>P?|55P^6l5k}JgBJsJX>>G_?M*nf?<77vT#H_jTZ?_N6Ff3UqGK9s
z^1Kf|LB3cL=h1K9*ssXGB41(;Syhn}nYS~tCcECVP-vuHxs&%=UQ+m=@|QE<rs}KM
zoL<^9;uMpv*vu{~T(>wI4tbRKN-Mno#B7Y9jaBT4;86NvUFm~|w$hHtjL5z#<y7UX
zGRL%4&N4>9Yo(<elXi<7oB`6&N?l5g55}x0J;&;Z=g&_=cMWxow$+9mi2c=C?7P%g
z<wkk=xr)m&KCRemk=<?$MkIzJ$&>xdo6?neV|(&WOMQ1!e3%6%K_l%2ui)f&+K>PY
z4{#z4!h6bz;B<EBw+9{6!GV2~Cl1sTt=J{<(}Vm}{0-YN9q7j^^s?W!>ME@G?i5-b
zNE2oFjK3mZ{-*a9T7*7+%Z}g5x!mEgcgIKfPe&GWH)kI|Tog+?4Dl<{PWlvj`)ROI
z<g|Z$3dp&s7an@bt<+cKfxvHj&W*M7*I`8b$Siz%Q6hP+LFtK8c<R?G^a;N>9v$o1
z3Qo2W+u$s=RMGW64_YM7deCzG-vb4_kCSPtZbC?0Bz!vR@a4u5^ticVYFZ#deO<A1
zax6R>YjM!*j8`Z4V%6R{Oq(_oS51n*v<N3`IaG!&ttb*Bvdj^9eMSJXQ^Mhc4jejJ
ziS)6Vcwl-A;)nR-=CKjjc(@3$$!S<IFB++VT5LJmh8vcTz>M@@T$<v5FMlk7M?xs>
zo|b^@tVqmoF=E{b6K+^M4D*wGFlFQrjP}<dJUkQ+U6PLaZMn#6?Zen}hT_H%As99$
z61tPcXbVfgb5s41oD_!TL%ngjsEOIlP+Xhkin6j69II_t<Ukz5jL8|ec1$P|l7f&;
z8F+VVE=)cFSTQFVqlX4ysH+A$3XE91AQRV(@JG0Z4Gtcu#_S6x;bzj567GgJ%JIb$
z(=adH8J#`$m>J=UgD1-olAeND!F1F?Ay~N}0za)gfp)DO7S9}x3)2HIGAjhlIfdws
zO~5NN!;vsN9QL^d$di5MX?Rv#IT4jdPNPoafw!+p!loTXm@zXOS7ZiYc4ibD+Z%AC
z%?Wp%6M_?kRj_ss#P#C?QC_RT4ReNJafTaOYYix>r{Qev#ktET;<jO)aMl>%9-oGE
zLjevpS>w`0Be9G@YUc1rO!jlY##2q0G&Tl_PBxe_HX8n&Ey!~X#;fPXBB-weo9Z>V
zbXqdz4);fxeGiToH^VFe6-99Ij1jnGcmQsk6^V`OPQo=J5|1p1#n506Ts|WfrTb5y
zLgS2wFCT}A;jYL^41`rfJ-$C)OLx=<YiDO%IeRD;$GV}kvJNeJZ_J8yMN(=c=KEP;
z?V&38Cr06ssj;M&hRNE5J%ugklh^!HX&wE&aNo>SOh}K!IF~kTs5If~IU}$j*#~pd
z!qC}Vj{>6$p15Er#zuKy$>>mMnwoL4tQ8ksFcBB0`XD+c2$S7ScxZJ27EMcpEdzF!
zVM(}stPjeH>d+PtipzXW*mSHB2_uv6@QfIwL<D1Aq!oVL+kpAx{q<SC7@iV_X`v3-
znp1}{b4THUvHpnkcSc2S1)3;-cDC-gcIFWDlvkkA;DNVpPQtcdt8v4!;TRd`hv~z@
zF(b+m+xC^93yyf@o@p56>w=|pq`5_v=;-yvD>n|uP#-5;H!m5d_MSvl7x`c^!YO+!
z-Wg)R>Ro2sbir7}S=HiDZ8vo~6<RuivHlM5h!4j_!@ZERI}fg7#^Q2KF*X;PF?n_d
z?#K*8Qpylm*A^lmJPc8Ru2?oD7TzuOI8Z@(Vu0xr5r~_|gkfJ!G0Z_R_<Vr}zB<;4
z`xa+lT%147CywI$YG{I^up-?SKkaY8$g#<o?qP*PrJOS{$T~;dHaiWos7upEMPrno
z4q@zX#ii+}*mwkm)^50MZYm~IKd+{2Z#-Own-`^_Aio9%6J>W{I(!VZ$ZKSvW8;D=
zr^P_qP=)daCp>>!I&!vGW8oai)97#vbLz#m!e%U<m4Wkz`D4uRAT*vRL#0U^M<?Pk
zQ}EE#NF>-B@$PXGuACkLFTD;Ij*moRNi~Ywda-2MFf7jw!GaM1IJT!4jnq>{OlU1P
z;qsZGcysG%Ov{W!lcyghYRd6et~G9*Mcw)M0Q{$nL}qgtY6Ii&+&ScLQYbDM?uYzi
zMX2r6;iWsLVMLG<GUI~aTwjR~cUK~N%5dB{Ap+T)tKqbVyE`3l*Te`MI-C#pl+k!#
zoDLffR^hUFBVjhQVBYj$IDb+kGTQ2}sf_a^L8GfD9$1)yb7;>(H67Sj(~a9N8H;(8
z|7oc~XsWA4nR^J{TpR;qbv;fyc;KeVQE)bQAu2uqo|L}Rw8IbGGZ~TPr*P0F1n*CB
z#<!IYc;eh-OdA%4+5Xn}{y+m}PRYdGQ$rEzXu^&%D?D^@7RIHAVrgJ6*6gTfwkw{F
zKzq^G+J+9DE2j9`;#ap&+~iz>3qL4?|CmI)FgXUv34xds<%D1N*J1p*qcFL(82c*i
zaLxHc;Zjh8LM4G?f*Tl&*XG9}jebkt&;px4KTHUALVR*4rUvV<Bc~MFsA#;mBpJhp
z_+dt*Gk!c$iP3b>lf4Z%c*=x}uN(unV<qSd^@UAqGxp{+;F60b<3ifSnAl)UcIEiL
z$pa&4PIfn)dpe#SABy-;`hy}PE?$z2g_PmUC}$M5SmT{#L-08R6n#V(?wa6(I$Lkt
z6w-|!bDEGcAq97h3dQgd;qYu}!O)?xaOh}3S*H^ozbFlTMMWs`h{nfbby#(vk-<kd
zhKwGDr_TxI9JeCZWP^#3u5gS9z_p`;P+m}h^141;d&LASO!33~WLNCkUqfG`L_(D9
zK1`UMg<CQLFqU#(cbtJpOcLIvzm89dz*Py(SaYla=PscQh<3p7{7Q5urDK_?06Df{
zczA9i7G-<m<bg5_8I_Lf$An<oxG1zA%|~%N`;bKDPk?xgKL*NvJ&drJ8QDm7#Hd(;
z$EW~zY}#@V@9b&E%(0QM>bAiQxh<}D$I@gseE-%~-18HI8@5$|*->Lf2`+x{d))s`
zDMn>Qz^={(E3S*jFJElNBR>@>4#bgZXH1AMe0mLd>HS<xp<(wveGs=?{{xPM49CrJ
z>?b`0xf^!iu4{jS>$HiO8qkY#GQzNb-%-4_wiYv{kWssLV&V6lc>m&PXuLzQ(AS8^
zpIn1CKd8WYOEVBl1Aak@J05&}8%nI{@Ivgc<Ck)D7MJ0@9ThMu+qQSZ(>4T`j(5ek
zpZ$ubH&!Bok+s33!)4>c@$0&6xb3Okun!2qObXcj$-o8ouESfKs}VkaJf4Yb#PzT5
z#@m|<QKNCi?b8GC!h3sgxRC)=oHrPw!<rF(pSct7e)=n($allnq&GY?3@NsCc;La+
zcz;(fmMs{8Cl-d_`}eovv5$`6gtDbQ1%OH+{2uRb1qV9A^qvl8{*hReq`~{2?!@(<
zm*BR`vJuWGJ2BXekv212I|rnPy1`!Kfa|6N;>}MFU{@L2NtR&jQL-5~8nSnO&O<<S
zDAIJjh>D5DRKE_q_Q5v%aH0dVGDDTeGd^B=<Q*x%hr1duZdfcd$4}vtlLmad=>*A$
zz+(GGT(|O9tU6_YSxIF{GmYcAUk~Ay`&VK1P6vFpIEbR*j49DBSo6&ed|B&(MJYiT
zHzggZji+$m2m5if!U#_ndj^mcJZ93}%`N!pXce~a%fpxZ>k;asM@wxzR=%5q1kOXE
zqX#a_^u`;XZp1?`<zPrgJSO<Ce<hQ$#l@`S)KQ9OKiY-24jC{yIRQhRTkz6{JMdmk
z2QHeD05>Z;){DT;KkUbkCB2vs?hA*YL|hYZ!lUo)#O9MtbfnCYNK#6aA7X5KaCBP<
z3>DRQcU>MF-Mug+l&May53ZdSh;3_j;nBCYLz|w3d0|e73k$>$Z9AU+<S-mVLJ<`n
zhY#mEW9cnF;Qeh3RwTG0udJAdrG$FG+nTg@*<t)pA29yHZ0b+RsXW~O!6CE-N8-Y0
zPfWUDDtvZt!+r1W#5eU0cx+k}`Z{eeKEWHm{<IGtR=VKk(ScCb0BHMQD7C`USs`Fb
zi5b+NxpA(rY4O6OVGigtm=NLZfT!QxfihcvoI?Yy_Y1@*SDJ(H1l*QkgAZ2i!mHmM
z!zuQW5aNc-n-1Wey&ae{F&b8~riGcBsab<q%3Cy#M@@`}{mD9HWyQn2y%I0JzYQOk
z*x<HVad6Q(VstRG0b?)x{oIk{rQ`5vNadr^V$rBDY}<JRum4z&nH-m4=MKzYYsME>
z$0_T<-dnpDcRa8f&zE@Nu}mLylmGMGOt5kC!?aiz)RnX<){j;UNui$ble?r{whV@S
zksJ|(NiJr*@Z2wWes?{FC&n_!t-*cweU0~yJ20@1gtohj8LS=h4xhrR<MsG_b3Xal
z4SzQ~Y*=>;o15*iB+4Cnk0=avX~Z4(tj05^oblRR|NgrmlC(9I(UJQggYp^UXN~8d
z*#-MC@dyg=fJ0Y3PBykNaSKMOvlaAi9=K$fn_`~|t=uun#~Y)W0L2{Ng?l;Y^{qXy
zu_JG+0&vw7PyD!=<?roB;^Zu3yXcV;>xTeyGbT(=!bK6}Yp)lkWjI3b8G%`z&A9RY
z4fv|e*nexNs~5vYBw~uG8aF<<4Il1n#jJUm7;Y%UUGMC{+Tw0pGLb>~seF8Nycs(W
zmSX?TLgX=#eQR|N%DSDge26mudO(H0;Om5Ci6O`g@q|}c0OD-A(AUy{=ilClE1%qr
z#OwsPQ|^Y6w(i<$y!=TSF1l<4j6ZF}ZP%@Xej=TzUmG)Y&W#GBZ(~k1{G$Ew0_Xjy
zFZTmpfw*TvAl7fo!HSO$q0uK8i=w^Y6X1<xM=E5O1}QPV2o@(PcbU4Z8LTD4X7>@?
z_3C~lLGg0c!Q9-0SH3<D&mj?rpbvQbsuXPhc02C-I0rPsSkA=3!QBH1o(!NE*CoUT
zAe?Hc+yL%0!#W}b*F<;Vq4#!UYhE+ugL5o4N_?}q2kyT9m>u4Ohu_G>@N?1;TXYE5
z-Saa}H@PrL@j~e6Fa$Eu8JZZ5AhQuob}pC^>;QNM;@Vg(o_+2IJpW!X#!VYapXiFq
zgNfh68JCY4f?!)mL?%Td%xqwv?2vxs^q!O0Qq+uZDVueMZlseZFTVRLj+&h@+S?t$
z6EiTW`T(xIel7NCLU8|Z9mhp_J9^-s9FKean{e@s-(vM4;5^z1Zx44Yj&s0$ukMCb
zJd-=x{9kq!VOwq~zS&s{pU_Z@_0qsj=Zxtwdc61fUNrXxVM(eLo_XXeT(P<hPh65h
zyDP~{|8)LQ5U=s)K<$v<HVi@vPo2iGigp|+YNe9u5$e*7W*K~CH8#}Q;Jp<ik>b{a
z4kOFt7E`A!f_!xN_1n9V_v9#KIGABdPC|A|F+SPbjGl@Le0;bD4#aJ2Z^6$wh0JPb
zP-n*D_Dg4=Y{%ue(z6St{vMb;E)lOkycE?tE<{38EoyD7QIlVRon>t(C~Lv);szWn
zZ9>!W2H4W64o?oo@<}7G^P8Kn=ZRF5p00wG-X7m=*n_^N9u(DfA%y{p+`j7T;YS{$
z$nDckBfQdM;LIRqU4aoj`FU8KZ-8^8A4X>-;O+a*Mb+0!F+Zpm1$z(U?Y0m!zBPuz
zV};A7`r^eWPodGKn>5v-x!V?bIY*IS-Gw$zypaM;xkpcz8M}Anp|h(4KfQY#<`iai
zS<$$2)=1>6yA7K!^+ic;9-jTN8ZW+iDK3faMj-<p<zBXp2_OD?5(&dna7BtUo?M%Q
zp!3E;x4!`UYCF)pKOY+yTul${LtT4U|D8iR?KYDc8U~Q3j~>NA1}hybSCovOj&>t9
z@5`k|TET2Kqm8LyT9O}5>?z0b=5FL1K8YWT+m**tEj9I6b+i<RsypH9X$u=0GlRKa
zv~>00#4ks1I4KJ!?_==T+G)9~-tTm0os)vo99!;1{%GjYkmtSFe30@~*N*+Cnh?x@
zWqFz--u$wdfxj7>4j1EeORuoCpGekkHTBSFa7;9ArWOO%=a!+RtQn=9T1*@7k4$F5
zn_j#GMeol*vbGI%mRqTIUQTqbuK0N)v*wm2<kfUx_~;=h+EIjpj&AJQSB!cqYorF)
z;?SWJ*jC(xqcm{zaTs<^EDAQ}p{%|ghdA!m264(7&RsWp#4vXDa4bFOF`8-AdSIX<
z^`4l7;Vq5$kXcYicN4x?Uysx@SF|*@;`2SHP~X&rrfx0bdkb;<UI#R;nu|a?BN`b)
z%2@ko06Qp`CYe0SW*hsGJ4F?F#movDU}$W_?roJYWyavk@$R_%xszzMGvn(GrSKo(
z0&6Rd>3Au2mp5QTu7O#&3uz{;_B4z;H{j#W1l%=07^{9dfj+%6VwMesW^)cIp~r@;
zd(hk1g9_?LVz>kPx=freEf!7*$B7?Hu%*(Bs>%{n81*PWorhypZ8%!kZx7;J*oVdz
z&9$Z2%WOR{BNli1cVf|jCQKU{fxWv*QPpk2)(u54P)FlwKk66&NRZY^o#@~kTOQs}
z)~!*MUydW??Z_`{!rsD094cu-BLfF#PYH6&n6Y#c44ZGl`!hLFnij11suVZRi$zeJ
zKY9-5VsATzht5X$X(SK3Ec`T4#`6#5<B0zd99j{N4(fi~uq50yYc!5-xD)Fax*)g2
zfF5OIOX`HF3mx=Wm9mC{wkr2jAvP7(Gw3%V)3*l!^G4&AnUwpVZosC6-Z)spKuNM#
zY2Vq7Z?-q!(yJ2Sq3J{E?%mYS2t2UFlf14$Ju}hnZZq=+$|?2phfRAK<j_7bU=L34
z!L1XV@xYt;)XO%!wZ9xKjYjy-%0Ns-CDxp1L0f$-v*1o-xi({SeiK|GCgOsSB0RUg
z6H6}}3b&KR*tz~VnnTm@!@Vh}X|dd{x3R*3&4+O+dn}IL;*T~57hIj;iTA%Ogn{z2
z?qDSx9BtsF>!EJ<!XS^G7=+2)&NkYM)qBd&?WD)FbCU4Y+dEM<GzG5>18!W`1Zz6V
zM;={<>W>y6Bg_#FW(^t|>haT|LbSWN<Nom>xb3#3sN8V@hIX}}LU<*{LL9$B8<T><
zJUnsI7SpXx;FDcugk=RGjC1}oZADv43pVYmNAwU!*!0l;$a*?j)(+7@C3ui|H{;W<
z4kPN;rTA*D9c^4M+70da_Fz7$8#~d=;5uYpDlWBY#_QW^(Aw0D4|5DyoMcOxq%6u^
z8V1g79bNJyN`X$=(G&*er`PA9ih<_7!zE~KrejtTGXZ%FYlBUjcQHqD#reZRuzc}U
zRBpW%k52VMd&L1vc)uH;+`$CP!wNh0m(kg4&_cTwl^Bc}*+cQ`S2y733)yfiFT-ow
zs*sZCh9KV%e6h6v{=>qtG7Y%$M<z~=lH8DQGG^MJM#`p@y*>8t*oWSR9vm<4KuDZB
z6R;@Enmq-@yRX8%=}xE;<0*ELvNnEr1V#=U#%nj@^GhPo(bfhVCS*Tv+yhjbki*1d
zCUb)d%1oD8d}I%0wOd)@W<&klcl<Q=9IJvY_2!!FL~L1oD;n+{f`g~)rNZChhd&4^
zH~%omjTUQlS7b6rXKxEzTSiwDb}LfTOJ>{3WI0;lgBQO>(hCjv;r^NM*3zh(sod~G
z?%k6xedHZ*x#kx}<+ji;x^(pNMyRu7AkG*X=Bzk!YcfDD&ot?*O3PdE*vc;v6u%Pw
z7k+@Xr>$Y&1fF~OTkws45*ZJz$AJbNJgHE2wp!)6re2=c3zO`umFMqGt!>z}X%_-V
zJO=Nvuj8(@B{Yb3aMv?PvD`UQ9_LZO>?Pxn>`)PQEzBJTc=>t2RTh`(eK8_T4^vYs
z1+ENBuXzi8X-^>Wu3wSYr^RzOK94b9+u(;gN29i)6*FYfQz;FWtxl3yCTLVXM*UV)
zA{+8bxM^)?hapiO4D>n?wjc&h%s{JZ8}aT}n-DzwQTWdI7_aAbp?v!e_)Po+3vW0V
zE8-dP%VIH|9m-GCz$PjR=LK2gU@`kDuZAzP3v^O>7$Ijn^)Pq=g54d^-qZ=bmj}Wr
zh~i&m4*Pc)mPzdgYx2&4nWU7-8V73{Ruhd(dJG+1ODnW~LCk(_VG^Uts9w*&#hy4=
zP5C%D*gzu+Zq<$}<~)f9%3`qTmf`SFB8yH8i5-fE(yS1a`~Zf2Qh^Y8&`G(H=e4%v
zy^c7o%qBVnYs^Sz)>hRH|6pGPIct?i<SN)W*uqglJ~}yD&a==Vieb-BdrLcNPUmCn
zqL<*4`7E-Y*n^`jln3(O)YeI3(~HCqI=bdw*iqRH4K0X`bq5+-Vejh>Z=xz|>4TGl
z$cL76QN}rEbq$gYd9lwfIQV(O$(`592W#?4Q4Q90l4tb>6UB$R!TD|}u0^lEC!*cR
zoa$bT%<w{0Ne6LS!&x#iwzVN{eXuLOy7vV{yxfAfZk~$KPGU@mlT3AYwue?ML!cW%
z7)*81;kx;IBT?#f+97?o4>Tt#@O`5VuA1Zu6t|JjUg)Yb!c4jBUu&jiGN7f8CeOrp
zNLJ?Bfi;KBxGFOcxp~K!X!ziz@h<pkM=2Z~ZQ-n=&~ofH<QwBJ+I}n8ljo;O4Tw+k
zf(;!o`dq2Mz0CG$4>*21MwME2pv;x<gn_}X0t4nvNQH;77DhVXE~5!a;gqMEHu%K)
zz>DWa?OH_mFo<e2Ban08B34CpTEt_=;6T>D*su>7kIXX#j{!t4vSy9JC7Mz=4|xbT
zY;Hk-1Tni#;z(o?-pg{r7YD1Ax&kt67e_m2<*o;_)o7gqblOfle(jscUh9U!M@ONv
zu@rB7wjLqF9zno@Pw?^{ItB7w5pdxF<*i$sHhH3_4(Z5Op{I||wKKm6tG?QT@L{wy
zGv36byJ$<~8NYO_>%+d{DojX8gkwuR+8tW){jok=k`ac|2KFJmw$k>mSD-)%opK^J
zP0K7bmx<uw5qhAu2je4Xlk~P|%`1mPuoryoIUe$GWUMR7%A2v{R0l4<Is+|V@5P!{
zD_ofsfGrHh5om=aOJ2b1#vwRxVFY!W;}F@fYQ;rUpTu*9p;&csG)^{jVMZ2pqPz`$
zzRpU{X*5cVMjI=_PCn?J>|n*Dp}U|Gb<TdcDb)?%o;Zw>b{~v%@5Rn)1Ma(GIy%;T
z2j9sbVo!q^4%BgLSr<nAm0v_1Vq$gOjc>s}?nw-}aTRv9dm}B<4X&cwmg$Fs2Klwk
zD6gX*(OaX5L7?7`b4PK3p%-xxE@-KxUR&8AOctT_StH!nseg@*$PoLoYb?RY5l^Ee
zX%60<AA)Y`t<0V1pDkspoAXlT=804vj;*Z^8MF`k%DUl7J#dk=Hhs28^P$YrwrMyg
zw*1sFaT%8EO@Gk^rvTamH=QEyDro2@9UVy|6W@}K4!r%!Dvt9}1fTaMzA6G5zS)h~
zMN=@@t__>%C+yjeh)OeqsiTLEAYjbn@EZ9FF8lfvO7>TyV@LvSO6b8G3_ATnBaztK
zjKi{KM)k}5cH~%l+fB-n6(?1GD6iI>r(#0~K7Z>Qgho9I|7Gvvi9I5~Y|G%Q#?Xf2
zyZ0b8`~i5+d=q#6P)(8N*u@4?F2%;nGCRRVtDvk=6nh}<QuI^S>DcROr%H>lXV*T2
zk9rIqqh7^bo9ajd?cAS?JpNoWGQ!NrtwXGkFo#0WE>20-xJWcBlgMHv@^<pT%KPTw
z`B{GWY(oy3XfP#1qP50@`)l#`GfVN|g$d~G?1Qf9ByRYr3m?6_3{RhzKqmK4el&~{
z8O8OGRQo=>@$q&<ET4m~-@g#Yo|p(@C8N#l6}bG4h4_MH-&~r&h`g&m^CagqG%7|$
z=sgl)F$d@*t*18~zyYTa{P4~NSoOkUT$1WS8S0|169Xju^}r}hWtLbFmW)T1#j$IS
zkAX(P;r;lm$_1;RUV^8VM&l@rtW9%0p8BN}cip`NU%j;y&n=6gqYJ|~FD_u@s>jwX
zIe77%EjSTB4BxMuiFcPL!rO}3DWg*9PZn{tOBO*I+bM8iNzr)q$)(sjp$C_|eH<Hi
z9YuRg3ch*oB7CxP8nObMaLM_Tu;!6$RQ;NZFKZ~I5@;|oHq=+*ID?&*x=Q4C>X5hf
zS8VL|!FLbO!`BaG;w$oRcWDE*R%`LjeY0`P2ye7C7}2Bcqn@ersm!t>+?^)LO!|+z
zD51TyR6ndcgqnaM`1YxVSUJj*F<2L!hX(De+b0uG84!68-k&OI$MwszFmqfw=XDNd
zxOd^Rt*2pN@CU6eD(dpFwZ#?d-Z~dI$2z0DgY8H_hs*^XcP}GH+n!cD_vSuCES!K3
zA3O)k5?oQ<VpI%(0_?lwbTvFiq~oDE!6<DK$INneA%T>ks0^<kZNtkemtxgxOYy|K
zA-vSjZ*;cd?e)iyHFY$;dweb)$Z)~u-|a$UPz=6aF%NGp2*LO3kD$OLfg0P;p!HDu
zduXT&zT1Kgt_k?*iP?B?T%a;{G7oZx#Vj&jQI6fZU_5(OI-IR~V1Nxw`N#15o>n|@
z?>v0|^kPJo?ZbNqniPF8ixVUNI~iP7X?*a-i;MB{csKmI{U}bznhC8IogGbBf6R!x
zZ=Z?#riP-px&u~B6lxl}vG}s_`0l}}NHbSr)xJVpd*2VpVix&1$MM1l8$7-$mzgo0
zC}pjWyzT4jL8~xI=3EG{(;>g0SXm!kncsljZPplLuEyFjS$HYgQ-56(4Vv6Ml{*q<
zj(7k1UD##ok5v!N!N<3ZL}+h28sul?#M#Gx?Ubut=|jMV0n33>=-sr~y1PJejvxJa
z0Di-V;_Js2;;9Kvc=d-PIB=*0J6t01(c|Y}jGqq8ZF0AzAB700=u01Qau}4m?tc6n
zPdjyY|H&eh=mW6!qh%QBV~slDolO;P*wBeow|cB85Kk-ifI)9(3)UZP#dTLt#RChY
zQC?<%Ls$f!d2$Z!r0%}8?kK+Bco^oyp;-Oih4^sAbc_n3ZBQdHvl*4mJy>}uGhY`i
z8auib2i8kEy2;Oy&D&5KmVzHYyabz{pM_{<&x-dDU{GDjjI)UHQdZuCK07BA9z2TD
zMxIw1lz><6YIaI>+Cuqpp6H>-w4MpT1NUykn7fwXllv!PLa-y6dacoV@(^A*4!nN<
zJbe1ZOqdVu!IvCwPDKl5MO)*AADFo_;qawS{dl4kp0q1_UY>=e_RV<W00TM8V%VVA
zBz*bi9E{N$v3^GmR=&Fn)}yoW`C~Kj%mg2-*?Ll*9H5ukwMiy{!Rn_+jkGCKk>t{W
zb>+QCwQt0p6DF9N=}4P6N3;nW51v5sgls(a@HlwV?wL7nX6ls$($E_4(3^X)?9q$x
z#d{ZE%Z<s<>D+PmxhaUZmCh8d5g7bSmm-4<-kJ-GasT!j+<(P6_~PNI$h2w12gfV$
z-TQ};bk%IUaMdulYv`Ah;DMhmD`bty!e_5chig?SK08*U*cruU5N}tX73}H@vH0Cn
zc;=yV@#({pF|4ZwuN5@Y{ujV6BMU2U8-bus6AYxkm-?XPT$X&Z1zWrm@#7P-aPR0q
zbjV#dMJ@%ehH(IOh>5)134ikStq8whE<S&E8NRq@Jcjx)s5YF!hvoKYtu9A#2LlW7
zr6j0s|1o^o=87L*I}fX0ITv?L2w-$mi5JWDnCD)H!+Yz{#o+j8Nh9Tve3U+Er_kPt
z{f$~Yab-5*nCsO^QcHa`Q~vC%yYbnJYtgf85x)KC0_=QjB4V7`M(87RH-5VVt9_HO
z?(>VV@#$HZ73aeIvJ0)<g1g@@bkpC|6;{D6CI+`H7=m7t32i;RPTMLmfY#oD{Mv(`
zP5zYsOR@U(MVKs$(<N5;lc2$pw}qX53^=)tjEZG_NiB_$L{{E30Cfyd`j~n6Fi@?f
zmIXLyQP$dxU=K$G*lTd2ss+s&8gdR;S;cInL$<FyDj4ZC80qAQueYcP9*j)egMzX1
z_7RwN#}{a{(<{H2X%U0TK3rU!5aVWx9!BK*8|8VJ27w-W1nO<j*l56MIz1mp8`K-k
z=%HiuvbRDrt+1IvNEm~jBDqy(Yma1RaI!-CG$a3Z8#{PvdQeTrq}(N-gQ;g`?C0%9
zVeiI?mQKzkCzL{`)z~1xM-M9sL@ouZua5y0+xdApA(RSV-O`4ljy^<t>EX<<{$ynf
z9RnxH(TU@=LsP2}rw!fk)>)xaw4OrbL#JCydL;|@WH;_^j_7SR;21LoNeygm?U3Nb
z=-k|eqqXgDa?&Hx)fP?lEy$B+I1=@fHdJ=uru*hXcVGt|+tW<keXwF+kl^D8$L=od
zs%ljXp{&GD^>IQIqxUA#)=EM1C7&uK(-cQ8*(3Qazm(`>0NBC+!jT!aeK!Lw`DreL
zEnn+igwXihmEnN%U)%;;X9x0`85W(juQ*YT$BOb0?`h8fqYFMRIwqA}I8xP)Zd=NM
zC>Dbt7bhngISuwyo8WHKjoNN4zkz!Bbr%)UOWT90<}SFCztPO7Dx2C-OYxE5Q=FEP
zHE|4qo=$KheWy78wv?AP&WX3)4jmmv<%eG3%nZGm0+ctmqny_iIh0#zlwof-JtCZ~
zQPI$fQiGY<fes0t4luPbyOHNH3|9Sh8dTD8N`~t}7FM^JU~R9%P>!!sevV3hm62vQ
zW;JFS@;1t<o2xSdX>9Y@&Xqi^mLQdeGs=gwFnu~wT#Hs_g7S-&-tKM~$Y=SbgE-+p
zcPDt+^rC<nWW5-4%7`+@y;{WkI-<kS2?HHkv)&V{89cB2`UvHnG}N`CS^|7#a!y`e
z<gFEI8rzUhU9@8M=*fAmW7egywS_<Bqg*_q@Pd4lyQ3bIk2=mBg$|L{J;*0Nb(90A
zJ~Q>5ISBQ`rq|2>jIxR@R8wX&c6Lbia)eb6=eMSlJg{ca(r*uZ?U;SaBLgv_)D7r@
zu=&0e-1^i8925h~F}OH8BHGm+216@Oa;_;H&^p*-xQ7jjspIVo5Dc6$HE8kS9MqG)
zJ(OcF8rWviYi3_zw$yKq)7QfZk@Nw3DvfaA80wGJBKygkaBsz0OkLFgP<IrN`KJ+%
zAwPS_lLk5;10(cM+7oZ`W)B029&uof_DJy1p_lTSOL;IUIznPt-_F_wiSD*ITxSAB
zhH_!1jM!4Adr@xaf(`XXWXYDgyNAhv;!Koan*-vwJeZBjon+-vEbWmuZ9o&pX6Ah8
z?d@RGWkM^RgD2}(Q&t_xe+SyCx<(^>n8`;`zH*y5pS<26zrrBBF}_Zm$3E;UZA2F{
zW9cuLHnCJ}AKM2|mMY{?u$2vxXv=I(9oSbV*Ek;{4h)Xt+#O-v(}^S1w9J%k8)rR+
zd)m=1cHor!JeK2d(b=Jo<1&bSBd&BmI;pxA22avQA1df19him754f5bn2D{9@pguW
zV``)>)RP7ok0ht<L?J(w_V#i|gkGyWCe5X|`181t^V=!*SJ=imlV4=|k-rs6)WU|;
z=Wsvj6o*<=Ye0=SR^kr`a)mo}rk3{KK;9WSJmnWG<Z+z4J-XUEaJ0ch8)T0j(OIJM
zp#F8z=CxCf!h$^DOC8LsYeT&xQRIUU`Qpp5RdSwN*+xTKX2ZEM(DvEt9FR&LRWx&+
zspsYL%REUY8NiBdcctF+(`JIbvkTHF-_q_h6EJx!X>Vt**y#oy%P)oenIM)cfsZwk
zeD$#B9G5h<qlUcH(1-ccH&xJgx-b#Zkd|g)huB0#wtAprohTP;6t|e*NZU}wL_+36
z&+E0EM{8$S4D)0n#boO+=d@RmYc`i(pjp`?JIGN9R8CUnJ1IwA?5~PE7kgzzy=^4E
z0NN?X-Yy2-p#AMa9eunk^QkAl<&n6Cv?qA$p{L9qqOa|gWKNO)KMsE`U=a{SmyxLs
zL$Ihys2ukn_6wM$OzJAkw1D7{Ytl~2tDErpN4Mb;cOxTLGj6-}TfAFNXCXfYRoe?l
zh9Z4RJ5hc)R{G#aWw_KINY6kz<yh@oDl5jChXQPVrd;ZA();PN;1w81x0Hz@34*g}
zP%<eV2!5%1_IP>tyL8F1lnGvGD{wZw1N&0jQ9(C-awR%;@50QN4#_hoUOT(3g*Is`
z^eJPIkCgEvxCVl>9bhQrr@j6WA^7r^Nl4cBG8?SHyeq%KDY?}teW|=qx?>}`GsVB(
z@KvQj0inZEU+TyOxu%?3+FR~C^v`>LmEX`UaArIf-0DYg3y;)(<Xh#L3exuX_$g)5
zhbm+I>!)eJ@xXf0p*lCpDgRSsp#PHcpW0q6r(;lpLluYAQ;!vTrH+)#1q&$c`H^AC
zBU2wgtX&?Bt6$xY0=csx^s3`icqaH*CU|}`4!Oo}wXVQFx-R2X=;xQvrx40-g=Wij
zwOr{(4lQ-$Sa8q?2FFEW$NdxV;7e=p&Q@mhG_*<uMF#l!JDKOVoJxC@2P%zc<3B??
zKMFp63jzm6Jbm2^+~QFM&86!B23BWq2}nDsuNDa|Wq$ar%Id&*R`pv2l}>fs3cr-j
zEytF&1M#UKeakg<d}p6aTczAmU&SX#<XG&Jax51uWy*Lgb=3Y;yk}&YA5~YS?%Cr~
zaSSZ~Jszm^$w#@)GL;Vk3cZ$-fwW2eGiCgiQ?-mvuD^_ZC?xVk)oT@$G4Na3tLM^>
zTBelqMDBzQ>`OVe)K$kK^s2`KN`F$9$LgK5fjCvY6p%7Gl}pk_<$-#xw6Vazc@q#m
zsD1q&KL?Icj@3DpbNLL!cQ$Snq+FrTQm)jM0?YAlXy8Y!Cm?N=x-3)X)N(9yqVh|s
zE4m{G>UaO)nd?$lrSEL{|AX-71D1aU2*WCw{m89P5l~P4nP<&|@K1mU1%p1h8vu8H
z&KBOk3MBfLw{nWDlxUgR+`p`^LHO^1nU3;SO*aOOVi5k5L3uMOlMojM4SLD^E#?18
z5C_;KzcwLnn5F*4C=bFQ48s2!_|FPh1P0oY|18S>cYyHk-@&)Rc^ZU23;!+|JsbXC
z^*acIFbIDM{O6@(Vo=o2p9SSs+CM-bOPgC{y@A}K`forCTuVFTndg5C?aUnI=g&&E
z`%mKkSHS;-Zv#R2XJ97$kH#*=>gP`b8~>wu5|I5-l%KX*&gEP74v}>rW|lW_Zq#f4
zO8Bqj>8}E{4|xnDvLugo{!38nTTcHs!GA@w$_IH&Ci17Og#3#@PzirUr)3?Ma=ZL5
z#Q#@-ynR&OD*0EM53zY7Q=%-*ZT)uYY>=15DYnjX{@;PBi?ZfzAgJ^AuLiLV9sew`
z|7H-mk~x&eb)CX{S(Eiofc)&LmUAGB`&Cf*Dc{7|Onn$|>A!`4*IfJ?;m-vu!US>1
z>hrI&%jB7roU6~k2A-?e`y2hOOvR(L8Bliib@@Kihvi(3&y?}g-3vQ8Kik<-aovM_
zaL)x<h?G@e@_h2Y!r$12bC*rTFc(Tm*I9McW2tNE#+Z?@7!&CPou>!xxo8B2$m`nw
zOZ@T~fJXrytM%oYQY2;ksAcLo|N4(vJ`l&i{?1&JV}9gNz6atHP;m}yOQkt~;YdU~
zNpN7P`*&>y)E{`PUYB#VO#KWjBYzyFohY`P55z%(<eC(Z`$l<C`Kk0`AX|+XI(8V&
zjj{(^yz$EY6W}3_7X$|49mq#HS3kd@alpAcrnAolly-g4Nx2vj71zLeXX74-=lANK
zxz=B#9J9<p9$j>6Fm^;dMn>u=b2P|OUqEdqALY0YcI?MWS%j-1BAi`MEgMMR?~a|{
z%DL2$DpJQ%rnXa$1?2qi@LI~x)KlvWs3#!jYW;!7@=cjgc-?45_Pp^};LG_vdw-X+
z`&2>BmA?5cm(HA9>Wb0t>cjMfWAN6c$#5key<AiDbU+(97Esz)J}MryT<V;`d)D=V
zpw|0MTOJSOhk(>Gnc?K-hUJrE;3B`lRo6-k#4pEZ_&T6WIhSje`sy(Qd%r+GoIfrS
z+Qw!qy<!HIC%E<p8d6Vb&rh=k3(uQ?5l-^xY(RUp5A|H-e@h3#vxnh|BzZ+X=SRR&
z*Iuo!;#c~R_LjEFM~=_Bt{y93se7jF0O&L!A~haYXIN~5+Lyp@`s^?ITbZRm#XFF{
z1KX>gfq3NnAJH?guHe+#;M~da2+~`@Co%}jMukwuNavYm18}K)ZR>zdToQhMY$CGd
z=lo)8q>iEwoU1k)Tyfz@gj-wYN2TFxI#m!`!ZJmdls@<wNWXkk{;T|xWA(aPS76||
z9G`&!<?1-jZac7#zX1Mtz@iWYINDkE@sMa;2sHI5`@A^Gk`vVd$$&V4vMO20i0O5d
zy&n2_EQ63$>ekl%`{Bq0DFY)>R#wp4u#AzZwXJ0@71jB7Nk2Bqis$}Gl|HB>%1Uis
z?=WNNh-5soFa-fN{nyTbwHA$a&3I?aDHKTtE0b!ag`@m<TxeFt(XG4$%}Ho#?ZC`&
zaY%BIy2K@8QpY7grz)$}wKiI0!~`KL$Qj0}CcLv*@XL7k(a3vXEck^M(y#2XBJ>Z$
zDIW#~TH%MfcZEU|%Q<!jj!$DbSJosd<?@ai(y7oykh?q3D($UgEG+)pUK;)1N?p>S
z<DB&G+d`Zy5?mVc!bN^B$axW^m^(TF5q6v_(kzQFWiKb2UY<(;BV%Eivj2zFm+NvY
zbuIHG@4-><$=pld<gM(*;~)c&_rf^%;M<3$Aw||*vc87%Bl~t(Df8F~*U)fWljy>_
z#3>OA4OLQdG-iiUp=;~$#MejB=xD>X-Q-*UK1Is7iA&y-B6|ZV*`@R?vO;lpR%J~Y
z6YFp;ly?Ux^)&r^9f=T%ya|Y*areht*N?>rHxepyz-uD^dU+Xz@K50};3SK~mEaD_
z`(x~cSDn4&8~GybL>`n?`j-8O)cN4J;>V4^r_16w?*6@yQvK~=N4e_XpQInBo_#8^
zYGlUNXOES4&c;$725-t-kXFIPAl;t$72Q<kmSr5P>?<Yv!f1uJQcixl@Z46$AbpS)
zC-UOV-bq56Wc!pyC!w|7+%GdEN#;=j*#}8u12@^D>x_ZzQ{I{6By|2pw#a+YX*x<-
z?j+qR_1TZ|9uI{NM#N@i;?v7gluhGO8MsYyV%ABSQDtADO=ArYAw;1=5Xl#D5w{cj
zR(LBsVRkF;)NoZ~knPFmpqK>Qo$ZD%e>#fhkW3WbokTr1_b<T`9I8$#^G{uqV}&;y
zlQoZ3N6+haEVC1uh+BB$LUB988v((`KiQK?r)52LKG=usZKl{YDYJ}CaCo~o;GE<T
zI4cYi98$kmdEbdE=SLa8(5SQ#owL|h*6ZKnM*6ha2th&G<X1QIQ~Z>@ntoV+5NnI+
z^n^#0RoUakO61hggXt6Fk*;Ha*vVj6kv)-ve!bGF{1;ufl0Bcg;U6;uiz6t1lFSLv
z>5gAM4=;}QCJy2xFNFV!&PjWrn;#qEmLicm`PG_Uctg7_{zKV!O?XJY$o_C*%an2P
z?+lQJkjM}$lsEQLhaIK8B7gngBL9jXQp!jh$0_zx*@s8;ld}J}ec4z?DIr+;QTEfK
z&WKM@^hj(m&*fc7{r1e#m)eHM@-7}1vD>mni#joDXea{h0B=8U%!wyIL>|@pVtX|G
z_S9Z(nMfP057ym30-HYGi5;?Gq6lP12Zqg?h4*LpF`xt%jgLdHbr*e(g`YwLaVdN6
z$$Sc4wGX2i<Cf3Ct7E<T`AHip?<`XGQWL!vdW8S-jxv!$9&6-XP>OvqE4)|ymdqpj
z($Y7GtyKJp!Y6*H1B%a3{f){O9*U2)61n7`y8~^i@KEaf58;pPB_u?$-;7~#xORL5
z85j+ZhFTn?0%S}YirYtqK=#);H`O2YC#w)RaU>oe>V^<MYn-U*!!-*sFf-W)!$Vzh
z`e-rQJc97bg~Ks2$q$M8KJ466ikt6PfMp?e7(Y55N$xfnnjDGCMuoz}>>#hS31g>@
zzzt(UF?pCD+VjfM>^TI_FONlfgtxLs!cTikFk}8`T%70*>y9S;a*{Jm$Eg4(%E#Xu
z3*$Ypr^tkRE*^<#;m(*lDgy4N4&)TnVZ_vI+&wlN6XShxte^n#BeHO6a}E+F4n<sN
zEpi)y*^`GNu(b-Mc0PFP@@yoAxMEVY7Y-dMKu(t(&QJHpuKYIKdGTn>40pn;(UI^r
z8*wPF4m0MC!L`|eh>H)!U1R+4$(AD0N9_`4rgO(L%ZFh?N&x1v-OmRrkUlCC_f87H
z@U$>o8|#2?3r)CrW+L*B7o*)Z2=6Zs!;iZv&?CWz)(LlCoQ*}pec{}|EM!tDGHZ))
zxK4-b&Pzkz;X?RK8I4CqdLcM86c5W@MQe}4HaHLuEl5Fnq$lQP3}KLB#NJcQm^v;2
z`*$8hvDO7w%^ZqZ!-6m|)(tra%P?$QD()N`gw(`fOe3#`_<3U4jAUe>4ZobIM{sI1
z9-I_|%#093b+_VRvlAX$o`g|Dys?~e(pFiAo`gg^KQ$PgO)c2gVuwd&$757VC>F-K
zVgHdbbca&L92)S-z9wn_y@9b4vFUN}sVKnOZZABW<%BhRD&dn7iASa<AZu76(v2sv
z-Q<aTW~X3WW*E-#>BHs|UAT1KP%KLJ#*9&si0o~{o_Z~AT$GLl>3#^+nX$L99amj2
z8VeJBks0HTic?i+pt6Z6OUsPM?GwWgYuklSa;h+8LOL#|Oimviin4wAaE*+?qYL9P
zhVxTarp0~d4aKk+UtBia8{H0`xN>?t<^<Sb!@){Kj~R*;)59?;)ERk&waQOBHO@}B
zjQm|5?}n=CI@H*EVK$HB6KIr!ZL#)fJw|3H;p(v=oP%)Kw>F@})gO<|k4Gqj@?#bC
zsA;48ba%l!Iv$VDio%qv2#l~dV^dBwJmMqp$g~8E7#5GQy@l9haK?Re(=Z`D0^>Z)
z*jV0%3uk3vX^JnVr-VU6y*XXqi`$lu#yrv?+gwEZx*<D02v<&xLC@(@oV4}8n@bbn
z7vzV_CJjNfwhKFsRw8)hD7-u^0JFx$z`Cpo$C`Dx`;rlu5u(S^rNf~)auOlgX^7Hx
zBJV^U#w?wJ`S!KgS;PRA2KBrpV{sYzm{Zt@uHX>N_3TC9$Yjj-)8dz-<>>Pc#8c-F
z<6MVhszV#rA2CoiXuz4}yQU@Ms|DeR4RuF-UKz}Bad>M+EQTfoV649#Hl1p~oOvU$
zB*X?eMJ;fo9lK_z9(nC{SUTJvhmMxO!7T<aE)B-E9l1!IIt3$90jJnh+(KEuVs<QY
ze?1MOPYCXso`@x5d{B6#9R5QSaSQF?gt0?_6NSicrPzqEH?(8ytjV~O`Zhm19F4`5
zs4%+Vnd>r;<*mo%3x}d=&oPuT_`G~UHWt%1rY8r&*VKkp2g_lkGZtqV7#4zCX2fH1
zS_CHg_F;Wa3l`1E#HHz87(F~3Lmkbi_Xxq=$vUjtQ;Xz`7%Yi*!Qp~N`jlRHcza-&
zk1f90dI}4dPJq?%(+J5Lin~YpA~h+LbL@&=_f#PBoT145`4{x1jl@IaJ@CWcI^1^k
zM9iR0OpSEFulq}38x({m&(Fm0C=ZNcVBLJ`1imZa+|mAM{rqXahGM*XFMd8zi4OAV
z#f3>2k?e<n?sgn1(&Cl7CSX#q9a=lJxOj3B#>acn=7b``+YKXV6R)T2R_-f8saGIg
zUl511)FAk^G~q}s`%o8@Gf?&<PZmTwp*PSEmuH8e+t7l%;s)go?CldHF>!bxbTth)
zQP+u?Q!{YY$S_P#4#43Pc^Exu46exV!}T+xu<@sp2un)9;%F`Q=T;*ijeL#h#&IiO
zyfH5dap_^uu}wozBvwp~M#gaZIIW5Hf^sK89i4V;LKJSAJOr~xu)b9rb`*DDVrl^P
z9V>>>*%Rq5z4-1(4e6KqOj!LrmA%WdWBipp)N=A`U>y~K$0mg!?|2RNHnyUZ0i3nB
zH|}4Wf!V%2`0Q9Sk~1TatkYoZm{`Qxn6dk0CE~KuanCtX7*E^m(bR||RT3~Ui1G8o
zeGAes(Z>o$ifYl|=7SY8Xd{OQA&&I#tF^_QOGe<_6eq@;)>x1cjVZ~#m@%3*+uH_V
z5s_GVQ3{U#l!Hp|Agq`ZkBJjvkXluW?X|Qu@^);k1MXUyjXCu93*tPnHMbN#5y^P!
z+&Byivc|5%^;mYnI4n)|!`viy?Ac%4zgN-!V9~op0{&TGM~q7I@`~}qi$7ucn?-o^
z0%k)xFABdKR<AvPkAEpcT2dH7i8(ML93vcC@a)G$m^(cg*2nharbjoU!rl*K0s?T)
zjp^9(+G^bV!a;;5#UYY{K7xa9FF1{rKQ!Qhi-+RZA9i9xaUW)onb0xg9<ISX53Rwo
zySnkn%n(>RxL`uK1HM{)2nAlDxX@RJZM*a69E$P99(fUxq&*g3RH=7zL^d5WdaSW@
zd?X6?9>>>5+c6=IQLH8$&n*wY>Th=9>7Vma+{SEx(Yx8CK|-`IVw^bs9u1;HJ>hKB
z<Gx$Rpz5bz@YHuFVc?|OGAh>T1;2-a|J(^tC_a#jFAuk2TwDMHlQ7&p-4!2wvJIc+
z7%(*}M9CHukV&M`fAf=HaQ#y|VCx@%3^zN)A!K;;;mP-N;4>i+iOqfR^>f1zhhBuy
z0S#$x=|>^iZtO5z;ZcLjANv(+PPQSE4kk%QuWQyKE!H1CJ!XW;-Xu=Fc>B|>c>I(r
z)?6LS%)u5jX_U5aKZ4iRmr^j(kQiXgWU?2gE)7N`M8c`12zTB64R#?EmyPg5d{h8J
z`dabqr^gYM5CgBya@_VwK9<Z$f!@I#S7mtO?T<I&vDb5vn3aGGKSx|XDH7j)yBAw)
ztuZSh2&FquVNYozzT8rX4pTecA>Z$K;un-^y)lzPO9vzNzY}fpNq*Z87gx-Sm0Q~k
z(&i_j{@77G_0ewpSWD+aXI+$Y2zTA~BTOm7aZ!u|CZvU;DZc=3ZmC7)&<F;AaainR
zz_m~QijVgiFkx;M;)@RB`Ulpbu*nsdj1N=-TuB!W9;-l3UNxTkF&8cl;g}KEi>Fq6
zi`zE$;)x|g5ajKSWDgDA`Z$M%#|I-BoP6}j9vpE^!4ruMxc<#!h-b#-s&m8bi-us^
z+gtF+k432AFvN)U$zDjus<AJp5TEX?AwEZRHa6n<4~`;gd<wGZkPqkP<ALYb;rX9y
zFl}rCYzoV<qo@hrY&eeN4HN)**MpT68XKzd#4GD?`70-I&7vfr$sV`QON5~y7f*e>
z8()=LVabG4_@f4|eYywl9B4*%LOjO%bmGm=cH;xe<?=~M%>J#gXlyicwjRbudpmK<
z^dM~eVK+W2w8q7g!pIwITsAEUYk%gPeN}=f=cHm<s69$cig4p&-(&HIHB3h0fR;W?
zObbH&iIceclO{ZVWh%N`?Jzll>1T@`w=Rl6@j)7M<xYVKd-fD#du|ziK2XJ}*1*%I
z8!J9Ih9Scu5!`5xORmgB@yFle&YOP0h{cmJ!l}JKv+Q=p>iaYB-0k1si62fQuiG0h
zo)?L)zTSq1zdVW95wV!8x5mz$1=v$ok1ad$v2|}POr>S`bbTd8P(HG)Tj4!!7%ok4
zfveFCOJ;|{x~37kj-19lE5F0cue$Kv6+@Uv+GBpIJHA-8A2sd1I4|1)Z$0%5u7AH4
zE3eLku2<H_aBexKBZrUS#)rSdJv+^~hk<HeyA39%_~YodLwMo14Q`zrj+me*I+hOV
z<PQ9B+K508N17@ohXUk5Lwy}y`d|xgT(KFRnQ2J%v_}>bL-)2iyz+e^Vv>izzL|JO
z$v#CU#KnZcy}Of%@_>w%ie%=sVJQ&^v+hA;SRf|&Yw+Yp`(g44M`nl%np)Zs9v6uR
zXN6$(rzbJ|ya|Zgw*@!dwgF8Z5jZbMk8_uffbHS^Sn<g*=$!2PlUM;}=RIX*c=K=z
ze%*T-$4}eh>5GTprDs;--j540HX{m7w7qi}DD3(r7h5a4aKnrke6xBNzB{GG^^?8v
z%eOo5afK5upAd#6Oh9_~9L0TaAHuKoa>rqSt74ZT8{r=I_;B?ee4X2gYo`u@b)PSj
zIafUY_&2!w`)1rcI}(oiP+T>EvhnRstXyA!R*f~b?99QP53j+(-8y`}C>Zv(PDl%M
zq%H1(lcyJkFsZ$7VGOo>x*aP&%0Vve(JiCA@b2fo;IY?^BQ`Su6TF3?B!qfWURHr;
z-`I%Do;`$_vxmXOhIUh(KQdlSdp~eKdTem+$XHl6Rp8~1w&U}9XFN7161Ce(kk`|S
z)$32AS>DuXYlH5pDtvjMo{ql|CHXA~@Nz_DK^Z>WUPC__3Y#WR1`IxUgX6vFt7=@g
zAes1$<dro{6_xlrw;8*4p1?1~THHJ?5TC5xiici4f{4@@WcllH{`g>Q`0+4)VY0B0
z0r!q=hw<K~W-MkP*SLKL&fj5;4=$u^rbfY~tQhw_@hg6o7rn^cEBO_#wi{oNuh%{K
z3-Ybquz*RJqnih^=&C>Y;spH1W?_Eoaa?!PPuQmo#sjifk!;QLKY%|Nu+T8jfq6y-
z<J)(yM9I^mVRFzSG{OT7r<<^+vK>VQ<@oGKy~wX}3vKm=o#=7)#x!QZw_Z92l|NsJ
zd!xH?n34K*k$!mW$;(jv*#eAn?Ls5RQd8B-OsE!BB~93yUxtH4&DdW@r))66ZB`~0
z42{FSRo7tqb#dsVlj}2gW8>ih94T$W=8`VVVwO?UYJ$;dMu{xSlG{*nD^h@xBN<1B
z7&sdEVov@Sxm7q&)d^o+4~ASm3ho;Z;ip^!@+)aXX>8>Vnm{M}QTC9a(6zR9qA4H{
z7X@|Vp>HbD+1$(sx>9)~Y#;H<-XtQ(rA4Lq@^}>vRvO`>??osx3fr7~>^$9u;@lz>
zQ3#bNT|iKi=6N?RLhG03;eu>GIBWXQ-qDG52Tr27v>AI_9B__*Ed{I<p|Mf8Z@43F
zU|^*fdmSCX?wvRhm5t4J#KYWfLPw_=Z9=oWl*!lyGZn{3d|S4kL|bPE*1vrm+GKBd
z@cNeh1vp&NhGXRUzLHLOyW21@=!41D8bc-y$7APBMDgaE@m!h)MFt~`Egkrd8Fgc$
z5&Lq>v5)iAT2hY^`p%eW2BcXjSpV9^$a{M#;xz5(AU}>BJb^<c1{^LkA|bf{g><q9
zM~%D=ob+X1ya0VaT!6bL`#@gjF8%+mc#8pG@Y&3Hut^I?Tu%o+VjxmSBXGD$hpEh7
z-n?}#sy1JSdAc@K6H6KAV%5oN94%{O7VW@H_$YRSr6d2I2sFbE%hN)z?A&Rn+<Xll
zoa~Cyx;APD=SCi-2_HG9h2@QKnKK&Kj!wb$RoA2V#&8@dGr-*4g-u8DajeEDRAbNa
z3gnfx<3v*(HgBzfx!!=1&OQWo8}R0aT0HpN9Lx;rL2C!+MlufazqzvqCSxa^3WwI-
zhV{86s4HtismT^2{WNf4@W1=RYq9mA3?#T}U~2DwGjo%nQ@J~=ESh9s>gDQymCs*+
z%2&>TlRPep@WBvm4_0ldL49*I4mDaMGsznpHWZ_{sTp~d9mpCLi=rI`$ZauU*MSn$
z_A<a_&{dvaj&BN@kx%-6-Cu@dO>NAQ8_{FOB!Gcd^}(a4DC$5BlY_lY-SBgCgs-n7
zzW?ejR6H^a?jEd1+D;W!V9Uu0v>d2LWUL4FAIXIe^(Sy~8piD1g|8YYzj8-{f3+N!
ziM;M<>xK&*+}9iT!d%vYCK|esNfCHF#SeErcp+-GoD28HW*B6xn7lQ)y9rl3djzXD
z-;O!nZ7>f@z?g<ctUlg?=8_tGm}kcFM0x38zs%Lkn*@zLOcY6ANeSLM+=__UG+dS0
zgnQntM)WmfvAik=A0D;C*z73m{pJ>&zGVoS#ryPWa4`22b{wgKEwlF<vl6l9lN-?Z
zR5CO8TJ*{zGEwLbTZ~8#!mc%UVBZb#@Y8EKR}6qpmND3@#kRvuh)eWDTACM*?<z%Z
zV-Io;pTMqqGaTd=zW|d4M;8w~_wZ8Ge6yU{Hd#gIT~}3yFAkTWu)3Z7Il#N^FurRH
z#OzF8q_NJr17*q`tKWhKM#`DkDS5l>S6g$?*4Ty8<}O4B+MuP!3QycM9~+<j8tdvc
zxOHSW7F{?8W!o;pCDFDhbau!5a4Wp=eK|}m^>}zkCA{P@sDK0%U1sHuVN+8pkQ|A{
z(P3Ei=2a+qX$s<XoiLGiCr=gQr@UIlK9-#*#lf<6<kvOh*L~$U*4TnW`K@qu*5HdT
za*%S{QoJ`+=8X3AthHLQ?Zf&V$6%`K#LqbusH!)@VNMp7Mnz%m$JZe5!J#nGh6gOl
zLf_V0Y|d*#L2(&_G6&3{9X_`9Rvfu70F88k${uO-34PRcBXwQd-i#N&Ey5$OU5?9#
z7}4P7jR~VtvHqotk^jzgq}sHjQGANn2F{O*pC3MW{vwpWI}@^_hpmump;L*jRN&m(
zdgw8n$?uMxrA$~%_~m=r?+ABzXc=I#QC$;*Gf@P2B-BkG#zNV%ND^gZiveFB%*Ub1
zPUx+=VLd+!%Y(!5^#|9W^6^YqwbGxEuS$f(xo9%=!C+`ZPk<LDjZ4AWr_V?6`?Hbd
z&_UOxLD}hid|S|jPS&rcuFGD4rwSUdhrahvVLi%@H6X}Ohm9MKA!6P+`1*2x9A==Y
z*xx?tO@{_EFPwzBuP?<T(}Lm4uG`J@FNaPkFFc(;J{B`(j7RbIEAddKJL=?pB?H*;
zXW)+oEX-{6UVeCYQ7rDc;w6M!wvmEktGwkkF~J?yCR$rNJw}D<X%zZs)2yHuM{4X~
za8Zv39{C9VNh=U~?N2zlvl1qoHcVOYG<?&aLhQZ2ps`Ngpl7A*aUv0qtbMVjVA}Cx
zOCxD6uSUVX!x%DRCHyA6f+_EmAi&k$vTux)vOkI#1lf#HXGLdEMfCA<L%8gZAOgle
zD^5=T9!MJ2w}GC0*^y2ykDHE_!Zj%vc2=Ae*&)G!^%zN7QT*h&sGB{{naQL?yTY#B
zfJTiA#)q@4-3rm+UdnzFg4bHf1~iP^ZJ{Sk%Kl2k)6vq2xJWNvqfolK!_S)$Ck0-~
zQrdek?~;W$ujE%a4Sxx*9c)mZBg)zgS@R$Pmh5Y!C22?LL?(_%#R&Tb>@6lPd9Et2
zRHo56XVT+%zbOo#T#`W9)gnL)ipCa^etH_`J_g^`hzj!rs*LcSI|Tat1~hbAA%<o8
z-VTo04GE!+XkykbZ*-M)LA{k_c;v-z5S02TLN59WpXPKbdrAoJ#3;)1VVykdC5<}r
zva`*I>eHu@HRnb6WIltjPwqxxn>E~Iy$N|Cc;)fF7&%7=YqU3X;rvUc;f{uV&<uG7
zkMC?$_9asGrcmbUZ(zl9ttccvwya~WX+p1y17f|{e~S&mTzgP{x&l|-`Vst+S0e6~
z@3Fqr8s2(a(kc5BS&>XF+-!`vb-|Oky)X*vZc0Ui(SVm<_!9o{9OLpY@y;OzETa4Z
z9HXPXR^mx$N=vY1(@unsTnUeHui&1I_2h${vc^Gz4{OrZKVSXw<sc7;$roGBzk`<^
zd%pZ0!M7d4?H5nO_#o<r^4wVi8@5;0WiiOM;T$<qcBEe|b*|4Z6mQRq!1N_g!29-H
zs4>evI&wG97FG;EmFMyzLmf7F=gw(3`s7>iU$6>I@)pqMR`lt07~)Afnkf%X4077d
zh!4?|U)|79K3W@^5Fg{g>us?1aD_MJysSmmirK=E{E|I;WL=7UOA;bu6ocp!5ezGH
zGvMQiOwT^-E_cQL`zPVbiFYI5mhGg8eX^?Pj_j{P1j?8?^J<W*amBi2L-63*y#DvG
z2>txCVO@zqWKDx4aZd6mkp0@QtsNcP4nqePo&P+1;-5n5y=!r-&53+xLoa8Tx2}W3
zvh}$1qB)rF&<>-&2fXY!X}vbc_P53Eie6=JBiZ9jw)~K_F|wY55h+&F`A%Mzji`Mm
z@m5_ct{fhPty_-4Aw3PRO!dKt(GMc*@mvJEa?Ut@S?6ZwsDq}W0=xDdMC62(a3Ap^
zZu+5&+AVh;sHoZ@`2M^Iqz=0WaZevn-pZ?Czw&%v;fL~8*&bzs#rSY%^1m6{fMCQh
z&@(H}nI9`V+_G>aPJgooK3Q*KM;q;($eFAy5*)M<);zc8FhAH|jyo4kKu|{oc30DD
zl5Yb2Hc$2{>)+=}Ml80$Stl|^-m*;gev@?{UwpS4lP(#D5S<A}+dJ{}gYP3K_Avxr
z{3+H`C$#o@WQMb1s}|?Sd(zSW%{9wh+tJ=jvVn>Q+Pg{&ne+sFvY)}w$M&JCL#w=z
z)qye~JQTSQd64xv!V{SnnIAg`d)U_$AalfXXdONm@6QT_mzyJeBoMT8CtvAtL8QZg
zz(7w<zdgE6RiU~#7cpZWhtHT7G4Y)O^j0*&C&rt$kMq%Mjg+)BJd$pM(A4{o{82eV
zmA%WX;NfV^x;@CsU;^i4j}`{fe&avD)T=JUBe8wR%{h%x^JOoxr;+j4E*t=mKySY?
zh+XZ4R_BZ-7Y)P5Pkw;FIbWl)%U;PJMZSdZioFt96X3b*o7Kr+F*cC;C;Or$`oX2S
z9Sxmg-_N#pv~kosWz8o8LD@XfiFUzS{0VKDO=$({>rNwPBF8)G1&n$*moiPCA`?uo
zC9jnqpES0jF25L)mb|Rk<KYkO!0Bcy+GFCf%!Sxn@l)bEl{XWMUQpLXAJI~Qa~8ac
z@4ZH&=)3^HKw+cZiJCkE4?5+;bLi8!aeWni6=jjhgQNI-%5^mpuT^h-i_n-A@LBK%
z9^Oe?=QwbDe;h0p`JV&|d0R&_)|_a@y*JOqU37}g%<w9Y6ymcQTfBbvEWEKS5jt6E
zL&lq#K^x^&{JjP|@Y!L^xMl%9cx?$@yJ<ASb=8>uTn;|_<VL*z(jq*!JYI3UtyEs-
zJ&G{2clOf3_U|XtL#NQTYa8D04#S2IF2Q%t&BnZ;9;`1JlPI=Ed9|{UlU!BV47b=w
zJU=}W)8=GjrtBRrfq?)$rQ9kNxoDR=Arf3LS~OYP!L)w|o~&}kk1H17^DBlT)Wr%-
zbRgD_CVccmDYBPM#s@cNz^{#&eP<=+KXn|>yl@^~xMl>RoULG>^AV#Uk5aTWBC@Nl
zI6b-RVv@ja{~o+v?}wkCnumv{g|nur>?Fpv4?FiCLq}Kwo_S_EQoQXUdxprKB%Km$
z5s!)Z`lz%;M=PM?n09Z>MV}o7RAiuwj>|U*#~I~Mbu==gD8#3)9LAVi=Hcl}QsF{=
zN<weu*rSu9@Z6*4V*gAlEPv@3`e-clPHuSM`YBj_RVK<09l^mGGy7)nN8YU6oP&r-
zWAWwN7vQ72#v+`~uYZprcFe#~GFF)aVXCZUZYe6k8>dZp^YNwl;^ifHXkHZK#cpNi
zW*LW!N%qvRZfn85R!6*YO*$%16{5s59B;g}0O@}A%H0F4>~&+ATg7-&v1E5?@xvO8
z;NaX<mEq;>HMshk>G*0T9hH*-uW!o3?8|20v$rn57uTj!kz_||@{VYT0)`F~Y$6lz
z-m7yl+p8Drf6c*TZ*521Mf36D8%yx%-Q$t&BXTQ!vkzwSC%g4nb>{?>?%shNw&D2h
z-HWm6rTG{eZl~-fY_iZPvMTd0<Lst9c3L_$nz~TiWrut2Sb%rV3&)myc_?gVu*rJz
zsV=C7T}mn*T@b45g{1J4G9>%<bQl`2?z90<-!mUiEslb@y$e=7W~@8bg8OcmgbBfv
zZ`u&pb>idg#hAHtBJRH>3k>;~vQ^>5U(0dcWmECx%2~K9z>L>_IE19}*;w`HY&<&J
z6JP(h6Xm`U_~OCYcxOoze%X2yC2f6>{lfZW{FGDK4@h{?Ck|EuB-*ors%|{?@B(bP
zI|GG#PUCoE6<*n2kLOn`#Qlro&>{==I0m`n*dx&g1F{Y#HxAaVc;iqrBJG;->Tzb{
zvRF}o4!EYM8rI=axOGu9%+zh8%rOI!cC!XvntI&z@?kvo&UN_c_4Dx6WwaUclTnF&
z%{p9n{ak!@NjMJWmSX$P{kVEl6IMO603Y8!4jyGic&p4vr$AdPL82U-%0u~(RNTER
z0qtdFaB$aS_udlJwf7;$suk}arOp^D@KbRgK7D2(?wAmOG8$_w$I(e1SnG5sKDr-2
zw0Pi$cP_;zuPni$1c&}0R73oI#rV8bgD;<7gh$5)piLGWbEqA3KFT&9q+9lv*|Z@C
z&7pBvwQ@f09pQzdCMFJYUFNUPjO{0ikv3rjRy;igIyxT{<)y1zc1PxQ>YrlIXa-Jg
zIthJ}C-!YP2{Y}bVi)-7WiTi*DT~@ol+|v|qx4HMl=gDBrJMap!u93q9eDjjAKtiW
zBv!xrJ%-+Y1wMUaDc0RP4t|c!xbu}`Sbit<<j%1OvF}EUJQk6DL_g`=YED*Q%EECN
z>Ryj?zpumYPp`sfvZvbY2+m_KZ2<L9WQuKCE%s4#Mm8Xo<35f{maAk=%*IDAOoq0&
z5O1CC#O=#7ktohi0$b`?rz});@xjW+=HlIHfmpY{2%Sgv;_+f<Z2IUjeD%V7Ts=7q
z`M+$zhF*Vs|L{C~a!n>$s*hnqlM~jydM@rva6vWo>rhS!dIDnb{R?w3wz~tz+HJ7p
z{E7JTfh^P?$i>^+PvV0-BVK*%TzpP@_Qd>X>K5rG&w9*8tUpnSWy>ewzT2~4;@ru;
zR<iGyEI|?*f9BDgjN90T*MB~Wl<^t(?4fyhWUMV#e9l0_(GEt+d!Kq|O@RDtJz0)n
zQ%4{p(;H3nJEBLlGW2t{a4yfmU5Bi(@uMs7*$WGC(^y|6k&vm7JNKs#7GvzvNjNW{
zlSyDbo_k~oK6`l)R-7BlI8o+;o|d$VO%$D0_JNbTOfpAem*|P>m`KNEXW-k%Ct;ki
z3U}tz_UkKyr;>uB$fYfO_W9X3CrnQn>tFb-{AkR+7azRx6HE)|<Lh^qWBcQi5${Tz
z7FPUO_~S2*qd?i(*dxtbhYCi9lr>Z|wJR&_{hV##6%d45FHOVy&wYn&8Yj5)bfCV6
z1LS15F?&mLwMGLo@DnuFJ<OuQL%b1a*N2M6b`-RBDXZjVi}DVNM4*Ee%G<h>$kK)W
zL-s$B73ygL&Tyc?K3La=PAgk@(jnE7OOA}pUAj%EH1;9D-GPSD7I$4d3NO9328UXS
zKq6mGiU*_k+KwLh>#b2u{PIf(KRX6Gt+HPb@dvrWh5^8V>UOv|JHXW0L7FrO33P_9
zbvI5_l6G6!lDr$S;hu0~^j_Fvf<c@M4Xig)#99VA{!X^a<EdV28~D?HRJIt=SJ#06
z7ai;}ld)y0CxY)=PsO8=6Dgyii}v$?BeS!bHZ$rwWLt3Ag}4Xx9G~3oH`O-603ZCk
zA`ACFwGMlgP4W1ViC{*X73@NX)`25+?dYQ64U6)Ci#SU<kIM2oEWZ6BOgZ^09?R{5
zi@6O4%8eM3nSi^8yW-8Ca+SwMM=A|4(X#qD>tNtq80oBBTpSVSu0tnrA8IhdMQ6{L
zvK!45baxtm6P<H=w+4Ys)2a+c^z>LECcp)rHX4-F8&GDlLXe{s$~Z2WPfwd(RC2x@
z9rcKH)!-nrjSw#vcylfb8ao-RF<9YThuHL>M4o%f7+EHF>~v-`>SztZIA=w~A$OM|
zeO(Zw*WgG=BO1Ci%Dzq!l*i^q1GDfRcr%-5q72F=YrggxG}CcLc{{;@p8jyTtOM$y
z!*auLPqtw|Bm2d4$)g6j>%lRKY^C$s*5YQ0pe<7ToS<hAwzIMY)^rZ?O9z=Fx$EP~
zX0@C<y`w!G%qG;Dt>EiugIXFK9}gD{p<JJ?ZGo(hlRHj|5vIWo@^pqzp9wjwq=f-y
z3u*LmwqwB30h66QhWhAH%kk9HCbcpMU|5V{fljEXZ)Ijj9CDkMLZ0sLjHcEO^w5A5
zvrpkqxUVaMY4A^$H=&vlpO=RdVqEP|*<e6HlL>Zu9a4Q9VeT+0a?eRZ0C`r$EL*Z*
zAJQp%2FaaBkM2&?1x2B3u@{Cslf&T73i~VC89=gsTL+8_(BXKk5e`;8D5k;lrXEO;
z*x6@|NCx)#IhBY$e?C4KQj5%|asV%STLt=cAdq};rcRZ1G3)H2{pe=@q(%03X`wy^
z2YMltvQ$&oj8jH7BfllW^P-H#yV#(x)__v^xhu&@4D*C5UHg%016p{lW!C6LxvAw?
zdTE%0{oLUy`&-qw!<)L^(rSc>2typSC}kZ<He`og*>6Q29lKFJOR00d)Mwd8tycm8
z%1M%+Gv~bz2bj^fNs=Z(c9#kEj;_e^w8GK)PFPc4syXMr%;v?G^)N{aqhT*<G{Kp)
zCwMucxvmLCl$S2@QVH@H)X=3M-rE_D-A3dzaS)tm9p|U3+l+SVnYV)tnks8xc8Evg
zn~Cr{Z#7J=%;3f6kbWDj?9D}fu}@Eq(b(1j4duz6Jg%quDEnB^K3LOfcD1&ntyha!
zUuP6o)<Wazg>(-sS}B9F*GwN}CoISvVOkTm)px@~_FuCE>xvwc?a8#yHO;N4ZtOyQ
zgeTltr?8=2+4m>V$%c9_d)8PZSa{51$>QBbXXJ5=tt~t_am|$D6mLfu8=G)MAB2x)
z`r)Aub|as(Nk4L@&yB3`lecWQw<CxAl^c5UtEQwtSGbTz$LrhB$Z=`y?2yWOT2lx1
zl()gf(+xvub9PjAQWknp-eiU=gVkhj&hhD1SUGYyw)V<iLrwKf^i}<V)ewJI>VXEO
z4Xw%}Ud1NS=4)x+lfCt{jqTJC>Md=F8*QS2cDI+l#hvp|t0ZfzFLs)Ng6Ll~^{=s^
z8M%U=^BLr9gX-o^n3cPJ1cje{NT5E;{!P7{#}@i16Tkf#G}LlFyJ>S1g52On9-pKg
zsN;G6T#z}OTe;TN(u&iZi-<rs`XSQKptpp26G;9m`xH^X{b{#qXdfkz_R(pTN2cAh
zb78c<WoBz--#s1u;Py&3l)Iin8-t@@FAuh*jczugO_oj2W_wT%L^qgW!^X)4Sw2j@
z=|}cAFyOKTtA7^$^yY`kBNkx{kFE61c<RcDxFp`0_Qr^NA6|<$^JMit6<3r_C6EqB
ziLj)dN;oH6i3sIfaZ0Qp$5JR6u0(q3vr9{VO5YL<N__#Pz2%x9mF5&0>D$A_77Z<8
zbV-YVFk0$MQ#FH@f`K^B;FrEF^oZk<EI`GtM5Fwc=vh6M_5#v}lnul$<Lc31{acq|
zl+K8Tre>Uf?@!pwphq&xGwr0FAXD*4nbIdeMjE!z0PJ~uHa`3CM?Cyv>2DVmOQtEt
zL#5r~Y?X6q-(<kWw_ku^IU8`*rpEqT@pS&NDbaXfxC^d%XEz!cxhp?;ls4*I2p-{y
zG9JOjGU-d9i(gVM^#$Zu`c}unuYOtvT$67B!F8sN<@g_sT?KWHrAQ8?-N3%&7N;CY
zJ-IHl3XM`nWKp>$$2?T%;DJh?DxYWg$72OpPsT6Rm9epsA|rC%Z$K3gItPwTXb@ad
zPwJ~>(ud#~I4*SzYJK@n$W_}Z*Dc3V=L{|>8-Pp7)OrF6z0#KD{8Anh$R(*GZB;td
zcIwzwKB@A{KjoSnP!8>4;!t;iFPyLViC%+FL#6BQ`scTDE_is24(;+wrs0iL1}1m@
zj0z?KO3<dlKt2daJ5~OaK3FDt$W!H-Y6GO;>@lgh1XLbLnOa9c?9Ul~vRtKGJ(g>N
zLutcf<*p*H^HjOUzcce7Wg>r4roup*cc#AJA`+1!d6cWl{=hz^o_q^Px%450(zle$
zIFx$)w6<aBl=0YmZ9Ep;_7PU)S)7UrQkQ=UZs|w9rA);q_yv#Bzh!X3OQBJMP?dgl
zE>t_nKc$^qQ$gjqQkUm)%pwJsoDb|njuk%eTj~fNb(|^<Jl0CmrtM+SOIj?Cxs-Zx
zS*2aYFSvw0IacRfl}V{5?bSI^WQQL?c}8|DWr9bgRhf4l4;;(DF{|@0_?70C`pS2I
zmA~VW)E|gn9k1XX2x`AlPmTxjPCb_E0&;$KKf()@H@`O*axC@aGtfRN<uWc-RP|5g
zp9(5%0&-3ImNJE>{0PW(!6(;cobvrYfWPL|{2~CdSBKmSl0kbgL>=fz|6hSRVP_kW
z|5qS_Eqnbia8Vqc?3JVjEB`FWuYu}X!L$!>vHxS^5@D%t2Gc$UD-7V&nWqC%=1vx)
z{wMHh5dQN)-lHSIwq&?skp5W^ofKOk8LB7c@Q=#>ApAXu&bD^+zrEMPnYLH#-Txs)
zRssTk4|JA;@c&ErYxfdTb>y$Z_<s-1*byEm(deH5!7<3=LHOScgEIWr!yr!w;r}@N
z@sL$+6SW$dku%dj8$?<D3WX6z{)e3TAFclnKyF_dI5zb*mjZtgZUMm~s3l`)V@5P^
zh5a9a|1mj#U`$d^KJv3!+1rIl^%;;XuBDyX^1#CXZD1MS+3ZmHBe%p`nYqfNw*L|=
zc>YR|_rMrTq=9&4f2u#qXLauWT_6rqGW|}<iX6*NQJY1deusvCBU%3x$gizro`vo|
z118RsvH)1-N_g-)b0xRd6&?BmgO~kfjA!BcNAvmz(EgVo3pZuG;9rIBAHl$J$Q?U*
zbpL1ge+CafM&dY|U;iD*8^V8Y|0bC)k>@{ar~es{#luaUWBKXw+1)5I#j%JDl69iL
z@k<tvYqCyFc}#Z}i2gN7I}4A`28C~y<Nqb_#{w1^V6O(V=4ar7R6hy^CtAwX=Trla
z)%s_b38-cAkz?VSe2XKOMNIry%d_QyIMupJJxg6FleRPf_Oez(Sr5Z=70zxebqBUp
ztI9RA2!<6dpP#NQsOz6(Der-e)Kzd>>i!1jz%qWTGz*;RN6Pt496B=vv)dXo$0sAj
zhwK;Q{&#pRWlB3sTeXgWQf{fI_NSf;47?^F*9YPyoi-G3EBQ5poDXboX`+Axr=;0l
zl%cT?v(FueQL@*F$x^Ag6^kxB2N$Kd_Zx{bI0hg&yKlAZZ2HxYT2DPz#~|=~<C0^w
z&A{XS3jOD2$}DvRk9?$va$_yBGq4Vit%X0z8~GftU`hfKTv#rKORA`Nq>X$_JIbJ5
zWJGv%rhkGQt2C(R3JsQWwXS@tb>*6@!E$oJ&9mcK)`PiAvT%8<7il1$2i8;Ds^^v>
zb?)>+kJ|Tdc-~*6fV3ZoOF5SB0rh`#&2lWCfnaFI=sDxDe26WLDCNAz4mV#i0#SCX
zr_!PF{lCMdT(`7QugkG|uFipc&Xf%RrM=~vz}dJ4_T6DZa&`(<E+VfDl89N_ooQ=n
zqxPvBs$~RI7n~!aaQ8Uc#ExDpT{a5yqup3OV6J37ntCvE!Dx(jXCJaiTBYG1@tH|Y
z)bKQ1DBDw5ULh~_L^ic*eHFjb$AGrVx#d{!53H*k3o^?!wXOi|pm%^TmX8UCg9Oa#
zH5He@z+-_k*U!Qw-)H)>l${xC|F<Ha?VSiuO~5l3Cex-!pfmuN3TNZ8pi|3jMfVtV
zB%~!`ZmMkOLEZfgy%v0OJP^9N;O66l>t@8m&5Agrj#7`GmL5!;o`orajG{#M1;;<c
zCFN&b`%S$8=PF$c(mcbW@X#gcn41;^YY8w^oD5c+hQ#0=*-Ne09=BXG7NcZMsM=on
z?tzuo0rMs&Ajy?93NKaM!Vh~Vth{X!l4MH>#Wz{{mp*7yZ28fseJW)GuKxxGv{mu{
zKY~Aaheg8QUToQ&hqZ-G{m&F>SZ(dBVXN$$(xdE~qLHXi46clg23GcyQ1-162Pp&Q
zHTm6l|K1C1CuPE5;<wgXW9hunxOZ$Q9SN_|nJ9Y{$&wgRT45&ZYBW|XWB>9i2E8{v
zxOD=?y3<g~#HbU%3Dn!$^zXkSeakg6T~^&IFJ_WV!a|Si{UYm17LAOCk1fljoQB9f
zC>YONF%~0SNr2R+;L4sW%3c*JJ;ZHeV-0s{rv?F1m;K28A6g|#?||1i)9}-|!Bi|O
z<;|;cZse7WL3pL~*T46PvJZ>!!y+WI%3of!a%NntFXML++!B^6f@;~zMsaAeyv3$}
z{|}20%X=S`Jw22=V|KXb>It|an#v$XiTLE5FYfYQh)#>amVTJsC5{`1FVBmD{G4F&
z_ynZeGvkmoK{7Y?c38h92j9tSs#)KTJW%$Fk+JYk!6Ctsln>lzNa(k+>fhHw8GApC
za@}4h`xWtA0szXDgS-M-+DR6~U|IGWQud6Jc7mVn90ZR97c6!jxYq|AhPCu9;}%}X
z{PSDhiKCN6VMY^l9v*n;s>zt{OW6@#DGF<iYc3v-+fo@I^x5K^p&^KN($F}tjr1dR
zc<4<2+lgFDcCPow;TL8=FLxAp?acT&4%x3o*`r657iH03pVD5D6SZHC)6vcbwvyRV
z_GGQm)uSRAFq^P(`zfq0Z|TR&woZ!95s!?O?d81*%AP-p{7YY?BVi2kZi%J5u@C8|
zuU{T*q=Le~ej4Sci1KrMg=gfw@}3(-j@0`7w8?cVsV9B#SjbeyqXLIhQP+nXm!-j}
zy%~N(N8!2zpiF+I%lgWE3J)!McLtaAFMX@H<eUA=J|!X})^aXmRAtyQ=6<<hNU4?y
z4z;};6SwH9GG`p2=!BKxge`q5^@xBna_U4eUfxj#Ws@7?l6_?46&>RElzq4?H1L4!
zg?D|*+H|FyNr+2e5N=BMB(J;h(~gtaRNmUZ$dG)KJ%W_IkPJPTIw2X^PISt&mCF03
zEPNJSwo+u2eXxJoPtCs1jG)*^oEzbw)K_TL*x>Tz6L9Bn30_%78JGRXT;v@k${Y)Q
z{qkTf<dSABb=yJ4(B1_{(J$3zux~3X(T@T9^^gW1FAvN~@}bPqPKrLuT=2S5N8!1;
zSCO=lGJZ(2%$G7hLYGC~<o!hU(zl$84)@V+aZa`J8V3Iq<UO28{pmq*VHuwPrHH19
zJW*)2`rBSh!f%$z`?i!<W=Mh|{R+XPEix$vFPxtNAM_wREDTd3<rh*`u#$EnU&2r7
z{BQPR5)eD0aln=1V$t2ufTniZarSY>UbOXKTy`QRda*ufRNkFK`!7DqS$vm8ClnBz
z%KTXN!K0nkknjDzM|jP;GS3{J6e+*rY1QEBWf|xzC_`XuC}u@i0#mt8nRN*b#m#9<
z2AkXP@%mgGl%!C`&G}XQ7005{=rDVDIO6pzmtV>X|AY>)Z(T;b`rQ$nlskH&AC!7!
zY+_sb9Ps4bb8xPgyb^)eC`a~eE7#A+p$a@!-rFO#K<F0!|3891wwI71(N>s~IfRC}
z9>p$!_<Tt`!lMImX{rZ$UHov-xJb;2amDVP`Ebe}iFYS?z>7k3!-Qaz=hdK`27S!<
zbY(xFafxAwb?m_ILK7BF&A@e|{SoA^M`nB!rcp@?ODa$okcii2hG6<=_E}qlBXxGT
z<$^5C4A*1fqTz5lnTOKgNZd0c8i}?&Sbegle{M{j@J`Fb8#DbeA~_7ceQh{&umdX}
znS$}|c33bq5#Aib!Ln9NJtqTKjSfY8LLjne8$R5bhbH-XSVspY%pQkZGkxLMWxx+P
zby$4C1Y8;Cg?XdHp=oTwi82F{GU9OO)Ho!?cw<&d1bS*pQDoHNMrOscsQ5!e^eCz8
z#`&{{;(`cUY%ghrQ-BXf2RR}wEezS7TI@Jp3AdPNJTor=S;>CNej+&)c6jmTv6xI=
z80y+kBH0HcVttSw?wgu`F~f%-+pY;!j-hyXUM#XA?XYEE6E0nxg*n56abA)WzWJpb
zal>PA!=xz89XSMn#wP6Rb;8{X(=dX<y61EWdVNE1@60%4j*h`FV>Ncj-XOAZq|OnS
zFBwIet?^@S1H6)=Fh<{v_)$q1>)MN74wPf=qH)j{o<>t>EMA!vj)e43IOY}Ow2}N{
z5bGQmjQeKAV_JF$W(3$^?fwdQM+f1~=_wc)>xqdOF^DoYqR2524^521xS_5n$Zx{1
zQOUR>GYA=(q3AkMfKu}F>hnfoKKYpu?T-BY1qhfh4zG=NMRaNuW<<HbFVF|)jgCc{
zdoQ*fseof-1fE@#g6u>;grXA%PW0lX`^O{8(*a8-Mx(8u1U4x{@#v%w1Y33BhunJF
zKN?1VZ`?9J4P*Uu*jrqOfbc-1_&H$QlvE6Bug0%s8eBLd8M8U23q}T`B)=MnjmC;8
zk?3h@MQ)vezJdJfXh-y@(RgaIKjw^%LQh#WPB!)8nq{LgKh_ng@k6jI(H=i+E5)dZ
zDU|;ZB$GGirTe3}q7F4?J1k4~z#BV@mDhP2nj2AP(%}3V!>}kT7>m+8v2j}&BC`^4
z`{YPW9u|P&{ijjiOK0Wegjv(lsh5s8T2PM@Jv!XKI0KVnyf7od2c>mQsFg*tG)@sw
z!MHRt00)nj!6Q5j*JgPlr?wlnQI5`G{pksQD6FhPlVdbiPSIiG-g*qB<6Z93haIJs
zJyis(ZO~FyjHuLMXe@8S!#57clMj4}<Grr9U~UGMrupI=>Y~QjfV?&jJb7*iHtsA%
zU|b|Fi}%3s;zpQg@Ff6n4hzB)GZK-J6o@bwP^9z2le43d9v6mDeoUHnHsY%5$6;x(
z4iiSjBE_K_yNg=TC!Vym7gIS`H)jVUKEe)1PaARB+@UyUSTM!~+M=@E1{YA@j~p+9
zJ}?lMXZym*%>zSqoj6!*K=zn4Tst-l6URiM<76pP#tcJnM>PtHU9kG05jeQ*FkBK-
zacKmw<1_;k4IM>L5Egp0;g#J@SU4pfJp~o;9h;5EhB+Z^L_FpNS>eaMwHPra5ye~g
z!g_c%9vJJ2@Aq*Wv=cL_uNNgcV%3Hc_#}tp?&(R$O7cZ!hz~jn^RXtMK_7#6_s}3*
zKPMRzJT=%z+IsyWu!1&Yl<e6>zV54Vz+=~DVP1j@%1$@oat7X0X)9-Ehr`=RkC`K)
zC|?06&96e0-Vd)`kb*4EvChznQ}POYIy+}~SIkTchP#&@^D?60*VBY@&j>u0=768~
z)*vx`2$m$e;z(hm@(vf@AYa@yCkewMJZX2L5N2b<KK7kCVFd1-;E##PA?Ty*=GAL)
z+ohwhaHtPLI2N0@Xk0(a6L|%7=m`qJY?pTID!0R<S7&03pCc|>l#bQ|$5CLk!TIyD
zuq@RFnZqJ5&X+P>T8|FPPk86f$iU@k-mq(Lz_xZ5oR{i`(5OIMM`!=#jw0xT{cy|F
zWQ<Yv76UdPX<!~A0Y?}7!XhvuT!Ux6%|Vw>6h1sZ9vLZN7~^S$O^54{J|-TmhYz7H
zEE&(w4a6@;J8{d>G|XfYGbhLvKOCm+i~M(VVfm7=xRQJyK^lhzQNJVoaS`o|v!M}3
zT5NIMf}zUZWnm6|IB~iLU7jI$Vv-(LzpxkEY~1nnXm`B2wH%Cc6xwuQ;aKF*h?h@v
z<EC-J*nhYR<7SV-4MW{9Vq_dH@bAH@{cRYR;fDjeP9ku^Xxur>0c&?wqEDhCXII>j
z9e@p|4Y+7#|6Xe6WJe&XuLF4wUU*<$Ji@fyv~e|XO^L^oW5SS{7>bFs(_2o~DL<oD
z0xO*xZk?5cNr^$YVvIkw?JQx=O+Ed8u&|rG{y|`rICO|FhUnSU(Fu!3_~6;MccRQI
z3M-PEanCzBF#3mLW`qvb-u_q=>43Ms+JR3BZ1LKKF$^R;am6{F*zo;cJo4p9Oqrd9
zM7=#mrv<{gx(e@pcM8XfYVgDEB5coZgQ2k!cRl?hF8H__&z~oIlK@kOhrp1RkDEVl
z!jspfqL~aVWt&$v<jD&%IV#ddW_Q$8;Ks*)#)|LDF(x}2)@BW64hx0xbRJ&b(}By+
ziDFdhgUcp+V*NKe@#@Z63<-2*KrewA!Jfu$-$`sZS&P-13gMBQhMOYV@yN%!amR)h
zyl`VW(5T1dQ$um`m;HGBljE2-H5S2iDwEGih3DxU+`Qr!RBHpVAX0;O4>sWBu|oWE
ztN}irj_7Kv$9q2&Avz%fVRk-v@Z3<m@XQ*l_^J$(Gb5GvKP=Aj$DVDcX^5CHi(lx~
z;TkHRwxtX&ezqT97jz&wG5~RoX1x8;ab!(SM`*(-+<x~@IN+U%mFZSEkzbA%-q?i8
zUp<K{m!!j{tPV#CYVrAoW5}=9<FfIA*!#sM+;i(T%)Mp?hB1hgy9{VEV8{MS?9MI2
zq2mqEJJ`b7*p3&!D@4-p7<l%Wk(?BPP|CrB=f+|C=R5K2*C%nRoBS8a;ykpsHsS40
zw&L0s4<Lz#+sDQp3$kO-Rb7OqJ~{wbI>;%0_OQ`=;O4QOc<hb+406IT!L1cfKJgvC
z*xrqcrzK(h^h87!AHj`}Y(h!9JNe>?(8y3^>e}!q$DKGl5eepUWp9<lVbO@NcE>}P
z#N+dq*5ICxPSemu!G&_RU|1Lm_MO1DB^q2iJ_g6P9mU#{^;oroN+<@<+6rwoO*lw{
zvgVf)I96&xh_@3ei^}o9r=_^|iVWp>^2XiA@yL@u;N6pUxN}l4s`i$mv85g_|9A?G
z^2kgw9A@t2rG>cd@$Yf|nr1w^B$o2qg$b!)=&G&6bMNnfU8)#cXM}_VU`C(~p8tF=
zcDLwo&lGw?CJ23!Q8Bw29_>fo^&mPr0Wq2i-1fka_|_DHm#6t)Y)UAO{k#tkuRe_y
z1`Sfb+t7@)2kOvSRD#u;8*s_&R0K7aVC5$Vk<;mbD>5QrCz%+t?S^)1WJY<zRnvjc
z_(b@(nK6BG62h8G@Yp8@aEQU;<#hIXdpAsoX7<WV&Ogu#BfS{iOZGMZdO7jG9xug$
zE9PV9iC?hhv=y>aqcJ703-5oi2cP8_7%V0r$iW$78KlS^3>Q}yWCgjwPR1$*veyOo
z%uhyp@oBuY`WQA>8eudvV8uIIu=344a7;`>nzJp&Wk$oTp#raOEJH?mG=h{{9vl<-
zpURANm{SK{_#z*pMlgdeKaIQZ`vDccu~-!4il`7T_-WeV9hHE1TO%Aid@w55j#;@M
z7H8`49`*2s&l+(5#pww0cEMBz97u~-HgSv6yJJ*x0D@@vm0v|#Kr!FseMU?mLbQGG
z4G+Z(zivGI;Za0VCS&D&DMmA5Qp0h_SYLej`3a1k%3!E67kAvT4!I%exRn9yJO&kp
zf;>F)=@D4FIQ8Gjkz~=@8jWR4+Hz~~?cO|`+6z2*Z9LY$z6Q6xavIARU<TS-VM3xm
z_HH?eLkvKckECquIEv3t*x;S>g7N74yHNxuj2YsEi8C|cbMO%EdH)FZH<&mSr6Yb@
z!QaIWJ9eMIyIU(Tb4m)rdh9S|T%dB7CN?IV380BSn!J_($Jqr7nPlzUbsTSRu3)g3
zhAi^(#ECrI{KPtZyw8BiDQp`v6xaGS;M%8mVnbd%_8hE2M|l-K`?VOp{(hJe>PUP#
zCO3g7*-!o2(}%m~4na_01ZD=C@xkZ2urc3+McH9+ka-p`cVk~pDYhJ~z~|d4;q9h_
z4zz_|9)nY69I`d`IEP78Y0e?sd*?c6hmXLOkrJ$spA6PLe06AVY(|^B=ud0J6R&T;
zjjtR+T5<&Z^)@gVJK-A@fQM#A;0w`h81ccUzv8;*_8~GO0dYFczjC*#2a_phnz9nS
zwyqjWCdHuQ_;Gy1BzeY&FeX(oIN!Y$H$1ZgKjgP6FKP=Lor?BDCt;A_sh|-~OnBA1
zfoDK;!p<I(nPfP!pOl0!Bsm!I!22gKacKq|>N-%*Bq?sfFg(lT?Qz<G9tn8l4hh@M
zqAbXr>6sbf=q)eByT8<7baot*%u4JjX~ybx$IxKqgGXq4zh0Mv=hoyxGb9!l#JQ3d
z$@~RO_~hpUc;L}Bc*hWo$0sxDleIPf58!Xw_D@5f^5#l;3#&$JL*su6rs8%SZ)wBE
z&E;q}w4kus1ih0D<dw@C)*XPUp&j3?D}upJi{ROr2+J?V_a~ZBUr>tg3woIGIiRwl
z7N1h^I?0G83Sn!T5iKoNi1gOslaFpi>52@v`}7;gyrK$hJyn4wI#aI*Ke*T#DOhGy
zHFuIePPTGO-4<?6R#@}J9XR>eC}!1K<qd=db*)%?v<Qb!wZg~S7C|GUpern8c1<BV
zehS~0ncyh5&4@yNi{5DHKwD=Q@(n#$cwRbkK01OjlL_T(Phr2K3l@y_fm3@szBteT
zQ+W{{+t~~Rc;VckVYvE&>8SYWa@?P#Lsh*2b)CKFki}&*s9h}vtU6SJ{OS(0(`ZLe
zWfm3_fi>@3ffLV6K)hoo%rqQFPZi?(Q?*nR0u@Xj;En`Od#u}BhRVh|94qKVZ<i74
zatd&|wiB}!q~NaeC!=KDrMM@?28E_>IQ#nJ<CiW%=_`{E;BLhXw+jZ&VO<?F(#R0p
zKnL>LGZ&(M-F$TA)u3H@H#+&)(}PMnuTIO)p5^h!S6dIEwyYhUT5H7nTPe3uHJwd(
z^@mcdeB}}>3vEYU1C_-}41#QF;E3DqUW}Ue=Oa792`&yg<z;Bw_f?^}p%JhCT8K^t
z3i68d-MjarxgHpr6@%Mmj==6UH(}#d0XW1Y{=)1?T)5;MRIa}g4^MFA*p14q`n9`H
z!(7sigQYdtdAuGc>l=|@V}fl)ES5wB<K34pL&>YtG0epTBkjVm(lV?)QI0JI?MPLe
zZ@aROPpLs<M~2OD)0oH`mm6D*Fj3i?>*}%hWH}5+I1e5k3ND`!87TSgT6}a~7;I$C
zQ)?H@G!nJ);wME0$pgw@bdWQ?|MCu$+?xttd1Tq!hy3DdY&lqg_O^Pw|5FWuBJ?n~
zn(+SC(+slP@ZEt5#c9~m?kHxNM$1Tp*woyP^hLvQ*P<~f`Qb{uJ>HdBYZJCJgL>|s
z3CQp;qtd{>C9v)3hM9BI+tChqQXZN4efUEG8jKzIW^WaOd~Dz?bkhkoSC-&tn-yZb
zeQ<u36Fw<y!xB2?55LQ2eIwSeelROL+4Q1CS<u-3HcW#UYIz2(2Kd4|O%J}?S%xto
ztvKh6Qo!F8*<+(ou%iGujh)zWuo%@0Xyd%CP*2&CmZokqTB-927RseVtS=JT*K2fs
zl`Wjl!cI8r9Pq@7OHlL4Jj|yJ?xt=w6W?b$86cM#p|P_;ga_qT?7jFS%J?@7DqD>j
zWX>9f=dYNGigj1x)@Uo7F3HEihCU?t`QpL}zF5047oEKft{I5BPtL@3SqWJ4@%3n2
znT!I?`}TuHXmm}$tJmpp(bY#0cR?2BIveoPUh-BPmSy<L7w4*jW9TAJ<gwD1>-Nw-
zwxZHxjf`Lo%=S*W^OEuS;*GV~TGWB%3zBf>h3BAj<Hfi>7-;a)Bf#DU+YVHrwXO~?
z?J9>o178J{+x%wENe^X`nOk}yt`G6Yi!WS(ns+9`vDJVsX4c0G%dq)mjS?^y7Sv;X
zUL%fIHR0ENB{0>t;&4qnT<xr}Y1JOY-mm~KPj#g2?2=qm0eMUJ{-eb>RBXWElclV$
zfxhJszNqoX{A^#O`dH!TedUxL5i|nFy!BwAa(5~xuN-@eI^p4H5BD%1<gB^{>u;A0
z8!7v{b|W`D1M6>&Lp^1=yG8Esao!DG9F}FTHjeSw>2my<Uya=Tb%>&)9yi<@$9FMl
zsxx8#!4vqY)CfCEa3!kN+|h~l4ioaJgLde_)|@<46g6Udl?IDOIwNCj8s5BpE-E)%
zj2XIi)JRY)!0v)voSB!kia^1ty$zQ>b`@IQn~lloZm=P3-8wyPy=*eJe)==k?5~B+
z*%`Oqz5vx9F2wjqXE+GW@(6{p-`+^wI$DXsDg$;OE5rV>W*jW5he>OPh6Bg3J7O44
z-5rT)`hp%N0Z&eL$GzX?_rDLTsueptT#+dFEJHg3eZ6R7@F1^5X>0Ak#$CBE<u&0%
zuO8<F(f)_U;idDUaQW?D(@&A75&)fP$8*k8Wl1?c&#gpGsR3FiI|MSpZK2((YBC}+
zD-8C9&Dg|iwdFO~O<$Hod!a04pipSo_snxApnk&*czukX!5s-vABFv!;ZFoC;>WG}
z-vPtcIx3gE_(?~@Cu>dQ&V~)oW$A&uzCAiVNXbZp(){7h^On<9a0&N>i#07vuRWF6
z9w(~0l>KO&lyxLlu(xL>Z>EzpxM0hDQ}DpNhY)zpR>+nLBGAg37`Y8crIR%reHtz7
z9jwtsp;aQ%Ucv2y(nqFa`M5jba@9r@m}Ji&Hc{HL9|k2_4xoz$-N(lb&Q=TwoV+nK
zz@Em2#0wCWyctt@j>|wJ_f#WB$d0Jh6!1__B=;I|h;|{=j~TL~7;Yyligtprxr0uy
z1&==V5dxA{BIKgg_~KYQ9GKzT3w?BkvhRXk1dAEHydAZtt_iL6Wr!O8IDAJwi_}N=
zql+{<lfOFYUxb)UH??=7n>>j2p|@%2gOj@rb>(mS*VLA_;K?UfBP8_+c+GtUA6EP0
zgNxJf;)8D^aPb;6F;kMgLv)P7wRD2UMg#Wc7Gl)=7vP!r6sA7E9l7nybmWl`LH4+j
zU8rSIt?Waj=iCU*vLBN?B9?tJ>^vM%ylpGICVhf)Z(fe4Qb?QZ<ki-VyDpyr>y2yS
zGx0rat?q)3L58cFBO+vPn>Jv)WEFJo$`}MUhiYhP#s^<+MsVf|_)L8lFMVHx%1#qr
zeCBibCq9P2<zL{lg9b$oWPOMtf8?cN*h!o0QKD^VhS6A!_$g1qH|rTBKCl~Ity;M1
z`u7yFr~D{(OP-Ze7P{5v!!qfl#h(1Jm1pkE#AJS?zU+n5W9~t0_AtDj&<*d@hcWAu
zVnwC|kFyva`K5!1kF4qH_QT#=M&rEk_rU+o-7w3$x~b@Hp3VqzC9QM>lgIm`xrCXz
zofSreyD{+TL{ubs!XS=*Pnj#3eBrl^4Ku#tI=ub*T7;xO4(}PS;hCer(T$tna_Me-
z@Ze%hb*B!fuS+LgHnPsFvQc@X>G)VDFlt6%fD<}8`WPgzp5UiZTStSnZ1O~8S{2h^
z)p2UHn2_Ksuk3}tzcV_Fbi_;+{A7n-8oCfq7dVSS^YlQR8^^EejNC@<?L<ADq>Zep
z>h3~oZ3_}&I5tB&w64zZ)zN@50SKZT$Qm>ky$b?$Hngv#hqlGo*oIz5I}G(EUU6zV
zPkegaI2?NUJvfZ{2-}*hmGu?2oO9XZN#<YfLJYK_)*QDY8{}JiaTRWV<O>9(K92Cq
zR^js_X6z_#!t5!NFi~58?@k)wKw5>rsIJ7Wy$296ZYA8aUc@awl_Q7F&ow>@iyK<-
zep4wDeIlT5CQro~2%iZezv@0PGFNgac2dz7%B8Yj4~>5xlbto&PT_*(8St>_Ms86H
zR;>5}!O2g+d(oTt?6f^XeeEe999KIt<9H8>rG>Ww?8lb0Dn$&^8_ZQ0HscBS40{e~
zkL_eW=cuf&u(voZ37W)K%K9?dBSz+1_D-{*9yqp^B4*5+=uQ}qS7(P&ZY0|4SA!w6
zZ~7j}rJnN}sz+C24?f;khT9iSLb$0yc}uM5T7UgML<M=kQQ3>k6)^!?R9Hvg^lkA7
zNxK`75A8#(*$&Pj)|fisalCH`!*`b?krs-*tT}7%Qurr(BFR6|Cxw1l`$M@hnKeim
zLfJL6!OGhYah|mG118&=W0bW~olII~eM!Gfpw1FU7j10~1Gr0X`Vjspk0biVHTb5C
ze6ZsLvFjQpo8F$3%?>L(|J3>LeD@u=jQbGl@;lf)<%&G{VQVhVSuh+Cwq`6}J`>J6
zeunS(cd@RDazm%$@9PFzs>T1u-d6y|bscMe%M4;>X4$eWGczS|5(n&X8s>(fNs}gN
zsNtr;h8Z1>?U<R_mTbvlW>~FO@PBiq_1pN*`(M+hef{6lSl4^uoH=vm%*>g&a7ON~
zS%hx3E$^6^XyZlyWK~|9wiDN$_9*T+o`khGjzrj~T*TMx2K}%B8H)15?CJ*W^9IY@
z{zIntD-$l|M{@s|WQ{YnW8}47&V7B9*;m%r;ki2}K__1|4Gbee>J5yM$hL(vNnj``
zJNjsg%nTg0boNT=s6?jt!M}&Lqg#W-1Sc9QUBt~csrO4ypN4aKis4B7J#O68fpF#J
zqW>Nk=*=$yc0#;i$z!3Wpeo6)$V?BtQMb70#Mn)b)6HwW9PHruSUhmw>G*7p15bQ$
z3@ycb@OFs_uiUW^FW)x<4O_P2^RjNrem|9s^*MR%DQ?E(=_9aYiVhF0ufn}7d(Ziq
z135rwnPeGwg_$hd$_Yi=)`l(32E2I9c=+o{52Gch>u~?}8a#Uc>3H>`Y#3eiL^*ga
z3b6c&#&<%8hJ8EmX`Melcz6-+KRX=-61jNU!gB2`?PxXm;i-#;Vb6!(<NL^A_~dsB
z@Y!vdc<a^eI964KW&7NC@OP);rEBxi(B1``svQr!y&co8JQFWJw-_(pGyz%RW_0d4
zhRCU7an`g5`f%L?{bj$qRa*3w9L7~^+OhG?%klP;i*Vb*1op32>9a)JiV&-{@X%1c
zwE7t4oIV-v{eC`f%C$0z^e8!eB-(rD;|+*fGzag#uoRmgodu7(3Ev#7!IkIF#O*hX
zf~&PlNv5@?upL+ZW;$l+s_@dbRy^^i^YGUf&ck!3$0)bymG&s$4M!^xoR@_&XGL?;
zau3`+Ak9ifYAU1Ti)!sL<FX59;{7{Dpk)1Fd|X3gCOoE5ShcGFNux*N-g~DYQcv08
zSbe&_6!R8O#p}0EMY>(Bd~_svi#lWirLXhV_uJ8yl8yJ+hu0rI4X3B~<AJ|yK;Gr2
z<CW*m#2dFwMpl>s?yhd-BP)>!$?YOfbc8%NmC;gr6z6?fg|+Woh1bc?`_4#aIZo2@
zk~bAyMQ=s&70H)w4LwFYdVU^dXAl7$-pz%rIP;tdSe$90f7(4DZ|ss}?Jg;=!sZqu
zK7RIWEY0;FNC)52gtsd6`1tnmh>@h3y)3M)!IS%%@zfs{;i1!$2cjKb>Sx4t_M&_|
z|IpbO*R&TeY;B|g=|_5cJpORseB736##>v86a&>MFJ!T8k$JP#gcV<|g=*X+eDvZ{
ztbA+^0_}QSeAxngba^^9t=)(HT|y@}9Vg0z1!&6~jmzga@xXh#kTGu(Ub%Y~Zluh-
zv+)?3C1ewV41L(R_BfIkMB;~+HnFY;4}Q24X>%vC{A}Dj+=}<Nm!a|4VI0&Z<H>tx
zVP1#{)eUXPn>!gdkMkF$CoTc<f@3do(k~H>rVpR3+=lX?M7(|Xe7w9Qje+(d>?<n8
zr-eqm_UNg&Vpt&Mf;?8}=44z`g~!&F<GPDxDKFEXGfab5x0hhTX_N5!AEqL(vlDKX
zm4K*MW<5H=F7k;jE4=dBsBY<BZ#O<%wI5?opM`h+vIKA6%<=K>$NpVqh^Di+;+3`N
zH`ytF9`tb5so%F9-*pD#^H(myUpc<#<nkIFu0Hl-*8xT+oqf=DyBMju1~T?~+oU~d
zlZis;68ps89@;-8mlR3tB7em0s3}_?eYO!VRG9GLoiniEixr4C>lD0AS>H~5?W(E7
z>+33T=6Tcc<{i@!XY4_f*jS=bptlEw<?T3k@dS(vtHBi?H{s(qufi)&FUDi1#-Wou
zk=!-%8nxoAvE6>*YajJXhKRPhhml5eXAjb*Ou-kAjEAne3M-D(vJK%Shm!PbEl%8b
z?F@W)=}46A-bZ=&pm2Qw^y&WCz3MQ!CCT0(O>$?^?DWSy*RcF$qfoQ|5Oy6a#>+dq
z@bVL9;t%uX-L6)&hUH-Q%X2Z?)PXPdRny@r!;zpQ+_^LZdWC=e%F}$|pOR~d_PvMm
z%G%|7(HxzM_a8U~_fHB_(w0bKK?T^i`kGc~qN4Er`57o_>QvruRpueegr~I?A8#ne
z8J8`@o3w9|Tg)iYwAc+!`o)FK(1ipb(&om?-yB5xtZ{hg{;7zR%-Rx|(^h`>?Kb>z
zp9e4Bc`AC3ZbM-1NZiLV(e!)TwI*DA`WQ@$Goi&r8D_&O;+Nb=!gqO@y^VpiB{36k
zKDQ9_9B#a}x&jwX4#LZy6#~KZbUOMGKP(7qx0K5p<Rpx8MfxQoY!@5F{ek>l)GP8s
zk!y~lWaICrzNmY;@cP?p@Kl2zR@^on$$C01if&5|E@}wrkep;9tt!zK?rZ3rEI-hS
z`)-(p^x9*1sIV7*zLENN+YDs6%kbKkI>r7=;JS$cZLK{5AG~rlrUt1|CzH(}`~TJO
z%NC9k*PDNV^zgdfoTxbACz$$itl0y*!vvGN3pJcI{K#~7Z9QTyz6dWjeut&IbO`8e
z$9BnTrFf7U42yCgP}7f91vQGH2)62!M<X3#1gPYhVRrPix8iWS7SrkBA7Z2@k0gp(
zJqUFe&_d79)vH5_pPEhvuUV`Z8*0MF@<wn<Rw6rU9cIK>P{N3<zOz@!D-r2$Mtw_%
zl7lG0qQ<c%7j3%<c~Lf~T3WEDonC7{9RM*jGAI;0f2$d(4lTAEuSc)ZhAA;N^mTM%
zO<5ZUlx6B%2=zBX+hfA(e?13}-}DN;tM7+1ED$3CbV?qG1C5>XE+H~v0?<c;Tg6$r
zhcveL4CI+<?{uM^-fS+TYd;l@QhgiBJAfFrTh>01<3XWE-aDWHiwSiik=F{#8c{=^
z*-9s(K@3~B2Tn$@IYB1$GkREC*#VuI{R_3Cna)=;X{aUdB$tQ07*<o$h|=~xq|w6<
zw`fsZ)_@{OC?p=e3^sA5ggem7I!zq6-p&qAbXw*4ZetrG47)|iKVr1okQqROU)_lP
zjGiHP+k{r~F(=#)YPU<tuT)1o-Hk3KCr}U_%cYN;3-bqG;*LXIh_R_qqGV|7VH9b`
zh;R#iHV^hzwovJNU=8%g=pa3vy)Nvfk<wXhaCn55Y6RKz%A>0`Drykruf2=%K?|Lc
z7>W>0FN(;|<88f&2{53%sf&uPLoA&m$pK}vS}=^`w6&_8vcrB4(w$5Gv`OwB(%H+w
zYxii7;IG56+71K;I+5$A!7kx1<yf2=E%8hYF<@(DE67sH4ySE{6*D4D*jr5*rSU5z
zt&d+d1Bbp{je~TQ3Xj*IuC)i3Ts9A}^#%BJZ#(6r9s3&@?a=9nv1m}z=4PJ^G(H|W
zjUHHRHVg|fL(@eWWcy(OPNb2p<E6DIa+B|h<HfP-@E|ER2<Gli>?v=9GuRI!1KIzE
zRvZ%i5^>99)<iir#G>cD@z73s6-bn?UEFX6IWdy_svr*zN_kEyW}5?fjBrahhVrPi
zQ*TC~svG6vISQ^p8xh4ZsHOo|f;~=}2D6zH>_D!fEtPCf%F=P06l+ISLpvI&pAF>u
zz~oB#p?)Mp_#xV)LIGu}qFaZNkq&6OJFvT+ZE@mv+DvF`??8u2hX}KlINWfFbtfKw
z@=NV;qh7pN%2SZPUC9m8*3yQZjkH5_YGVS;sH<&7r`$QDJX(pfnlhuJYz&WZz>hk$
zrL3MZrB*WA$}{~YP5>cR108mceDpKW54NY_SVe1lQQY23S>#wzMpf*yjr3MiZo(*^
z?d>i_M*8WrH}~i;D&C1b$Eu+B3q)S90e#e?wUWn)jzcnaPV%^{sdB?Xyfxz0i%!xx
z(D3^3FdHhG+fdoyMtVXp!Z@)MRyQf~6>ig_P99N`yeOLym9lP@R?mQ;A0?dZt>lf4
zve~ZEV?v}A^&J1b4J;#fm^hP5#@zr$^1=QVIMI!*<*jhDEm%`g_0lk;T=WTAZG*Xr
zsB<aVX}Eoq6R&-D7`@bmon<X_)cRqt*)bv1h~pezvA@k6iwW_5=%MZ0NnMltUEvV{
z2vv9E2$@MMgG!3o0R8ev+=ygbKMG12L^1$~V;~SYb|h{XZN+b%U5iHcNqPKF8y)6v
zL$ZPVs`DscdDe9FBG74qnl@0ToyZUe5}mXi^|bMlZCLIEaz0_yic3x(hcVh(T>AcD
zj7kbd7wvPCs|S^|yEZ%Zj5e>qO*<CjkMgQI1cwB}OeaAemp4)e91J8nY1d2^BRbi)
z4%*`|qejUE*Gt(7W<XU(yPFekhrY{&a(xg!TN;BiA6tv#bVvdt!tnT_R6P0aChSr4
zp0rV>BxhL+ZCA16V4{3W4kkNgUfbP;deRfkIj5nKw%01TdOA6mXpkT8kAjMN#a7EB
z5Xp&E!hVEMADgL<k|!&I&R8S)%b5>jV(ciXXh3C$8Y2_@lpJOS<xQxP_Yjr2nmnSj
z6dU41ilrYbOS%wb>_e64yD~@oYvGr#bSnl)xpgbV%07Pw6-kLSM2NYI=2ncn>Nj|{
zW*J6*LV<Ho86@f!kO{#Xolr3pp_605sYEMsEcjU7_nLsxmK+PN!E17qon=g1QP-%8
zQ`{W}cXx;4EmowsTXA=Hm*N!H0>!1c4THP8&EW2CmoN9bZ{EK***{KlvL`tw>+H;4
zYwhQ;Q5`|nuRp)->OA#4#3F&zF}hx8j*NCW2$Ua{NJ8b}uR(ec?KkU30<9c3-AcC>
zn31sH?mzmWdSg&KSU2lN8WhjaQgGWm$#d(Q*)}$@U#N$CprF5by)iDr-*<j6*>G?(
z;fWs6Nv<kos=v0=%`!{-KA+ghuHbU3Zp6rnuO!*fS(4dK%BOE7+Blzx>@y8HPcRWf
z_jx>7VP9|;v6kw`DI4fSA&asR$Z_=)zE2}8B(_0E#|{bP`FlN+KT9Ot^y_LCm^yBb
zDu=PYG48goMbjU^O->HSH*Y%Y-<8ChkhFe%FSh%_a!Swb_$(l7khv>ZL&#zw?AEXD
zdpm&t@HcvY=gvL?SyNvSA!_&8X;w3~p1+mhG-vBtd>z})Yc<iY=IkpmT|&;>{Ych~
zGC(Kg%`p$2kBW|Pb5jI$QtVlP%s`uGs;g%*^?g{tzL&U_{Mq1_OV<t3OX%Jgy)NhS
zlwAP_FCc~6Ls3e44z{@$efKxwkVXHQTnBCYu9ls(&%VN?3VOmgIvuYUGc=A8cb*fg
zO>FjTa-?;bbY`*7-vYFQ;wP0SysYpZv0fng4CB{ru?1|Ms{8vZSiT0L-sUf`hJGvj
zb(5S1x~HcVy)gC$xkC(4=MM}w*VH-hYlq3Tr){=+zKgn^Hexx9UUh1L$wmXU>T7%}
z@k|CQvG87A^GxquPk(Ph9(Gv&o*<Jt8`u_eGgFVSz57du?Q(H5-~rb8VFVTo)EoJX
zE_d^c@}{|`;y*|)U7kCd;74*YLx09?F+_<XnV3FurV;C`-NS=Vs0NvSR+lR<(s)X&
zE~?AP_az-uAU{%=Epiw-KX`d(I)$X-Z+}v(wZ)aPaoIcvzaBj`6*P{z(Ag&HT^CF<
zHEcNDl&JLR8rbGf?d%rSka&$EJ&Y7J(hd35yd#4b^)ol|L(AjF&EQ3xga{udt#-Qs
zQe{MhesZj2gfHxLMLz%q#KC#Nh~1TU!<Io%sm0N${c7+#y8$qfK`B3&NO_4$fuf_z
zrb2FE@xeK(-8!0PZd35_QR@<I{CMwbZf=Ngq8N`U9#qttiDJ7N+Ui5HhN<)BRtWFf
ztwUz(zu=D|mXMv;B~QE0LK%4VXl+QJZzuEL%`ODXAX<o?q(X*2%@O_a-n`I8-+3>P
zo-p{{c?lqk-S|VEC~^H5FWp<+YBIj0Q4|8NhR7lJ!TwN@e2iYSJAP3Cn!i>x>)Zaw
z>Rr7<3+g{CcL2I^q@u!c4jm#W{9k>5Q(7p%0J!%YPRKueN$00-BL9!(rsivH^MyX{
z4{-H<T=v0-Tkn1)>ZiWwvvW=W-Na*Bs$wf^H}kQd6772qKUoKB*1Z-3rMX$aMdp3S
zn!zlQ(=IMH2VD>BE@64fb8FjaP9#7CMV`xc1leum(NN+V0|ofM<3)ZeebX2-!dwfb
z9_FCda(-$ULVxuqNnvZflbz^ah=A==sve<5T=qTvc@6`1r|nh8cM_~KCIJy)k?+nT
zLwqL?M~s9@<NTcue4DMd`b4?gRp%=?S+LSd%Dqg=__1Z#!)jcDCQ0uA-eY|boR^|@
zkz|)gay{Abd_i!*WXMu1b#}UC5OWo?jlEnKY%+#?<}Pcoju(d&M)TA-uku<BiL*|)
z5#s+HZ!{OkE}t>^o%SvMCpv>dmk`(3xrl81`NM0cL5}wa^s!`n;>N~Ye<n$SkYz)S
zW!y=gbZvqjaP$(3L2aGmTAoK*J1eV>`SrwnY-7?tnu+)(#(QD~2-zLh!jftU)_|{0
zrq~?oYe4|{xfa_E_7@8s{wJap$Knp$3-sP+d<$@q15%<OBesWPqw(tk7PWFtARH8H
zv2+;ZyD?9=B0-ccZK%myB&=Slb)W3<C`KA)!s?!dv4RGoOn+!$(FJ=N=|LYvz7%pb
z_eo(mCa9p5EJBj&ViEK8!B?NST8k6yF&y5u;sp5Uay_M{U$Eo$c<!z1{l70Dd@BI^
zh4j4k26R?iSXzX7?pqIM=oY&D+hrS*fFLv`;`c>q_nEY>36fIWdH-tOS&yubZps?P
zhtxG)G4_)%DZhgOo>EK_-v|}EX$$UbIGu!{UgV}&H!d8Jn4T~N9?fwx*u$ezVyyR2
zi=bdYJK3bx>lL$-)gHm@@WI09VGadl){UH>1CLKZSt=k7t#m>;w6zm^ww}sJQfwy4
zl%1F0VO9ts@t+ZY@5(=Z2OTWI1k!#k0BPX-W_WIsKdcgA6mhWbMUT+x#l{&gb58o_
zxnn0_`Q^yWFqbSXr1yn9e;EB*Rw&=vBbiWgV&p%u+70dB3M!oLnVpG6UHzuAI3Mot
z?v40*7=)-=adEn0XK6ic@{nSdV#gnz^N&=ky8;K5k;@i$u(oJ2bg2)VeIpOHRxuv)
zD*FC>>h9ZGKvb&7Puxvh(F^rpI(=g+>~pSN_H;&K)~YjQKbPNFizr4?CL2@9M8R~y
zqqzlf5ORDcbgJe12ac2M%y3fT#dAy9Y8CPO#l6%?-CO~R!_`GEe6*zE<vnr&!_rj}
zv1puDO1QY8=B|B5`ZpV|dywJ#v}c@h?`}G~fTeCzHB`A2S$c%!IQe_};cb<wtO=I<
zJQk&_8PNMCBgj-=-SeL($9S0qrwcK^`mwK64k6CKq_UcgeGN7A;?jBMuKjw3aZ}LQ
zg=#gdlwSp7-HuDaE26__a{=PuIqRk-wGmqm6<J|l;{!%}+|T9zIbol{>xc?$zyr@S
zqc@#00T1!JBWuA46#HrBOEZ?z`PxN0Xe#t++01B0r^G(&@4bXW2W+5qrX$B^LXeXu
zh@z)5OoeKca<+TsuMy`jjU0HHGmkc(Emr~z^X+*h)V)%K=?W)fWo^Da1w`19)lXu`
z(5O0|+;*N0rb5-3*`bgtKhNVxm;eKe=$ZvQ5E*eKH`n1W50n3V<l$R+NZo73U}3{m
z2(XNS(DSKD+SA(v{mi%FlZY!Vbps2x$b)Y`Z%PC;_;z(~i*3Kyc)tl|X>l%WGNEz1
z!xeYqxr-!BP%PFd9g<}#nC(1b=Ib|U2}@SqxB5JKad{@F=Qc{{d0Fmq2~HI_aPeUB
zGJNvG$LAslf`lynMGGxzfZ9bk!XPvmcy1@g-Iuze8G5Ek;*%UsQZyV~pGEL66%k$1
zitEQ$7-VWzkSvr=1D_AHJ5&P;PQaeq@!Aht9j+uxt{AdyC}m8nLGmSE{It2;=Wb0>
zns93XD&Xt}I>?>vanGW(Bs=W?jtk{5!(92utvPF><_wH;2Ps)ak*0Z1qt8v0`HOKg
ztaulmMzuN|w7u}kKM{D-{uLT(+^X3mo=riF+~~NKuvO<o_?Kp20!mQ@z<Buum=z;Y
z;x#g=En*N7!8r{cBaf_|zNx~$4a6c4Q?J)Fd%ob;*DWg>$>az(Xa)L|4ti_SLOVfq
zZV#Xd7iexZEc4D^3idbH+E&t(?J)9AvST6y7gzsc_O9UDf?b^e2ir#Up9LjbHis|G
z8cd)0G3`0?>-)n*JE4A4t6g=#KIs}ec@#)tZK8I13jNnJcC)4bvc39UW1EyL?u<F~
za|H6$lg{B0M~k<W$(gb_D0{o6xufx9e4IQBKYa`E5~`&g{ks%?g)%8Q-BI(bxHd2)
zQE)>TbK~lY$xTU*PSi^44z7cL_x`7qg|>rOn1A`7)Ov#sRm=akU>YI5{bq0Ee*dqp
zX%)0}8c9JA{GSnENZ_pXU-7p|7EY4(pSu(f%@Gt4=KuABr^Z9Zg#R_&=l^p$7~rAx
zRuN{f`!t#Q*m}L;(zWk5`Iw8(|M>6@_f8n!4d-8-%hr`#;|1QadH>;Mc){}g&iLNE
z^`yJC*vs`luTu=Y>q)rS;p3{C;4Qx7@j1`}-)OFZ_nx>dkbN+qMYMBWyi<4B6GeHy
zrz>z4X$f`B*yU7sbId!5nPUn~>z{ZtLYWPWx7n}{Dn`%Mib4J#{c_Gv%z(b8v5t-Y
zC$~P*VN)pWqwXfS+T|46@sXs*@v1%`uYPfJ(a$Nl3$d7}8$yJUoBBAxCa{qYEd*EC
zj+t#3cXz3u_vou8n~<e>r}*`!*SNI~SF7dRkX@nW2=Y7Km4lsIc*x;?SIGX@OO?6M
zNYYy$%}ebe{81hXX{86JKXEhJ43+DLOsFG`S7I2HtcLf3<v5y=$jfx-`pa<UOf2y1
z{j>d5Ss3?o-FsWWHnDH-B<+YYV30mgSd1d%{gYfKg7L}ZWmEdqvVyjYY8Q6^-F1mh
z))1<BztZcAj}@MmqYB$e%6-5t#w(HV!_UB2U8-A2<=kl0=Mvx4>PBb1K6~$DYknC@
zP12nPvFGE{>Wi+_rtv)Ylg%&$gVrC{%|X7k-#t*@*;cfa%C8(G-n)qe`Tg}tG{xeN
z-}%aQ`HlWHdRWXbUnj+GZo+V~jixx1+P-7Ay^W3~BHGs=@#zcV?*DO2LP;2WyH6({
zo$tHu*jPj@5`=aT^=GtLX*ZtCi+uaX2kd;4>1d)SdU9v9tw2ux6E{%j;2{0}MC`aK
z2Pyv}xrHCv{O&9usHvCmR>Rgy6LsP!$IPg)7Ts1;-Fs=SSrl-4`=E$NxN;CIApE&M
zFBesjFb8M&eYU8VDxeE`a%Z}%(Mi?Tez1`S*>TpAuDbhJ!nLLaZBVowt9p0Q^l`k%
z=!blcXa*{L$J>n;Ki}`$KJa&&%dC=QCkw1qFf|z&W{{%c#(@7?;Cc1%r|2wplNI_D
zUk_yKt`_LsO}&H#K73ON17?kNG2KG|kq)M)FaNjhR!n^{g9QA^=#pRr<9Q*?g4YP*
zEgdJ^+zed!sx0^?v;6HeF>~1HApp=&=7q(9dB7@JcIzM0lE2!ZI2kn&ub&h%ny)jI
zvk(J?^91M%M#K<)AJnzTxk%cTbF`;A6ve~cYsKa1a(VRB-~RGnB#KFr!@7g*Y#n$4
zzmDm)Q*E4;5|e>`hTcof`3K*9ALm*#4wOqSYTv&Rrinl?pO;K?c^X^{3s}v{H?uv=
zP%SF`(Y#BId!}pl;LO?Z=WaB5fs3g-ZL%%vW4O07bo9E%-MS12m!0q$Z5M{=NaZxp
z>Dabt+Wx2ev$q-&O0$SVP+7V~D!d=F=rb{T{)g90fjHzR-uI1_$U$T=F#5gU;qBcQ
zFh}zQ>ynA-#ls^A6CQHWd1j~lv120f2U0yF8Jx)rlrSfBo_g2#JkkyZgXBXZd^v<J
zSH`)vO38Mnm5;D|z4lHAht2&ZCdoam(l?XumA6a<*c>_^;5?dbUt7*5W-r0LX7EfQ
z+uORzBj0=sbas~T52WI=_y|$O)<Ul)Yl`*r<DOkPD6K#SZEoC^_JUAk3k9q))Ps=K
zL42yby?wD85JKKe+SI}9!tf~)i@_7D@94uwX)|EM1uNG37&TY*VY**5hU&*Q@CRRR
z6tancDCrswnaedq<tBCTW#080>CCx&G9@;w!2bGud^%ed-N@x)^Evd!<;R-t&v1j5
zb`22<+Po*a_uG}|8O0Z<*&?o_^Gj+<HMHMw@7OwRaPV3_sEp0bj&V544Rdt5@E!d+
zyYco4ySXJ`*rq&ij=bUTb4bQN+!nImA$$!{U%4yawgdSnRr9%TP0-c!FmXvD>`mrP
zjXT#5f9&N2L|YX{<W${}&V+;zbXuJ#r2WkwgdlXdl#)4!N$u#~RGhsMj*rYla+i#{
z!UWy?==(HF#)sGBlsuSBWIj;g#%z*&enezs=28<Wvvsz)s9vSQ(DRX{zkK?aJ*{M5
zg?{!V{X)yY_D7f>Z+BX~RZG+{42^U`2Y2w@ZSPJtiSwL&?&we!_N7u9{`{p=faIL{
zq9|FsKc9|xt#n|ynPuQcJZX6&tY^x|jElhYDSW@6+lUbIykb1^24f-I1$WBK)T!z8
zi83kpVy(m!voBwk06=;qtLG{lJeUtz{@QW}p(`M|qu)RslLnJMF1;P<^zCc}t;T;;
zrLY6S{LYBAG&f>~t$@Y-am%HXeMj<ziOm-b1V3L0?@#Z@nRy7PY|w$3j~EJEhCL1e
zWfBQrh=f1i2-<3Q!d!wJKs?WJ4@b*<TN$r{8tPC~A#vXk1b>~di&tqBwRgZSe=PLt
zu?w!Q9rd7`NZ#qHTO=>^Fd1`kgJKvJXU%W4qy9Xcp4m*(IsAe;T>b%f{M=PqVIN^T
zm?Z1aw}6agw0N*pgRR%ej?pbGf4JS%t&M(p3r&LeQTU)7>$$EbBXHFzQTi6D=+uWI
z1LI7Y6FGI=M&JjPR?buf?9~<PUD1)rCMuH9jScg?V8ncMm^w<tQzBY6{7tTYQW0he
z{dy{Q|MS_IZ=wPv+T@lZ7W1%-UI?{>SSA@t>Ff95w<AK_h>U;i@(bTm$%-gX5vN_Y
z`ddaw8AmRLED;W=tIx<X8g)jR$m;68EWK>}BzRmRyFtiU;$tZc9`+F;Wl4)cu1mIu
zB+5l2RV*gIV=74ze$`t1M27vG1@z|^e{{WtBt5eZPLy2MM$c5ZeFMxw6V&<0A%t=8
zF@DMvHBi&y=;0HKKm}2rAoA3*-04b2to&Uh7hQ^{Z#6DgDC>08Q5-_~2i!E4u3rli
z0-t;p^TCAt{PAFVw3p%H%$*gB)EPAc(BzvVLbVlnjU-pZ<V98u9-sR4_8ogr=AdLv
zN`7vKM}s8!)1AEOKU1j;IB&v;Gf^#pvjRLAlU*hK2;whqXeh`Hy_A@!HP24Al!RX4
zUjqbve&Os%(VDAJh1VE{Wm|R!`FXGfzb@Ug6IXs)C$k*h)*F%USQEj@<WJPGW5%|Z
z3>>m9MHajk7lV<Olm3GP`df%{kgt)Heh2Km{8!<bTR9Zt?yPY8J+YZF{x{$egV;7G
z?Ii}OmWpl;si7J$DSQWq7oeSQmZYhMr#f5;{z7}D)cX~8w*r7BCR86hHg*4?FbB=c
z#p~Mu4<+ES9j(t;=?(TPqwS2ovcMf&3vw(ayhOW;60V}B@6Q$z1Et|5Dkc{K5-ESu
z(Gq5g%@CM;<N{-XWY4yxvBd~ZwnJRf04-Y4P+!fPh?`5-U$fERxkU`p8a2Z>K~e=q
z9#u;&33_P97(L4r&acJ&qf8%o_d%Xg$f*4F7WE`_$Sa1;JbCcLsk3bClXY>|AD`PF
z&`p7IC;qn|y^Rp%a$1gJeKUp`etP*(@{vfLLZ_UsbyVeO2FDPB+Hf&*C6--v9oSJ}
zmtNkRUfW{P)ekg$9mB-GSu0tcd`z80`Dw#s?ZiZ_I)+9#s5#`ASe_g)Y;(0l>~rdK
zXP|ZI%Z!CU*w?u#0-@t+Lbcg6>AJk6>dn6@RJ21uC}OR&et0X~CtQbjRM&z8!ZY@(
z+F}g6pPn_&form9MXI@Yzr>s<l+1FbTyRgAiE)i23l(iSFIB|c8r6RHrISC=Pf$Fw
zKFm_rn&!Je!=L8NO;T+#n`}!jMh%X2p_f)g)?(Debj%-U4+Oy`vUmWp8&SPX<YPOO
z3<@e70(nR3HmrIjo4dp1(={1ACL47~?b5Ls{8iKKzVq1?uOAjyJ`%&bs^2VIkk%^8
zT%|r)Hf1D|m<4@v`h;NhhWjO?GVC7p?A>mvw70QCiyJ@Hlu7ZD#@LVE85VLdQB-!$
zyH)KXTUhYt^J+8T%MU$TrBgN_ah5J-B4&&~(o)Cu%w=i&<{(-$V)pBUlLsHG02Tb^
zX*rO^wD<D4+5JlvX~?W8>VvB;TqeCERlRAV)S#)CHrEqPR>Lx2Q5kuFN13Egq#0$<
zaAP%!ECw~E0d%pHiKWNKL*&3F7Tf0p!d(0wTEobn?^Mv@pi1rEeMSFM6d5iU<&O%7
zi;=1X==-;bpV{rGn<Uo#EiVM>WM#lYAq%5HPz^Zl8<KAEXP+)+;Ed3p0^ef;lG_6g
zyA6WSMF1#$o}`1E?!!hHEXK?>828g+Yd1a3G$N~aV7R)okm%H3rG-Z^M2wYbPas^G
zJD-kIJ`V-Q@_QZaI6+9u9;L6rGP0T+`9xMqBtaHh%pcmKJbrW?s>{pe%ZCd`A$vg@
z1ge=}`h2_-F|8;xualjb?Pg8Ifmmv>ou#K*=Kxas4lAfVfm;G04qVU=J1zYhAY|EU
zh^wM@wg_bPcqw;e(+kzjzxKNvL|0M4v429Sg)<-bk5dL;QPR#7c_J?<9x*_yi8$d0
zQ#|F*J%Sf24HURGblFki7E6EDxHeQSnZW|*00wKHzVA1b^xPO8*@+=6aB(d=*&G>)
z`@CuJf1VuSh#2B2lUxW3nB_i%t7FWtnrWuW4j8!|w$w6kM;tyI?4gT4jBNx^EBVP>
z1y#dow%h8a*-L4+gx}ps7Nj8HuR#yCrnqmO$G%!eHi<l<#N9a<P&RVxtN{Ed7@vfq
zrrAI-10ljh^__mxkh-@B&aoCp-ZNqVtcN@dH0^k=^pmO9@n@hRD<Dq29Z3y;$J9F#
zk0P<|VY{{b;i~=B(u3de^#weH!eu)10IP1x1S)<ky6j2$&QBHMC=(87;uI9IaYj-_
zU0>3hj^1fBV;;K!^%*nBO}UxaNb{w|M*-Vy(DRYGv0hUcLSXK*MI?TcOcE1D{d-QJ
z683{N5a7cEXCFA^rUu?K>;nm%T0D$dCHRAKI2oa;>$e}w9H<U>rk6Z1(vt&^2m5<7
zaYC3(pD&it@L7ded_JAuaF@w5sn{nBT<^#2>}*CP@sjSAAON_R>rAY047}gjUua{2
z?OfcRE{Y;KdP?FHV9)n@mB^cBlaVDHh0F8)`wAPU*K@q>HfoW~EFu-_m=AFz7A6L1
z=;s2#O6~bz&G&jlmykJndb>bF4MBSX!svroIclG_+M=e9L+~-Z#H06A{7i5j3b7#p
zzU;ISgte{taHW&Pie4P1-UgI(1Kv0{>{Bh|S;<o5y*|3Nof09M_L-lM=?bK^(M~pg
zgz!c=qw)&7fe}eoG~;EOp%!z6kTOR&i<Kt_gAtKsVq-$yJV`Tq)h;H&1Q5Bsr${lv
ze6C=OMx!My{Yb+V34<&ZKPGrzuF_z0@T|mtHdRerTaAq4kr8&C)*6fAH6GjH-nsEG
zQZz>1Ron5xKp|1<L{j?`C*|uSAX;AhLiFNz+)C&QtFG1ObRcRF#i)yMX7DT4ZBWSZ
zRlDfJ8ye0ZZ}XV=t&#qzU|@b<85CAd8yZg-Zj<E39wD>6qBd(>^A~hik2jW`n$W=Y
zf+@m^ZS~_LSD7H_@l7!J)W791h2Qrb#1UI^>h0~$ZwrLd;^alqZPK84zlmz01w}_b
zh&SS^=g%nS{QK=VGN%yh__y|7ZMbP#xECf-XuRCu{Is8^ha}A21aTBxlsj`qGR*cR
zCyro<6L?7u_O|u%by}xorEMCJ9QqG`0L*p{kRT|!X#ax%&RVbX1iwAXfwP_A?S6gq
z%nYtr7O_S4oVkTrCQN|ZONB1p7-eis*p9QD=Evn76@@W4gh}zugfJvl{q91gLT}uR
zbd9lDMFQ|>!w($=CrQP=hdyxOLsHJRmmGWIvK(?_^6Q~bY$%C+4zvWQF0W`nM#vYS
z6Mm62z{1vO!~nP=;m+jH!NR1tf@u8rTr=GC_pI!eV+eSu*%zHr7+%lyNlpQEe@9r9
zG@feEm`D_Qay+JJb_F4X;uG=}sMc$rLm@-xGrl<jxtAxi>dJ9lGY<iP^B}I!-oR@C
zkwm*29hY|cnqw%Tj*5)}(I@6xt>Xm2Sac(~zc0KAeTC1l75WaQcRDfl&)DA6<RW9I
z@U6Db{tvd2n67nop1Cd#>c4QUfP%Knc7veB$pN`|L!Ds2H=VT>Hw&Wd#_sg^C~>HL
z#A0*sq)RUb0cmhk5)yOU4tJ<JiPV=oR1Y@7i0PBfoes0mLR_I^1<$vYuNe{>N@VGg
z`4hY+Wygd1`>_^V<{+=4!rDtYxThCr4%Y7x<~}XT2=Ss5HAwHnv5$s8a@<%soeG<}
z7cGDcHDLj<2vOn>giHNIVmwA0woV;ls>&%iffjb%i2H=U9K&b514U+CzZG3f&TL$Z
zKK8M&aebnu?C!okq#A7Ty#RytSW{OlTt3COKHcQFTw@EpPlCrf-|MdsgjEg_T*7A`
zjf-t=i;Q)<;B1B=$g+<`Y8`TL@Q(CZ{2#5th>U`$8ga<zVhu1ZH5q|YZU{t&UUyog
z8AS6j=Bt)keb4y&!3M`bRv0P?%7S}g@mX?v^K>D1>`EQfOkFLRY^GM)fss=Q4`<pY
zUw=Y0u>c}G8g_|a2M<5LIDYE~8hTgw?RZs|0MNTzKj)F$8abP==Qw%;Z{q&}gEFuk
zKsM)9{ZykLJO1R)34V*AV4&5T=hg6Ti^npDnNn7?n#iEzwl1+#e@ukaTk1BLUoZL=
z!TR#`jMG-X9pFG>4WeaSxj#N)w}VD)?Lu!j=!?Zy-b{*@UKS}6)C(@{UWxHoJRKC|
zp#x&RUAQ~|H-CI2gM@-Hv9EvqwCX<|MF*P447kloA_#lS*y+T(1$TcYlczuXjTuUp
zs~<Jk%^zzm0~3w?8C|1#JtRFqIChn<<zndZkVKb9CY<PE7hm^c%%dtpjO(*EBkPm5
zQEe!AK_H6XeTV+-1xPX0VulAv0Enw;@ssIr<3?3OcXXB#swIWgxty!KT+S;l%~$|w
zsEXL_hSe1;S^J6%@$)&j;hGb8dcM(BzI$>QyzUX)aPJKdh{}k`P_L>#Y{iUw9*%0n
zPBv`kH2e3=rn+WdLvskw5u3iOUJN84OqZd7%(<u%3HHQIwFSsLZTQ-PO%gX|BNx%R
zO^+9-mK<B4vYJVH3^nk!k_+9(2!4O+Y%)9pVZgh^O!KZOdV*hBJpI?5xM5+z3Q9@d
zF>p;A8f))Y8n)CQ-tY@hu`S1h&*hLIA7rrJ{fKP$N8rnJW{A^jC5}1{{`Mq*RAORz
zwvN6GzJ_%*CV`g>h%hghEhZ3dYTBpG@Y?cxXt%Vv6Rt!XNjmR{sw{;>HC|yMWBeGM
z8FW8RuzP!qnvsVW$hV;rS7EpolC5%>L0Tp07>ZpY<gvYuE8@AorxMHS0XeO5%Mj$n
ztuv18BfRvRa9W!piN(j0g}mbWT)Gt?ERHFv8x&lz*Pn60Z>22{(=##l`efM<ikq2G
ze0_<%&DC=u$y#~hpc6p!XRw{ELA@95gs!Qy9-P0=g&w>+^*mZFsx39&&QzftA$`=|
z{6e=7KWYMHDn~6N@HA~A-%Hg>B>eJ<Y5SKCGV&XYc++6o*!uat)1P3QjxN8u78+g6
zql@`e!lVql>5Y}zY?o^Cd))JePQqy3W`YYFS%lf&r$_?it~X=4+=stJRD;gYsfagp
z?D>Q5##}8Nax?et;1XqbNKKgQLcQelY^h9T9wyN{;u`-zl$hu{Rqop#j9Z<fh%F=X
zBq9q*@R?-GeLM?6w<C3Q_cIxOz+y0yg^YNWVh;<~ORev#e@FWtxO)RJ%!vUL;Y)$r
z)Z}e<KW5hPTggwi^D_n!2nOrHAVhHsUy@vYKKPn9FP1Yu4|JqmKY=<!meZwgvgcVW
z(o3~9iFIj2B@xk%``GP?F4knwI$4*end_d3Pu|zGd<HG_xYc$g^sH5bT!tzD!66c-
z?E8g$5jsqP1^b<!G6ip1bV}W}@F$}IeO2eS1Lk@2U_8MX!Faom{-<y<bUI5WXMQWj
z1QID0OGzv$68d!yL=Ry%jAVW&hX-dkGF{D>mr4TuvI>B2Bc5`lV7Q_^a&;y~lpnDT
z2cuXhlsW7~Y2Neg1}}sLkX7k<;xRi_Z%=HXr60bN2y(Lb#65d2KtC6AW&CqLzkRBR
zD;I|*BQ8mr>*s+x;aNp^zV<soWx1T6rXK&?fw`wCSX9s3J)YAl!c}t{xOi7EYA+KU
z(jkduASi~jS+x?QjDEM}v2VucAsfPw<`B?Gm;jjDx|&YR$j%B0efuW-a7Qcra`?q;
zCw8E<F8H0jiR7q1bssgNTjMOyjf$L|P&2*(Jl|bCKvh%IYwyFEX3@9x2d=ejwHei;
zvjKH7KsV|-ed3Gzqr2Ywo`&$VBn6`l@#RoN`{ncmR*LQm2P-W>>A0fwbG*dbHN@MN
z;ZR&v9pl98<_2>)(lvGKjgN2Za<?QyYEXE<q_>!wIQQ9-$zXXpn!!qiy<PY61>wWZ
z`-C;e594Sbj6I$``}Vtr^|R(X)b}s5n{j@FHW-Az0)3Q92A_uQ8#8a5LjtdT_^t+a
zw&EFpEss$(PL*ZJ1BMZwu)|uih~ZSs7kd95MO0`;>`dtFu=t_pxoiI-9sI0s@09zA
zv7Mf|@k4lzydNLizn#F+`@)W##*T%(y*67DUa}bHp-I-S>it?k%Yzy?mv|J?O&64%
z_IY^96%mwYGk_kDiPpXvM<(+p?nBU<Qw&tp*-fJ&ZDePZb`fHF`<b0Any8dRA2yeG
zw|n;|QRd))Vu#I(RGTj#YBIWve}+Hi<>!`sUA&T<wiScU>H&M>4JD)aXkeAH7v;2?
zR;bv?hqG*O&sa4ZO8<%yU?siEq4z+Ddw$5p&a@m~d|5|tXc#}SA?gY!8_-B4ERyt|
z?yvj)K)oNP*D9pu3cEQ!n??2;PEwKrsltcD#EF)%YZ)~?fHJqkpEH-A2Iec?g8Add
zhW`n_-kAGsq$zhICRSvY(s)?w8NH}rpQXzM+^WBlyFMdoC6BDr9RlhDxWB<sDIUho
zj&otnn}z@9rKPaX8$Gk4i*r{2xs#BFUeN0)Sqh(P?;$%ypMu1?h+`kDv6R#&8FOmz
za6{q61f5S^Q5RlwrR4yr=AY@n6Ei=SHX@z67t00+zkM-iio^^Q3<mDlu=@wN6S?Bj
zJQS~?ip2FcnaBXL`Jedh?ZL=&Y1_NE^iH>hf7@`SUDJ+r+Z{tEnwD+FJvDGtp<x_P
z8N3j!m<FDGvZkef`pwo^-*|n9hMXcLOClR&$t1lL`0XwUI-ED?na5liuh=}Q5Tt^H
zps%#P0OBLgGvgyHipgWpvcf74Adj6TJdRu@f-7?g(}(afk-Q|ykzK2CZg98XheuCL
zxaGQ8)}m~Q)~Bs5Jzq}veV@QeC)2Ro^`ms#k73#wST^AiuWIEy{0gNt>qS3yG)oqM
ze_4CuHp?CNOF)UMs$mICgsIUc*gKf2`YMEfv%IGbX97>{$TG@C?Q%qx+{;p$1mV>r
z-6EB~_A4g$)}~HCF5~^Vc^Zv9oKSC;IS9V&+pIh&Fe`FE8gk5SeF7~=b85%RjCPXt
zbZH|@2XiHtdOq)6+0btFhk@9`raSWbBmexXxU`lPUJzl&j9((pmJB&^lG+9~sC^&o
z^3|0#kk2nT@4?>G+^YP|AQz7=vkESnDwgRrv;*;!?i)pe;?VEs3e)S`O9MIARzvm;
z^<(}<an-%WGY>KGuqvgIp6W+tro^6w#C9wzPl6dw^3mcDOMTNcjC~qnUVg1Y8nJ27
znwH{{jT~JO0tIz6e#8WayQln0IK=cGU>8a8Le1F=X}M@uvh_Q39s63BFL@(54fli*
zcgnA|_<64NJH)E*aztsa(X}9fTTqt9xV{^AcEB9`2h;lH?3Jpvj~WtnObg~XvLUgn
ziHwLqn;(FoDLfew>Jqqv&%T;seYtE!b`*n&ZE_#UL*ZFHDI&#|Rds49>u#44%Uriq
z{V-qiZr^YXY_%fGfY;23+xn-;d~KIDX!t!VF%jBO(tW`|N%@9E%j3bj84JM?<A;Y)
z&YR>v;iNwf5O<0lj=m7bWy+GlxcO{h{gkGV@>h@kfOkoY&`u8?FWn#6t8@Lr@pEx|
z+U{DVgOp3R65v|}k6TK(P1}>4#(>~HaxWiz8O!M@U5uYeS8h&~aN)I{YeHgZviAVc
z*_~*mRu}wq5v2CWl8{lyr=VcFaaRuac_SuzcTfee-BUY;LA~-?=c>WFC+)fwmO2R5
zut7L6tVy#iBrT~V7b7iqU7(Gf=zC;fd@)z#@OIU~(U{xzj6n|LS(p36JXrczAf8L>
zdRI_hg36IHZYKLF4ddNvI>!?nVd82@Ans^@L`W9Vcjx{x)Qa<(v(#7wg=tE~L0JnJ
zU0ArzMyL|8&Q7xFZwLI~LOYbTvtx3NXMZ`%ZT0k2V6H!e&AeTI7|qk{;rS`r)y|6Q
zebthD?M7$L$-qQ1k8nISGMryqhRFhvLa=tMtRzCP3aAi(r*QvP&w+!!DT13Yq439#
zlOf^M3Kf3fC=V8<VTcVjM@dphoJzK6_vh5s&>5qY5^0Q2_U?nHGJda};O<@tXfys_
zUS-eieRa<fBj$t2+Or+so2N7{Gxwx5r^z7%C&f-MJXnJ?_9|BIv=>1v#ptq9Sm84T
zo>Hie_Y*uzYQ~7|=lEU*Cy|!B-G81h&(LeHd)A(m$%!~7<ciiAUzIN>pncI0?7v>g
z5+5^>NB7y#{YKfPv4^?LdL^;c=^{C|#&WukBtKZ^X@M-8dS2xYBbwY)+}%)_ekDsn
zBk5tH>63h%cEaLCgmw}xQ-Bw=E^`1*w~=K_Y!l=I@`Zx2qvN@f`un~qals(KJXxiL
zmqt)X%9h*-{^;sa^S)YUe<%sOB8%v_?%fQ!78Y1C^y036uQ<oJkKpX^T2=4M7`C|-
zE`+YVKQ-5SaUwkvWI;xa`1^|^H<u%>g@XxNV7+QduPSW0I7np$oEL6NWNE5ibkrw*
zOgQ{*L4fAlihJxMae4RK*z>BL(tEG9mQ*mX#KS+tPoHRM7=iTJil;u{ME>{^>7{m;
z-QLecfNENQNxe5pvXG|)z?dP|%sLev&DJF`Fk8~1VK4SHEAHlnfkPNh!#(98@&HGs
ztqqkdJ;|X88tFRzS`?2|GsVbERaHHJN5WhK+&_2dxkaxT&=n&Q&k-O@P;LNEd&Gmm
z*Dl&qF#kZ&U+Xk_Oa|8y3odZ}8Od59Bi)}3>Z3CczB<_c37JkH&&nN9$aNO}XDdIT
zX{LWhaI~D;$o5P$W5oI0VtF$y$+~h`rRVJ}uzhnWY<#fYh>IY_^4q}B(B%wP1V7x{
zP9iTa&VIkHV}Fq$q;)s-VBwNvm8*_Ko?)B(T&7srl-tn#6TVm@^fBS?@sK2o)%Tr1
zQ%j3yYoa56qPsCz1i0luhC>S19)w3wQ#%0#VAt$vS2oLW7N7~9uep=VONr`#;?2H{
zsJUG3!rOg?u3EEFzxb;a$1QJ|gNNhWM7;fhzRr!7QI8&!7KHN_A*uMtw5%@Mew0uX
z;H%bPBBWuGhrH}aqlMZoF6k;9w~LrAm+)l;hQGg52^#G8>8V5n@5u<i^*Zalk1+~g
zOA1)gI>dS3%vu6!{to!$*$>1eyhaX+2}UkVNv-`Z1HP<^4m|4;E%A|Ne~}Ts?pgIb
z_=TD<7Sofqf_9?c{Q+a>hDPsJZmqzeq3ooEsoneJuP`+5oUGva(+@Y3p6~WH_2Cs}
z6B6EC*&m^s6{)IB<~Vlnk&w-F+_tMR4PihJ$d>gwJS>&`Q;PP3oLhuMNstEq%|a!@
zeSQY5-mvgE+HU8QAoL46OSCt&hl)8f&M$Ep*SI$FeW_{&beTE_N}K4V&*xqnlc7a<
zzCo4y){f`W+rM_n$?D8^x)Zml>nX1sN=^>o@`h+~_LT$^ZRiswyI-iPy-avS*HsdJ
zZ`T_Ow*c_h-cXVF3v`xq<FS(qYe;Nh?&C=0W}6g0s6!eGg=;x@^18Ha(DKRNEH6>I
zW=cDo%ytbmv~B>~#A#QYxR%|G$%~;(>!m7Zk96rMp_I0Y4oMpSEKn@f+;njX7sv8a
zG~k}k=oW~U-9V0X#L5#aBO|W44E<zKn>AK@tQbi^82{Z1eFqlinE_(!QR`P%Y67@j
zTjVl2RhsB=2-b0$uru7cmaK~QA6owxLP{&lwF#*4)0E#4rhBor28M^TR=)dF`9EJE
z3HOTc8(9IAwApc`g<|T+X^1d+dDgNiU6Li15Li^%MuNR$Y3=|H0~5U_!Z&m1Eg#Sd
zt$^C!I|N4Q9+HtduERs0a0lg8ROUl}8t6t5=jz1l2ULbi%eITt$=Lo5@|~ac`fJ>s
z%q6kp!1MBwV_8vElB^yoCfZ4|_~ON-L1G=O+x22vyQ!`)I05c6TR|^l8JfJ6yo|R#
z%0%M23g*xDUMdS&jsIu55zB7r^P^VhRI7s>f$HuI=oO$B$5O(2aAE=5PUQ5seh$vy
zLEcY5rxl%GDlTp6z#ML*;te5UxP)TA_Y!|kQp4YOyHk9qGBLsz5&%4=!nIrk;c98l
z414LkKqu1uGwFRJycpdyKGdY(Va51SGS9!mVe(BJeM8%c1o#_jsm_*f!ToO{5g_!a
zsD$1loT|B$$Z#%dnj93Tb7Ei^d?VnMkxCYMDZqhvZl9m{bB>H85bm=^M`JaCom-XT
z2kX3WHmv53mqM8Klb|v_FKML&WXKgojc==N61}MZ^ow~F0%1A$#*(<8fxq^3%Za<K
zz1A&&FDDoArR5F7y#d8mV=SQ=vO7QcQIOR@Vf#=xc8KGjCafcjeqY=kSfJ$F+ZDI~
zRdb%a-I42=UO8U2uow47fE8qd@kKk36fKZUYY;98oer2-dRI7=hO#mCoo76E2VolH
z;xhQTkgt<rex>5Y^H(6XkF2sY@Dat!iH(hamc^%<>F@p>nxXGgTP=-qQB1KHiUC4Y
z(^ZN6L8H(9@NBH^i2mWdM}8k7554y=l6FIvc`mQ5+z4z>M*%(1BX=1#6K?{JjovM{
zn7=+i{%|i@{^C7j>60})4>uk0Wd3>qBDp)PxaTvrGX)fG2j@d}>cY6K$CR=sZJy&7
zO<X#O7ULSXay6TZD1?dRsj{55nfecIxX8sq1~L=npih_1{AkKJSB&i{dRMUUqcd08
zU9J!nCQ#|vsGK?~;eR+UMi_AtCT^92?*GZW?9RAKP5&ZYb0HW-$|UqVIB4+P0$>G}
zQ&A>jVMG70!4+Lujmk#kSs?i<-OYn203`G6?nFAx&Tl6^R;hM^B(-YG4ab6lsaZyD
z{RxV!`fu4B28Pt=#0}M;+${O={^(#55yzM*Vw1hv19)v&2dx%!qoY*R53Ht_YKx%#
zzk(gp$p)K7>_dwOL0`l4W{suYKdqL&+-8L&VnKSH2_uTNLKpDByX!m|9CkPsd*Q}+
z7xXDEoV;*P1to3J&qV5Sr8DU+l*`M-pxs%>_hGpb5?bc5gu*X~Upy2^yI5@dB3nNB
zcE?O-wmiE!X6mhH2n*wVwlbDO;WXX9Go@cx!YsD~u27vu78T_SITHl1xNhH+6LMF6
ziQJLW^sL0OiJunAH=Ua8rB^oxhBY+&$|j7V0V#T34ysa@z?z;6Y3-JbMkhJjnqdeq
z)*=JWY(qtdqEJeSj^nxWfociGJKQH54G6?LofJ;OKHm8se_Gd0z7tR~Yb5~^I*C2N
zulg(myu3su?daRzC6UwS9Sd7*NoKG^5&<>?BQWCxJc2kjd}NaP(ky83eUL*hhM|$T
zFU&b7Ec5yVSz8I_6?aBrwk<C9Xjq&ejwtW;Jx3bb0$>I&CG>D30uT2AF$v*=qZPgP
znx9sK6+-S~E#kefGw%#xd7dCGY&+VIBJI9-Ak-64?P7MIz+cmc^%Wv+lA15dZ*ps#
z!UV~*G+$O%q6__*IRE{7crgMf<%yyEREiCb_r6TO4ZA=_QP0jsUHzclB*(#J8{x&q
z^p&1h_eQ%@$;cAoJ|1xJ{~|$D&ysXf&i!12WZI93lW$6xgM}dJ#-Neb2xEcpTmh;d
zH)oHCpwwTFR*s)lxt%p~t00{;Oo>OVz-)IX>uZ)>CFsCLrweU7_>_W|&cV)U^n!!X
z_1^SJ@k>Dl$y9_#_eQwCU~#&la^C?s3Q>~>(hfn31(3y!VLC+?be*lakf7qx-HhWd
zX>CM2Xo-<HXn<$JhUHKjiV83IH#Rk4@N*<uiNVuZ9O=&M>kF|K5n_7MvUTm#p;3=P
z4}0yM2WZHHCn}hYMFrpgsc+@{NM$dT*?w`Q>td^vDE(+Zn%VgFlPv(H&D{Z1Uo^hd
zQH3(gnj6pHnudqk41R2G+7hoo#!Pg|5MV%Rb>;tdTv2PA(2*dmv$ifb{#Ax2WB`T*
zFP2cor}-~|-xnyk+Oj%#2TZI6ERN`8JJm=So_>^UORmb#6d6;iv0{}>vZX^cLm{Pv
zfHTYfytB-R6vO}p#Re0X3K-=)lfe$+uHg4#;XXI@0&03F`6R^y^q2ut?Ar{#^KT?&
zcG4>kVE!znw2P&=`9Pf<Ql*vdA1D*hpzMpHq7Gva9!|v1?KJHu0x@Ph6&XI>bgqjy
zRnyz*Zv=&fiR+qCvSkUTQ4TuR7~%a|7ngjx7{Y=8`D-e6Yb~r7hW7SR{p{u&%NkbM
ze>6Dw3SYN6@DqmipoMRCp-yanYzMb`4MjOo_8$UW^3FjwE~Tc{WpL#j8n(-Z;e9EH
zQYwoxk~dndF)oK?wt5^K1gP`351ykOp>zX<X&w3+Q<0S&%wuxsy-R(cUTWPDc;{_6
zD1edXx}!#)k)-}EhbX(JQsupV!+gfE1#al~FD?H3w5?dlP$vD+d1bij@)&kpTT4&%
zjaWn^s#Z|o0w{=UEhNmI@$cfIIbq|x=b4GD<<RY^h#2*%mj<;KI{V;|k@7eEQsvPg
znYYX9)dU<IL-vM?IRafkFfd=UOSRnkoa{pC@J};`4hM%0=lyNr7cz!Kz!d>#qTV@1
zO}N`#kfRe4>-j|RN;ti-D^uzmqZj7r-Gk(RS&Kl52Zca4f<}Z*p;q{TAJg9mI84F^
z2>poM4z>81I+JO^efvQST24Ow9S3je(>5)*)Xfg5Nt%4zasQL%hr-Swfxt+-`n3iL
zh(;x$Kty9u=5Q?KBX-~3K22fYI<<}5$L8?w*hknhkv=2@Ko1onzd`?#JItV;0O4q^
ztQ45Wh8m2*NK*DID(@vF9o0)Te8lwJtth_^*&d?arS!Q$oaTIcXg|YpmEzN<DYvgu
zU)0-3n2ORcMW0t#o1J|ETgZ`hgxaUJOmN1B{wj5GZ)HSSJ*n_KWUxk}=`_~i3o)+8
zezS_1kDYn)nPN=$@ixX7?6VTbUuCey%^fwmWxBE{jcvs6;HOLb1Y!OIWvMxxKb(X8
z8wFLSSm2i4{zU!Ek=v0uXU8i>sv<=o;I3hMKE$6;cDL%$KNMCA;~OD!jhzfa5kXaH
zME%sDoGdyi-5K2kQ52u%`4_6k?}|lB^yj=c?vi$U)VO6473*QWc<5s(Y&?_A*rmBD
zN#)JREV0$uJAN@YIj@eYto^@#u{DgHxFB0iGsS0MuBSAcj@$3b<FryO4c9eHe@T=5
za<!tUkb#=pgr<ILnTTg3B`GhYBh2Vp2YBNiiR)uZPU@u}asGfi1!a<{|8oP4Ut)^t
z^7vVrZ|*3C0k>rubm0O@zdlNw$aThG=2~w}6dq*v0*)j;<?vjU#skHFXadG~xspzZ
zl)Q7k)iwFcwBls7RU7P1l+Vb@6da%qlunNIaV7W%&&QESdQtar%$Hi^znzFLoo|Mp
zV6d#7n&FgbP}-sk9bxSjqrgQxQc11WTy#`7;6u5?WG>69V0tl=5Q76#pY(c<?RLCA
zJ<lCD7v((%6$`ADS*$C~slwml5y#cx{ZPzdUM+1*Co+*{I}})8PLL92e|&B*Ou=1X
zF!rJIWbpldD2Gg?)A~%`wqEqbB1N%WQz4sGrW9(&4d$_^l!RK<Ur1NTv7-tf5800F
zwsdq|lG~daF0<g=-84Y46hiQ%BAV3>Z#MH)cY$JCY1uxdDHJFHBV<>|e87Mot&}Va
zB{Sk7i_Yz8{i5zy_OqL0?i>#iebWp~xFM^uqOvOlRQ6i)8r)BHxvSVi+v#vm%S3Zg
z844_@;FZ)Zku#m_JSYCu*kuj!b;2#VH<C?7z>@@cTO!<~tn<zo({_=q2*s>R<Y*LB
z7NEw}pQRiWt-bEz?Ky-moXW(>qUwv;;RS?L>To-*&Czn@Fq0x3x03_*=RCagXO0v1
z9H<S2wy>U8r4g#uf`5oH_iuZ2Mb*$mn(v?`qYB`3G^L@fe4b(TXrSPYb`$t|%*=Qt
zaT9;@>s{kW+t365HoBuId4}HbbP9gOt20c{)}8;b;|A=BZ65h!C8619c)pZ;@kgj`
z8tIRLBUsm#t^5XTQ`*fX{~vj1i6rk=7Do*^P3<L64QxUPr73p(x4ODuWg#8<ggv>U
z=<P%t%b>QJ2*Ek{f72*xVs<?3#YOQ1R+HvkNrR>w6xm|@O@l;2Q(v>#nkrjknq(&*
zRn}vk+|h4Pg0Wu}EgjCqt+4GrLK0YGo|oYCcA(*MVIEH~w;xGP9L&G@0ST0CuH=#N
z`RS&Gq3l%#&Y0tF%{Td#OKK#Jy-x%r#Mlxq>q01DF_HHc&?HW+VKql#(pj%v9#4Te
zVm-|cZ&KW=Ib%IatGw;ML^1N=q$?Ac6#S}WDvJ+IActV%^PS-?>WU@dnY3d;f=GGn
zv77RR6nU`jVT<Zlkg2@^$P==*<<?KJbv_&_uf2Omd+(Qnpn@iFmzH?s%)AfRarywc
zS-6J$x<(>hyC*u$1D(U2KPHbplEt{~Ca5m1RtILMb2^`yy-1XjAbZCB!A}TGNfz9&
z5kq*#_s_j1!h|ZPYrkSLhx3QbUlsCGI7=LTuEy@T&)qhM19)_tB35IE=MIh#Tx8>1
z&r~(ieH=Q*5&j%8m#i3Xo_q(plWFVh8*E`^bJ4bSx$tAcDVf)k-;sIofvV95D4&p`
z@=$|AW|<z%oX5KPj~#h*;S?lFqgwDI)dm{U_gPfn?oMqbalD;vYqje{-mCTO<1F|6
zX-#tibl0=N1`?LxW6J0^KX90;bAE36r1M0Krd6`o#uK!G0pp;v-$h5y@XO`G?aZ#7
zVYSa{euMG&kW{~jsnepL!***3ci~1D+M(}Zp~>ax+9!nov)LX^2UTT9dTy`h9=}~b
z__L>`<4*s=09eBhk!#+2w8hzIAKSC4%+Y8&o~rD@N4+WV+|w%ou2eNIYfGbgl;_OH
z{QJdF5voJGs&e&L?Wm=aT#0n`n{v7>AvEYNZaGqi0J!e#bck@ti?>(NjiM5UQX`L+
z#zFe=h!+{ML72P4`WH4?V84w-;auv~hN**Lhg&F_VOvS%+<kn^jhg2<seCz|d5Wl$
znk~-cX9KIvbyQtvEVNCo5B~WTJlW=#$#o8T`Cv_O&>Z#)Y<b1aC_)}Sj-V%Vseko(
z;pB+u<RahpMyY*Y$6ijx-56Tqa1O2mu>n5?n=qT7;1{ubLWMEmpLkb{cVKYbZT`=D
zK%?g~T`0XP+8HwHh*xkg`kBw5id9Irvo-_WKEiSK7R)I9=`#dSxev#t)LOa50g)Cc
zodXLnyklpt-IF0xzA+3U<pPgYWvfTKwyxuYRMQuWIe@#P4hB!%j!5*2@RP427o(*A
zbByVIQ#@9SIIg&3l$;F-1-J?CEML|oiMLL1t^~=d94DWy;%Ab?Gedl1`sHSDBm`Az
zw<X^Y5H>bctUWsvl@cFbDR_MR@WMiVo3&d(NtJ^;BMkd~%Dz+kBGfzV&BHArd9evc
z850om@>;bUz9km%zUlcOe|Wp``9U*yik_W1>zzvc?DoaxOWKKDigG=C!uv9LbCV7M
z4O*AaWkAr{%oVH0yURs0eMX9vao!GBR{+kAy*N!#a1yYp(Tco#<X7*j1UYC;e}{DU
zba8LJ#@MyrvzgO7`988k=Jp)!5w>lZ$8oeNwVv5S)E6jUQ~9Q|h~(-2B_u#zbGI(b
z*P3y%4eqvP{5-(p0QXJpy+6D$@f~&T{{X;1KfnK5!8<k{4^Ywa>&VtW8^lI6QjW^F
z$x6SzX(0YHkjE``l#yQ|d%p&VPP9?S<lVx*1-dy7l2b?C!T6=1+>vRAlD^?z+|8eW
z$YYK4;Xj%4PKN&<WNr}tK8Hm*C_*a?5rI&icX3mmSMyk&3o6eB2N@yP<=Ep!uq6tQ
zTsH>6JydLYan=joGRiYC!U;TrbKsN$zWAkWx#(?Q=<&8GzhX%H)VTQEi8wue@DoEX
zNF83+sCBsMvS}FQPgW>23hu!+rA#M<U6w}n_VdJbpLTltanV`haax9Rz%lan<pk|M
zbp?;N4+^~smH}WHqt1X2-@FB#-(HDBpIi>l^6T*W1*roxc>5^7zV!s3x6S_yzxSMM
za?ZDmw~jCGy={2u_C1z;Umhsntt01r_GR<7>pNa2m-B*@QSeKfgJr!m3dpm5FFvU!
z=TBVYuhbRj>V|(p4qm<_krOz_P-$ndjMP23-`;CpdQS9PF8F|~qtZbmElX<4B`K%S
zGg$8g4B}9(%Qc?z?F*fiQRkk4-FFX%rhd@b@ZwRb`y2~R?JOfkSLrX0z1QfhsGWg$
z=CUyead%?E!pXRIQV40Jya-5Ld68Eh?^O2V&il^BJO?KZ7ted?^|mFnoeW-@1&{aG
zx4*&<y&Z48@EdHuWdu+zxOq;ld&foUc=x^hmEV)`D!2!)pJ;cmo-cUo%kRniQpbx!
zn66y&spCE8OP_#TSNg^6Cv;0$A3D8wygU#)Xm;SSOUEKa<H49yCgZz%rXX0>;W(Kd
zZ=d8?K<tyqri`s$Ft&Yn1tyBaDdnUM-~KDKaQ|dle$wBc0V%KG@u{QG?^DN1o44<B
z?5#Ig<OE26dsR69veVGG><r9`O~B3bsbgI~XP*Y~$OKx~ha2u%f-?dbfQjs#%zLE{
ze|`6T`6b8RvGc9-UyUd2@!T0XSTZ(>xMV(HIbRyRZOH-q5D*cBWzQ_dlmPueeedSQ
z?K|(C49#trefCT|KAUZ|N|4DiO8*DjIsrV8bG~?f(pM?M|GZ=3?Z0>53t|g>`yxR4
zG&X;H{Mu4n;BOeH^K)$}=Xvb4XA*2n8{V?=tCSr)=f$IdZ#f^FzQ-r*G=B$A{TlGg
z9Tw>njdg(4jGS;g0_2TpIt6yK0jaWtUsoR@1MSETHbW~Npg~osv`7xNBi5>8zw}6s
zav;WOLX5n4C2zG4Iu7Y!JTJL$#Ng2rk0+jVf1~my_J0f_5EW=cc8D1|Q3Ntb-pIC@
z3`%|pvqUP=uBRVyEEnr%Kt!+;VUp{>%Qz9-el-$FQ-)JZdYy1;h`3vg^av+XInZhu
zNE(tGAGrpr7RNv>6BKF8VxQxb%*kv+=uv3uM@*<c!sQitDu}GNkr-@4PN0$eARanO
zvhZ6*r~?s_<&<Rt?N$sAv%(;`V+4nQT1~m>#^Ocy!F=y7B-I^*F6}{F_{L#nq-+)w
za>8r~kx!4Lk5WyktAe>-rF>NpEAJW*f2f}gdEr*5Bmz>D42UO98G-UPJNv?M3ir2?
zk2VBI*6p5tgv(21QkMM*u;`(a$Q>GFMX=9;m%P=oZ%%`byd@r?*-JaeLB1%`$^cQA
zZ6+OT5@oRON=_EZO(VG3j#aN6NcPHoKbF%eeB?3P)o?83tF5>oJECQc8jrMZg+mI6
zlF(Sj2Ro3h<Z&TAS`GYUT?U12AX2jFN;&dXYjPkX#0Z<8nQ|p#Mtp1|)Q|lp?=AAB
zi1d{-sAQk@f~}M{@>a$xlk)hJTu5#=LSv%w#giA}<}Am+*!HTC#Br6k@duokL4FXg
ztmES3z{LbxV4|}QjbR|y2aC#!z*|530=W-uLoa!0X1~M8rvy9uB4gIwk60edTl^a6
z@!0)K@X4Z7Sb9BBQ=gJTsAD2ulCV>&MNX6*2I_-<upiPSzlj(QF(Q=NKizQ_-a9*8
zk&CFf5b{Ee$RG>!-NFx+p;3{wg7U&F1Mm8HLB8ng)gYTPujFP?3=)ta{Fhu*ZeH)#
z<L2`x!@6TD#^1jRbMLqsM{dc4jr|UmHBcC->Q%B{2=P&8L{AOmjgzvR748_weMRR=
z$1%53hT|#U7V4)gTqpTyV%UtrS1%08doagLE&HTj*4wa21mD$<tVoBFn@BG@&Va~C
zIW~yA_py%jLB5J1zry`Yh!UBW{)=&?4U49|$>La<MHV>bW?AEeZ6#6`<!dE5Ct|Co
zo`%>hv~j|J%7BJEit>ZQX2hm1)?xO;t5GX2cDwtPTvDmDVFqbOGiX0#Ef5KWbPlY1
z^BUZn7sLs@2BQ|djI|a9R^*v1j3@k&&yZz|g+FHUFDk@=D1{dCo;sXL8BOtHf4w^7
z3v9z?vkuq{84L1Ja`ia$dg_;%V?-F_r`LYOoMb<goHV{b+H%JX$2GCt7=PwFs7Q^#
zaFIju#%MAkH{6B@#a58#)XzXCc^W8-wb4e#gdoyL{R_0RZQ;4_p7RG~KiJ6eln!t#
zY)1XS7<kmkju8IISATLWc1fpvIV1KvP~I!yIa!M)D!_~oS)7uxrSyq?b#jhMpqwYk
zf^;_8Hbq|5922iS>p=+ltda32ef~}h+RE#&@aFfhs-FF3n<4%-MJD{@>$pxAES7=%
zRt~Y5VrP7T_=3ZNkU^c5cFe3FMqP=OJZ{Q-!7@S{<<ep_(gxWPBzi%*BzI3*s2xc%
zCn|JG?jAM#I1Xu&&xbM)9b`j-a-F;tTSop!uBmvhZVG<NW^ZdF7GM4@-l%gaU)ahQ
zR0*^f{-OuedC5nX%Ht?K<t!{5pFDLD?i|Kon{C+1GqH_|?o!5NT@?%MYb<%F<Xe+=
zgnsIA7U>VCE%DNyL0OCveU<r}b}^oMlSW>sl=0&EUjcskIxOyPMCK;r4>MB`mXwHD
z=1Nos<=}<IiByCx9P0|gZL^}0njVWwVzl^pM>8%sbp#d+55uHH8&>UU#${(`!b-uv
zcxgTwx9-Q$UK1`qZ3ITsV2+%a4A=fL1m@@Bw$XtI8I=tCo<k_`kXtnRkr|n|ZBnFy
z|2Odle6*zzmo1r$%X9sZ$g&rN_TuBsHJE+ISX`bRjG*)woEdAu+HFU%r-=h5pZoS}
zaP_$pa7uy$!NZd=+0lp3S06y{$ccD#v;_$niO4o|VWZ28JLY8|8twS5uo<H!jKtY#
z7EBtJ2y=Hk4pcE3k~gC%w_~zn&{9!}U3J~KcF81VO_mAysYpRHHr8r!^C?*vkr{^E
zKrI7ZD{h{Zg!oD6$U1Zoo7y<&-WS5;wjzzOUs4=yOE=^Gjg|CN)CfvT#IvVnA&>^^
zoKevzs;omz3;RRG(Odj*Bl~;xSbr3j)k7T?jhiOLz@C+ibFGc|c3UgvoHqeCr1~K=
zD-{8i2jI>cj>jiN!5JHd^RoP~rqqqsuFS`~-yQ&hBk|<o1Z><{fpgEDgb9&$%pMzw
zvaO{E95WWro{@+!b1!xmG@?`J73k{4RaeYKNJ$|MH5+lqdBf0rv>5TzCgHaH5F{i;
z;`|g7KHc7gi%-piqpJqT%Jg{fw()4(coY>>PDxFkJUj!>pOuNQ2!C9`J_H5^WBQl`
zEJ?EAo6SXt%pZ-rC>NP|Ntj{m#1?fh?wJ~n@7EW>IARPwo}tDYYwI}~a2~gZ;I=t&
zoJcIVcuE|O>@P)gP&96zm5lVnFkC^W<Nd>JxZ|ABsMvcH4W<bE^^!!aInaO$=H($b
z!iLFX<Is4p6jhQ}rOS=9al>$7P5_Kut@vnrB`&#g4$h6VVR(KLCOJJ=zNdlXM+4H{
zgY*gcc<Gcx1X;SVsk|4rF3Cq44eRK<Xf*6Pf{-)Lz;DeZ*r|%cUoOc}jM0)aMxtfg
zVYt(?@ux{auw}*}k+K$*orqjI*ISNPBR)MHi*o`oZE^-u+Ul^O7C3u&Fuqt<h@h+#
zq;}Tg^CPX4seb4K{IF<pDsrqn_~BqZawcVCg4KhRsd+ff(1K+<>X0{i7_J!|4*Q5q
z%<nG4kH=_m#PD>gaWS2db8=)2AR|`pD#uwD&B8?qcJe<S^8@?vO`!{?&dWl+Q-`7+
z6;g*MV5YGhD|C@~agqhEFDt{Wc@uHja4o+3@h~pE@=R!(YjE25bY;2wYfnqXj@1PS
z8Z!dV%}GRb7;xyg3ulu5W5O-SpO}K4BPA%Iswry~$s}j6;pvM;VE>+SG<6$r&AB6>
zEiXgr8B=gwm>H?G1C#xG@xule?t5@Dy4UQ(aZfltxHlKeKCZ%VZ<>YkGt6kKr4CCH
zPCDYDnVCxNC;#whoSA9Gck7N~;l*=t|5!iR!oqOPglKHqR|Zc|F#dYgSR~NlnLZ^O
z<9nO1yto@@<cH&{bw`jeIUkp&>acou9p+p*9XG`~ltsasYU+_OdL+(DwPG@Pq-|+H
zMQ{vm8y^mLQxn#A8S(ao*?50N0mAcA@X*|J1O<>ka}%(8b1_U=xp?)g1cWd!I&X3;
zj_xjndE^K@IXMX7aY1lZHK0^hr}ciR;UdE#;_=bdqZvq;v2=Vi_7;?)+b;=kUYkcJ
zLXEu#>d?dq$Y7=YICCtnqWvhK{m_O-;f6`Ea8Q<(Seo(e9?B8}Q{^#<N{#UoGO#cu
zfabUvyWBS9Te`4}a&Xh>!;!&Y^sG^_C@-r)jejg&TAYOF_#k*{TM?L(fQ3OC_AeO=
zB6L`_zm9Pf@!A9M^toBszN-}N{TAGMULI--DzNa<nK*-THDXLMa?LKR-2goQ<QNou
zy&HAx$Lp8I;nU?Uc;c=ZSeR%;`LRY6%i|bNH{!CA@bGCl2w+e;dqgyj94^L|!%g_j
zg;Oz+G|m_sf#W+Wv6TATci<pOJbrlT>RcQuY{cb@$KW969OJNDytXh65s^U%?r*@Z
zHY;AdbR_&k{4qPxjGcSy&?z$MwSjc*(ne+?xuG0i_k`k|OS2gm*s*j<0_u-dp;%e-
zfev$U2=1Aig5;cNjL~*rRYNcCK4(1gX-8&`N`k$+8GCE{@#wWvF+0MD5u*|?FEbo5
z)a6Uh$bq4-1beD_aNdOzF^z#>{@7UPIc^1#Fq4y!#y=3xEy>2#ZRMDL)(qS=#vifS
z@whF+fWNM7#HEWzVs>5_#s_mQGWcUjUMOr`EqMQ^8+V;O3RzK3EFBSvb^A*Yo;DmW
zo|A;g@BrLABMu*~I0QpnBpy5^7YT{sm>lfE%JNQJwjduPsjp+lC!k?(IpQV^$BiQb
z5SE_|^Nxc!+Q<2uCjK9VUxtDaoZ1kGJ7=e&VB1dI|N3gYu+xoEaek;RE63ws7ooDU
z7|$)+i^ph1Pvr!wQyDR5SSY?<wgor7y-!&Iu;1mvXJ2i_?dy7Q^^63JOi9O_P&eMB
z(@@e%W-ZLcb<-nobmJlX;mOt5)l2J1Cl&M-D+`X`nPvO%#JVcXUXTHGXD?D?oTxl<
z47dJi7t-hEA|p5)OB3~Y<@2q0>eIa_?p8A@8WbvbA2M?@Fv-+{KfSvdFMqxtZnG6S
zgBCU0w&A8P3-M7w3#N@vgI{?u{=BaRKW;sSqZKXKymAK~Sy_yAP5qdk8?7v<?)4lc
zN^rYfh|C&=3HAp3;m!59@-O>w`gvn8J}dxJV(obO?bUeb%Q8$Im5PYY8r*a5SNO7x
zlbb{azCbTr$x9^2#WUCX;pW+i*tl*x9(Z#r1zdxRhes-_Br5Hz^_ZSy!MmUB!0Iv!
z?p~CL!}|*G^!tY~@1l8FG$oPF9q{bOTk+uA>v2FGi@QcS@!D70Nat1*r~|Pi!i4Q?
z=cZ^ivXUd9s&1#j8jWjXJMi2$hd8N5;HmlkP?_wowAbQ~UlgEDJ^>VE71olL&Br~s
zU{oL&mLOTzk3*gD_~UFN9(i>YZhmzajAODe)1rZ$QCFbc@nRs68XE|wx37#?0{yLU
z!iC>Iw;n$ll5wi~Ag+6EH$svkFpQIZ@$Nl%<jehdcvB;;Tbhlgy$uMVf~7H1y5W=r
ztp2|I#1}37q)qSX#6xdv#g8s4E=UZ9>sT>fT(%oet}8?I=u~9(^}@|KIw?ehxKWwV
z9<M`2Ru0DbcjEOG2hgI6!gaGEl}Sy$GTOWKAih4*fLFgg1V{EbTpUn~o8DN5YhF5t
zQ!W~Vgx10L7vye2U=T)VYjNMp1(<W%SWI@6;qjG4Xx9ee{3&7Z^LHSLqHQwUkYw-2
zhaYXkUpDpO%$XUuXj(jKcNO7}&#%F!`x~&gxDMZ}I*6@Bt=PW(0A5{j5O;5A#r+p#
z11(*0<7p61>?n6$x@(%S^I#Re*l-L*1+8!}IzP0x05?2y7^j|<1*19~znve6Et?PE
zsdta!x?2|@#lp!>BB|a0+;dtKUV3H~ZuxjGtSNMg<6ChX`+MDs`!VIh35Y4K#)iW+
zSia*pzFBt|KkRA5o<qm6d08n&PfLNntp~&D+)NH(M|+ZS<unZ{50>Hi@Al)}bqDZX
zb1?3l8lo&%INaQTJO8{7={Y%AKzs1UsskwN2*kA<S5==FV}j^$eFqA3PFxz(3sYz`
zoh6{dKN<Igw&FLhZoqHf*pIZasmM0z5gFqTe-X4^J@OKrjMUXgk2GP!4}0-pK{IU%
zWre!maQF!B{^Afmrz7A<O2Sx9=+RM;=qV||qpxki+cie~Wqy=Q2Z*La`rfzOaru+G
zvEb547-n;$jn0~+a*&L;F$Nt>nR)ngb`LIjWj!AJY(EY#V&6pj@#v~ztZ(ecsrm6}
z+j$sY7q?>Bs>7)1P-6@yENE=FYGMKoY~F*1-(HIsc4%<N;$%kn7L4(8<9_PJ&L$(q
zCP(AOB^lWA$#&fF#y0G2WFNgjk3`ZfPP}sWSbX==SGeo#t@xluk2}Xjk$nb)=(_Oi
zNBeQiGoW|<JU2tJAKS6E%u4%_gd=+o(|#Pn=~vCexX>O1(uQRx1u|Oi!=^nY*s!l0
zudJ<vzue`J&z#+@c#HPu)lH>1thQiQVgN>s$v{GL74CR`HP#lk!)Z34@X#^b`Q{-6
zrNq&RChvvhs&+Ix1F$Hp7mmmz<QjSqke!3GT*q<s>su&$N0B`ym2?}Bl;8)e<QdYK
zkQ-x%x>t+j5IvTCu?s&c8Q_Vp*RCv_w`<K-JpO^KwB3fj-hSBf#^Q#gF1+yVL2U1d
zzzeiz8%laHImHG?N;IO|+fm}8(@iI!t1ley(t&yH?eB5#2V3#}#vVL)?`(8!+=gdY
zlp--V3uk4^T~%TDPob}`A4Z!4^P<%F!?WwKuHJyz=|R*fjtgyEMsgI!`f2dc3(N7R
zbq!cBJ`Z6XrL^rE@TZkkn8QHUY0zLsY7n0LXfyu2rVSI44EXf3^>|^68>i7hi5!uO
zJEQ54e|H3XTCKQxUgSVlc)97L(IGv=s@#=|i{zNqm*bAdcOYnHHj*euGjoIS>4zI|
z*Ox`uzxNovJKTsjRu@r;n(@lV+wjcV<7f;B#+flT=qz^ltJ?A4tDCXK9)=4doH%tt
z4mv6daNq0e@x;nn%o{ZlGXgvC#*YV3<DqR^n8{!>42RYqz#pDki~VZTui~r-{4zA6
zkkNh!Q}<%kK6>5VZ768yfr=CLj<PzqntG8pIs=biI|Vn52!Y<Lho`0nkFKr5gTI}L
zYsLhisjXL8fUT&h0|(2x5D{xdtgLG4&xm^ANM!43@a47w-2d@mOt@ekUOGPt<+U_c
z^1>kP=rBg$k6%9tH;fE})vQxa*Vi{=YgLo-vRh-n5mQF^p`*%$Lk->NYiLq3SIUyY
zgR?s_QUXz1)QqDoJ!q(^!8T6LstzM&&CkMLub71MvpL8*6^&#s1y_YGNy*PhV(BHL
z@zNQ?F)PI}kg{BEKl*^DvkT#q($IUj619wWx(`=j4@`(`Ey8{KRoM3E9E_z9zp-p5
zYT|RT^`X%yuOe;{<dbj-D9fzL<1l)+*-iu2?`I!-y0M<ob6B7b4vBg=*{jtW)RNDu
zOPk<K48u6dt&^RMXBS7}`44x&HY}1}Z#_11tUOH(XbB5ONLMd5Rgj^b9oSgdfwVX`
z?)$VH*PX{G$)?82qAG-rNkF{Tj;l_|LS}CRUO&<f3zcFwuXW1%M-uHSbdyf%?)r^;
z5tfsMInhoWJ6?jeQR&Dnuf)Cz_K{=$d1)`^C9BcoB5&l`CgrKU%kv*e|D?N&;trQI
zqOZk+I#&yJ@0WKX+^BK)psihl(UY_A)U}gw1;<Ehry|sqVSR%ZqbH=}l>S=WU)(-0
z36U>)y&eU}8MQUJQQSg95yDA0HU*DeKOT3Ek3pnE53Q>WyDOUz84`~h$NS;A^~Vr1
zA_*CR{<!|MJOp(d$43WAgO)fsS@zOt?;-6i?QW#ZN<#;u7|AQsbEF0<I!u@vA^jTY
zjx3|UjfNjaJ5EUtfYuy}-<_F>h@M(}#<A=rja@XPYIQ&MA1%YtP7eyII*}Z%!izLs
zh6VHR^|eXpVr14wUU$i-q1{F-JT)KBUN9OLX86G^2AX5=AJXF^N2Edc(97%YK^g1q
z>B076mC7fky>c6RTqGt0IWaOX4bPn(h(Elw3w5#(m8_r9TZ7-cUWg~2IveLDn_-)h
z3f=B<)U@`Xzql65S`C;>r=iQ;JMgHQ#<++5QF2jL9KzE_3|KNb9cEVv))aaWcWFM%
z-)u&aHUjruH33gA%0ZsL8eMcOHLSC9e<6_=5kEW{NkM+N@{|!sSC!-4owb9yz`hA?
zT?Zchz7pq7PeGz&7Cw9o7S?ImUW-;<_7vA+55*uUQll)uCW~arE%bJI{LHp$8yc~r
zf@A7+wmUQ!IWh@<q20P+TsQ*d@vvHrZdWhXAE;0sldY#ww_CO7;UvGOs2<0}Njy-6
z4YJr6+2vghriX2HkOz5VLUD9uxw4R0U1JO7#e(xL8H<-rAC4KcA2x9=dMW#K`du<M
z{e9>Z`a<l8cbc%RfV!^h!Me2-P(?csYEfa!Zt|yFh04}G3=j9<j)#{c|E48)^Q>6(
zGY~uRPM|z4h>O4_VJf`3rh&LUSa+Zq$<ab+4-S>qqDWpuWgi99w2igZv>)Zo@JkHE
zINF<$IVrRsQF!j1?Wp$)$8Y9j<KDA!F@|=?MP2NrJhpQ}l#~;q577JL@*Ah&8IDPQ
zj0OI50yll~Beukj!P?vNAWzXHKhVa*$I(yuk%iEr{Mf!M#EC`*xQ%q;5|BGQ9LKjG
z#<2V-?4d){#lXCS{4R5=5D_AIk32M&Y|qn;c6l^HrdL$cNv>|;K5@w-_8<omZ5nJk
zKpuL!aOgPYg7z+LLJ|@+7F^CiH&@k&59s{wK2(IzxKv!2?ZoFhkD^bfRqS|IRtzR~
z*W>dY?QnIrqr>Kh%MuvahQ;IlQ({rfdK>FGFG<k&Ga#u-cJDik9;$44lLxWEdIkp+
z60I7$7;wDY=!fDbrjS$vq7#Bqb*L6?<maKnI<#?I668*NSv~eQccZP-h5ZHfsCIYb
zNL?q|4SI~s3Wm1diCY)vVzi|bpYCl$r?Tb_LF@`~i8P4K*nEsKOnEKuGb3ADjtAB>
z<C)uMG3fP2M@u(6l)YAY$4wuK`){9uKh9(z7p8|*>UVpv`#9}=Qy1Ir!`KWH{DZC7
zv8xt+?k-d`yAhcihveV@Ty^RQ#P?R<>#axe`!9;H;IjF6=B#j(OJ?%H$AAAQ3`p$X
z3S?wQV;kCOG{#6?7QF?D{yOwf_$+d3tVf3{7I7ke{af7i`d&2msbMi|P`r8_rafMO
z+b)`fK&xcz)yhJCFi@y1G)1lDwOG5G*B}2LH@>(9>nnTFTTp;mSAB-qX)|!o2uiKI
zs72YhbkQ*EdTTlEdTkHAIhC>!>OgJ{c7;M>p=a9K*vY8dhBT)ZDt{*?#Mz-zm?hS!
z59M_(Bq#YHjvjtMXfVcxnb4#Q#9z<P!1b5^6?c4bR7qwf%BW?Osyx4pkH@{aCd~Wo
zhj?{;CHi$bNRAmVh=9tfsx5~r7(Il*kCBHqB@~%(;V5m!fiJ#7{9`rv=-!!#@2kNz
zw|#^URN46Ij37h@I0v2&DwF>Jh!N4qin^kN<arH^;P^BLClWpK6Ktrc>4rQJk}k>J
z9iv_cGb2iOLo@c4Rpb4)*5KL)SK@=^hp_9g3$dwA<T|v_IQ-z((hQHE31dRdfZ2?Z
z@mAC|5z*({Q8r;bu8!5<Kw&eQ%j<C9=rP>$$oIJQ&#UqJ)^>#2^)SghG~NA(4EIO6
zf#V`{vwaj+;v01!9-bP3!_w*f$I%fTjwA{{f*qJ04t!hK2PY#`2YH1sf8_X^p<>@C
z%}T$;vGnH3kz76Ayd`ED_-0OKx1W=Rk01F2_tBx1Xjh)e?%3Cei|9x;6qZv?NZa7J
zNKPCjKMrNnNGHbK-HW+%Mxc7-7TomgCLHNd!9gRkjg!%s$s=)^r3ydp?m~B64OVVD
zgj*i_9(TU74Qq}uaufL?iE81sQHNlw9%Z}B5JdxPHEEzp4#s#+q^m21UN+9M;;>jH
z4TQ&y1GVkgw`(tMyZ?LK^6EBhEb1UlG-50+4yT3u(~)k;6J@d);a^vdOKx}zm9gXT
zr<s9}1)2jW+v<ogoS$LG!;gN6hrcR@&P4n|6L~}m6?ygMpHe{NgS1O@E9DHtZ>Ih!
zJf*z!R@PzT@oK#O>PlSw(2w|NLkSwYIW~eK*oLyNf5f~OkK(4YMngxZ%AOesKh8d?
z*dWX@b>O>F(#}pO`EgiBk|H`RbR?a<c;tgp+<y5exHs>`d(~zvyEqmPy}t*u7v&?d
ztOTduwhU{kx|MunGVW%1?}MY-R$hY*J82Id`vJdwc`Lr#-+_2W_>$g6ku~Yds{L4<
zn1i>K+(6Yd?yX1~6#_}4rHu_hnz4`K=%G>9A;d{Jr(=_7H7LHMiM%$5PLm(X1gEy(
zmQypZ;^l8}<qO-<sMbT8>Zja{N(@nQ3(Xxx2jsX5TIys{q!UpLmJFO=XR14~qn2`H
zl>8}TFUVJRqo}X}@p&Pz5{Do8?4Oo|-(?vU`|;QHRh$?(ZX7W!<x?hial}mW+tP_v
zPJ;Q88_GimeQX$diks2WtAkA*HBv^DoJ9^ZBC3vK{vFF;P9BCchX*4w!UDbA8Ix6U
z>+7+xO^0*G`mr4y#-!SD__!NtwrinY$$L0n5c^@$Yn69_x*D6Y+sA&qzxpVS6xHD2
zXTQVgw|<T9t6gM=PRZvZ@0%%sASb-&aap*Cj`->Ke2s4;$S@k<)VXo{U2ouvwix_&
zK|JFKc^`tbiEfL$ii`=Eji_052<5{@;iZutJiDR>1?BA+H!&1M0TahFRNIG2ItV(o
z5rH-n3<*I<<ruKH3g3h$ip+|=bagSd)nJ_1OFG|~389M3sVS<)p5kKM{pfPsLVNbw
zZWr3vx9<1^T*E+W#g1kesZR!39h)*(q_<;2sud=qyf4{_jSXE`{mnYu^x$$l_})(J
zs?uXtdN7>gAPR`i%h<4g8tSxFY$Esd<gHAPiiP7io7Fw|?A1>&`!gNBy)GLy6%B}E
z5G_1ON#HNXu(Y{fc@I$LH_2INV;>d!KwMT;AIhp*QCm@rd++-O*Z+AvKG@L&kMvz>
zgZ5x>d}Q@^S$SRp5V56Z%4y;ED>3(lQapIcc&H3?I(2$DIfhYF#~{DrFfO8vT3g)3
zzDUj~_Cw^7{V-BKG<2@pT3pCZ3XlmL!G1<`lvQHwwj;Qe_VO0VB467N&%ynec-fc8
zSvU)~j*wNgjWEa@tT5s4hhO#%3p?H0+Ki(;Mw~M)85#7fhIy*7t;+&kR}=P>x590;
zV|s2F!jdBqYjNYnwT-yp^6{7vqi2M01V0?<#;_za)^0C>D<~S%><xI}%Oe;weJmCZ
z3&ynJvC4AGr%lbkw2`6cE-lA1>xvmU(MZv_bek=hniGoflqkg8d-2j&$B>j7gv!!N
z9BtHK(&!L;@!kd;jflf}!@`k3gA=Y}gt5C61+uKNUWKxP8bpmq!~D!3#8a5Hoo)DW
zM*)hA0XT<|QF3Y&934&gWJd*hZGpHTKNwpJD&ev^F*`2;>G2_Gr$8^~r0fyJ=RhRI
z1fiwA3G25PAUr1r3o}A6e|!|a`CtuxG)CawB{>*P$LNc-`_UJbhMVR`BDAvwe^^tF
z-<&-T{Z(Z+)Ij=_$g7tDO8{mC_2R`%Rm9(k-EA6NBJV6D1|rMSgJ)MCK`oV8lvJZP
zBR5=+O-JicUr~n|OAxM{pM`|9IGmBL#>*e<fo^yv&d&@+%CLBJ?%aw`dIE9Nm>48v
zL?YVLfX7!BqrJZlB>|a;Z99aQcGjcr;Bmw)nt`*aOs7ptKxuIeT=oDsyE&ok?ZMN}
zoCW8Go!Hn;A~;b3&8YN5;^LfcJn&H=T53yC8k&wv^CK}jCj$Kk598@A)i64om_9BJ
zsf^@;Je~M_V=-!|;BvdvFC+jVDjJ3Zjfl>QfVQXz>zi~Kk?KdUz6g~@C+6pcAtH%%
zn_YO}tHY@1*WxVl`onLwV|NQRLYxcXp)&w^ex3MiXCopK!x7R<hq26qg(D&mn-+y6
zhZ>)+I)WmG!DGh9VE1Qhv9dvy^=`qm$)glGn>#WZH8pi87w=F=<WGD;6c$p3|N6-W
z=tkz_g5&^9V`RQ<*;ag3&5&BW5KkWhW5N;BS%xo<wKGDm!?~Bu#P}%cM}90Cs;bcu
z9EFIQqu9`8N20w8YYsNR5FCnVTMzuAVlZ<;G&Bvhcz*R^)asm^eBw}Cb{q{F8>W)3
z6!uB$s>3^58Zau^iB-GGV2O@^Ut1l1l$SolP>~OPCL0#zg`=>#iN>G0vg-g2cllv<
zz90Vj)@oD+C*r0>8A#-$Iyu~hANFy=k-H4~NW6K&Foaum*m}4G%f8u$-kg!RBqI<L
zN7E_&emg!XaUqiWV4_{vSkXf9HRJ5*aX4PtfP<XiFPspDKfkvf2MvL^ma=%kvxm^a
zC_O(V7{f+U1_DedI&vKQ`fP~ruEw{;E=F>V7(Fo`^JovIkBCK8jT^tebR4=1i?OGL
zIwG>xTZJvg9NZpJhAY1+MSW=v8nUu+YpOp+jfqCdwuAWaXeC-(190(@Gz3#e0_>f5
z{p(7kWclIH{!&yjz*4+ChQXaCD`pK3MO;=qA~-pHx48g;BXY4MnhrvIET&M_uK!{$
z)c*dsd~yN;tVWzaB@yquvmC3Mv>21%#G3tOFb0Ppw5Jtce!m}`BZuRrG=F4dFoG^A
zN2@gevqyv@H9iy_<yCaVY7vkagSjyV8u=~^3o+om9}nVSpAKh?O+k8M1m-68;qI5W
z!4ngOWI6<2(tbvB0(ZH(k&~Z>8JYg5K3;-%EA063mMlE;-ahnM>7cnA@X5h$+;PcR
zWXc^AM>p>Kiq~k*lKnhbbD$1AlHZ56OR*ne25dN5j|SS0T1z0VnxBn?^f;WBqQ<hF
z3_ciGa0ZrH04BRtNq?~ZP$ev(AqeSf$5)3NkewWg)ZA!fMmw>0AA=P-l#eb5MtgGy
zK3{(nehHDN-Lnt--45g>*|7gm1&TUkmZzL{)WVgLhnbCg@!;lq6c$#)IXxd2QD4TB
zXZttp$I7Bgbg81T<kWa1ndBw@X1uem9@$xT?ATL^2J%fNR(Z6szg3Tm=VTx%%#MT*
z3w9nY$ENRgBjVKQSeh1$g;NsHSkr`~)eZ2Ai-x}B2wvXX2&3JMv@kzxU%v&*Tmg7&
zQ5NE30}<#d$30(G;o196K_UaKIXO;zb4Y__zaNdYU++StN*;N75S|zfTT?aGw;C|Q
z)`pMvwjzS#?Q}O`mE?n>!A?m_#!aWCB7;2q;Kv>KXm<@pjmp8)v>=R6_QN+kNB;wp
zll<}d)?%2P{z!K8V)da~XlNg@jjed)gWU*WUoJ_uW9pO?=-QfbfPuKkv)X9Hs4z2D
z?yf{gN+dkx#n@6s=QlqHyY@EYlqKUZg%R?aorkgdU=y9CIGmDbz{lImF?v`G64N7)
z5^BNjUB^(Ub|6~Uf;ER*5t|haW8opZaHJFGOwK}HdN}f}ol35)aZ|>SCn1<IJQ`K4
zJve)22By$qZ#rCzRW3X3njV86X`kd~hY~3Ko$z-o%}+ztExAc-h_b42w4xQATJhL>
z83pnh2}%yMQK4Mu^7Nyw)1%}ui4f1OrUmVN8u(kZXzuK0lwlai?a}In)@)L87xcN^
zI9%5Wr_+X5haL^JO(=7*gA&y%x0O^#3bMgX{GG&K@AANE)>BqI=;~1^*>+pnIze9?
zNg-Bx=q?;>V=S)jQ*P2I%#ydC4Mx&QC2ViQAx7o;9!Ay_x?$mF)H2Fx?CM8XUk|&>
zh$`5My2e&IO-AGd7*Ih4l)NWhjQ08^OdwtI<x3wYhfc}G!u^yWD-1o|*i+fg2~3YD
zzkysoyN@?QYq20P$OJXp-cKjRVb`OpyJz5WsL&_<q%olng33<LkkUq%2X=o>Y*q~_
znmSM;c~a;xlOa-xQK}j(?jEJ8yzwr%CM0iBX;l;IIfqIn&ZJNqjC~#)scuJiuL_Za
zZ>g8mwW6^{B%S5hZXkJ8&;BX1vxX6hd_B_TCas;&)2lYpz_*%0u;s=KjJ^AN^qQ!w
zQulB*rvL6r+|{=QQ(i6x9CR`nEyRZU!Kw0KUkw#jxos=i-8nWMH)=ZiC{DeM4v2uV
zCCMl)>V7o4C2tfXT~9ZoOEvu2m)1_Vk^?0p#EkmZF69oRWERyVW@F_QF}UK9l{hR}
zO_ec`oH#lq|B}d{-2Jk!KaztgCddID`%vrZRc^<7C{s>GGm;0WQ|KVgk_#!xUvg=<
zP|(DYk=w2E7_g_0frSCdP93}33dZnAi?CD9y0BOB$|%wDz!>WEdf591b7>K`#%e=$
zpaJca{i22rs4QmKD0j`I*}-bkXNiCvD$=FWA=%%E*5)=GZ{+}Tl8&J~_wcxq(RNml
z5oH_?xyx7I)q?;=o05k}XV5FTwwmP`#h`4;7c#Ly7Id{UdMDogt}eLxH3+k6QLXS%
zh3F8<0%fS6ya8?Gu@bGaui@lXsHO*p>O0|*Tk#y|<ZuV0K+1LvWt$PRk@Bu*JFUv2
zmwv<q+ZDb^9x#84361iJuh4H)p`=}eu^)jBIw)3PYlRC=LqFQ6uMSl=8fBdhMyxs-
z-Q)l>dOBKh#1x57PYJ^9uWds?KWXbHjswlO<c*s!b;Czk@_j3#bQw1_a^s!ob-C&E
zbf8<D|1K30Vr=Maa`6~wXzzi;qGu4^O?_t_=_mD;1B^tG$?i@ZroYzTP>(wvzX_%<
z-@?mf26)^ZsBY{+!thkwJ24WEezH}0e}8YajJXc}1`V2sQ=(N1BVfrDBiX03qwVle
zZVT%>&~LIJJ3z1Kuh<V4`>A1h$yrq1(gicaaFJDUcKzjx9omKZ+Gdn-QrFQza!`lr
z-Tlhl5Uo6#)SHk-IV@rDWS%qwFNG9g&TFM~E(RP6$(3Ud3ZTtUp`x*!x+XbdbjsuI
zCV8AP7;OD#_9K)!S0eU<vU1{f2+PY|MhAm}Cd!?Xy_^c&Ogn6I*g2*uls9*BE}(r>
zv;Wl9cG}~j1~+U@GkPf(l26BvPQ8nExT{~rjrvvIi)Y@x9LHaK3x7H&wvAiA0mEag
zaCLN{px%XExlQ3#BQ@57hPo~pZnoR2WX@I|EqljP`qbTvV9rCK6qgFgJw+MsmM^O`
zdSrxKp%#1A>_R{7pmK*sbcX$wY}rm8w{ZOWh%+)GK*{%0LL4nEl-1B6C7Eq~b34j7
zuLR2+MLF*kUXpo6MgKf#<UAL|KGbp2k-Og}+Kwi9X_=rVFJt^Ha1!sX$~K-+K}&m+
z8emj%uN{>YfoVH}$p5;IZrTLe2M$4#*azy7A8kd0=#+-@Rg?wY)cc}F7j4Gi7!d;4
zhep~Nli2_b=b^T46`gE7+S=I%KL^68b4O}gl{`;!M=9B<$G*x|1O_@eC-*41g(P>G
zoA$z{=~eQmnaxHRJzd1x2RrFcpnb1yXrrEcptlUz%O3Jo@`}mVO)+*I%4tusCy&5L
zbt4{KUW9)3OBtiT6aK!HZbcv%4J&h{c(j9)<_QBSxA?sRF2BBI<+R+^m3=8oK^nNL
zz<oI{OqXNXmrVr0_ZGJozm${H-m>0frES&`$I7>y(BU(nKfxni7@ROq&@M&goXoCb
z{DofWw?fk(E-!95FPrzAFK)^8;L9(GCVXl0(*JYxNqL381YaB{^W<c@e9KCGIqyr8
zg7as}2uL~Ul<%=Gt%7@?)5>SD-Exap(9yBF^WF<_Q{R3B-m`_y%HWGuQeK(p2*L|r
z`UH=l^6mSH_W9!-3jwbz_>K{kJ7dxath^u{w?Fg+UN54ebK*V$QdSbLDLnRR@8q@x
zeli9^A2&JY?YEac?=}7n$iyH$KUYrbD}5O}CljO6w3HpJ>!m}AN;#oZbi!L-&M9TN
zFMK>Pc7xXhlzMXPgVTFWz{_vt`d~RP4zGNkJVpu(p6AaA897-V<oCpwar32<hbQ_V
zAp73FoRB@aCYv1a*IQPuOL@UhW3Q#L?-5xe167>(pS^h@=G5;-!hO4da5~fi-nM;d
z^PcnKmGcVk2I=#{$^B|-!$sGh1FZZ4e=Xp7dCtQKI+79er8$9k<dYq6$+JIi(BSQ-
zwCC-|$vCBqx15~wmf_!tx+n8T=v3-TA*sV3!6ExnZV;b}*E#>8S8<qm*$d)C`r?r~
zN_Fmg%lY6r!Lt+N!+LVw7Ze;)p4Yr|NfF<^2p&P8@S6L+e3$dy_T)~ee;_`%buNrM
z*J93#M*%wH3J5-5{wcKaoYxr_kY5EC@eZC+z}p7_rLWwSvM1x@buT~V`UzeP(&^O;
zFCR|ubFjSN^2)k^mmf-@!7|=+vM-?UNv;#Tfso*la|&I)JR02R-~WZ{|LO}jffId@
zGK1FzjWUmM|0iS1U%{aq4_*^c>TnZWN_+hAw#C1JKJeGe7pZrGes13DJXXn=NfR>n
zN!fn@hL+|Zg1-+GK_-ZR3dnI?3wP*2%Ni-(^Z#sM6sfEP9AF!G6f*?>^WbDz6UUE{
zosuIa$gCK{Umc{a2FkOA&XB=JuH?>%+?}wq-G7mY|4nc*kN$rGdFfcjQ%}1g>-+pO
z#&Zb%`@rk;{0gG^KhI$iru<Lo(f_2r{4-&QPebtU4F4VS`QO#1z~9sEFQIox-~ZQw
z-01nA1M=BtWh;07L1~s-ShAjmn~|KXI@rSfpF=6P@_sIN%RdTz5<#*blB?q%yoL6^
z0)B36Iyh#njE4Ua_DN(Q;~=*}y&$q7&yQt=)BjG8y9|w#J-H40OF&i-Z6|N!-Kd|1
zUxIJ2Y!~?<y#9rx{HLJsoe{U>sQFikzudyEX&%t|Ukl`JM=fzyvoAl9p}}9tt0sAe
zel5Ovq0>d%(Zq5275nmEfqW@b%{C?fSp((Lx4(Z2{4K@3cfG2FpYpunZ-HN%xxX@q
z9!vfqd0g}V6Nt_?ar+lfPk*1oA_heSMxN(+1ygxu#eLs%0zX&Id+aSH_~g8D>xkgR
zCC5@$o+Ek<^NDiYe1(?Iia9<R$39z%1SPrR;B~31RP{L)9J2g*D;X~5PLyR^(oU}$
z7o9l{vlA?^hlk?sb4S50FZ!{FQdXALmi!BiU6`|Q8m=B|r*W0*N<%-zr_kyHa;)@!
zuwC!5w{3A&i0Zt{PebST=fH8Kc3`=5p<C*Barp8>sW;f3FJ9%`;Pn&j$n}A${{e$#
zPvDeeZoYL+T=VX8^S0%M6K(p?;oTo7@Kbzp-M3FC$`KS?gXg@s1ibi_e#mw1xB2AR
z5$JFsebQ(=J3nGTseJ3p?}_>Yr%r$`?Xu4?e&qHukZB@r$+e--qr$>jxmY}kxChrZ
zIZ?+KpImFE94gCf^VqjtFP*;dleT$XDdMfe&9{ym8!h<r4b$N0XaAHX_6M*3q<=o=
z1g|W9*Q>?pvq$5MJm)|?-*Ups7V=Wo1CevSxP04}^MXrw+v!GJS{8nPdK~QCJeIOv
zIMFAcx&l&P@Ci-6?Mr##o2MT)-*Y<NnUg^0YH(b=bO<Q*2kZLwTkxH{e=-enEZ1a{
za&k@D?A73vH?G9paVCzL@Y7q5zXD2|gXO(-eZh-MHZM&TH8}U4-=OlDxyY7<5~ZHB
zCAouS(?{dQoAY6HbHb9B+`TAIZrc~+oNpW6V{chk7b4PAad7$dxHZ~5;P{E`%5{Zi
zZh~L-l|Bvb{{-*gc{!)x^|`L#I0<B(DwPQ@JaYy5S6`16w~d9LPU^C()cLt_QfTJB
z@=l7k-9h*XEk00Pi<wuShlZC=!El>yfS11I1h=<6Z{K9S8Of_9Wt6@QmXl*IEwXu!
z6}qIpQjq(D_<U*c;yzK<r=It^?0acb%FC}$-NAEuy#Y5}JRSLV_C=iK6YcQV7l$vL
zz(3gD30elrNqOJ8-s@6N;6(kw>)vDemCZ|^YzkgE9;m8ZqwK0vGO_G8X|w^<&wnBO
za)(7aL523W7?BZTL!=01=RmFtBReNc5r-LAPSyjEFC+9uWQAA}CiySKcteZqP{~Um
z%ot<@aXRHo1EGdE40;VDrHbH{94DE9CK$zA=<ZeCkhh3e$MJQTb<lYSLa#?>Q6Un}
zcn8P)EHHBLtTqc$oCfH`xKe2?MiVlFEO2<b5j$rNx}Keh05MKP5#}%}*Yr}BIO8J%
z5N4Kj5)8<Ua1P|i8SML<Q>S9>oimVSR>9)uhqM3#{Qb=cRC4kR&?)?pJUtd=l8{ak
z245J9@UtOV7A=#`bJCE!LYcu<Iz=Rek#FAkJX{mmiD9R_f!K>r#i2*%B8$ukmUSu^
z$*B6(un2!hr$(!VlczNr9g>4>h?f<bWFlfTVj;SaKr4b|fjP=mLZFTOprX5dg^btu
zXO}nG<z*?-FW>Gv<c)m!!i%(K2AY*`{{^o>z6wy<CV!1OB`=J^7undRL#0vjki^M*
zbM1Xd53>#Cr4V_LJX1Dg1aLgXF=L$&S*Jw4Mk4w!D+Nc9i2+>lwTshkL4s8Wm7-t+
zV<mZ-GMsuEXZAy5#FM{Ug162{fprk47#X|2Khphm(AaHAl-w;MCxU}=8Rc&u;Dd|}
ziz^_8Nxt~un8n-lP)T_jkc{|H1d;D?ffiV#anctV<Uq8O9aJ0z6;dQmmWfOe`UHAN
zm&qUNKe`sTCfJl5KeEDdOn?RHlx2sEv-HyoVtA>FNz|PL%9Ms-i$)kiC(PeL*$|nP
z&x{AZGEn45t;L8aIvtY3Bgm?JsiE|be^Jz#i~u9l!gDD*D36&Tc39cr&|p7A%V$ZH
zwFt_sED)veM;x@5uEhs)!k`hoaP=Zu!DWJ8X!gpn^e-SD{oh`Vn6_^CIqgVdd*MzC
zVnqI=u6&W9(jiB5U1ULM5%7*J=`tz$NLdj6@VbSvEOg3(eoy@2Gc5V;DD_&+;%X#P
zZZajOiY!RO`X)M#LH-uvCf}vsJQqHwA7X_4<?9IQxr}L+VsE(1@zSX^imi!}FW5SJ
zm9a~7kXI@XF1_Ss{6W^-QOi0OI-~~K5F>eDTpp;@1G!-W0yx%Y?SOoEWk-xS$2Y>y
ziVVt$pU8>J1x@Nqyfdi<Iahs#y`3y9efA5$tADx_4~_OC-Fgg*btw6(qO60obCY#>
zL>A&CPm9Qy7rMJ)7_?!2qMs7w>S%}AKc%b$QFedaa#|kVe)L^DTG)-R-n#+!=Sr?L
zjby7J{(hL*7rn>@$sEwXLHkD=q>KffCnIUF8VyMF6Fzz19JFW3DzjcW5RmffK&*OX
z5jMT?9#o^B!s#C!gI>dWUEK)ziT&uMl&fH;4T+I2M>VY5twDN-1vW)*xzRRR%tqvJ
z&aeqT<h*P>Zm41=;roUC7;(u5*jdMM;@pzWav@}$!YBSEQ^r$Bvqp~FI&tPbS7Xm_
z5;-3Ia8OoMirxtg<QLnsk(MxrX&|Q$<y~^#CDIvEOWPcGr`3vd%D+uBNC!7rx5i5T
zg!x+)SrB=TqHc$aQ#$B$1l!3^vH!v!R+F#Dl(oRfcZY#?Q+US<YW_=%^jGq@#ZlfA
z8zy>AUYU)YJ2@s!Ssm4DFNj0TxmBlUUo9LP&at%pX{0++&oY!zT1#cEofO)Bdmm+2
zrA2zM1qRVUkyZZsTTROREsMa)SHD3fEh!nG&&;{NBD7MRa>54WU6D<hH?*`P)LAEW
zeteXCJ<9s*_P+}L?p#6-&PhXXfIn`UACL8Gjv_ce4=<h?jnJqNEFB+%W4jAc?Xu$S
z2j(K#>5nntZv1ed88`lBDn^hAi^hfF$o6W~3zKN{&tH^}q@H%{D|O-g(?=rO-GI*2
zOuR5P1|bRII4jkTFE&--tg|N}&r^XN#Tq>Phv{heVlOI8v_@_>Olj%(XkjQmIM9s;
z&L4}}@fJ*;l7{52W^Cwk;_1a{h)M`X5+|_O=nzbav!SNC9wmlATsI>T=?T#|JKcz7
zJ8Li|Hv!G%WjNwCV0yeA-|j3$mn_6VV>WwwE~Z5pQCC}wqlPeCl;cETLL}}U7l>EC
zDL`mW0&bj=jL_6boS&$}S6gb)FB2LSVARAB`0dn4<fH_n?%)xqvPR;mMM;PV3c}SB
zL-6j#QjDIQgVU0OXbalV8kdZ-qSV;ep~gL@r{SG14k0x^7cVXh!MCdqBYF08oatzV
zBQ_DUGlQ^TY%;7Z_1M=FfTu1RhuMi*>@RIYW_~)(OAA2Em{er9)nZ#2rBU$^WlVdq
zV17QPTHV-uqy>u>4o8Nz6}4fBcxfT~5gCMYvi$M+j&jVJIUbW74cK<57dPBG9gfX~
zD3GsOWYP@`!DrWvSCajmIW7*#(V-ZX7J&=KMdHw|BGd$@;LSzR2qvFTi_qcg8Vx?U
zGzaf~e;BHSG<<b_7+(LTlym_`zX<&Kl6>SxnlXPuA`DGU*k9C&%dee_vm<R7GcF0k
z)g4&fq{X?j*e7!zc9b=stdUAZ<?@e<#wDYI;c+-9k4bQPI<Wg-CC1H}fJ;Y)Aahs@
zk~&(jy<8$)@}bLvF*7IPnj8!AvJw!k>B6pqby#x#1SA@J5SN*Zn}^x))~YgOXGcNJ
zx?2y|W9gE~n3L#-Nuwj+K3b1riRL(g2B*Z~5}uRK05=rXB6aF0+%qf$p~*2gJI#vK
z`>N3;U!jQs;lzI9(utT$Ig1~ifwNMa*h&5AOUcHY=VTx(Bmn0O55c;^8u~B;Mn#eu
z&Yzru;X!7kQQj^}vElR0#}Ph!819}Fip=Z;oE@sh7n{owH98%Cn3aO))MQLGRN#mz
z1Z~F;qbYeb-a9)SKddc5vrOi3akzJ8G6H%!u;M@^LMf|HkBLB7Y81{$v|#yxTJ+FZ
zi^@i4B;e|CA!w*=!Lfb=PRomcpGA*z7U#pWdmj!r8FAN@<B>%}K6+#nx{p?Ys?Gi~
za0m{?gBRpubetVI$?;g2qQ^JOYjD#Yb8&T&8J$`+rVLAgS=El?t$nz8$wW+#b7JO%
zG=z56U|X{Vcbzj17me{lWkoZNR<+WB3dgz|hT|{q?T0o#9*><8i8Z@wam9s`Fe=P}
zMH9lXb5#kl=TE|;v!h`ULmi!h2POs}DlQP!#B;-?({c2`VYmZ=@xY=HNTow~_V`3}
zR8`}+E*x)MoQIS!E6$ygfUe309I2-ciIdL>YuKzjJTNK(L5UGqlIg(ef<~m}r{b~^
z0VphP#qO3)^mB5FAC`v8M};A%uMKY=?8c2}q#}UM(HYZI;V!Gek(ORuurME!ll?J!
zQaq}*A4ipZ7SD+X)(|{#$#4KzK&QV9PYOm<Un{m2_u%CR<|B<x>sd3B;V!K}3H9cd
zX>mxP{I1al;hOwVbhWi1C^G>`eI3|S*^fJ}m;z%{847y>@#2DTtZXvi##zZoj)}tg
zIYxZGtr3gQ7?1m=grl?1g_<riuA7yHh?GbyO*Y`Wtu^R7@imgzZw+!rL}8q^8Sigv
zpgHM5hpQ7&WApIByd=&Ev>%xP_;PnC5{6~r`7_fH9vzIUCPu*OABy=C6LDs&8Q-(7
zJ>ijf=*(<{#f9U_EImG2S;c;{EsYkrBa?AOejo~qXn))~{O;UQO2XSQx#6hYTZG1}
zvH0s$2V&9_k!SA4x^_KonU{`qeFv5uR^xY9q+<IIhoGjM-#94}>-Tix)raO_YKR7h
zjyEB8R3<LVp=}r*1^>oo95jUE&*!EhiE~DPyB!CrUCPoG0TB^+@`6!x<aL-ee-y?A
zsu2^PM7k64*|!H^ijBpMb5al&9*WCG+3<aZ2KOyUqE6GcSpsqQl58A5REm1ZPey&3
zH+>j`dJX&|V)5I_e)wS3F_@ww@w<gth>vn$Y?42Y9;rraAMFL5jS;z7c>J7nWJc@p
z<CZ#HcGhT&NC?DP?9-Z+MaZ5p3=hvrKwzxoz=}e6Kp^JNOvi-*!227^5HmId56(_S
za9|*Ani+|e`<ig?(md?hQ-;=FBd%LA0-myR<jfg^)1qxkt|HCxY7{oB@%)|hkm}H3
z+{gsvcGuvsAFDyHPXys#0)sQw-v|^$ttkLEOp3#vwL9_f+iURh9ut0lRwBJu2S(Uj
zxc~VLINWZ<_!uhg?TcVs@fCji<|aJ-T@~`@PQ}HxT0G22_o!bYo|s{#he(0vWOuMh
zh0Ai~OAjmlPkZM9UsrML|F8Phm9Bd4y~`@@4I5XCP4AsRC;>tZ0TN2+fdrBeI)olV
zGd*A%<KDY1TW*rod++V)>OXU&>j=NRJWAm4f4RSpj_xUYW_M?2XJ^jYvoj&olj`0O
zo{&NLt`}Ew$16J_Ii9oqP14>Xkopy)G<Jpz>V9g`YR8d5!r9Y{adNM?9n4PkW#tz;
zd3;F&<0d6DD?65%URLh=^OwB6riAwjn<+k6#?x!7X|Af``Oo+A=T$`{O&G&i5yW2g
z+5|?Qv_lWXvs$;~2&;CM^UAs!W98Sjx_a(;dK*1?DNK^`Upgn9zWNHDd~ZJ~3y$aN
zWGSPubhZ<x&Pu0s=K*edVLjW*!+7E6$-MK@a_)R(BWq1D+?gxNZgVl~_g3)I+6wmU
zDq-WH8eadTh>o~;eiCCNFf^EX`B5?$`g6gYaN5dhS+Ty5msjj(aixv3#aQrmF>&@7
z6L&tdg*LxfZq4&z@#cekzP*!6&mT{sNtCToMX8hwnuRrkoRcdO?e4+&C_l;?eR=Yt
z1pfG!<^1Zk9n^$Ga+P!*Hy@2QE5?@$oJsM4gzDfaO=t|f?w%YM<-tQQuIK&w0Ip1E
z<@P^spxEleLNTVODB||F_wvl<TJokO5nI<uQ+OCB1-Wy|v^XlZ)nmi~Qd;6Uo|5Iq
z@88(SI|uui9ve*b_{m&ospS{1uI1Vn4|379)9^1WXG3AVu`t#8BON23nTlYG2jtn`
z%`1Oh&qJ&0I7^hjw{HqhUJ}95FLtx|z##WuI7Z|~Mo}%l7%heCwsVho^~<XISTHtT
zyon)W`JWA24sg$No2W|4;^$-BsF$`J=<UOtHHq7DWYG9*FB^M9dH&1@q{kby>O~=K
zukPT@4|mZWn82;+t~~YL7Vi1$HmWVrT%H$T7>X(v6UL2Uf@>4MeQg7;E<H?UY8bY@
z5MKFt7O%ayj5}W2#%|XD?#K=iqgM<=!)O>H+~UcSwR^bZ*{xVpQslZfmAm)z$B*{$
z$c9EPJu6ev`*7RBR1R*Cy1lfDH^i8CxAl`hdkP;ev~b;H8!1&8Fu5~u;1I7I=;YIt
z1soxUr{?){i`;Yj%e(N-PUbv)swG9%yvqx!XliTavBd?(n<2APKOcO!iRV`LalQ<`
z(@vhu3H{al_KU;R4+e70!dToi`m=bSF5)@r>e5@J9e(w<ZMepzF)!7JytD}RZZ6=j
ztE-5L3&dxrkIb=?$akyb-Z$2A<+BI*`E}EY6K{EThMD)?-pS{sVyx(=?4_+7jE?10
z|9&QmLD^H;LBiCjT<+JvBOe!1<eSJtGd(f+1>)CQ#h(^e@r$43@TJJt?XPcVU&j!+
zF#*!#PMk6+8*6nD_r11`r#E$S*@+p1IeBnumN$<+yOzIKIWsRU6c^)ZgcZN2IFSQy
z{_^2g?tOhLW$qFDJjaLaOT^e{Y2cl86;f>xBu@_x?LN#$g-yJ%@{s60n|SJ0UjASQ
zZ<GviLApP|iFur#X5(*53Ru?_!SiQF4tuc!131T}b8&Ppcl~iWe_7qZWp^yX<MS2#
zQtEK?iVl8#`8ayF9^{=pjl8$Dl9IIrEGg~eljR3kTj$Dk<NSnIW=<Lx%UB;TVlq;Q
z7;2}jsGR3MFW~8w2MNm?!;}#5zGM8wcst0;U$$`NskzWx$&>FFk}!KF*QQB_v4;UL
zKD+JUzGv3ckUWvSFP+J$@v11Jc<$nO{_vvck5_k48!84!v^OpmZ-VLJo+s9^(Kn0J
z*u%9??-64<f>5hBw_iCO(~(0wy7&Mw3ukd@oW3rTJO+E&CHk<uvys<6t>S{Sr!c;&
zlE=R+#^xQt<tM~4v}Xs`d~lFg3tE{oJ&o{&O8&UBm37+>QC!r^xYR)0t^K&Vn@9=v
z#>wi&BynorT)d3~&QbjNgkYXsTEOxuSFWBF$F%8L<n-2a+f%Fg{BQ?0{p4SCliBP^
zhMz0%iM+q`MGtew`||qh%Xzgmm|G_Y(o|Hzvwtt(xi9zOk}-zkT&=hS1TbD?)0C7+
zwo3;^x~#t%yV~`nQx$AE#A7e4WWQe;H%^Y@+LN-eG?ww~+DhUQk~lS2+D@P93EQKB
zeDJom%2>OJNsDGNH?W--Ki$WEpLCv^??sTsLPv8W5BzBzZPK@rS_`@I$wC&MoGLVY
zxPDeFTbFO;q1RUNO0hq8%nYXlF~lPWv4qDl(MOVnr0__(jl2H7pPlVqTrw?+<IkB+
z+QH4-{+G>sTG)b<ev<tIL#6HOLm1{089<_!n+&3@qL{6$Tv35XvcD0`Zr%2SqJW{M
zxd-2jaPFF7;*RI5u{m{9-a5#HNpbkO2!qbaCbF%b#p>njqfHqY)@>~zJ~xp7KYxbW
zYbl5fC09Iyot53jM61s$L=nY1)6#7fXINTI42q7Pel%dZ0r}B*D_#03N(QTnifT4A
zcT?Tii?5#twL8SX>Pe*Zu_^ew4+$Mfr>_AztYqY*^M@;@@yodh_=xc6<GSJCgTrIl
zKQJs{R>^-rc+n-lu1+>~mR3Pa4~JV^n3?BIf*5NPQ{wpT*~x5OQ^00pxp>*!Y`nO5
z2Pr2V&kLu>;Fg}s0;gs^*ewIC46Yw-Yv;HuGkv0<`lWuIsubi`<Bd2=N4;yQSkot_
z;Mvv5%QEoHofkt^V>K_9m^kZ#$vk_`I8I2h7++!PGR~#NB~-T!kRi%7#y@~FXXkLG
z47hKuE}=mcsJ_loxH(a{w-~p$C=!B$@EL4oePAH7q}^8T7lqN@$&w>I9G9SrV+{`T
zUwGXq{MT3S_9jp|hl}gzZ0V<|r;Tl*ICbrc;?_R;t*&@SNAUQs=5zb_2;)_RFZDdQ
zu7fidW;4yTi^qyuM5cy2frdaYE-k0JsgFvb7i@7N@5EFZ*Of^bL<aU&vueo9j4;{n
zwMm)u$%foGBGIm*3<~#_)7v@7fg=sniA*}p$RyX~$_!CN7pJ=L>PCH<quznkr&A21
zGjn+1lF6K&8GuC}!-`ke*wDk4GMzZt!beBC$O>>(Cx^a%D>2hj$a1rA$wE=`9__rk
zU&`;H%#cD@hlIT%qrC$pWrl(bpqrXS-rL&Qe5jMiI4_L#3G^XnMi5m88mSOjtS_%-
zn+(FX>;z8p?Be|$ZDMqEv-DsGQxl}D2E%1@b)~1Fg=I(NdR-e!Yr64rau%a5o!|X@
z2G{3{aifo@qXUQ(#w;~rf3>r>ZU9%2h1=(fG4#mi6ler<T^~V>AZaU&oz>IPi+OA;
zG4<^ntPz8*zJ<@K2AC@SPwOQGmtS48b4bK?01r1eilh%5=<KJsyaTU<V9p)q&wy(%
zcb}U>igOE#_cUQO6x@)pe1Cay4I8UE8R}?b`=Jg@f$ns5_OiZ6S9W$n<IZ$SIpSxg
z(^gPz#GmResARi~4->+nq_mQC`dUEO+0muwT^l&(uZ{fv>Ri&rq1jg2MDFBx0-gQ2
z&CoY>EUxau!`jCdjiof$#r5}p$tm|-!ZXqrZK4ml`>a?!+(=3Z<Iw&F@z1Pm-Bm-I
zw~2UvC-&?=EM37yS@QrfK`w^luc8y18iJR!?M7W`w4;;t(pHhNCTS~;=b~|(R41ue
z$UiZ1`Ui*T&{r11_wuTG_6eVh8wW}86YqU`CKLR8`N_guCb`z}+&*bveSP8Kfo<nz
zo@t6=`ERD-8SckVCI|D<`(@ZXq)c0?84U5k%e|j&X`?=ECo!gUQAC><iaU0c;TvMX
zCp<yC^<vDv-khE9!(Ucb6Eh~A$FH2qujVI6pBxl>+lh|04%QXbfsZ#iX;F+%iRIz5
zQrNw*fb|{1bNj1c?ffE(t&O$(^p4lL;EP@!{K-s`<|Z+&tDRK`hxNzO;$CJZNV=W@
z_Ej_)b02DZTiK=Y(Ykx7?;4;z#E&yF0*Q!-<@e_%vvbt}w%de{$~(<U^o~_@c8A%E
zlhT9n@(tt8GqVZospg&S-Q*va%u6@S;itJl_?w+^7QT0j9QEtdU-{KOJ0QH*<1X2E
za&Z>^w-|Ay!gHcY_ONiyf-#&H?Zk@W2G)MMhP7d1S#$e1V;X|Zkp1DVQe4)+kuEDG
zmCYQgZ>6!di`@;qScGOsLOhRLJ&pSpr4b+^@6}h&2gUtNjE&~xSy8NCzFYc&zN6GQ
zV$L)-x3jHG_%P7Pm+R{>WrUI=277d540kL_p{=@{O&X6!4IE{Ilzmre9d%9JjG384
zzUb;3Ps=2#sf;%&MGyA%v8z)0dwV}6jZGXVll``C8e}~25XUb`28cC><ed8eU#zSl
zD$QA(^;*soS}8JCv=<yCC^Hs)S$x~Mc}%l(^Hxz8Gbe?zbgA^6p#jz%tf$9#H7MKY
z*W2GSR205Ggt^_VopgynPmHw)W1N{ZHIkmg&2;H%og=X>+@;g|c6RWoG}7f_wK|Cj
z5NHu2qDq*zr;xkuTf(h>{*u=UM36kC5%lq*D6rqRdhyx08PcJuXg}CMZ<rqmA!0uG
zTR1Mvg)OBvJl$Lg)TO6`E#!JxgjYIB350Lj_!^HvB}&to^u4Wk+!|{r(ALZAzkQw?
zc1H5#WjUB#rSUWli^+pUQ&QOc*;;OWbS=%UW*IY`j2H?UOGsBG)HoH!`@NBTba5>o
z@s>1Bh?5vcW+PUEGiIUZ+|x(73_9<>zk!<{`hwrTxsB~DBAlw+<erY=gPe8eQbO`4
zGhHm>efTpw)l-y`iCN+yZ{F97$>d_x!-!Qh@-8_j(3L}P?jq;xX&mp-z_lNg^U$To
zQ@*PZkF<C$k8t7q2S4Qb)in&bxQQVp<?)bwr7n$49UMAR#^aAK<7bbp;^h_P*ew3!
z_^1LEVbk(gH}P1x6K`FdPg6-bgN1d}TYSh*5QX6-hC#GD8;@9}T+aA=Nt^gt$PX2(
zU+*7*v*hWe^9Y0&9`0hGXuC@O8t19Q=FaW6&SvkU?{WR}+l=M#Eq<O<EG;DV#PN)=
zbyHR=3SZk#c&u{<jJPAhV`DW<8GI}DRFgD55|hw#P7PzS+_RzD8FzbZA{|Iann_AS
zW=53o6*AMq@iV*Av!{}Z+9rPc^fIo0Yy}VN>nB&aPv6T2M)S<c5uEk2*LieVDOOhx
zBlu-_s3+N>B5x5vT$F3!i~UwCW@#TOQ(IXbJBp5Q=c7xx@rmU;zFODq(1sp{lkh)S
z%2iX<hJTEOJe^Bp@nTGznd<Ux8JC6sV(>OJ4Un1YPlzbl!0-^V!^{kp*KkmVk69VI
z4v2|q31&7IOF1<LjzS+zhl|%1Ds3TUJ1f?MRfk=;^TIq<KJ^KAzFI(!O?WBFuuFJ3
zIY#KXi!mMOhFfPlzxs4HxBTHOjt>=jYJe(a*VWaHKpzvmB@Ngj{0I*g{sj6kGt`;Q
zCBj^FFbp{3VwOIj*0EH>EN$&B*R=0j2KqTv+r@!hySe>0pL64L8(4Bcj1%=x1!@R{
zMFx>2Mv9Yf0QuQ|w3PSZDZDa|#Q1TSw7Sx9;~`b3Ax0l_6E8fouU!TPS7T*jBW9Al
zIKEQ9SJuFy6F5&i*-ZyqsHtz`;NE>B`eubV1_Olpx)19JUr#J0hnRKSXGG^t;LKcK
zAtL=<46)|s4l*=WinPy|j9|<iJ=Au&h>S`5NuC;y$xZWCNFQyeX~$D!WUS7y@$!;B
zW2Q#me@Wlf*k<;m#sDvM^AH{dD=qCW!Z$6C(liM_yAGDItl%)ed~7K<|7itp?iM=6
zt6R}EL2f*D*Q?yU&%zU@#mk`6!8!B7(A9iHa>XdF>!7Po^^wNb8R4Vs2l|MNlvcBJ
zAehHa4dJ=hH(`m(<cgFbJ}B+vG%*SbzSt=GY7LF9p2P8LbRL8DUujEq{@#Co6E{D+
zjNiVonVlWpOo;QrQ#+d)E>5nbiUDN~@uhJ6HkP%S$+Nan<>f=3PGT1QF+Ike^+yJc
zc_aq^wS9#TCNXw&Uss6r?&>y-hZUc0;1~BV<AImgQP3vss*^Sp2EU};dwMz0)Xt`j
zJNf0kOSt8QjchD&=gsS<aPJi_aKpR%X|p*SZDgzrYt~6rgVG!x_<Oq(8SF>0zX#4z
zcC(bntoo_8jq-+S?*8o(u6<nk@`^g?%KhAN$7}pejKqh|OcH-n#u_P#q35Js-DP}n
z7e47K=W6_T$*)z6=XujIs9V34Ywuc0y|Wj7q7zqcEG25z4DOAt<;itj(qV)L0(Fdo
zr99aY-cmm==FN|!es?2v4Xu2%WHYxsu!K8b+r@4T`5}2ITy!;X$xFx0+M;^C*j&gj
zA6dq2PkzaVhlHM3(po2DOfqCa`7Ps!^qIbfHaca0vc9GeS(!W~jNa;QdOt5@fBr=N
zI>nXeR@Twn)kS?}DR<xXcdmJ2H6LxR=TOA}3ugpNo4YVU-)^WwBnmbw)Eh5#{zsbW
z`@}bnC1h=DVgG=MbEc+{k{HEFsRN=6HshKaPh3wGpA`)fmlRGwS1EVAbcnm|KZ8^m
z+$Mzf^UPb@nS9wP%#ZQm!iA|EF07_TXRxb><RYGDVE`{&?<)ecotEZCwwWV%cxD{Q
zSrK?wSMcc03i`S|IdMTMk)lMC0^E7~lReaHFf{S_UH$!;;cMkhQH~R2P*`0kgSW|#
z%rIxFodUS#jAVR7SuWYKk3E%EW=&5c#@fP)h5=5<k0K!_ftaBlKHXM|cX$vjHFcEq
zxseg<VZ_bo(>W|6U{+^$X5_|_=-SElJ}&~g>sVi6C2vv;r7JhHxXX*H7UYnW5zS?j
zgZOAmC4;K9`knd7CG)s2$80QF{P~KtEboru2H{0!LImTT>$v8_!}x>+lBTgb4%g9P
zb!FOk@pfJMS--7>xD&?Gv26z{wso;!b}TQvyMsgRgT%%JGCePfY~g)pZ7nNH#iEaf
zcX!lLUD1H=*lezt7)j>XB;wo#$elZh)5Y`ss90a4sM6?S?|w7S-x$FyzuQ1{TQh41
zgSdY|8mVG+hqpCw&*l>GsNE#rR1##cOt-l5$?`%<WI)t;6;9qVu!Xzu_U0Nw62pk-
zk~)_35T6vvKwS-=ln-**j3_MWv1Itehil8JmNb#c8T3~cvUs1AMU5vhf?P$}O^I^h
z-OW|_M}(4Qw(`Pz8?nrs#)S#~%sWmzl@B(uq_!WAAb-xv52w1JnbIclM5K+(Awe9M
z97JS7ASWdT@%K#y?AlU5ZQ?lNN!rBRI8uGAtUs(z3MJ3}9^6C2SeO?o#zQpDjrDxE
ztD1?TeDY*q&Cg50zx)9Aib0r`7{XwW7)#5y5q{!aF3ApIk$5M)Ev+0<FIyFactL|9
z!CaOdz~`Ixvfn?NYjeX%9TQ7fXC;q(QA)pIWZ5`U(k9+vhEd+QxL_hh;jCV<o>!~A
zdEm@3q{Ro5Vr%2qtBYl9656U6L=h(>gt9Qzm%K3v*vg7|T;$Bz&!4%uVT7ecOaB<+
z>6bQAB1XYQ(^4ew1o8$dDH!snVdoZZ+U3HVKbgRRy@x3m9V(p&ui$Vl92dy?wY&Jj
zErQ=qizOu|64#Ove!shpL9LtWP4O<B#p^yV#F<?p*CEc`tli&)TTm2}1Dd(@*<GA{
z^C?UZ_hRmpMEYABDQ*^}D{bTM<I7nS6U38tV{B3emfGDsy}X{u$0e{wJor+pnT)sq
zYU)~8v;7e16Y@AAC6v>Tk7DtwD_Gv|#k6QQBeqJ%p!6#>>}Akopn}$<Ts%tm@K=51
zySt1@m!34NZ^TpGEe5MwWH=s8<*cvq;?B#*GcLi0#;RK0l(x=I3}@pu@#^ckIdO6p
z`N_e|N%iK{54N(;)nAOee*U(lkx=1#xUGZbhg#^DcIc>Wpgb^)Yx5&X%#I;;pn*r0
z9HQGTkOg_}ys@kTtCtuk3NeVnVj?&<&5QRAcQYZuoliEE<0a)9YwqK@Pj`}a{8UcQ
z7vuT(6l%m+C~p@XInaws=5&@^5{iC|wPDK+o_MdA3vOD#1Togm%(w8=o0~b@?@Cg9
zh%xVGUrjfG$+0X-^kmb%a<+RXa8p79w?Dg|$O*{=wv_Rj@ZCM!!pt$@B;+R&H`L4L
zJ1X%OXR)EGMh2;NN{8IIWPUCw>Cs#`K7dW)fIWI@BI^n&Y1LQVE`Hp6{&<mJ(ZAy&
zLHf>%?`>rT!8~+An&GvFw$^jkx)P!yL^hqejTknGdC?3VI?RT46XVkZ*tcUpi^V9v
z;it!u8WY0L=SK+dj)=h{ywgeFP8Q~l^XC1(?_;S5?3F*A!?-9P=1z>Gx~77iRxf@s
zErR%rSfZqT-rXwWg}X18PmgAEQ3(gTr9Uo=Bf-}n50S^W_O>!D*PrEEN~t|kN7I-r
z9-JJ_IFVPs!5+F3bNSOL!F0Fx@!8fx9BS1vh^^scA=TGe>QIf7PpFI!JuKVSKu~%-
zfi<P9YKFOEqlnE<AjR3rs)AAuA8BOb*^}`2;0s=;l>RG*lJ*4+n3*#sk-R7mV$*Y&
zXf5QHH+QqA&x2bey#_;^mmSLC$_84L*K$u-XaL@Hu%WC=&et+y{uE|shI9FXWY+8~
zlRhlUwY!7eN4m%mnQS_6gx#GcP8b`=D{pV+fZ3l5rX`b{5F@hD!!KUgMVo5}6=5k%
zX({Bv%?(r*)e<~^2A8M$Fndlq=I#dGlCkOZ>*kU!#(q*_Aa2#Ae9#obTh}M?!KVl4
zQU_UWnC}taE|yU5AR)m%#Q3;VFCJ@or&#j7CVXst=&Ly|DY&~>v@NY&c!|=^@N=TN
zv5PAGWYR2Nd$<W}XAcD}eZ#SM)H5z=!gT(nbd24D+uesjJ-cqJ5qQcUEBou(>DJd6
z{WikFd?YW83o}T2S3d)4c}hd-Bm8i;A!>St2=sKJrDuR4F|q>Oos4B75`w*q_%-|L
zyCk_2{y|a)=YDoK^^+Lti>I}l11&mpd%%dvVjCEsN7IQV+uAF%jDcD585H_{UPL+%
zu&2Xj%;IkCwc#(Gsa3oLT|Oc>$Rhl4qp3kUe2)madY9tK`uKR0<SUkOQwP=E!b|b)
z!^Jp?@*Lt&RSRu{E;!2o>L(tO#*WaC{egboMqG*mjh&c1y>Swa)it0q(M>dV_hOUs
znDo7BfF~7AZS)K}(<$CVsL6Ra=8$>@qR`VKEO-t|nPrUr<Hh;B@yS*;SBv&j53XE#
z*@Dv<I;9?`pKpV3v++enbaW7*t~L(Ux1)Mf>mDq|Vvy^g5ksQ4&q}Yhp$?)ln1*^t
zo}FSu=o6?RX(Q=mUg9Y`Tl<W!k27NZ#pvvjwz1LD(ZNuMg{L21#Fp1S=9MFofp%o|
z+Jx5ztuAc~@u=l=L#G%cPHtpJ`{2^s%dR>ZWp&Pq$c4sx>JqP@TI(y&sKpjBVuL~@
zZC4Kmnk93U6X9oKgufB5=dkee=zynRl(>5{F4Ucx*5O!E8tcVZ>Y-nzMVOr_6i-?w
zUTbt>Cn;m6u6pX~PL}Z1wXdH&O<gkNOCCy3Jq}5m8R<j447~dGA|=KbZ;|yQHLXVc
zAmeF;vQF3h5q|i&50No*1`o|}=k!Nb(JXBo8XZEkN$wH;>l-EG^?=Ht$fcj;<76?D
z>}jK*wsZIqt&5u&=-#vmv#oMmtDgl+`tT5ubuVZ3SGLhBWp<bPcXsp<6&1u_M>{o2
zTiQ^3Qqn`csBiA1vCS$<EztPVU~hdVeUhi$%hT5l(lF$OnkZ`OF>IK&z5($)+>NeV
z*U|}Mn2ZZC(b?HcaZ5J?>X`KR5s;F`E3*T+@BMxB%UE={s+}I;RiK}y?GeYo86T4y
z1KR(@p>g)`AVa)3jSIH3O4{7ZgFxxi`g&5|2pP}l71FjYlGe|r@tfpWUlW?VMBjKy
zzwBX8W3Lfg#a;S9oAg(UuQwUKE|iHJ)QYYN^zo!k`jb`oZnk)m8t6%TO9#cR{W!^e
z`ZY?e7-}9;HgD%a(LXBllDD?CusJ@`mjKZ}rM2zD`AdBxd|br%S2-EsoAgCDX`_rF
zljxxy{5+j$6oug`#%qxDvs%f^S@KE`_QqZM%udl&>L_a4sArok1N4yep98{ktH_*_
z7^vey+-Ys@;Bc$9$?#JMop|0QZKSb{Qi421|F+X=lk$jfSKVP1wz%VE=upu?&MqW~
zzVaUGrl8R#>OkXQxf)Nx44D$W6%=40)^|jo^@;v7xf-u#4gO2@{e*XM-fl8H*eI%N
zqf0M{(f$?vp<PVs=_R~t5&nBgJGzQIv{{`AG`r9t^!lYw`HKURC_1uLbYxMN5Le#m
zxFfnT+(+YI$+#i?RSn-ULGHAPUO3X!$)K}|anWAXN&i)S+$Ht1S)E9h@uIc8!&rzr
zE5Sm0dk;-Qw@Y=Il)0(9U;JIEr=-n{^E18_Jt#8K?c`3b7~I_=lN!qieX1etppo?b
z#Q|-W@;d1g9Fcd8C*&?V*sQU^`kjak@g>-$mu<C!n5-T2_5`x?wUfBux>qUG*IY;Y
zF<6AIMcOP}#)|`GO>}8L85qPj&|-Wb($LmD9D_^8AGtx_9C$bn(WXyEg~#sRX3|9W
zJN5RkTO1~{=qzVxlupsTKEh+0@VHZW93c*7wXO;-Z4|0sItuNo%0{XOM85PZC^wTB
zlLOSMT<iQSClAKOS;Uv?qo}!?Zs{YQ0Y2nNpV{9m<A&&sgoP*aYqvtqe7g#Kg%RH~
zzFRCIZDj3C`t(4UU}#_Esh&6XWfPA=-}4%ZPSa`UmOtZ~9xE-me%Ylb@Ry0=rJuSO
zM9CZ1^_u<tnBH$cr+FKYW4j_yXuf(~)9L<50~`Bt%J^(ff3?iUd-zdhHm=FOUbp9C
zSA=$2BZvPegPbt3ANkdHoQ6Ulxvuxw`D4I-UUrT8OIkZE`T0s6jr>Q^(mb@T%0E4?
zm$dwPkCNB&8|9P(dp(T&HKFcHT1}&nH10yPU(+c~>3C;fG>^Aud*F1I@ZaC_A7wk1
z|5~1-?=0n5>t^SZrZ@7GWBs-BMfdG#^j_W9*D#^sls<kMpFRH`*DS3UttZ;lj-#}M
zfR<g!+4qfl2#t})-i9)>^WG?<z<!VZD!=UI9L<N(=@rUbxoo79OU8X8kAaWouj!SB
zQMY60DKG8yRM@ZCW%R%BQqVtuUvw1j-8_fM0nU`ymN4;>Pic?x9WI03GdgcO?EKN+
z(bw&H+RLGNYZ|-U8D-HM<hmx&^D5hR+V=aEo}T(=Wj3HRWwW>UXnq)mjcmvEbuE+B
z*Ecqf`zHDE&^tS+)4+OKCM}lI8{KF1KE1~%yBzDjy*|cu*_Tsa!O{LPa$$6vY8mui
zqpW&O>B_HBfB8L1Q-1ArJDR7a9igFhwAa@TrF$%|48F@|@Z63Ox(1ImjhxavmHtt_
zX<m9kpii{y*=QOaq%^&qp9YU5t)8><=4c&d8!dyzHMyka(>yedy*`>o>B%MI*WiWx
z>b_AANu$4F+<cW+vadw#a;g|z|6_S_ly~xDl-nTi)%=VxLyq+x-Rv;RA)B3_Uuj!8
zXBahdU5}Nlmd{=`y>96Ik?VR%e@EBD&?6(|Gx8ltujMlCms1KYhy6Y+fL$(>NA|px
zj_!+|^N)*X`EAGZ>D!-k&(hkj4(xVX`YV4%K6c(2JePBNe3aLMW982-FPfj755{%9
zCg+c)lYP4!*zXxVJ}F(h4BC(F_0ao_`UubEHakt7hvz2s?^gp%uYb?@aV*WR3=~gB
z+$=FxEb{OBulRpFl;?H<(|uiSQNP#<7yjD?{QHJ_z;*57iA$c^iU0Q{@qY)pzJYj%
z#)MjTos;7If14NmQeS-%CSJLrR2^{O|1z|H>#Ecmm+JqTp3|{I@dFquiXT@jA+7Vj
zyENYi&Hsxq1Wp+BL-WefKEoK@-yQt;eqiUZgTFrx{3rE&ho1Yl;Jf=b`uM4{$Cz*O
zo$+-VRO6uNd-?wfIsmtc*IL;&{21&15>)s*gb$5kwcC~OXsAWs*8BB4h+4^QLhIkr
zhTjzbzjk8dsbKr?Bl>>_ln?gphlD;>Z<KoI`Yy*p`;gXA-)Z-VynUD0Ooq&MfX+$y
zKA`X18>Ni@jDbcSMGurU=_HilN8{fodi4Fi@M?56+Fvzp(0|82Ex*R#v3smPW+*>3
z?1a89P~C5YLK(UCbzznIR!f`cYl-g)jo5CK;XBeAE$`hzPs6SJPx7vxtSc}6Cz<-X
zMN>IYddBhv-w;}UjcxbO`tm=6%4wa9k%qJS{|COE!J>kp@4(a$7;xgGxf3{hyg#~H
z=urXGG%C=>dpOzGO|R*({hUJ2+0%`_*PuTtouaFoNwX(%`>ZGtroQ1cc4#^~9Ytdk
z5%W)A=<`chs0&{8OC#zv-ISzJo{?kC*Pf?wT@#Fg{hIyVs>1$$PtPk1ddJYP?~lH&
zH0;;)emgydo#yB~j?$2G_I(k`DJRcj&m*&O*4doKyH}+vY5E6<O^P$tC-AdLo$ch6
zrk$Ri9G#bRx^qsQ!Z~C7h8L-_m(574$>mu0N0;rNrLiB6Bsq$s_mAeE{MyT)*A0xE
z)3gR1IsOVw`Df6P%}&Rj&Ys7=qGg;ONoSmsV@+efX5Y7`(R>tod~8{}db#ns)0q_{
zJnogvULJ)#?dWrM=>4PXG&(PP`eV<1C2u_*bzRRLTei{n+mA=5(M|WIJ)B)V_~RoN
z@yoHgke$@SI6rb<a~o$|aV9?r@5OJ-c>Z#l^gE3mGCH5pb+jMb>o%GXBD1NdoW!4|
zc*tO&*X5jE)3gRg?z5*iPH7r@f3Y8r+@t&UG`*q=yn<MA$8;&P8tNn06gn{4T)E?p
zbLm<AOUfUgji2iXjenM(z0BH|?D>tZ<FWTBG@S-s)j_kTpRr@Ixph$tuDW!-rV}UY
z_%mm-<KCH~mt=6&JnVJQP0R1;$A`Ddb&)IMoSm-TZ_m?y-d;xC6h=DP*L3=twN(Z!
zl}URZ3Z-*wnUAfD(y-@eAAm>G*0gG@n7p|AqRE7tY~;_K%(8pt5~CB)HSK8qW-q64
zEVOhm*2&m9dEU#P)t_F&$r=FiDE(3T!MNW}Z`8S?^hVB!b2eq(SU$gF4xu{VOt0BD
zO`_=x+9UU<!`m+TD{X_`$UTbYHZH&JY)%dACVt{X9$y$PX@#GoY1pA<?i;{t@#Ys7
zPbJ<{)5vB(evP`@d7-EDoTiau<D5OMK+~$jsK%d*FE?B?g=s-@P8XK6Co{@wzjx%E
z9rp4ywK4OY`P`Cc8P?-={@d%S$HO-mMxI|zK4ov6PDq_N5_(S48hp}2`KL6EV?AMq
z?2o>twC(xW(;4k%KR0r$oBf)7|6Aaj8!TEV8T|b`JxC8S<0TYA{QZau^dQd9j75b;
z20$k#7vciU!*N;E3YFW;^3TiDWSnz0Dy&R}1W6ZWawSkF`{=p;L1V3t%wRK~8k59c
zL7@{A96&~(33rPpX&SerTdr#-lE3%>FOu|Jmo$FpII6CXB603B{Jmb3fUBG2<3+qK
zBW%#r@;Kq|?I9h{#c1FtUo$Db9=NHJvoqhQ?;t*&?owYb0(GLeC<Av_SCRw0h}M-^
z)ld^!-cl!jKQ9vW8~a`xQNoWXvoNSft~)znk?Uar-bCmZj{P>`0?o#k0me#XQYL2?
zcQS>iK{{hw1`l1Mz|YN<C?7GngoehJNSAv8e7)H4$x6oD{v|ellcaMuR&I>Z<p#P2
z@bdB^FWL_eV@8_L68`C8P-bnDKu?^d{Q9Lrs?;aQN$M*3CqxGmZ^RkWrTCmkkh;Yg
zu`yKPOB)NnwY`VqzQ{J{B<(Bw)YY@}SgNS)ZN%+S{@O9ZKaCNiUp@rt=ZVr0-CUf7
z|IWl}oG5KyO(z}R%SGfs+CD))W$f%1xzczslE;W#_zImgse}Irj{@}zBsJKChOg{<
zC>`CjeVue|1UKS+^ve*rUptn_P^9or<AtcQ(=~34^(3Ut-9<)xwMR(Xg!`Du6q#1#
zs<A_qR<xAW$4+19WF$rq<l#(&v~z&26`>t;z={#qNy;5DI{uGB%OIXpyj)ArcqLkH
z;a#Z3OnQI`H|4F+a1&Cx&P$T;(=s?9t>G$d<%zp0FsY}mO{emhEZ5y+P;_<oASFO#
z#JDarg+`dja`sos?<Bl5<1?aYqWneHMRsg`J=}Q5UwL$UqtwfpcxfYzzvZg@?&%{g
zIhqvHAntwvOpWj~yfOVc$*7CXiEv$eNfou^tLq?HgnWe1_S8w$Qtqq}FT%CJq9A=D
zBbgMSGNpr*^jG17(O-4I7Oz(0uP7gUorRvtko2LHV2j9@yYNQxlRg@4^l^7w?D|9g
zRDU>oo0y*xIDDTSh8(!@`1Pmab#M!wx%ZOv;z5GlrK8AT<73wT<Y_GKW%NO5V_l6U
z)Zc43Mw+ONv=C`ql{IZgF-n}}UL%%@RzS<3d1&yzgz*e5xd3zP0D*qKq=cG@6<rXb
za^dFA%Ec?m|IJG9_Yj@wLZqM6Q`=wULHmuHx0zW+`K25Rr7QizB5AxlrSJI<_f6%q
zyY!JnY0Fe!IoH*1%rW+qwhIwG5#}Gr(~n)j!;=CqNqcxI9Vw@qiwpj`#*MwN2`P;q
zq+dd5Tqn)fL+EO3uxKfFm=XU=5^3>=oTUGHkQN~Fq=t#;k-WG-f_y#Mv19}D?psE=
zeyu0%l_2tysQpd*xyo&@=ty0gNZWYO#JjKGz@w9c#Bgb1#wpM6v3{m6y!AG@8?kR9
zrAn&nT!cp^>0_aRqAyi`^s6+XA1m#jXi@qjJQCh+Sh|x1zx{$boAh_lEB-Pz#b}<Y
z$K^haA(t*=hO3MVCtP?gNA913kH)o=ex4xml`MR7QCaHhBRM6~SoXm?AdrdSDkpN@
zIy9^gwEh~)O4CZ)#EJZ-h`vjT2*g`u$Y?X!q};mjWulZdR^#yKoGm%+DSY<v_9R})
zHXMsePO4mE;?ECX$g2yJWDId4G2D+B;bEk&lv(9j<xJ!xR^%jE$4)g$H7mu4P74+t
zlIY`%PiQDv{!$n%r?Z>Ls+mxgLFuERx@MBnQe7!++_7gTvFE){z36pgyz=)Hognf#
zqN9WK>mxa5#C=n_QOM6%^pl2+z{Su{9x5-A&P4=LWjakipX%<H@kw;Ou)!#+=#Btg
z-$(bq1-?}*q44Y^BbHD?dMdL#tJpy#Kg|!sKQ4@)<_7T5wkjr0$>EX-Axz3i5{1{r
z=5iMvz3w>X$4JMVmPB}e7uyasaK+^(a(22OiMc8Kc0oALy}OTy{3LFknM_n>EEmN&
z@$n{6riReV0G5`(x%ol3di!zfCF7}Gzn9`xIQispoSPa*;^Z`<o9bu@jpmA(kysns
z`Lff>b!SZBq-1|4=OvNg*1^^?XYRgsHkYKEC~xk>5);F<6QYP8AIC)JUe@bMfZD(!
z*dZD5Jg^{>q>LoydDXF`*~9~9Ph?DtA7@Kldg|*q-0#h^S4|@~(u)(OBr!Q5nB>TC
zu0L-K)ob@r6_vtUmu3?d?$7DRr${;<5@X`|^%?Q3`eHwAmO$=4e>_=oeo}S_hc{Jo
z(pB^M)fiuFE`8Jv`SR$Qxg-nSSoa=GscBrD>cW=?ySd=ZY0QuJ;b*63vVP@$27-c_
z7U|BComF(}tp2V+W-pk)gR|lY4|nEJX&;v^$|XN3kh%F0?AcjCQdT^J4Yh2p>gK$Y
zCbA$Sh*>j|Y1m#wUwAAxEl43PE{cou%zU`5i8&{X<;t;A$Gm9jHXkH)&Uh}*3=;mQ
zlGWM3)(X+~`nj~oOVYSZ9$1)0XmBt$%?abPFH6XqH<?G~#1b3p&YoQjbm|QL9xH#k
z>vZOXxiD>Nn(#1yF-ehJIwPK@%34Z#y}1AUabzb1aY0TfAMUE;wrdyBU$~$0K3`tA
zejHmj7SpD)_Io_|%}uj7GuFhU$;o7U4zhN41rz5_HDbBsjEyCzvJ$U(Cvc`yIqM60
zxaQ^sgjO7Y<ZN!79!d1%Omb?ADKf?L`wR1#FP_V;O*M!#8nQU~_-y7zdKhb6TsJ<9
z&-YZ(=jy?Ar;KA_N(ko&jg4zc=~QK|Jzb24i+(bX%Q8cloF2sP!h<AEo54M^Vn|Jh
z<iacq?{BDN#+)4Po1aLy7(~}hizFf-n3F~RE)KBq_V#)%K6eH`lRgkPKAr0`JaG$+
z<A!sxiLI?;{gGDkrjFtIDKUgk&R}xm5%#*o^1BPia$=q@JGPWF`NU~lIX;~6xk)sX
z9b(ZLbFowuQ5rRt#U}?5o{`KnzaducsvvL9WK0EH+2ozT=^k~w@14T^x$b<vvYfEf
z7V=C|9dGZ}N8&aT$K~_lnQ6oX4zjMem+LQ{!h|pjlg35Syypnr>3PiSEacU_R!%=-
z0%xcAOZ_v5DLcX**I2nX-uPnb{ILP7+gwT9@ss%D@xeqV2Gew?0#oi7emyOQ<T2sI
z4fL_Is8RIC0?x_^BsC+Jc`?r1`?o@n0Zk1n1EN6V(_)w<Uh^Bf8X4^9rFo#Au$&a0
zSeQXrOfVOW4QJn>N}2+rS#rgAf+GC6bZQh~5n&vk8_W3<!`QW@nC3xmp15HKv0?r!
z%CN9|XB{2tWQn1hGcJj%bNs2RY2}EEnTw`G;Vy>8&(6qV->L%QXCKE;lSKxLO+5Rn
z<C&jiX4j4iW}h{iOLK!rPLE|#tPA(PE9Ez<@!5|{R16<qGnODRfX+EFo2>3;Ru}bf
z(h1{@I-h+?4jsFSsIf%yz`5gDm~9sOEP(lALI~+@q;kv@u5hp9i@iOZef9*Vdv>#_
zRGc|6j4df?{Qg9#qvUaVrZ-=#E8@5d7VzkC0r-hwdELwycJ8aB+v3O5*Gwl{43F6}
zvzh8F`c&HXl<^TP*?O4pvAJBG>%*GeHB3EsCijjBB{e<N2v-t4ZUR^5`!Fph5p!n~
zB|$OVH6un0hc;GrIP>(yWBFk1VFE?JK6LUJ;$+~zYIYp^c9r3rl)>}oCKDYM%q7Rg
zQnIIl!OU!)kut|5hR|2nNU5%~AOrq{38|c!6Ts$u{rv5r`Q-Y!bH=<3Tq-Kr?;62F
z=Vg<hA5D@NNv4ToI3)zO9<HW3CYP7y1Q3^*%s3w#Yj;&K^~9;PZ`sU|pk!v7TX=nQ
zJ(K3-arHzoWTs}2Q-6dlb<W)MlNl^b^b<QZiBzW^KHgqRi^hDC^0@i=aQm5)nJ(8)
zoREl{v|C}PFHc=LnQ779EIKX$b9)DSYV_&&5Z<9doHsMo_{4sFNdt+QiA;#_Aa`~i
zi)iNWyIPpCAfKOR1(P@_nY{j1HXV_BHExI)G~*^^a_ig_!jr=|BQ=CW+xM`d%7tIa
zc$63B!-T95D%)In=dw&*d}}XWsma_uCxj|<G*2Dx&AV%A8GpuP?#T-yCMTK5mLe(x
z68QD3L}D|;nIs0#_Cw8B^-Cdfc8;5#$$blw2~P;)nyJx51_p7`yi9%~e0@v!HG5Vr
zXA7<QGt-G~Z^RlM$4T+tY!Q7u?u2Pvn`~w2Ze0~z_2M^!l;9h{rfVVu^6L{bDBZq`
zyIxt%YkT{M5=+0dyoP(9+l(zejnhKh*tU5;Pb}Tf`!ev)l1B9tPj-$l?t@Ra@%)xn
zj!O#09F@yY(|fq*`PDqNzM9+w@i6e_<`Xh#udd+nclMKW+AJ=P6>G77SOMwkf-Y^H
zy!`$;&i`{2uibMTxnf9MmhQp3>-Wnb-Ny|V=FzyTgsScq{<!!s$K~fR!K0CfUSH2+
zOG=nHF_T!aNav36=gs%Gv$4^e-^`C;<<3LAySa^%PReCkpjeJ-)w}z0tCXj@pn$tx
zUc>V{dpL7u4z3NQMy!!%HP*<23{2wToSh%S<9}Jh8wEB_NOj}wcUJJ10#~k|7bVW9
zCyNr?dH9J{tS|RqMy!qJ|FVR|{n1=3LUG<n<H_l&<gqV{F$G3(%7jpIQX^>CyO$SN
zcFKU1PpMeMcm8!d?{2NdPdtDu^`LvZ`F!~f{<L&2FVqL|#L1C#XaGLD!qy)-jExE<
z(pty8FYRaI%(0C1?%?^)_A(ff!i}?n=@AdBzrP2+<gr|y=fYb{3s}(<z_S-7(sZQM
zh?n!^m-`9I&Sqv(DCfzbzwOH%-1F>KESWjnG1kK3O^5hodncEiH;xof@u-A<CZBL_
zo)gKMPdD-4D=T@sB~thqMW~-2aZb`EukNGP{&})^9g`A+SpLOMe!D{IJS&j<Us}T#
zl|!766)DzwGcPRO&J%0OaEgiG<S;XZO>lgQH<r{`QpD3O(^x)+N9@du>`1n6*u(FZ
zRg;$%iK}Z8&s-YKvM+Y?-T@nrT%Jq$jyfhy3J0GsuFP;^U3n09ogU4G4Fx>$aSeCe
zJeTYsH&XnpJonOe#GD!a>`$`r@ibAi{|FDixS5Rv^XLR0(#K9>Zg2<BeX^H>0hzos
z-^(x<^=XBF)--O<?B>>&*K+^+yD4i;;OPqkdG6&E{Nm+p3}j_+YN$KGLB900ws7AQ
z>*$QjAie7VS3Xt9DW_!_uVk{sU~4;E!rk|6B5Bc7+&6#81+Uj}=ebEzxJYh4IfiYU
z3i#dIW&Glo3&{_5B_q(rvwvAfi+?sZPnALQZ)>^x&27~5d6F3!K(Ib3EZfhu@9yWR
zEe*_`nnaY@MI1Y+=m=cJ0PQ~9N&J{FOfH^0bzv+oEv}RSR-6ejSUmlLm>t;8Z=NY+
z%E?nX-B!bcOAk>$6vS1F;-p!u^!3;X8kfUQQ(Sm^?S7VS@8yOorxMs!%x&)#^2X*;
zdV(XFlMv2bSLN`@OY6ApwJnsm#qpQ(<9P3jU3_?WkZb0|5So<7WvSiV^THZlTvuUu
zl*3-`2vnw=2YLO2jqLMC;P5M#@{@E;BhJp;MAod?!M#FzXRn3Ja>As7CT7OE@z4{i
zSveRj3b=+}Jh_QFmq3n-4C3S)7La&oHxGS$7$1@OpHCFeR0G%z^s;+LEnVWc{P~kZ
z=qeZk-5tF4<{B0^1aXcyZWgmQss66G%GHc8ciwq>6Z>6KxOJk92VPjsGpkCZtinej
zXF$DLljx`zZz=zJe){x5uDNywX+te6Tep{|zu3nwHV^Xh<!KD|xic-+nRnhP;H|ZV
zEIHJ|I~$I$e0d!U=EsXl^=4LrKLr|hNk2ao1G=ZYgnK?H6a%;vpQL1Fgt-zH8AU)#
z4ZnMN9WR%;^VDhL#0)u+F5dGe%Xf0!le?II{xrt>4;s@u2Bp9H`+5`S?TS<K82)mc
z2iLr~hKD}f%l_tm3ODTHfu%*PY8>RWDXH}AF66!94nAIWkeaq3rpEb6ojtkYxKzsb
z>=S*unwNIF@~bn_@OKf%FV>acKDm}{9iB{0jpmxOvngJ-o7-RBLV+$qsQpkpb$=f(
z5&})4Kirv|?8o0f+s@Ow#W@%oNl0u8Q%%kM`u8jO=x`HjwpX*Yu$<5LHq&#skQ?4V
zz$*nU%oQgy(9_A7I$|_|lGdo?{z=@vFoN~#3wY|&I&QsgE^{X)k>lLNBd@LJmE|RP
z`f8XBqty((bHey+qWY`2U#>r~rjb);W)k7y!Gi1no_TvCZ;D|xFFjI5I=RWkna-Lf
zF`(-BaM?a~l=l(l?IK3UL2mqGA&V{=M|5Zuw@>ot!z~B-Nc8JDXXcabB@UrJ6*dKP
znK(5Ymu=<|(L;6OFb#IOaQu1GnbTLr!^;lS<r&7giQd#F$1v5qkEuDaxQZiRDZHPg
zPmN-ed3cgHFMY6;`~SL;_3c6Y=HwJg4i)qIhI-~q&t^fi^c!W4H~>izehjoWi+);9
zTTB{RJ%_mJsl6;Zbqt6hwq^SPUXr@pxuKKaUYt!;Sr5l2`=G0{oj*;C&wZk_RSv%e
zzS&&^gZOG}5*Hg^=;~v=ZS1SJ8jG=QFK=L|rH87nArb>U87JQ7^A}C!j699YqOT;J
zsjLwXu)2-PmH`4hZA4E`#k#kG+J-(_%j;>;_y^(s<cPAGkRHcl=OnRi<$m@IiZZoJ
z#E^}x`>W{cvr_ZvAr8j{GBqodXiETRpCATMmJ@HREu~ilPtxk5M0vT9)b6dNy30ms
zSpzlQgCvH!QCHo->WUUZ<AX)u137VK7B@`vW!3g_$~8~v3_fC^MtQlia!<1im{Q+X
zC$cjmDB4#`zX;5hUDb4$O(X<3QC?h4L#vHuF{pMPZltcKm+e(uxavYq!s+5d@e;%^
zuB~eo<<UxKZznq{dT@^jU|wn<J^^9eeMUAuowcke?POrU#_GLCKrHYq?;$?gC?29H
z$NJ`OdPR78^wA)JTzknl{&e9urir1b%b)8aNTc<(Vn{6GjWW10<W5R{0%O8M_~jXS
zcsG{tSxFaeuC5Gr_TVGJIoaQb3x$_+Ev-Dey_twK5$G$Xa?iqKV*xjxjwT*kUdzol
zpTtimdow5&cC23jXU@yvs$35iuP>)j2M;M<P+~YK(ss-Dx5<Fe$C4E_1f>qYuG+Y_
znC?DdjIo}9z}bb$>MmoEvig<|;bA>PoxPN_^@#GYiI4|!+bzfQ(3})f!aRv|8{&(d
z;^m1_x-i?1PsHF<Z+DoMjP0!*;^{X~(K>*qlNHa|S>$=TGUK=`E=hIay**8oRqf@_
zKs;xhl}+`swRB}=a!R;`sS~q#WS$R?eRP0sH#ZKKR2mBm8tWXWHq+N4y@M>@S0fp9
zvGi~Y8bu;;Y8rWBOx}EY7Lm;ryj3M_q>ti7UNaY@QTt_)v|k?;)zWDvjA3G9HS3DH
z7;0)`@u6N$&2*=^xkuze`d4coMGZ~tJ0kndT{P$-ck<WX(#{Tj?_AqWkr?HNO4{hG
z6L}GNHD|^!R}{)Ton=@Y!M3hLNPyt(65JuUL-3#zEV#P|cL>3CaF?Ki6Wk%VyE}us
z%%Fo^_Bm(YKlP`cs$N~yUER-;_q)F$685tB+@;$NRQAA#1ggtZ*wcPb0u2VLN^<b>
zL=kN4FqxW)t!J}IfkL3yl_>WQ&EJ2wuTK&FaOY6<nlXQTEJLqroldQr7y~y`w>=a}
z-`fYH5cc%Xhmf`1acv!sAGLJ9kyKnJy#xwd>LJsjZ+{#f$HB4V;h#6yzr$?FQ!OJY
z8!AXA!@rzA_6wimISO`f!q>SFh_yL>JP`9F0+LaDb(FxxVKErXi0=n*wre%Ep#rZ;
zmu^$k7MB!kt;x=m1QEYR<^wy<$i9+hRV~mtJe-*%<TCEp=qj5m?0%;z%=Im;$@TWu
z^8XX^g@dZS-%7~!Z)6}oGuq5z(`k~Z<JsO%Nj`Yvz$bNtEVv5>e;)(Eb#uH5hlEC+
zK5<CGi&bA}g1bA8r1fUJAX8i6vyHdeKMpx3gtyElc`82InOh+R5~tiGCVLfW?KgrN
z9-8_I)9@|Nmk(?vTBkVATGY-{9Sy&49L}ZqGqr!plLPcP<LeUIkCI_W&H>W2cy>6V
zC2FNkL#=McJ-wMr;G`by!~$s<+a+_*=8lAn4l3~3m$yk7NY|&&ndpobIa}*3n?8N;
z1CM*l-U(-!&;*Ej{V4r{fLyM%x+C>FHIai|BV=08iU*%zGz(X56ee%8@|HrdYGuRe
zG_%|y9Psi%S@EuSo2e-2N^<k>HDNV+VYHxtI)N<8m3gK&c`MWD3KIggUwA$L@V}<q
zmvc(_OvGWdx~uzH=7^3{yA6K6l`p<$_7ztl-Wp=zJ1&J~@%kF9q!lOhv>Rb7mAcC(
zi9NDSF+~a$ESdG)zYxH7PVu7H<1Ty?J0tC%pM=#N%WyFqBfAZpIGwTi#Yf&MhIui@
zZujH6DCnFO`R5UdOHN4(8|xE#1_HrhA9cv5Z{(J-)bZ437i`V%;NlggZ5hR@aLE|C
ze)O;rfT*c{(%>gcc;-`Dcwf)w^LJ+3pV?L8FIOD@nN^Eki0BUXesp<rdHAQ;ZqF)F
zLD^<53OD?*UO3;Q*0y}3uW!2I<LF$2_v5GK!qjwOxXa=S^#r*$k}~X8-1*$^0BYqL
z`PF`wggRv6kUjIxxJX!SE{<gkh{A|78Ezr;V!TNaUUF-KT)*E>6Ck>7q#p}EoSd9m
zhQ-cPrG}kkyt&Yun%q@D)iDTto;kUL6l~djMcOY*!POdweWjl+sTtUEuI8Wwy+0c@
zUowr&3hy)G0*gQzn(tgq^pZRYs&e}7N50adnE*ki3Fu&a{E>On-sZC!49~3&s@80g
zzCSZdSXJB6)^=%NPlD`*v%aDaQ6a~XK7T1*;3Vn_Qfnib@L%o8_(YqdWjB__s(6V$
zxsqZB{!EVCk0PkL*nN{Vrc+{>CEL>{WnkLxmQDTHpfwYKmuEQy@0d7+C;j%7Q8tl(
zCwTY6aQHp~q(z(kRde?STcNtVBeSdwIp+oHT=j59AbblJAL+N9MxUB3E+0YX<kb;2
z_W*Dhgj$t2(hD$tB?hzulRgW#J(l2yI8NU^I0M@*dlYyzOY6esv}5F`z5jN$sgW~M
z)OVY0+BpwOCRxb22r+9q?htf6WRc{oj=fN?4`iX%-G1Qsr6XlP2Ri)iU8U8oB(sK3
zKxFlsvyPwVPnb)UUuG)0J0^|Wf))X>!Y)M_U{BJEO%a#8Q9~Vib*#Szxja~dti7?h
zZ;Uxw2+L>D@l)$e09akVr!G|w>zpsO1z~mjW-ey)bXBk8&NlsZjp0<xhIO&gqbV-W
zlanUmUlE1SaiRAYsh4%KnwP12Mcf$2U-u;}{Ycj7_~-_`B)XV)il7bnO{4#cYUF9g
z89r7%T_?f3kqp;D#5NFsyIP*sc;<rOIig+CrGE1}Hd7@zKJuQh;`c|MP7!NydlR*l
zGsE+%e7Na}m&;1mgFp2c5-(>e^JP$zyvgsOs#QL&0(X9@Y}vlQg7nGTy$uK_{TIR&
z98qke%I{}q6<YQK&D&Yrjwm2~vMWEl{BfxQa(co(UA>rer)wt>d^2u|K?k4J#ymFP
zfN7t$F%&$ZaY@n#--h35H&kboaO7?Cw_)#E!V#IRNJ`29akZf}{{i0YAtGM#u0AFX
z<YVRP88Qy<oA)Kf>w}{P)Ht_;kQ{GH3#xjK7$IwFt78NCOgUZ_L}G0LMAa-JiU)s^
zHfcC1g%6p_`nY(*58r9Fx3hj|Sw$6@qkh>iyvQ6(Ocfbtb;SL?$;W*f9YtAw8(wvO
zRJw<$y{SJn;-?8Tze=bD_rD~q*OqqYL!$Y=gh_K;tac`@p1(xf=IV^j_}S0IQcX(a
zch&^yKcYkbU5N3)PMB?vTlS9yTsvx#Mgy8c{W#y<BYJ_gwf@zwro{2O30j8fFqV|=
zIe?EEfNXm&7^7yW4wQ5PAL<S<fS2!le@h1pea*%>R|wzbdfHfz2>)#OUb5(-VzaNn
zd?SmYK0{g?5DiU1Zhgzlme9BFLM`rn;)a!6sy+TaxAmo&tYSl!5_iNdxFzV)?y;Y&
zwp_+KN)qgnAXvo)DLw*k1N5<U_m-snH4u0(O9wteG2dj}<DKT=p0}HWzv<pTv}_X-
zf0ar*B+SO(esBBw?$akqVorp+Qn|5n$GvdcK-=1m`v>;TJutg15~k%ycplx}{Jp|T
z7&oE$pDUeGAO^-YWUGZJ>AW((#;{r;J$r1;$)9}H;3>NNr8&a6{E#ls7^jz+opCI#
zXoo&TMR(cuFrgU<B|fKzfFtza9<8R%VrYthiBE7*YA?UFIb`b%0hp2|?Pe%J6(B4c
z_i?d(I5#DgYwNVCqEG1_Y#Dt%Lh^8ST&$09ENl%w*FsA2Tg?q|+)rZADhj-$L>Gnl
zf=8R>zuLx68+!m!Gee!y@cuYr8S`3fFS2I1OU@Xi%|&W=FrvG$&Bd{{AuJT>;PitP
z#?;UAYtb>S+b>mY^d^8A*9((am2w`B>0*GCIDT&<L&nLw>|s`Iw0Xaq-P6zOQw*A<
z8SMl1XL|}#Vnvw}P$wf%Xf$5swj#|?^A=rg94WysZPL{dcX}d<LZ!m2b5)9%AfEi<
z=(l3fz;|atwbiYF6QgUdqgAr;?4+a=Xy1;4beI1ymqP4!_RzrC!Sxvmk#@yhnT$f^
zoUAOY@XGSA{9*@pyOnPCi<hjE9D~6XVh(&m1KFhq6oL8jM7%Je%cRDctLox>vR5k<
z({}xzwfC5&C&h)ekq3sl<2M*=dpTWa<^h?U{Uv$P-NXgoJWF75D??RLV>5_rJ-y93
zsQ+Xsp3@LFg`(S151(N_HY!593`7GvgwP{ht}%2raW{oizT2YErnOkvAP<}PDHq39
zb{I6@HT*5FNX=?zu(>1O{u>n{{eWd=(QoWvyLIvSM(1n%>pF|2_g-QM!)ZSo!vmY&
zPnaHbk4=Qr-DAdg?&nUn*9oU5Di+pUZ&fA87Vfe5BYY;+K**?{k19)`wDW_s)MeW&
z75{~1?%$Teko)wVW>-7@^qrX@$hlE3SbSdzWj6?b{<p3&=GsXh>$A*g-}N`+6=fCP
zps}H=gHe0gzCYGQB5bj`#eFzpqVYQgYyFQl--o*wmX#w=I|&p4)Y8YC^F^_Pyo*kd
zdeVVNFt=uVSd-|6ME9?VkWU-!jd`fAmzXAseiiu4Yq&&8$KR<(iPzI`mL^GbNj?El
zx))1>c(yfy&5E&qs0{_#W;S1qv_wbTf`cPCl9KqaQplxms{C*l?!JFH?2d8i(}}&J
zpK$p_%rPVZ6S_Y%!f7!zA>^aW82<EPGLB!DKb)>ubGS%e0+J2Z>F8=ML|V&a(xSFk
zpV{ayb)ox0$(1xqH>jqr66Ilp34c~uvFaSRd!)wiqelapP%P?bjLavuv^bE#%*>S%
z?C^ChiE>dMHkNV6j4@%@cwS`HqKiGS+@Y2uNgcWW<G(;^m&}`pzNtQmrD@2P9xtJ%
zhe|Ko=rkJTgM?!Mt5^S9E3t-hmbKzz{%d+L`J|Eb&pKD!FgS>1L&x!Q6jU8mBt1Sx
zL7||fgDaqd-)PTl3~-}XA(Er1Prh0j5JZq(CMK`0U*3KC!fS_VPE$|U?^)w}#1xr7
z04?|W6g?S3KN}Et<8$&e2JLfQWvpx?@06-x3=e1e2|;l}LVVBeUpC%_=D1UOH*7#V
z05?6)tWP0&B7B=hr9Qs&Y8So1d9=(VHXJ18Gp%k>9OBg9!+kZQFa=u7542iu%l)^^
z)xtm<_en6!d{mIvyU?Z5v&BnWg$hx&+0h=&`cs}(+sd+AVbs_YLk0%9v1S-OeeBJ_
z9<6ktrS#Ni`yX07eM!s4cKScQ6=^bn3Y)KbbTbc?zwH;RaYiU8StzShl=t}qpce#^
z6;Uf0oMVizSZ(1Fjv94x;c!hUTn$8wnzG3-TObNO19c9!8he1gw&G!$x?LFZ@(%d`
zu9}cz)PX)L!XlBixbXdhL)lGoc&uK24SYV897UP=)eA50dFkHoOngp(zOnYBVOPGn
z=|hVCv<YhAw)W_x2b^XGLzu0<AY(E9hREEg08Y>4q>@R+D`xJg{XxE(%McEGOHpSI
zpXhpD)gRm(A&!u_C;qn`)oyS_F-R<Ss`7NMsiBl=alafJP$utk=ggKiC$+*^c6Q!7
zl^%2g7rvW;7L8kP^Rb^Ag+--jS`=cX<4WXQ&(o(8%$R*L^Pl=$?N~-n$BZ2{)DvmL
z{Arjod@<$nUZ`LA`reD?-rHrP!s_<4x=0!gwK8D!-SDg`(a9Wr>%SPIREML@m=E-{
zm<#$!;<>5Uixxj3VuaboqtM!Ht(dX()A-U+An(It;vt#dW?z^Vh+=vG%*uh?Yy8wd
zNCh4JdHHfQ4fTf;U~t<zl4&^va>_b16ES%0E=IrF!zmX|9rJyrBL1d*o0zP>1i#3a
zNwZr|O;~O&OQ*{i&DWyePVa%of3F!)K@x`JU;&*kpNl!X^wN)ej9ghjVJpqnSIXWU
zzAf(l#FQHjSpw8SJh>ISy~reLiSSE*yO1@zzHaOJJlGwvtqknBw4tV16Xn$}s?XZt
z2T8-W(&nr}3!lZ7)s((UkkZq8);3lpK7DcA(AFR7hO;iPCMxU;b5ac@!RV@w=ZzoM
zYofy^aK&b}=U!R`K$=~ZM{YnZjS(0gDbq{z&+^wY-@^IZl;Q0d&Mjm*#d0edf5#yW
zwDLfU49Tl=v1q*8GZ%lHftp9htOx0*rnE+NoaEWFNtN|}yuVV;Zg06oa`HN=KV4U7
zq5aJg54zJl@6AY?m?S8UOG)p+oknE$Rh8N}^|b)OqU@xMZEa18<|^&KyPi$GqcsUv
zPK)d1cCxW7M1($++1pw1aPUnBdGKj&)1&*9wd58(l1Ph1iPoT-KyMCyJE@RX+4l4f
zMvWxM$GUpfS!Ga6cKi)Z$r7&0#grQf#w`wA(kcQVN-M)MGpv4MY@P1lL?|QCPj5!R
zw;_8uYx9W3zwn99MR}Q=+GN!wWSE2oD+9XGH{wNYVq=X$TY}!`J%E58#A4&9lpJDk
z3eyf7N4E!oIJHQVu_m3-tGZFdhZ?<lnA8*9-#rk8fUa>lB+@5f>Qg(u8Y8{W0S}&H
z;t`aJcn^w+SF5utRK8+gje{`Q^-0F@Fe?5ilfG8-mu<e=^ab<#Iq(`$Q}w0tN1-5&
z=pNyoO!Y3y%T8jx;N!rrue-LT5#pRH*(#7UbeNou8sV~>Yxv2EO_+!yL?!Eja-Dgu
zv9}!Qyuj-CAPg+GO`9v;^-lzp(KXGg><ij*sk@~c*}Ij7&iCKUgWk7ao*$WIB8X2j
z?wE92%IJJSLvt=EjzN#f1Rq!kE6?BKE1#3gc-eJyY?mHUGh#^eOFA4LCOWAi^3x|!
z`ArYs@7<iu9epmy)}??((pJ|HVEgJZ;O`W7x?tAjF5lY}7c>M(!WfH&CEGEt@>d_x
z*n0-e!;8t8tH`&BkQ|8-vLY@C^L5U7A~cQ}bCeY>-jNdrnEd>O&lm>k8W^~Ydv@5F
z&dcp0fZq;uMU#__gX3ga0!l^IxrV!6A@!*_5f#>yV{E<)sPzqdQ!JB>8~mfSsr&&s
zfM+3OqYOye(f2sJM8o<+AO+o|(UXYlpzW<pt8RyN?`MLu>ow{YOQ=k-XCZmevt79j
z4%nH?g!KW<t*&E(PPqt=LM1=K|2!#$kMNAyL5wI~)MR9Zp~}8Mn(N0)X*<#@Rd47j
z^qaPb+jCW#pJJMn6LC;Wx1}|FGFE&peoPQ`PKST#_f_kD8Zx!jhKBOolJL*(r35rk
zx>_F*4y%ZFJ0F#ejdr}xH|J>Zk`dHB439}!47AIqW(avH=`4wPEW%O046DH13!pjw
z?d%N)7RFoq6|Rk|PEbC>B-<|ve~QJc&?6VNi#X&QBC3yf1oceD$MTlsWVBHNot$gh
zYta0**@(8l_H>f%exP%5_e0BrZ9hUN<27DRRG6{da;wiWy+NE3BpQfLwKPAHGx9?P
zdHcpQa*^fc?63}eau%p0yoY`zTHw1@Vt3R(xJniSotbBTLjE$nvA`OdB*bB$oD|h=
z+oT+QNiDVOWGE++?O+jqk_Uz`=l0u9gkScXotevO@O94MKZ~qihcEJSOoy$cIIPgv
z>l%t#II`<`_oKK&KCk)3Wz1NZ3<3{IXMaB&QT$LVuYQSkC&v}dD71%_s!<nLYqs+k
z(gmXpVhb)!b;m7BOnt|2(--6$lS;Xk#V9=pEW>ZDaG;TWlrxO0r@~d{WoApbBLttt
zhq_Cm*Xyh9z+V#8s?IG*N4+uXUy=zdinTqb9Le&FSLJ`D3axYgyE%q8ix+bQ;6(J$
zCniC^OD7T%t@!r{#UDvsF)2u+bIV}P$WlqCsyASK>kyF=MU<ioMV(xdTWRa4#Ho(^
zUi)6p%KmKk4<X~gi6T$jV}*&<eVl`nNq|~4)=7~@7hO_&hyAnbb|~MEjK|REMSE7N
zs36#fZ@cue_fwRu-*<xMj|f7T*z+ZoS{_a_Z7s$WLd?9;Yl_O$ssxO&J9iOUYe2<_
z6nrENGrQtc<tv@M)0z$r=Vl=p%PluwKGA0npy0HoJ-3a2lUC<0JXh6Z1n4w>1O__X
z@?aR-+iaEjIMVpsWIk1`^~D`7Kn4tYW_LVYjRgTL8=os&O?))MjC~QkTBp`#*~_}g
zC@eFvfU?=aYcz%}O}Wqc@GvEOy3kg&<u%4u<uWs}FEb#8&9`){p51N5jzf00lJ~z^
zXdW`HN^ruO$0IX=>0b}vY}%wXBOKfk8xLK$;+bJJWu=M8$%uaWG>{5_k#G?jH>PPx
ze>RLaUS!%hFQ38|mNgs&!LzK0>3|^v2r-LVE4xPTwM<R2hJ4CL5@KRsMB7>M83PDJ
zW&rSeFW$*0M{Q*oNrOJ4#L>;dbdG@1FoKS8R?<@!j(tls!jT^<>aGoKsp*Ow3qC?^
zONR7<Uym{Ab_^>ISv99gV0+p@`ne^sNj{0xzK1w1Hn^g;6@@u)1XR!KrHL?|>|n=f
z{Px0}A~$>PGAFYx&4H@>pA`9rruMymu5ZM3R=j^+K~42aBG8Wl!lV|pq&I{M^$a-C
zOR8qAAmA!ax+82#ld)piM-%*@ldno)L-{!I;7$`MA(cF*i)*|r(Hd<3lT|o^__|op
zXB!v(A1YxQ_s7iktj{w_kM@5-LjaH~2K{kl|AUx=Xb^#1Zl^P=l(&NaCi<pmN}MSC
ztdNFPG?{VEdD&pzi1zGZo7vfvx51<};=HL+HI9z-J53QcMzygHT>O-u$CBlY^Mk7^
zm<WDypuvJl4*SnV1)2VnAYj4i0go7K*p-#KI}duWifEw0tkP&6viPVGJFuANxG+Nz
zz23MU)qUwCe>XWNf%`CKO>D*q)!Vz8@>jw@r&v~ZfC$JdoQnI{cuxEF%zQ@BR<KPr
zz>Wyjgql10arb+9Q9bwbVJqXQ+v2s1_TG|#KQ;SulOf+RZ-RlB`EF%<e0@g4bc(b7
z#q^0cP#nNJewlkUxsh{wT`+1Iroy%y?b6CFR`5^+I-7ipF=Fm`9Buk5UyR^oK}N(2
z>CtA@3C&ZKF8Hj5i`_Kfua}&e{91gI3~yTx1$dH@Q?8Z_-->j?;w^$3XE-4<&>m(V
zu_;(=r>wOt*{QE4DYM5dj7gv%MrP)yv$12}mOX0Z{!s9^^Tmc}_aHZA(?Cq*yLW+?
zX_C_HaB+Q7tby9lAMYnG6i?d}j8u_Jj~4^>#puCD<h(prZVI1{*u9{ATSsVhlDPFZ
zL7&xQxAp7R993@}{K~<a_8D#jF_{soRC6D)=-X*-NcrE<+#J5c(drq_d%D34MeC)}
zN;Ba3=$lvvQ)U)%XcpIqm@_aNBO`3X7Bj_gy<xNZaWG}`aP{|wsIcmcXFvu$O72Re
zmcFz7uKy1CLjzQM)Gev_>Db>?h<?+P@gmlm_Iz=)^eEZZUB8rnBtQV<+IJ;*07D5k
zxTEaar0%;ZSF{$3Ve#v&w<7nlg|CEVc<eUp{`7awg{b6tF)Qr_E-c0|kDC_id1s2m
z<je}+{P1bB(N5YwZ2SvVojmEB_K=++bW5H^rmp-7Z7^J{UqKkb@Ci_RVJt1+6!m^v
z`$@J7nU3A8Ze6*8y;-%;r=jX;1m_+DzK%^R%aE)^+YFg%W_=OM>fD*c^;cEIw-SX<
zkJULsBMQsc2n8><Bp+}6ZP}|+Bm>T#CmDK&yhJQ19HX6wstrh#HrayY)kaGffvn~6
zsZY^tbsZJ*vL|JrqOLI!Yo<|UG|TOVsAWzD=c4OQ+82-1{l)Z4!8d<6P9!L}Gl-XX
z5e~5vUCOmQqn``EW%^glW+w&zrQ08500Qq$IsH{Q5ZwUXS8S?5!L`=(7u(-!v=H6Z
zvQiDJA;)mf`djhCuAul%rD*?Zuz;rfVTJ%~ZcuhYC}TCy5t--7HQ7@C7yH;jKuYf`
z-0Ndau*_ZW>v{tJ<tw%N^h$>?qCcTkuG`<I$NsLU!Oh^<0)4Xk&P&IH$^hVa#f4PN
z682`kly{WhW8NR&C!YP^GSSa~ApaT5zD`1cg~14=?YHPy_iL9p8Xjw#XynuDC)l@!
zE0W80S>dzT4Y26U+zZ+<^N}m#wZC8RBVdZ9{-w?K6}g~J^TGN83t(^{{ls^eazZS7
zkV}*TyT8|3HwKk5w;ij6%9QpV3Z9srd9yxx9Cnp`6$+^mWu0k}&d9ww2A@dG5MNom
zNOyFhCCQd$mKFMM%H)zqRZB`dEPsZS*q1!;jduFK74f!oc53>QRFid5b6@`&_^p<~
z+SBzKalnLPpP<|o_QD}PC>--oxb=xi&7Mk45U41ovJfHUeSY$F_6Ye*kniARtsw6+
zH~#FQrlgpKFPXp-@jX65)NX}DW#qt;R9w5C*WvajDIa8LY)+~Yih$r*4YC5Tp<5QD
z87&I>D^G26@2CHMQ@PjwqUI4+KG?c!P1;fHHMC%}cRg$AY+ltiHFx6ePZLAtp5abh
zaD+yGKUgCI@DaUzF5tfLRM*ky5sX8PcI~O&Eg0r`=D1tB!ds!Xj$V(4B0u`Q9cGIN
zuuF~*rvp5knDplX=N-wawSZTFH9jQ*3li`}jn|6xGneSHaTkEkhgium$$U;kM*HoE
zc`$_vrNqV?1jw$JPi^MFkvAXFs4C{adz6_WA(Z25WpO{O$?l8?6(^5><EyQ{vw1v(
zEO>AD1DQ^z_vZYB$b2&1Dli`o8H<*gxY2rhlOM?iGc7?<Xkrdx89)5dT5BCA%e!(p
zv?KJo7<#{aId8pDgtQlmEg{<a2wX3suP?UX&sbJ<-O^ZuwxKrNsN{SjW*pU6%$n#y
z5@>`vxIXag%b%2puf46?P2zU055#lg8}#)6L2B{cj?2L1Q%vIJg86`~1K;5{qIJFX
zW^e+L8Ei<Pvg;T}&i#cECoTI>>AMWoD7iqgu%^J~=b&Qc8E)<S6GOIb%RGbLn|kOd
zo27dWp>VSO{jON-jkhd;9LhfQUTPZ7KTr6lGP?1E#EBO1phRl1=CaiVwf7Uvi>GSb
zR05~9jt^w|><(|}>X4J+bnv!b<T*N1ET$I7W|31~@6thte(S~M4eZd%cslH~lRb*f
zYRV<?d(I^y9dY#F0=z!>o-3lq!8L`c`FnGkPv**}upP05hRFV8pb!fXwS=|46d1@D
zK*|YONm@}mAcJ4N$jmIyy5A*mS)=kzL?YB-1UxLyfde%!nxJFKvkY}pe+8Yoj}rNL
zx*y9S=GC(`d;E=d?$OHC)-saS%NKQ<K6b6sZtA9^qd?25%)mO0o024jMEP978xRQ6
zJy~1xK?>S5S{D|BAF^RP=Xig~{C(vtJD8L&$Z}tvqy)>iz8zxAp8LWSY+0Q4Au`oa
zJiltOkYC<#*2=qM(f<ixG({>`P!Ck9?vi=&R*scDa9k@N><ts6>CEfS|2UtS6@JS@
z#6igY<CniQCoLl(yJZVQB*&Tw-GneUbCKh(ckBSwr|WV|YoxZtKgs0IJuGc67C7;O
zUI3wDVtNU&fyqR(s7wZB>z{l9Kf0U+x`vPkl&qQRva*n-<;<v9VE_6G%@Yw^+}#E=
zV<tAlB|3_tRh4ro^Hv@E$NTZ3^dOvGarij$7Jqgbk>@v015-IZ*{LrVqFNk%@fWo)
zQAz+zeg=!?NF8<(E2{zm-sD-U5k*@YyZ>Q!3wEmrr6)}euJ?zx7)>SA%h-Jq;|gqq
zYoDoIg6w)_5!(<K)5_)hg``NMF@Qn;Du7?jj1=zp<orUd2{FA5s@OaaJLlFV7l*(6
zCPfxY3X=dVVt&JXp|vKZ=8(9qjF5A{h!gHv8{4Hv9NnVyO?F3t5^h%sZSJ4*;PLzT
zY?YqT-@&Z2>+7y>P`VTgA6vjCE(5EgrH<ULY^txA@uGCtAruz&mMU!IY;5=6I(m!9
z^v}ouyZ`}^Jx*ovVGXf8*%r%UeXNAgkiyFNBs@m)M}gaU_XYRViJc3|`g#{en&;po
zhTkEJf|Bcn?ThGiUOsJYiN}ruy4IvzNFRx>l{{@)q%DMt&O)Fvg6zh5Rbc3D0ReR8
zQ$(*h=3aSCT>{T-Vq+AktuHw{B>|;51~=U;8Wy|#US(}D^4PvqFhmj-Ue4rn#l-Hp
zbzs-V0GGO9aQ<@Brq|K=J{#$fMuf@Wu+I~Hv~EC59{rj|>oIZ2=}%Wk);B{*FkmP$
z1-3Hf78C7`+36XzMzptR!{it&Q&LS}TuiyWO%<`gh-pID(uNG6p)jlrLXFlws_By>
z-b<}&ivRqCJnwFGX0+A<QhmI<x-SziGW_=~{S7P*geacS>;AeXd1j&(7|G>NUN_A}
zvdWapnJu>X*?-MICksRs98rtcjA=-wLIp&AqWa$2N=#kGe0@@7S43n~?6gX`{|pgv
zzx9F)knlkUodWsY>Ycmys-cRNsL`s1n(-hS>rAOi(6y!hNuT7zBMNH}h}y~YJ?rfY
z(_T_L3zmu^O2P#Ac({*0KzLWwFk8}+5D7Csm!MpDd3s$^-kpv)mp?c0w;sm>0;hoD
zb=I<CcvV$}Go4I27D!<P=TGeyom=l46gmL)LM+T3wyU@kRO)c8+39hMnGrYSHyCy`
zdSYOi&KN;Sl;j)?goB+2NZnaSf3{3^i_bFB$Ns8pyQz>OYBVN*rAnSqUEMF$Ji&#X
zgDBrg)LLfUM2J+7=RCLA&%^f=gLtbRFJg||HBswyd~;E!nHXtzGyfJT&~UsmP@_1X
zA?R16k%2(x0(E%_Lfv$K9X5sse|UN6>(?tgVRO@s@l;}*No6eqNb!CA@Q_%3GL8h?
zFAPH;{aqj9@03b+R%x3;2%$ZYknRfgZcD@@vZ^TdNlFdvta(=RGsPA?Su$I2pMA;u
zz7b^?8vdf3;uF0jC)m7N{Yf|^m6)AX^??>bPRafI%xR-OHeYQ=IzZ;+i9DH}qu!F{
zgFK%H&&s6asM*zaFM-&8{U9#~A>LRIu9##O+8y3>9vt1#WAB*@E{ry(ErR9<u{iF#
z6I)?SG`DgeGQiaBR}!QI-F1OPx=M)-5XvO~Eera-AIs$E#BCZ-3YRmm7<(L?xgPph
z-v0$AW62OF_-1T^V868x@?>@qd4wtk-(JV%fSiuTO)XZU+{hv0bC2DjKiTNN!L)y@
zgM)D|omb-v#?w8+yrw4j1kpgVsw$<K^`X!V$_ZkUp0JZhxpdxG!--f6J7>)Pk71X&
zU(z?(6lqv_e=9(Iy&M(hFH=#7i)L~Ag}TxdLp|jQ#^ei23sVxRD62#~1nEHtPTSY&
zzCy&yd%L~ngY<EqM=Wi%S#MZp5}za=o?7(`{6TT2M5YhDPw!GH1f>S@AF?Dq-Y}*=
zy)^UZ&*lrrt~KG2ln)8H;Rj^lN4Ft$d3?nje{8H7cO-Q*Oz%rMOXe;El>(RQsYh-s
z*|QZLDng`Zv580sq`VbB@a1Gm_qRSLX`6WMk4g3H<O}evrt;vyxBH!aFnG19wgM9R
zd$@Ckq1aj_1g<S_kKUkgrpHtCFMZ*NeR|U7r%U_k?P&>s7ZW+)pBO<lo+!l4uNb#0
zt#z99+7X~-|9v_~I5CM~0j-i3G{aPX$>k7BWtoISM)rQ_m5d5!WHQQ>rK--|8ejeB
zx8~N5S{&8W<!Vf)@lkp%gSzGQv?fbnIJLJQo@THWGLa$p^0YOaR(71mO^tB@^KPeC
z-cI+T?6ahIwhj%M<W1e8M!v3zqQ@jS9}S`3O`OvnZdC<$`SldJ`xB{KW(&u!4umGY
zB^@$;I)C!BC$lu{_|-OWZ`8<NS6vb!dc+_K*D36DgX&B@mc_%ThMSwdLs$HBzWIB~
z8B;G0Rf>?ZqN%S1DgliT<RzZ`oZnWsNEP^_bkJ6_@UNYuK!;68ghcz+np~gH%Fq~K
zuN9RmKv!Glt1}JX*!X82>d09&VeO8BSh(J1vd>@WLUolDEhS`VQVV^egn6C2dweDA
zVsMiMpyel^E!FjjX6xbIkIi)t-x(Lur2Kv45vIYEYy3h9=H<6LiJ6n-mh@PpL}Nr;
zi7^1e!9tMJY{gg6``WajCsKbA=7ilsev4qVnyT?^+x@}>hsN51&Zv)d16y;mGH%se
ze7Qo&ICc5_wChnoWRm8mXd+UAi%B>7K4^DY?+2-nc<{xTWv0A<S2zCxdD&iBOX(>q
z!{Gk;Xf->z!dW2aF^_Kup)CCvIs0BTy}GBTZ%I0>t-IPO(b&4>ULq?zv@hwM`x%4j
zX+;FL{pLulD3@lIpfc`XibVQ>X}#&5`-r2l2xxvwRgV3-!&)mtYIO7$W#v2L^?l^+
zw=$5;CvGYnNq$C=VAi(CWrJ1dJiAJT--i&IpH7`9la(iC#zUVe&TX)lo%W8Q#m+xu
zFjZRQcGD_++l$}nI^$0oq$zk7in(w~YS%ry!}ABPdHSM;_0v8K*Yk6rBQ8xl?7<QT
ze>Rtdx;qAtH@h<7^!mO5A?<GEH&0QOwmb-8;{&HNT_y<?UaOu-ufum9>Tr-EVz$@X
z-!0fP_H)sPwdf;yH4Ka$eIjqyJ{bTJ&_W<#h+p;&uFi+?4GdNI+6nXW>oQAGK+X;c
z1ljhicBi-7D-n5~vLVjT^+*d2>_y|NK*OvYfP*}PrqZX~^`br0Bct*lc~xXUcD$6T
zGlK&f52-WSPRt2iBJSy1#EfdGy(#*ilYkx<uOdRIL2R%zw9XDCOcznWQW^UZnfVA3
zz7=9S_`S)V0*_J6i>)oO!+}FjggR6^QI$xN#P&q5`C*Jv&rc8OjbE!3MAhPEK&7&y
zru~iDko+(OONZ4Zkhs|b<t{gMGAB~Tx%j|YyfwFGx6gtDDXh;EiWIdqU8lNSTa+=&
zZa8$aY$2CA9wIK%-UQ0c&E|<sESBQxEeDRod9sb8{nIyll&l$~5OicQO_1ORWQ})S
zR8sNtW}r5)z4#YqjuuT!vMe({^Q2@R6eh9^+^2u4@@>out${*YOudCwtif3sTcgEf
z(x+DHlHwyQFpGW0#AeBBrS?3>HB>*BiFx|Vaz&1@U<_zamUau^xXSPb^?C<CbwrK6
zACsJ<*E-#xg1w{w5W_QlBd&t=^wM(`{prpOobMEU<3`6SlI#OeFuF>RfW3cec^;D+
z`-W~b-A9wvnjtXtWvG-ZG5SxP8a<thPBbD#HM{YG7gS)iD_cV!ze>q%@2ZOchl?^s
z*EKuoiDm+Fv<=m->@_sLxxpsI8Sf=fq7fJX;y|}+$XT|={W`MT_CF{C(2`ndb{6Kk
z0RYn8jSfx(RBz-iC=#yeIXL919U5|&Ax9+q_v^qmM>;9Jh`DqVMVDTZlDGE<P@#8?
zF=$Q$&0szq*~!;poMP1RU=WL#+TKME`=}e=Vw|w|$T-Niy)8m}aPQ|vGp5BJJ<i->
zw3-f`W}iTv2}mz9u{UDc!A@u<Qpt;7;x_Cb!x@B!(u0(#Y>QQ8#l!x1*JDvBDOUKG
zwBU_Vmk>c#nt1Po<k~CP0iCD+>PU&P{rOnl!Ox31hSBt1DMc$-#H7De`gnh|RG{<8
z?TS~_`ewhFB>;Os*;K`d8Kbi?r978?A8a^D>luJ&jz-pgb@%?3H<ANP8B%gGK+B#T
zwL{4$no$R$+q%FWnIw?rJS6?+Xc>IDPp{i@a${ewyWOme&_`JF0<B1HzZA#HHtCMd
z70m%u%Wq?_+nIEUhSmk-6{fU=fe7U|o~}X~+Fhn%q99}Kcels}V%xnPmUQASB7jPU
z?FKa3CG13gu74rF|5!OFyPE45ya#WK%pX2}tGO=7@8zc*2Hq74vsadz^uGwA5C6IR
z_t++v$(dNU)9NL4{8&eT?z}T;8UMLIEtNz8nrGrqYhLaVfeVft=)bhGa~05S=AWh5
zY`4M>`M_zehwVbwXIyT*6YOG{xU4#sU0n&LujYlE`wil7S(z9&qD};?ccWh=P?_|4
zJ)UdVS8tA<e5~9xm%?Pu@t5*tscT<phDO+b*r(y@*G{@{8=QXX*E#ohhqo6u9*g21
zNIWN@@v>v{Fl&Xbt!6&lY`TBJOr7u|g4+c~bXP(!Cs~;b^kdXjVnq!s2Ku!;U!RqP
zH4jIF2HS|;PEjMa*81KF5)*rBnw`{WB##MLlUi?&d){je0WZy-PMtn1@=oPD5y)(;
z%M5?*w0#u!zd7a2q62J&3X8F2iN(fkc)wh~7?>0*?ZH@vbuXNpipm?(?=<m{pPA?)
z;8IMTXbsx)JSmL5b8%*&reEe8|5mpr7a5)#>*~G(<}eO)6Rftp7A3PdgzsLtU?W|l
z8HoquV2HNlK+eBf^lN!tFBfss#qL2k@-G!ey^Q-QRStO+vp8bc&ILDwXGR0b5c{_d
zcbn_K_=dvLxEw`Mo=94tdkw;W3+JX7ZF%t^r!yU=pX7JI*5aYP)zj&CaNAhg%tA;J
zQM-LeNMnSfs26PL3+0-;Uw{5Y=9@s<Szr7CxgQmZkiQ({-5T#W08o||{T8caqUB_Z
z4|#a;Ov`d2cDCp)jL5<<-YY6<EA@!kZ)NQCZLH3T?A;S?sEWv($WTsj!2$Sx|N8X@
zc~=_VBoEiNc8du~mrv6#=koIF06!^C<l~k|aRCnpVmMiOPj|161i49{&ej#v1aoGe
z-V$nUPaZ~RBu)Nk9ok}SuNwlui3Fkt;JZ5&v8`y}wF^51d#u8zycZ*ZRT7xigEZVD
zai~@tR<tb;XYtjH*U3C&?dn*E&A&2;76U--JCrD3qR#T{DN=3cygz|*J?)DY0Nci_
zc4P@^reVXSH=SCJc{fkHosJj|I(Po_$&zT!GB~XnT!@QqSM@shuL_gheP`f#n>zxv
z5=XMHKgcsGc~h(_y|si;84Kfa&BcOayeM#!m93D=kqWpw{CSnSJ#IgpODt>&MojMM
zgEETYQ*)muVCQd7)aC2OT>kj%wOz=~(Tu#TwZatS&KSb^uJPIxI)nIFavQZ<rOww=
zw{7+rg`S5hBR4l*0t!ZuXSVgUyn*wtt4jA_&kVna6S7oBvKR)fYHOVIQm~Kj51l_h
z-ByP+pAJYXUY=ohaI4bW(`!y^n@ELt_w0|GpO)HL3>VAGQS~tREsUQID;{MQcTx^m
z$YRZ?4=4p}43-iAD7$-sA*S$N7weV64IL33LKt<W_1R6qVyLcH8>x?;&PpGR1tPM@
zkCeI&wKn7DgW=~fU7IdP)dozCO28NwXSBux+z!|sKF`6J8_#wqU5|g`EHrUMTYr{#
z+dc;sMvsFviOz+YecRQpV|dsSp<M7oWH?cV`W#Ii-oNaK`as9qaxirnScifx8NlBu
zjjt(OB`v;RV0a^xZ65XjgMFbMh{6zC`e(?;?{ane)xgJIKp|_V+1?ikN_UXRp*{*<
zU2$;a#;WI~DhekdDA1FuVe8>E>(UmEB?+}qSxX83Nr!M$U|O0hDg#A7n06WX9?%>v
zyCM89LNn{%(^n2c#6rDFhc*9s)KFgg?Q?>rpCy|yU%?8Hq$|DL{ejINcz>&w(rx!a
zoP?*7$)DIh^n;w`lVbGI*s^lK%sc7~z+Ar2+8Ckx<YN%^`O|i^oRlt!=XOwslycS(
zs~2oe=GbQN-{+QLtYD0K=S>BnOQcx3Ih{8Z)b8t#JMon1eu(m3etY7g3>OF6Ug@st
zcTOu#P6@dvE(0`E(@VThQ?H2JKX5lsKSkN7SsUs19glgL_QCVkHU3GW_0j#w+dV;z
zrXDq&fM;tmy3p$y+RtV2H)HU}!ca%hsUr!Ey6~^F8yiw2Rsy~Z65D%EO%b%9D$g69
zn!(ZB{dL6t){CO9nker8jEq?I*+Uux@tVR}SyvmLyW79z<7i!hGPitaH3enKOw*_S
zB9-m>Ge8$zAqrAEqwfe0&R0XQ>{iD3&2e4#nl9;RW|hCo*5d6ir^qSlH<6s!pX#{`
zg=!dT@&;r?S7*Nw@S>;A*W|UwL^{xCJqj)9XvOgGB!UR~r{?FzHk-(H&#0Im;GS{a
z&}-F3yqlHklL+5upZTTrDJWBvfa^NWt|P*ZxTgjO;2S)P`=(kS-`SRV6Iz|;4~%Bt
z9(#}I_;}h{;`xcdCpBVBi7xf~Um4k}-gxJ&3Qb9tGpy-nGBNyg=>dVV7aMuOBs;we
z8i)ccp;92Ne|}Cmq@wDwD)wZ#q&61+hBXja#4=D6S{`?Tw4}YP>c|-!|4c6@ldazV
z1$loH7O*7NU9D+d)oO1K<|RV)Xj~z*voUESjwvAjBqIfr53AUlt>q1cAx8IKc^9_h
zk@0rwb%o7{VxjB9i(kZz9T)0r%B{PB3n7tA?zkRPR0!XK2$73o*8BG8T%tTH&~9$p
zTguXG%42THnO_Xpd}~!=Z{&W*QY%kvHw!|i_o-S}5SG~G{}nZa{CG8j<oB5lq2`t6
zMX=u{ITb35F#FcJ-{E8@53v`^5;B)`HgqPq54Y7frf0B`NILMkD=cU1t;HvJmx+u8
zquxNyQ<z%U5Cqg0qQbg%HP$6-P!Cs`ysfY>9IA%~!N=$}W`C{9EBAitvnN{YLh7F0
z-HsYPN*jxe_dMQ~5#REbqbdY2+V(MXhKszhK|Y6?1=Tlnu0v5#c8jI8gKxMY3j@yb
ztvu)Q>>=}K&E7sLfA8LfWS<Xg8z|-5*?QpCwkbVu1cP!hB(vYd*a}qIcO1YS%+fcN
zA3l2G;2%wn)njG}NgLd$tMP4(fK`t&DJjjQJ>zq+r1{BMRy7<v>l$y}8#UaqlZllq
zO45(gjkR<$?`um^5<<ySE-LdhSK9LGfK1kHoKAYN#Lp{XKk2!qQ*SacRMlq{^v%BD
zrp}OUje_Ad>`Kmy-yDiIrJH%h{zPAdyqqHl-&aX;yI!kNanB!8O!brZ|02aMXgd7)
z<{D5&{Z!Bx4#uYr+Bz6T|LiecT+R&2SZeEvhwnLHk6bN1A?`U{9!w!KU#fNXv=RSs
zb`!(0p+f7tH}ch#OgBT?;cqRdIk=L{;J(G3V`;s&yzO{Oqwj2>#vNDR^Y5nMznlaa
zm|~7P9)(3OnA}>I04A7uc!|M*FOwNh6fLXSl}CW?7FBa(S0JBNu@-Ta<iP$%0-h=K
z7LwWDzci+d%X5pfJ3TtEt$d|puevD{&)hQJKXR;}JYX|>4o~)m^RLmpH=vP@Y;?OE
z#G7|*YpuDwXJH$z|7+~nLYO)3>fQv|IJd#<^;Qh#bE=`tN;(={=$NnI*HX$<8l`cY
zaZm6@Lqo4EmpDJEn--g5-f+R`Fd1S9rO9ikPCeUWy$%O;dXK`59NS$#wABV!a#V^_
z_D%O3^aNxcj*EjQ4dTxlZ<P^n61+V9S)R|veOrruBbTFe<Y%Igco(5)X|vlCk}$V&
zjD!jFaOwBED@9xvl{x$%cQE?{3S){7M2-(}_UoYX6V<y`>dn&;WyDFxd?-IAT;NO2
zcTA~Vm(*@M^e8pZP@<kuDyo)y(Cr_ZoZJiCku0q$0r!gJ2lTz0ZFEcEJV`9Uqh+0I
zK>t3w@NeK*DQPsVQ2d2h(E|NcSi;y=Y@W3PHJrS}+78rE6xGzIL0nC#K%2P$vq0_-
zcc?7=kL00)Uv`B}Z9EpqR}<II^pTSOUtO;tJ@UkEBG@r#c!y(;%&}7p!mG<R{gve*
z*qH>3@uF{UM*_*0z6^WfKQ%FgiOJbIHPq%66-R@mhSye^F<&#I-`rV;^|z|5&mwFb
zzpuZr$9I2+ncKng|3v4bW2Iq{Rj>-uv|8<SB1fJ)TH$JM()qO(cV;RR=|-V1extyl
z_Y)_l?`y8LH^if`7wh>m-17!SGG%<x_?Ya98iCz-7ej%xd0uDX$G$+9@aF<9<mi6H
zh<yW>xGP_wLN?~-{t4|s4B>l|F^oZyc)M#`MB^kZQpuB2!-_+u#tmnEdc!06Kwh%l
zJuOxn4rgvbR+zuu!AMDJ=|H5!Cg^C)-$Tw8N02y1;bJ=d9G0V!`#x<iW4|C#FS&)-
zZ&q>*Nx*(AX1cw>t~KkiX3C=!h8I6EJ3agxVmWn^2wN`fY|SrQ&`7Rl>)WAsP3}b1
zsx>7PmJz{&#cDjz{&rMMn4+g$d8prj6$REk*^p9IR=Xkx0bx1nB3OQ$dA@22{V!HJ
z2;Xj&LeW@CgW@<p$U<l9b4)&$h=XYeT-{{-Xe#kLX6CVKq(`<XA2Yf-XKJ875D@%w
zfnkszM?-$CGX>RCYOrkQ+$y`W16fJvTn`}tE;whxXX@j{wSGnFoR_QfUO6FCxUt2Y
z>DLq5On;FrwuAaL{RH4hq7JRNbJvWDzm1SpJKA1^gn60djJI4m5751cQi!wpHAoBs
zFrQxMC+w7^cd*GugQ@bdR*%$lE+q$IvxB4dkLcXyd8a{KBh0kM$v%&}q67ktiM7WC
z`a-NX0}aA-JX5<#jV;7W@^2w@qNilvdKSTM?a{J>wY`<;k4qm$0IUU_@2`_#wnQ{7
zlrHjW1X#0>qhI-)^f{t}P4anA^Llozdiy=i$MCQ<5cf^{Er~q|E0B^|NArOPAqb0{
zQOxZn+RV1zEz{Lx+>qUtxI=bNW>0R?`nf?V_DnWIX0<O)R=^?I&mM*7i3VPPo&F{{
zc%po&vm7A6lanUur}5IvD8g9XskuncZ$e1qWt+2Np~EY3Q1sL|+E#dz@PSEGN7M;*
zN_w`Q;zW~>X_84nGy#Y@)+)g(*rIN(x~jDp{WH;!=xg+g<szRuA%r<|BpjlHU{nAg
zaXCwxT-i@h9xZW$-Vw!%3`-uQmiRvCCdFN9K#*_^Mrn7-6W|y@ez93{hqmwx0Cm}$
zA-^&qjm1yersokODYr`FvU|#1_o@Q7@vbmj-N%Arz8_-bfsGxxbAGN3(Y%<j41<I9
z!?I#`FU{!lx(uN9$SIYzt3>I3wS9#!7k(xQ7^tsV9-9QWZslm$0$Bawz_Y7AY1`JQ
zK-^-^FZKXx=h;>8`aE_-p63{V_RM}0GXab@MWe60E7xPFXD@kC74V36wrM$Ayk_Ru
z%PyuMjVG8-FH7tz<sD$$D{tG)gQ<0~sCmuv)*zA579<{tm~Ez!FjyyxmGNCODr9CQ
z>PEw?+a9cm%niNPMI|K3JfAZhzClRdK*}9^St+X(iyGg!sm*iNScaqBRbeX&D~Q*%
zvEw5EM#%In*LAJ|>Bo8Y0m7m?1(SJ&6^v^XHpjf8r$y(J9sOi!dtKJVTgJV*HyH2*
zVxNa@m^2aO?Bb;h4iTf1!dJ6%Md&0zb|=iHi6YVWi8;rY%%9Pp#qFW-o^qvkg1H}K
zxH>?iiNfdc`TO1@<;rU=ICEh#$Kc9-<ndzr;1$2?g~XQ+=SWsP{*{N{^YVGC4We=J
zs>$tN;{M1nJlM58+|^oqpIi0%`kNvj-QD1M>ItU#@a&j$khvAcwE2pU(P{mBdemj_
z)iv5taCPzL%CQgQRdEmwk@V-k|1?`9J;s0ew|>E+|ECf2=10Z<|6Q^eVcpyR*Mt6a
z2>zn=e}n!7QizZuME&m=bpFeNuwEml|C#Qs@xT5_$nrn4y*2-U<mf^D|GnD%^iCV=
z_{D#x^!2my{TwsD^Dh7+X3`R9&x<S;-3_6RlKubY2+wK7!>I(Jtpt$>USceH<%=^U
z^9&NQZgzE>;6U8$d$IU=bU+1u|7+JhAXui{J<;h4w^}rQ%vc3Lr&EyO^*|yT-mf+v
zYvBZigKFpGilI5q58^0u`zrGN#Of=tcyDFXn>4(+$wL8%i{`+cVE%Ox^ZNhnzs!9{
zMxnpf&93UN)C*r*7iG%DTZ5Jr!e`U$Iv43=`OJ<mstN35MxY6r5S@{1Z#hdStq3?b
zX=TdnvvL|-rCBH(zuK7ipZgDdH9FKq@T=WkdU*(aA<lxa-`^3jJi~wR^1i%ps9U-^
zfVSM#ldkDy8-0JVlU$1SaEp~S{9i+!5KXVYlspOodTWMx#}WcU0)X9|4EQRWpH<>t
z)?6h7fqu=IHGJ)(!G>%DtYZgV4JrTKs{bS+b+&bzG=R<Ot|s)O!jW$K9%nRLpyM&8
z<<?k|=12s7BM>oTqo1BG|J}k)k?TtNYK_JVYsL8{+S@b40S|7i!hg>{s&vxc6k<${
zj?Y2mo$zb=|7OYblG<l46Um?XR@`eSFjn4J@04^y3WUN&dd~lUI!Zf9ejzjtq0!XY
z0hq*MmzQEP<)#KI9&{S+DU3&_Gqan@{KnM{JhOv+@2ZJs%bOZ_F*If=4G`;SICBkG
znVnyNcRTB?2CkTQ6{GDE)5eTNK}@eI>Cra}7RmniLH-x$h)^EmN#S82DiV3e9zHO9
zD)@9OksIn7el;_PQ3)yEv1@X>Z<cQK7g(tF$uu{dJZcba0RVMnCyt(-9b{@l!T=Eo
zPI@tU(*VlO0N*Azt-_hBb2d`1XU-~LCsuY}op%;Mu<g2E7AI{8i3MFkJh`%)IZDTK
zkfN98C(ZG1`xRF;*T_K?J!8R`D9hHyr{y-ZCq1d3*JP2N{zm`T%nQ5$K^BW}LU=a8
zAIG+t0Xtgs2>otcZ!o`${^j%yy<2~t>Iw($4fiJ-<u532`fW>gd!Yc^^z5yE_Tq=>
zHLkwuPP@YTBH&)C%&aBZcKl7{sqJ6L0nU4?Q(`KPe<2vR9#^LWbT$`&-p$>fFriic
zvj^47ML_&3*>|-*X{{M}4WHd6O)cudg3I-szx)D}g<j^pSShEa38942YqQzFl#5=j
ze_`LFB7`|~ayGRh<&eLy3PpO?d^o8Hn)`pX-TONe3K$1)+BrP6SSPhGHP_;hxn(jo
z8IzDhbu4WUMs#{ouBm0p8giZ69=Ttqm|KXD+uV-ab6Ka$%vSCjk~`b!Jn1~0Kj6Io
z!}tAuetO?GA6e_k*8B7eIugw9-;;T@8*bsUs}_XY-j3Dpk*@V!DE1VjAHHF7y3VH(
z1=8O4iB95|FlOAZC&HolV||62NF;25UN#VkhpT-qlvRVx&rE<$Sm_ydMqKbC%_RGV
z1jc^-RdWo}tQkzqi7qz0L-0DHmjjyG0ZcTM2fTxuQAW>YG9VAHR~S)?ALvyyQfu#%
zl<&X8_D0yOau0IbTuBYB?TWA<c?9vam*=lenWmwaYa4-t_xlG(ySpk>gkDExS75y<
z>A0s&u-G|v*(6ZcLYkds)|*d%NyO;PF(m5diXL(%dV5&yNg5K}6c<4PPbu%<wtBs3
zf=VB0I!Nz~CtTpne#HasEH?1OOk+v=g=(M_1hCG{PYfjoWxkPI)tlz8-qIAVi6~bG
zF~up8m!SBrI)6tg-X~2T@MkcnzitbS#A(Dhx?7IZH`4anfbu7*vi+B7`dEkeEn&@9
zl*iI8vfWB{_jC&!ogKRr$?g=4c1bR=mQ`jBt4tOzHO&|Cz5EIoF|Eflm?nQr2P&H<
zrsbLXf>sTfkh_n(eFiGQ$B`G%OrBba2EP^G$*b0p5g(eI@cP9tvvxM7<3p<A{UkTQ
zcKrIyvCt$LJAfgPKIkisY)iTw7bdUh*3{-pIaF_E>jd?8WX85pgDwpYveC~&lnQ?6
zf|cA(iv}81JCe)K^!{iP{CH_iFvTa|?3d&9A;R#z=MDU)n+%Zk%Au^a+k<0M<}0@x
zu{+C$woUQt!<%4slVb9ylcmp;Ei~LfI*0Qdn5SN^l1es~%ST8UjhL8`QNbbJ%tguv
z=z(!QEgpGtMlc0Wv7O8sUVij~8+hHhUKIE;Cq%OqnWfcuPw7kum;e@v6CPr;jlb1O
zi^w53yPQ%l`8aC=Z8fg=yAlI-Av`0~!{~NiPNihkC?>ukT6dwkk`<n!Pia87)8;id
zBPzOAe$vH#={SpjLK~ro)!>d;_vc$ypIRHb=AQ?I^gFV3ta(b+=QeL74mB5TquL9u
z;P7{RH_k*sj8ji(JC~Sr7g&{OlP-E_X{n?OXM@3{DCH|ef?}$!P(hSVRT}wv9_8Oc
z<-3Oc+|9-%&h^kYnsBP`=y#DB2?D!nD&!=(U!g|YK?8D=5d0|DL3N7`K<|%I(^2iT
zd8Pmb^XMP2109iR(wcpKWwx&aiuj7WMmqrmoKLqvg$ZlrG+jXBq}QeLDun*47zxh&
z1XBuFbtmvI@i9T^STrGghlf~P7Xz{~Xgy6);IV~L`itVd>FGG9w(n*T!gyQ3%sh_(
z?__r`&*{5WSV-A8XM++q_jzh=!ZsagIi$OJ4_Y{SXoF>s{ik}&&Q^bkPXo7(jc1W9
zW0FCJG{1^xnF!$vvW)$o9HxeKFGR*Jrxr4WtV^s-0h3d<7Ta;V3R!QKK83|~xJD}I
zV#7yVH{e{C)1poYwR|r<-ya(={6w9&Z6^@b{08{61;=6r5f5sqC#G!exph5H<QE1r
zI!)V!%`R5XPeIg>nuspcTPwVGG&Yz}VwANTr^Re?zJyJj?4Ekg+h<g?a5z`OW)0*~
zq5fsXKE-21D|I%57UT2u+R-c)7bZn_0nQLlO1pnEO{hp!fuyD?5zUa*Qi(1!*4ZO9
zr?0q*E|t{+n4%uE5+dBFF(w%K#_#44B^&@;JuBfBr0a}<RnE4ca>{c{@NLaqCU4e-
zKhTSzbG%ymm7(8!i&L&)6!P-MiCb>}6&FwD=>G||wjWjK*CGPM;rFO<IB=ra*Ri%d
KZ&7CMO8y&Va#KS9

literal 0
HcmV?d00001

diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index f4966f227c..43aee04cbe 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -34,7 +34,7 @@ The following table tells you what you get using the **Set up School PCs** app i
 |   |    |    |   |   |
 \* Feature applies to Windows 10 Pro, Windows 10 Pro for Education, Windows 10 Enterprise, and Windows 10 Enterprise for EDU
 
-> **Note**: If your school uses Active Directory, [use Windows Imaging and Configuration Designer](set-up-students-pcs-to-join-domain.md) to configure your PCs to join the domain. You can only use the **Set up School PCs** app to set up PCs that are not connected to your traditional domain.
+> **Note**: If your school uses Active Directory, use Windows Imaging and Configuration Designer to configure your PCs to join the domain. You can only use the **Set up School PCs** app to set up PCs that are not connected to your traditional domain.
 
 ## Prerequisites for IT
 
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 2e0fd6199b..97d233a07f 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -113,9 +113,9 @@ The setup file on your USB drive is named SetupSchoolPCs.ppkg, which is a provis
 
     ![Do you trust this package?](images/trust-package.png)
     
-6. Read and accept the Microsoft Software License Terms. Your last step is to sign in. Use your Azure AD or Office 365 account and password. 
+6. Read and accept the Microsoft Software License Terms.  
 
-    ![Sign in](images/signinprov.jpg)
+    ![Sign in](images/license-terms.png)
     
 7. Select **Use Express settings**.
 

From 41eb775b23528cb1feaaee1fb1021f60f729917f Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 26 May 2016 09:16:31 -0700
Subject: [PATCH 09/92] tweak h1s

---
 education/windows/TOC.md                         | 2 +-
 education/windows/index.md                       | 2 +-
 education/windows/set-up-school-pcs-technical.md | 2 +-
 education/windows/use-set-up-school-pcs-app.md   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/education/windows/TOC.md b/education/windows/TOC.md
index 56f2f7ffd2..9e07262fa7 100644
--- a/education/windows/TOC.md
+++ b/education/windows/TOC.md
@@ -1,7 +1,7 @@
 # [Windows 10 for education](index.md)
 ## [Change history for Windows 10 for Education](change-history-edu.md)
 ## [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md)
-## [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md)
+## [Technical reference for the Set up School PCs app (Preview)](set-up-school-pcs-technical.md)
 ## [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md)
 ### [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md)
 ### [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md)
diff --git a/education/windows/index.md b/education/windows/index.md
index ee04b99e62..26974a5cdc 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -17,7 +17,7 @@ author: jdeckerMS
 |Topic |Description |
 |------|------------|
 | [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | Learn how the Set up School PCs app works and how to use it.  |
-| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | See the changes that the Set up School PCs app makes to a PC.  |
+| [Technical reference for the Set up School PCs app (Preview)](set-up-school-pcs-technical.md) | See the changes that the Set up School PCs app makes to a PC.  |
 | [Take tests in Windows 10](take-tests-in-windows-10.md) | Learn how to configure and use the **Take a Test** app in Windows 10 |
 | [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) | Learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. |
 | [Chromebook migration guide](chromebook-migration-guide.md) | Learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. |
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index 43aee04cbe..515f82d2d3 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 author: jdeckerMS
 ---
 
-# Technical reference for the Set up School PCs app
+# Technical reference for the Set up School PCs app (Preview)
 **Applies to:**
 
 -   Windows 10 Insider Preview 
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 97d233a07f..a9120b1881 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 author: jdeckerMS
 ---
 
-# Use the Set up School PCs app
+# Use the Set up School PCs app (Preview)
 **Applies to:**
 
 -   Windows 10 Insider Preview  

From 6229c6b8e6d00fc2aace09c96fac6be9b1fcfccf Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 09:28:34 -0700
Subject: [PATCH 10/92] bug# 7669633

---
 windows/manage/images/settings-table.png | Bin 70908 -> 53302 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/windows/manage/images/settings-table.png b/windows/manage/images/settings-table.png
index 527d92d9b23c3efbd4c6d9083b60c520191b738d..2acf11d281deb136db05e093d42f839aa648364b 100644
GIT binary patch
literal 53302
zcmc$`1yqz>7dAXJl1dNVCFOv0cL@lnAQI{zgD`YRH%iI?f=V|iBGTR9AcAzav@|G4
z{x@LoKJmWK^L_un{<TEGHJo$b`|NX_y{~=k6Qre~gpWgs0|J5YRg~qmK_JwRz*hw}
zD)2w4$OHuN4~o6Ek}N2%gL)D80o_dInhXf^?kVoUT@2vo3pUF7_8<^J<H;Awd+Tf{
z2=u8<MP5etk<s$unl*{(_VLr&qre^Gb(JbPk}ySUY{tAIRJbxRlLCst9`S9<IKkwm
z891Kj4fLv%rk3O@N7%u<sZUr*UJe?Y+-5gHQPbABW?nibYfx<7&AMu}cO>cjY1<~=
zTukl73mVr1CDt*Ejyv}4js*63^LKH?j<=4FCXV;%6t0s1e?Fx!rd>Pzu32oA1f2Hn
zxm5)>yfFb<$ko<<QHXz3Jv?wPj|xtSKX5GsZ%lj;uT{WMYbI0HVlGpkUMMW^OQu4g
z6|H3;^d%3woleSC`yQ@{IK@WC9!5DKLP0smHFA>joX(f!=48lgX;T&Eh?F?2IEELQ
zxWS{ku=Y^_+?mWSo3SEfXS-i}gt`Hy6=RR{^59*59(W~P+SIdsRy8$~n&U@HBu7<}
zN4xjqBy>mYs);W;q0@Px3+@vMh8F4}Y*Sue?z<lzz{A1DJaRm7ymOoqCR3JW)n<pw
z+7rJcfsRHtwC>o}d97jvTzgApGeQ53d=8p|-9}>G$aL2edB!sTqE5{F%tSJcg77-8
z0taNd6@7l)gR0l~jjq#2)f4L+k1=q$-{8VY80X*2e!TRlG{8MeZ7Ye=9P1N0{_=@E
zy*R`mmoP+|7e7l_J(p(o!0HZEQ?}_+SXG~&Ywe!jCh_r|%}bBUT(RVZZ>=jf2#1h@
z^UWgr>||**G)nhPx0rkG2+hA~E_YZ{dDc3&#LAuPeG5w+&jw3Ma8c~dHM`;hxbRY+
zJK0l3W<%)U1KFNNhN9V`cZhFVUZVaT?j%%)i*DM`!BDlq)x*G8eujzfoz<2d)En*w
zP0n{-9{0jntJJ)<oikppqh<|SrMOL$A(J;y=u+Vbv7U05f^88AL)o&KA~+A%-P7me
zQ3&MjdxtniAGRA%WF|^cK!MxEP39QvFBYRoNz^7e;66BeW{*!lpZNjQr?%#PS_Zxn
z%AJTsX%SfroPwaeH2$FtolJ`5ULT=FF??B<nJRR_qPwvnlnT!tt=D61=-gDc8z|wX
z4O1T0ui=3Y23&gF8Pk)=4I!6E6rpP%dtohY$@gJ*@=n1PeVzTz+F{^(r1*`OQpFtd
z=!TS1Zw`x?c7wk6a0o-U#vW$WTR~T2&=yo;>33XqtV$K!vo32>;ok{hdWu<mHw!cT
z!-e}ddwYhH>|>6er^k77U9#mSU=2^@-rqtN-5pfkYwGo<E+rOx`K(BO?riPYtd)mh
zN4s0iP?#k8urR0f1#e=eX~MnZgQVm8#dCJ;!zyxFIv2TmQk^N6cgivX4bqYHJLy}|
zQ4W6H*FXA&3NQ?XKiR*~DGZB1jMDF9bMvN;coexrn&-t;6~ofRv;^J9$eg3JqqQ5$
zyJ$3&%rQ~~6G(&PEwdUKd;H1BT^Oyqogd!McH#9Aq+IZ$NcDN7t!!>Hyvw!v@v-HJ
z2dAgJHX)~?T*s&jHxz*n!ywP82o$>KH`QSceA5mE>zHCY=~u3VPpnSt<A3sNTbyDW
z&ey`SBg6N`EWP4ox4yqt)2NxqC%B1C)0qjApG$2|VG=8j&F7vLGfWs3xN_hxHpA4;
zZ?}^w-ME>A;g~5UZ!Y8KN-N<?B4w&K6PSol_FqGBc_L`$4$}*M1>b@$+G_;LneEFt
zXrPg88fqAnaD>7-lVqV*IVcptVGGiV0%a0!+ng&iFmE5wd3HOX9M&rx#m(n4QEz^d
zE@7JXl%>MAq~<u7$scxdtgIE(gtR+Gm6E~Z)gU<sBY?HK9aG$%>m&>#${p$yaf7e%
zF{UDuG2yV!7uW86#$$n@mRMCim}1+ruSj`HO-&Wv@Fb9bxCFidlkfH_Z_=ct!w+pG
zwm(8_kS@v(p;X$SNWlx610^p_aX8sB8V3k|8mrx*qV?k!z<NnL0TS>zo-nYUV$<|9
zW045P)|@Tk@a}EVTzV=<DJ*|@YN&RsfmHK4-y~R@zQWu+0^DJk$>$txFUTfOMXMAm
zExuw=4pm*BIrVnEW_)uN65mW=E*S41`Z4UY%%iBSQg|YlhXB}#n(Fv_H*|rpV+fz>
z(@l-IkrExtAn6um(JDbYa@+4#LZP3vp`C#$oh(e#U|b)UwhOI-qCM>>xRvrpX=u)k
zij~y3W2<l5qtxxkEO+n(N7WqsY_-2vaIdmv@Pwde;3b2n&7f9&a&bK<R2d%`6)=aP
zO@V^aex)uRNjpSUWi}N<6?fC*7Qo-vKCF(Oq7BPB9oP`p$?3faygXlV?x-e!*!-e{
zcb5nYbtF%O(soo>Vx`xbkhmsQn6fCnfCQB;bn;??LbypJ_2rj*$zqSilEXH-GKt^S
z(`+MXVoFRm=QT_Q9tO>`FG$1H(VQTuGKG=$X@=^;k(gw|Wd^R3B<r~MKS*gUp|Nw>
z$t58TC0i$9YD_04+E(Iale;A^r=i&KVmb5;Td4>EQ3bUUYvd7eeZIq!(4vqY^Btp-
zUKV~1NPY@oCasE}VR`F?R;Q*F&(ueE3s;t$yx@t@mtPcxg6>?kaqhxrCH`33-ghmL
z&>B%rQm0we%04pq=t85WM${8w1Z7dHWKsJUF^wQD_X`?A213Io=~qm%6AW1I$>IAd
ze!eW46(;9RpfI-wtURcaPaCWJZUizOx5_n@it3%q>dDz5Kr8^WdQNohQwiq1*zjSe
zA*O;J9?uU)GZ>D^k~44l1D%VxSH%o523V9}lHT#nWaVzxpBy-MEHhE&qv2pzwD!ES
z)f@E1KV({za-dEP1pE}A%246<BVd<(7K`FW6!F54tv1p~<wQHIp{NlD9M8xEK@H;J
zu=K{Z>nv&T9V6hBG(pJdr0hSR3pVd6hI?5$M7zhVARBgw!8tzoW1X3W4wY-bCgY9@
zTP3bwo5f)~vr5JHS#?Hx4(}vb)b);djTE^V8p>!>cSdJcA-Fl@?HaBjD*pC7^Ruyh
zH4h|qrxDaZoDxya*hoek?gt<4#Y$MzVjg=OLoe+$&8MwCqe#QfirDTBl{s)a9=CoJ
zs=0w!d9o`6F1n6BXi<bBrmR`p`M9DUnU_+?-O&5^DUXZ6sB=v)JeHSIUzcRTijAq*
zmT|H}fIf`=twJ~&MQaEC-qtMsykfUkrvMi|i;%%+CniM_x82sm#gLC<6)-igS?Dey
zd4l=y^3`DnwK`LSxP~W~)+PD!O-a~FXz=`q0q0@>gJx7P+n+v3KQ_rnpy9a(b`7gM
zy<gm&wZ6;&9Ta{z!|9W_t0K4PGyyj<effoT4Ln(u<30wl?GcodcD_o)0Ev|ugf*bE
z3G#yJA+cf*EFXAtQ%S_ymJup^(51M*QI3kt&SyBpGDL|9ato>zm(^|?F~E|IMw2Sp
zi`g59pqXkHbs;d4vxza?tUq+CotkBVDP&-beS41|vXWP)skcC)e&btKS8l@g?yidB
zFymrRhUta4*J}q#>Quv<se>6(1TPuDF0UXSoy1a$Pg_|<9moW?r({g#rC?@ykD_{_
z-m&nZybSdh{Z#2vwyjUDMto^U$|<LP=gn5kWEvC!r%n|_+2KIOM=r?O+7sa7el3sX
zzIrFHmS@9JZnDZwrF2q=ke~ab!Oc<mqb<9OA7k!90%r(mbXaIMAGS3eT7K^+4rouD
z3bfacjI9DkE`zOrm=WLEus;~D+%<C!u_CKf%3>V|y?t{OuLfC1>eIe3D!chO+_7<l
zk%@T6Z##h|z1I7|rV{^}BF2a6V+9S<8^4FBSbV_}J6~by!Oz@NFwH8@lF#UOL_`Qd
zq(&U1+%GXA1;41IOJ6I=+9^o`TRE&&OSRNx7I2;fs4*2=4eMWs##X-o0cH<|f)%Th
zoX0?z;Q!mP>&eiZMGvfAV%YV-%B-A&Llc5i*?~XfDGGt7-_+P-A?q|1^eN$R_)QD_
z`%mJ)_v{3EodY^yWvL2*(<rA=G!f}-{w}Tvn82MbM!5~pX$T#J^X3JNOj&?34~9s2
z<jwGc%u~qh!2=!#!g1QTl5dC1MP1nR*sN+H4}6+t#2Dm?kXqt(5$d?5aji8qar@(z
zAv2|iPWML(zN@gOUDCR!9z)iS8r1468~Ag)+d^!|FAg^K%w%l$<q&x<tFyAq)DOh&
zM9A>z-xk1SW}UbIj=YXQED1a|{Sb;p`)Kl$)Nzqh^lS+5FlBLti|{Lvt&esxCY;yI
zZ{K({`_4D<)!v$-b=d9q?yT7`|10O7F1O-t%F@)q_bp-nq@s}EsmXf3-VStb2wpw#
z$ldMokneq^191j>pM%Ow?f6{XrjhU8d@&ZStVll&Y6y8&Z2UB|Dfj*nv9y3J6?#;L
zLZS4%&4dUB9tF%-=y`mWmV@~Wj&_u7(W_nuyS93-UcX+v=zZyNwh_Z4^@mZH&>}BI
zV2s|lmIlR@gK!VdUNyQt^0Kr%Yon*_GjUXmW4QdmM3O<?%HZMWmv0h2^%965$+{_g
zCGUdSSX{=Yr^J>uW%n~FC<4|)y@nXV%rdhrvrmMqCGouQ5L+7Fi=wLt5-7v(oMQuz
z(%rz`sdqGu3np|(#_R~Vo)q9u2TW=rB*uI6-My=?dv9uQKrHWI4@*jbwhZjHKlvh_
z{8QeWWsj1Y<1XLK%~zik1JMi(Wca$U&CacwbQ3ujg#Ozd@L>Me`Fp7N@d}FcA$WnR
zSP#?cX>7RX?Quivo=QY_-c!!RSe{$9obG%~lkwFLe@z|EVIks~YH{!0^b8?6PFsyv
zMfT;a6kcuT!>NO)*&9hs_fQToZxg8ttTJM!)nn8{%>iG0?#>3q*7bbHcz>J?%#ORe
zfmWa4{f0H46r2;%ULWHUg7>|Wf*aEC6!3+rxOank*PAsR*EDX>y&TtdwQ~FZF8)oH
zy@hMiNKfUrXRFU#CZbm@Lz}JitNmE=VS~Q;?U(!u3}vu>Po}Keyy*80UdQtqy`?`X
zBq#s~m1a`16C@?Q5I%*wwol;FEb$bP=K8i<>RYp61}`}YHQ{cTOWw`h9)B%lN5%6d
zN3zzgah`>g4v)}m%Gz2!q6^#Lya8v)FGG^|3JAQ%b!fbOK@pe8JSV5PAh26xWCE<k
zvy%nL<id4gni+3Z;VUPQ^MDcTb^kahemcB;A8XUNvLbIaHtW@Gx;tJ)*~^Cuo%wwn
zROn!Q^r_?3<B4_j->-r#@BWSvEuxz^!mEwbGmRmvgwb#5!jd<o@1BmIXfiNoc-FBO
zP92LS8s}6~gnC;{oSfXdYXM4(l^t(ii<P>XZ3U0E#Hx*lC@SSP>N8Hl{5j9<CGFc9
zbVYC3)qvgJmKv9(Q7l0uvI`aI?|)iCPDk-!X=41zWZI=f`sZBSFENOs*8K5)pbB@0
z6)Vw3^?rDso}-CU^HhC(wrM+Oy%Ll7xgGxlm2NwYQPUk)R#%%@F7sMQjX+r_87}y?
zcBksoU-_<qj1W`6^vyVdy5MP20QVf)Q`pr|oFn^g_ft$i2z*YB|J9J;H+BKJzkEQy
zIsht^__t1wieC4HAV0r-irf0P!J^_dnu=s)U6|YxFCnQkefq8+*qG8<1T~&$_pmNe
z*c|b!yka#}B}YyY)Y^rev34|m5c<GJK5Z(P3>=K*&(OpACoJ1m39Nli9hU!{wyyot
z8I+E`SHSeRl3knzC6(fb#~80xU2KI`?RT$L?g+f$tlHF*(Y$f!oL1`Y66?dmP85}P
zDSC~e;yV~XPQ^yjSjNvjShUJtpUc&>co-36zH@>|dzzJ-+DWfTysI}>%=1S{f^Z|$
zJ-@Deor^ho#Ax+`I&?fyc+>XFUTjAm&!SiA`aRQ?0Vbv^U!D&v_%dD*p+woGEs0Ay
z1AmnZf*zeU_#?07I>RPH1bLkepeF8|<Tm}&On#L#cP`+aj2?Qcw`2~!YJRZ2x!aU(
zn!t4FcxOJwLd@y7?19BRe=*wA+D@bEhYA8qpBZ1{1~<*X&?m*Ljy~{>{V>>vF;Xx{
zqLq=3ualU-6N55Y^57MJXq4y>3ORT|1q0oaXS<5o@ct+Vq%&;%NR@xeVyb(g1-^v0
z8)jv9v6=Xwt*9f!OVZe(xX82Y=xg}p+M{~Sr&v}k<C2e9=bH;HF1sbYS@SAN&Z$}|
zMBMcv*EiH+W>sRMn2>Ya;s-o3EbuZ%R|es5DX<Z=RJ1OEax(WoG`rinq<m~s-Qk6x
zVwPU4_3QC9MT~xm$=ZGuDecYI_V)T&I_u}6?Vj$&nim!Z$<aAQ_Y(?M@fT<0&h7@~
z1qB5~N!?-R+CN%M&5IALQ6BsHcuO<pmIqPD_x;zf<TFcr-ZvaQNUNFnVG32%$rH@^
zXaH5tV6zb=rCx;8i3TU$;h9{hBILJW+)HMA>RsVOsWCHIcM}?6n<6OW4X2(R-?-Xy
z@7=r9;H0JTgjbRR)j8Xv-!|`y7--J-Z%dYDIj>wEyS!DyF*ZaIGFITaA9UtQ&(})g
zyy8C3@s5yo{&Yxbcb%onSM>^zQFz{IIa@tiru1Lqyd-3VL+~6X>lYE2p4wx4ymmGb
zE(jU?AZn#@=Yx(S{`OcQEAv<4;>9a(23uZQxV#-l!pn*>_YOYbC&lWz^NCY;8h>_>
zK>*%Q??Kr5bFy@jSV`DK;2UHFQ8*@@EY;)A2uE)&rMYIO>kcvZMG<~}EK;pn;_uhg
z)tEn9FH0eGM&G#{OCMR>8t6OR)V=Y=@5@uNXVr8xlqI6ypPs!``Wi#|&;9YlTGfNR
z+e9B4@xXq}Tac7Yms*QT0rW6rdn0=6`?jnvkqjCB_8s}#mg%aY8D!uR3yyIj=}dh5
zW<gTgpk>k8yw%aAg!apJRK`3myp%NW2(Wz5X31Z>TlRC7?0hvKCb{z1^cq?_YuW)h
zY5Es$RpM2&xxPmtk_iRMIVfpG6E_ejGsUoy;9KZX=D!e<Z0HmraSq<v0(heyuDD)f
zb~tBthDzGOYNx15{~UPxX}293!*@${;lYi5e%IS5>HqxsQxwZrr#c6cdS@oj-Ax?(
zxuws=bFE!k6Qr_fQy&r-(dxBNm{^64U@-;7iaD+53~#a4huju;w)}FZ?CZrJFbP0B
z5M!pwTCkq&o7+%!S`+2WfQj}OFJ9n|`IWxUeB&W?J>@F#vl}M}#SI}L<YVq>Sb0$J
zc5SXkXoT@QympMD)Y9{049?dld++BM{q3z@thM6(`dXt$TIsJJtSv5rJtC)gmnvm}
zKy;%TDV*fFrH`z=y9IzAb|c>6WmR$)H?=?@*7B)6l%T+CEvg%fzh)hRP;aT^J*;ul
z?0MC2`6=nPZl9NstC}(Syx7@Lwj2;k<IA-94&2}o@`%cUM+n=}v~pkN+uUBAjE!u*
z4*dTRGLN%6Uj}`61%STlD~DtNKv2Fu^LnQ!<aw<BynLiUIwaH$I89H($$uW;kz#87
zG~ctz%Mg%jL4Z*hX7=W!P|PKmTwE8}Pmgs2=5HFutznpM-xVdAOfY%*!%Gl3BU4zb
z2k6=}G34S#{=(DOo!&s2CcR}F-a^d!7Cy<YF_R`7Ad0s9VZ$7<t8&<toR)LFJKZhA
zgjZO;msl!CX8rmQ|A`g7$Cj&h=eHDYseO6;#dxi3^9$X<>nNYNccp}htu7nO!ym@Y
zzU<R+!#LmWSwe+7anOF-K{b8>05EBY$`l2R?E;1TODIu9L8^}}y&E+BimhmPBnEyS
zcea!wJ#G+7l3IkU4%Vv+@v$xL${i@8ot9lF5tr`U#mxsLiC?CkRZF{uU*WK~>!s+I
zpa^moxez#u$k3ting7UyM&S~>r$gn}8Ssd8aQ0Fs>)R{2_6-XyQFxfAv8|aI@ngwl
z_BV8vkIWvb>9=hV8xj)}vw4+i>3uuwQ7{z2_dry9A)HU*db`I=hPyCv7dY<Q<xOv-
zcG+MwL~FD5vr$Ee#)Zp{DBIdTnZeJW+qhmb=|E&?#V2fdyK{myY%@Aw*lw;&z%YSI
z@R6$^xCOS1>xXD9>x6AR6bZbSwj!VSDxM#6O0tZa#@FwTCaCDHj9*q0S&;Zr{PVX!
z+*n@;4hbW@aiF`is{1u%@mj`wNi1F4kgI5E=1#dpwT1Db(TkmHiybX`%Q1aodjIiw
zSN9gtBh88Vc`&riaLUr@9igO6nw;1+WMA*vAb~7CPGGYfw^-#F3-h44ZEe~r%;537
z=%hpUec9DixT9e*(wn@0>bqyNU(XeZhi!@IL**z?8R^wz6t#+d8kjncWCdd1-@f5C
zbXWf7sCbXN%jcNP4~;q_<H7LU@|c~au+cy@i&vlCj;_0?G-EY3>OTsUIp+f}PJBSQ
z6+PD%^jNvuG9uwd1TLyT_K}I@y+!{|hUpS(A5HZ^cQHp<#RjC&F&T_IO~j~XVZzr-
z$ax_%K|~^EBG^1ikNJGLZ=w%%B|T1XZrIZJcnfgN+_D$SEfa%Yj9F#(w~l-c2J-S=
z@6YDE>c<+O<K}de5*4s?{D29hz^MhCK-7kMS2c(7(1DR9iaDZBEw~h2@d@>7dX0Hs
z5WZxBsB#Fg%c?Bgg&UJBk&03~GAAra9CbL~9yr-P29MYY^jjMUP~f#)l0);z=AJ_M
zaACvLf#l}1vdMc6cTqwXHm>)l?q*;`@b@Q%*##h%zOMfafG{7vauRS3t-W5q2>pY8
zl$0mwxw*cBrXpCq;C!6h`{u|7q&@jVG!c~w9?xzbS34@CuOFKx23CSH29~tufkQZE
zc9_mwpWR^B`{D0vypqr{Kg0O&5^8@Q<`I7fvia_yrYhn@=X*6k%4OQsu9G!P8$|71
zKuy}BG!jCHXZjV4neq#DIXqGchi^r*0O$>TR-UoOd7_K-HNkSWu(&Wqajw1s5FYE^
zWciKzZFzB@KYNvy?u3RNny#2p{d%o(9Vort8O>m1n}t*!pbjn|v0>AHV;aU__29|R
zW9Bq22K@dsvTm0zlm@n%LI_?n+G#nD`DD$0N7_GFh~bNnb3r-Uf1Ejsr{QYKw#3kY
zv;9OI9C1)GVHIj1NY{BvTwKXRK9a7waB~CajJ*JY^tiRCV|7oL+`{Ct!xZIP?c+T?
z{Cmty^gvorMgoqQ(S0hg>Bh!y*66;5n?N3_X{?ts>U{RZz}c)-^C`2mS()|oSghwn
zb(Z;!sb}wTTwg8KQdQ5ciEaHjwENIbB4%u_K$Zqs7~(GK*^2;iyZ2fUbn~_KTcOhJ
z_r$hsGbY>Lnh;M725KFg9952q1IRC1)Y5{3^xwP7otnm!Ljkjv7j3<3Y1=|ZOFJUr
z14g_?rFX>@aqQ|KzhO|8N$hxykD(~1@l1UHcJ&*yP7Y93ved}ksqb1?b+qkbck2dZ
zH61|ETVw#G0UX)@&4aow0fg)Q|1ey43qbktQV&(>imd%uUid^5W`Dk@!R*3nZgz;d
z$g?HY>K%Y}*W_*n+e((;Bx1I2mL;1cxdL6PtEJ0jzLA!@*C$LD4nrU={IWynS_1j8
zd(FZ_^Fy1%FEqD25B<CxAvXNqzSZ-K@Fp4>4DDNb9H(Ji1BieyJgn<?L1(!RGW#UT
zLIgqwZwk~QQ#)Kk3GU!<=|WAUEzAfE5cO$y-Sa@+%ZkZtj?$X($}IuI1xOnWy>I9X
zbso_QKn!vg3z@hlC0wK4%TFuv%%4ig;Wp)dujz12T|NF_O7`y1jwZR|tiZOyQl3=2
zS3%WM)L?e)F@fBfV@AHBJ;AknW`4mivz(gOjA+swIs;?_&zL@QIV1}PW+dV{e!k>=
zO97M161~LGl;O;=flPyM;{G3^^OC=a&PV!AqjN0Z(=<|5HRU7~0A?#mMbW<2S2som
zM(>zSgaOGxvdmR~^nvLL6gXiBo(uPol0Nz`C-2_*2hsQ_Kc4KVm(Avd;9(2KVhA^}
zb-W&uj=|N?x?!W~!tFw~H_3U&>tX?AT~M!4c76oB=0g>6rp0xvhZg5oGac~igRnz3
zyI?WFH9Dl%%2GvzapJ3o9yW(vsRcV}a*a2$KxfIMPw2QI0wuXJr>8sr8?P=@dNPM?
zg~$?JToPZ6ZCI6fJEg<B4Z}j}u#yPWCL0i7$!i1!B~o$y=lXej&`}1%ImL;F96b%k
z%KOCPZp{eR+}Sh|5WPo3aKb1mHa?4f*^RYwnTUk3p#M5q!%y$`-8t;dDN$m?O5#!q
z*y#E;jV3n)oLfIR&3E+MyG`FLC{2xit=pps;-KAe52ahVqWNjl>yswE1rN~9+>sk{
zgmx%~r+7IO58!5g#@UjRN6v0;p9Tkw`#odMa7aak!{h%79%Y}I^YinQS72E`y=JgK
ze(4CKS!yD|Uyu^z9K-YElyqS2iS+Og+NmBQYqj2AX(=<^3b)~9KiXSmj_$%{KgZad
z<_dT(1iycpiG44M8$3c6?9jI?At7<UGb$A1?o3nyLkFLuHEGGgxE`fV8{fyJi1@ZA
zbQZrzu3>z?k&=h>{zwJZ+ig=^Gd}oOr0?1IRhBtwV^ytoZM>)G)%u6~7!o(WPK1qb
z&IS<p@Uk;(j;UyMVc$Q`g6)!BhU}`9ts(eGz(%&W6awW#LMvJRVFW&aUY_jV?#zZF
z&s6juoKcHmnnED)zvL(Oh?X}gc_tFjFXE%8K%&nL7-^0`(GMu|?Y%G^OR(v9Z!o}6
zm6Zn7K@`mJI>u4MVUcUwr}<`2CwewNJyV!;Y>TEISrTS@d`E%$B4Uw*5{0JBA^E6x
zeDcu^iLd?%8uMuaHy#$&+OaOEAE8RpNR<1vhwNh?L*8snCw(F}<bFe!=T-gr!&|R)
zzn;Gfyay+~vP@#I=+=l`V5OYGJI94Zr*~nkjF?QN<9KgBXC}jsvqa0ufoXYpTXBuR
zdY%ibCcMLC3cN;lOt?@Nn{OD4mEMzs&otyR*W1EjS3>caM@jKO-i(sEPL?=L@G3<p
zArn3iFZbIg_2!iM$P^m}fo}UE)~6xbSR&Q?1ji7#lc4QFV|e#oeV}t@Npvx_RM*uj
zS8O*Q;|7>cNE!A%>**xVsXVedYTbOLdGE@E7cSMhFA*nTXX3C*>;{<4iJ=?fFi^%p
zp(phK=>hGAl8CBzHU$q+W8`ka3efs>Ir2bX(GxoGQ9W!#MR_48dAfB~1I^x}Sc(;S
z(JlrmO&-{i3E`<yT;f+m3{c6;n<f_mF*Q;!^{S8&QS+_I3@bb2H4koc3EtG*&>5@L
z>3f_h^el12$dk+L%i`$E@%eAtc^(;VrsF~xVpR9v8Qip%y5K2u;pv(NYDgeA_6W5M
z`v|GSdA}Xd{-7$AkZ;pr00mKB!@rUho|{v0&)4}1!B;bzRNZ@2;wZj*XaZbOyM1W&
zFR$U>iG7GI88ZJ-3yYJSPwpkRr#97NW?}To;wZ_GJ!FnuS-M4;mh0*<hwTiHCZ1x!
zDDQ59x!Frz>(Opqmq!mr4BmxZ9oRIgMvT~)U;Fy~8I>e&&aTO$M<T~+n-ROK%t)9&
z_qi>u9jSP7Xa_{yAeKgjAF9yg$V3KVN=VV~I&@n@Anq~5iJ-|Z!>ryY2^pZ|R3D|7
ztWRztuQ*}D0-8l#FTx@DZH#_q%CStJfdc(iBq|gOm27CLrtTkcF`75YqW|KV=*>7J
z43zuyWPmUqq;L81!|+o<U@r_uk8l*>E#JvCK^MUWqvS!>7Im+5a!4lz9CcKn({v{B
zK9<}f2tje7c3IqB&b4?~TjCw@+3qGx>@8z;B`-F8PhjA^IGm^QP6@`hoUOig%#oId
z@y1q>hlT4sMq@C*RiywR%|<|$^c<u`6h<d<r$6khRS3qTR!v9>6fk)BYK1+CXC-}M
zlZz_<b9VthP+aid2Nks{kMWg_W(X?p6z8kk$EKBVVKDQ3Xw&Z(h*3GPrd*_4)&=UR
zlaOXIo+YQ+i|UyPqJ7_#XC|X&^^7HljoeMx*K6ycwlb|1YZ|^!6(9MYuiTgem7BY0
zs2^|m65aM~E&5X+juP37!SV&z<C2t9=lJf6C(H^qS5M3PV=L=5Fx7tBFk#Fx5Bt#9
zF_oLCmm>d6wgW1--z7YNOufi;Cck@IrUOm4AW+c9DT~VOFK7W2cK}D5y@r$WU*hwW
z4@Kt)pEc}b-|3_^4S+FM1_^neG9qU*_}`vLO*6Asqie7n(6Vz?f6(&M6cG4kQY-IM
zM>3L9DU!ukLvF6FEy-+Pl-<>nk6YGYx%~Jz#VshclxKXci0%dsz?%zJb1Oo?Yc<>Z
zs}k2<<GdBW*{O5mcx-{&*yuUQt}hYeM8fl`D$H3o3Tx0AFBQw!_|<~*gfXweyfwcz
z6_d^?@qX+k9+2_+XugP1X06@(=4!9zC4Q+?oj}oAllps^<Dr__t=Mg;>yO?QeEWhx
zJa_zP;d@7`VXl%mDs}+mPPl@fe42DdcAM`ddr+ltL*|Oje96F`lRB9!ksHCo{Z;J}
zVM#``NzaRN?U|>Kk4Ej_?^o#tELYq!ohCQPhcCaXeWK`b2kLij*!TEa;15*Nr_2OP
z4<p($dB>N%7woNRJ{wAtDGRSmH}!tEPt}mP4o=3$4c8W0LbDOo2kGb1Tp>YAdxP}G
zX#60E*%TyBr|uoz?VcSbv%sG3IC-Jb*KnzEmc#`Gm(W!B$n^Gnvs4mq#qHZtcaB}(
zKQlg_%zBR|bl;jzJZfutsQ6j+r~VzO+nu^bUx$$SwIP;uxT@Li&i6JqDMQz$s!+}n
zMeSh~0CMEWzzb-m8G<2~hrNe&*|n$`uN7Ror_P2-WJzW%8rzf@n!i3-CJKhzm<6ih
z2z2+TgsDWOh=4eSJL>>V6b(|$o4_Fz-mr{43FuS6q?5*(?H#NH9)s6!OAW4f^u`p#
zd}ga)Wo6YkvPsEb-p>lDu%p~#bR3}TkkU8$s$$u@;}vr8?0`90_0Mj?KUW=QnyG+k
z!QF@6t6@=b1DcFx!M_)=)F_LOy7|$glfF9E4@67N#-j`6+gt*X4QDU{dDcL~^@p7b
zL$W|>HS0f1FRr;g^M$i+Ks}_nC79Fmm7DXcz0U2-Zu^n8r?Zw42?jm;qlx3iZynx#
z+|P6{yU*p+wzR@l&&xiwF&5O?W?@n@V&x4Fr%JZG)%jzmsH$e2MEauuMZ9<oUkHmF
z%sh?`h~wf2uiMh65QLC`afe)N)D8M^+_|lgFVI#$(STeyQ*_eFan{9pIs}Zz%QA8{
z*LzD!?@?Lg%~rcIl}>fPT-v%U<Zh(BQNO-!cXUj`a5jBJ&EpkJty4Ba<pLX!s)ki^
zLOSa?s<jJ!qRk|ku@Jyx_`JR^z{6#!fZ3AueM_Os<SA&cFoCkE3L%5_O%}z|?Dqex
zL$-Pq6eRmMIkU0yzLnXdE&1WU7?iGW6);CqDzyhL#63`RnUgC67>mi*BhqF-2FHTI
zD)$v9taU&(E--TIE>qoNuf7uqCWcGD7=Vh3EJ{fk%xqvn7|sv$B^Xo}x+qwEZev+f
zNMq`sl1BFX5@DY0@@2Pds~@|3VOfF{+>1FH=7eHis8gt)ILlD<rl+a4KfNnH0N0Vp
zCVEbqI9X7!k%!=Jw!>SozQ8JWO<Efk2C<72@0SE_jVkk!{0E#vrGCJ9i|HAhs~Z{l
z?MR6KT1jDGC1de*p?YG$p8%#mNZx&|ChhV~n!)R~k8JoJ>Z37-;Hvg}obH^ewW;zS
zJLj*s`+~}3=)kE3^*1D#f6Vaz0#^_4CMW#-&ot(YpI@8%`0-=FYW>Llp8lGoUsT>t
z&SuJq{|_w7Z;t<2B@aX}-Pq4+<xzdTAJ*dW%Ox+-YA+xwlKnC_BNb&#`-O|$%8R}G
zM&Zu(cBo|QI{8^C7T{d8JoZ@I-LO8V^L#VTy>DKGEIau<RA>9YL-aSZ2Nh)z$u*b#
zf#QPNBHZ=UBRwcz-&VB}J`7=de4;g2e8BkPU}@w_JNMy+{3t|(qFTas=5zm7-ULI#
z?qm6><`2Vfl@#ywUpf9&rZ{<pg<_f#Uyvi(A%Q{-zQ57dRMSl;b-df<V7R&k$p!(x
z0~7AoTMd4Ix*$C+2wIg|a@E>i^K(}0dp1_?FVsQ1wNj;bM&9keziJ?sltc6AAmCf@
z5^rkPBqv_-Z_cef6DShA(?a+Jiu(&bBcXU4y1;Z9Q-xIlld=~}@g<cLe2rV@bdvnI
ze?^nrz6<)r$LYHw7(&n@y#{CbG4sSN%gDgu^ge=I!U1X*Su6oM3#C#-EKYd)u9Eqo
zNu!vK!H3)7NeeHZKNtSq7|>9#mc+C4!F(a4*U(G&80yl;_O8qOh$ir)T7HJ|F-Fj2
zZ~DIZRFqlShr;#UK=@SLk>ocg{n;Ytk}SZ{PL75Cb8MvH`bE}8M%tX5n*iSR&V2yY
zY0NfE1J4davVjFVy%1@tHvtl-V0!MwTpLxXzzy2O;cquB@3$9M-Ljq$ymMQ}!*e$9
zlNzTa1#L$IKyUnd-qjo=ef509^r!9Gz4)EQfTm(3h~mAI;e!n#`Bt1$F_`-QtS*|O
z{W7mDFGO2n&Rc;Dta}6b5CmVkK*osy;ef!PzM%^bR?M{Cv!mPxNY%FX{{mQC=ZM%7
zr}#z0{&&*$N2%=pXTtUmj6@1<FrfWfU&Ay3v`FU^6#_3}mcLY%ueFybdyZHOwQ$Ed
z0}_J^rUD1mC=^j^=)VyNTQ2k35&!qucOAad-ySm>UUk#d{In2-=XJqA0JZGghmC{r
z_Qo~$j5Mrvn{4TfP<U%EA6g-5;{1|c2)4ZyHhuzyjC(BZjJdtMNowSho1FFPsItqT
zrm72&X`B!bUHEl?j_8c>k-iAXZ)lb8uV8l`1M08-j?~>ZWu7EpXWY5`nN+CDY1G#G
zwx)V~w3|+|i95=#YlK)y(#r6-d#I1)P?N+cH}}vL%KU(4ixLnN01Sks5a|A9Lh>n#
zJ#7S?jBppbAnk%uNd^uj1526$$L8B?c>Bm`&+g*vMvzLIs1oDR+9&P-r{yEt_WlmD
zhgh^;Db=ZaA+TO0pDqjqB545|G~K|(bA}xa!9!+UYwiM*Vv>Vl>53|HWZz%$QzQUq
zb@~ykbB#O~ZQ8?}ubY9M4Wz)vlx#>nD`FB`QLikqc;};!D2NA}Oo|-8fZw5a_=Q^x
z)7X3cZf6ski#(m`gI5zjdW3ns=y%!pG#`=|(@!{1J8nBWAhp~2y{>(51nbjG)gvdk
z>005}!>42d&u)1LLYCjwovbJ;WlF{GMS2$9al$@$8$~{}O99aY@SsNO)j?F81kyY2
zK@AWx-Bv3=ufX82@O1)N#rQUz3{h_`0k8{6?4;o2B~akA!}9jn&y0RP0c_IvuSk(s
zDMYY^KYUKE|7?Q3B*&(WK108A^~iMiUkS<-4-c=3cLEkw7m#&C;{$|*XQhNr;T=Xa
z$VWyTT=`3tcc6S1b-Oh<iZm`M2uZ50?=Fa}1-Xl49c(FFki=C?WY}9jK*?0f;<C%D
z3U)A-t(TDt|5USe1KSB79}FKUUe$4LFVeHj&7RJxaL#%~c+HwqqO|%zucN=G{A%^5
zl|{pS)twJj)~e2eE%!=u$30VljRR=Ue#V2+=iCRi+MXBENssd2#)Cerg$PO(d>Ydf
z48BM^H5;Dg(Z?7RPP8`@k+E_@Bd`}FICgq<J#9005~=*s7F4usI*0V3%1m{_3%peR
zRsDw{6EB=Hzi+m1UwigAtE8HAM9-dkt&gf4Kek^t$+&!KD>9fc@G;un<y;>2Ncyx(
zkyPG*qUr~G$-#0`&sbntWM32@K{)AuWr)bFhebUo>_iP!|FGhZnJyR>T3A*nj^KSy
zY_gk*o`k^^B1EaZb_F#dvbCHV1+}t6&dz<)m(tEARNYAcS~Od{Y7A&b<RM2bN5mq{
zG;uqGGqp~RhGV>%H;N_8j$qe^_PbK<zK%LR@hu1?L-}vtB3&?4RKQeWdY#Dy8GM3S
ztPex!V4QVgG=1*y(%DD+x>2~2lLlyApHFooFo7C{!iS(dF+{EN1_c4O=jL-eYQ0B+
z?hM`p0wfBNp>=|v_M<@%IE=j{XI&XO@ZHgI{^pvc5n^Q5uGOt;;fbU0MS#~urw-#A
zJ>jL!XnCA%o-}~?U(_ei|BA8)Y`|ls3*EOlit<N-@#2*aeZ>6@IZ8LPtEiJSVk1xq
zce&yoMHLZ?_fF4igBj|t59WkPLWH5|g@ex0P9SomEPsk%e*2ar%X4)x$5$%|WIbCO
z10NlnSCWrp*Z8g@Fh5;b?!@o;RaK9HB1B=pHP>hRAtr$Q>dD%evqSSMG%-#BLIOo@
z3-1%FNmA<9{<hk)d=l_(h~%-MarxRGC<8J8x%7h+ovcAEGh#AlB>@eDj|s<VJ?~L-
z0wa^5J^Kgkx&&x(%+<iM7YrxL<y+XlWgCALP6B2-2_b*W;ee=P%Gv(GgE`rq$(48J
z789DXRAHcVJc#^RA+X4%^2Hy{j3j>uCCWJs=o2gj%ntnJFX^v()}G8;_uQu3na+jq
z0_QkvEdIc3v+aHYM)L}xLdC;xiHV6<Hr8xpFwZF=(VgD`qB(*7@X7IKo)?h3JqJA-
z<B*1LR};20h@4($Jo5kVT4L_Pf#!hoLSk)Ibs*_QlMR<Um>oiorusG+68d@CppKja
zNdMJ}kn7ZdAVFD(xOL{%gpsw?;#0QinAZA*l^`a%(mb!l<)z3YHXPoY{hksKqQda+
znxHOh_&J)fj2zr|>|qU-Hq)iJ12rL!)P(OjVkYb4hgebg2PB1~im(ntXRdV7<0ca+
z-KM0XdK2@A4I2nC>xt8Bxn7qEa8kH14qKM0e`o*}p`PdMKjtC)3=Cxc@G$8P(STkH
zvnU1{*M|Ls2c61B#@l|8J@k%fgkWQX5=zV6c12BU1+>pvehAm6ueY%Cw|4Vw=vu23
zFnQ|Px}(e5V->L^FTpnnZXvdAom6IU2iyOo-6IV9JMG?-^uW!F>H-btOB0=1JB)Ju
zDEZP3@4j$B;$7p(Y`@5dHmVYKM#&rA1fe^14GpUh%4VnpDky%)5P?x|`ig=E%j=2f
zP~c2kea}uxgQ!mS|BAv+`=L+%j|bskISKCTH`QG~LI@X&Nx_0}R;W;X8&JFVs$pM-
z*`xT_+C&d~W3}cZZHD3FU3qZy@#1G3(jj;!%7%X#HTx(q`Jb;(5M4isojVOVA@p0`
zNml^5-ouCh#F!0ZEOwnfOESN--&@%_Wk~G|BO2LD25G;!R(xO0J20r}rBhXf%l|$g
z3fD`882>;rCl`WA!OX3>8y7vz5C|TkTr*M!T_-e(up}H4b{A}*1uGo0O+2r|zK|5W
z)!{PEh}QVw#a0mCrhnHQ@vQhW_0y34pXr*z^3S0FHoDLW3_sO(?Q$XmgR~PUZC9l{
zkXGn47`dx3J=QB&@un}D00lM3ft&Vma;pDSnvFjf1-eu#HWJ$;wlB!^+Wi;N0VlHR
z*||<FOPwhMGH>h4QpcO|p(@7GjoHYZ)UHckY+|s5DN}HMmsT#S$=^`Do`A$rEWZpG
zj;q3DNq2+^;inmMAASgP+we)rJz5FF{u5WrMT=}12;rtW{hb%eO*^Y%75DmlXh<Jp
zVWq`feGQ=edBOIRE(OeEJ1kg$EibTZhaBzQ57xeYOMLgPHuumn>KV+R`8?CVr%Hz%
zbK2bzd<!6UyRSY@<-!<M`4{aS+y_=2A3xq%pskV+gs<$M@Wj7)*^^ceE1{@AR2GSU
zB}6~P+(lLze;LGIKUEq2q!N58McQ~vjQ%=ON2z`<^DA+?6C8@wttV!F!qRr92R?6v
z1ijsu>#>blxm@?m^k*jik2DnrO20<cb_AW!UJhX!NpBm}2Ppb^s@eUGtv2VAyt*0U
z8>~fS{EQ@h<!(c{PIe{z7?2x2D}Lh==SC@2EiQS*Tz_7<>G-gGb~t=YDsO1`yZTDq
zXWpV)x?Y#UFmIj9!htj~J94r#I>Q3*H8MG^HwJkGWC3jyf8Ba<yab(mu)N}DW@jW`
zSyHeww0ES0`|`tUNh&ZwQ3L3Aj(i=#FroE90dpC*`Z`{-zr8d!B<2cm_|;i;{40`F
zAld6N!*2p4G#F1nOH&Ju$h)GAuS*+3f-f9=rCb0-SS=)UHux`FDh&RjrDEmbSxd!l
z@eqU?0@~}Wt(XJ|_pt@thYPi>dfxz_{)b%?=M_uN*P&WB>J>02QSV*S($n%f=w-ZL
zej;^h2HJK0M=+@)curKw4gpnDC4}G!Kofit9hAw4DNy<@Py#D{A6RkAauETN5#2}3
z1z!#-D(qi73%*6d-OFdHVGd2A@hrb&c(bd)c)i2`zzDyjWW*PZy437%x@WDBs?cKB
z{GWXgoS{GZAkMQAXKt9vg#!4)Uv@$KTJpc?fB41G{eM9TV&BMY|BVN3O1tDF$L`Mm
zDcQaFQeExa*Rj!^2L{ZwE2UJQW7@?Us*`uWRQ`sB@`2M1g}U<X0K;vXJKGrsCx5R-
zIw+Zn5C^Kq{W)G+P*DWci2ZU*(q0g73BZAdCcW`Z#@Z(0u^A!HO>z%T)=9I>_P>>5
zwOKTx8f(eUoO=?LK763iCOBiEi$Y4hJ&KCF=WCRt2<L{VH)a9)>L_Cmx9ai?sl+D+
ztXOHKY~k*s6-OC`uhsUF*sJvP_rD^QKZ?#>mEmE(yEXP39svropn+aXy^|Q%RiDx)
zvf*Kd+Qsi*h+c^=WUw7*`6qdSiV_qtoj4t`8AfgrZZhEC5-ejE?R;wos;tY}k|S>>
zcK-mRLPq-kto<wdDJRv8FY3hQhW~gs4jur~(66FM#YZIbx0bjA{ZmeottL#Q;DT#R
z$y7-gQ?VIn^=8+7WCO5^d*18B*6~o<>BTp|9g-t`MUzt=h5uFFKY;c36(G(Z75rab
zhy!)5XGGf+U+cku2?7iZ8F<l;!=#Bp;1N6D+N=$kvtD+)i2$cCpQI*U=Z(55Gmaf#
zQo(;kL|&gb=9WFHJpFdXh%t;1yiZBcbi&L@MkYs>6GAdHMpOi!94sJN-;Cv{EhKqs
z1KpUPn~du6tKFQ{v79Bjo;cM{@XJy$g<l=4uC3X-xenBHS3}m~3Jk;E4RXIOO+v3t
z9(12rU9Wa9lRoE;&!VRRWzmSu(neJ?y54OBLlX33NPJxtJhbkszk6i8qRE!8D!zr%
z25K$;%Kz>P<DEa&yhJpS@Y{;LPC%npv9B&H(u~N?W=#Rp6&2DEQngnFAJM^ic;9_c
z=kRF%lO%-*7-;$s>mh30rP|k=A#t`Gmx?$Z?sIgk6~EE9H@TOlV7jLCIPi_eQPeXG
z7UpxWK$^XBPXUvD;{lfiB@b&IV6BHeNbfds%$DX5JfQ1_|8PxiHVRMOd-)DrS!s7E
zm<>I`{J(UA`9!?IV8J^#!I_PC389zL(53laIQ<Ne<V=4SPu`oI6;FO)>8T9#zZJiK
z<H6sTy?^h@|J&j=aGdUr#lLt_-YN0O&2o5n=Qp7JjCDq>Soim=R^1A@BPYI%gxR*u
zvHc0K|0*BtVgnzgo>niOb&`Uy2x({57Iat1fpZ6FU6>uH<dy%cIyO-CV2%A*_1Ix-
z{8l`D&^+!O0KaHLqZNYzJa2>*Yve!UD(Qa3ZSS@{8Tzt>{A}*Z6r)zt&E(Z_Y<@?_
zuk^Q#w)s&=`NxE%K-sw_0GuMAO%u&&Bn`J0>kf}rN(3e2p(g}_`ijBZUF5||EWJ2E
zi;|`&h7=*Kxbm85Gmr6YBa*P*&b`P&zPl&gq7VL5jW$le8x5`YSXb`|F&nt~P10cE
z7$&3R(r3oh=yQ`o`ge5q@ETnauZ$_Z8Wv`P%2Aieic(yny4H|PORw8#52;@v64V<O
zjJJeY26REYKD%6;lV0bJR5r6EO@)&G`_2JD%Ff!xh~L{c+7$r7ijHAknesXXAoCeO
zzjF~poiThbg%OR$oBA=J*2K9+=rKdTDXZ!PBp<%c{C`9x-an&Kcfu(uIp_bLXvPhg
z2(q@v>=%N@1F=zk*eOEB3t5i}#w!5vKtLMx*Yh0tlwFZxFvKMyz`JtG{!xa9=l45I
ziq`Epp>Y%1uu&^Io;?=-pwLo9ND;4qNlpxuXka}&8t-{rMK6=G;GKqZ{D{!ncgOM?
zw(sW-(Z0VmG`zLbrgP&BVV=}&-EW=_u)(Eh{9hX$W3NUJff5$`3|&Hvz7=cpA~`sl
zFCOUUMJC_Psa6L1YqdI&#9jSa<P8729rbsqCwUFH(a0MIx1}JnJ`Y%GUAc?UBK!tZ
zbiH&WD4X+<p06T3S5zb%Fvz*gEv;eqEOV1=r2qAV&5;jDEoY5R^3#O}jF%=V*A{|r
zU^(eh(^7}t?$7;w{`@S-476`-)Q*g}wX_@+d@Bt5l|lXAg3%w8HUNozGWTyK{9lD(
zf8yW%wjK4vqt0kLV}-yiwW8Ha-xE@vb9-GFoKB8AXwYhAJC$`dfB!pKXBh2yJ%4is
z(pxsmH63Bxv?!9-=S>E_+ww2MtMfy#+>q!z@jqF)vGSFb#tT7Y;GL^yMU>osSVVb?
zg9ebHCuhf*EVz;#vU~V?+x3!bh8T@(X|MG3*cW%kimuB&z%3XU6h2(AWVT`y3Ep~^
z+{1DmGENALQkqP<8)>FehDHfx$N~)wUDC68vTrXi6W@9da`YFfng4=Qk^oMfmtg5p
zmPcsYy#XaxYTXgYMl}&be~wPuKq%H)3vk;=iE^X6mQSe{WP1U9f;}17Jv!7u!My1P
zu>U$T%mGYs^^H#z6h*47BX@%YDZRzm>uS~G{++a)_e9!$z7ab4*$Y6t)9Ct<1=YX*
zCbbrw<Ryt#)Xrq$u6*-aICY?AJ#5qm!$^aw5EZt5J-;&_k5%1licJh-@R9%sjItMD
zT!y2h_!rHn|3&V8+KdXENk2s5H!DtBWX#KMdeauJ%EI0>+G`2LmnkDq_^?IoF-%@#
z&gA0)dt8){qDL?s9-H!-7#5{K2K<#kg<jcsYd{<AAE_n>cg!gKfmY666RWf`pA<US
zi*)2OXnE78-KS+0Fnv;xjPGTHhK#a-d!6)|yV*b8<8w)rqSTdB&H`!1iCtVKm&w4q
z)&l*<^^9N6NUA&oXj4EQWuYd!O+e(eJ;mrZPhXiL1J~!t&-)ya3&N&wafNN^hvri8
zkrZ!4J#H?31X<u>o1?}j<A(eXIm~~c#KlfGZiw{5Xc1%so9rA=D&!EY#|e`g%s|+R
z(lqlVK&%lcWo#yC#YsnF_({#lagM?gl0bEF3notDNY6x{M(v{^6mJ4q`J;Ls1pv(R
zP@}5K3dmo=fQu3=l<ICgDZs9W-u@GGf`G#2c?8n~bQ`?rG3Mubi?Bk@ugqVx7oBol
z<H<j-H2E*zT$D#_)S(gjfAjL`9(X8HYomU0(O|S&QwB2MLnPBQfslIE8t4(RE-rW+
zFCNjObJ7OeY^}Wn^xpC^AX+qs4G+xaVIg=!{cL0>H4!2Tt#KgX_+D|5>L8qulWU=v
zN#4z^vhSsvnwV%*MNg@jof(gDHY#X4gf#C#8JhtGUfFIGDR47}^erW{#(TrU{+K&c
zY3QK>W&+qQBnhogE_LGLf2nJjpni37dqE~bTlIv=)$&-#F6PJLN-s<A)V(aNPwpDY
z5P~;Yj^F)$ja?L9*{|}|RZ<-7eK^4M>JuRl`zEN**}z?_Z@Y{&LM3LOcX}@;zj<>q
zA}iXWx(ZiF9x;qFykJ}orXPxOSx5+5B$*3R#_Ao=Qm<bSE`zn?m(*QzaUsy6RgJ#@
zSvT96$%)d~&EmbxG`~n4@pMxdPcdzG&^PUD#AXK$2=){9R<@kt8QKs$y+Q05p1u3j
z!0!8;9CvLOh4dnxbDg*NjU_pFjer42H0zUwkH{wj#e9U4)`^8#G7^AnJVd&<p^6iC
z6*x2!LZ!bkm>_7FbA~?MGP+pc9RalVL|8nhFea!RjjGmzsc*tkT2HTcFi)3%DG4)1
z?JEkp!jT<qgxSCqg0_mMmuN~C2^D}rm!#na2p<a(U{57EcMwsw4_^Yt0;vamz!=XE
zGz=epj`!(tmTFW}dC}{W0ddmpfmlk~R7avae;c(eI*^OG(fc7TJI^q4MF=?<gmZ1a
z!Iz--u_Ar;$XJ0tBU<d7K1w2m#$8^JQ)@>bW*raV={TyY9Dw&15<vGoqn843C{NV2
zS7K~P!P~<Ai2<X=$%2uZS5LdFTRjmnpFq#|^BR)Bw;30lz7?u=g$5n`#KVBgdj3zk
z=>8zeINv5B<3R{qbC4o?Qe%^iGXKMMJT6LQ<Ro4m&O{$z=p^W0C30b8{sgCK)?cYI
zD7KlIKtTHmH>C_FFfPMOj43FX4BQu9n#At;`M;1dS0B=BMc0u>U;Mtxe0mqplAAYh
zBaixISK0CUJEZqumZB!{%z!cwu!^4?^Z!i4_4b0D%!N2Wr2j+_=9gT9<@cZ-LVp7V
zh#cH7Fr!rorwEq~N{W!!wEw4_AdE#DAG9zTC?*<R&;Z?tZ)l50Ft0+(G~|<}aHk3G
z-j>1pGHQe|rmA8=r(4?sDH}k0>;~V4qCfpBN~M1BZ>1D#dqlsQB5Y1fi`VYEpAan$
z1mSKCjA_@e$gE(^8G$uTv1)Tj)1PLwFfdhg@!rWsP7>tnU=`>v_@)7~hW>j_<$O2B
zuZd}t3xS(SqK%Gl@rrZ?o?j-<SIYoN2T9NRa^ZG{0qra33D|rjPw8c_cys{sQv3zI
z^7o0%DZS$V-kHrup^?lV9!?*<f+LDOv?+ln<o&>hc^5Y7oIaBTR2qrn(`+#!DiTc)
zK-KDX5A_|WmZq;)D{2uEN#<!b{J)i81Pj)D`ubY3)0I(xu%U!LdkrN`-{v^7`vHKl
zn%?U@Ycdpo^v?$!`~tW@Xe0`+;U+Yh&G-p#ih|-g5J>#b<~FwD)(^f!0EL4N2I^D5
zs!;%|Mh?i7o=9LuI|k;0;xqiXaDi)1T^nv90H~&n$wS6=GBTO`j|2RNo)r)uXq}8o
z3yeylT)3lviJ){P(AVQS!X@B=WW&GiCmpAF@jSc?(R#mr-6ImA0I(>(BxGOOPWyf_
zj)b0b@v!UfjH#@5VQXIO-N{YXw~>m}h5<%U&`15tQ@VB9H_{P!t&_TxjK?ROml!)t
zC#lXwz09zu$7AE;{DR+Ni|M$A47CcrR7T~>Gcn6(O%w(^sP}mPe}A9EpF{<JO-K_B
z!_Y6D>*+Xsz`v!XqqG#6lF#);lph0XvOt~@As@~mmVeO<S3?3$^qQZmTDx++;Y4^A
zH%`X%BGlP<&toSs^G3ie+RF<$ua2#@V|aPhaolAtAb_rqU`2{^_jR4B9Zrege{{>3
z5%G*Kk>E*NT3F{fErYTR&}o_zl93V{deL(JR!k>Pvdm0Sw%|<LHE&0g)mc{WaqEUP
ziLNDP(7z;^zo_N6SyVBq16?QdlqvW?`IE?o%>N;V&FLLy9AKc(y@PIs@R_drHq5`L
zM7q%8w4IWq>#OxfdTb^NPakMdHA4YpoR2l4d3Dod{-5&xJf6z6jr+&fVp-;Srpz-T
zgou`TDpLv}LrbZU44GNxjF~BO$WS3u=9v~U5249WNTvpvitmYb*=@D6@8@}bfBf#h
z_UnGFmTR5Ybsgt%9>?){e<(H=1^OiZK^qf4_$%7jS0iJLbDFYmDx*y9kaq66WnM6B
zEhOSYjy+SiR}iKSZm+e^O`yL@t=ABM@Zc7nGL=z8NgLkak{;W?Xy8=?yeieV&5^TS
zo;7h-Yn@Cp0=gP^lf104>ZyW$`0X>dfnw+q%+O$Kr`khOcIKawGV@Bh?~<~It2Hmi
zT;F!0fFwyzM3x3TzU=Sx!<#AVwpn-?zKPp`PoafHLkRgEYBF{kG6(*k$R`y=<v$(w
zk9!Tq{Z)R#jlqEAb}|P8!bP-VJKf@kk<{Ra<&Z9_K4o37sA*vX^&%1hVwL&{$1Smn
z*yj{9_xw<mC(~xhy>~Mn&bhfu^-D^@Z7**U5gH_Y;pD|vRR+HRDbhf->jexyZyXfT
zUuLJ7hQg~G*<7e?dflm`n94M2#4iq^y{1D&i<(6-I&7^R6gl#nzB?20iVUs~*w@1p
zvv-XNv9Wi7yfLT{_6K3^?|eZ}iH`k8+Z|C@mWq4<?)V<WF)#Cxm6ca>b5iHed+M*(
zN4~&fudI=5RTYsX+x3GTg9u=1JM3~^z%GA#TTUw$W1j6^$^FAk9RvWUwL_fQMcw%u
zMG=uLWVLH5O0uCgb!DnDs#}p2wd<+h`q!v#<k_DPIxk7*v6_uRF80%a)GzsC1TK*P
zL!jP370UE;FalMc;ZLPBzhaNcjN+@_0JmF5q+#oU{fl-eO+`z8K;YErSl<7bvF#GV
zeNWmJlqaZzx!TG8YsU6NyNl83ZSzf1x}uE~f7Q^Ikr(GL*^U1MeS`e%(uMxJM5AtN
zq4!}103``^c}q9qM%Dc^4eNhP-F^(4DXYeS6M>XzTF>;sTno*Uhy}CESGgc}Q-3XX
z|IXZONG=AT@D%#+Qi^0_4!35*{P&x^#V^$Q5jx3~<G)hETq7)Ii?{F<-ZdGLiUz`M
z64zCp&wis%%i47xc0E&s);GgabNIDS)Tv_ykkRZB!1k|+jlF+ShQ@kpgpgS-75$Q$
zHaJAF>(C8?;E<V_%kO-TnlzP{YQrlBO+n!Tz`P{?9VpYjY8)8=^g}X=td_fCabzTN
zD{%`i@rF4-p2dA(^8pgg_~W5lja-bDZE5PJ<L2h%zcj?KYHCR_wsSUn5_MlruwrVT
z3z_7%=WoNA!T#RuO2GAwK!;$Z6~xHY(kl@%Nv-HQ3tpk@f;#T!XE0b%C+L5JA@H?4
z#AUkpLZz+;=k%^wK14*dfY6QpZaXv{Bo&4Jq5>Z!hknf`H;A|<`1RF^X)ce;5u}3k
z$dQ~=RyXB|r1is=-lWepWBX%l(x0HBj=sM>50c~U>-`I|s@(vl4*_~{Z%CNFp=RNH
zWz^_D;fts`A*)?8MJBED-jPPHl750JZi`Go34C{v=YJhHAjv(Eu&cEewg><PtMfnP
zCEHS{J){G^t}^d|9O~~~HdA!*Kbc`Z$w=7fuGW9+*@%axjqtU3^{cCPJx`0crN@4A
zPJPpkANBL_!23+J-gITPmLBBFV@7cJz}tVg`_Wi<4ElF7Ixf!uvSGhLF1-!DgFE=X
z3gfyFG7kPFDeyN~ZQw-E9l!kbVsUV~2!<3<J^w+hx5C=pyn}r25|e@mO3#xNVtNG9
zr8*WtZ^QjrBx#|ca@_}_74}NbHrGskHIMXJ*Bo;@Is4HSRSDz*#ZykiNZRyDt2xY`
zPF8&YQ-7<)R#Q=|NpErhVMWj`V4T^88ZoTVyvFoQN5e!!Izp9%=V14#(!=T%YCKGx
z<S~BWN-pdN+$B1*UaNrPB!e5Xr9J)&-(@zV8v%{D;OvienNWEHN;eck2nUKoE4xPK
zT-@$(PHizBJ~YPb(<^VWQdd)%^TXiRbL!0rM|pYh$FAIMHao9Cd3>N+^0d2!%c-~J
zb8jBomL_*Tc<XMhu`r@rp*!h*s-oyHRi*jT=crNY=*5*?4{s{kgOb)F+_z}4DCi@z
zNFo`3<ybhMIOKYc;V9foEmb(YhR>ez89^)hX)`kcOT-k9`XAvFs}eVlD}a3KN85=T
z3jiyZVX-z8&~U5bOS)%>!Q3PIEEH{BCo0BIjf|)-X_i&+pW|^{Vw1bpydTy6k9RQ@
z4R&})CWN??he+?mdvbU5^nC@0;`vr3Y-!)3vJQ99BYAyV)5?Z%9<ov)f)gX8%CXOB
z0m>UWwV=?D@H%D0kV@G>X{!I&#*}9^QTPj-*)}5Bh#SkYaW)$AoYn@)EQx-n%`97>
zrGH~rF*=~lqqusdPIJ`rX4lS{^?R38RaGABzYDCI$RUreJIKAq<-h6jzdt_Pvj`aN
z#k;zBKJ1nFs@L6jt^WU&w2z!}goLc_n}~dS>T3_)EbDXppxPSA!_LlxnG4VtkRJ#|
zlHbfzZGAjpLFVPRk1sn$FxRSHxdyP*)SK#uraW(CE=*M1tXYn#NqRDZOSO%ny;k!p
z6m7cFPCB?H|BhZT{Y(D+1<W2h<)m${A52P)a*h~Ng}ka5`{L2-?4|VOV9qlB{(~k^
z*J3V86@ORPegx77DX90M+I!Dx1E9-V5nfC-)g>#%C1?|}Rwr|-D=#OLTQmf2YMeMb
zc$DnDr>Av!>G|cGS4yu-pORc$!JnfXFqTi3<}U<uT#MCP=i9A?sax*;Yhl3FPt&2V
z*NuNNH9tpfqia)HAz&?1OLd`2Q9213-+$XxJH<KeUb@$YcrYW+;;13Ao4FVohlNy0
zd7m;xa*T*>x=Q&ddoaNXczT*wnq}4^3S!r&F@x(QEt>BP({mbfZuCw@)-xO8=wZ*(
z?!|lQoA@>FML~3j_p)`>Ez2Oc-MRbRt!Z1a;6}C`LMRe%oYRr1Rmq1foXw7zb$|*L
zgsC?vH3JK<KxkWAM_FQOTS%x<Q8_@;Eu*ME*b|_I^>Jn}Ej~c(t|xn^&*Eqplx99v
zr|vHB^HV}aNQ{z<Sk^iM#P0BLQyQ_P>N{-um$yc=2W`K|KW%DiYGvf7h;`qz*V0v&
zGtQV_Yh2}Qzb73Sy0&qZ6dd8_8<zDDpv$-e3P=Os;vM{gMJOm`F_m2SirKAfGMCXz
z?2TPgv{WC6Pn#6g#3U|nB~qYf#Yy8UGB8MZK9Xi4NW7^M0B;MD0wQ&>r=PednuyTB
zUO4GlD+_X9t9C*O=@_5JEJ2_3q|%waEU@vZ!?6u_ZQ4Vm-}X<DzNPLDk-q4wN0M#=
zFKELT)VH3!k5azho;^I@t~eGSRKdezMWW<vzHHTz3L)C8fzAW==YaIHJ61Rvqw58P
zxOql>=(?2&>|P9&(-Y|NO9$xVnW<?}{xS1v`A~_`Y)drJZ2p{W=?mAUKTLx+PwgS2
zADKEI0o9AN0<Aoj*W`rlB1)4j-!4UvarOgh=nb!}7-%_>Immu~=w)3B3_<+N!f;1H
zM@g5ku7N!29A*N(#S?leI^Pgf^&+fR7+{?LWqRZFaZpGdUEh4MSqmzOTPTC@nyjlE
zB!7h<O|FGt0`3c%(qzYIR(T2vJnXPrs}ygrzhgNvdAiTp^kj)c5x2-lLAcHYr$%HY
zlmYK}Ip#>=O>zdR?$a3xW(mv^=i>xmule)ZlUlJvOs@GWR47_~XdwTyO6eBq;fL}+
zCb}PJ5M40_$YH#+mx|24F1+D8Mb}=8A_dPr-Su-v{K5+7g+SlJA{8_ArqQ77Jlu&3
zm8M;!vaED*29uSLo!RJOM)UBk*;zVxlR^$*L2$bkV=}V|b$2~2)#Z=+G|=#`FL62g
z)RQi|ve_=S+VU0tCEA+!R#X7!gZg!b<iF4z>_<W6VuQJ4Sl5O!c8F<=Ms;i%mdAjj
zFULpw<(d;s=AL4%Z@bgqF#~Nvd_pS%^D-C<(-qn9DhF~fICHriC>f)gQpArZlsoRd
zeSw$oHsvch+iwgNzD5>S!BKS{w@YrhmYU~GYz&SR6ocG!osO8708k-84fcEeLgg*t
z{|$)Q_nrD*U@<>3l79o2{Ya2nC~4`b+yO~`^IHF^LSmcj%B@Skbck5}Fqpm5oBHvm
z+yE7SbGhR!)J`z8#7=CK?<tS`!?7)t%byL}-DaYWF4%pt0beMZ(Hd(aP>$B~Fs7q|
zY;B0N`F}diq7*~8)9d=4sx;@bOmuxp7=CNOaj5S=j@sR^{0AAv8jv%NrKvJh&osG=
zr|lEH3n7}GYX`9xFrHnNqB>5hbcs5nvg^E7BEXja6EWZ}_$w0Q`n^J^09V?FUDMBc
zBX7&SBYo5B@2HQ;R;dw2lNuU?V`UX!`Iu0Lf|?}*xz)@GD}+_xyTCG*l=xhk$>gRw
zH04dR#(j^fENoIS@9cd)MnR|V3n;)p#U~RYn)PeV6A+9EwtcK5S2zhftlo3dBBR|+
zu=``nl5tp5Eb#F;{F4X6SQh`uN&nqwipnCss?+YQJG>`4Y^47a!^0RNn#AIx57swH
zJ*K62rM&E{{BV+pUbA6x37HhfNDgJTsXQEWyqk2Xrs|s7sW)ReR#%%v2Mya@mlUlV
zGmi{R=~}N;WsLibjlKD@$qo8bKMqq~r7p%uMAoSZJmpehZtle1us$n75(MCfQ+i3a
z>f!uxu>SkEhTOI9zk7EXM={EbkI{0JM2Y}`P3C&w4xGtB>0q4@aqE;e%GC@OGI17J
zU}USS03QKtH3O*(!9Oe1et#&jMrN)>9L}e)b4S>!FXl7c|GK(S8+ah-GQN;^^A)Tb
z5@SCbDN;o+q`1~6Zpg{4zPpsmv%ZaG^xBk?-r=PDc%QjfGqy1afXBlAvu6Zh_)dT8
z#|ZG2r3}L4mgp`XV*%1prZsQZLGjK1D0JPsC-visf8UMzal^OEyMoA(f3i|!G=wk~
zcfD}iMmeD4^jp*c>mnAr{H}RyO2%M<jl2^k>mwZm^*D~MENc^dSCnw^w(6^Y=nU}<
zviQB~5Sa@BnRqn@W}Cp&q`+bgF95d~FLHx%^gmC+b1lR1Rfl%JTp;-_ed?)fqG2RN
zNKMk8lH&H|mPa{VZ4Jysx8{?t@imMUJ^~EM66i^Y;)v1Nm~`Zgy?X5Xk}asJqP~@A
zHDQZaS~N{l=?BPl@H9KTM5$pPRNz7InG>9mqzB7{Pcw+OX$YB&m5%f7n?B&a`3UFd
z;EBkW;uq4y<NMU0tuF%U$JU_*T`cKtFO5e_7X=LrvBa~ic!fR<<kXM;vnFA+M@^#i
z-Y;qrZrnmtbcB&N(+9({4}r|VMB}6wVN1jk?7Xm<p8cS9<JJFKf~eo_1EP;f-6=5T
zrJJ8ofnVTymNP~3QA+3`B`pl@NJmNhA4LkFgU+?pL5E+e`tlWPDeW_W5E6TLX7hBT
z{GLtMacavYcRn$2=3@94y9U`(s%XK#RcM}q^0fTr>7&^k5H2jfC_zB`(v*UBPm=f0
z9$z)I=a9UKpql-_jaujR*o}VD{L89g;r&ik^~d|Gf-4BBUw8PtewV?0kB|Q^>I*=z
z`L6~yW5$|ac1xMIBc_GWp`SQU3pmT(<N3RyCi^<jW1a2F^y<5}baGz*ca8HOp%9dj
zvKh3~vyL8r)vkjJB#Tgw3nP{;1|h%TwTSZl6vSe5un>&J3zRhBwNvzb+AxcVhXmUJ
z=Z{qN&L{VXHQ{dhrpnq+)fx|iV%b%CuZTl5gyBZgq|ErK(#Y4zAF#M+LTA_D<S9FW
zP2o?g3tNE=&n=%IYWJdLJ_gx;azVF6w`(pL(`UX_L*yu@E?iKXQq~;X0g(_)4Cbm3
z*!oCKA0>nsgUox}y=nvb#PDCb+MNDY8`zZ}<%1C(RqQ-UDyVz*=qL*&p@*gye1QA|
zH&zUX#b|aFOnpk4Amv8-ttU$5)c^H}54!X}UWKhfIZ`B=2;`z50&rp7$Gk)Z%r;K@
zJy%Fj#|G6B%^=T}+n4s?&h?dT1*>^-T{K|9yb@z~@|n>Tztt!&vo7!w@}3Jm-fBVx
zMkL?C=Y8PMfPQIM|2^h^(_n$|E_e`RtN#<}%+HsNS#s@$OB<Qjtw(5xty^(9dbG1F
zmWtL3WOv(r^3AKikvwc4ntN+f(185;Jpy21%(+L%WcVjzE<yRaT}S+8BvX)(Xsmvy
z&6~qlBV^3+ypo?k7RqcV5(51o$UgHg_U%XQrxy8d@~Z7D<^PX!D!!?0iK=+K$Fs_D
zF%XvcYRBD}_w*55{h)aBAE!iaq1?V#MC!)u{KMfbBU-Vf`!92Te=?f4dP5Xju7t$L
z7J+!;|8Rc@%;h9iRB<W2zS4!3oq&j-Wh)U>hmZBYpLnd*79R1c-rw$RZ+`&e!*2Sg
zkgsM6MA^?NH}(=aF#b}EwUPS`4f-SYa|dpBD##qZyncF5wv+kw2fu7_yzJ0>r;ecf
zzpw{?#L6wu)W{{yE;@ksb?T7N3R$5r{Us5wN&JUl#yte0-Dhfp2&To}N%3V9BYT+g
z<6Zp2shnt3mT*5!ktW&@dKHz4$ee%4;?shCjQ1#Qot<VZD*qPMpL?@B)9^OdY?#;;
z2E7pLfG!H942bQs!<a41i&BvNI^3BFpB;+Hge#^>LtY?HLxlu{OiWn|K!?Wfj{r?^
zA2+jb0(Zp`cJ_g-O{MM*k%H36y0z-=C<1z&%cEH(DS41-`F?B~-w+)+&5MPQJZ99D
z2&g2j*KGRpL;J#ae$V(ZygolfLp1Ff3<37eP4gLUXQTq0lGnoK1uBImc0|1C4aSI$
z9Ay3&h+hM^pk+=)tH$w1P4XXSHiW^~LqeK*Hdvr?33;etBu$7+j!sVPdk?JAT?@QO
zE#iW3c}RiIL;|UYgfI|N*^f%My&&6#TmD^=ro!jmz44XkGLHUZBoQ8I|AE0U+qmB$
zI)6OD?Ld}xk!(=CB~?TQHf<VM2-~~B_TyjtkNu(ltNELuLd*N|tMhjRCdU^>v}M(Q
zLtWlg4C5Bk<jQDCYAn0}p{8y7>i65Z$9zKkow>&!k&OpqK9|Bq!6Q_R?#q#vz(V#~
z%J~0MOA`><pjbGUB{0bLI$xIW)LIO?4zfF6ZJMhNr(b4}7hnV)s1=57p`2TIFB^Om
zT^8|hadtE7E$ocAvAJ&7UUIO~)3B)I<E;^|$Ho@<*&8f$OIqdtygce^9>4ok${n$N
z%F##KynvKl`%;^Kcp}c<rkN=?gmB#bfw*cuM?JTit5V=N_WvF#LGw80TAz(O(-_@&
zl@lk=sBxSP_9~MvQzhT2==&4<pK1IKLjGQ9Rm~*=MrF$|3OpSHaW$|0rO7&eT}s~~
zG=kF1)eI^bb_cYnA7m=h>`^NFouwcsl?8PyTM@l#zmBz=P4KWO*~0}3^guj^WgIXE
zu<-{-rf-b_o35<sg_DJ0|1I)iMb2FX4Q{L>=o{(J6(?3+d`TdfsS{^(;M(8#;*S?L
z+}1Og03|9Fijs1uwr8)`m5)Ivj(%~#_3F#Pd`hl!mt^{cBD=vpo7*wb%3yq-w~Y*E
zSEnF*_S;nU^2(l7tKSVOevil7?cu#g6u%z;V*W=<)V;j^el@)#>I<{kjdK6>K@zkw
z<led>{_5$*g0XusSC<BVLi)~><5%a9kdCoDbuG(16|3I{7{OOGPP&GF`--5O3X0%7
zzcR;$sIg)rQ1G{1_<gB=q+lnB+hWRdy=rv&cHJ2~kgeIW)Lt1Xs-ZWJZh<4_m;E0x
zw>q7ug|zB#U}vWHpxhAdtZxe8;aDX9+|S;ZI?E(^8KV#_cE9aW&O^VKC5rh5QHup-
z#h|Anby?7i`noee99AleE%lb-K%qV|NuCNp)%bq9xc0|q&~F`Xq3<2;0${efgXL$B
zdKvVlDqSWw=L1SM>NO^r)5sfdOe^%!Wf^@0r|eP>^aZ*z{Pn4XTtYgS6+gEiT?|e^
zx7OwJA{G4l-Jw_TYq$)YUOQ)*?x}zM57c<3I54EBX}nsD^3nmeK$`S*>h8)LtvL9t
zZfEBYRmat#yJ#TrG;I_;N+2j%1joRMsI--&*W2!`tl$SU-v2T)wAEI7FO~RLkN33@
z`yKUb)zp&*L-BFWI2LF|MBI)=wP6?>t{>&&UabmNZI(DrXhfl#L5GvxQ{qHqYX&<Q
z*$o@Y%Y^TLa)=^f;n{(jxH&xZHssrDl_5DHWydH^Wt+OmY4e~CZN?JCA_rJ5VA7_{
zkjaMs(s9LvM>tH9F?6UY6rBE+0*f4{#MC9GKa#_o>)cFX0WgrQ`GMZ$g72-{*617j
zESYK$vM^}o;`z9DKF(OlpkCmB$;67;4&Z(2V=~z%ORyyDj<7OI-V~UENE&<7^^PN7
znxPSYCVfSk%ix0Cb!)*tNm+hh@PTy}A7w(RfVn`7Vp_!;%RqBm(wB8NwU3%d2tuT#
zA!5T~95#nix*KfE`0Rj%H7dWE3f0-4qL;BD81ygf&cc#Z-}>#Pg|0K?{?&%fjQ-~U
zdGKEm`Dxj=hzz>hi!}jL-$?n}1^V9=_qKl44+{KtGxH}!tJ-zy=-IVx8w=i=fY;x?
zcn@jozMS*^f2a9ln^kD37qLjBHdd^G3F3I(EDJC>LqGYl(x2wTqZ=2n)=E!Z;ndrg
zB~<@11ou2id|mpr%`vqIsDehQ<l}1Ps}(IcK;tGLl*M}igPL|&)+4}$YC9V4tMUg>
z%Chu8+(;vW9}DF^xpgA-JwYKQr_HX&1oGjD$K{xJ-e0_sFV)B5v(I{8p1>AWvrQ1_
z8cEU!pAyz(FVvHaFbT>iPDrztvB=fvhOj>$h|fC=^Z}nDPcuE{#7|9zjUY36VU_lH
zg!75XK!|%=Kl{E{68v!i$YKlZqd9ShxJ_>L=3h>~GMpIsQ3+cJgTdFex5<ePQYr4I
zREHk)D(^e2F%qNu9&fKg;h&pEtufF5X_qAT!1f5y8GBrQ8P6$y?LsF3YqmEWT5JQ+
z4iI%2%;V-4$#fDM(zV2r$=1S~aoYuhC5TyM#0D?f+W@}2ihX)Iij$x_YE3ySJ4t#Y
zh5Q=T@Edj-d)8%WOIl!$=4-4Gi-Pt4U6!Ny3RA9V)C1cry7y3)%M1MQVxTsu!^n(g
z!EW~Za0rQX$D+YYWj;bP)X6T0!Obs5L*TtZb4$?<L-Hg<H!b3@_eZk+`Vp1owBeCi
zSeV&~VJ4>!qLLa37i1L?F)$<9k$MpC#As&QvR%UVUj?wNxoWp^u9TMv43|@dE&^`w
z8Uq_M0S397$h;(z0rw?)yw}wbm7-Q*z8qd$rdWJhFNd>h@*@s2BKJ7x23PHFBDz!M
z2;g2?VNCV<+CDvso?nn(FIY-B$MHafv=dT!M^ss!vS4yX`qi=9;L(YzHrnPebGDW=
zR|!AXO61~PVE&_x;8(gxZN9A(2-QCvM3B%%c8jJb`4M_ltxg%^gcX^th@L<04DsY?
z{R3Eo>U1H3S2YNDv%J(!i2)@dkuqbI@Wpw>Zt(aX_4{1)@o_nl^ELZx<`9*0sr82+
zM&Nm|PA-FVADqYj#lH1J%6&er@A{?wWmFGenWxuTEG=X>{F$#ODJw2#iHf+2zP@BR
zF}|=vs;IiDR#u<0YJueG*v^vcy+@$eGZnmfd*l1>;`iwE)M*OdCB93M^h}(GQ^PJi
z2|CibI>9#_Fj}5QPaJ&sl3DM;12Lp6d3|49Isd3&u`|`*zdQ=AOT&vMv;W4CR&u=_
z_6#=|?{t+S4zoT}9!-!Rc_mFO(ZfR9i;0~qgk_wByjigHQ>D%a5LpF&5`sD!B-3(9
z<!A^<tqdas*rb~EMQCk<Bv8&%#Aq{muMpcvaX&NmITVq;B$4AW=3RK`hc#~B23~#k
z5^2WHtYk>FRb}9F-lNlF_+5d6%uS?$9K=Lk3##Wgfh0@h(-WT*JwD>SiyM*K)X^E&
z(r&)81z;KVf6~(sI0$T&8vfNg;0Hb9m-_TA*MRRI+hS~eFnCbd`C(laKV?z4??T@*
zvtRfV8o_tdXPV<!<UDHG+?g*-f>OoteUvJ;ya2Y2Y1=LUk-3;#BdanVwMT+NDtj*-
z5}H@qpBB@Y68<-sM-4TtcGfCxfSW1yY09S6k5lFmG6K*vQMihuO0@uCRyuu%Ju?^q
z?8jatr|_u8@sj&sSOKH=N+gzm6bct&*2=-i!xyNSSrG|y$5iUl5RF1Fy7n9e`n4(R
zx}GWIZ@;ql=vLTZ`g&J1I%X*WD~9oExJjR*W%{9D0{d7$3|<j+d2G6<jN6Zu7|*yT
zs>K;(fT)swG6_n5iK7!pyXm}gv4zHapDSY5u!J15s|m7FZHMgFS1`TiizGqdZgPkh
z&YCtdqvfPr;blyr6W6T;+2#s!A>qh81_;r$w7M+051F><n4tyA5%pNG&ZI}e5;iH$
zV?8z%iOjRlQzNm^+*;>{_h`TWP7*-Adtoq0KV_m#tQ39B>BnzZoTK9*T0C`G7)5pp
zd+-88h2s#XlkPd3iSBq<s1JPh7By`_0qM|nT6^`b!&ss4;6%Y^<xnS8NaLN8)JE|C
zhPCnPT{S=!6gD)N-4vySSwMuy`Wd}LQ~0{@RmvV{hBw0`!hN63;wPykS;Yj+Hg<n1
zJDJ`}+W@94$}vap3DOvL&Tagec;MzwD-Zr`*q!<{!Uvh6Zx6Q$iqI6u_MN|}v+${$
zugl^icPR_ReWe_SUp3%0JC#J-n-nnp`OMbMTPc-Rn?B2~92EgA>G67Yj2%wh%fc%6
zJA*%&-Bcw6%$-|Ed*bfcI7IJm@qFPYS&Ktg&K5xF>~FL%w+7H;RX+JxtJdp&D4Tfn
zJs=iE&~@5@Fsvg1(d+hF7c9`kzReJ-nAFPu4nEtqfkfh`_ANN>9#Q&crj4~i;PbZ^
zlRGJ$c%)VUXUq~{Y7ZmN4@Z**lke46Bia3g*ltqN4vg29`ePpwx*yvWvRhieJ088+
z;1YVhK;5u<lcpG5aJK#LQ6|!A4N<U-7SXC2SC5FuJ4#{BJ*r*^J}3A52}x9X+Kyq;
zR@D4S&h;0T`6oR8_rmS=xB}p%?E&WhUQ_(*JJKBN{^8%Jn1WmhUdtl^KH|stg|r)Q
zy-yLP-K=>uk;mdJ{k1uV_{;JOF0U=>-~8k+2LjeA#9!@Dq*Ze{K>6|!G(v4jx$#v{
zHOaJ%&AeJ!&uHnZ(TYJ(5jKw#)zG2*=)v34o4SS?i|9F*fiCE9OB0yEfdjtZpM&^s
zekZtP=!62^j4UPmUE)0&IhWP1NKxERl={z~&)NB9cJzH@@wvjvBhED`w4!b)Y+P0J
z3h?k`Du7S@pBA18^L7!QF|5uOpu@*6Vt($wHQwq~j8?+mT(8{>PU%-VbBHD}7aDmQ
zW6u6@zuUBec}Dt&O!IyjmSBPk7@dgo&_lJxHvOIh8GdW%R+G4J#YA*6#(@~!DQAql
zN7<N(?2<-jWlxn{mw(Wb^af^;Y&%I|igDe*^Qc(J2~IP;3cMvRQY!0Ho0Y!+^Vdqy
z{z|cr`9Ki$W5MkGwrm2LZmL3Y`S^^w+2#=y3Ra+7QxGN6;Ek`vIA50wm%MVQ;(Y<z
zt$xLe^Idhaa!?)s8Y>zKgA*%{tIqYaHI)}c<=J`C1%z0f@{z)Db2zF&7qph@W9efb
zCpj7pS~8t(M$!uYTvFGrOrj+FGILH|#}juxX@$CH5;tOjM)wUY0PFWdCSn)&B`N!f
z=qSRTDRN&-J=I3MO#*u<G6-kIaGL5$d^Ey39g|LkVua5Zmcv@oW0E81$uQ{b0K7${
z>k34q)#KF1_?(a0r@!wzRn!%g+V^IZAcd&RCy`T`_`+}w)F#$$qgOc-QqrTxCVx!2
zKFR7jfihG^?i?Neq9yg^i(z{rw_W!@ZqHl(jNDE=$=zf2_ACw#r3wWFsf4_u_nVV5
zQPC38e$mM-5#DjPn+{l-x;K~G-w5X<i%)PkK_Mr4^fB|j82>DuDelM2Ch{5t3I}N}
zHR+3ZKi~`zp`C|V7O|KV=f$-YZiwO7-(XU^{PIpbDoJ9(wony8PaZ{xVKrZ>DQWkg
zK$Dbe#d;M~&>5VguX()2>@uZ?*}^;7@kgc=F+zIu4(24y9AYCM(&-D-xz@rlW$_UO
zIi-LNY$J<1W2`Q`y!Y`fD&P8DYkKS3;R^~+t^kCQ;ME&WZr<xdvj;AV2wDkYtOk_)
zb#36K{Fl>58~l5Xefv#Btvr0Goa00EFhr(Kxe?XRX>THlpjXm=n$wARcK7!4$t%!L
ziMl?t1pMYP1>9m1CK&y(m~GDE6c-O<kaF6>hECN~%yKufXI)I7Je*J3jUz&#FBoR|
z@d?y8Z0%ISEDa;!iFj5>20ng?@MFLYk4^XuYgd04>QaWg=T3?`lLvt1Dc{2>7057P
zb3joNSxLa~NA7!Twt*0FRbnwJ#KHy}F|Jx*BCOp^n`Qga4`qJVBpIewCNjcj(SENz
z`2hcL{ZU@Qd{Pq<JdCbHI{SW6I}vfSf^KFMcLZsu-$nt|_Tw0<Ag1w`*g=P8TkH@$
z03dq1-ufFLOlrk~<|X*-KaJBVzk_GL(GU(*T8I7E?^3M3?>YbLVD4U9oG(w`g$oz>
z?TKG9B$R%xX8nR6<O%R5Rw5WUyWAbNj}<5Hvj4>PJveqw^9wN6<w_^j+@<HXh&W9A
zxLG%V`_}KYcfiBUdzU#k3D6PMo*`QlGvTKnjUG_-%;EAB$g+L(XFZD@bQXu&cm4MO
zCYU|+<ssN8oOzQ~e-`QFw{QE}D99bskzKe6{rl+n<s`a+OZN}HcR5{{<-fjQpf38P
zI@>52%Z8<v)hCzs@<%4rJNjWo>|D5oi^W8C6$=yV=p%>js|bj*ye?a}(m4vbG~p!W
z7ba<Py;#x;8`gfV7=<+6JN?)zf7p+`=8k*anJ{jP?gjVOByHQeM(9NuVCT9`8sIx>
zs7%4!dcO~*Qu*NI9d!lF5jVWIVkPAnOx>Zx*9?+*o9ROV)@dl`P=qjBHfPB-2_yUh
zQj-G=ZD){Z(UX``&dD^PkH?7a0$Pm2xi24A@7&8=YFx^9G+bRG_OOxor4*vF2DT?E
z21EY@E?avBIhhvK1qg0{WqN%>NXm1sCOy$f1qMHpJ`|09kjS&1sJSu{Bb`_xvaEwy
zHi16Z%3u*Mdh?zbBg0ASlqYOpIP*UK#R)$9g+XZj%~;)L7byq_d6+$1TXhOcqGRNV
z%M(x`0TjsBv6~gg1$5;2GS*NE2d`I<ge$;PEHE#QQ7{lrbn_oxc+(3;nShblsL>4Z
z3Em@nn43NLr@2|%^&>mxW@KNy$r!fEV1x!FrIOy76~fb7_fNmed&f>o)<1(HLfXQU
zG_@lmNrwtehw)*SPbiz7b_&b;BqioONie2<88bvfH~RC5AOehuQ`m{J&0d6WOA-}<
zU1rzgLF{lp$#~QsHjr!Ch(Y_oJ4A747fl9sIi5^8;RKoHwZRJsHnP^4wsOf}VGv?x
ztgV$bVX4H#!O|J?5Fb0j`ibt*{_BT?x^GFK)7W}hLt6P$kDruV!!Tis>xr5QES;4b
zwLMmdyMJWZ4_XM$r)ygrLO#GD?3TmAIEx=#Qe+bWb%Ny*SSpurC>P<ji->X5Sxgr=
zMabB(I(3RS3kBZlE<s8`vy0DGp&_%>0p3cGj}nz3xc|u!om&AYEV@W;aOqMmdq>Z$
zQ}k1P9F$Nb-8EqIuYTspKn3_(J2t%<ChPM#2RWP>HjSAF>$iW`Jo(8H{dHb2!CG}=
z^`-=5B;?wBwRS7s2S<ssrhi7P2#-F|i|w7cjZ_?`bPNiy??~fPgE~eIoE@YYzu+H#
zfN;lrc3VoZk1=U09NbYj@Wgwrq)&p>WBa|fBWm5kc_~qIjiH+mxIva{6f#X0DF2&u
z%{GNEzlKEgl}{BE6vD>3yzl!ejLSq^TO6%_QX4vxC&9an|NE)wcBY-FY23{ZGmJ8;
z3@!ACB1B|0AC7|_8vtX|Hzg>c9!QHXe4Zge5#``#=vN85Tft3lMXzJ;UkoyAaIQ!L
zQWNlbYgLf!_zjFyf$TFMRV8a1d{QMwyH;Ovm6CAr39VKf((g$1<jCSmYuG|TPf-4$
zo6cIiGH9%feE@#;u}{NEPzz;H9=UA@V__s#TD91u`9m-*=^|LHbs8<^t97J6xnzt_
zXmYMf^N@FE&T2<>V+f!4!SJLm+s_%xv0lw7sa(mxOZ=aKURL~<fj&WbN4BwZ3ENiZ
z;NA?kd4~rmL`Ir|suz8?WiHPmd9V8MhrI7@x&qT5`O%APu)O9a=<%7<WD)jaK$vH@
zjDhhTlQOhUd&_<9KcLBs#lE4*hR>dBL<rUdeB54iUVK>wD%@hHhu{Q?@x`~;&dRHF
z?k&a<?Z(VBxo(dup7RG8pAW-hu<AxMsHqH7Q)S|!vOXe_Dl*-cIic2Tf{j=A2<pFc
zto#<#kyo4vF}+r;E1{)Ftx<(WGOr-Fu_E~{$lxr5IzP03!O=^=E8@``1@HC98OI+W
zgj~FqhT!X^)htJ3p)s)dv;mIQzoLg<qK`jK!T;4CmA1rFwWW5TW0B2oj=Y1tbse&X
zbYQ4lFJdY-jmQw$ng++E82S7h!=^)qDnE#z?qK$9W>!{>IKXjs)|T>;HpJwHj{Y&-
zY-D+}159lfR#shzV{#{M?dU=Z;LB3LI4bo?MhcXH5i5>pH2sWvC5gvuWGwmeIixcF
zW&8>%4_os_bRXD8_(TrpiAI~?{8229eDUT;C2U*341UvK5mTaR1hD?gCbQ8Q#2bn+
zudk-26}&qcp~#@{tT4!Pw)G&Ot1!=CuGre1C~nPOk>6#s!5SgG<5I3IwIia7TzYdP
z7`EW*w7p<7g-pKR77S$TzvZHt>YXc6*lvV_cifj5UzUanVAzAO_ik>p5wu?^MF%Ya
z!%py$Ft>Ua_yId4|8c1QbZBegOw((N>;=5E9-IFI>3zfB{mOks>7am8x!ab~?^y@Z
z_*IAd)l!8I&pav*TMvI>i|)bU!ucDJ?a*GHW$`O)tZ0A=-MZFhAC?J|wbLAfVf0@*
zUNL)}%e*ciAmO#X7J3J`Zj4%Y{>p=><jFZ|>XvWc0wR@<F{^Cqp?5wX-^Ru3NzzVS
ziHNXOG+9@)<IFykn6FfB(0jz6idJzyP97=SdHc?Fva`2<xdyTXc%Si_7JD~;v_qP1
zET8u)1-J$=;VeJ@rkY*7Vs2A6OJm3h{9fRfbx!Ng9EU7yDB(Er785aP1hU(KM^it>
zLd4LEL_iN2u5KXtRyrKH(SdOp%SES7`=kQy^;13@%Z?;EsgMIPKtqbW$V#kc#Q<|J
zlM!dssY5HkQ&)@p@)gdTbr$1i6C0F$s4MQdrNPFU8WE@ycvu%{q8jUvC*16-7;9&6
z0Tj}pmBafmBtBr_2lWnA6bC5a9fx=#eG04awmV)anyPDoM%u&nahnvhf|28QIvg;=
zw6Rgp;V{v5VF{pDjyB5*WgD_*8L^L^5*C=gN^bip>#T3Sf^Zh#BQ|y4RfF(bn~ZfH
z!$3v&XZB1Uyrq~P&nGnX#tT$x3KEKn0_7O5M-LK<RtcA6-hZ<am=_or7<Jr`i*J47
z?VY?t{~F~NO93A>Vs+ig=n1D^nJVwTPOeel$<r?AA<M0z^e|XdO=vkn5tW=#_8ejX
zoIDBr6(?OV8Zl;k;BSj{TsS|-!q)nLk1m>8M391-cDinAoNM^4y=ZS!nM}roTghZ%
zI7HDM9p-`iE+Vl5J7VvG4pLtb)3KQiY68Z-O{#cN@B{qDu_Cyfu@-iLIwsdUAjrFk
zSmdWBCs@jYdyI2Av}jz;a@DV03b*ZC#3AUQ8V&d5=n}>r^g0S8K-!tUWfBYH6z^Ui
zH7RaJezR>8?uZk!zLb0HSjpUjp_bcMobz9zt;&k;u6=1EOo`KR6FipacacVZ8)Vt<
z=+|vgW_F4BYa;cH3LVv6onDVpu#;%|@IhQO6yQW!K4aE2gfA?(iVxp^z?lmA!*+|5
zfeLvFi%*~uXgk~|Uil3#)9Nomiw_gg<&=r5GD=@@-ZE<cBl|cUAv#lh@0~(+YCFFI
zT%H2s$p@7-LJR6qlEA!^n))A1k*5_Cx)c%u6tL&zCc2p`4ltUT$cSCJNTiP(m7g8w
zoHHZ2=$U*}+34jp$`d|aW(zjB47Wy(oi09QgylB)q2*u8KP;mbzC7O|m=_;#N)Ro9
z55>65o<(W``MZ8<>dEWQcXY0yM0vkfeWjI<N8ckE^b$cvD8TFD2gl0qH8#Y>zDzs$
z!iJIn!}7Y|)f2J2Ac|4FIQEnE@K#|*euovjz3P#Xav;?KsNn5SpI{qzT|Q{^aHcLS
zsL{tqtNr%r?HvBwJNK>0Q21_g7e8~DgSQ7qg=FU@+Ge5u*LKD3-pF=~;-^ul{dbg!
zgF<{Z-Cftmzm(UBxdjBwlrNBFUL9naAQL~noH@y{XNhOq&gr`y%T|uPvEFvd;P68c
z(xnnKin=rZX~qI^W(6~O85(^cF*4{p-DmY+f}8OtuLeh)XsHzVTH~tGm)pR5lk$_!
zfTx&Cd)y<%-SFd>XntTgre<jz7%E!vUd%6jGW=C*60-+2t*t+dBanB^2x)V~Uli+P
zaEL4CpUS!aW{MKc14fk9rfE?nQS+=|ct%xVW%RO75ZUZq_}7I-Odd_t+%=rtaok1>
zuK2{4Lr(J~CjL#IqG@{sRh{DSt><Y(g0|R&$~Mu#1VnT#uR9NrBdA22HVU%{C=3M2
z^_+y5oA#IgpZ>YaEWDL(XV_Sba^?tlnCT8OhRX>>QbkJK>1YT{?}wToxU=~(rxC!-
zomOS#t$guYuC9ycx?i24>9KI5I@qisA%9+#)hJqGg3|$FyCEJiLJ(F+IuY(uXg}K5
zlPc=*f%~~SW3h`F9SxMwP|Jlv9cUu|;ZFRUCW!leLDb*6pdN?LAQ4}bKQEHsQF93~
z;;wtHL<e<=w6()5fZO?`MU*Gk6`<BqWg3p>w+P!apYUJrju#JB*9hfO&q^;SD8~Fi
zL6{)v`#_jE|Hi3oA3h-(hEog*K9~wr;kPYZo-`W~;qG6HzUoLrwz~z1VWfte5G{rq
zhr#FDeGG?<_b>_;d4EKQ_WU>ngBKw8a?s3Z5PoUWnh8niS6?plXcWqy|3G;O20Re5
zhRvu0*pNtL$bzb4cd7cy!j*a4qkN1p=CF}L)At6%wxJV<zF3<G<}7OUeV#S`=1ik)
zrU>M}u(MomsM@fVnTBQCcq*YGD(<gG`Kra6=uX&(g|zeri~5%=!9;jL#I0dTQK-D%
zC$g%e>(zlydLK23N}r`3F;o;RK$GHpjt1ji4CEPkpx4WfJ^A(2=&CR6AE`yxH-2jS
zb{~mj!Q{aSMUt}5AqQX?(H6>BSbVF3g@WlFQ+GNV?_e&cU7IE`3L`#TAf6eQf1{{-
zvPh85fkTp(R;Z0UN4T<)$lH&jF-%azPQ>W|3jXMtLa{m9!*>U;6|=HT8^3}3HeV%<
zhjpxDe=x4B$eWML%00_y=vkaS`*pgzV4&4=H=q-bZ6FiP^rBhg%JCQac!#bO=$t}X
zXFTuc=vHdu89~Nzj`QiQ1X&cdbv{e+O3J@Mbj-W|l86PY?pz&KVJc@xKhVMR*i(#h
zr8L(S0^=R0k!kLW>TyNadu=ojHR#rW*nb(k-F-2ts!zZGObnBZ3iG{3>v6ldeM)}s
zw^<)Qo5+A>vi`)1+vebFY4&(fFZgM%p=0`c=nt7i)KZNZ&p%)I=}_`-9y0$225tY|
z0QcqSi~PwWIm`yYP1knuA^)ug^h1!sKtYQ=^)lu*uBXH~eKPfxchXkI$0Y=&3oJK;
zXL`3rnO2wP@qe|4+=A7l`hvOg@4c)-V7C?%^D5Sgm*e%*3m4Vng9*gZ8*K{|j^-~}
zCOo*aj@9qOr|V}MRK7FFAzv!1oV(rUrwoo6_OP7S-=3Iy-!?K>)gcv{a*iP-zWBZ!
z+xX_jb6cy&^Ndd|=iKgIAAL_f!kb%rL(yGl_-9%Y6|WFeRBxDQE?&04oUF{-I2=Q(
zaKZCpN3xyn(WYWxjRNbJ;?_<@hS-r~IBPaOHXC@DeW`LHjJIj%-?$CoWJ`xrg`B9V
zv&P5Jh?j)Sj#CsyML0qg?^?Ih>@_mGFKvBHG~SjEC<+-VI>Ff#2{t3ud_dM{;x8$;
zuG5-<2r@nEx!VajsGMxd%=%U&>4xaRH>=`aNo#^M*sPkKw*?2t3+yy*3zziimL6{n
zPi|;9IEqE=O*9)_#X=t^wf~^L7hr^(npY?_hwbAE?i{k&oDjaV`DBC5=aa;dcyOd(
zVPCPkDb>yNCRXSw=0Qu$J6Vau<tTW?dpF41=pBoUyhk?R@Zmj$o8eQ2M>uY81CFi#
z;G^z~MUr}xdo20`w`nHQltbl0J-oYr3ljx48SY+~+L4oRr5s@oZOIqyYkpX|m}E59
zZU{UkXVu%d<OcVN5)fBCh$=!CoYV^@2>ipc|4)ipthF-m9;8MWx-hYG%w22;XP6^s
zjMNUcYIVX%Yno8@16Bm@bgtZvDfwtD$S4uVsaU6+g>J<hx^`4VJM7R|B>Ix_#o<%H
zZ;Fxaj~V$t-sx^7uvg^bK143DKZyAdD3|d@+YzcJ5W@G_;$ykR$AalPcZ&lO@^KS#
z1bjM&#m6wPSQihNAQ?@wh#)?TZbPJXHJ~BT9mN?UO5C6erSV!rlgCNzlMjF;F|CaZ
zKQ;km!t;EmQ%aoESbRo&DI8Fu!*2rFy4)0s%ah|D9rwD_&5U@O8Tg+27%c=yhs|$S
z^4Dbod3G6Qc&Aw$_7n?dDkf2@-XY!H!%@HC3~*P2?t-zp&C&!mm(Yo91|haRqx;Wr
z6%b1TnasYpDd6(;wLIRmzPdn5zurDV96QU;HN5mUHqtff#jEE~XK2Xegih`r3Cs8t
zDNVw+WyhpNkq;(UGp-OR=;M_|-5)G$ArTY)UYGhd>Lju|IohdT{lD;orQAAz*e$4b
z_#Qv$k{)mr)IPi_kN(PAWYE^b$WU4H6{T$YSeuzbi~nYg?u#=g5;qs{8-<#lviQ_M
zlSXef;;$x62Qhw|N8+em`|M(;=6Q_t(Fr2Os~QJZ%N)L{UDS>HbX?2nVd3X@5fSkY
zPdvZ3;de+9WUDSjh^ynHarS(3_wv2~1bRck_1?a8P_2RjN+8zT3xHvl{b!Dhe{+ci
zmkr0mxTHjX8q2ef{W2EW)jZK`u6pas-J2eq9F$xTCG!X`(cxiqqjmze45KwkX>a`*
zGGGqHgs(xoh$Bv#)hNpvJ^`aX-Ny2ZLXj@#uN<sxQYqoPtWLwWqB+x&0_O3YhEx~X
zLB>KfinOwSvI44<gIR~NR7#M*v}f`P@C(U?2-59@^C$SraibLc9Ix+NxaBf;2fTn<
z^l=x~7UF<Ia-DT&CkK)Hkk;AbLyMjLv4yb{oE01#9O@f3X$7<ES-};ybZaaQPZ>Lp
z>z`Xvu@p)53}F5)+@zd-3)bdSGLrsyTA86i>d9Q<vYR3ppV)Ax;0PaN0zE<KlO_3z
zp#lciRImD;I_BaYJscitB%@v#I@}7Op2i&Dr*MWR9-?th9|w#;If<Qr`0!3p%FN58
zTxpT&oKMexqvXX7{yx!xhyXiC8HLFM_M{8W@bIZ`vHBke0?hHVmm$`6ruFAY;zdJ!
zq<asB2t;IYeFP@Lpt$m9MV?)AB=XT)rF>ugGsN8{OapY4z-_jl2_N-x!cfHK1|5N8
zqlKZj=8^O7a4pUZcDgMNm`5-_L&23WuQL!5+A6gk0Kb?Q*dhO$he@H=j~^Or1b9>Y
z6bEBqbJ{Tw3+gf|TERlge`fGD`UsOad>oM>R)S`!p3!>({n&Psw|Hr{erbD0TH4Uv
z2G$6psiy-;2GvE*3f2?t><bF%tb=2GX`o85L+kB61tvh6;+N=6baQKfvw)Rs+c8AK
z><9Ts=Ngs~L+F!dDQR*rW4ftGzw3t$MzEeMQPH9dIVP*a%^E?4=uSeGdWjU-(G}!T
zo{*cR)QmK3Gr|Nv27|OERJR=gfO;2vHc;Mep(dU8%)ue8Yfd(Tm-UN+zW?fPEznpa
zvBy6GYnSNvobmrbnP#_3-H%Q<AmayN|2m!CspJ2cfoU*6F6z1t*Cg=z9{94b{*D@3
z{b+5Sh@32a&~K=EDnoZjk-LU@Kn{x_TD?;1byAhtp}76kO6yP!A_|ex-#lqUd6r)Y
z1J#t!D&Kr~bJNpxYK_%A!tdJVfr)X&bVdqNB{(S#^I;*bQ6@VdTHjWZswQLye1h<k
z4_TnrdHc{u>_HYRaq=b*Oxvh-GjAE6Cz<uPdf3^*hhEgXSEM+G1w4v>8~e$?NYcTB
zS?Y9_`irou19o@otsQUbqxAD6x!)_sa?Yu)b~#Z5ulfXd=+(HiC!JKXPI4_Sn(DKg
z5?&n<T%cA(xH`V43?=a)DJmY~?r!?RrlX>AYSqW#r0S%We}Wsuqt{deoU{_=UR^7-
zUtQINR+z^l^#sSV;}Lq1X|2;4ltInQ$B#aAfBe>sIVJu;=U1V^jnE`vhL@twt#6+t
z5ZT}VVq+s1S3E$MLak~6{uoK9$*w<!`^o+Zn~!aRPMh>u{RkG#_<Vs@hz&XZ7d5r=
zF?j1S6VpiM_U^`BbO<(UTqW>)z?o{$M08<f#6eQ}4X95@>P==Wa(9J)@{2eP36_T(
z91F}9X&pgo4`a<?7(}&AI}W#NLaGIE@IJwcF+)`F50-f_L0fN!sGm)XU(hSJ8>~vF
ze<^+Jm@V_eFm3ea#!}eCP5w=@HgEUk`^W5_`BcvtEi5fxbgEscKKF5sdG1BCoQOA}
z?33Q{RSK8`X4%e)1+DljQQW!V<Y)Gt^7Mo2EDyau_0|P6aHB2G_M4`WKIm7!rN+nC
zM|eJn6r;<z$Ctl<Nk@R2d?i&^TT6Ko>M0d1ejcwAiw)yB&Z9ux=(p+Af!_9P1vdOc
z`lGSt+C==<W6g^otla@biE6}=M~0J%-LXAfQdjlVx)5D`l{ej%)2ptzOin$wyYfg>
zy4dRS<5pK!^;bfUY6er1KA6KV1(F4#Q$Np-bJCf@nJ-*=cq%n;RVAAYt*KHhU!i@&
zP5YF>YfY*F3dZ^YEeK<7K9i4)4c%cZKf|-;+9-_E<R|;jiwB3@3BDhT#Zql@;t+uk
zT2Vwu8qZ}|D2YLp1;rof7jn7<<w9uv3Fk{WWSAmcGgU=^{(6`I5!(^n>qy7mJVWmL
zu2zm}UBjolj1yl~OiYBXD=8|9x^GyWdUw%LY~iY*LvGr7Q%8|li9=0{WZdej2A3L5
z?~%&j6boNk-}uaCbuW%d&NNjf750<8Z5gCX4ZO`UGxylf++!-gTU!74q|gxQMy5kZ
z18tA$!GVTWXY<o2BN$Qq?ci!n6y_ms231VfBhn?*58LBME20P-uOGxyhg~EhVxt(r
zY2wF<JnMEH>C$Uko;LYepwhT(sARr3F;)uynY4xB;=m_L&IJQ^+nMv&oE>Y~4#WP2
z^KRow>>C2n{V%DHx?a_vxwOFl@(vh?G>eU`Nb#0<3E@9{9QU*~nec|m3oIU-v^y^`
zad=RqE{eg{>=v1b%S=Jj@j7ic5~wU?{0ACvJ@K*#GId!pCL_<CjmL5<$!<UkNfr_m
zkf~=q4Jj8doEJZ%PaJ=n?(`!S0Rvet4tPLa=X;0yh|BMXBbHR2ReW81vT7i4uBL2p
z`1upc#}}pEfBkei;I92#lKp0-+KBN%nt1eP<gxJT%9RjB3z-}GXJ;ua%sj|)VUaq_
zt*8c>I{BiUxM&gR3xy||$|YnW>3)pTcaomYVz4@huqSdgs%K);$hVN1^w>ewvnY+~
z<Y`Xb7EiLowrd>`ysKQ9jDeNsRiAe4ej(0rmsT8@v?2VQxe6I}svPuUwKCBWt*8*$
z!<$cThlU0_b{W`R_#E~4u7jtY?o?;Og{tA_YpR~F5aZEO4&|B!%bxdF9bYWZj|<bi
z!DdQjYT`SzB!R{Jd}l>5RC2?S7WJ&zckPo#IM@d7$;4%phcJ*JSfl)VJjJ=kZ<DEq
zu-;MAG*_xKb$}x@DQ`KdJYXEiFx9EO^psVQ57KF~a!<wIo?4J-mah?eW6_kFuIDx$
z)*NEPF5`f>u68RKG3SGP0kN!0?u~`jeHF_m&Q*MEc}vfr|3TYx)1-IS&&7y~dG<xK
zorpIc2nA+Y2=b3nn(XX><HUoUJk}#x>@V%tHtCLYT78@}^1Q0&szg5@_mujO$HT7m
ztAY+ynlm+y)SEpxoH&Qof|D>#KGBekk&i$wF1uE7EY*6m(+-SIWl-X+K2CA@*dl4{
zR{Zr%(ZzN0drC7-Y5ndC{2S?{>fkw}lEk_lpW@4NYehv-cQyY~o}^X*TRL4;Qt{Z>
zD;HN_y7u*U|5xo-_?b1XjyY-~7`VGG){}!4C)Sk4-;_r2!HRGz*VF<3Yf_^ss;cC-
zl}q*64=Xi(wk8QyRN!kByo_Mu?BJ&e#kEQVdxV|{kC}?U7N)nvr8oiOjnAXQ#{T^5
zOCzKkevvO;8hMBM2W;Ijj(c=}{cAza2Tn8nT^e8QbQ@=lHdj5w9}a{S2t->h&jT;G
zV^|;{9o8TC>w9IzFHvu}ju|t~CRCO!UnN}EJ+?8B*-ly=HD<a1Mn4)aZvFJA)1eCK
zEJu`uS~dkcD2|7|_d_zHLJePGU#HbiF6Mo6d_s$Fl9*x5bam#Cqv*kMhxwk)WR0$*
zuGf_WRmNOU5Xf~!WC^wwq%ilPg$}ZcZDQkI?VAJUNsQAs+wziUBSZQ*FZ<j~x@t|I
zVjFh&LL{lJi;km^#3c~qziOykzPcu1jOOGBu&WKZ?|FVIB;e7>bGB=r?_wV0J$~T8
z6LzbTmMK57k(Wlt<XMM)tVoNRkTy%G(DT=J!fB5`#Ly0$S84HOOOHCkHTg_;KJm!H
zwErVw;+uxb_tPmp)OuD=tfaTs#uu8rlH%=p{@LWJ>r>aSUup3|y6~}F7jQt(VE}`;
zn1BEN!cd_?yww#oF8<njwL-!miQG(?{EhIF99)nGXLGgg8ife)wF}|6WgwbDLsF34
zwa*uF7ml76&{jRH2%H!NmBMQf+V?W%@3YAkN?uwg`tk|!@nLMTS8|pk<LbPU^VF9o
zUFB1Q)>dv7&-%lnmOm%fn9s+Sb~?hb3n^*3s8uz=Mo%6pxV6#8-@nX9N6CGO&9fjG
zgG}w#V_snb)%$1caf;Yz1+}xZs17Od9)!RtB->bKY*G{B>}xDD@`_m7EMu0+bWRB6
zl`{<8VkwZ!QoM!56i5^zAxSFvRONi}f7(%M6&BsnU?q;!$9r&ux8A+h+?G39q|*~l
zD)8c1mk?cxT%7X3tM7XhAsQ?1Fi3LLFNuz#BQ;F)5R4Sr(-yL{Sk(FnsZV`4ILHxq
z)en^&Gj*}C3{|W)(Pxv<hu@4kp>dX9tpE9j`7%Cr<)G2+zQT)I&#*)BYi`$!zjnW;
zq3%9AnxW5F!uKM)JxQagsA<zLa%5fh;=+UWW8jH25NU9RZ0&T&)8~7#ahe>f*yN%q
z^SROyGUlCH*K@*=XdL-m?j-o9i_m<FOyP6-{H`%)FtEkwAvs1Fkp#3*ESFeYydz<G
zcOZ<itkjKXLK2HZ%~TY%+x#CqBkoG9&761>jGxlcVR+4Lko=W~v4e%`)0ZmCwUrrP
z2fVy+KX0BgRA2%(k2bX1`^U}01vhUV!+hYf5!HAvJ;9yf>@#khK2(sycXh6GaE$x+
zuwj{sMty)8p4O&SxWHB@n3{kjq>(uQX`62F9%{~}p1q(P5w)bkOYyPm{_s$l({k03
zix-YNTb^AOb99)my3~@;@gV=xG9jD#@ToX__FbFQi8Dv2LW2-)ylk|Z`Zsv}s5H|Q
ztYw<nFco_&qca77tHFV$fQf>@K9wj)a00R}{w$<IO&=an|M1v*(_7b_+8UaavFW_*
zMNk1zgHPiU`ig5zhhJWL;mRTK!einS;Y~j0oLW!8OP^({`J+idhIEup=0`xncyK=)
ziBLV|9h7^<-9qr*d3IVp@|9^AmidT-(u1!M^H$EhxA|U4M2L&b*=9+_@0uF}6hjEG
zA*|F0`-b}ZVWaiwgUx{{QKilw^J>NJSEmzVd|bQJEb!TRld?37T6JreJ5DzS`yK+d
zd(p20cEYliX~p4(^`dXADAOmM)TROgJm1YpNr-&9qP?u<?s+9=;ib_GSt!Dr<l{pA
z=gLa(Bok(`VMYiMGzt<lW;3fqZhwuxmK_M;TmK&``CtEmxv?_gnRVaD{0sq13IhJ8
NqM$CHCu`#U{{c4rHk|+f

literal 70908
zcmce;by$>Z*EWta${-C&cMT2FAT@MI3?U(c2uMgHT{0kzG$`FEA(B!O;sBBkBHbc`
zfPi%UZeVY>KF{9Y^StkO{JuXp96aW}@9SRIy4G6fd9FpMhMEG-HS%j{XlOV}in5w$
zXy|&tk0kgq@INxx3sk^Amz*^fq|wUyD3^g>Ko(F{C>q+UD6AusE5PrV4vPBDXlS_Y
zXFr$T+ZURlp`GR_$wIZ=jlLb9+7s)XoJJiMG!pspc2}xDaL7aMTvo=)lM1i?q=!w*
zVe9A*f1)hdjpYh`%#>0*h~SzdS9}70qQUZmJx_x}!{*u*w)iU&nX(VUjSp7mw!Ur)
zr;2|N_}IrIKJvl;kQ36o@7p)w_2s79QnrygupTtDC-0Nk&OdyAP8TtAy55Py$f!j~
zWvGHf$b^`agv#t<8h9v2_xQnsk_jVdV?8iu-wHyBPcg~gs1I~&!3|G{_>uAVK`|dx
zz!)`{m3!&~13vIO>4XcL8JSu6Achb#BWd9Z)#!J?9oC4dHsfiNPC+;VOr%i8Ey6Z`
zTQ~=BhsPP22?e0~BZy@oYb%)kMG`))%|}!Eo|5urWxAD>$p+5t_E>5q90As#@d2%C
zhGjY>ca|F*3F90VB=#4G4w#12Rhs%`opJ9MRWnLR5waPG*4_5TDJm+mW+IFoxo#tz
z$#-;m?01@>#Wc;)?wj*QDc$VV1X6Zx_jW(ys~sQBdms#}M|*^Ymdi5`oFcmQQ7hOK
z1-sIc|0WyimB`e9lt2;gNKewvK+LCDepbQ8T9YG_kd~eaNb|xhp@ZJgjMIik#gTQP
zC4qnW%DUg_q0HCz7N4O}P02=90fB@&Sv@fVjb+y+X*XKz9w4TZo*~p%I@zu6k_B}z
zTYom)esU0)cSrT;?qfd%eZg)FU2$SXMTxj)4l@#i9@LBu-;a5}2^FU-7!i-L*=qWr
zIwYM4qdD@!^0eH{Q-pIZJ=1ZDvb>+Xd(ZEiNOUxA5o6AdAwSA?YupGdR3G&w0HPX(
zvu<lCg3X~@oL+mCLlK^#EYqEkoNQf>VHKC?qq&i_uGQSaKPk+cCt(S~;F@WTOHEEz
zZZYgBPg$vd{W4TtlwPuwl)K0_uSXVrQLnjoxaY@<z2+HG-iXjIly5al@{ym*6-vp(
z^aaTgoWVaVAyl((eX_SGX&B7R_abShWBtDk#Lm%N&7~VgWZTXiKRR18-TI3VH><{*
z@apO&;x#EUUuk^QqVpVsYzOy-gHqgsb}tH15p;dZ&JH-^UJ-w;;nCOlhFFN|RPhF(
zhq8BB&@ri=X7K}%h<!u$YIVis0K-hcvh28o{WSE0QX+}=Tfrv@?;wea)S<J={7Yzw
z1_F6(ExIam<4V#3kB_tOW3&uBgt0KpQ!zwgJ$gS7*ci5YHJZ9Vmw~cQ-J2tgZC@Mj
zFcQUFA7hSqD|@IO+4LgQZc|#Adp6~!1S2d)E_45do}2$SX04-kS{;v_ts_F~InVUO
zPA81z#6p>u^QRgXU$6=!Dmw+wU-lJ$=-6R$MUXXyvL?Skw>~`Oy0KC6ZS>^M8QcgP
z)rzwh_7ufNzE~MH#@L3i$ZVr*5ec`|)Se+G6(kbs6x|71eaJPrj8sls-BliwF8J<c
ze~lf!H>h5ggdk%HEhcqx_a=fmS3c(;XIfL=u9TdfL~mMWxYZL+u64IB-%eh2qFA|?
zRcAl%J%lPIBXNGEvh=n~ViGr0dOK0e+CM)VhEig1XDeo0h*Z~zNnt74ZhYZB>cgBq
z0drHEP@tw&tAZ6T;B3^J&FW#*!`3>3m5wL1f@bK%Qlou@)s;?g7aV1!hX`;dAfl1p
zcDC#SlZAG%6#5*s7T&RLl+){*Q}IHX9G&WNa>V}Yo}=C3^Kx3~mm#S3Nq35(U7ELI
z=p-Ia<UI+<I5w;6i;E9gj13KMOV%rfLKecw8PBa~F`p;WMSjpVKEv6Co2sY&2Gr-^
zr*p{zcBJ*mnOs(nIyPDAUC^$enMvODMvEyn`@4c0eT$e2JxMa)?yWCH0UtD&j&JLL
zW*K@{2pfra3$P(vxb*PD1$nMFiO9niXkW=;7X8xxcMaGbLT?ccT-)b|2+vPpA@<pf
z;rxcERPvM;d8P@Le1=`<MUe3PeB>e3)ud;T_(xs*dn{*WjZ<K0<{gF_^=Yx2v%us_
zA$95Uu%^b_67C$VLXPTX5ceQ$IgjdeU#FOqpqm?2r?+<1SOseM3VL!F{rtRV7UcJ@
z>B}}_Q_GR*b2q?(k%#X?R#@MS(29RiQV@2?_{!f+LDw8>A8677n`9KK#HO}jb;R&^
z)I*`=8twLKQLR8$PM~a1yOPzHTG@$>D_?^2goD0^%q&Pqsss@+mSGw{LEZcC#lVGI
z<}cbJJg3m;Nb(kuxT)^C{E2){ArbccVFtG4A%xt;pHu|C7A#&ikNbeIvR&FO{``F^
z$QzSQ?bd91l}B-I#LEK4M}-L%GuSw=hF7#NMf#bScG&=Xp6ujeuZPvNk{xtW<fLh_
zFKOLiU=g}a#x^9jnbfx(Ki3~%GpAE%WcMT~^U>0c`gAre)1D2M@p#WukKPgudD{e~
zGRvacW1p^EhRu&o8!Zp?U!Z8YNzCUw*909NP>ZQ~zpze^Yt;LstoCT%1u?vcU;R*z
zuvg?s-Y3BgbNnimDNC^`NjRTaSb4O1K%-c<mVB6;5?gi{LMiPMW@zkLfYpCi_VRY*
zJ9E{u0DGduP-{^iv&{ASv0`=jp>`bkA<4A0dYOg!UV2`axt6zu@`g#^tqz6T%1&2B
zL`DXJ(xhdrvAe%ZBjYv$3g`qDiY%>M)QEetsg<A}BGGY_??zboykB|Cq4J7MSw%1p
zPfw;#<Kpy^zZNi``RKxpeL_vs0yQJ%#rav4%=C$1q8mlAyj9NK1KXPEegwtBsKt^M
zC*?>enGk)Qy4}Lujb+Gsh8w~wx<$2kmM@NcobfnboV82bSzOm?PNYc2n~14cNmVt0
zBJ-)D5P6#$|M3Dgx9WGbIW5%jaRq`uVT_H4JGZ+}>3F!~A_l0u*3QRe<0kQ_B`ixa
zfIX<+<Mpr+%gvQz7YSR@5kQ*qT*UZWirIaSW4x7W8eZ9GHxX{T^=~=QC~rn|@_WzJ
z5|&>XGEILRh`!5u5~7*SkW7w6=^Yz<EbkIGA!)TotsU3c!*QtY;`>l<?J;0acR{id
zmUnLX3sq!f7{kgU0ja5vEZd#7to=j+QE8$bXSNjIdYU_R%BOzN)u1z+qYUhxD(}FC
zfMyJvhgZB3U=k0jc-^>0SN(SJ;2y9OM$%c9L$r0PWO`fQzSeh_D>82E!k#E@IH55~
z>rj!dg}$z<D=Xlfnp_epKlrv!@*H84*vGkIZkZV<=6$EHoAv4JBCnW{bj_iJ!?~Tz
z@$Jiye&#5g-Q128I<v^zMZ3F1lFF(ZmCo7hOdJWk%OOWK>_bzU7zs&!S3nszw;v2+
z)>9bgUyn;cc6e%HaCO5BxpfOVutwG9AcLvsde#_9-Z71XNDO;vwZzC`-RzS!R)%-k
zvez_mToipY+?0{MngKtapC?e|NGh1eN6k6De%KTB&5CItmL5V>k8qgQwR%qKjhgg4
zNSuSplL;g9=%<ll$~Wi))|&Gf3pCk9x{AzVZ^e+YHkkKY&*A>y8|Kn`cVSb5RCOIL
z)k(~i+hi~FvXP(Fgw>CSJr9(eH6t7OyGyL_O_nX-Hz=mYqu=G0I>FXnY;Gt!g_Rf3
zk9;=D{MH}0RsNxp3sUTOVZ<p4`zMd~YUOjMrXxI~zd{!G4Oli72lRBL)QWcT^t|KP
zE+3m^)uEdsvu~rQk@3aff_ZuEl~7^4qbHw`z_~79+oghdq#!=Idw7&MT_;(FEGluq
zSM-^hZ$sX(==(A_T~{x;)+UY-^L6(8Xx~wNth8DC?y_TyP=~Hs=#^|N4Y~Nqy=(P&
zcm)yH!wHRfTxMn~LxYJnh5Q3AGI_+}i-nXs#Pjx(flNu22%M6X1&YXIj>B5Rw7kME
z%jtPy)AgG*ixe443lzqx)>0LW)UlqDmc?@EhMm`}vz5CYm=-+@rV`8{GWmdCcI8PF
zy;=%v1nGzq2d<dMy)<F+*ot@0DB3O8ZQ>Wu=L%k07#7L6$U+O^->Wqq_-L9QF4;P#
z1E+h)sVhE<9_nG2Ey17lO-cZ@uU&qxtf#99ycVZYzxM$1#KmEb{Nx=>^IcX(d{WxJ
zQz66xTxJ0U7cb3%qAIU@peHI+aA*eAnv_uFX`4$r;qe!Ilj763=_@>Z*Lp7Q8G>8L
zsze@@DIc8|-NMVY`P9KLopbvH)9hwF1yg$DfrB^@YZYKj7T~EThKj?^dW7nSEtWSj
z_TWsY^-wo%r6#{>4iMCIF#$jE)Cb#T{v_W02C=jeXH0T(cS!}lqGCL7(AAYXaYJq9
z;>6BNQzamCs;gqIkGh^tK<QU>sN89%k%<VYLPr^9YP)e+rAYL^Z=G=;_12_ToP1s;
z(Qf;4%rPM~_}s}gWzscJ?Q#cQaysH<SDBnj;)Qv-$+^0%IFpz^&a`c^gxZ~lN|)iD
znDP9^#Ub!oJDd+GDd1XcE*?2&#dJjJ=*iZ#U<BIjYBJnVDUh&Ka6i>1o9?)^Wc<o=
zm7nfWo2TZSC#G&UGb@;#JG^+N<{($1jz$?7d8kr2yy<0vgw-f%EksR6*eC<lPzvdG
zpJqSXjeSxgq%kM2b>7kNfRnaauL$>S*D_?6vaBOc(gEC-s5y^I3<N#?r|2KG+|6d|
zh=aWD;7r(QBBJhG4s<Ek16M!jH!1QCS=jzurxapvj+MSv;oUF7(aByNJxRhCGED)X
z4sb1I6v2--anUrTAn=NBXoZ!WSAJT-lwb8SWO;xLb^*WAb}n&LUt;#%VqKRy;clEg
z=H_GkNCaT0Yf&6@H{nM{kl}DX@c!Ts=S#@D%OhdwSXFoRbH!#)wO$7c3)&H8C!Qm(
zX1BI&`GHOKYeC2J4nJ>T!ULxi2df;<ur4U5lvHq#m=w7wn+zy_+ml$B<)CV0z8Mo_
zLI1}s?gdk0DjEOpa2=7^27n9?L8W3$h(!Qks$$CHcQpn&+)tqm2i7+Uv0P+@asdF-
zTA2r~_=PDDeH^3@Aj7W`P<C}pr+xJS4J|l<EH5`5<!9#q9-;;kq~e_eU24Ajpi5_;
zsI>wK8Zn-TXzS>NQffTmIPni!^S_h+#1Qz9{Dc7X#oysRme~d#|6{zWP0+$79zPNk
zLCb>|h<=wg+%GfBD>DH?n*@Adz7O*Ecus_yotAd5mvf|H%{Ba58YwjsQE>v%Lu=BA
z$L?%iZQk|p78%C{{!0wt5A7ii10y5Os2@*-?ojplEPhRRmLXTF_8~Ghbfg<|o*!F7
zR4hT<q{@)4{?AJoj%H`R^wJ2~mi2y++%p^6@F>@P>^gM=NAxDY^3`nMK~|(M&mUx1
z-{u@Vhp=i3Ah>>Sox%E&qOb`r#^mIr!phyS#BZwIR-|de$uDY4XFK!<^U3D3&7K&D
zn1ltHMB}QPt3PMa{k*0@DWY2E<nr|CQ)EF|nOeN5!0PI1_Du5j%1A*$LHK1fJQezO
zsJ;F4`lNU^59nA|w9KAEJoaR+*<x$FbD>(z%c^J4v_Lk;_i|M1RjWl=4RVRV$7E2I
z;DSm>8*S3E8_Tm)=Fb?o4?(qdlcMezyKlj86S|n$OdI<ZjJ!yamKM5h+@phWZVYy{
zel9jIt_DGK==<kKT4W*_Bg3$Xh%o8{OfhBh+yo-1m1XwXd(&e(z3@GIZ@ACQeF^)H
z5Q2p(a;><PZVwV6=^8%N!&`b~1!B8&Ed4%6<^9f>;HuhMXYs7&h}<ICRU&ol=9}LO
zV-XG&UyhS+7DZwuB5BGbMn0Mz(tI4O!P3<&A1CSB_ndh7dY;5hEY6F=wDbM207T9!
z8~hK;kQQcxg#}E0rp>s#RnVD@?`$=+@CurXYsko959*qN;VcdBK1;3r(C#r7ni?IX
zbu8m8jdL3U*kE;T`^A;&D{{5Q>3&CXs@t{p(*!s-MH}9@u2~~8Ui%o@spjsr?Zt-Y
zIJ14MR4yqd&l&U`WQBpKnQ(@>Lo@mLVQ20`aJBySxyM28Sfc?;=}lzmXcdI{+*3f1
z55K)h%wP${jkgEYr-v9nrF$Kc1dpP_#KlNyu}1h-FZbezdz1?#y*&Ez<AutP>E7dG
zAB#RigXUrmCJVRji7!>LHHhr>6XD~xxi9eo4$7B!WR<k4oam)+BIC~7C{UIwXZ_5L
zqTi8A#n0Vm`1<2h<n8C)_K+-c-+l#2&e9F}=%u7W`RH3b+VMeAlLa98?>8A+XJ-m-
zNs@3)iPtWm8Zst(IBj}T?$tQ!9+MbTztFGX6lr0$?b;7z;$+22kyo82da-Gw<8t4T
z4;wagy)+f9Av2%bt~E+T7t{0g)^!CnqBgbASSlpStj3!h+Fhce<*Uem$dFYrRo-d`
zO9U}WP^Q|5W{5a@ZH)E3quFk*__4W{y4r8CuE=ha-Z<xN2GeqawHI35q9=RAUZNIq
z35p-fVikBt4OEh)KQvqPE%ZCWe2prMp#ZZ|2R$T~YN2UvlDeIHiDMnBDCl@1T3%y^
z(Y=^1GV|Sjm*;mq0$Je@JB~>qx&rU1pg#Q-yIws<lkUn-T|NEs#Da_@pCVJ=2zboh
z3T8v)_@C(9v&_!DWFSIN6~wG`esma<iq4M?LK%lv88`a4@&}z8;v~v=(2)r$p>ELR
z&S2^29$z4lS^(32YzkVW3I9IC18l5+V8C6;39jc`%ekZPw>~{KYZ~UYTCOd6SFMD_
zrl2;-Yu7fuxHu<ib(v8N#(M-jvMy*h?-97={A6i6k$Ik<td~f%>;-HQ!9jtb$6g=`
zUimlt^iyEMZ>;s{HZ)Q6!jicJ3nanV!vkVx4~0GrK#k?UB07!PNXq|_7s)D@ptOZ2
zp0;29Dkk9&4;eUHj*`B?BvY0^WHK;tefhigj_l_J-VNM$F&_hYbh1HDFhL}^*?xC-
zGbCkCUT7K$?DQ|HTiB7OyzxFgu`VWA^(U-kA+rYdJviv0;<<q!Ngn40I*Z64Qrr`-
zRrxzR#u>>+>jn9~8wK&^Ud<AekwHv$L7d7#`s@(t>@0%weZ=oJpE%z~Qs{l^)}VlZ
z8}Btg>K3RQzjm9B@!Bi2(~vGnAetTIIXeHkL$~>-U%x&z)$F{)Ra<MkvW}-afo&3x
zU3y0?P@(<%MaW}K(*L<ETFTFt^^eeTCecg9F4Y4c1n44Ym$5E#6MG=R^%{IMqRaqx
zC#g%7dl=+zFbq5{JMCkTTVIyPe~!`S&l&wra$rDwpqnVVM{+=ehzI^w45%Ue|2==1
zs0oL-y1EL~8m_+?=VW^fXIZAP{7TJNt^Ad<2%fV@V_ArK_PX+c0nN?nS_RyVuTTza
z><Z<Nk2tJd{`mHMmGaS_-wsun0231vclu4=<VpJ;9FQX9H&InD$agvur}TcQ$!KuY
zLzn+62sU)Kz=u{h5I-->ikvyvUXd#}jBX&b9V;v;Aqp4Y0NF|*#|EdSxDLb>Jv~LM
z+rSdBfg+TT-P~wO?O6>fg;)zr9^ZNNaH=MV$U-jVAwJVFU^dgRJC~+n*@O+w(lmaJ
zQv5esn$CP>=}%!n(db0x7KKZnO7F_G3Vd5dU>R)6NcZ5Zk+<eR|I37R@eHE)J69+F
zd<Ln5e;~^!fjtN_$$pHw54^b|1^dp688Krj4cv5e>Jy$a1-GxCOgz=zcC9h)oz(Pu
z+B=4>w%zb&H}?y8og~Ujaun3&nmed23<I??ANbQSm^=RIk(rBfR3bd-!86K&&V<YT
z2xwR_bedI@y<dhndecy8e=n`Dg93`;mPCBHQyj{90!mS-cMczkp9I6MNXyW-w<hmC
z>dY17($n;-J1|s_TJ;LC9DiC;GO`-J;4N<VX>=p}R(h9s;?4PaRB~LlIE+^L0B|e_
zODXmnCLM>WGatNJHS$UT4$@~4RA2a<d#ve0L3hYg%=!99)m!<vOfuPF2U2LV#&(i+
z`@{I~q36Y08uF9qVDwOI3|o@&evU#;mN&<nNAnpr#VtOE&n!a*M~ADOb!ARcSLdA`
z(Z3_<OfsZQ(|VDpW1urk8p(X1GC^>@o4;F{=PqFBo4Ev4Qm<c)(jz6btsJ%0_$oMa
zTrm3_#Pvm&Q8rna<`$g~K*O{Auk%>Mvll&w*)N;Ww$9$)(#07q7i_A}f~;46iA|VJ
zm2h63YO?h6n|{HUlvvKD(lwgKTPsqU%USugK~hbUhjpbr(@5+OTS%4OuK&{(P-Y7>
zSY^P=gi?ZBSaH|92kBh~L|GsFT`hrF!a>n1eg|#IIy#CWaB(SW3Y?r8j`X{4ftS4l
z@{gNw`2I011B+xm{jSsYWdGVCam`{c*LZ!&NjP`Z2aeB)sm5_N3r8KXiSbWWbMn_i
zZ+ny%i&iM$X6K$&l$Vj+@pm<^D4ZYcwy!`!sgaLfC0{DiN%P-SlaCHdr2&mEUafII
zJq7cD+s#42hG3A&TzhL*{?-e=T9Wcr!z0)_mI`-N|LBSL&a<kvFJ0_?3d90TBmxo1
zH4L$@YAR8Ir1+qa*t2RE^A0<Moze|T&QmEF)rxnUHlQv!r2x71ysde^af?SFR=z#y
zh*c-9_qgE%xe~~Z1lm*(0d6*h%C0JcHKR7m`O}-be0L0=SH5)F+<YDL6sPN{3qygO
zYWiMZR@i~1lwUOB5A#}<V%PmN@5z~Y+vh%fMimKY$6pOc6|qESqT0c{dMGIY?%92v
z_npo|>f<MD?EtY~Zs&z?fx<BvDJKqQU0YMtA-xjmwfPJyrHM)^EvlSlss<V&PN+mj
zqA4zJnr}3mj8|oqfcM!2mFeu+|M_y!OJq_&px9y*om4o+@CNza{@`Fl4jpBrA|2%}
zqvOa|mHQDwCr(DjTQ>VZ3@|LFQ3z}WN(yG9)E*IxOxuf!XyMP}w!O_-d^_3i>+%P`
z$jFxyewoalB^Ay7h#6N)rF~V3XDrWRwX{1G?DAU>91CNxrSuRGBTjF#mXRMWZ5Hqe
zMXKIw_VW`M4&RZ2#{U4|g}QLnwe6n~;VdFw3JN$iYKTcV9w}fxJuE6RK4LW=O)tk&
z$k|g+jKT$?E8QU5huYk0&l3N{A0P@`+&h#is>W#&KD|>u3Tsc7=OGuC2vjH;_!%+J
zfDM6-@YmJVTW)JkUWe5uzDEqX3OJTu)4yBZ82iinz_HEeIcesVG%3^s>k`i;(K>pJ
z>wg1%{yn3efgJSNx5S9KvxH;0h>7@_Yyg#zluM=R_3M)QMbD8*I~V~-*x=uAS9pEp
zkL~SLQJ>jJonU8U5zoAN3mC<3-vqw}+fBYnxKrh=o~Hj@cPUg_Z+89a^`|D;6%{<#
z(~S`h_rtR)CmQ$X^Lwjb>|<oy7L{1v4(sb{$fg53R89O$zc*(tW7J}OgJ>_*?n+Sd
zz(X&|e|Kyb)_>E`5cR3{I_GFg{6`+q5&=H@yX~Q`vpH#hyZHXMtF>4Q5RU#60tWd3
z{G7DZK(0W;G?u!~JOain#CBMlgUkWsq!x{V^x@^CyxQ9J-8E_$Dg1<;YD6fJTFK9G
z`t`o8>83$JQ`O?vS6bOOg@3(2)aU_lSQvmR%M6TI41sqIRJViQV94`)0CB1OSGk9Q
zg!D+aW6rYvXCd+6?G?gov*1z!GZK2v>m+0+GtWz7QLpxhOu7dGi$k^F7jMT$m1~=5
zwb48wY~(uD4ksLqoVmB*%lPdxQn^Q`=LKdsLHu1Ncc(Sltl=W3=q@G>+}(JeIid1T
z_}Z*~42CjtpMouDk;B8`dFd1WGsCPoCz@b8CJyJTSAYV>zo+tFQI<8&nCmPG<#I?b
zVjPv?;(9dq%)%+k{KH<|n=iSRc;u9vyHf1xQe0<&N-yKbMzlzU&(3S(EbJ7#Wk_Lq
zkVcTaV^ECTvLKkcXA8fw#bDV?;`56Qd_gWJ6~n5u*2=rxS~yFXE_5DrpkCVD+XF1{
zEq+7SoEzribi3`ss%6p%{OFvJ?!J_zNAV<Wa`5m#(dhhy!=-fZ;Y6x#`t793!mYx6
zG^lU|lY{;kmr;hk#$Aoahl~5~B}cXW4tJ;q@pE36JX$IXIuaRwzxYWuj5~t6URbn%
zm$Rg*xcDYHPS5X~0PhXpW>73Gevv8Wh5Ld|dn7xVuv;T$i?A4$7A<<`=>ft6JQkFP
z;M;O2GczNCsumMyXGwU^iUo{Ca`o~S$gV0K!V+LHad$I4UA{mC?PH#XqnwJZw7dwB
zvOsdaYCB#@ob#!~`6?JNxk<G7|0X|vZ^SbD%^RckF3EP`LVBcgKD&O$CN`sSl|wPc
zTfFa_k`vIw-j3+qK--w)$Y=awdtyOT6dG<b#(_wWul?|{tZ(c6xWq68fnhuXb3XF^
z(E@R<@CVwIS^+q!T0_XFtx`NF1*udh+5cfctq#(j;M8~j%-GnKM~|15+TJxRB^vtd
zzV@nrYU}a3$91jvbgqYi537c0X(X3ZMDkTGlex*q!euXdt*Me?+$1c<Uzfe{)^v*a
zE<>RxUANx1XMx`6I0X^bp&arW24t9=1)_uyj{Lwd6pM&bW29CVvsL<DwtIVEqeC)O
zz#`CdAE}ULoTkxaUC_m;==dD4G%PCI$qLSuku;Mx@A9w^&t8*C&7)qNy3a$zq5=qp
zgoOHPf@%G!^-b=!OLI}4#(JI}-hDeuuibKQ2&x-7N>moI))$%}tEgfksuOe|9Zz`t
za~A&!lb#)Tw92lZ4TyQ!hg@Jr2NYNfbcG2VA=Y-<<uYVe35;BmL3tE6Fku=IGc$rA
z$+?HG3|VoO9vopKwZiiI?mL>IhDB8Epf`d^&9)j7Z7Mlb5lnL_+Lpn{NP|URcUT`$
zF`3JlEBwsB{FSmoiEAm*S`zj$OD|n&AHJ;PG1p&NShQfkqKL&>kyo2c7TZXZxv@Qn
ze-!B;_G_@tR5(Hd0?E79iV}@SpIH<$pk(B29&j5RmphMurFyt<xXm*m>1w{TKTs}I
z41u4e^Ed3pNhhJGMd?PezSm^2TUtUQ=t5oT@iBZFer(-6uw5R+0vl45s{^~zBUzTb
z*S%Ije339dsf4I1Y%ETQp<r&c3pXAjT;4}U3*?eOg~a~?*`D6=GC^19`3p21#h+%#
zg#=SYgz?i8?!XCQ6am2{G8{$<RP44y<K&?z14d#kX*rS9OlB3>hwYi^h3?_et6g^S
zSw6*EAJff=?lP4viJ89As0_`|o}-OZ;h5ubqRp~P7j<Uh<gX)OEJUPX_6$uhUc0&Q
z0c3n-<n9;jYXEU5&7|UD`|)$=DPm7W>tLueKD#@2KRCVbXyh}Z`xwKzZA++aW9FAw
z4bRvPAcLZ{T?Gy?T^!Rvt;^}Y%t8k1I~~(g!;{Bf@?RD8?5>yNwx0@k;{WRNf282V
zimuJ+M?#gArw7OdKS_b@aLGK5@vZGyOMWC*^xHwFf8#c#S$bN-OpBIFJ{FXZHmoC>
z@crmHTL1QoDgXso@0>I~UcS9cF>@L7*C-8UP&_zmivl`~u9<+Ia)RE1zRraG-}9_L
ziw)EKJA-|FWnU6k?zuI{$z{JC{C9>n;$v}n`4Vy&%l@Tk>S6aFJC$Vkm@IJE&Y^E>
zD+>ol#A%xlzA)fPQp9If<MX`X-V{l@F~gJ>e&4%t=eLZ?zkX|ECnvmeQECMV!cilA
zyeN_}iLtlfAflgS@a@6khK55+AC<w_CM6M^oYw|?TQvfy!t7&&;EPKGYl)a{A;9?n
zgWBdG)#Fha+unTXzUa?KgYtC#Go@<!p!MQC52b)Yk?_}x|J!Qd1Buc6d65b*r84BL
zZEeywPeLIq+}5Vs{AMekO0!o_j;wK@a%D*XMH*fMNuQBZh#;lwRu^l{7}{K@VlR#f
zFTRzfR2Pe{bJI*bGOuXip*vl=1~FN850fQ$I|i$066}I*=Db{BiAF9ZTyf=`#{l5w
zr$%Ew=4!{**n{@rB~MQqV;uQ$F2j3GcE*fLD~_-Go*7SU++KSXK}MrHl6rj=`s8Ax
zYPj%BK}DL!yUy`Rlb>%WVaaV*hGsGs2*HtzlXRu*d?<%>!x};)+sFei$QH`RsWx7>
zR>4EiqmpF{^#K{2ybx$Dgkpds86}2GVf<>c@pmhHSk_o!b}eG3dyo{A{d6+}`Gd!<
zE~^v6(UKO2brZ>o8&5ZwNEDW|^UV|P=m^N?Kz(NgE;jUY6}AaTu7LEL`(9qs!CE8^
z{zzeGNJS%EPGc#7wuMF(j$TBjxl^^G25d|qR8+*6V1$T2D^Jm3>H)|+J-T7;#V~vJ
z@Gxd;MZlj*gZdK#+mm9t!{K}(p&tuPpA0KEQ$AX7O*W9MuCL#6{xY<wW6mnlp!G$t
zAfZZ**k||sG6u7`59zlCsjC;LaY64YKGQ7@iHKLFxgMYWV@x#fa+bwx0yr`ghO~Ym
zG6gP{b9EsujJ-P=r<6;e-84_Tr6n%_cQTMxBeXx<^OU<}iS}pdo{m<1u-w=GG~BJ9
zv;JVsV%G_4eDh(_>V(eeyCj8&#5O8@<w|#*d><&ObhqWhKJLoqH|pw8HJ+v4Ggg6M
zOCjqf9Gi>-#X$9$Rz5O1h=aN~N%d$-Ee<dc!+ns;UvFMvkoG_1VgoMR!-?aJc_q&1
z=<uQ%w%X^12a1~E=g4=oM4KXy@e?tF2f+qq&oY_EIsIoZ|9rE|>ahQoiM@1up7+l9
zCffJBPgq7xHk1g9wO6k%=2?(WfDI@U0^f9b4o~U7OgDFeGiyH*?w60A)*wVGtU*16
zJDvQEB59#yFP6fY>cEem{M_mpgUSB_(ayQZ!2dY%DT%>1;h^F04ZIVw^%?o-NGiH}
z<n5nS=?{s_UKa-S-f1LYtV3sTqbH$9iWgEpt1z6AA%#lYJqh}5kp1hf@>uHJ8|QbO
zljJ=aif^vEnODebb&^%UcPb!Q>2&I!eE(ElnEDS^z{~#;nHonq&#z7@Tora=JLz|V
zzi*-JIQ&^MNiwb8$_BN0d{`22&?1j_`H%B~(N>KOsafY}<$?cvYsIRA^=b<JQ9mE+
z&6bShgLfI4iL3hu4*cYzB#IZ{`LetNsfHxOml1y#nPUO$@9048yC6Mh2T}Lmy+ZyN
zUj8`pZPIPQ2q8g`cySTjhc+UU`&z<!5(Cn2@>e^%SE2p_yC>0aq%Qx#uQY@ZqA~y6
zkDrM!kO!X2eGYxyU*gMae3nML{RFoRap}t6quGnR@e`fA1z+C!8S{QZt~2g7SY(!V
zY;<&Z!l`M+uC{O>bQZ>&1xRoCL9OTH^@k+(y>rpxjM0q%WBB-p7pNJ#n-0%T=sq)A
z-qS~-Iwn|NxR<8#sI{Zzo#`C%J=-%kSFTrMVgOo)=Q+ok#*BALvN^Pa<R+mewp8m8
z;%I;-z>W`0v7-9jD1#*_{}vHLAwlw8QdLfE95?|9=Q<!e3C(L(y1Fy{5!z>R#)laq
zWc*CXBQmcf6Uh%q{%<tJXlGJ@h52p@!kFD~1PJLaJQI-4eNd=uPyj%nPd9kUnt%_=
z9~(~Vc`_cq^XdOm8`<?JZD%Mk=e=5}{P9nL%NxARtG$duKUXXRp<Ex&r6%mUx2==t
z5i>l}N!ScuGk}{`HkH!E3mP4r1hL%uzGB}(`BGTCq3~P%x3TyuRHmEi<_q3Nx(beb
zj?;cL?(zJJ>=5|Sfb6*tLAv0HFx}DAJJ&+b?;KzaVwHT*0T!f;IB0r<WVBvaS4@->
zh|#{@t1d>cZcvx55v&oDO4NT_M%EVFAep`B^lb$sJ<~3Gwb^9uhShjwtQVo7j7%Zk
z5}9@Ojm3rRPj+7My7$ryB3eX)4!@U?4&sleOh8(7dp%IxB#SF^Vp(eD`ury&8;I!t
z8)5RR@|*D4*mG45%2n(3bz0_J&3Ry%bN?nBsZZSXRPl8-`E@HxZHydOW~2*enMzt%
zLy@aiTMk$x`b$y|EGSt!N50g_G=8?X&^J6<&P7FST&w)qRZW_D+hpS}I)!+2ZgTC5
zsQ9FD24rLrR@X3QcVWs>mq@v*R)G({qM5K|gS*c|s4aAGHED_F)J*Gmb=*x>CZeyb
zEUkfjbIFD#=`Im#Gf(rv+}G6Zs+U8>#hsS?gTHPI{bUsLg~sz!KNfT6gQr41)4ft*
zP@q4KlocfnPon=U;+X!X=;6~hUCiCW`=sew_u?@&eJ$_R+rr-z$-zB0ea(V0B^p!T
zm=vsbVYm924c@_lixz4Xl_2uS$R+9sC=E3WaKy+Ng(+?RCKC_(3GMFgrinOP?H5<Z
zr%tjur+ic%qYrOBod1CyS1EywYDsU$XHp&P4n-4q%sqMfE*HR~dgp>HVSPmNFXw3@
z^f6t$t}(R8D9|?AoNf8Oc2rv-SJ;;b93QkD=Xgh6{tdN|Xn`S~oAETye?Z+ITF<46
z(Uq5|N$l;^;hEP#ZVY>HXf!Q4<(lT;c=5uK{v-(lLzSI7XAbkfAfmb7zIP_g&SeGE
zzsw*!MP0Ke=jtD$lgAsG5*gQX1#q(MzH4h9ff*u4L$xsgW{Z>ahS*wDJo?)9D`AMz
z5i0OyOi(DSDgFwo-%G1pJIy<K73OE1Z6_9eCyU<pvsLL{PgYlbP{EwCw9f5GG4s7Q
zNL*~&fG;FZNs)2Z9Fx?S2x)Nthv1nOtQ5~L4V>NK0gm&t>%Krf_xwiC?wODX+7CQq
zEQYCJMlLsM?nGoN3knUjRw%%XV+XaJ?pfK*#b~{2FDWT4CaU~kHClhg`T-xLT&}4K
zTBA_n%x*73tfNvO?Od$dc&&#Q5mc0JAi~{%!&P)mN7Txa1sWLewR6aa$f<kD_G@bO
z+NX#cB>5bV(i)F!%uHmQOePUUcjF+<&V|_$<X?@4pE4_xX96t?k1W|I-Dcy@kE9Zp
z)`d{6bQT+Fz3A?Rpwz(Ocf-oHsjzY4O-DQMtzpSGlA#9l)l-+bWkZ}^zNTcsiIcTu
zTId8f%NM9nn0ZY^UeyeG#36@;R7TuEvDQMjdYDBxg$A7}Q#|h>p*yb>*$%g~z3HN`
z|2rkPm7Ox3h0GUFRt?(^hXewR&;6IJ9=qwxe_OwpkVeoBZ)peqxLq7TXGT+OHcwA}
zou*x}M0US5GE+3V1~T?7f|l;!okqc85ptIJbfHQdPE0RLcSoD4Qp(ioUQvK~u=au{
z>g}XilOdcJ#R5?>7oTO!tOwn|Eq;{Jsdl8$X`DQiB$$6)hq+hs$Kx+8o$`0qBsGYF
zT8goB;<4)ic@-+7b*}cC#PxJssQv6Au`s<xa(8bq7p3fJ&6=cN$Pr&&o%Oejo{YW;
zenFT0ljC7+?lE*GGZ-%taCBUp-isun&b4(O>MQU92|&yQ_l5WVp-M@tBdcK{dkB~&
zG-%}Z#l;$2D^zbF-_9l8&lqjs%W*)K0Fq5&a<iz<L2}dKvx#;EmjFTo;Hs#g(>ObO
z#q;z%8{hNteBs~FO+fxi0EO@Ab=a5IFfrv@+9GM_$QKCXtpZj_jnmFemEN5WE--vJ
znI-I$e4l0y^#4RMe&8N|yYP<MjMDsH^b~+Q|3NZ-U>AS8@n65)+WPi1i#av$KU5x<
z)ye;&cq{NIKY)v;1#GTWnK+v465vq#6JSIBbIIWkiTtZ8>oYS>6hW>B;g=VdS<o6)
zihSE}INp6wyVBoD!5hEzE*)rP!zBF`lme=pep?rIos@L^w<iRF1lSaS^l9#OSCYlH
zaqk!h<~lPn?JJ_^=;;a@bsnu|#S-mY$mmAwH<mq1Rh?^Y;QP*E75%$uLNAdh0>Gu1
zAonPQfZ=oCO|yhT-!uG884xznQc<CyJ-MzlV58ly%Adu5m*4s2ycE-}S)t?zkztOS
z3gQJ5fa#V9o_=PmqBjQ^ONt0e_T5f7X}j3yBqa@?Et1Jh+>N0y{SlZ=6C)jicxx8O
z!+Kl3z0Z-IS5#1Vx*03WuY4wN*fzMkY`^h|NiBchD|*Y<@jYMtd)|lMhWDH`s~}--
zb8?{uBEQ-7fy6sN4(zLBX}T_>TKqc84(Y%3?YfA)qsox~s|?d5)+LjGcOKn{#X5?m
z`7EXdmK!1|qN&{7ynOck4?wKk<sm5xZ2X3+R%C_B&~1=0hr2K#8ScMw>ZkLox3cNv
zEp$iv?&0h^*F^P{hF&)&HFk1*tY&U-$4W=Xlz(=5hWesz`=0CgvwjDS6WYs1Z-K_C
zmaSO0OYzKes~;31*1{gf5fO@o{&)(iu58U#u7=Ph0S(`390M%Y35rCWIhJzuWNl6`
z(DssxhkYZx%WFe|UfM@247xzeSkl|VhP;R|5H%bW9MEelVAeAB<4aI_<4Cf~9be~z
z4|!g@+5gZYWq;tWq)&542V={Z{h~|hZCvMHM5LL@8C*wHD+)clDO0RYj}+UEP(4Dk
zd15Iz%%{&xXNGamg|74YZP6z->g3ign~l`XFmR9DS<{MFct+f=ln)EgynTmFGw#Zo
z64^4ewLRwFQ-Ae;(xADeEQo?wtipbGP|O+@gNV#`_mpz`O|J^Ui%qpmh?uWAcBBYm
z4u6z#LEpGbMa=NE>Js^7hOcoQ!2xlqOMDh~+(zT|dpT1iiAK~JuaEb?QCU6hjnhqy
z;;>fcvL+R<RbVu=H6O;jNeh-HWQrW<#uT&qON)cnn4Lil?8wKa#Qpps1dQeL{G~rU
zKG4b!RHj}_;emy;cY&2x<R$Yca?%rvEM2Cayb;pDkUx-Xn>*qdDa_`=p?*f&27PS0
z+>9x*xFz_w&%o_bXBd`NVzrvl$-RHi%F|6j7g^bTsO~3RgWGhS5!=>JSR_LTs-Dxa
z756E9;bgYLXHe9L8`D=KlvIBDrs!4-f~r^|!5XPk7iv-SGTU{Y*=m_%L`?>H2ldj3
zAR<%!GA2f?Z{0nfrH@LlDK`J9?`lWkW=tSNImnnD@|z!z#-5cfn?ggrFkgHI1aX+g
zD!~Z;5X6HQ4#Kn0#**`?i+zZ%vztX$rzE}g@gcHTi-v1cuB(^Gsco;x5ktPTfJ_@$
zamiN_nLZ^CQfS71kzKuTF0$)yA>WlXfUH%4I=tb^ETql>|9Je(=@H##fBanWD?ctj
zQRk1Jk&B1Bx>`+^c=6G4T^f%TLFxRzin@UW{84D_t<`_eM04~p+rW4~{7am<4>AGu
zGJJM$sF>5UK0y6gezdbD?!<jN!zqYIIq1&67%KvR{~rIELHn35GU#vd>#R5ICyV@3
z1^)l52@7Z<4xg=*y>+W0`EHrp<SOxvGg|ZaYzk14&)HRsjr)r}l1%Bj2=6B3=!*Ih
zSO50S&|rS}5mTc<3!mHZ!M2lWqCL&kC=uXNQnsGIrL5s-zbYO#DTE6N7-i%oZeL&H
zGn9|kt$lmyWkCv^0RikvXV=i=q)%0Io@LimZfek=e(4L3adNfP8@88zQ>JQ+(j#Xo
z`09oO2taJWqX7;2-ze*U%cQ>x+JEX2Z_Qc9#}A-Z^Y7N}Ln_f*PIds<;p6M@?)08A
zRsDgR%%|G&eM>Gb3zu`U6&!w*MCRxs@87#e6=@AT`i%>_g{;iWmLrsro%z*MN|7lP
z3|98YYEeCsY%H{}$t~*Bjp_g+0v;-WsK1<K-g_uus!2h@Q6y>TQ&#YPXZU{A>fG?~
z%8r~<Gquplx4m~%{R`AR&o>-hdX)yL`F~ZrNXG<m>_DvQJ1PPmm4%|xCqhq)tzORn
zgz7d*5Ghf`Z}FA^6ELQK&yefJ!3X#lJbRqGU-G0Y|A6MdYvHy0Rlot-5-?$vriu)O
zt}~u}J-FEQ{8q?0m@TD@oJgsSxlC6Aw!o{^*L$$<V1PtbAvGI4(vjIIQMI@G+T~SR
zZ?-5@&~Nz0jeBf*+U?7Syv34kO()la54LLTR^c26Yp3}%&*QgEbX@eNuJHc)nzVNX
z0E!c6!ZLI2+`m*#;%qa~Dt#nIXtm9#9e-?Ia-jb@FvT*%Fd`ByiWl&KKxksd+L2+M
z`|d<+$-1vAcWoi3z3XV-y=`M}53`4@K)X|N71I(Vu_~9thFri$-K^Wo#MvM8Eb*68
z?bbdJ(_Ch19krEI<6k`{B~+J>X14`O3#cz64z&`{--sE?0ZHkz=$kNVta08@XyWE*
z5|gkv+#0<#bS(u^E=;43j5kE`SdTqZ>>TSZCVC+C{5N&0KL0G33du(wk!@!wkH#4j
zRkA(~sPZJd%kXu`Sd+&4_R+Z=EzLszo)>Nj=de-adPyPT@@TWe4Oa)LAoKlS#X63U
zXK8~1h`BLuigv<{`$DB{(xKj2DhvpZ?WZ)uTY_d5<<!?n&)PU=V-`Q*)na||7PWGf
znM!{4vetl^^H{LDPS6Uv2;jy}RriKQvBq8IUk!!e1sZ={5q@3}x>^!@5NA!)tg<}0
zz+LT<_Zl$VS5=y@+n%R1V8R7lxf@0p5~wpZnoa-zjHuFE2%cg58Y<dELNAC>6@*#n
zKM}p{-~A$~LBA?~e=wg+HkF1At_<vl<?5;@yINW;ds^L<;>I-3<YiWWmk9s7Ah7Zm
ztmG9nfwci?BmBEN2Uh;r*-5+QR^N1N;Ma2Lcm4AJ6>W<NwCa68@?^cg4d43mOJmbN
zchS!C-#)q-H`Dk>A1^(De00lEQp--HFUp83eUH0?!WH@G2c};^1`FD)HX2;JsUyda
zU&cNh1*kJqW$b#&SuEWf%p?Muxt`~l(Ej?|O3E|o<D1IY0v1U`2x;~VT0|z~J}8*+
z!))e1sFC~uKo_tUKlb<MN)A(hG$2D0P0y+>pU~2AQ(YlI6!OrH%%oAA{qf^542=tb
z4M4ZpVN-*`^`OjC<@ei>c?!Hn6T3FP<IfvES#jHn82BmkqcDK(R$v%o;FmXrV-Er6
z0b~3+O2$=LdomaWv>Ru<1$#36x04=&^CFJZW#KH#8NgJ-*I!nA5gY?-l^gX<+~hjd
z1mMVE2;;(1ZZRH32Y86^l_R=_&|1+Op*5)&fWT=Ga*Joee^%X!Y${~}O_z}WhT9kB
z6Q#lg!ZOCWr7Us1WR`waHp6lw+I!MA6K^e6vQZ~?`>47E4Q{Oj15~>zXcbx|j$-7c
zeCg5h@V50loM}6_q<{Oz=jPX;HTN3dcuqDe_KnOxOrvV4n}0E3O2#KqRwlwaMsx-6
z7JyXFG-Yn}*t!@Z3jB@_1c|CA$VeO<8Q-VLh-Zp!(xpSwg`JAMuYE#YJkYAsJvC!^
z`S~nJ$F5Qc8$1>5sV+=+Q~Yk=bbWV88P4v(S))2}-M*qO;r?#E5x7-#g71V}r%=;Q
z-Y!;SC9f^Q8U)CS%?^EAD5s@~xUDF$zv<IG-T2Q<OR7I=SLl@wAS^gIq7MmEh5qQk
ziuO3;s-gv-8iE(=V`pGy3fd%j^tP$iv7ehe#%SI?2qLYH4eC*{grKs;B$tYeCK=nQ
z03Ut7+B;<S!hh$jfJ~q1O*p^C+Vtgnms>r0s<oOphEl~^WXllB#q0(<J7A!bwqm~|
z=$mfJ)WksCu7Pt`x4l|M{o{3`s+N}Z4=+@DbQAIxzNx(!PrWlltp8*3RQ0^0w-|Nb
zXb5OJg-GG3iu~P@OP{|qqmgk9e2J+`IH5pjf41ZUi6@i@8Pc)^e<wNVYURMxjKlXS
zS?)>9lj(V(78+iJP9nQo_%*u9$3?L*Nenk0a`ZUn1tz=SKRVLZ9`*`UauDA8T_z15
z`%f|{$;><%aAGc5TXz3)VjjGWIdcwcEtd8>0oXVx)NINOidUcJ$36@})xWlmom&mR
zw#&%UE`SQF)HGm{?^Ab>=buoRM3Z@KB>)%0({YNK!CHDmXQ>9?;(;3}c?%1VK9+F)
zvNKnm7A}eMF<D;R5E;+tpNhHjS<K_zJ|a7RAv*~6(N&iB)15nM_~>vnU{S5smL0z=
z3jU$}91Uq9k~PvNg7|O7C&_DwN(SXGW?RP=KK#B2UJeAK)IG@Ab?K0}fub$ucoAd%
zj=T=CN7z-LXwz&{3XPOIG+?D!BIbi#U_yRK?*|Wg04OT4bs8TsDB;i2zIpX{Ixuz9
zgF@7zv_Zi1-BZ>c0|@siS7ilVeTCfuvb2k6T0|R0gEJQ;!~`@iV;abyKYIaM>iuH~
z!i@S{^%i`(8Tc5oAcjbGFmjQM&$1d#Dr9DzYUV*2zhOx>?vnv}j4G!e6e{}2&bICs
zQ7kU**xVzZHJbrXWr?ES5LtJkE{;i7wCt~pO^P0|9F%PmHM&<uDv7y7#-^FaA~pmf
z#I-wiXt>{35cg1Mp>!GHSz<mkWUm$eD2`bBS?U|}iNM;P9-8kf{!f6Q^;Q7;^xy1=
z;XyF$5;I(JJx_qHg+4!Ags|AcI6IlKILrIxA$rBU334CPNm9FLjC+`kfY`57g~z7G
zkX$%aG@wzmtye7dl~lsSi|{ITX2JJp6CICWO`a}l-5u;oa>Pe5kU|HI|D&>tcIvJL
z40dGjSdwo35|U&;7-L(5(BIF=UiweW=@q~~W(RnXzosETbOSH;%c9X<#>N;an?!V<
ztZ2oZ9wU+5C-Idw{UgCSgB4=wK*K)~Ax^vZ2S#E0Kc+0f4FnU#-aoL>h-`#~^&B|_
zd|VEG2zc#M*9S+Ts5#qmOe~{*+2vUQ_$JMGC@<PBrXb}nrGQ@@b^n=DL<MDu|8nLl
zMm*s^&i?EY8d}tiHt@B(;3t>^tv5t6(SD!5`2&*tL$~tZ=({`+%3lGU=uI(YW^Hx|
zP!*7#2@rw%PFMWS<dSpMmtZ#Y-+GV?(w<W=5tSzpbz1FZK2FOPq?;-FhMBW??fdhh
z8HCjX;Yiw3JY)EAh9pU6bCg|OSxAV_jfvA{EZji<f1JDN7+@g_xuf<xk4{C1iS~RU
z^-fp3K4?1tlzo{M&v?hQOV4y6MSlosD&7RR)9<*9XtjHUo=?pVPo5|6|1^0M5gvQV
zdNGidJP3NG1ejzSnlzj#0dzLeETgUR13N3?pWR0VufP}YhGJ|u*npM`SZ?tl7-?Am
zW)I-Beb?6rp3;478FKV7U5<$$*%eQj7Gy4W8B@9Y>{A9|<X^*_d-y|nB|}tLQs;^T
zFv2MIkPRTbFJ^FB*TN1uT2MKj^kVYSloYE9*YAU9?g5YJ-l_4`7<1n^q{#mEw!G!o
zsbcQOx9rNL%12tnk0ZJy6JoYJ?oqw#?eLManSl+_0zABOdvN?(9_={~ZxY?pVVVzT
zC<uLy^VkH$$vqA}q18L)n%Pr-XzGkrh}a3oApF*D784pt1k4y!hv6(LF%EqQb;5R`
zH5nCYjYGU5cE3)*=Z_u|RL41}K8PQ%61sPzmFJ%ZO2hw~fl@%X1qM$~#bwVY&Ug^!
zb2qhG&qm|8F3Ja07d5lc!mciG<;QGX!v$>JZV3=x40F^QSd4B~W9kc02bu#VD$DC5
zcY{7AYGVk_%rv$T<a*ZIrW>nClhrfzR6D@d0&8Zg_`j<Il=#2)LisiNDDZcD{e~K=
zFQN16+i|QHh?&EhSK)frS9H6Ft+d!WLZ0aO#;XgOoSp@Tb7)fV+&#`FPcOFZKHq#d
zIQDf6ZYWSBB-lh|mJ&UvWwfP)nhuL#k|PB8#e9SItcLC4XG?jl<E~iEGk%-3wDJ&%
zFdTfa4c_)Fit?nh(UZG`E%ZMgP5p~^HSRYFiOsiMlzl?}CTT6|=JI7fr2t?MS(-k{
z@%`;9K<5NHwWULk^hwa<jazj3T|0;_u%^6#cf>mt#~9!b^ke}G+R?Q3Ytv-ZUSWRE
ztIa4o3$;mN&RvZ|C?QKswQCi;G8>=n?YCC^jqLhA;9fz6v*<%NaOv*3fd8Cgtvh#1
zOcQ+oyIO%TyDOR)rrWtJ@PRo`8_+nnzWquk!lmfpv!(b+mYi|$P+&H`j9Ru4D^Oh}
z`b*J-;$i#`K{I|JqcV9`0#U2AaNy&of3yuKaJ_!^;u<ireN`;+F<%WZwfhp!3u;x7
z8gaidhyJr~k=nD)Ar@GO$*pKMk9T{Yo~sk3WMR9^h-C@tJMh92$-rZD>TNaZRMNL#
z<s(*{Jm3C#jA)(yU)zqQPK&wtVMA!Zp*4`XyWAI~bsig->u-ym#|BymA3#`Skwf8|
zf&9+El++e5Y3&s*1fNj-r1$cM1$e(Xa`Jg<Vz7$y!&i>{vTMEYID&<J4^B99E-*UI
zpOPBwMQ9DPi+C8sjZ~nWo%zqO{K%hV*dPBFiIfWO=cw%Ci-7yEGXP+(O<9%gJ8B}f
z0;`lkc%edYP}GA3ZBPo2ynqg>DzGpTI*Du|n0T+L^j%GRj*1%Ul_N4dTtp!>m^z`w
z-(kx!We%UE|4&Js=Sb&XVYV5f+KC>UJemGnDNHeBo;p(s@yq1mpOA2Lk}yWhv_XH^
zubgZJBP6xLN;*&KkCs2EnrbDjPaCUlXNzk{6En$_0yC}y1K8&>`rZQX`niODC{_0&
znC|2XqarpinDl7G&dmIDyQu5b*BV9Qr>tMIw9-CksW<oVbGF%YU=57qCnNNe={(A3
z6S>kXNdy;%j0aAwAz2SJbtOjCLm&JukOH9pcY)OSPl1&E=;G=#h4db5Z$@Zj*7(v@
zxr*6LV3KB{zGroH<lwOVhL8*?lg!@^=+0Ux8lRT{-}UGsGAo{<Jx8N5j6uKlUr*8g
z^Iw6$PGb6{p9_5XZzzj*hWZBwo@!~$-#d%j>&q#dh6Y)!1AZfB|CrysshxN+PV1_C
z(h7-t*6-Dn{d%j+^7q?f+k!^Qjn&V<)HFm~T)a8fA}(aC?i8Iyca!8~?z9u55oomw
zcdYz}A=<lAzcQ)t$k74$=n7%Ma00WE0^g5Uhri>alpL7oR!l&x?ZAtx%$zYU$5WFG
z*JK9#^5zdZhZvT**SrK<Y;PN_R3+6=in}WFU&Z*9qIy7V&%%IEQ#*zWz^#FS@b$a%
zjZdKy)Dg7q!e>05VdDR}Ez3ysB3swLooQLR{wptq&J_)4WuL*CL2ru6(R3ITsbd;x
zmpCiNUmvR(kwU*aoUvVX9FL~T$>PT9?kgS7qMXIWYs#<Y*pif$ogDr>L=ONOXaCaU
zE}j7_d&GCBR*6A4HzUUmnFWZk@$2XeU~1fR8aeNO@h2Lx_G`R;b&zNxiZcuiwB<%5
zTQKP9>I&^)gS;f9s{?r8GqXSkAu#&#cMVAYu@yMo%^&;!BksK8ss7*p-#BrUEqgmw
zp=>GZ*dr^X>>UzPGP3u~CVS^ZN;WBb3yJJdMoEzsGJelP^+xKgKA+F`_rAUV=+^Dk
zdF|Krysqo<xL@1vM^8ctF!ov-ZCqh<GhZb;C%9~Z@%{D^87%M2TlXRF)g(WK6l(rs
zCv%JIL8gbb&?YP&;CVyTy&r<siHHXSA%vSZZ~;aJH(2GqcNlN^SbOyxp>yZgs*dKj
zHwpz4pTe?p>}LJuLd0YnJuy=6ee^MSkp18+HHya$C&5<JJ%<SH<`=-}2B0L7<tHd0
zyx8K{d}PS_vv}mbH8^g&OPy1PpAy5}B&1-H!8rLX)f?p%rKM*VhK|fmG^|S0e7_TX
zx%=>*7A-qNJ$4jC(U*9ES|EqZZS~+|QwZA0Su^w?y@?E(c*^hZLIiVHfvi5mI_&Lf
z+4nM}N`5E9#wqR3&S~qzn7&XV(AtKe^+4tPPq%2%=zrh_$(sP`ThpC4^*d~UI(%%W
z;?_qHskr^;?*FqP(%bm`i;Q8pv%v3xL+iK+-Ko&`WOb_|IHYsvrllAr;~vS?-s0I`
zfDc;GP`8;tJmt`XLeaW*wv>_C-5$UlImIlz8>t3w3U(<xVsXN?>58mBT$Ews=ht)^
zWF1@1nmAx<{7+r>#11d%cjfF3ok)&4X&-bp>X;1k5c_!rI&~p&7Vt8R(EX+?tFIA`
zuCTMGDcbT1!w}L~dU++lhx+K3PX$FqN~kL)>S-e#&_lyWf$RQNvpc%%-&#wcjhHzR
zrjYJ%x`7fRGjZj_<}v<jZ8l17OE=p}4{EcdKkF|<TTn1fA@^0*T2!kj36#9fYnfrX
zrc075!w`KErs+~k)-YW*|IWY<XjYLa7hONzTdnu;cwkUWD)PZk&5+v;O+y}WTOlKN
z3IhT#LqEX{K0Mrn8*Dr~9XhvAeECZK=})%wUoO=J1Z7>7^IH_f`T2-ESkI;$_Z}0`
z!Y}aU51TSNfvE>UD>USby&2b;D1QAld#uNYv3_Y#!s7K~XP4(6OX*l`EMuOfC}x<j
zv+y9ptP<KILE4X5#CQGH;GPnihF)lHFRmx5Vm7W#nAY<Pv?AjM5EXaO(kE?ei9mmj
zZBc8B|N21XLpc`dAY=Hgx71dNknE~dTdRi<UD)5^4qjV$QcK4GTGS4)!$9kSl;fyh
zsk=@}^*p>DmL8ja1}HC>>g?QBX3p^~r^t!5Qa#oTpM%KL9Q~qBr<^7&Ln$2ZQ7FB<
zWDOq%LfJpJXg<Vj>Gk;eQ1mMBaX`bMAoG^2aKvmxY&OH338cgd+l+7wh@pjFX3B<V
zw1)d?H?X6@#c0+YX`#XU(w&(7o9?7iVB+8heb?1!PKT43>3ItVSl1vd)$uvttUXL;
z8AY<=GS+h&96LRYEy_?MY|Ei;bUv2YgO^GH!g09_BR=odV9et;RpEx&VNr>JyBmdv
z*Pe8@i%K2dr6vom22cVrsxL<GMZ~&Td+pgT&x0`0g!mK|qx__<=Twtjl^$d)g_8qc
z1;$7?Mr<oHAI1R*RN(=*++a(~58nMpZV1G4ezpBo_fTUsO59~HWeIO0XoeEAi=<pd
zHwh(DmmjYO6rUa<UX9vYz#Ph%$83dHZMSmb>m{|f-q;#w!omt8Nu`A*Q#H;8tLY~k
zP4uM|4Lepv<gct>H8U7nKg^}O^rTxstTA|(@Wb{&;2l!}SNJ|TK0B0A-!zeXLVOm<
z?ub{vF{>h=tA4QSVFor3Dpp^e>dKuaMpnlr;wnaBpupT~C%c4~d&)+7PzB&C|074E
zUNQ5wFeZi#0&M;H>_g{_wkS8>V01r25mJ>pQ4WH|Uck$fJ^Ef-cBrrbD(C0%j4t&=
zV6BQCF}6jGix1slXWZ0=07B0aTlF_PVMX#F{>JGqw6kB`C}S2EZ?Q$W8Q(Y{j?Icx
zm@vrL*nD}h5}87GJIsni{7Qk*__eENu3yYQf^6fTe{qtw9(~JHV^-m1srvr?`$z$p
zo==rXrFgKD->hTe#E_nw1jW|kd7lUbK!)+6;Mj5@Z7l(*t{8n-Msx(3fZSdbC_q#?
z<P}jWzAedrPmcQ@vw|ju%YBK!f*(M5-hDgwZ}G|+DZNZeauQUxx3|~Tr7rJ)G1rBB
zB!@js&Bmd%J=tW5${XpYET28#&4Jq$ae;?IxTXz@;^0<J!!_L<AazY6CvDwwp(KH#
z--de=8@J*33u_}-)g>h5v(Mih+2Vx|(JT5@H$KEM#p`8nl3@}r40ukayDXsHl$U)o
zCYoM1tezbDkO7D?Y#Jgw)Y35JWZWfC{yG_Xk>h~J2JW0&M^pQ^=f?M72A7X|?xj=s
z+@_tbvj*ioDQu$^qcZR&OUk-8b6%WoQzXQo1Qm0UTaiCjP)+h-Gh(m;hV*9rXK(?$
zq>J?5?{jeX7A=m*q8r-P7$T_8RM((-eW3o(Z7%ELqt8=G;9a6k^ujA*!nabJT#rzA
zoGc-=HP}j){w4@*aRRm<0knu#`j$f0M;Wfn@JB;P)njzn8DjV{riCS}Av;{L2%aE6
zUI{}7r%fF)X7F;kCA#0g`_`#-#23%>sQL*rXMx)iYPxfy_!BVyn9yUS;<EiXjhECf
zTMMH@@qo?-Fn8YGA>J~`HOL~>9022Ht*U%NyO0;8BJ5^U%snJ<r}TQDq^E-0#YCSR
zTb(Q&#z6szRC@#NenZZ8Z3+V*?|lD^P`%}JVdND`XzTFyBajE{joyB#Y6)40;hR7z
z*_2o4CJ++}3YsQ1<E+R)Uou+{<aOO=>f=L23%*$lmf0<5zkRc)D1nTKx7tar%1BPw
zsTs8WCNC{pg*YboIg~emU7<}TJ#5aoX2^WQP2w<kkoW71XFyjYzS**6FQrBgV?3yH
z2$=+)k9;@uYHb25#QENF)xfnI%P*s2>+YQzDld<j6uZp`{Of?S!#@7)b^D&Q=!T7z
z|5VPp()Pm~FE5$TKDO)M{3;`2;8P>M{_ViNi`=lAI{N!<J`Id5E?!+*Ln%gD5BW!4
zH2Hl0SnEQh{wLL`8&&Xah@E7lb_AH)cbF7eX~=dVc0e?l{049PL6<{gcYDt!3dfox
zY*(aT&zkV^xT#S70@EY%M;mHay{a9lkJ%1K-Nbyd46(0TI+<6XfD}WQ<~L~&Qk}9L
z8Fb4ASXjHN6`cUkGbI??Sgg;T@yub^(h{)5wfFabxos1~hz{R~xbuNjCMd1Ec)EAB
zkj*aprB<KSe9ws&2+Cb&o`W^71L^PYzwb<gffqoP1Aa!KuxP=(qt1V52-^_VY3*Z_
zJATF$!U+B-&Dh)|{T7)mgd2?TZt)|2u}xsp52-l_9rnPIyKtqt#>qd4<b9WT01-~?
zEZRaX^_U^5X&;a$29B9$>ZjU2q(unE%AtM9SDqDeQ;QFvnhs7LNm;BMd*`>5VXQ>t
zAV$&9?lDjk!Ksi*{Y4xh(&>08YA?MBNkE}yap}tR-lQD)<6C5}9~@ikTcV%@K?J`g
zW|o0SnC(~tZX#<V0+?jZ*qdHkA5QtlT8BSadC`a1xy|xLDnu#Fg@>TXJkOg`nzQ1a
zq_;8D4aPU|VV?CE2z%riJg1aUR2jw0pnMvmm=+|8e^CcR+nBw*>z>pM_z}V+<5hyv
zxfSJmML`Rk!GO&z^J_9SpI<=u3a+BC%$X9pMfJE0sZk@w>KhkOo8y!XhVGmD<}7hA
zFf*yqt9BQ((DNhC9tKtdGE8pguHZG(m$9VwvszbAU0#0vo+Ikhp#S3Ue0%3tfrB2j
zwzrcNN2NBk`7FM2Y|3-Aj#wgMFQi<b2TztFLbHidNzPE{J$CFgz5m$Em#NEcw2qmd
zI5WS%@iSK_wW<Mvv^%F?AFt(-8QYl3dlv?9SWcyLH%8tJ-jI3t>}&7SfvUo?Uc+-X
zUCy7!LZXlKht6H?h>T0T)DfDSW70X#A97+^MHTh!A+%i=3%!Q~6qSO<=_%e95y>dl
zf{I%Y>wQOr${jj{)S~Lp!~1g$@$Ev*GUvn#3~@67)X)5)fd&cO%g@8!q=If=9ig7>
zGD_?%gxf#b_`!x5qDotR+Uph&;;stCEV8T>R$-^t(ulc+!29IPmkKL6>PagrRr8C_
zmvk-l8tatNksI9B!FGe9z6ebJN<SLj*5A&1bugQl>D2klug=;n_cl~{jaHS0C>7Dm
zJ4`5uIdZx>!^p69eMlO-(LuB<=5br?kcr_I#sq-V`|da8GP9KC2;8}HtZO3ypCyDe
zHQkUuSx!cOjOlEGbb)!xFw+GsEkZ*?1Kup-`&DJbcYR}HO0s3=AR@SuXNni9Kf3WI
z%EdVHS;$JfQfCQ^bc$8eh|N#38tr6xOJAm`WzNs*i`2I5crxTSpNt0xacQvyb@X!-
zzVq_t0aPlpjKT#HR&rYYYXsF!{!be1pv`s0+@Itdu3>jdbk@-)Ct6jXbbo{>wBoNE
zTw;KozMM^4jBER^9iEyEKp@!lX1kEv*(!f9aUD!>7=(I7{ieGU->`9Yo@)1P1c}mc
zHK39m-y1f^4@4UZAYkn}b7WRVi9%GFw6lQ&9B#)dfogNt!-{m%IS}bU+-Z7{U+W){
zklM->vg_{toL+4SH!xV;w*GM9H-D%kf~zU6W%A@n22mrYa~(KPS0!Kxg&~~cPmOFi
z2T6o^G(kJ?Kc`Efl!z0-ksI)lK!;$`w~iAK+#zBUKCX8!2av9hll7EZXPxy(qVpod
zr!s@2FQ=|~JAi3j;J<a^O%5nL8&L4yiw8@}%QK)dZ|y9IW~*(0hzN*htbuz4T?uXt
zVm{u@x(ezTVz)G>j)9p5C0>so&`o5Rfd0*C!7vr?GmZ)}3#SIJ0B8eYgLv?lwy&dC
z(-K!pxVsRPmRa3m`X|~h2|!e1jjj693^zChPh%jDA_;#)67+&^2@~X1DLkFOHmV8i
zm*LNXlM_0^?tA%S5LC*RMRFQs(&d`D&sv%Izr2u4+=&)H%yNIwm^$HA?kVa(sx{>g
zT`4UHLK%gp%3d+XRu^5a`YgpGfBk^5n?^m7@oST}M6pmCF{#rqWXtXbXe+K$Gd-@?
z>0nRqsTPUGqfT2y2NR^wOxTf5UNV8Oq>i?-v?r7}ui~>!3i+2nkU!Oq${Ti2)P%9K
zbyT$&Q5AW|ERX?ad^N9AH6Xw=)Ye))!FL5OWrnJZ&bM^g_6xm@WIM{4Ho~fi^Jes}
zFToF4zZkv1i2S7k+0YCc=~GnARi_Ub(kG07j`Fffb&bLml27><Xc%N=q!v<xUIvx`
zr&gBUV^q6Z7FVV<Ieb$L{gE6oiQbFN3nxT5Dg<6yLP;JGL6*Yv?93oDRijTHd!rhV
z2=`o3%9_6>Hxp^bKs*4&<qJMJW~rw9k?L!GGfgser}SW_>*j%|QImpRb1i&ad_l|X
zZbNQEnW=_B8+?kq@-T2`3<SzDz$27L>5RkUSY9KfdNh5jl4jH<xoJPoWpxYZP>%<)
znT8axd~KGYGUhGeZ&KiYZuSIq^OwnkIY2S!jgEI(70R8*`I)i?SBpda%`%`(GYD|Y
zl3V2?AWs;ZODDm)iy=S$3gB2rQL&J7<YW_-T`3U6AiRe4P*UtY&SsGv_W&ub1dQk;
z$};N;jthE9t?Xvq!nl?eW^9N5g;CL45D&SbP!-xE95d&cL<WMB8y4jfSk3kIn@5A@
z;;18u5xLU#o}!D;$jowVsAlu;Y0+<8mRH`~hf6(x-~9KmPQSzFgT?50?A_sMg*h&C
z@D<n#j`8kz!C5vQX?iUthJcr>Lhk{ZKY*JJ;PV4tv9|C%6SoAl?j`3lq|!^(m0M<+
zb96hY#Xr<jx;Y(S(7@fRdH|yzlcn1r6$g5lb1G<yq+L3Y=ldw(pMSxMzWEczdR4c)
zV-U$WP<eXkzTu5)>~?U)XEs3^Iypn>2VusifGYRtQ^#_fFFsY+^V;u=pFN(JT=D;!
z@Z5qlto!W8bQX!A`0e5-K)MIlLYI~8-cYh``%H+3W0Dq(NUr(F)^GjZj#_r}By3`?
z^sHa3;tP>)=2oEEkqyUGv!g+$ubV%|iB2LAN?Qf(Shcpc23qo7_Sb0C=LiW10J6$r
zuvCSUuULK|&uAI{nuZjIC4ag5C?9M{x(XVzSDD`VyabZ%wD#rq&QhFkV827n=EFh3
z(_bMcLBXJu^5Dm%!^mO4JA&FXb3Nf}p5|Mu@bt!1fx<y(?oER!#%l54VS6_R+Df~w
z)ymDC|D;{oPicNFMQI1Tf9I9e3=@Y*(w|>Y??B*8O%{8p6K7sgl^{?c&$5@EgncBZ
zRvqc>q{lZ;PYn0Q;f&hb7D~4=J-)vFjN{5F7HyTt(7bbo<~P)&)D2$PILA5ZTzKUT
zU+ew{xlkvCybic{`t#%@xEPfD4TPXNKtd&NbgtatSOYopjJi;-x8l$tE1qM@Z5M;=
z>%^hVG8NDmIk)Occ^juw8fCZ58@p@-pG2wmMDjc_n|Qc#`WYX4o(=#s$@YcL;mN37
zAm9#+dB(s#_H=Tx;*HS{+QaT$d+>l;&~ugp)SpW_s)m8UuRwd%YIHGe<n2Ww_{)9C
zimP_Wim7N7JD@<pb5SHO&HZ8mG{~3j3noU8R}j&tKlm*32S+Qdk-=mWOsARA^&pMa
zpX=)h0HD#@$>Z$d0DuMf1MF~;vkGAhqlpWk^k*kaA>Txg#+tkK-d>>CadcJ;I3~DJ
zw3_(el`4lx5En$m^kiY^L6-SbI32=uwHsQ2M|tdth?-dI0q|Ds50~)D=Cv=w4{$!p
z=6yVgr~i(e<Rk_q-R6BfOZ}FP;7O3N58O+>^Q1F9ALy_!Z_EZUv4{sNJh{&S?xW1V
z7umB)w~FkdM4X&rXN|{vbE1jxrrUE&mKrKhPT+`RyNuB6&z~uJhLckS`3p1AM020o
zXH1rS4uD1}tip2UXI$WBgLpgmKwJ{}s0!oh50H}xV^Csj;`Vm~h(}UO;b`A6_{i<$
z@bq7ilgMFE9{jfbZ)gYkv!Z8Y11{SbpW$+V>^+R-|H|<5hn%L}p$I7meqrS~ij-2-
zq?$n9`@I4yz@x(<|BQ6mRh+-6XB>_$3iQMste3vYcs(b+DY2f4=dgM)(n3mUh$<!S
zvU<CJ`t&JvfkjMak$#Lbpw;wwOaCj&HxG<o23%KU7Xqj#v1-;$Y|i;`CbMsV3K9#*
zd)&#%NzsFRNK4B;6h4y-TlfM<db00#HR{Ud{DVbT5RhsARf22xe#^~yoCog<-KQUt
zQ4oBP!$Q6joN}<xTcCbp`j_GckkbO(XL%nn)*D+`WW;2v7x`JCpS-|t*x3teES1?1
zYwUu@_A$|mb+Vw_kaEx?7PP~67vVSV-uZp8<d+9><Y)ynS2GMV$bl3;T}J-~=!HH}
z%mTBz4BnoRSGe+i6)YcTt*o0<%&^DeO!1%`dl+o?3&KDAeMU|U<EC`aT?2%7Al;*y
z18dFq)Z>S<#e+?mEruIBu4BXsJB>_0)X(;M1EOF18$z^P$6PP=$+}S#p$6bW>Dj{q
znzCX3>9_2_PG^4atyU~Bqr`n<{t!EE@_vwp#x(D{SotJycHLPO;5~gURdzeflClvf
zmjdF)=n^N{P4Ek>gRS8R$)8*>`%)8K8bB8b=M-aNIMmsGW>a`5Im*7W`L?*k(}+r8
z0Z7=jp_UieCY?PWE1?1j`<mLKyT7R|?8tCHVHT+4kUsA`)m3~!@48cFB8<`ED&#Fc
zU9ar>MI8vnpS60kO1E0QG{zXRThy%|h#y1H-I&LoUWOK4?eKp5ILzn{dh}!?g7iz&
zX`K5JejU&YigM{l9jn#Cl9UcamUe$#-ngOzX!7Cc<sjfaOong1p9+nJ?>67h&3H%A
z;O%SpsrpplwP?}Ov-CjM!Z|SAmPpQFMmC1sD@yDSxPiWkK=g+}_aA9Z7bU|Fu)6-H
z67hSTDQMgxApy>hesYi`>=KxgP;b5|$r^Q=IGk@x`|S=Aa-@R<g>FxJ&bQ6CA@J8N
zYoB9_H@2IOiQ00aZ%KLMtfH-v?*O3RcMxu7KYSOVFh(=#1N1_us-rH4_B|TxXV}1|
zCMnJm`{UG<sd>q3>mqgKcQrGN(F)*$tyHbEss0{s#$Ww0V&-Ra=}o_FCK93~<ZD}H
zTq11s-FG6fuS^GwFhaXAcC-z-Bi|Zgcr(wjx9X0SB6#DL?Y|%b#IT)`MnOd2-7_Xa
z*^ExUR-PY`ud7FnVM<yc@QkW?mL)OPn~Gu{2>Q>%%NEt}^Ewtf>|cpH|D-s+Uq7{O
z>25X?jLq3V-??$Px)76fAoEl7(FZNxGE`wlS;^NSWVGedv<OnwOflanai7dfhPvpP
zY4;IcbLia%@T7hw=d1<2-<J+)8&QybZSyi&ih-$4xi0Q)losm-2`IVl26>WPt0U}$
zW2nz38IcV5DNL1S#_l)HIcI$MkLc3>ZJ{0I%daj$1LkIGK}jFq8yp-MrWGiTPe5Rm
zkR+?-*8$7C7#b|AY+-UCnZE2eXZU|7wb|5y(?q@4T!NrzP*F>h3>VpeB-4)lH41fh
z>`FpVQp$>XkiC`STE1$PEN8?dIq?e^N<dQbUkZ$v&AomR)r2q6D0Wl~Q&wHzFOU{7
zvI77BXcIL^H-e3nfD@P1%`0@t((=zFs}Q(kN*WGebv^Jh+M3k`iz?YX*#;7Dt?j9r
z#eAyV5v@TAn(;C)Nk@b)6HB`?U_Yf8f)9)c8V%XLG3-115Mf&cw9w|xZy>P+5I-Vw
zdbqe93~EOwS8ugv;f$8m&NK$3YjJ-r1?RTEsyD?dC57h}ljcx&`=*;r6fw#^zqt(U
zO+F|p#W31fqsNve2D?$m6;6GH{%Oo@nB)vPm<4?wKxcd?*p4+c`=aO^|IfyNiKqN;
z#(-@qh;VtTw-iLwFWRA-OAqK6`=`xQM8=}sA|ieVWgf=lt|s3ZV<M-`&CiUnf7rG;
zd>aqlo5}nerUtkemv-Xbs{Ti_RmMHsjjvo$z0thz@X26`FoTywqlf8k6c1!vSM<!g
z4<C4~SE@*}Fejc_%}YyUAi8`@6xl!TLhw`>A_p`|$C_AJ5E{m}3r|LM9(0E~pDDJR
ztCx+vnlVc0!2W)zteffVxoJO?cp?(I!!LHKZ*lTmV*;t1n{&cGq|h&~Re@{);}1D*
zn;$EC9T?+aLK8>};$v=#e5itwNbiMl`{fAA9Xz5<H{pBN0IJLUYIN%=Ljb>q08>b9
zY5qw2I!OGp(iAj=Cwag)0ep7{BH~IgFB81$c9|o5@H)k*X<vroXAd9VnOzMVHeYpR
zPsN<DZ?eQoHh1ysbd4OR_a{zI0Mge~MtS}&d@&Jp>*`4VBh`}sB?+u0OG+AQt|%my
z791RTL>P`ikpy|Mq-^d5>)XomT(g=m7FyMiTY>&%2f-vV`WV({zKf}+;C3Y<35mc2
zH))7BE&Itsyb-N(2DlpAcN1><i>7_Nh~hOh&)IN|w)F~}Dx$yOpzF|B`+_&Z<Z`--
zO5h6*XZPD%=F1%tyu(I5p#Fp2Q*rkOO&e_>IWaxA`e<ZYR7%-RokDTH=LAo9y!@=>
zyilw#Na62Wpw>>N7bc=&^OtztuF-TWQ1TwGjOTr%MGm(sU?39z%l0q&<l4opYS<1`
zR6`wTIod1mN6w2YR|^C<)sey%wK7NanNP_s=;Fo%M(M*EA_Dpn*)uItsmm~|1#x>X
z-vZQe1$v54C|<~_;4U;y&cC8@y1HC>W4ESh?vRwzRy_)~qd6ll5cDx#<0dwY5hIay
zR9qn*`yK4_$nYNuk=%ksrC__&sJB4_VxCp!@H8nrS2~;_Ps}pVw2bkzHt_}e*Q%ET
zsNiCm$32OxsMhjtUhGbxw|45o=c$dAiGjDmp0G^<#IBv95YrzKQGdZ+YeD9m2T5&*
zz|f<+4Kh;BK&o^?o-~X;h#w%%N6mA+2tqk>aKgjpE}5)%^1%-q$~QGgL7SS_vcTX0
z!LqmkRzur1ou2*83@cja@T$Sv^78F?Fby;}3zK%C;(k=O4Nmldz?zL;Eds<+m0H1y
znlU$x21F$R2?2>T2%n(#n4Dl9Wd5qibKa7U=$6}2)Zbe>s=>*hl=jltDfzESHM`ss
z>3hi5<KKMv-w38V9@lT|QC70mFMWXzrpg7lmWSkJ*WSpVXkMJ+1#>TJdp)-1Uhd$`
zZH<zs+&%PCcP0EAfOM~&>@wiT$wE^NjCYwSa<Cl!PYw9stb(G|j@;U&!unU|2T_Jf
z&Uf)@&@&t|Ha(9O^6Tab<r+P{KnB|(yViQv>qF5=ZLKS3SGnvztCCQSV4?C@tQVWy
z_!zzm(Ib*-K(!S@TRKk8{7_aRIiK7Os=g6=K7AfD?}#h!dK^X!*+0M{g3JHHs26Lr
z<+(@3EjF>NV6tyY*qqe%4=oLk5RsmI1SNEe?QK9F#RCM2gNUfN;~fp57kCtHmG>g{
zbZBoU_SjE_8+Xe8^EKWkhlP9<3KS2<P@;)X^ppS;R{zj+irMFMfM)o6m;Lt=-+Y7A
zK+y-3&0)ky*U3*hUQSjY-B9g=g#A?q2-Jb5W+o{jtrt0i`O<kUd;3!3;&Mh(IBx{0
zs_5WSo@R+12|nps`51F|EjdC`!ONzZuz{brHxZ}c@v$qS?i@E=%TTQk#|0G#x@4lj
z4}+N_{&1#Ts?M<4GF@?VmGu~CjO)rA7rR4xfSP<Nf}#1$)LybGZ=d~C3XxxANP0x_
z_Xp<9V-{(9oei96tF({9G*5`%=l1~e$O4UNLQ>gH(osI+;}ebH*c$g2lUIYCWEP_+
z?tH`~B~OTqJtOa*8&6Y=^<^TviQXS8wXEzCgRj{L6OApt8&9>}v3%5$gKnjt6NpXU
zFc~&8@>G0Pd?cJ5MWf{0?AhFCC!FBW19H;8q^fT-?Z|@>SoYsu7dX}ju&gJYQigVY
z$f*uC_o7OytaDrSFx7^dTxLvF1GAl;iQXv?ikM8v-JoiJXv^}taMH+_`MD6Wc}hIO
z$VW#oO^tEkkR8<Ujg1UP*4KPb!t{hPzcOsKhQ&TK89WxyG?O|buhiH}L{h8Tq*@uF
z44Z>Yd!G*WQeTvp&AeGH30hg>k4SR0ui4)ak$-*lIUQ3uuj6>f)7vk8-$#3D3*9Or
zf=>XLp%QJo<D59ANYhR$lB2+~(MU0mDK~Ol8U{1SpfJE+vg;!16~2+{J~Gx*%4UUc
z#}e7Qgxf<}tDO|b>r|wi-&q6m=IBgR&FJmCs+_z&iK#LtQ9Xu$FQ#gFit(#ZHot~W
zn%pNo^_Tjt#Rjy!k2`4kpy&zeU_qUY<g@5tJWJ+CaLqXm-!S6PW;QvFtajWf9U#e8
z&c8V<W2p~ec@k0AjCSJAQ46YPTEfkjA4d6=>5|lbr5&}F8g=T-%0XmI!Z>gz8wt-%
z{eAfqAVCv!3fMn=6U4ev3?25lARJ8LL+&+C1L;y?GE|<^b)CHS(Ua_|>y(da3G>A|
zf)WqYn?xpe4e(?oiS6)}Vg8?0;bIBV^pB?^Z`E>~tK{&na(rWB>>8P;ar)X_f)wgW
z6h_K&%Ga6p_yh}`UH7%RqGN5nbQ%8IZUf1V(Ea|t&gW1Fg>wp>f-mq)8TFh6Px-og
zY??KdezF=~bP>_%$u^N5yM_W|Zmn891!X3fjUL<__S)zLw=G(MuPI}jdJ0K&h7_Yb
zF&e&|(I<MII*x|tO0RF}6UbgVnwgxKauU;85PdrC)th)$KHmo;YnED1kE-ws<Gb>}
ziev{n(Y&LCsw%T7%?VqUZ+1+*wYz#Y_qAzs{(OJuo4&Lo5ny&IG0(`yS*zF~Rkv>?
zUF1ctC}98a<D$O;6>F3pAB3b*6{g5Xs%wyHBe#$QU!Ar}#4``<0=8nWvzO{-vDKQ{
zFAD4TRwBf`fd)`RUMwc=wD%*$0tIyZbe=Z}=qergd~;N!Fk5QzTVZYp^@s-Q6o+#0
z<9ajJI0H(9F825r`0Hrg22kL#ol06$Gq}oU5D%}Bocl~k>}(>f-FNqbax~{g`^)GJ
z64J{h8$z-~>z}xk71>9(;$Kx#1pNC|M}8%J>0UF?;aahnl?fkGXKSL>(La1=x{_`b
zjD20RqGW^FPHXK4P5^vs3}kA=H@>~zAiE3#0>}^gU)Px#C65-$qV*7E*G@CjRhxqr
z*Be#hQ-Dac@$@Ge;cd*#Nvew;U<5ewi?L1S?M4AE@C7}zS5TB=%d}m#Ay}lNZ-++=
zpAKqwE%CT<X0NOVIptNa`zhk?WEPQ^5Z(()6yD+xAdhpK9vmDes~fzciQ{wYc~s`&
z?6>n4kY)TN4~JyqcA=dtgU><1UR0oLja+k8rAFZVa}j0#C+?$P2yeC<1d(caZ=9bn
zM)4^Z8OFsMYj%0QTyV$&79LNZ$Mb}boK}bBuUjY`z+1PpoEr~{<?fbi6kIas_-yw`
z_2#YD_!wu|IHgf``w<6a+yaIH%~0pir$8!ALS~&R=#4Y)K7A5U8@iBhU~xgN`rU(9
zEoIj*7+U?fpA!+%9q!y&bf^?y#SsU3zB_?QpQh#Kj$V^mlMe89=S1(f=CAs*k~Dbz
zwz;oeeOZwP^bh*)zK%ckt}e$JZS&NH;E97$#P6rCosR#91;5DoGYcNf0S7;wf0USh
zorb;1r;lisvIobYS@hb}?KaVDy}Sl#zf9Ef=)l!<Q#L#5);ZOz`&lz)0}{d<H=NOA
z8KZ_z>xN}DJ7#{RUg}`xxFOG~vDYH!liz+9IX|2Nv<>%z@xxku*)zxV+GvLw8|f$M
zWr-H38AUFhA7rr(eu>#r0S`>7Exn$QWDh2?aVDEWOu|d~OUTsEzoxEiZlpPV<@2)&
ztiS7z$}U9>q5fD&{$Mr32@DS?cA%6nnj|yA_=(|my|j<#b(x*~L%7%|&wyF!r*J3v
zJ_RPV-~rl8d+y^UrWDuD-B5~{y=&ROp|_t|t4Mo*<!)b&zXu+jofX+U>|v0iyw^wX
z?-?3=<ANr6s{Lu-o0{M-?&6H{iHMo350JvGovd4zm_iAg5pxGN{<56Cr(f3Xd^5<E
zQFGyX#7DSQ3JZO696eEB(7QGJfwBLqDHeVYd6^GCx45pB>7ToxJNofWd{}mU3dt=U
zg1q!o$>YQ)o5Z}kp}3#%IxabI@&){vO6Lp7mP%*GE4Fz}QQpWBi9}3AHc%^Sl`?Xl
zH_J}@oO1D#5Z9!cK@PN43DugSsX5{E?WB}>Q%?8E8D)xAs8tyA>=7#p^ke&z?7ZnF
zryB7M9qHcr<=A?%DxhOQ&MFPcig**fylk1hxGHR-U5=+45b<b*8t7kzA5soLt>kIe
z)5)K2U<3WmBS|fKqEmmF@_Vo{{Xva;M}-2Zh5U7Z)4k5E>mRE7YUdduTaUY->gRp~
zRYz9Aca*i8dp&-pum2xQady-rkXj-l9L!yqozHoDSG18^|IsKC+E(Z+;jHuwM%i#O
z+Mk6XYO`oY6Bs{#{6*^1j7^V8LT)qmT+GC?ubQyLX8tqn=k{>CIlep18x)tZzJ3)X
zs;rL&(wE;eb-s@}`wg<el-rHdSyMBfu}AUJrG|d0&3T|eTBBZMj(_dT7pc|@;rcV9
zrs-$VlDQSNSaA6?2CIjk9B~cXV>DSQ)9<Ev%OBs8-RvlDLO;NO)=`OTY1Lq%^NVMA
zR3b?pZ`i{-lZHyGO#Ho~3V6K|t#h<-3=Ky*<eM!s!*3^HR71Vuz^NDdcV8jsBsf0k
zWVilVp1W)4*?z!vA4~T*iePe}(BKsEG7E0=?4{3ik}EJC9qD{L5Isl0aK#k`H{3Td
z@iBVTnk&vP#)JJUou~6__8!IEt^HO|PWcIwedvCqIyB1GnK(2N!mFgNqI%`J6?%zy
zra@27{YNXx%++>AZtNO|tIq$8>@#z+B2IRXLU+%GF{hhZNgVnsOJaCoET12dZMhA=
z__WDi^5Wo=a^Q!O?#nr}1Hk^BCAa<Ib&C%I!rEZ`JZpW(?Q@Dg$!eTmHes^j*V&w$
z>ew~J?i@+}Gr`T?Yz5?<%!kWd5=e=_3}QFM8%xJZ4G6=bWqkDPP<YskKR+*8S2Mky
z<5Z9s)VjFzsCA^H(3$;JjIq`!@%N%Cd~1ugAlssfFrc~V>)CiM)`@8dxzB)=Y=1J;
z^({@HUNLEMYg;^;^%?7NzGO_u2<^X1ZU(Pz;oWw=F<)TP2kr`4j!^w-DD*x17Zi-t
z{-Mcxg@8SUo||)_e>IK66**o5^CFpytaiMB<MY>!5}!QZE46OvW_I+~_7d3e#_q8p
z2%hu*hk(`{Rd3MY#e!AAf1bMW-AJ%~Yf)P;_riJNwC254Cte-S9~IzhMmu0_?Y_y1
z?ASjsCh&BTmeX22wuT8`6jTs`@cys`+7n^I;|4y)`A30+;7*rM++h&<_Z*w~cF(by
zl)_o_F1z|YHD*ahFi9u#hA+;a0g0dCUp1WHF{-?=HI7fr|EV4S@Cr{I2I7MlXKd6$
zfKPgTIQbcUJ`r-f^b0AwJjn=7(RkMn#03f56@n#F@v;xAD79|L3p+Za35)%@#o7JQ
zf7F5B{8jH~|8ohA{E=*L-%iGarSL0m%>vy)HL6UINX0SGraOA;Otc`Eyki5%Nj{QK
z^tK^$mMd?~J6aU^@zZg_2h*0r?A&67jQ=YY)E{18$T`ZuSKjE+U)wwzm!<sa1F1?l
zo6(iiOiqXpC|tWBn?cr!@M=4h-N0Xh)rP+L`To07=g`p~CBq*(uW>m>3ji~d$M_hQ
ztjY0!z!#W`hv|WJOAsJ9R^zfi=5?aCSW$LC`(nhfPySW4QU!I~tZH+#<<844E}4o$
zHlX>~TAxx}q3#tl^U<0z04K}?fMsxh5?U9_3-mJVAgjKUP^|w_42f$)W<6GFnVL$9
z@s!CV=S(1|b{X%GT|(jo5iN7QFbNS`Bk@xZnDNp7LPK(McNl6_vloLf$aq;x&fYGt
z1p__0W*S$i#DilD5|a3+1Cz*VNnLO_{kIqRyvn%9FIyCxS6jJedi`35TN7}&2E@+X
zva_41r{`0geRi=P39Z~7A8E#e=1Jjh@zEZB8uAGNR~bdT&Z}{DL2;Ew%{?Aa)&Pux
zpK@Aa$LMvsN+w{v5&L)3z@B6topa$(7_`C?N8^mouSR^_*UCqgZb&ge>}u;F=XOB%
zY%)4Ho*}{T&qGrWN6*_eOAI+RaKA0az3c&dGI@|2{;aP2UyX9ol{@2e>((u<B8}<N
zelWiHzcC!~pya`Y+kx-~v>&1xjyWuW=$j6&Kj6p5+laZ#p$CS#8t)YG=ujfMp#%g3
z9k|HV`50>QJ>;YgD6|h)W#IqL@!k=uziD9rnz<kLb*vNOg7^2C360U=1t1=<&zHV^
z`w617ZU4HORV8BH#O|(;JYPSG?=bM~uZ5dq(k&PxjtW~LkRxrn`7&{6^B5QBYw%2+
zoopH!<fBcJ5EnG=G1e<&Ujb<hBJjD8%p6}CO+k~uBn5M#@k_>s8R;zNP|;u^BRads
zKv}Eif2{iD7^nosLz@!)9oJ1qH4F-C_#~}dOGPNgEmNS>;e9>i8jT?$mP{twtkqbK
zH`vtnxM6Wb(qqoU6Lv<oZbLBAXugaF-WLz{S-|}O@CIVMZL+Lxu1J!_U&v{U%io3X
zbznXv2_8i7rkuIA(pIWd9e}!bi;9tQNJ5y)3@={CyPo^bSsAQ)1-wW27LaspTI0h5
zflg{3DQItPj^GOYb^mRzpaijt1r0?kPz%$kYS3v^y{TNyEyrc2$AcxjFx3V1mmQTZ
zw8y>NX31pO`Pk#8?Pnlo2`>FCU{X!cf90w?{Lo)H3RKAN=Ka%D+ZG{JkY)llO2*f9
zA&>N$=?Dvm;QpFQx>4dY=;#;|(x*CBArrkLQZU3F8bqurjPa2h7&_{=uTt7R<{DlB
zr8IZb<c8ad3CzczFbRVP#v0=gMo^J9AJXMEIf*RWf~i+d7ZR9=`@~n}gbqRfNEG^s
zYYURSqe5hG8>wNbaTwlsogNZTvqAfufSB1Nqapf*QBN37xGtV}wW0H5OWu9@0Pz=>
zx?bbtW8>RVJx^_IkxdAovI!%s!mEO!2ycU8FMj@2P%Am3b`W<j9gPw47|?r!YN4T?
zxyMz`)oLkJMNE|v^+vO&NH1$)TNl@M-49cs<K+YAKMYz^xZth8{<D4)F#J+Q0qzXF
zM>bA+JzA;h@~4>*s&mI+M9@l4_usLBl02BDz0`Kfa3EhR>RX|8<;%CBol%}tA&@;O
zbk78SEvc!H7=niCD-CVDpv$6^f8wf<3i?J~f|#YAVY_9ePk+ItV<TN6A|i1*!f02_
zW4Fpck3J^GB6$YHP(b~>F>$J>Nc+PyR#YCEZa6w{+3l#J>R$cdK(BXWg{o5xg!fn+
z{EQZQdu4CjDv>_qn0^D_`ZP-r#~&qCpj$H9U&GEu(OO;W0FZw~RKI}=?ZH;{V7&sC
zkX_X{AgjXCeajr?vROv^OQ0%_3yvAEso_6$YI|geJ97pU#ePo}I=_BDAg=AhWJ53Q
zr+(`#2iVT=LU~sK)-be4fAle-2k<DYoz)TUtb0aycf_8AX08Tlk1J<LP$<W|OO)(z
zA`WqA{J&I)qphO74@Riopf8^+diqq8`!PJ+;^>LfPeR~nDO2}J;7y3Hs)9BbpYRVv
z9doz*ODU*vO1UP_9$heY#m$aNmK4ge!d*VH^5e8aM$0xHnOR|W>*3L4wA~!J;;kqY
zZ2w)Ar`{`OR|`mETq9q#kzCa)*#gJ&W|&!E#4$m+qyk3yMrtA-L$|wx*WbuFRemAo
z%u$k#!^tnJPPISTWaBYQPH~yP*}G(t_EaF12)~K%l6i#&E+wWMcYIr1$y3{F6K{g-
zwJ+J*IkYZL<k_U*bIWU87sy4NC_(6U=97m66hx>n)VNSVrNTLdcYeyYGD9r3V+?#`
za66Ocv^jla28}d<(Z%A><OC~R6G-nxY05^0z_DsQ;Z}5tgMWhQX)nJG00NvsJ9h~o
zPD93hgT6FxePb~vlZ?J|0CmyNwO)<0tQQn(AP?wo=5P4mvK}or>SjrB@5=2fzSzxV
zFm0KvchvtIs5bo-kLVpqt2gX};)vBby#yyBra$%^V^_W}CyXf{A3U3qs7HVnBis4L
zdN}oOQzmQysXwr{ZC|}28|V@)Bf~$l=C(#B#K~@rPS{c3+sv|dkC8w2G9!*UAQYGo
zcI4pSnmXGNJ0n)ydu;gsAvNMCI6Acrp|^*SK+yk(l?`0A`ZL)Sd`4g<lH%|t8j~hX
z+!FY-N^J_9*6f!JYqU-<Gb2@+j4mGk$O??cf8|8bkG$y6at~tjO);`54G1pRzQn#1
zwE<vs@cl^(^!+YU^L`^6>Zslugoa+rJ;R`;44R^=otV@-Zd8}{nshY3W6}}DIXaRB
zydS24?b<t}O@c*LS2sC(EX8{4HXO|5P1tu=Cn#=bK@M)R5L`c%?h^D3GpWa|kTC|P
z<z_5@0H*KDt`CS}1=$VCFuY8AptG06)x^a+1(wu8{LC0n=s%(1!QpJugV>3Ab%)*_
z#`GxFwJOq(Lg*VlEwwA)kfky8UU48h6S7Cwhk|CmT^}H!?AKrXVoCl@)C!fL0nHzg
zanABS(MZPiz@!Jdb2SMqZ<tl&#TRnb`8Z>z8f9c)jN}wZ4o;?On3%PqwS`7nB47D~
zG*^wb?%IgXOgYQ}5CZ=yliCrDwqsd0=YXdjoITs2e_3HLG@X=`-XslrGM5*IT6fP6
zDP|-tkP@@jL4OVlOfqCKrC}7wYZRCi?tpeMW`a~t0kvziF-wU7f+hRcnboh9jod~c
zqYx@P9ENx$twu-hbR54|O_8TbU58YH_!A!1GPnQXu!MjjUDw#2iO-{KHyB?Zy1+CM
z|L_#IH-6>>8d`?qA)dd|B4lDth5R!uKH)&Y?9G<U>hI{w%EFr02#jNL(=E`21tMbD
z7xDJ@1&LF5L8fnsz?hLDLac=m-mWZ#z@*Y^ja28T(-!h0j-X4usjh6iHy6!OMEK~V
z#;W4<F`3grZN2Lbi+A#?#v7ShB?!3a2)P1c3Sps-3v(wuh_E5lzM<k<g%PxiS=4tf
z>%RNWRqY7|-7H8iz3}nl#+vUVneX`dMQS#-c6ijL${D+wCDuM})WpzJL5m44Rb;X;
zVr;uT{P;7y6?V}{0L$Waz5UlAP`+J__`CWXzIlUCSdv#*7v(b(-$og9C<4$(Nd~6_
zr)X>HEA^ZQlBWXwI=n$unpa*SYw}o0#@Rehx45E!^u#h}UNpnv1o6hJ$_xh+ptNKI
zD<iim<K!8h3nUcXgMG-3l#(fzWqBy8rod}88F?M=^{LZX>tp7&DF#bh3v$TAh|Ax#
zV+N`q1B=h;4MoWL>q>|zBm^Gs=1>m581OVnRE??W9N^AAr4lI&NWvHEckfsFfM$;C
zNko8^aVLUwSSHw#j^$+2^{fM5{%m@D0;{oM`!~e02P@qlY8*z|o9=#xq#{d)2ff@k
zw4Q`StaWG5Z+yLfUwie0VQ<1Ctlc`kT#7t?YW{89Y@Ge8^!A9NOA?YI*x#Vx|3A2`
zTM1Uxc?|aufN837z{6W5H+|+sePnM*-nK|uX97&&URS$LnBsZ9pr^m|o>u%Skx>h`
zn<v{Di{(BZ!2lvQ(EZGEwH7(n_$V!P)$*fr4_g20f9725o<F>0ZqSYNs+7Kxa#6|c
zoY8p9-HP<EyGTfu2aa;NPL%IP%80jq1quoffr(w0YEq?mf+{{UvX2-GCK9_N;a2o9
zcXI}l=}nCxRW(3d)u0?AgXgL1IpE952*zi1dfV4c42p=P;h^K+r1ffk@PP_g_I3ls
z8*Q%-<t<;+pH<6vnm=Z|1~9OR+nmr>f-k<$yjbtXYXnGIUeXL`?p{H(n_R<+bR1<>
zhW>eM_A00V8K{H)o~SjNxFza)WAx_PcTwLaA%*x}m&`%RJl4BJBI#is@M?+ByBO%L
z&<kNbmF}(Xj`;eY4N?|;8G5{NG}^?29U_dKEQL++3*`B9KWmxdVJQYuJ(pT2d=@+&
zVsTJ~RN9W=c7_%qRuq4U*IXvEm74gc$oeJ>1s<&^b+m_9I<3(ZN!?EeC!0^ALoB3>
zh^(RAMMXvavv~6D+{Lj1U|sU6Oq+wg;Cf}~N_E$Sy}j9n{@K1;pC>1+e+7}<#zi^R
zskX_R9XY%Ga=jS=#s?~O{i~QgPb?GSk8W_BTcpvDSI{cOZjzC&8%&ee^QQHmO1BkW
zIq{*(6Uu&Jk^=g0RHakOYy{I|03VK*StwN{GlvW5Ke5nZpcT=4;dHDmcNZXFfFbq<
z$)lx{Vv1U=LgWUN1%hxfYb-0MY}JA(s>)GWAZ*OnEEC8}DolE}*gO~HoO^%0zTZYv
zB%t--!}up8vlC{NQR;Xnp0Pd~ee*7^DgQx7W@epnRr#vGHi(U<XjZ=$*|uARYwv~y
zyneyvzPhAv3b)w-S8DG{3b(U}QywRKUm_lQCflojs8+b5t^|sgYHt_}Y^lCxz%{5?
z>d6u1ePOec>vWykpCSQ=QSiPUK1o%ov79x&@Sxy=;v>&<Hxf>J&!K<xxH>vYz#K*O
zr7p%Y-NQM;9m+NJ3n9r1XPz&6^J>fAqtY8XUQ!`%*~x7YH(sc}dr{Xm86P0TQf`I@
z8!x?s%g-P)u~A-Tf<PS^UDxwyPmUflyZ$CnxutHk4T{-e8Xb8}b`{$z5{Brf8uvoU
zB&@CTcj{;<>$e>(#hpBHl{vfYpcl{mJ^^vf=39dK&d)5HJsVmF0u`=N>fTSLnSP$@
z=W+6W(6unkpL>ca|4O($vSf?74gOM<qB4T5rsDnfu4hfnUB-A?S`q<!^t%UyfiKYq
z=lGE$+@}b%tJ-NJdDKT`fDSOLg(Ek@sUxlfUFs{oAhifN!q=;(klhLwO&dq|ew0Gk
zSZSx!s8E8$tL7}9sF0N<PB-*Nh+C;;KnGIHPSJ<HK$cc*8L}U<zu5NqR6ET6gr?a?
zMQmEC^z{P5<Zvl4DA`abHar;LSH6NuXV5eqRX%+!_$V)WGv6p*+Q+1OOBWL)7SuiB
zhHmLY7Baw)zK?Ry<~a1{+{N-2;_1{md3{@6qEFIV$(g1LXfy&s<cYb-0>o^cMTC9k
zIo;0ZFE6RXBn8L(3ejh;l8gU(rD7A}iP7k34J-w+2}`ZXek;bixM-divhu*VTwQiH
zFDVAJFt4EF^PRvQF+V(7gt%ahKPucKq~P2a%86$n(BqlY7>wz)qNHd~7!&9>5H@_V
z_2tQ2((W5Pg?hQZ;|z=<Yj*gP_ge4k_0q~4_PQUTsFK0X_v^bnZX$Sr;I+#D^;ml7
z0PXDylqv>lo@#ct2b3N*_Yaqy71b)BlUH!IPP97yTz-KwZ>r_$buG&65>AX?nIvX6
zmdBHz+qgHL;#qIS$?_DUiSp9IJfy27(Ckf-uQXLu5(y@LCgC~T8JHM1Q^5RL$X8M?
zK2(g5RO6GUtg_DfX_APfBBc6AggI-5NxD!z%b9&?yC+d4C-abw=icmw#q@x47NV4A
zef{*hfskW)-Hhq6LR41*X;*^BuY6Dx(pXL&hbZfXyPUQSf(ME#E4ZWi9fgj)VoFzF
z=0Q_9C2Z&Fg6mtWZs9$BqqUE@=!Q`fdUaec>8lBEqeqUHZ?{#)aRn)jyzBOiUXg0A
zzBd1otdvG*&1L1_+4pJ)%48?WLFl11L>WXUVsdT5)lPuimlQ&YrE@IFjkC<;W{nEw
zBx%2u*HgtMW%bGjugaSG2JXkA5IBa1-7RtwaYu8`YDJthDZZ$6Hz}E=!}p>q>+_nP
zB{VMCYEqPinTsJh_&E`!Sx@YI9+A;%YpwQv^evjpoU}?n5MRn?W^is@Sy*_d`u4Hj
zr3g+nrqeC$?U?UHvxM$m(VP0}5tA{3;RYHh$x%rsi=%xWlf?-*78Z|s9)t-}u-Y#V
z+U0dSJfVx`OgE3YNGJQM>6i#-zVKO*{FOwJEH1CtMkp~v>S_AuoilYp0ZFp&rZ?Ud
zwOn4}f8bi9j>&EQIzc-pNoT66;A)Xpq;}VW|6?^f-8)|6GGGDnq2=lG7EZQ{lJ$4*
zk6;{F7GiU|m9%j>LTKT&1Ng^ahzAz=+3TxI@1F_eP2O`=>9~|##wsB)myVZxNcW!a
z;}3YI_q=!xG+hwVhGRp(|0DN=iQ$IFj#Q#pzRiqGqR#b@;G7RK#)pP5@uldBf)CJ?
zNRulQjf}0R$cE2FSL~817>PLOwN(nFkrmVIv3YfZRq)hQS^jiIv`o46{X2{yCy6Ou
zv<s%FP>DXA@$tf;7FWo@Vrl{c+b^H^B@&{`4XdjA<!-HJ+NX+U8tmMUta$t90+Tx7
z31wI8gX2-|Hzu647NztRm+RDT*zm27j<>cBbqa+`MxX~7zoUF{5}QWVR<znjvcJMd
z(|_Hw(51YNhfxo5q-xZvy{oGrds%3#rJy98#fE^A`Q+CW!wDxY0=5fu)i9D3iTtA;
z4fqr<SZO+5G24SOv<C{Q_s5G5HKcT@YM@6&xtrng^3&RygC~oRIx?JVEi1Trb>#4e
zb*0w=h^gVbsH$dHUuUDFO6)oX(WWEfAJuNcpbwWxt!g)ar*g6YRa?8ye!f2M<l=CU
zpz~0%U0YgH*Oze4aoG<<%FmwU%vax|FRqw!w8>Cz1lMdGC;Je!m8S$}fKNU~ODWFi
z5a!Ec!d_?59DSbYcLTIf1J0p7Oa;MLdgoTGxSjB%IMCA4<@!SKz#9~fYGQ)#g-9HB
zY7fE@MTt4Q<Z*zy^&W%b;rA^){#LjvUzO{hWquK7h#k`zxr*UFtDf=P?DYj_#FPGo
zE}h)9clVF@chgCildm?cCv%+r6qEDRa^T4V#*<Fl!r)!EHkr@EFXf=o5d~6u@gdAQ
zpO44JbDq!)Rp0R*AhHfsbZ2>)O|;VcIHdOtIU64Jw6J*)!v|8$F6iv}B!)^YqIB*G
zY=ug}>v5Oc?s?y>Lkl4jDZ{>j-7z+NfDePe(~cwfxmCN<e9ICTNzHVckJGyTc5@7f
z&Wadm@5^q!&w8ZZ#PEoOFPU1=+Q4|>#W|U)-h`*Kv#!b-t&t9-OMC5jw9_yo=fxGS
zh1E4bN}^2d^eWelt!;-8aTU{Wiwk`bfrwkf8m_q%J|ocKUC`))PTG-W&HK|lx_8JT
zI1o?onbT8yxt7nRr8nKmgKo|Rk6Fz$PO#7g74m;IwdvLWnmOTEbY=Q+b5xk4<5Mu(
zJ(k1STI)TJozf!4BXfDawd#$)LDrO|=cOxV<;Q5#b{$)VMVf*l=b6=`W`X9lIxd~m
z9Z3u?)o=_T<jn_3Vd6tLbJjtg!P;dwQ~eK3Aq#xQsi=YH`z0on;V73p72U9W3*Ra`
z$hBP8I9+&;q7Q0dYONmzj<C5_o5{$5BYmY)hEgLzp;wFBWI<J%=k&(S4@<t<=qD_Q
z1m<RPCJ)=a?Eggcgr03OqF94!_dSM-(`1PUPaRuk;p`d9ac<%?fXG%j)FaHhp^g&X
zuKMn^9w2AYSrR5|7cYC_B>6OP_=X;)jHu4lr`{cI=WETCbG0#V6_B4IDbF-joCvV7
z|CDI0XZ$|%w#+j!t;ZIl1J%A6{a(t218n2Xq9ZANrSYb4vfXbu)iE4*oK8{*F^TDw
zJ}#j-U7KK8ZJ&1Ch@3bZQFR{6`>Dp>2dA<cpn8Ops4Hp`6!|aQQ4;-D4tmYMWxJF8
z_=NY}M+_NZ3UV#Ufke!m40!g1qzPx5;IrB3A3iZ<+pTti>PsRe&zA;7FRDcAGBw*%
zLrJlh*HTq6i5K78d;YwUd7XUZ{N6V%Z7OJ7QRgZn?XlWA89_9=6BIN<sp_YeC=$-E
zO$7#%QBS{PwH$q1Tz?%U?MUZ6j+yhPVbJzrZaT>E$ze&pK#kLsp^-VUHJkz{nwS={
z8G1MfJRM)BGSb*fO_j@ur_RT%uKP%_7#=(4mw1j<@70%OmB5mhrWT}6^=2H~x;tw&
z`t9zAj^JRd!PJfjj~)#&Cc-f}jQbQvxj#+!%i)Gs*apd+E{mk{LNdl~pCYk4{6z}2
z5Afe@dtz{wcGeA@fmYd~?{=lh=gsSu>c-@K@Y0)NZ1Mzg21sWR1(`Z!x|0hxxx1GO
z$x=qnN+@YUaTDB8U%fSl=V+oS)7`EZ)yuKxtY2271X<zEy|OTFSRcY^{psVLi*vG6
z(d9;NGto$p3)wY#Fbj|>&G*;wxOY`G^(%bW_Z6~SLHZo}#;?pFB6|LY4x3wa%_U5^
zL;-b;*(#S1N-UzMtDnkxuRa?LJx?-n$o1#XY5o9|n~UrH^oCCCymp`3!F6a2bcNxy
zRnGOf#Z|W>NAw9FYCc)WJy?!owEJ!cW95UoZD{}}cON~OdO(u%8x~Z4{-@rU@n@V?
zZ)zvPPhtP`+)m$2T{FE@{5ZsF*slS1M_^12pqj@=24y(5`N?n`<w6B)vjaR2P0>jH
zApHI&TI-cCH@3FQe8r3_nOBdR^f_Eou=>vf0;1&CU~o`R!Sv%>)30xgMlY+=^Ob!x
zsDG5ngE{(Y_McUOs4+xUYdLrL-o2&rprK1iLF@Q+FGiNE3^tTCmc{k)NnOGZt1?H7
z4U{BCId)u9e)jp*0C|vLNlD%u4;MD7)z#&Hg6%sT=ZGtOd>%1T<4d34npTjuRGz=V
zOeH7meWg=qV3@Z11$6O7bhi<t@p)DS5m<BR#WQPaYWBxqDYt6Gs`pu4`COTjds^+*
zCslnm>Y_+zuuAjM0M9<mZ9v#re#Ou4=%7%A{L*8aQAy?CMZC{WA7kJ08C+XCqlS8i
zulqpcSDcx?cN6T6B=GvrIZYMQT;R?~Pvy?f&#!lNWxHjy+vL7&QI{zq5Xku?IQG%K
z3G<GfWo_a3ped`sj;k_Uk|-=@t}{;(;Qv-O)I=P6n9q{;<czFQLXt*og24L;_D9d5
zG0R76E?{c-YDRWl#d`KEf8kxw6_u$<O6T=w*XI(XBC@7Wn6$*cVnaCC=)U)sm9=!0
z;)3nDpX1zeM~Exb6;LW(>X0jUm#=%G*+a?h)Zpl`6BFi!dVCUNCB|c9m~N<VS9%ZL
z>(@SIn0<F$xC3W5h)^}o9V}Ov@6#-YJm?Z}VVxs<7k6}~>)`xb4~GMq*zr!M@B|m$
zDpI(eqMftNjPMep8bfP3pG0}%oyWV3uy*-FH^@e~U}F^#J%*Q;)T)zKUzu>k7Ijii
ze!Atzb=OSL-n8<KwQq+7s$j13yMQ}S=*>=(eKB{eKE*}Bv*YeRTvw(S8J^^8Z(Dca
z!#H<XP3)RWu%=J-TJVCdQtdTIiCp-=tEj^s4f5CG>K70OaOGeWJ7fIY;G^D9k#WTM
zMr#Y7))N@D*HY;j!L!RVm?zp7JHj5u@N{_JTq!x<GT|?bmC^C_VC0;gi-^4DQI|#s
zo%s(8X<?Q|0h3o>3@>s~ZJvdRpuN#*O`UH9Aw^8-+oy)l1+|M2C>=MoO6R+}S;oRt
zF%sH?5og)+SKh^^7gYO4z3M8U4|6oVFwl@a_RqSrqWY|-Us<xrN_D?3)q(Q|z9eO5
zba@|`4GwZ0gbTJnJnxvGi`!j|k-z3b%}={gv*>^Q46VW2z#NUCaHC1$`M5jaY?MT7
zlmlKrk{3ByU+}@yK&v1t#EMM5yrpFo5`R$e#7#2N*je#Af=Wpi-X?r_?bsP91@`ak
zi4rAwEo&i{1(wUwM_&|P(f)Yqwwd-q+4SNR|E*=K+((aWreEvd7=P5tv_@~y^lYT-
zqi=@uQu$+2@#E!}RV|vH2nn0B{IkS|B($DTzR5M;XggW0t`M7aMey=bZxc(trQZ6a
zgRIijX5QvD?a{AUkHn&nR^pl-cEqgqa!<}<i^F)Qg-TUIfqThKBn57Vz_a~--Mv*<
zRo(agO>AM)AR?VxLL{X@8a5y;B@Kc|mmuA#ba$s9DJ7Dkv~)KTQqmyJyMQN@$0xqO
zga5(n<&oERt-0r#bB!_Y`!mM=wqE5-94}xt38sj0)pXyd;3ZZGs>lyZrwp8{-len=
zY7W7YI-fl`&4DNSIxM!=^jzGmCxp-S;$?(XdSbmb{0e_s>NVe9A7Tu(VnvL!+Uel%
z=MMf!Zr3lk!tI2<-47nTITD!Kt>9@cln8YE#EJ|4d1G273W@T~e04c*{<M`Tmir#F
z;)b{<`yrBdtXC+tr7P=5FehDDlbd}bkAdexBGHl)^Wy+Xfu^t)6T6nZ6&)^3h$Y@@
z*IgS8wz0y)<9AXnNCXqvEIkYY{3Jb}1jnsPf_GLkj%K+s*)bt_H+)-5^S@d49w;dV
za6hZ*e}4W3TUb(MQhj@2^OXzaD~Zg5N%qXrg<xiFDrDTjp>K*PQa{f;Ny}ZudH5Ib
zalR6E{K3>N*~~(@c8^*miP}maezC9BDO_?%kF3OjKDsQn`SW;tW18AuU{1w_%;KTC
z=Z@Tk1ZE_Cz}v>*<(z4mxA3XGKz&0ezlaNuRFl3jyqH=`<1YWIi2!h_Yi<p9Hd(Gd
zerQ7CR=yMV>1)ep-uuS;jbYDS#icCpANAUdFGUIa)&gCBp7*)eLlR$3sQq~q0Y3;<
z$fbdQ&}wTZL;@#kh1|RNtX{8mE7NWS&fUinrzX+#70I@>T1QI*>*USeI>(SE87y>2
zx|cMuB<4!67(bqwpQ+<gH4nj2@B=aadI;fIaL{Af7Nv}Wl+cUuOBfh<FU`wMx00hn
z_b^c$?jId)y32epB1U{ZK_Yk&K)Fg2&zC=ZY}*Kl9e7kxoN@3D9%A5<qCFVPQ?Osr
zdk<myyR-D?>GLdIf}dVHo18Lf>8P!&OT{MSiWUSeG&>Tq&Hg-X_?tJ8N0VTZLl7nq
zjxqccV1tFZWyIxNaZVznAYgmDnGy7z*C`q@{O@<98e*XBau@}JF+G@R-+6#Z-^~@s
zNa+}e*~EvTPc!NDTWW~=LWU#_!|K<-%IvxIB$93~$c(FLipDvwKu6g`>#5oLfHZsn
zU%N!7dVN}B;`RCUADDa42~ou?4FRGlY6Rus_LpvR*_tF3rI;O&&kgBMxelKX6%}#J
zY6q<&{xXysmHv$|F?Iv)m;b?|)O4bTw_ZoEam2@D*u2(s)5077Z$1eGND^+FF9%!w
zE-tsL1jv32y?~~$bPw!F2K=2+q=Dp`rjd=nm}?B)WEF}2={O5!_VjcCUR<L3NIxCm
zfmUxLe!$oM)yGE^(8H6GV)ltSpD$N33}R76tF*l_UhqjGXoe&`h=SLx*Vu9sT8Iv~
zy!c~zbVsN6b{kyVohS6zBvUU+=Trs>DfgAz+>8fbJI*z5qv=J;B)5AMt1$@krCE1~
zdgC>&LPd|pBLKnT<>A82ud^7+Xl02$W5pNc+aDOv=AtgIpu+I{>I#gID*d*bY>a4b
z9&b`1P$rXD4fN{j>Iyc}+{Ab6m1PTEU%W)0YL~4|6g5*cSJUEWC~J+Rry=#VDR5!3
zw?7@DRy2R-FE=G4YR-9rCZ(&O5P@udpDfb#n;b%}Kr6*4-9?`1W^0>2L%W-_#<?@p
zSKx#3=2+I@IJMMEk3^%Sz@d^LFnJ_@p3P7x)uf!)NzDN(#+Usewd{gGELqIA6uEZ`
z6rRpHZcxk&j)I-%GoeC(IvV<KiQZ^AZSG|ih`Bw;e}Zv#u=71A;k#6xhKsC(-c(tz
z;KF+pNq$pfp~=pv%GG8q$|CuEM7^H&fGXB9d2R<<#1Ei%rsv-6^tf0?g!XKZD(i)Z
zI2y37;M3}RABc8|_+6db!YL~!tWl)Ni0U6I*BU7f;~@9tlA%2+85I(yKOU~PLG+~@
zQM|Dnv3XBQDnq{ICLCghslc?#xe}))M3Z<9Y(($6eVY>|eA8oZ-u)OBDGQ-bBA2wa
zXr{K+fa~$KbOh*Ftbg3AfO5M?GSZdjAna85nau>7uG4Il-74XW*ITAoPEosAgJB9N
zXN2|2S|790f-WBdRqNB^tA~&*ENULQZ1ou5on+FraRP?5RdmbQrj#Bs_bGpO!Mh2k
z*Lho5yww3_tj1^V4mu=vV+lq$R>~~di!w2;tH~GDY}-d<#q)ewjO!!p?)(uxQwupb
z6;rr|ZD_mB)5|p4Yd_;zv#e?2V~5$a*F00|Lnk{v0mfv~U$Z2&T_zv#ISkGqp}ow5
z2<L}PsjBhR*c)kTn%s~3W-%O8`;fb=TBrC|<0d2ROToHhNHBgY^_bpW{=S6e149LB
z%UG^Su6Le^)m$0G#J;GUeJjec{IToRL`(R1D~f^yyj;E~gn};qjNaR;5|(OHy;kI&
zxT*|@Db7=mwhhPM7QKk!ttfJwvUA!eX#(7uy}k8GC)2KzL5HmAdFfG(nrhyyU5s;%
z7ft?OI96BY4vU^)=ViJToFxslC)#<41QMuGU+z(V4dtsn8XJ0xwwfTg%`hUzBY`{v
zUgxRJMwU7$>&U!AV=@vM2K@jJe%IorEIK6iU1%d__!4$&G?$K~Uxgbam-HoD+R1<f
z8Tt3kb#y0M&Q@!#gM}|eI4pH>k6c!=Fc@TWO&Jr)j`E8VV%(~2Pd+mGMslF0IM_el
z^Qc)ivkTOWz}tJM!GIYnM|qy6^hv2KFGThp<CB3N?&bN{L}20h(j#ozN)3_FtxXe<
z2axcPz4wyY)_0f2m}T;;4zu=|ZquduDkw8qh!qP>cp`46xwH##eo|1{>RhRe>^V;U
z=pI@j6$Gw5ND0-^D0mWlGd7S!EGISM)Vlb8OcK5{gwi_T6wn3&yUm`hO!9KK5xrYG
zz1(g3TyXa2lc&Wh{Vc`H<Tj8cOH(Z!0#s~+?Rlw65u@eLaqA5*%3H8KZb}d^4S%VX
zFxm-r9VSJA2ooeWj#PL_-oqE-m5MFKC0<u<GwG7W7E(WU*!pE>Zjl6^?Rch@i~mk`
zCF*O#YO~#T@+Pf`vUgngtJ8Tb*$=CY%cp4yYW&rO6EY)mtjVOpJBDO)C#<nxvBQN#
z@f%8)pvdG@{Z5>4uAgT8Y)BCdkq)UHr<*%!1JS8;6z=q*VejS6wAT$}m$AlG%*Dmd
zJq20a;e&aaTA>HgpV3Rz=6^f)up~5Opj(QyO1e&NI-UR~i7s-6EZW-gEC&Ufx}N{Z
zBgxSZ!C$_j2gdHXxGL$bmyL}>i}0MMci7le90rqabiNK(DI3#$18kMTG||f~4sCn7
ze7VIhw~8W5VQT$N_+rjr89&~1)CV2~7@MVr4Ys#<%P^PNQ5rnt`73<gzQFJ5frw+8
z%`uh;ODf^#abeY2k&RGJfPaM@s|f|Axw>e#+(72Git;*Yu1M6ixWzZ9%#_boRLX7#
z=<%YY3wIU^rh9Zg05g~Okf1OMm&(vEz-C(!-P_1|^Z+SJoq;0qo1DC*&9E)8U{}Jt
z3tpTg4*2YUa49Yp?#_Ja#?`{bsCfZ-lzPe*wkjI2KP+Nyf8_A&u056>7pKdSsZ|>a
zJk<4p&hGa69fP977n1jl9!|0rJUr`88zk^5+x~!wRuFm-*_h-QRxcx)2oTKA)poey
z^laeIpD2E>+T{*)vtT&5^B2A3B(G5WY{)oC^*8h4GVt7u(Yy>i6lU;V30!BSYrE&=
z3=ekekCxBXr-BeQA<tcI)JXVO68)H57z|3o=V$(Ig8XzHp;4^=_j$$xqZ7Rx<&sH*
z{b@BI(XdDj$-!C(#=6K@a25bA!|8i6q`Pza{_Lz7H4nFvMdXM&<=dhtT#lXyD(g4>
zv{U1qE9xDgvP(f*TdX+~%)_JL+nMqn7PPdq=E-h?YT%GRk`B&1=edG+JS1+`&!2s@
zFeZCQR}fxexbP`xD--xRL?fJIGlPwSr(M*$2nY5AO6#%tc#TqeV&|TzbK@dRerH?t
zorm1J8`P_E$*zH^XOkais@(!!>OiPsyb22o%|0X2J}dl8Z}#r(fsXtrE<Mlp{1X3?
z!iUYdz+f99s7yxEqsS}cf-0kpQsnaalM$kMp!jq+PX&gg&&5Jw=u|yPPN$t;l=~Ly
z$fR<(1yAZCTg+GxVVy((GJSvlv5HD1a-q<4TQG|S{iNDvL-l!NB?c`I=VBwyc*TaY
zS1-0xRGIia#y75g`f*idrMv7bvqPn)*v11bI|wv(sDaAJI8Q^3wvmyMbrx;-#a>9?
zIK4Rle!^(wDntdOK>5QY&Mro)y`<fFBVPPxCoXe~yb-i2(+YjD90htkURSBg2Qgl!
z=}G*nTLn7y;mK&IsX8XaS(=QVA+fE@IlxEqP?^CWms?rt9Ub#aWor*_bId=9bR$Mh
z84j`Cx$hZFk5}XhC%pVNXQtA(%v(zxuI0r5(ynVV>b!|t0ogBnllt@UZ(=g^2OHHQ
z%avZFqx?3|7ESC5++e55I^7t8?%O3Q5&^*e%B2pP{g@S%RT+m=84cuQ8GOkc0`K%9
zVIPGNZc3OYjI=dcl*|f;nD9iTLPMv-s!3$E)9b@U_{WYM?BiY8&2?@`=1L>P@Mh`I
z0Tc2~tUEAegtKJ(gRp{KP34=z5C0*NSe>3B`RB=b`qur`1Q`dks9h(aRi#lp%q?A>
zT~>w7b9wU2_ox<Vk~|em4NugpOM^whMG%Xci@h|2jZegQvb0Gn?p1!8sLkX}7vm+%
zXK~k|?Axfy`wo(E72b{ayiOsr{ChwT8^8x-e|EM~(`T`ry+)`tnQVXL=N5A5k5rv`
zb$inq1t@Fb?PW42;+2<fv9rt%0dd)Qtfhb7x+RlXxgLsHT-zkI{b+X^6|F^*FIj>l
zfIMd@wzI)?PY;CDDM&I#tS+ZUJT@Hm>J4>yZ%BnJ41ulXU<A127p_R}zq=wwM<aYI
zREiSnz#}Z94r=?D8x>R;2Z)b@DRTXM$rUj?(08Ob4louVuTP610))_Z-I@___0485
zoPPGgL~AA~L|g~XaTEJnr+g#wf3ri%ezHUG9#Izbw4?MVvr=IfDGyB=EKaEHy9%M5
z*sE!-<Kd;<qTP0<BU{5gq=s`vNllsR!wMr1)S3$Mc%O#_+O4?RlD+z6+61Kn^Y7#R
zF?PSYuOjOtyW>KrE~EL_L}K6`qbI%sB|UIs_!QRWo0ZDZlLl0iY89?RLBNeQe!H=6
zcB9JcgIDy=-_+JYdzkUbWrfx4vL^QLds;e86dm(-4%;;nZTT!>OLB3Z_xrqzm?mX5
z68qcmeSR=4tJj!FYg7lUfx}GZ$dU5WRd$w@q0(J!<HeT#DPRq(5zB>fSc=DHC)_FP
z&3MlYqhRY2q;q70EN0*m=~oj-mKq1DA+v>}lds+82dfEbETq<z&_5d?^pP#c=`{YF
z|K@X2wUJJ*7}raORSwqJP29%7yl`KW1)n%s0v2Y$djaMw{pR$9{Atau59sOb0`CjZ
z-UJc;x2PQG(ue1ducrDuA<oWZ^g9yU!JN_4cY1)Qybr|TgX!hBpC}no@ea4#dpkC|
z5^4=TN9*@RhEy9V_2~od{egrYk+0#?4l{$9f~S+z1M?v{L092MtY$%HZt>gU4HV>N
z295XTt4|}ejtL)A1`W2OM5M50>jo<;PZ$_Xsl9L!LOZutQ(4EmIBs9(1o&1ElqK|l
zbL=K{kbG=L6i#JaTxB#6sGInchoX3(fvGyA+hs4VAJOHYm`BK$M|>~`PCJ-Zod(SA
zPN-52LJOmOke>FZ4li_Z0YLM{QU%a~A8huE2_Ro+!1<exmuN)mKl_^Hg4m^TR3K^l
z(c|)b50DA3)h^Wi->+Jt5<N8q972L0u()-2`&A~bEh*Mo=_L6wKcoiCuRP@o9-yiV
zT1*y%?A$*vU_;!Ed3Sf=lfZe!7p4j84*J&DaE%wkD^ZNTq6_A7w}UDd*X>W*J|`vB
zzxLoPmTa=W04T_nE}4kX{4G}9xaM`hu87^(WQbLemls59apu?W2lr`l7e6sxGwvzZ
zW<(M9$Erd27sEm~z?Vw=&vBA5&KrGLx`Brp`ifCot5hG!v2`D-aEJ+Wl*1Evm6~ih
zoY8dMg>Di6+UPGmiU&V=6yM$t>NsB>X#xHvH185_&@p|KOXDRKp&};-vjL~*{E04a
zCf<J-3|9@B+^D{J_K*b&Vvhz$GL$b=m5X=}j{1f&_>+}N5Zz7=kDEU`Q7IMH<zzBj
zsI{ab+TljKjtqFWJU^N4CAm}={+Mz15{Wblj+v9)?{2YDTFCsb5i?F!bw=VTC8OmC
zpX*pLMUKs+Fk->h`ay^m11G43&jPs}6vX_4MiR1dvw9|J=SBj0WzjLY!#90k)-%6n
z06)N;6e~c8RsCt;czL86YrsxkQ{@aS&U_lmL4W0__!P0Bwp%2zzjcs2O<Ok~wqtMG
zhveKovC~Z79d8U-BjwJRD?}PcX{lA8E|v^xk=7s>qe=Q>MS0SRxj{os(aJ|H8sm#0
zf*~de_ak^IrkjHilYO7V#Y>oNOFY0v^N#dB!Q9is-QCez$^jyY`4XTH8fH2VMa>_<
z_Plg?E$x@a-s49@kI%<Vh@nfMO(&hv0gKo7-I^#_g*=K+`s&%0k@B**KAHR2j)EaQ
zxiwX~h=R+I=fRp3!{D-KD|tAt<VDSTCodSafY0%n(YMVnS+=$XZJBrfI?;{dz(nub
zSuiocppD$R&&}FyQDbw@%heoSE1&v~jh9auYtXDuY_=0*lGaK{Y*C7--D!D~L0l3|
zs9xYSaX{A0GuRu!bw$|Gw==&9lk36B9SMBY-tyFGW}67W<H5n!Kb+r*4i_6wb}4_q
zR^l?aQ#bzh`^Z8^TV35$ty9S7xO(oQ-GrLE$G$3+)X8VF(|R0%G_L)BocI5jVK@Vb
z&#MPIPJVIv(jzj<i>REyuaOYJA^1-On&*Hg6Sr=o-t4=*mJ72dm&@3~V7Mw~ohm!j
zINF+?=7EI1B!1NP`kVXxO%J3*OyNjaG)-*xxB+2mI{{&5c8_1X1!e#07G%{;(cywG
zkNkjhC_Z>;mbY8xw!&9o+GF|o2obV>ngz`K6Ffmb`F@rR!Q_{{E;yr90tpo4W3e-v
z5=&wvV_hC|w0Kj)R-)V^0mCb1h^K^tErY!{X^ltvecfT^G8b<Ff4cW$=(s`JO69rF
zn|XM@cXKnB*$mcFYNHp8a9FR;e(X0Brd3<V+j*L9DQ`9@Q{Hgr%U}<~1$Fk@s4S@f
zUjR0a`halqbwfPN?rIl8#bO>bw6u{#p1<KHAN-;vf+u@AyDtrfS$kR?R@yit@tEcf
z6@i--=8>Ue=r%hs4mhYX3r|6|E-+}lv&8u}mL$poFu?9%hDOh;OAb$}sO=o&Cxy`Q
z@td!Q$-l)2PJGLMoqUjhKMS^`vNAD@umPB^OydhI348#^INQG2%dRM9c(^TUlS`b7
zs|YClFy(FXRwT#{<OJYR3*B268a^>OAr)f=^psXS;~9*8m(Ba;mh2`u!qk)^I31I*
zLQ;r7xjFn;JmYP%$<3|0Cm`YrUyDe!>)b~7%lvmSsWJJ#6Z(U8_`5sFU!c*4%K$8w
zV!;J$2D=d^Bs$gLuM@wX-#T5aN<L!>JV^l(|NESs_&$LvwQ#pr3c+c~$^{Zlu97Wb
zL`!~mmiq9z=9oNT)cc7Va#mWvaNC|BUnT{9cLMRI(-G0Y)L=lF4h+xw#}s16&KpP^
zgw-?u3>-AwX%vFRuy+v)@u(!X7e1u`i7ro39>dp{@gAZb*4tm-XlsYKvYFp8Ff{c0
zVQzoZ$Um{Fp4nYLw5z@aI72|rza$I+{_Rouk9^*fR60Tqi*Clpa!fB~$86OZ2~P-h
zn~Bgq$NV`%mpI<Vm}n#czAa6dI+&Dya`>4C3TV;Lu<nOpJO!l{T`2lsPfLZgz|>M7
zPaXIwD<#Pu%>OO0|0)mAmE{tD@j`3NZl*J9x>`}}FGSy^A@J+t^>xJJ_h2uqeVh%4
zlExU;BwMzuc7U=V<f#}p?M@x5joy`X>@Z3ll+n&H75{#2i<-mk#aT8&`gKADlnA{%
zfv&aga!w#E_QcE@bbS|Q4<h@vU@NY11KQSiNS%rGQMcH8meB+O{0VIE#F}eqWo2y0
zIn{b`Y@#okCjjGiluK{v^Ll~+yz5BLJnsW(JPj}u=n9zNNmA<KozI3UvL8g&YU5->
zUMPGjjN(=JL<dB?7_uO$9;kD1<o%24f8!_B-|X0&4UhLa&-kbg5%B3sIjeC!Ox{rj
zy()?o#nHe9QVR49(NsUJu1_W)Ti#wwNUQ{V$G@<NyEE$_`Y;mWXW-s`FVDGtqZ!sm
zxvfADIz1(&iir6jyV6LrC`X78#*4Pt@G-O;&he&u=#fVgIK1ddtByRi#R|9t%c*}i
z{Z_U5(}T@}*VTpYB=>czv*vc-2cr;TUON`)XDC$%!E*{bK1Aj#fcL{1==Mbb^l7ov
zsI<Ch{aMQ8cXtmkz+`vc^=xv7&jR)ZopXV%oa<^?+-LO_3|qVRbp%osq+I1Q^{Y3t
zrqNyX&wKER?W9MvIM*kSd^L?9s9#?_;^W?^l9})+jlr)_K?K!yS82eYCEl$Aye=d|
zs`563Eh$#aM>kE|5y0<LQ@#uFm+!$_3j3MeF5O~)G289o8U=HgZpHOx-vJ#t;1I_i
zmEbZC9}_P<f$N+PD)z>BX*2*c5#r;>UzCMHJ_)n9G=;UvHYN`6rN_N2bJXlIZ)!Gs
z28cK4P3kOX(+R};9hUo4v@0WJwb<;1gwt1AdsZ^+qKD8KwbWFG<2#RHrX{c8uVgAS
z=5pZ4M-5V;DLUtZ8EdpQU%g!?r#IF7#9*r>`sh&_QEdIZjl>HHsU9x1CL%$N81?(<
zZ;j#gF}5(nF1^=@<c3|CSBm7v)>?Nj^cjnM6~V*)<T3VXgS&#RB5q3GBSJKnR%odP
z`u~U<d>=uByqfMj17L&e9G8Y5GLA#TJ~~TVdvS@ov@Qn%5mb(YxtMA`|9(MuQ+Cf~
za$xHCQ*zMEI)=hetez_UnrLP-(qj?xh!zOE`o0y<VN?e!30%;HG=+)67h&#ux_>4m
z_Tt`)Lrua&<IM@ue@AqkEch?E0v`!3_%9Tg@WFUhl@LkrgP@h_FVsEV!Jr1W17^?p
zYCK*R0`$s{P|Q@11$TB)p)zJces}@??VcCtyS4V@t`ryqz+#8zv0Q@LRcdX@ut7D3
zFC&hD>JS7h!bmRZL`ILnJcA#AQYR@43!ZyfrhYAnT#ND2H1i8+F3M9I;F?QHK7N*j
zr&hf(70&3VvPQ`D-SW$F1vw6IL_NGOUzJ;7o}-3|_?LZ(4D3_*Qa+~J)yx!(p01M<
zz;GjjOtC#EoqeTLL<r>xg(Lmg7nu4-L%BLwwaVTj_xXL4Vvn!R61H9+ZtD!3bigTp
zt(_A6?p0fjK7!;@UmwAV*^3ep3?sYf8=O>2mNHH+Gl=d?t5vVp^~JYne{<H~I<$Ho
z5*Y7dIiGm?a+zM3Hr|}D*1EMAm&43l#$am${ER~B{!a%-xI(f^nx@)AfRL}PWGDm+
z6pN56-4(ba*NW0BAWnj!^IJyop0vFQ1%E|FaO~SMAL`DYk|EC;F2}BPFGATXbSYs&
zO9M5}$-4u+7&9=E;>bi^I2rW2UTFogFzEPJ?8!yn)gRI=%$&&LQpvcweas~OTd=a~
zq|E^T`fJ?s29TDanS!!QgyHnvM+mVtDO>}|$l%5Bfs>68bWaNwWwam0+fl8YDky)|
zdQDU%%@Y*@e)O_1RU4f>ONK~5Ta+PaaS2z*Y#2g5s1!t|^U3lMv<LriT|9jQ{UE*P
zHpJd+fTLmo)hT21b%m#DfkRaJI|U9jx+5BDW{Xo_-?j5!u&ALDmhtqB4EIl0gQT4o
z$o>W&=w7TRn8digLRt}DVU;CN;=5@sHd8fQZ`Sue3y{>pW7?jB&4`&!;&A#LPv4e_
z^;f<T6Jif>=NBB-=AO>|xtd|MLW_Nd<3r#z0u#LL@dRY%bJij_ex6dFdQF`0`UQW?
zx2fHua#_3}SoK;CDmN+wBvlhtd6b6!bU!n%zax#;ILqHNo?m^uIEUyC4-exv9?Qi(
z3(Y*pL%O1HRX|U1=sWn6S-em#bVa#<-%_5c{o2a1Qz>O{Ki(EBbHx>`0kRR`5&TJ3
z{x0w@b@V9eut-MJy<2F<Jxl-gHGQ`z6WjTTD;KBT`q!r^tiiO?_9pAWEh!TdqlXCu
z{x>D__36|c$Ylxs<g$Qzf_*)a`$5Dm32}3zg-t|91_7Oiu9%QqK*snF!v1#V)}J6}
zgEzpLBj_vaGL}%fWw@oq0U3yQEfmvusab`?lW%z%OregaYoS=GdQn<(zOtg+sI<g0
zYPDF9rH(@K_<PFszTi{DmIqZ&#`ggp((y@A_-&(W-=2y5u41HMcAM9R2T$)enRDf4
zj3*$aP}tI!Se<tO?R;;{tBBEz_h?QP$7!=ArQTwq=Gmi#6{m*;JK46Vj+Vc1knE$!
zR9{B&Gexh>2S`dB8Rs2rMn?U4lm52Zfdnt!Qx?!19E*rqr^m}iIb$!kIuQ`~H7Rh`
zd?)KWCHCkl@8Bs0@(!(J)KlZ;DCy;!OL*Q*uFI14;v1Q@Hjvy7IHt^Ot#?}04Eh-_
z9Piv%7{-8qtOWb31Y`Z-KPMO;wJ7QPt}UR*Zn-eR>UX;JHv*c5K)i)!?NVAnf#~Wq
zv3IU=445scZHY)wLTSQBhNZ8yJ+fw}FcUpichV3XLxWrr>h208#Ps+qsdG+{XyZn2
zVjh*e8iO%QB^1;WWibM$retBp{sJs;p8X)o7Mi`&msM0}emAAYc+=ZgWH2mkP;7&)
zfLN=htgw(Ru5+IQtK}DC?u*XUhKLXOX<&7tsZy{Du;vlsqRJDVP9W4M%Zi8Mr&pK{
zfVKRMOk<hQ+PLPugFEA@)b7oHRRoa=Py6(QG;(7e>C=5BPkcCii&_NZC3Lt84({}(
zhU`5c7CUb{NVa8|b=Qq)?vK>1I81*Vbz0kA(AU=9n5u1A?9@(DIg*}=bZN>T$Cf?c
z+_<C`@rRG;0lI+x`ijsH12PF19-(L;m&gc>5)`%*b$<pY)gz5c2r1<okg#NLP-j{z
z9I=60Nt4qK*6bMynTHu=^7x8fZ3JNoa@>q4@=yI%%sBQSXeI-$>vcDE&tkF^8)m6_
zYqkjuCV)fKYn+rnY35MKldautTtLG4_B2A-ZO?XRTedPd<=|83w(l$p21Y(#C`awL
z;1ZLY8CtK4LOzcIn1NaEwWTn_eG!YdS*xev44X25N|d~gN-P^ZHXwBXzm{HFe-((8
zDjkMtCe_mo(-ZQbEa_fs2vTBncXM%5lWZNum$5)H+nY~7!r}jkC`kViJG>wYjC_=}
zS|ghOtj>ZR1`f<5p;1<`BzVN`u9KCGRmEl>Ld~BLHT#=lUM2{0qJJg`^kJiY-O)%X
zm=YrmSk9;?nR+abKSU5`fLVfc79~PGa8lX#u$^hipgmE4UtKYp5<7K2GkqB#_WV$t
ztoj!h_20N{493zLdHia0Q$4Jck*R12UmgdLY|Az<rvza&unGW}O`@NWmOp~fiy*vD
zLdk)yV*Z-B(hm0IP0t!IsY3aiXv+@g4VO%M7t6}ptsWS|t6UUa7)8R$xr!mUhwkW+
zThKF=M0)M;YsPXOo?=D3h@@Ymab0ilSDpT<!nP=rUu(Aes_{FownG23o3%dT^SsQ%
zYimzrEc~S3ze-5?Wi1w&aFdpwJK8pY2H<nH3uH^984iWY)v7cIO%jq1^yje|wa#<R
zxWJNzbV1KTQeB~Y*;biZ-Ulx$Vz5Al{nk=s%Yal7?Wu$#@UMQwcdei+zv8FBqt8-k
z4ze&M%BDANomwtb1B?899w1gv5Q5W`m)U#m8-Xrr3{}}Yj{<~e34l_^la1ZcFX6Zd
zfhYD2OAB^iKWn`;0JwoyZ<z}o#=nWe{VBfqV@Y9^V~JS1o{JU1?`g-Q2)?W&`VlcS
zt2OPj;6i&7-V6YIKaG7J{u3B#0@^!2#;iK)4)DBQTcO(3+(2st@Ekv_-n2I_Ux6Ag
zRQKzpi8K(f%Z<z03hxBur=TeMTOh)QpnNq?-~S;yxDXlt=HrhUBun4!^wq&XV>lhk
z;{GD=BTW5!z2uW3y4u>w_uq*e49=pFFf4dRdjSOTr;mQLW%s;cq&P!(#1XAT23EPK
z=ZJ2%UZ3dh;4>mp`lnKgRz%16VktellLM<xJ7;EuMMXtLxhCdm3{`f|GGd7Kwl497
z&mj~2cjkX=sCvhrZ-TVW&{y}}B|gx&@e-smwvmmCRjD-z04@i2Ay|FxRc=r-Th(Lo
z<14G+zoZ90moYTl$^vqaI4TU~<!Dygx+evSmeRn*znrX{5cy-3-2f!1j|?6ETq^me
z91&p*b^Zy(7k}4qCXH7Uc6Npl(N;N2y|<)2fa2B4j`Dm4i}^S6L1+aL9U{ISkydFp
z(3Ze0WcqQ6wU)+bT^YY+fhqP)v=Pd(4yrBO%2)Z?h|TTz54M89!zk$}-7NPNJS^xp
zV7GY9KQQ_2$e3x=b$-C}yztkIVO7{q(;67?YQjB7SMQ@M%8OUE=#CoWk#RNgbDt^R
z;C%(LMvUp_*i#XJ@4j50Ek-$VVBA$u=ZE328F`xb7=CB87tY1RUEX{C;d1B^Wsg3N
z26H1VW+BIw0dgHA{7><IO(Eh7^vA^tB9a6$s<e71uW5>V&B+vj{kkwPw`L?n1QlOG
z+elym6{Y~MXb}5mbwInbUJD9yP%SQ(JUUkz<Sp*w;5dO#MhEHOQ#J6|EwuZdN6^?e
ze!+?#_C$fHqiWs$--;ybTg>s~PqMi-;E;ZzkoEnJSUlb7u?)f|$*H}4&AZ&qlbHnF
z?jf*<O^H{!fS$qE-0<=)yOAIxz<X<@qXcE_DD22%jm#qFJx6BN{H>eLNM(?aK7B;K
zZZZw{3;kO#TASfajd?EN?qH7A(ag5@tNl`m{Q9G6hr=B87TJ?0;toxlaejVEq^${4
zFIq;}Udk5@3@0qWdHjULFQ@?uJwDl_1#Fq_a*u4$DmVq&qZ_{4X;{nx83Dtw78CVk
zi~F-vEj@#|Fb)dccISaM>T@GPHWxBCrs{tvjQo)V@R0av(Yt#9t{X<{_a#201{~Pk
zRfN_MESoACcS>i3&RJBDnTQ#xJjqz3unXiv4p);95CB_k^2pFq=yz@s;ocK@b)jpA
zQ63KU*?x~2dT?g^6%x=LlHjC2u;vB%x+eP{Y69?LuY3S4Ke|Z00#XQ=2~93R3g>HD
zC~mq(C_OH;B$PU18msha=dLkmLy~NsvJAHz)~8jNyf8qFC8D3^yAFM7h2`Wmy1y*L
zR99^4IU=<4h_616*-q^nP>G3Jw{aLx@O(O{<Hs5tcPC&DEM}saq$~LhGsN6{5N7f(
zB!7h9`=LdT;N#iuC~n}`tRi5p7!Ag=uFcxmYkSH{_RzRK^55xaZAc>PzYzSr`Bbac
zFCGbv>Ob}w;Bph=#Qte*wpZnfW13!+SNOJtJ3DMWtE8Ul%FpX?NH@^wEloV(S{)uv
z*ers6_xfq&{1=h`r~CYVxc!;g2LkH<ADR6Og+1uYTBZBP08Myl?E@J5WBM5KOPcV5
zGQ>V$U-O0Gsy6pCV$KsbXG-F;0ix*;JF}kQg?FyRDJ6fe`G4%A#Rur3ku2SsODc4~
z9pLFM=zH;T0Sn0EQ0NV#rF*`6j93V<z_0&(e})Rxqz{<m@$qouzx5vL4l$nJLl2<p
z=T=0Apo+?H#UgwZ%kW}!#e}MJaqe0`bkgzQ<ByM3DD?)~QPf#k1uv;x=sT(7D@Go7
z&J3h`z=YhN@uee1m#-&-ka3bg%L@xYu`?GGPv@%ThsdyOc0{O$eO3^q5NKPuL%$O^
z=g0#G(Z3cb{?+{7y*hmUg3h;Oyf~FF9`jdmkANp7LRB-_kD7p8GFrHjtHIHZZnM^j
z{bBsjnUMy{bmu>_c7K!w04LsG+_ab#P|6TGgVxoU;u10IF`8%yQ#YZQoZ)0r#9Jx#
zoI_uAz>CdRw5dFb)@2}VbjDd%7Zmr1oh;@ht8%Nd8^kcrglSzAPRmd!hq3!?)BLDr
zZssarc+}yB+#isQk=<0XH1N#nrO{yn59W_*uOK?dt^q7!@%4C3+W(JWz_WlWo#C$q
z6GFTLO7jQ~1jcitvStTJFWBcb?~e!asruFUAhXWA8o|?rBSg0;P3z_O!WA6EsgEsu
zS`&S={0inBQ8EJNlVIdR_d_ibf4@-eZYjcL+z+^5OBwVMZ;nsS4~4|iL&t0shu@aK
zy}{`@4)eo6pedMIEVIEWgJ{B~lAkh-0v#GsPnY7hunDP^wd@U7g1<+zX;=Mw_XDc8
zr{Aith(ihnG_%WU7bZc5asG>H7ZC5nF^gyQR~<z700BNP=qTorub0&Ui|@r(+SSYz
zTyk0_OvA1Np-p~Sim-x-7uaOwhB+olB~|Lqo_n0$l=DGWDnkYi_d^$*i%T+8j#TKT
zn7DfXAXl(QTp=O?C&tEl6@$04A|HQ~r@paITXo*(osNZ>h;H?VBxX+ggX^U&`%2x%
z=G{|z2OEq3h!n6Co;$LqJseAq!eur#OuEFT$*omSFR|%OOIaZHjgab4slt}tFyzz_
z&5nSne&08H2Ym!DEsT4DKMj6~FfD=@Nw$GTJ!O}hdMO7!RQ1koN29e$h8Lw40@%a|
z{C>3*hL@!<m?3m#^~RActc>{PP#lzLN6npqEI%y;MD~$}AhJIU7BRyo?vPmQGu8i9
z4Ja^=zf=PP@Yu>^F5e26@7|nUz7_5UzyMjqJJ?dVywz8Cd!<nYVvW!>cswBFUNWVe
z!SmeJC}|OLggdXbE9H(r#40-?yfA2kd$Kh$qLQ1~W{H9v>M)2iBy__pOGw1)59^T|
zaD|-09)d8iY>X0-(bj~_PVc~w8>FYDq%<}f>SikkXBb5MUwj2$MTvW5+Z0-8-@-2`
zaWMv`t2ITkenBd{M`p(+Gc$N}Zt%)nY=i?q0+=F|0UQBglIf`d#0J;%&YDLkw(#b?
z>fx<YIvaPXRj)R2f8UiO>iI;Xe0NtheM=1jC|BAP!sAbAbGhKdJ{ax0FT@g*L=mRq
z1#Z?N9&(8wXcAQu8S_-YKNkJkHqb6PNcTS?jTVDfNMk@1Tbab=bGY-)^s1)9zA6X6
z3R$J?kmjk0OxjX8HPF>D5#yjeVWFkV=3WZR44~(`Ub^7^U8Q;35%#p%r{*x+cj3Fc
zLAbfppx6)+AUpSb<246^_v!Wk!ehc_@T2YBgXtdF+#n;vw>G!7l~y}gx|hY%O%^zf
z*<WT6{ZY*L59v<#drFg71<KFE?ExcfW#X43rg=yA<B0WLY)A#PyubO#aAyf|_@K9{
zFD+&JrE22s(^R7f*4Kru1-L2--1bZBl6o#o#wF*07~I6efc;DW!9}5kVL)QVhuIU|
z1sv~Hb}QW@@hIgMMw+x=rfX`7DlWOgy%zbm691}4RIdESPa+YFQCt@M#A~p-UKZs!
ze$k!;PbmVw8{5bx2$j3>VUMcLI`nT6r3~$$mRGt;eTD!CDJ;x$Szpo_(NT9<UqTM;
zL8{eLXe_6IGCg`ihj`9&y$jQu(Qv8wM;y}m;Z%SqPfnmlemRy@jUkuIv0Qi$=h+lN
z$b~q}o?$mFxJIfRoLn0{JxfrA3&$N*U6qCzFO&%`f_TQu|Cy};u#{J&g>LZQ5$^7u
z$E?R=LGbQwMSCSDPYL_U03~kKMcr=znly@48E72U+v9v$OT@BJy82s5#x0;!!21`)
zjsH&pi^p1&Z}XyXUl`+sT)s!IS|9zpvtdinOmi_6zqKP;H3gyc<u-8a@>b9mzoI-p
zLDwed`S01*Rl6oK(j}u07nTP6cze`6r9_11OXHmPzaEn(KzsI59Ge$3#_P}NpiH-=
z7!d!i_XC!mW>ld3Jx0^s9?<24Up27GG)t{S@)G_))0y(B$obUwjMDUir{t)>y5nMl
z<`epVOr(Bms!~kzhqv*p&kQ^6f~$A}@(}>8`Y&~q80!plr^T<4LcXrKymVSq>Z1TE
zs3e66vo0#AuKHxb1_0$#<_$|ge=w#vXF}IU7|>DFMwv!He0{D{{5wE-rD1fvBu5cV
zs(B3=NYZeWM^>@0Q-X+N@3L&-VBuxCYQ&p^h+DE{q~xp!_?SB2a>X`f0o3EeFag3s
zrA)$TP1c#5UF9lIg8uPEA>?}o`J-<$V*40Ly;j4(Yh-S!z+xn;`K{<LhiPTYn9f7Z
zE;a9wi+$;24EagjjPA$OAiGjCkR2}63?%la91;itzta+kNk>E8O<)QZzu=wJlx_iG
zQ&3507ZOv8F6LH*&<v;kqJ#HYn*o>M^}Y<a3>u2?M%;{=M=Pt*+im#>vWDV{#Q171
zyIp-_v!5haSJWcfOx^x*N<%})1K{0+*}?lhfx%4+OSch!H!;RDD%SVGTDjwFQUDG?
zZKL1yanSxLfuJ$=ND_lGKXs!px+OyLawu4WNV3q;piwZoqmeqLGV;OL{#yRz(~xiZ
z$=@fFYg-t!W%mE3G?L`KuE<t`Rc$8owM6D>1L_D}*Z~!Gu@ccfLBZx}Fx{Y7cX?wk
z*R@FV1bY<U0zw|zKQ#>^z_$-ZdJu1P%%r*@=s$_S@)4=GSr&QO8{H<&J3sudJ)izl
zbwk3Difx7Ag6Qwnnpb-r{8Z#maYMT&M1F8#9L${<Eepu#4c1pYWNHd*Dyf4Z4`S@b
z2=P+V(F;(>6WkVPZ0GwWo)wiyBakKr)dBVKf{x1gZ2DGy-fi11`<$<5s?@&Gh1Hew
z9kV#c&@SFY`)V_B(GFt0I;mR>c?ILIZ-4Y4SL#Cswup-G`^zBk!xkY4E$EfTAX5Pd
zm&!&aU4n9E5Q?Z-1A>2P2{YW|56>Eix&(Tl1I?HVY0_K+92Bjt%g-S9?GTrV&!#*v
zgg0q?iAb>2;aO?uZQ&CAg#EBOr6@p@!9Yy<b#H`y>R%K>I<aLxR7;J*y~H9f%K3hK
zobtfqB#h5KrgxNGe7p*<gi`PWR4AVuXy$$9b4NsfM<Th{XN(WPL|!p4Ew}YSTo^$V
zgk!N87`;-H;67G&_EdHO^%yvEYFN5}nTQ{IK=HKSesPQ6PUqvBjh%dg=Q)E@?2eyi
zj+2XCTb)sh?K9^*j0Y;uN=yvHet60E`HH@!(`u-?WFm36q)<)c0HLO}K_0<c-dNzR
zulFSt$$)%CMOM&ZR}%r=L>kA7`E&oyd@3gF&2__kkKLgIiBoq!BAKurrJE<1DqOi1
zrXBeE&{+ku8*kNiXic8ym=iqSm6v%kb%cgSbyBO6k(W6OoZmftE5t9V_^!J22svQk
zAgKhVB7-3R(E90mE5?f=$KN{?+E74yoc})jZ`-q9ITOByhCV;cLL}C$-+C=^pY0W$
ZBSPUshBgVr*kFJ^5~4C9g+e->{~tUlwS52p


From aa7c5cd31fcdd13ec8233040601061ef79796727 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 26 May 2016 09:46:02 -0700
Subject: [PATCH 11/92] feedback from TylerD

---
 education/windows/images/app1.jpg             | Bin 34004 -> 43896 bytes
 .../windows/use-set-up-school-pcs-app.md      |   6 +++---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/education/windows/images/app1.jpg b/education/windows/images/app1.jpg
index cb7f4991836d2d930995a9d56fcb27e41ff71c01..aef6c5c22e9f797d84883aef593082464a05b07f 100644
GIT binary patch
literal 43896
zcmd422Ut^GmoFY)6cnk_n<%{_y%QTCARt``kXMlsLa(7lL3)#}AVldcAYE#t3kXOT
zkQSu3gc1UTaN|4k&G*eWbMMUjpZ|THd-Cj)bIv|xt-aUUdzIh5_;IlapwrRR)&yL-
zbP4b$=?A!20@!Q7Aoc)&o*qC1003MCkYBn1AR`@JBK-hlmjGA(ItBpD$jE+Q`Ktg7
z>Hg*T_XR_Gz~z6re#6`F#@~-g*GP9qd;kEd5-(-}4*-9VK6~lX@BJUYx65R|_g5}o
zCc8|2g`E7aLUHXXImI;!a`LO!uU@14y^)Tnu2WL|KKcEUe|hweD`aF>C@IJ({<`IV
zw7d8Mpuc(v`3H#X5)a@H`b%W=moB;h+$2h`{6*exj{e#%{Xus53ONOdjO(Nu>gY)1
zlaY~#zCxmybaybR9&nld%8lDn_sAIxpHc95FiO8l`goQ1epNe@(Flf5=DBC+HA-d{
zRyKBi0YM>Q5m`BT1w|$02M;wgwH|5f7@L@ynLo9#w0&V`@8Ae=^78ia^@I5bguM=r
zh>VJkNlr;kOV4=wE;BbTzo4+FxTLhYrnauW;d5hCM`u@ePw&^h{?W1ViOH!S(=$ux
z<zFkSYwH`E*!_dUBiu3m<n%XRmq=asx9vaWi=M>SAHVy6;x}KH{_rCeGWyF`ZcCBh
zxMxW5%!7eP`qfp&`$-?G+OP4-7-5*6dyY^t^T{spV}G;u7ia%H#zOx;arSSF{hhBF
z02N6v|DY$M2LJ&}D_Ghn+jn`1U6!GxRi>tGZvYg|t{ZylyjTH$ta`x(AnY0(Uy1}O
zNRwRv)Yx0Mmbg1<sR#ymyQMjfZUdJ^YjGb|-pLkic>eStO)J%DXwkbX2Z_p~`?uc`
z!rBDm{9pGlbzT6B>|yJR`D<$LksJFHD2;>aX5iq@JjrhRi2|L}9e$2Vwc2KgR$%?i
z2*mFN%#Xll!+Qbvh%mYUw7*6XOt~>h_(WnvyzT{n{Kf?UYr2i14`C+AVum{sS=z!d
zv!-F-G1pqQ_fAvN`7>6=T=xW}dVWA|32->K#9Z~id-n0VGeP-0RrMMg1hRJ89X1;m
zcPl@fmdyfjd0qt>zdIDy$8ECy%-a$5fm~LJK}ZG)Q+1gm&Ktu`g3Bv12C9S4fbFe`
z2Im%oD{)Vqyo}OPd_AjM3b?%YxLkrQLF=%qSeEE(%U!1kA{GAy09||mc%9f4xvDNO
zj>0^XyZ|uSR2IP$I&&`Lmuw3+7N~rvAr-2(8Ul(UZaYd=dSCC`p*i66lFaZEyOQqH
zkakbywd(_6j|IH(B5kND5R2%j!N>Fu^o&@;#<qz<Q)1M}i0r&_PmqY^&!?ARqki!N
zx*YQDyxW>^5zXfnKAIU?<*s#>C%!ffQ`?2AK<ZW2*Hd*haVK`I=`+WH+j+aw2c8Jo
z3qXe!8hFYsCrMx>HE#D4RV}nW3X|ewb29#$jk0-F{xcN<2Ub043Bd?CbuI9KqQTp!
zop|YmZo_M;w{2CuPEJ!tYk7w>9IF*dbNwGzXs1g{1_|PsFbD&zL8OnG<&erC&^|>x
zF{)1dz7pw^47xsc?#E^u&YP;J+r7uJnl5j34|KBZEpTia(>hy)2;U39<mQGv#2{S8
zUq^U69sz2tY?}pvwzG3*QnU&CBqAT|!#ng!98iSEf3-GAV1+LL@3M?~&tLyV_oO<F
z(*@vqkocLrLX0{uBwfLNxkouXe&X%-KbzWG!)qNMYI6=B%#?ef-t!r$+ufqzL;7T(
zC|G(B9DAxH8KWuheW^aDh@r+sQn%JBq+b9;EOo^R9<5z(R3BFx2;X>{|L0IKQ>y9X
zC8IK-A#tGv&<w6_CwRWu#kJx4PzLRD57q!5;i;CQf!(q;8))r{{SKG7Z)LE!gV!1g
z|A?S<0eGNU@UI#MT;j!YpHs7E{EPIIw*JzkKK$NW<Lo6}nW32G&YHjp;Dpx#D2mBs
zXK;-96T@%QbiSv=ri^{7y8v9{j=BJ>JN`}5v<Q45ztt!2Z|Y;38#~abK2v!BZ252A
z{W;JH^^Lec_0Mnm4~l3OBPp@8Q+ffAIU4}~la`vm|GjXTS_-u^N7f?=!+YZYRAu-d
zm@swB-QT_Wf05=g_<xt=*jY28!*M$5-}lkKXgK^()(MQilW_rvDXlg1_v8MbuqWvP
zIzh}^{xwwm!;A8WH-PjPfbSzE@Wl==QKWQ4W96q>o!cthANo&KiT^A}Wg09Q9%oJq
z|Lx90<0eq=&Q~h``9=RMkw``x>(2i{L(u-;;m!U30dhnBhf?|9?~MPUCYAk9G^ycl
z+8?a~`?rxnkfh*(q@g0wm^9PIp_WZc<RuGO-uzwr|FQD-xblzZroNH|94w=;1E&{&
zNLm-;f0N}4z@gM8950nYaQsWQ|9%c3a(~x~lC<peLCSYJ+Yxq*4!*|ilau{P_<2}D
z&{%q~)D=G4l_~LYO^U-iTX$GEVdu*iwKAX!lX3DXVJK>>M<=#CYsK2_)aC;4%ABMP
z3?xPAEx7<J_JFa!73Uw%OPg6n<HJU4TTqpFFT||LZ!Nw6Eb(9^JV@h>e8Cj=KK*aa
z{r%jHLlUW3zemhelEGnx_xm^vD?)Qe28oxlsSlJwaq@oZ#x8IP(A#B~qW4_o?(Xi;
z52GAQy|I5zZacTJYZneWENz`_fxZ&%$<FeHGN;|svM$fBxVjwH?K#<f#wKUKU9scB
z(6l+Wj(dFQ{`s+{$hFc^1y^AOaZBxu7o&4-E<=y;iCuFo+9bX2C+U64KeLl%lF}Ps
z9lK#|p5Zl&n}GkT-s&xMWs=MeJJNhz0w-}N|C>9B-%|@4$#^TgU#VDm9|P<F)8fzC
zYY6x2$K7PlXsJ4Sd*q2vb0DUSeXBo$M?`CF*P;_o6^&&Y!=n-@@x{+_3k;iG4oGjQ
zK5($7ppE+`qU>$w&mXAZ!o2sZF2vm7Mvw;D@C#O==wH9|0Bt~;IKL14EBPN=Ge<#v
z6|!3b4X=LLM^GRJ9pB_IwoT06U96wzTO<1r3n3o47VxH<ifEdxx~=vOUI4g_;8U8#
z#9`XEc65cSo3omF+6shV?F)c4dvZkswqWy{#Mj9gMoMPJ6Of2JjmT<rnNu4FD#hfx
z<jfEnWP!}jWV)2Ymg`s$hds8Gx8waj5g;n8DIK5Fty%DBAXDO7;x?9*kaEMBi@|XQ
zNU7fE8Zg`2u>*eNt|p=*5<V#L3+@oBBvrBo^!7PA9X+AjgQ({J{3+wYCVMJG1EJoZ
z@+DCJ=-KwtgM$3*?L(zOdv+9Z0*(bAydJp@2ly}=^9kj~0RGP<?)xPT#wUL-Y<aQ(
zLrpEKk-JwIUj&R~0)+BpN!4t*FDZroRt6aXh8q8QnWXqsK=yu=^fW~Q<C81#EKkRS
zlqxJ>iCP&0En|DPn`+(^yCnCZA3EQpVY}D9IJv#R<WpbWR#Ssni`<6SiWSy=Mi_j5
z7Gq3RR<B`BCfcY?!MQjkr(tVMd%rxjh;boPx!AVqt)rq*R!qRO{A;UY##%!V=f`9v
zCL~LuDj4eZaqb7SW~Ohcp88{5A<r4d-u!6A&k$@@x>vfh&~sB0s!S1neK~c0IC!f*
zC!%)CERUchx4u);be7YWS6PvdYDvdEdajwN>HFyR(-Cc@+opF-$vy!9ie!uvUs+`h
z^)$rkZ=~k$c4raQ^Dh7u@!GooCKq)`0wkdNevD8tAU8$`@Uh8DgV+8go7f2GV_<Z$
z+>nCGpCR5_e4d(o(G#ir<wduMriWJ=VpSiU$r1;_v~B!B92i_0&BtZk_$N@Ja?8lh
zUWNGXBBEbUf;pSh^2+OL3E$b>6e@V+eq8`=gb2W9m;K^+unMs*&aQH?QOkAqBZp7L
zEqC>P7>&&4M)N;!_p|j1%6m_FfWepkc&A-laQRndup5iR?yQFQ=>oD&ZM##XbLH^a
zH51p`ylbAtf%WfA(h3HBw<mTuY&Lg$<&_O>O8n2534zt10m<z-%4N&3a+|#;m^4Jp
zcF`nqSz}IMi!XJcl|}69B_F^q4{OOUl|N4R(5UU+Wq8c85oQ6G%HUYGWKpRKad4{N
z;ve7e!KEe}{z^Bw$DP&SH&~-OK0dg=>D^jXt7jvsHK{+aGI^d-RmdIgwXMnfBk-E0
zRZV(HS+QuJOI!ckjQ*4=drTdg`o=-0^3idm<Z46mvO!DojKA1!GR$HmCOP@G$W~IP
z@T~+5Fjlg2m>I9tsm_IsKoylM!(+<Vn!c}Eq{U$$sNCbFyC(E7Mw3Qns=zPMGGw=G
zes)-QV}Bg0j*JSz#U87R%TI_0I*lIrN);nThsj~F2AG75<*cmR=UGVbyai-Ttl!cC
z8Q%ELcTF_0wzF?>cll%G!*SsA;e;HnNr_q@S5X8((!;G-?LBX|jbzo><o-hytJ#xL
z$@eh}l5bH0o-%Jd;vf6cB=#DL9|vb6=BBEqBKv9{o1VwB=}fk!jJ>l_*zvAtK2$A?
z`GJqdZ1s=^Q&mVX<^T<h*p-ck>Lr=&_pE5H{3PQQz8tA(#AcyQb@f(~MkLA2Wp+Z*
z9vMW>1c&P7tv96=B$P<&H}Cvvw0L|aMWtRLg(tFSZXj+gW^8r@=Yf!}MLGm?;iiT^
z4j+kGR*Fbut;L_@Irt2eS2UQ_pj->pn5q^RBHP5Ugn;oj)=%1b7-E=wRk=2Qhh{y_
zL)CFemp<9%>4b^h+XlcvLS6@=hN2tD1e5MXGmX!4VTiG1HPp;!-Sa}VqdobIZ-!kP
zZiwo<488uUL2XdO%APq9E08{5K2b)rJmq-i`F?=S?U{~Ilk0|xg^EHjGFWm!Zy1={
zEV?(nhsI@L10Unr;7ee^uFSdaT1zo*=jab8P}o`Y$Ly!we9|;#8qf3nDvZ>4h%OLS
zAg5AOV7qhGE~|9L4;H1~`MuE!*7s@}us$`0kp-=(F}-hFcKB`8MyIh<uuMWprN1Ti
z$lTKZjiGgV%9$GBPb_U0f<EZhcU3m=<0yiNJ$p}vgS0jeYvrHS?r#-S7=Au%q+sQ5
z+f1>5(-S$i;MePpFu2z8b-yuL^=B!ar$=ocDTBIoWZ$R=xtpwbCG{d7dc3t5$9ZIW
z)@|q1*X_C8-?Z}&=TxaQN=;>`n}Jx%XQI5v^t_?Q<T0BeEI};T<L-k}gC$XrqO-Tk
z)3qtNY+I9vo}P9toYv~FipXuh6MC=4td}%2YJ#}H^F+BycH$_J4G&(nHt#sj)a#yz
zUo8>HT80WF>~}z7m>Saf)twv7$YsBUC6H^_MSuGQdpexsgfVy8JOl6TY$mjzA`hJV
zO<LmxostdX%C~2I7pft16~iS<wdNn73pFg=;tXI!XB9B=h$9wGYqOO?P1|ke*T<Ar
zK~+9T702|F_v$12ZE8<-3Jf?(od;h!+#YhH1{8n){H<ljf!MQ{k6s7zfD@CWLnLJR
zPMvUL4<x^04rjgK@@@bm^3DBdS+hV`SbM*~!S`^)FQBrOtyYYoKUtTNW`HsxDeW44
zsQb0vd&v}PgWe0*L#Xi=fMx#qk1V0y10K-4Y2;*GnN#L#Gc#pxv3B~R&)MmU$5ND~
zAg`M*7ni47C@{KcijKtTyk+}l^rgaih;nb3cj}lAigxRX6SKk%jY^A?Hz(g!gpw45
zg?{|WdNWdPF!tLgyuXl_ph~yp>Di!U-~626x?PaUTYGvRE4~sTeXF0yN>AyG^!N(U
zcGlj<gP7H9Yt&1)1Dxay)2Wie0N2S!^=P%eXJV1!b%{){m?_<c=FeahqqzIlnlzmG
z%l%(3)?yNtaWH(d12(;Pk!d0Pb%@~jYPjsIS!-0MZ;HfvVT^l^(rurU^xx8bxUls@
z-T%RiXwOa=^2R(dJJ3h*0#H@sW=q-DV^ssu*l)FJV?=e2p&rELw(1Pvr0~Zfv3ATE
zxmp$4MRnUDw4bpW?*o?aGr$Qj*&N>k?jc^$mJ$j#r=RDUKsydpJdjc~czHH<n6^CA
zE#esF?Q~P3wmNwp51!Q=HDF8@)#6Uw2kZmFV_te{JOe2VtdIDp<w9h$GvN%?C;qs{
z+nw%h{xMxWp?O06I(pV}K1|<E-Jp=xnbrzeyZ~zsi|S-zoT_9ojJum<o_<oWCVk7`
z^S&$J*j`>!gZ&pJ?dSY_Hd^2E<FGc}i*P1Vc<9r497Aso7Y6*=O)hpgCV6Ab>E<nr
zE22~zXILnf%MbnhVy2nsOyz~J9Ak>Z$u5aNvvRb>o$Dr#YsU0@*j$Z|zG+zctZtMV
zrWWiT0DbaD%@Z1eEmg(fM<r}&CN=dF;FjJG1n5syyJEcCvfDPIJjh{^$PM$lht&!V
z0u^p}IfXEdERDGwK}Ekxa5K!_Eu+g62y;(j(l)yl)?Q{KG=7Ns(V+L8z_K)ad3`3a
zYhZ_Y>?u|uN>w|*Go*=PCeLE$@Jvy_EZXi-rb7BsT2|oB{SWMG33kFEyQFxO|F`7<
zAD0_04TO3q$Yyu4EizA?D;&7c-}E%((V#)vT#1r~#(k1;D*FN%XenX!vkCP_=;q9x
zzzkZ+V`|`yJWwRFl?)Bv(ZKpGvxLufkV0IQvU)~x?*zgO;Zzn60-a4`nG(=K$r_qN
zY@Q~|MFDjlXZ%6nv0Ax_x;|Bzg1P#X^TIZ+i6CoRw=xbl(Lu8_j(&csk!KTEsrv7c
zC0TP@#j{o-J=+^{S6hjPZ2^w{)%`26C6e1K%AaEN8fZY^JRKuz*(saecL+mGWv_<$
zaFr>~^T}Shbs|58rQ3khns5gblym93m}`*UhglE|c*Zk2KXC-J*;q^nEP8P8?S)aH
zw)+o2j;K>zo~EG@L@=<qpt_ZSJF8Q2|E&DB)XQD(^Gu&cbN#sK%&d7~!k&K7dkF}*
zh^N(Z3MYa;^HFw07C6eE9)6dtZ=-L)TBj-xcI?c56w5RecDUEda4B0S?ed-BROLR#
zc*d_^`@1bH-0yMSyIH3gWY5CnqvK>&x4nlt$%yYi5Nk+7m*{X#HAq8Ep_QgSK21&3
zMHTArjU#ood8)8Q1ev<Y>KvL8gNQ|JE!`lR!Il=643<m%mY(Z;f^v}J{c61HrlIEX
z9v+3DRRv*+ddx!r*rA;I%z{+kYOA{`Vz125Gor-_EByM;Gv&A16;(q;O3=5B^1_^s
z1FRM7phT#C#zXWSxe~*8lYI0z$W@$gWza69VZ}Gt`Ecazp}7U^7ep*ejud99b4Rp;
z!3KKs&ZxK?kY)pyoS*0i_2AHEe9w97N5anM_?Y~9fIz+6-n1Y3W|SBlU5b%IFKiAJ
ziZ!_<*3L%lxMnK&FjNml8PlWoIIbndg=##k`k~k-Xy{Z?x3Ms$2{qs!EWK|W&t@qx
zIK6&2Hf4HTv6lTkz`QZ!2Y0pg)EA_YxLfCO8@C=akY-)a!-Y0ZT%z*kKDvV?N8{BC
z=~@>V74qvf&!}idsbQ$dx^&V+X;-OLFb(DqEnWku>HN@hQ!;*&+@sG$qh#F9X&ByP
z*!wKaNn)dNf8=B{GV=xgTgIJq2G&M97Ke>MYZsrqBbnvK`b^CT(bo>(ma<!X!CFq4
zZAs?{b$NU<?mZT{@Z|y!-vp2Jk-UO>eH1%eSA#*uBM7`wGd~7o&FiaYyO2)2nTobs
zRj;#HxxSbW`VRA@kF?~iI*vC~b!)OP86hDfWlU@u8tc1A(OHnVx1ZVeY38bhEBE#A
zf|$;6uOh=f3CI0DMb8D@K8q4j+2f|_Pp6`Fcz=@dpovde0wr>7ROW6dGqqx>i8EMW
zlz8ocMMeGYovve=HfZ?mw-UagGBJm!=?0wSM93|CS?>&O{I06%&Jvtra|g;9B3~T`
zcjB)#0zIZ2I2(AvPi4;*#Yz4wRK$a=g5o+`<6vNO{*mSE5!k<wETX2or$BKuf5&*q
zMMaH+kka6_b}CvEh6}_Oz_EsHRO^<$h;pdM^m)b7VX*7W=FoKyy0o?A4bF}v9y;sk
zj-vbbzLW&P&y<36@PUgL0Q^()6i4Nr*BJwLK4maaS9;TX<_s$7Bz>2;mUMTTxgXSF
zVVP4~cy(CkjA;L)x#fZzs>mzjj71(NQ?|`NKt7(Gos!rM*Kck5v9w-!7jpsFZpXsG
zBjrIxIA#5Jxtr{&mf7{KmC(sad7H-#46{8EkZkioh<M>2w=-t4q5xqQ+ziBP1P%Oy
zVn}+3<S25U%X4A)d!0D%lbF+C<3!&Mm$mSB{2~_sULhs3#g~v?uCQza2lga4Yl$Y;
zR&&$uA}<>2IDri%_jTBv&^r!Lpq7tAO=CZu7Ej!(zRE{f#C8!Dyo8G^*=!SQ#<U_=
zW1Sk<dn2{t#K5LCMke(9x&1F_n%iHr+p&FRmHW7?M{&3AJSOBOK6$Kj($Fa*M-9uV
zkeTlr)xglnX{K)Fc8eq1q&dy#k##TYpxyb$$dbP8%;eNYZ>U!P%8BIo2C==@Fdkgq
zJ?6bM3=zn(!iKkGFD#DyTKp3uJRZikTTpS(@ppgwZ+`dR|C!zJrzylHIexJP?2+KP
zx06oOLQh5+$>|jN%ikAfPfw~De?sAfvBgD@JO{0_2ahoaKQ?o?CtK>UEU$y^*-IR@
znwsyPe5zXNh0v8%kaN5ug|RS_OQ;Sc1MWTE8r!_o5P1aRqU}*<nDS|5=@^+4U)jwl
zd)n?D@8ZH28~x=SJ#t2)k581W0YQh6>_uIM`E{g+uwYT!4U0e~c?5?Rv=l79Q!p#+
z>--p3^8s<?({+hOa+x?=!EVwFrp^zmLElWmN=z9=K4`=I^u@x=W;-X*ld}&a$i*4W
zMt<#>KL6&&EHTs_djq=W@sv|jI)6ejP~DDS*xJ%BJ}-AOJ9|ctZ`4I*&$DHVENyAM
zMZ?W)dqw|Aq-d*reu0XPnHlt*XZPp6I)M}|AIvZsxUGd*=*^_<mZaI>=HMImR(rl+
zR+r-f)l&B!`O0_l_95$DJC#>5TjOd44D^&Fs?jL>g&A-ckz<5IZ_LMl8D_I*F!t-u
zL8zNVS+O=JUjl2cbVUHCnfURJ`O;bQ8a4=6UD*i>G8OCbuiN`%t*W`0-Lv?#c6H)~
z_(5<-R<*BJuOudNIUx^INxVTVV~nv$LC4c}`&K<bOVV!LHwoRz%^Hp{b>zA!%$ve*
zVW9aejy)q|GF!no*=nN`o#|(onW9@bpt;lbb?gjEreEtA=olzax<%=kC|aV|u46vY
zYAzkW11%D#VFl#9vgtj$Kft(9lkvrn@l`#{+|sOlh!rZ6tp1tzpi*#3?y6k2>w$Uw
z2-17qwIb)~;TZsZ-Om1Ng4*_Al@^&7!>c~I`5@)<4^tgEmlK!#x@cdwabbHS%a4S8
zsBiXKL!<1*B<v__WEo~3C0~BS;}(}(ZVCd#O%=oyS$Y<j(Ko-Ym>6|Y?1PMMp6|F8
z4Xr4~aVetRCrUj_KN%X=K;#tltVR0=HINLDx`K+Q*aGArYP$$iv5KCXR7vE3AwSw%
zU1OxC*S?u|EABLA{sIu1=#+`8IrAVq%IM0F8I)^l5=Uwb!Tp@xe28Y`UYzliY99)m
zx{Wo*g<=ssdfc5hG*hzH+<GGf(LnDYrGoWz&8yBljq<aLPb^}E<iF0o&9L`pdlzfp
zio#8w=XnQ$XU2Nxx$*BXWbJM885&r|`b>!uByyaEZdRn^5x;zmrbOO-{gGQ@6a&qy
zWc@{)HXK~~`q{rG%toCybn@9JrhVJmBFD{2(w6rvF%h>rD4#l(=tzvZ7Z|D(&lPx|
zcn3>DbD(E>{SJ5_MndmdzKbo9DL+;zV=wrXkLbrg)pNA26MKe!kTO|S6G!Qd*y|>E
z+6t?yhr=<JRP&s^_Lpv>>@8}y!g8cDJRUY~GMlxp<<O$RU6rf^Fc!Ji#m%+Q>rrg;
z+Takz%=%|IBj1w;>@Taj*#S{6|Gf0`R~CX?odth}Ug*kZX-CoWG$s(YOrp(A5}2hn
zK0Z~kezd$2&todh{2Xwtuj1sHDQB+9mbR9bz^O+4FJwap?(hc|vTD@rp{I<0q*T^J
z33T!>G?{^dl)6<mcl^qJZnc1!KVpn=iYXoD%wrb#6m&?H_-Ywd(%aSgk;4+c7*^Js
z_ejC-LC-siwScq1vmosdI26SO@$((&gcke+K~Ar<05@|-pVdV>r;FWCts(DWUEC9F
zbqM*fz#)!uG?-E8=BBUBF49gW>grLvcxJkd_BF`@P_bnNcT&BO-Fg2$6QOlpl)Tq*
zY90|H6-0-rOhkS1#&64t8(0Q5L$^Q=F97Dw2bKeDIgFRXEiQ>DQc*AsM0PF<pQ+kL
z%Kpk<;m99Dh?mdjY{taS>IDa4@!Qqam1&v{{6dN%UXa=eb?@Cg-^LXM+3oGa1DldF
z*`HcC?rHcFEaP^H1pzX?BWsp)*I;{3Mc>bQF3q(dIInP{U@!CJ0-#adj97L_$Y83;
zio~W$iK)=+$?SaeU9RxzQC=;?M`9a#!St%;1^7aL7jGX7LF(R8utF#90$^7+@+|sW
zQm^yN<j<Z~HOzj`Eu#4{cPmiN$h#y+0&_$>hWpE@TjEOdne{?~xQi>*{+yHmsIDHO
zSL=5}${xZj6=82j*+pmEVf(2%?NPh-xX~!i(A6lpIj~IEtYWuTPfe0O^VdnZvbTe2
zyJ0GON~~+Xtv;Qv4lbi{w?wwlQm?RXtHltl=FkDJqu8-4S@(-~b0@N4HS!+C-J>5y
z2Me$Pcqh0ru$7rirsNa)Qlrgk4$E$_M+<DQ3qY@VeLBzu9}o3&s}ytplpyzcT)gsU
zhr*4b!MZrA^b=j0eEOa@0WrG+?mq5S8Or8CS^oEhiNZOOboS#i!p0_`T5BzbqFysE
z@QJAT!J!%l$v){?h%~dgJV~S=K*r?4mV)8t)f3MqgXF8~h)Kn>TB?RaRXX>rx<;&Y
z66x)n>Ato{&<10;7YBlP&g+RZYKgIj3pX6qd9cigQkX+mfV18Wuw_<ZR7QkB&ispH
zg@i|Mv*Yr~pAGuMJ5VugteBe_!5?7*iw@x}b`JjT4fNU2ojcZ+U&|Wktw4_w=n|^x
zP2SL4T1CQQaf$fwvLIc|Lf0TUwZh$$_E_f}+EMR7wfca^cXaF?jc~m~NPHU_`Zn~f
zJ5g>RsvTWAfuz*#kulQW@vL7arD4=6tE=0}4?PJ};+;$Gby7ygC7Ms%4dYUmnT#_H
zQ$}yZXL-z<L#+92bI;>H`m4Gu4?tmlvIvTxC%mRM2B*?D5qAy7<g{?SW0i8?8Lti;
zPRc)?9X!<O3-n_~c!@SFM)hJ!rxt4CaR@9(8{dhkS#pR7Vky}`%4RU1ipdN@Lk`Fp
zqH{l|wZ~}qJ)qpV8)xFn>!x%5$pIr!cHWG6uqYWypbhlk=q|H{i2A!9e^MskzWjVV
zuhGmYqjgik<;l}x5wEUi*dyUd!vf?}{_>2bQK<FdgdFr_)+>)Jp-*VCqv><}oe8VM
z*IDnaKJpI)S`=nFneArD5cC8}AZIi%4*i-s(=i{~sF{_a0-nm#tsmmf%MA;gMr=j1
zNnet%<C6{BTmI!m+hu1DH*lkmym6S}Nc+Y_qQ!a9nUfR){W&_v@#uDNxW~e^Hf1LS
z)gkqRFUkv{hi=R;1GC12&9ly%JTVUdP4POtepGLoblsHmq}?<*lBS>D>2}>(s6)h5
zv~l4h7Z*a+Z{poL+UT(SEmHH2mTE1-?`%IuczBKt@M?>7bwoGzncnX&ZH|^Rz8<&Y
z&8sK7DSTjU`EwKG_6=z_+NXky?p%GRQ%3b-OR?_0No!`TTh_ErW)0q-Z$V~qqrTB*
zEidGI19x?BJ~xf5WK^a?w{U!72Q77dieRLh_g81jYum|7zoH$Y+BO7}?USNU^2IkS
zxi5u?69lkRI~r%oc-kdkB*730T?}^8m27}j?9YJS<z}wxzFp>aFny9#^Oe!|<ri<J
zWg_i)K8pcH9)Vd#XS6R+;}3Mc6WW)?Dq06yC)1O)S5>8clH~b2i`cyJ?xnYBvxDYU
z=lLzh9|_Me!#&*BV1gZ|d^xmf-1kOgv-!I1m?!PK5K8I3{BLWM9}U6Q0F=uK#!;uu
zc|v`)MfSfMLCMJm8G+4PK6ZX(-w&NUG%2<)J;v{C*>qA;O%;Yx`LD^YgqY<n@7C^)
z>WnmN0AIJ=nsS3f7Ovx))}DS&F+rf2(za*99tBN(4m|WtZLscsn;fhckPJy@cZ-EX
z_2h@<Y(uAX$8SYQjo2D6g09#E1DF=uII#kGOK!{%qV$-NK=YW7q8oD3l%Fc;E8mkZ
zoM}Jvc-2H}Fp)cKXaseT5!Rs#Y2I<FUPqhIO$d>|?0%#Q?I&_HC)R4S{y;yf?`ImB
z2ot{7_lx@h$E!*stMSoMDYKbf8KZ`uwW?MK<@TkeJ{vuo{8?Yue(wSrhbhf5rzwb!
zD)#<|X;w<q+#hYB7}{ucb{G`Ln6QR+>+n~#a8u~HmOL{l$)Hzoo@20`#y`-_k@5A!
z_YGhO+8Jblv>@eS8)kOjEd_G1&u=dFx#e#lZ-<WD0mM_q4c+ZEd#=s5RtM3>%5)hK
zcoP?!K_m>vi%zuJ)C~hM(rg2P!fW1u6sJFV_joPTdE0)fld9bim4j$B%V%n<Y-ajR
z<*9CG$mFG<r5Ku0yw|QaFbUPq)OaL2O&a*@H&$Wc%lRl$1k(XC+s;knjkpHW(rpUd
z0#ZY2bb&K&>}nCKo9O2+8dD3OFw~h|qs-&WslgqMb+7GEdtl9VQg+x`x~OR%V`(GZ
z(xf=+_bu*m^c0<q=yE1WADLOviS~F5N!i3>25`w($ychZ3)h3p7b|J;vmM;d3cf@R
ztZ7+`uQ~N`L0zVxHZmI(YrEsR>FMMUmd;$D{KIh}O<Q&zsa-fXcfQpfWMJ(&xNd)V
zAj0%%I$n$0aY<-UoM$mVkA-#S`$~$<=CP$&thwrnZpjszNs3#fWK9TGJsxw6TgTde
zTuvl&YPiXbFDw2bheIyzSaK`qPp#I~l0#&->P|kS<-W>4lii5hy)FT$pg^1VpswME
zJ9m~)SBOLE*DyiS)*7<MnU59B%@bFCy=IuxyPY6y@U6J4nUya=)Yo99epn|o7`)W5
zja^K<2Fu;;fm*a!<ZAh?-K}{zqL2HoEAs%#m(=|6g>kLQ<=M;uCQg?So!XMm<L27)
z%7QL@6=Sj0trZiskZd*==c3D-OIX&Z@sASb`~$MTrlj?=s+~Oaru#?yCS?8TZhx9J
z;FUYFkNSZhJmXSM(2UIECRF@1?|1sB`N!dg^-;qP+wv@&AxIIcV*x=q;=xcix1|aB
z!FrR3jop-C4x(4<kViv;+LqM-1&D>U*xQ)!=P1GQP)X5GwtXeJcnfT<T_#Fk;uXXT
z9`FWxnYEsmWObVdysmbV3DP>Vno8*UI+p#w<4uFnY~!HbnI&j;CS-yX>vp;IbU6_%
z-&EBT8*a)Tw+K)JRA{K`l?cXZ#dmoGSNXW@0Gi=`t0!%)Qi$f}`T)PO9C@rl49SFh
zJf-UAmwz&Yimof0Gus@~ZSV!lL-;<YYKD2aSPumxGkU@V>I%ZsR3D3|@RjVNKt;!*
zGMt*vbeS?HK2)qJ_d`cV4OV9@;YsUei2Veld&&hsu122#MC-!!&)Zfb+-AnQGCXvU
zjG4fQUkMsOQDMyL+j|t>6Aq!1mJ6>?&$5A?Z33f(RVm#I4728=ADW|j`Ecn0UbCu8
z9MmiCTy;ohYR{r~sV}%r%&(1o)EgCzxJ2My)&q5(ItPSAq7CT8zc(gKik;B?<dfm^
zgE0FRy}dT`N7bKFHug8=+Umqig$^p5V)_bD0wt~N`qXN{^6Fu1plj#vsG6C8c7pnG
zyJNl{xV9~AYX$aFU0sL+^yiMcP|yS5W#SzYFtVp|Npi>0nfS-LZ&L)xq5#QtBX^U$
zAga&rUW@<6V&vk?RayJy?yZx(ZthSpEyGgk0w?hj41HjUscS2sc~=HezctofU-{vu
z9%mw@!Ag1rT99739Q)}?1f{T?U^LLlfFtNGzOsM-!dETPQsb+)3^3aP;*(kB8%Uhq
z{W)H5YM!1=BSVyDi=BLR#dkor2|fe64jX8X#SDBwQ4)ZQmDGJDy(LcUHW5<{+HikP
zPc6<A125jM?Kdo#csWe{s@fHKKH*h;Z<;jPLM()vE6h?{%G6vdPAqlJ%j#d-);J?L
z3>b#h9hG!U(98UW+C9SB+JP<AD^}Q)0IfN5KLxn!t+3_n=(`jI5d0bqaGL^Rb3e{>
zVv5a(c5qndkd~Veh(No&ltod&P)kLTyK*~{2DM{(*pBEaqx7C1OraEpf^T$sqX@&2
z{tut{b0i8cA{bGjK^C^?E>d#7EI7f;eoStF-owGOfQ?f3rsm4+#QRqjZ-ri})RHU$
z(Ps3d=9QZweUMEj;Gsbut?+F09oY6REXGu=zk0Pbd->b$n6*_<1wwN;1W$XW0n5XM
zV>J<H`~)LR`s;ZnEUxHE_%ckZ^V5bx`tdD#7oVnYni9-x^3593O-xkoSE<xJTI!NJ
zh|31aK1s;ko4h=66f@m^m)1Qpk1Q?#P9QGw$xV0|cg=Aa;d=SJ<p5M6>d?2PsU?)n
z_(h5Hl<}kbg74KV8uLu=9su-%l6dJ$b0z!p00Dt!Y`)A-111F7LxyhX&NcZZx2_b7
zHdQZxoV?ej(^Tzm#IsG|j&7~&O_$x<-)~pqo6Ag@u<)|5**-#%5gy=Gu(XTB#4{kl
zZ^Flbx-#+zI=euLpVh5l`DAfkIUv&>3`z6nk-YIKoq7IUyXF&UHU2s#qYHRhT`mZW
zw??m3Wgh6^S<nw~NM&38x^V`J*+HrisV6$xj8V(C=-<;_<!PB(+Uu#jjMwd;!<&=B
zNHqqbEf#XwUCGm%GgU1S%QSwhtMX%-61)_-pTDvJ7SS2H=Y=7BGX$>|{1H+BQRZY>
z(1Hu-$qIJTh~IfVxnLK_93$QQC*76!`)^D%UvtJyi3i=3E~+om5x=k9EMLCzEz@H&
zW$K-p#6<d9S=iuyCeRcaU0h&BBefd$;yt8Tu}*e}O>tf|frOtb#Oc<ZXBFU|6^8U7
zm@0^Zj`RFkdM#6`O3zCAme_WlH|st>mbvBSS)TL2N&|3<Dr5hAvn>tlhSSARbfRwJ
zjhBXBs|)-D!=^f<9XE3X#%p_PBA&^b(^*xwvo|^xL|ePV)+QT)w8ZZX^H=e)r7+YN
zAocICM!<Y}lWWbQc}yTug!t{sH{)vs5bN0DH;=e1tXz#+g|NfD1~jn9j;S_U49oV(
z;sV9&X3o>`O4;$omX<W$cLGmG0~=r55x|e}+$nh3DRnta`ipr<bZRLHf01gJKdRF&
zGU%5mK2ebqvtGOg6Hy9QG%UNKd?#BC(%0yv)ZD(FoSco2%bb{Aj~|}#GQ%=n04UWj
zud}2Ko+m;v)w<d80^qsWcRtw~u57`e7rtLksoPrCVKUw9iJ=#O=Yg~=8hmi*h`P$m
z0?gEvm;dqzgy=F!albiz*!?tMa;*!PK#%8L0(Z~?V8cspkpzdOK6S?SV3&feT*sXL
zoulmM3Yphq{j_Z*s(LCKMbL6z`$JVxy$J3W?PUZ#EZ{sy_yZ(>`?VD}HB7$OKv1_9
zEUU-U;wdA$3Q<b?We<@F^>``MG1B$i9h<)~BjTC1TRxgvtLr^GGG{q8k<C^pc_qW1
zN$NV?oVH=Xm7C_U2K^i)K|)FgTjQ2FBR<s7YeR<DI=lY^R<rE(WhY=uYfAPET6qIj
zwlo!$s?tq<0g&EZ)@w0H-xM0ikkU!&FUbLO?h|k0BXc)V)l;vD%*aua0y~B%PVT*E
zc>47DD0<3Z|Cji&wsf!ZBInC6-uKx+hLACN89c}mvp`Djz09G-$hHZL&2)CLr-!<(
z<e&%p--$mzdps)MV#IW5g4`m+`iqB^P2TcXAKHijaObN<HF7rZL8Db{i<X;hjZurm
z-7W^bls3NJ{?F*<J8y%Go|y8S*ot<`XT_{Q%_@B=G7o&5_r1h=B~wfLUoQ_EWtno?
z^0W1g$7P84uB2!yIezpWeY7@iT*9KXn%>&EOhP|>_~U<5uKXvMslTvvUq~pme?XZ1
zJ<?58P3V6l+FzY>@2HG@wYdU@FmJ@tM*B1m>ON`7_|}XXcg^u%bKTxo5?d?cOEFz9
zSxJ;TO)b^d=s8u-26!W_xzQ9|v@|e3BMdxJHMj!Oq+WFaxE(KOFzFCFc>y3J8xH5>
zYw<V;voJBrRy2vvuiP{hnJCuHeE;4$vx$^MVION6IeuV1#-&(fsA2K;e+Pa0&#s#e
z)8bRQLg*%US`3!B>7Cg13mgQ_)O2-QlV{L#pEQ3ZOS92jW4rABXwPK5K&ZzMQdVdp
zsO)7N20<EI%1)UK(lX=6dJuFz4On1ei(T2)Ony?iTM4u&e=37q?yUI5yLT~h7@1cy
zHS4*lx7j@mW2&v0yG@a1ty)I;@AHpbnj1Ff%Snx!cjq@C?QbRDHMRE1<*C!2%F<pa
zO<C!jwRn7ST@|P-;|=I8*H4X`XkX2nT7Q;>|J?RS=j+s9%wuADVX`KYOiEMyZh*f3
zQ*z>W-G7y!_&<XZ|0~eq|G)JXsO3$A)AjMx8hGzG;%KBqWDCx2Q%;iMe?js6t<nA;
z_`hU-0Z1$XZsi#n{SBd-U-lbw_=(i$|EzUikA7bn1TY$A%8<~UhX0*H!h8N#kkP;J
zpuZub{|*!Sca8mL(fF@LA=G2$C8aP*;qhuK84h-yPE-mRpBHnZ3}VJSJWaX(#fd$2
zaK+*&**qj_rp2q)ZrDyPK1hR8T+pmG^?8HKG;igVmp%4Ri<dst{@m2nU@e?I;T=Bp
z3Nw?n7Bt5S6gLS*)MgFppWbH@JDfHD{4TLt^E!7w$^=MiP5kY(cJ4nwz2zYz>O!Bf
z^~LUBy&6fo!gk_U%6aF7JsBb3PbQo}XJt5$s*PdY5bw7X*?G?0iIe)EL5gOt?~K3N
z`b6E^rmwA<13e)0b~&SH1*!PBbbUfL&p~HNXC!Bq3}IVR+E@VlZm?Z249w1qxd41Y
zWCCehNC@`J#Phl!w?C}cfi+q&ucZM-&@FmL+H;Z*4=nITVKx!7YkdcaU#^$C_AKng
zsx4$>fg9}k1!euU<ID$#yMoY0$B=gTqQQ~Yx@<^dkSHthfZozzQWUcSe}`8=UjTkE
z;6^awH8!v?oFf*T+)|sa44(xMZb`s(_Jcu>$6J6UZINhd`7MLC_^9L_;@r}^tDBUH
zR9APeR<5r<3`-(xW#i*9VM`7@)XWAnK_+<rT+;F{4H1{4czKnVZCfoj@_j|_QM|cV
z@l7)NX;lA@%xe``7hoePR}-N6eqep?Wt#jx!8uQ2EG8MQxL<cHbAqOrNk<u@NQiv=
zZB#poeRcpDGDsBrjBzc#F1?|gel{rY_OMUgnUe&bk^m6N+PSmgwY1yA*k&9U>qfY}
zz#c^Jkw3^6Cng!WC$={ZXJnvF>rtBRq$2by)3){DvxJ9QXBcWP0O^*xD+|A-@qSD&
zuWr@bd&`dVY1^gu4j!x?C!V)tBz25DlKC7rI`y5KlF?9uq$>YVjQvY$=YU3&J{-Xu
zT4TGCk`k*=U7UBGLHIN8yVKL(6YIi}$-YlDoi==3#Lrq*e}Dd5xLTL-fp?9_izPpK
z>0tG`W36q{dVtH1@FiHDnXw*lZBaC$z3K6XM{PH&;_W5`?knDq5>T;ey_$3yO1H0m
zil;xjO6&*LRQD=$g2OD0oG3~0obe@=4CG;^^|zPD*J?Rw6f2_!KOYDV{Ms04wUAuF
z!!eTkkIz#gf^ML{;od`^??e<HSsi;p`>&f`0NfN2Bx$3)0N5MMD4@#?e+DVyY0*12
zZ01sPmg~m;G-?maKhiEjM@iTtJb%&7RtZlFyk_Vlomz#Q=%e9Zc9lPGyo`G>>aV>4
z<^^@d4H=zJuxj|v5zF?0rXA-uVV>{JC#8JsPp36ScWV*o5Dq99^B6wc`!Kvh0`5Tl
z+y}f=)l{F|w4D1$n;_cX5{!vNFLabp2I=F$Xi1uvKMv&L*`csLoZk~9o&o$F8%=9y
zIQMi03{p!wZ}IBnNlRvXBmMdC7DmI2yQ{oI`uyl>pT9g}(=Ps0^@ZFmVo6-dHMqYf
zbl0j93w$r@BgA#pj`wydCV1n^)K22g6;kt8o+pH;#v*kLBBe-nQ`3Na-O`<U*B4u@
zxnzBw27J{oj^$3~&aB|=f+$DSbj0X#&rMFU-kXe(k^;!w>1u0BL1cG@Me3!Ak?g?i
z#xG}&^Wr^&Ms?mJYO*%O8A1%)+P)FsF)iHadA1@EY-pv1(~AC1!Tghu{R5{BABTZM
z6UeP3va-;kHv{wem7jpZb)o;kKGIZNlMVA#{NT&!l_30iIc&7G6Ze>u?F<eX0oPM^
z1!TNDWEv&NwWhl<Z|RIoW8BSdk#9v(#NC>qr5XU|k{qF70(}EcAAipUT1?OyE5yG-
zc1EOc*(BN}1+A^r8X3E}RI^Ddr+~%Zd-xipYLC5dTy6X216Rle2NM!UVFn#-V(70T
zhb5&Z;Mo%IOyXvPY^zbjyAzhhz03GnwD>U&+_^x$#eOsl^R|`%)q_2G%zE2kOj{v0
zNp!k}{3Hs!a`oPuuI!@gSr(aj88fTuke`qr!h`Y%Qdz2`!5izuYGCTa><TUJe~uY8
zsC)GM-q<BN0PvEzFYOkXHVP}sAsm8!ZFJy*>ge5JgO4l-7U>21aVQO(CB>O9e_L2u
z54mkX>QCf(oA}2YsO@vuf`o5(>2!_v#w$rnbdbjxO9;uLqs|LVWF>{=?$k#BTRq5Q
z`M>=cu=`T6w-JpBBBXK^(-*HBtUWct^2*1d{B@}PtwYMUyMk}xpXY<Cx+Y=|R+7&e
z%~#<HJ8ySy4uR82qtv7(K|1)}uMpYogE;fUD_8^$be@B9RFgZr0K|c>*6O)8%(Z;3
zHf@SJ&EJS-z&y)|<Y{9&F9I%xLsov`D{=bRWl=G^$k#!70uLj(ZZ&gz=M3;9r5uk_
zo|ad3Q5CWAQ$4m8IBm5(Mw$<Tz7d9_Rj;Ch3bT+ILyB)DqCJN%0GC{f*7Fx$gm{dA
zxark7N$IpD!PwoFOIVc-h0~ig4vDppnb-V$fWv3g-*G<t2G5~v+UwBWjqxHg5qC&Y
zDb!>HpXS8$iL}bO+{%u{KC?#8H8Y@4oYBzi#lIW&{&5H-9se7`<ZotDnhz>o(u}lX
z#N@A4AWwpe1?xpOB=G`8+Z^ySJAz@B3D#R?7Ejyhsd;)dYR68r?YDT?*~l&P=`1=S
zeDd=FRS36uhXK9yjFkBWfUjl#>(M@E;vKZuWI8xBQBJ#AVxT!V*|Oos50YGw_-vPM
z0i9XfJizjzWg7yxJDdHZ&P;&(L$#ak&+GZPszR?qT0=}p3mdi?I^p36S|S}xVt8q-
zQ<8Fey-5ObbHG}?hb~I(>9K?DfD-@PU&-1?afbV&EpmAlc(2YG)7At;(M+$4tpk+x
z(PB8Gh-QqUsVQl_2f%cb2p|3&$$@yTw5f6r=qqZsde*kLTXjD5g>WSWqi<94UB@)P
z^)x<kG&sYtB08YCD(BHI<ZH90jIKt|$??6vR@N}3pe0#1a@dnuk1oGG>9<hLryjex
zJo!?N>d*J9jfj|qYayHjXN=xjXJSm-jhZQ0&`KB1ugaCOQ!$Cw#AmZ2|Bf0pH>O@y
zVXUv^0)XNrK#I_n5yL#9sIz?_zO>XUTdAad8ksrAHkqeOuVYf$ts`wlawKv#ikkL;
zJn+SjaEu<DmDrn^kDybfm78qD?2??ywmhEQ&!g6f18!cgLK{2se_Z-Z9ntQVQSAl(
zZr4CUHxcX-t?<y|b-iE*+yio?ZHZ+`D4LCY^!1Bh^gG~01jZ2c17v(2r!J~F&k2gH
zB*RB&^I--FT{WOPY=LZ`<_{}R_pxzDW|h;QRbmU?fv&{CTXp9$4){k%KvzlBIPn1%
z+VRzW%fHQ(8)tuxhY#1|pl9(L=TmkyW+(G8_s8o_Z{u12=2+cKo%`vfUpCK(DT*fe
zql1C%HrK!J%87%_nsu#}JLbIj4wO2IiTN0E?M0J*!y*=875>Ho5g$<#lf{ZzZT@Dr
zhe-_>gT;(4#Ec+XFR=suI_GAJ$)sBYFr(So7gO@&;2U1uO1sgsw^;~~4j^`ibb>MZ
zz}Mia$!MB3W=T5OCKN1bjMW?bd_K8!(CHL;{?HoL_9dwI)A;!-QVfIpS_mmMmizrX
zXaQgIG(xEbRH=#DS|y9(;d^n9jZa8Xe1Psco!T5@al0JejS1`HJX6;B3?a@m>wkih
z7+58sYE`8$l@uL#M|-w7Mr^YAl&Q`+@A=+phF*Gx%jJjO0Z-m44Jyary>Ku8)g8H1
z(cC=t_#xF^i7>Z^l{g?s`~q<0I!SXL!NAK`>OW!=aSo$9-f&jC3OR1t-g;4S$D`+A
z;h~G~vll#O_W=6XlV@cc$|S5;EC~RAYS$fq9zLEvHR)%_m_GC3c_l{)$@HeXx2^%#
zEU)|?gLflRE|JFI;|6^15|k9^St5@BE=iB<Jivz;)F-Y^Zs$E|{=((TbN5a_ld%5B
zD<Ns^glFcoW{P6ol@xYtYRl6Kgf=%fJybTq9D|@u>@*qjbPB4=^EWB1H3l_mcxTQP
zVBxXwevkKF8gdpoyIi!gi(cSQh`v`EjK*}og~3?Y>y>_Cjsee0`dKHpH#>%Xq=fWU
z63d?Oc3$(I`T%$@cxFH|Sxwr<;*k6DPhs<xxVZAEywZ=0<-AuSC135cgE5b|@q*ci
zuCiFtt;^~$0wZFsu`o%k&){StTH)6GqoO?xjtX9zxUJ8>M0U>~#<OzPg_!nOJu}MI
z{_~D>jitUWHV$sS4=hsU!{kQr#L2X5a*hOy7EZ={zn?N8ezQsRMLt(k(D_7i5@h2A
zhB!c=r)Hv1kmEy-PWCtvk%~WxIRWGVCgDgmON2&<;VS$IUvBwJ>O96L`s9$pCp2?~
zFS#@TYjK8mFBP&zulcCQ0QUE0B5^u+$ukh1n!tpGc9w}HiE@cr)|u+gNk2%;VY}l_
zL;g!ilWdhDE<~P$mZ?H?gMaj*B?&w>O0V2%1CM<%d(q;yJk*-E`!2%=lv0E7eT)0o
zg~?Gc>ubL#(LhJZmq1z|1RNfa(ZL<Vt}s(OsBy`{_Dkld4+$~j!2rJ;<xlbXtJ3AL
zqac~?r{xLNuV>R(S^~l4fk1IYMbQe82L?&UR?wK1@Efo&?GB$HYaQm)6JdvA4^Hrx
zGcET>@h#fv&R$e?WKXd1;#$|$Z^_eW7X_n7{oTdWjq0Xd{@d=R8F*`pz!xXPU5}Xa
zJ=&<em^}9J>}9@8Xbmv3>IbJ8D6S;DtGy?mBQ9l5u8BED2$^vAf8(D27cO($h@Psa
zfxgFG_W3Iqt>`uZ{K6x=&tfxe?dHsG9(6(%?Je2SJ5QeC470xl3JKPQ9EE%X*X+GU
z*^%V!l)D{HPQ)!}*Ixi0w>fsS9*qT!St+uuEC{lxXif}W3GsrrQ-uIDmJQ<DZsE@=
zEXvbEXvQW7bPgD9ZL(Np+{AXosW(stnr}AMlbdG}z+GbKr*T2<bRj!x;P;3V(co=j
z3x*{evM8;+W@>xZztclor`W6lkI@AS<?4vuT<iWc`%~Lh?1h_n|L#wv_CnG!2?v&Q
zGSb3CR47UX_<_1ql!eHk2w&$GJSQ;1|6ci0zPKEWe@yZaKX@aKF@~h2W$(d<G$}+P
zC19q48=ZAOGa-HIdXt=)L|dL{=69?@mtii<)@170D7)sTF$sxug*Sjzp-jDe+|W<+
z1C`}ryjUWEaTX1am280oo`Las+U()u8FU-$+(~W@&l5avhpSfK7wU-bs_M}e6nF{r
z0KV8GBaRcvN94W&oxm|>IYKR;Tf+}6kan8P-(NrD$^N7fS3kB;WHSML8N_s^w}Ghb
zja9W>u8gj4SfFu3S_DZh{rL5OKQ;1e=N-C|W#_pUZmoO0i+cpM2SiGerKr`syg;A|
zBLTok?9o0U^%yDXH?oUACWZZOk=6{ETspr=93~L-uwdYR5BK@i$=;o3XNoX$TsfWz
z8N`mgpKpK4t)M;5uGZ6Wa_P<xaL)BAYkv*R5#bAdmUvx;G}PWd&#5FiPw^pF&#MWh
zKEV#<pz|7?$(GnGYJK3lmgcC(ww~Fa6-C^8FLTnL|1ZMcJF2O#TNlQPAVr#VqV$de
zp-c3qfPi!XsZo(Ggx-WiK|s2IfYKtp6X~5umo8m;l^#f_ffVodJ@-B1-1D7#zke7R
zVZ&N$ueoM<=A6&6@YA+P>m<{RHf!8#>=4Y#Z}a58n_kS$XCg}fb<kP8#`2!SL_S8i
zdTe*HM^1(^Y~W5}$4lNksseVQ39wz<MtD~%^HekCN{i9=R`Ic!G2;<$ky5a-2@vWU
zb=;1b+G^0HcaJmAfjR?@lY8qWH7wyIViXQ`I1%GciLG9@SdYC!Ig2r7h_b<_-V8@s
z#cVpSM3NJGtAy95ZN;C$N2hwrIL>5<*p=Nd6b<espG3wV3SS|+^R6A%!zjR|F)a-I
zWuQiz{!0JiP0Hx0ElT1I!ijpVw)6h%_3m2Ee4jLJ>}yXAa*;-_r%wY}@GQ$vNjL?G
zj2n#6I=H8-SKsmp^X!Ga&?Xg19}oRQK}iM7^Z}fnc<(2fB@jYNBU8>eEP%#dd>ec2
zaBSz!>|D+I!biS=FfecSC1Nf0O!7`n#>>j#lHcRD^74)fN0D2Hvm-JmdROl#g3jB-
z`(;bm)Pr@Y_553qq{ecRc@X{LE77YXx+tK(ekmSO2aSO&WkV`j(+Cd(HL!vy%NT!e
z%)`eMrAOKkJVRzKwzC`m2=r%Hemi6T985o;7Ic5nYt3}YFgizwwGmPSv@?ln+i`}u
zr%Ka5gr-5TMj*Tx5)(y`fzQwqgyDTiN;2oR!B*y_8XR3ki643Uh@Iw?{>J0b>JK+0
zM>1w3_|v1G<MoITWis^?@{Au*rAMZzL69|37L*-l3opWrvEu>?_n5SG<W<t`Z>;&l
zZ~yFE;iD=W3)rb!fDai!qYKE_k$~*I-T`tfaVJi|3rt4+q38vRL$MZUy!hpjh%)ju
z_>g4G$mpRNAn9ve-iTrq-9HrTj0pE1_@*$MR!NXQL8K+XE@p?cO>_ZaE%fl>LZlnR
z(_?=qF4iE)k8{W%K!&co?*Uzc*y|CgClP17$n&gDfI)!@QV-n;2b_$bma2y*+5rI4
z^LAVJ0;+o-AA};_WJU~LC#3_`<YGWNaxId;M81Xt{u3j9ixA)dVv<G72rc)7dV!dT
z@;H~)ByXV*S4ocU14WF9w`d*B5W8ov?~AJMY#ZUA_ziX|uo3G&`cXbQB~~ZOmBdq_
zLD5D(EnIp+ljcHy!-;z@*Hg*+w^F~fV&Fl*dvJy<l|i|Ijn3c^$HTBYCkVXpvV`wb
zTup6`zkkpwRk=<}vs~-5gAs`ZxrOd0dlGM1Idwf$w%G!H72|T$B@GiRwS5+PdBS*G
zxFpz3$^_WD<YuP@npFQP{BPtRwa6+V41-W)Gq=qeUayD8H7Bow>y1rC<DBZ)>$~6e
z2l(&bx!7CnmQJkCZ(NLB#F{P6?4L~j^jdrmsb>8?{C-kNY3IiL!&1DXH_N!V07dy`
z^c3BD=?V=KL+T1X8s=C{&joaLy^GyQ-wT@dPg#bl`^}{@CRK#$V+|}KlHFA=1!t`F
z#p>};jO|c^Pn64{#@fVG;y)v5Ec>AJPypw>y1ZkZ2gJgI=5ZJog1Q6ZDrP-_R@KgV
z@rJc}13@l>j;3sPK<iOKRbMWa*5B+HvVfX^;cusWS7_$Oay}z{1qUe_61oEtXSWhH
zK|`_xle^e}w}%n+dwfPecw2oVJ?#_M#>!Y7(LSmuRIe2=?x%|EvLDX==1BXvX&wk(
zfVXjhU^X0x!*wcB%NVA1CEAqGKyY4{ZT?oR`^?sfo8)*H+qfui-2JcAKT8pu_#REX
z?^29S5Bc_CYg^WqJV)s1$F$so7ZJHZCGm+hx>q&8XS#?b41I7_q8yUIf}hd$QLIbQ
zV|<pQgt*SK;mAkHuCSE|9V*w=-6fw#+vtkkHPL>Q{Db6{jpiFBa(}_T^+3GTV+Z19
z1EAje1Wja$B2&M?=8&nSuzE)LmSyBsr%Z-4HQeP?-J%@lL=7?iU~m$T;!A;7>M`R-
zS1df1mSnDgo+t>oiQ&Y^*J*KtlkYebktNZZlm_P}Pa_yqIq|0Li?p(38hT^IE9IKc
zD=l>gMw=ImvXVZ3<4n&ej%23OBvpq!%@jx#oGbrY5)erg1H>u~(dP@l4LZ-6VLfEo
zcWb4mja#8n1u^hAXqh-So;mrc7({n2DIl0Wbo3{?$BganHD#KS;s`FWXsikS3@6ZD
z+CNN&Xq-SW0I8BDl$3?Wwg9o>>hTe}EpDd29dfPtg3FSN#fc8yd1VW;Czw<-%;c~I
zp3Bx`Z<k?Kd`jtb*j`wUB6AYHgN~j<t{|`(aez^q+Wj2M((gF=$#HGlKxdlps=R5s
zZ+l}^R-sC^NL{)p-J>_pd)J~0<ISlI0$?B;@+|Zy`9Eef`@d&Yjo1LzSS?RxO+gaj
ztw7Q;jEqP8p-{hs1;T$SAjrqhyCb;KPN3_7j@VFis26NHe0e`OFT_AQr`S(V^RXnq
zu?AG&^Q}H^!iQty9QyVKD|1}vldOLvcBGu&NS+ur-Q<gsF@GwcWQJBr7**|?3MyZ<
zJyi7|cas3mY)fph8uA~bf80dZZou%Oe<&~ve<(tKZvcHL<@48O+X_q@$l2Hw(nS=J
z8bOR-MxfHI{!lyse25F-e<*nUiLI3Q!#932r(MWd`W5-k;mYYovuF52lLV4WW!vZW
z(I(kfs~;6yWqz7Cee}QB^58u3aG!B2M|;YyR;^tI7DXBx-t;4i{fspZ>H9X4_dZ;l
zX$F&rFd+{2;`j2Uq`SoXni~ql)OCBU`{!MI#b&in9_IlV3o`TXiT<CmH`o7@bt3uS
z-9T2bRqctl25Kx6%#+)W<Gr!tK!)ShPlY`=kS%KCQe}S#w6vV?{5<x*W!#8U&jO0|
zYX@%93MKIbA$%FhEXV3sJtGf6zp5V9VE1?9u)~^_QLh~VVm;j6$&WR%Km^fwtSXXh
zGg!gcWtUWpt`UKB0sE)nXL^aNE)3`*FYz!8K07EO3vn0j5v;!JG&P^e?QLcBu$N1o
zc3LZ9F`;==QD7vcBN`yX8=9|?(0UfQ^W|Bo8>%-fK90Ir({+BQ2CdLi4><y6dd`4~
z`9txVfV@V0M5-WC5tIXc@HNF|M5&2g@?yDz=}pA*v7xGqRgRMzhSUWz<nxDYpKeU{
zM%#mHb&`8zyOj(R4GcbIBqmlH&uH7tOv@z(SaGvY+KZP^Vr-b#ezTR-u=pzr360*H
z(a9@|%PUpUUZu5OHLM;vMqjno%bBYwFM-(?>G3D~Ubu87T^M}^tNDa^&2<M{k>iw_
z-?DsN$5$_M8YU%flPde=^CR|8T#Of9drq;V;t}>gR4!p{$kem|g$$y~x64XRm22L?
zrDVsN=iB@3Ns$#fPTHKs`uME**BnbFkEtBq4lC>Zno{3e=zEZ7-of98YzWghSQYyD
zk#6LO*`EEi$G{^#DtX|znnp#J3A_PU!eda<9+snK`8*!!Pi?8R=td1=R!((X%jSiE
zX7ZIf;vsgJeAx<tE0)1okp1!YfMJ(J<0n8f5GKUt(-Ab*8%RKL<PbDgU?l2Pc`_Xk
zHLM!1Wws@*9^xJcs^S=uA+#8Pi^%5>h0knM`s(heeW^Dw=hvl^XK^GMAca;E2ik@(
z#&s+*P^n1dgaVKH>d%=z^SDnCM;`T|Ke?#<p~&tTCRQ<DxCe+a4~zihBzgs51ZoR_
zB~IG(Botdh*3=6_>_RI6&zuU{wU7CW31*;oMPNW=(hHpdwP&ib_}P=Y2vVdQpDr9i
zh&PeTm3})Xf~`1db=8q&?tp&dnBcWtahF`44%;>xG6t?<x=)GOSl$fOA+QJPj%?`k
z3x&XPXZPY$C=bnvJnG_Eaqg+4oQ}Xp#kOD(NYy=6M|d4!c=ZoOF3;5rI+2bQn?Dp%
zB4TIty(OeUsgKnLYVZ&6tIYDek@Q*=zsV9#S3BBFua$*0CcS`W@gqlc{JEY}eZNGg
z*#dF%dyQ1jzQ#_)_FygPNz~0NkmFVIC8%1mM#^<K@HXSmS?P@Q`=6q})Zu53Ag=*m
z<=1n_@~@n@v!YDER~y-aX0x0v0`!s{fR3W;;sQElp5Q3SaayDssMT~+!h{|U0&uDU
zinI~%)u@T__$I)+deqQd0hp3$=ad=eQr{batUq(>e7Yy%y+x=KGrzyXL>{k`sv%2R
zEo5>0U$u6$k41riKggY(TR^lqd+#W7>Q!6nV2vKeE-bnRPAPqQXT*K*nC-N@4Q&@U
zdr63V#}1ejRT_e<2(5A}m5#u+f_93N&WbH&Jb=QMmWI@Wmbfl_rCF(83BxhO89Roq
zS|^)29~5jjpJjv-<$&l=h8#H+3c+#$o+vdI9eX#>0OuR&Efo!6KF$y&Je_o1Ap~_J
zy(x!pg}yZU-PIlwFT7+EeOkf;L3X351GN_D@JR#+9`<m;a9+qo^$$e{F5)sQ1J%Yy
zNy&9mPO0CZqhVA(p4`1Kg<+}=zWyv&<K}8cA-X;1D^Jqtw5~-+$KcC5)mvSff%?(j
zy2I+3LsJmQV3oKDFFk!kk)f{Ca(Z5lxl`(*hb%~nH{;#beKs~`)1M$!@F$-6k{vy~
zJReyDI+I53^8rH1{9IHb=eg-50_&<lj78T#NS`pkk<!tGCgaNhv*83eKKw)BV!v(8
z^oQcd9-8##55;UY9BI0;NaP0fV5G3u5aV?#QY7jHw4)dfMy3OdZsKP=khFTa_yK(+
z7C=l4MXcqv{h^rpf!KOXdJ~CWOY25VH2_vkoH%ddFgx%txL!1f_RV@s5UC({X8R%8
zT4GdhP|c6?>ZaHXoV{<%k4eYp-fh5pZM6zNLT#tdK$@Zf-#`yfiCttiT5lgKnx5T<
zVrgfDvzuj>+kwo~)yINfuj+J0<r%*2%~KF}&aabF;T+RM9ul&d6WiW<b)KoiCwXYr
zXaD1)e09F@hL`XfybRV;Eu<64)-1HV^Wn57XeCB<;nA^aL(F4h4B}z@+mdR!bkpBF
z0#hjjFi++oF@dDFwV#uJ6@<Ze*PPyJPFznU?6$6klL~SY^rq`pnB5-mC&<4$eqPbR
z?(2CX;#T~X5lFZuLVG5oaIDMQ4wH^Tan-W6HPO<VrT0q<9F~I5D1RM@5mZGv%RHF^
zZ{Q_7W#;CHx3SF$kGpac^yp`A+6nO|Rwd}bpCa@?J#j>FL^$+FzZyj32DA~*n*eZo
zUH#=S1&5Gg0$mWxF}wg@=;A7E&4BO7FM;`{=9_Xu?X2R=PZ}&A=S4qxz^7umqd^o#
z27`{&|GIJSF?D|^7%Uov!e!}cw%j-293w7Xv%=bJuXiOz*%Cc(zUHO4`Ygdskw5e3
zf@DIaV9M)+?!JE4cS(&!GYVilpmVOs{h|1@7x>Q~ib_b<ABwxs#<>en;J_Hc&UE)X
zr3id~9mFFd>mLdMbta<ou__SDt|fH={BvZ7ZB-5=d)&2lSs-z2T?5<DuG4R<Gx1e!
zuuLQhMJ~+a_{cHnhd}88fL3s1VN*_Ckjmg9c%H>>#5EQAa_FYfpsdg7O{Hu#_IQ4g
zThy;CU$jxiW;YrU=n-xAfdG!bt_y@$0VFiebiY2`$4HMsVVFrvLf&h`F5|>GO=FID
z>H53D;up)pFN%9*OUETs_mGnFHPXI;kN;5Qz(ycgT1a=HUwD_QFg7V+8_tiX`fC1w
zKO3B&4Q}(G>f!l5C4u8q$B$s+x>>C$@G);nw*m%J)lW@ioL&!d{CM~Cw`HvHyPapO
zGYd_{4^Lc7t(qI7<(9d-#u~$p+k{e&?%*F!Mmq_yKiE!nnfKK_Q6Z{JKeZKg(ULJY
zD=bkR^q5QOYUR~qah53U$eP~T9^nm2ZogL%lT&_AFJSoo{q+=wJe2ue{m95^9+f<i
z!9I&`eD_K|;iFz(npqSkAGr{Fj?44^xxezQIq=KR$$wNafD$$^TVVy?^gF|VEkuf&
z#7L9&+yF=t34i*3%c}jqGHOPGkfs-L%aA^#j)Fvp)<X?U!S2?|ywB>1KlXC6`Fy84
z0PxZ07MFV7$Z<*6CU*Hiv59`^e<%hz`~fMTwFXSaWi0NKsw^oskja;8c2Tz?@d<Lm
ze8J>CJ&_W&VLb{GVneNq_eFm@i*bVG=Av&RaxIl3W0k|PpFd!f+z^2V;{#K5*4)04
z8qN`~HBIIZ*{R(;cN&{_R>C`4I9E{}&Y&<52b|8y{3HqHZR784FPFud<bSV$rqyAd
z@MAiBAg1F|Na|6P$W3kz_Al(gGbJp>y$S|DeZhdvynbDqkE}KbXu`{Y$q)4yDYKwA
z2RmwZ8%%(6^cw9;%wxFJShY%@W*<3jrygpsV&j(4?*RmYekWC^4feJ!l`gHsDZwdm
zOHSThBG>dP*pN3umpASjT^F}zkNHt}Yjf0NLSTT(Amn3Z(EG=&b}Opup3!mENh!eK
zl-ii(mVb{8!hZ8=MPg%i7V!cpM3G691%vT;iIB*>SzlOwS!4{gf|FJfTVdDhgi7lO
zN}|95pxd+U0ZKtj&|e<t6h9<6A~O$o?QRGhKrq_|)NXECOd+t^Qh0-ZjRmk-!hkTM
zO&q;!#_>f}6=xp-T|WH~-^%Hv#o5vLR^0XLD(R*!{1_oT<1aXQ7eJA_5T?L$C#e8l
z+59MCdEQ+UyZ2RIE=Kqg>873&*<kk?f&V#OeBAH*Oh78+!ulVI8YnRVaL~Txp~)cv
z2x}01p!SMFD;NH?M)`a(AT5do#FD#gK;LOB`r{vp85CJl2Jy=fFy#*t(B*m*T!D(%
zMN(7%f}GHGpAB837Y!yrrxRD0PdPAS0K3jtcK**FAG}LBpIT|QVJPguPVKM~nUURh
z{ghAc;@&0%B{);L<j$ge9oMZo$fVqGz}HDUCdh}4+j5nc>8)q9t^xGDkIo;y%rc6&
zQ}5j@0=$vgQA9RSCx%vsAcI3jBh|MCDclg;V@f7p6hS^K56*yjhx&Iu$+uP9i9EOY
z4ylq$Az1mX>foh{h(_ZoTvJluiE>oFV};e@gRbi!zE`C=&LTGHYs@Tw0ldcWs=$Lh
zuPOm7UbO$Ox{CkoPB!cCHeq7W@<>AY70wK{9_Zz4!q1i$FRokabyRdN7q<!b893>h
z>X;oxZB7|&0hZoIfBdg=mTFRBQ)Ky_bH((-=`~kw83I1&+A*pDT}ylb&?W<>noJ28
zjxN(dC{_nH-PD1ukl#I~-|f#Q-fzZ%5?8L1%<tLgSHw;fIOnT7obcV@)N&uv4WKa{
zk+JN6UAMGU>fw;Inp?WC109?w7EQ_nPt=`OogYMVE8Pv*Od!OcX#<9VwY~{3`oXRE
zWQ(+h+(a^SatxtY!0rV(oz#20-cW(UhbRIjDA5oQx4$&yK@0>Z;G>c~sRZGqjGD1&
zL)6HBXr}b{T#nMAcGi*U@Bw%SZyv~m&&veM%h<E6Ivgt;0%ChP2w$iGkf_G{P5q&`
zW+nfJA__HLZyH+}9VZY*&!len$ueU!%Dm~=fmjz=&!jLcQ?z>LIESr<#cnM#a-K;e
z!_snYL3?AtT3h!0^Inx`%uzq1qx@=K05HE`2=S=_paib)<51)qGk}ZFYB`R?>g?b%
zau9e?Nc5@L4R<UVz!-NYj-t9OW5h(ks+)f(4mA4FREJX~WqSL-DdzQTwXb=I@O5{#
z0T1RST559H=G4W!b$o`nCY0}7`4iZ*&v0Ix;MYd$7+@?_T>2DEUNQuK|23-{w|g=R
zfRWI_@r8?r2~wPJ)hlBNd}ATLEPfFWh8#f2kD)lK!^Jbwe+=cfm$Cw5f;usnL;Wru
z46#!&T4{PkSK!h=DxMIXxAyV3=E+&MtEd_8*EO6U<O4NF>#n)7%K+?*UF5BD8ej`R
za8W=hi}3zkapT_=L)C$A!RS{KkP|K#_cLIdIF6wli^Tg=65h%f8<WvnRd;o0uHHy{
z`I7E;kBZmULaRos!mQXzAgz*ulVM0Ss;qP(mF%dz9Ta}aP2IkOZ955PYy%daoo_kS
zD>b#*0pJbv4FH{OLjcNY6oE57lLBydz6GoKKm?vjV18|^j>y-_dzSwtorJ%qiJDkh
z<-+YbufXsk!@F0Ohw;LCF+|oC;Z{W_GJV?jNz=*N!>s^u*5G}NWOUDId6Um>5Bm^2
z3F|K>muZov-}O|dJAG9!86)HiliBx7XL-^uf(p$a^}a2ff1*?3yare0v2b}K-@Z9u
zeQ7MjH)i%QJ|^e}5_?~po%<<#9xl$lD%9p<2`J`r6mv-XjPJXoX4agYL#N5qCvo;J
z#g^?Az5ZOTeO1yTqIuuvo-$r_hmNo#IBbbVgW9yZ?rT-9COclWFz5j!E>L%w20{IM
zT(!oK@g%{=z?Hl`v7MZXY7SyHu#U&q|5ck~fwbeX@wle8nc~_p*h-6%&cf%0=&8NS
z3qm-N)cdWsn%Qi6W;iF&S23u9G0B$`5}xZb1668q`+QeHg{V0_D!=5OE;7?-Gc;dU
zux_Hd>CLZK*3p%n<@9S4XHpTLpw%752MNS4B+VnQu7|(u*j(!hq>^&c{rmFhWkDQ-
zL?e&H-xvpo<5v*pY%mD+cJas8xJYwiHTkpTfBCi$IMZo=A@@5Ah^2?dO2QX6i2Q%;
zP*&I>5YBU;xq<SI#5pTOn_HkScpSr52QWJ9`Myph)W;q2Pwn6o*unVTzlQ)HzXZhD
zSaT$&vo!=~oS*0@-!4Vh#?rOQVv^V!jbWoq7lDKZ30<2g(1^HGRV2WiTRvN9U51qJ
zW_B`NPB&I^_ehM55UVSmme8$wi2s7q?oe{tTwuYMtdt3M%iG2FXyU-XOGO7fIyIP!
zzb5wH@(7qf<E;?fl*B0%4`SJ+5P{pq84xVsgO}p)R^}iQ8AcXNA#<#rH~@xqEE};1
zn6nk<bLnS$oaqgDhKaDUC4{`jh0aea*+s^hUcbL=HBL6HfEc$uoZ-T_n_0z+TFg2@
z#ZYZem3QhCjskWzZz<S?D4x3;?+l@r%OQ4g=MqXn{~9I^?+h^hk)w1Y{!k#&0AiQ&
z4;$>_FLSumWK&La$aajqhecZZ^agdLUZ6v;+B5^vVF@1u9hrOS5r~UK9T0X3RHZ?>
znZZQ<Ljfp7COv{Punk{7AeP*L=oeAp8FzlQ2x!RACdNHX+<FGT_u7FC(&dJnZ15qK
zq3y!9a0QQmr0gKTSTF+V+7AaYi<?8j;WAZ|H;26CW9&LVR2DcWUMi>mt!0*PVJ*pA
z@{i#g0sh6gjA70X(!_qsM3WNp=v7YhJqZbOZIeg<lW<4I{7=B(-|zkn4sxE2{*RU7
zsdIIZB&A3SLO=Q1FwTQB<1Z!8g&NMdMGLJ|azg21fZ*(vzIWt)e_9}brP_7g<I4;w
zgWvrNByt=>rdL<(LU1r$vsZCC&DV=8{((D3$)DLr2PCrd)1?JZ?Usj@ZMF)I>=Lz?
zTXdD@<qc|LH}sm{6BFCF*}2}_P=j;!Oj~~QM^C<NnE{Ob$w8&_26_SE;K$iHeh6nF
z4;4u*EN7HWwCmKP6Pw}M4HM7&LbM{=*#zrFdl^gU#g8edKjRZM?zs+=2rz89Yb4(2
zqyxaO-p2vj6^SB-0cT4i2QfTFe(1Em`4z}(Gv4DQ!_fzvfQ_T#0qg<<dPZB4mi<-=
zzi&O7kEQ(ZBFx7QK@Tl1?wsbI)qJb41MMx(_(Q=H4{WgbRKX~^q|=|*J6TAyZ`#Bt
zn7%A<c4ZjPFGXbX?QRu9<KPVh5eKn1Mf1I${-g{~cgO2myJpib!qj3_5_B2v_byRW
zkbQ-Rl%|dZ0Q+MN7{gZp*i*6v;NMEE0Pr@B=tw~?eSsV~og>I}C^Y_<0wIg6v7pC4
z9ZZ}uuIoYf3m`08FB&50hzhYyW`T+Y!KF%|$}XrPfWfxiL@cG$@`#THIxJR7hI{*G
zEdYI)ba{nV^X8>}9_1&aS}#*5t0OyRT0h~S5l2#2@i2W{K~xR6dd#ay5e62^-{KO^
z`%Fmp;vS;dF=p%YFo>Mk{7__=!Qtx7ot@~?l3-D_yoeX?>8j61TnnTe%cJ?J0??0K
z@_L!i`HILqw1^crLWMb(<AGp0$_!7!rF4Q=YieF84SgLoo2g<t(KbH2^%l{@rXOVC
zzOCZ{Cf)96fSu^-Y15o)?N4lzcYt-=t0#OwPiBgBt~1~T#2ykEMj-*FX8;CnJ%U?)
za5);NNObT6dfolByHa5hFUF6r-?k6ps<LvFSLZBT9Ugk=-q$+%3w$1v5ARgvo~&-N
z@_bAxCQIqq2RXA0ruVO^^FDrce{%`5Y5b0-8!hUOf#!j*T96qzPz2&C=TaED&~-|M
zfjTeRL(bfa{~LpgP+@3XV%#!R*sBZfydr5NuFl9d<Fv=2O_bO=1%S8@Sjvd4B~Pts
zu%nqtbrxBn%(OHIKoT>WLEn;*mvM6_%tM@ibAxevT?~lwGFQ+-x@iH>?)ZWgIC7MT
zc1}nPz&8Jz@X8c4!^1uvlh-@lv?i&PH7qvwZp%uG=Z=nY2s9Qs86J%MC8Ku_;iMN0
z!kYssh(YrY1r2KfVq}B}1zg<`G(PgQQTS3DWI6a~|6B<Y1xVJvp1V&9t{xdX$-=h)
zZgnC8$FlFGPx%f2&#pMOAeIZ^Qi$bOi$pak;vH*1-ZeCEAwcv39HSMnh0U+@mw|-M
z^)dA3CK+%dmK}fx`QU8<?p6gSdHA+r(1FrlZD@U_M&WVZ)A6AuE>r?r)NH?U-OEK#
z8HCxf(n&Pr{3lL%cxSzK@k`U5;*PZ`FmLw!4G?x5$p*nzBgnih*jS~fuQG$*s;ZNU
zA@)J60F5n@sEM-$2n<kB@~j*|#U1%GmVSdLmh%HE!Z`|-@yT=d$t<p)e-KxnybFdG
zOty9aC#nHH@)19_!VNI1FUQ>PeX*>l)7?@L+cW;fjc+ITWy}ZF7%{r9Q$0=|nyC4D
zCedVQBEhUgt7QEMYJZH7!54Hd2o@mSp%V^TN7(*Eo%Gq}#or);mp8Kk^fg@iZ$vK}
zeSFSA(gy~69%vc9;=7xXyU8kZb-bC=TQbHkuhRTR;H;x+n8;<sGmF|Q@MlvaAS_VG
zJtH}_1jW$OhX)!I`SWn&J~`)a)AM~yo-!LOYr~xWq44Ud9MHo~_2QCE#mD$lgPXJV
zrIcM;cZkE|fwxy2+!omlz4M%mQ>qd-8&ch2HMvQPYM#eRGQ+alu063Pv1%P6x5Kjv
z?9j;Jy>Ho(v=p}Zl+Ic>S0zDbc$m-q@`Z1fe<<!NBXKAsT!=gjts3q|u?^y`uK>RG
z*%Fk=IpszV%}i~}va)tlSR{Cs3;wF2>b2Uksluf^FDNJERa_)+a}b<=(Ql`Hv6eNW
zS;)qhS&Tk>*X#2}*soltXoKh<Ze70dvDbNYJkZ$hXl?+bytQx#kW3#4S@SE6CxHRp
z_1vD!cDf8B-{1gTQ}!G(Til5#01n;5TL4l9fRcX`5EX!UT*obv6KGfIi9$9&2|+4k
z`5j#O55?$%<`;m9-$f7;@3R5*1)YcrQxf}r`y%lc0BVuJ&oV_x$$uzb>{DAlbdldx
z!=B*s4Hq{dv`44cWMVyU>{ua*ccgj{=a1#1A^*y7COANUajuR=OA(ocx*_4={~C?r
z5P{cU{I*D9gM=Wk(~fAOE7FkwA$Q1|#+%FU-d_6fC_&VJEKp{wHeXlT9i(*x!#|IU
zLmYiX1FY1_AOI>G1^wb%9RVEiE7Z6YG83?*104z*<gcg`G1@r1&2T6X%vD_ayIe3%
z4}-`J<iQU2WSF)sUT$Ucb8bI3iQ+Pmzk|0|3+@vu$>YpRN@ms{DD4(cPuFPc7Tb}U
z(OY8ef=!n!EtKJ4P!hWNh1aA*g`+v_gv-4)%a5o=0juWz`q3<n(n(B??hgD?Q%m#s
zzTmhwXOX0&q@bg#q=3gDUq$arJwsg`c*gROsmO|`&3bj@@3@kh#a_ol2eRAweRr^u
z0yR6g$eS^zTw)GqVZrtu5L%4OMGB*);(p)y|Est|C~5s)ipD2*A_-AsDr3S+3rD!#
zE(#}Rz|baJN~UT}eNe-1Cm|5U=r^akSwXaz!Y8+ax*e}>_BFfq^?fhlW3j!pc0=P<
zoWT$9+J>SoNa=e&t!a7Dv0e_j&QxREEu6&$4^b)j{KC67Ax=|mpY^O@BzJh;kj_2U
z)6ldB@lAus4AaJcakj;pp1hq*80)&x{cVefx9O9(`HxE%6+bU&c#f?LF&;11!@hla
z71O6wSy{_&QOH+=xVQerT1Kc#iS5I58B)Ee;1~I5Ia9FDuSzUd`GRuSUh6pYS+AG#
z-kXxFas2{5S<}>@|8h}+EERuZe>7uHsPX>&3p7J4>Y7V7EpRwsx}O3`PGu;|f+j(N
zC^tT-&8>=ig$v7q-Lh?Hc!H@kq!-}~91ZwUjQ;)rgMb0i*-6Gyn)7}zsH(fMj^i*a
z#1d!xX*p-K=k`+Fi;Pq52OqgKesF#!qBGyR+@c|a&kHVN^B#}K+C;~cmGYjV4<RFg
z1kga{T|cC{m(a)GEQ+W+v$C?ubf^U>ztM5-s(ZRoVK(|1BqjKN_o+}EmFFylck8hc
zDe!rDffiWtk`s)i`XY>vfqPCe&$ccQaVd+hm5$9LyCFa)yQ)k*lQ*rvz*@qrU_v!q
zm!9>*_mvkPvV_>%3U1cvDCft`ECvJTUj?Y4ST0Y)87==l%_!J5xFpaVt+FHXmdCdG
zyZ!4Ay7VvaJh&AcP<U>-3TUYqf+c?A<Oyyql^lM_$^2&aO~?&D?{(3X$JaVPxIOYL
z9GdFBCSY+Z8eSa8fuF$6uAaV=Am1iR;Fx_+n3nVy&g?5wxH?q)2R!I?!wdO6p>J{W
zG%FtB4?h_t-6T!>90VaVhsVjkv8$c0DLHMoGfc9gf=`!;lLYrY<kOniVQrc6?9_tH
z>g_Y5qox0p{?xPi=rL{iGKza-j9(n4i(mzWGnFarlZ~T$w~^f(qq3@OW4}Uv*Qqys
z@`+S+C!NmZ1b0G7Wr)|vu*FJPD95T*JXnu$;b8`AJJ#|_^2-OEmFXbS3-cfPz4SF#
z4+>UJyU^T$9{7mDKs|g+8F;;@=<#(fm)M2d?GG6@s5m4k4EA)NCBS#y`<diBn=6z)
zaZz(7%QZ?#?ytecRth5U*6eM=68-CWQK?nV#+s^Sfctw;p4OVu*4o-Sfhq^PnCxjs
zl{7^NHP(NrQyEph>1#9pC4&D{Fz2gRHrhQh+Qznm2o=%t@JMV50L+U>!oSe%DfS=y
z2O{GPsaG@N#)k2NfOd$25$*>n$1U5(f*Al$8x{6CSet*8Vx}d*ErnX?3xiMYSNo43
z{0GnzH+mMl|I#o!zF-+0<+ab_$7z|SGbx*vS3kC2HcQJKau!TwV)U_3D?L~Zo=5IN
z)Iov~PA$|BdZ!Y)xYa1-z-=W^s@y^-2t1hY|LT^j1Nq3FZ(W~@EY@u)WOTv&*_=2`
zb9<Bk_$~2>@VvNP2$hOnR^|(lwX<|gM6kj8G%~+Q-ye#hTJi~D?zB%NG-A{7_-u>t
z{ogGI1`oD$_>aF*K9x6>tNp0$ALPs3d<URER~fzhI7eSw`R<Z1MS>m$wF^1RChwPC
z$@bLGndzDKF)J&}KEBv%J*GYi)L(rC(F*9LuL!JuEq*2idRdjqdXPS3@_uS}WvTIT
zx5-c!7jy09OTnHZ?6)K@oJxy_vuCc5k^~%3kygCu;mYkm7>9egQJbPg=SpsdI+CAh
z5_S~1BbfoNREWb1vtoRKo~MU69a;3Xp`E2+TA7Y4F*lf<igrK;sZ#FiHXp_DOR?|R
zdm=fGt|Aj8s+1+SGgmq`C+d;Ny0g0Vg$=B=e})Y{1YGjjMj#-Gd(n1UvR8s}7uaDR
zp2z?BD*oGzFaK_q7P0$xOS17KS+?aF5Pkl~butgwfllIA@nSjRAs%%LCTkq$bteEi
z8Jruaj+eiJdItymYd>^{TXEMFz&(;Fex`nh!qhYBy}@^l+ixi-DV`IHJNTIATWY6}
zUu^xjrs#Lw^$o3*3+C^Q-P;4LSnh=4`dO1F-BPTJwW||HP|&2f8CdXQwNM*+hE-ds
zplzSW+?kUps4H?^xd{m2bZ)uvL(A{(k2dkHxkE#JOzY0Aj+Dw1-?%$^!)_%kY){(7
zKKtxt>wWtZA(-|}PX`1q;)_9GXV_lb;ln{6Ft_#5_BgeK`MU<QLsx8x+Dy<dcB-5!
zd_v+ZPp2Fm$j4sfHH3y6;HEH173mlaxeYPyh{BJcNHIrLV*Gi%RpCN_>Gw=_;2n(m
z)v}%V4WGbA_t+5qRzlXv08;q<RqPYET_Zg{2=ZR#t;X(RvHxrnzFeXn_|@z6R;NIw
z&W}kgp(Fv&p~mJ@m6zDPYQ;>Ml-_nnGK2l>o7A@hx?)RGOo%pz<`?2{(_k`%qg>gH
zm8oUwDhSKA8h17o8wfzj!Jpt$06e*z+Cjeg4?bYjRdsmz4Y=xgYo?DmwDS(o#Y^FS
zl~;R4xXsrUcpAOwuZWCIr+pW4-dtdA#r$%V@Vg(@a4vIHvI@h1u+S6lF-W!Q9lw()
zt@sr0*3@FVmUJ7wS5zst&Ofp)a!q{))c~3Q{T0(5PUqnZME>dqY<TGUJoA{q5LiN;
zuZ{6>_zgZfpeFp*az>b1Alld68{sckP-r>m?&&V3`L7@R<pEX7wm|i7f~M@mWjg00
zn#6Yp1LayZ_82FLG;^WfpozsFM5$;MhZSA^0&zJeQfAahVbhRybwPeyaimqo&)|DG
zPQ<T17e9#%=}54g^sJ@;`G<G^6+XH4KxMrV9fII&6(&;PQt=zh8c~w6O)J^TpQqM?
zPsBI+GGz|>zHHC{4DIybzA-aRjG0M}27}I635#$GM?ik_P`aQD%ezkXRvuTTsKx{z
z$1_>@C-M*k3lzPCAQ^AfVo$qwp!kR2`792?dZJb%VxRJNS?^Bmlftca9<l8V8KZBL
zM}^+=O!{>#6%CfNi)I6r9m2<^hEK^?(bu0bjoURs!WLOuMTuPF(5HAK9Q`vav65>@
zwrL|4K-U-J_8`P-jADnSQytBMyt?_+f8iRjNr+?#4gz0Bf~ua-DvS&{6!$s~-^_ue
z;sF2x3;IHEvOHm?qIZXWRt2OmxC%bGz#ggW0^jIpy&Vf#nUJ+gKu;{a8vboH5l+0B
zxFY);;Y1!LgX+n+y2(A>;q{of$yW6`3LJ}~`Q7N0PboV#$CjX2%S#`Ey+w7?Fv5@_
zl^>+bi~H(_ThPn^pg{P|$~aDX6M0!h#t8@yPL)Cj@WiV_3&-nZ6<`8i$-i3VLd(Ph
zJzp&UvZxF9`n>#+{(O_Lc)*LIUj|yjO_K6+=*^%9Px`r6>n<)k)~OqdwvL3N*%gol
znX34ZB}8cIC4gMoKFW(kscS6YTBDrzK{Gb%!tdeAVCPl(8K5j{=VkIK4<jl0NRj{J
zZ+@IljdP7@txH*20%9xoE27?yZ+V{?U(f|toU+A1Vw!adojE@Jq1dURH9yymK+e8N
za8thUR{4V2vaW|SMmmoEV3#ZDiDgS^inck#XMdw0{*02v4}-Kj`u$KWxZ}arAlxa&
zUs-_jOzbSBSsS>W%x}0;K2rh*NBb88ca?NoV6^q?9qlrPaWZv6zq}|Y?obpf>jI1;
zPy}1|T?4INFUa*G!#t;0PnWt9n8~8A8y5{w=%@bTzuewM@nA?zCvQ8TJfvuLC-r8L
zr%jOkoz&6uq2=sUDoPCvL-uC@A*o@((xSF3!qt<%|M4gg5N-k&+s`2?Pl+tu778vz
zcEVG~$~oS`XMwi4v->Ht7?Yh-(%J{t<A=SdS~4i`5muusj#esKl^tK%VKur)hRV*q
z<L&m0DW?=(7`TAyI8fX~v{yF^0C6QN{*qNxm+EDlNnZ9gpchNVWz#n5KGW~*{X=Cm
zulrz+HjvK!J3CxSx17<sPcIL}deAb}ON^UW(Cc|Z5G>%5bEGdFGxxNfU<B?nDu$jM
zpuZ5JTAFZLTt~cUNiq;&wwa)vAy-O$T6xEhV9XZTs~iiTZvsJ_%X4A96}mSYsmD5$
z<m)<tx1ZvmyE`!ckbTuJD<=2n+}!zTV}k|*CHdasBcsc%iJTQl0nH!mh#2Cf=wNTB
zp+t;=Jig}($dC0XccHzNzY!43aX+Iz&`VO<v6KvKaKo?oUQ-3eWwe3*CNK{>vdBVd
zydP+(ApB?!$2Ak1b#IkE=<6fM=Tb*E4aTQQ8Jq!qkQ{p-p>93;JJ|JStq9?E7xLZ5
zB$^o8)CbH4RWe+n#cQbt^fUA)3#3el-H3Yuez<E@f9f_gu|r8vQZi~aG%@2Ny%8S`
zT_+Zy02hbPLu+8&&YIPzn}L?CRbzY7f@882;<vpa?F+i>Qxj$%?(O_Y07v}O{qFu|
z3Dh_V?>hbo2big6<Vr;L8S)DbG)gC(zxC>~Gi0O4<=(BdGi&R@lf{{;lO22q;pxDP
zWC8D{DvMd&EZ*ixy$y3cM9dNma&V76xOl0rPyxL18D?(qJsbU`ZON?x&TY`qrY@FE
zu7Sgh&idtsJfEC$i`%J|6d797oe5NGXPZ2}U#~bQ!E9=<{$CaEfB*b%?3yFte=2PK
zZ|%vKSE8d=Wy2FAPg;bQHNLl)p0MCpyRCp*OZ8S==(_@Rkwtm{QM-@aj@uYga+*&$
zoo(d0O1*L{GljIj`?E$rHCEY0*-u`ZYrCjvo=l6R$w2`V**xZDDxLY6ZEB3<-aI`^
zcBEM0;l=+?&;EboIZE_6AFViZ9);L$?jIvRK(HY|Bazz(T);2N@?d3Dc0OQx%LQYs
z>6rHd#_wm<<g10L1sl3~TH=crO*;C@P_{v%#}m~_$xRv4uJnY5+%(cDQp%M+pK3PC
znAc{f`Rh~`-Hvk<x2$6b)(+^aL`8z8ACQTmQZe+i9y55n+f~!Ab5V;|ubQ7xUizP^
zv*KvYzIVNBLPMr`Dq!!3j`m_5PyXGB)W#NMs?eRbeyJYg4lONRM)zi`v8tM}Z6we`
zC*~Rb|73vqv6U(u_L#R`)Ahw6pBZy6TTtGVO3W{XAFB!qgF+PsmZRT*YXjq<YVa}i
zB^BBwfGVy7$~OEx4HX`+*RnDjr32Cq?_zYCJWu}gP3G+2vB&K%T)Y>Oq%RIJ+;1nY
zU!@a^yA)dxmxH;LYU-Rbp?uHC@jRb=I5|}LT3sXRS-_}HeYd%Y1b=yXZVo>&)#}6n
z0Oza<V*eG7{5RqF@8A8uDsTSf=RWQ{VnNY&>~mXc+OwcTrM}eA3c46}Jwoj4W;1?~
zWX&{qB)x_sm$irr7-m2s^0pmyW6aT)Esmys^k!!hbQ+61J<^P8tNcSkOl1d!o=%ou
zsZFuvAKZAzDUIrj5szYik(Rv|pY-761%7IePc|h#`Lyyhg}dYyUs8+d?zc7WWvp;}
zwx`BTyX+H{PBn{X=bUb2#cKPjG}stgQgO*&xRLyt@dCx<Kf~9%)_dGa(F-PQ%<8$X
z%0F-Gmuas?S%IzU2;mUHCKw&jsS$g+OISg^Wx)F=zQ92uWHIJC2IY}04b`RwY;le>
zoQQ?FyRqSQ)UFua#iP$;SQDY`(CGco=1i?8Y2gdTFXHhg-i3yp{KaC^`7K5|a6!DK
ziP$9(-6((&j<v3Xe^mhGHFI#xpB+{IyCPB%6~Cmp!q|Q&*~b4Sa^EnZ{I~6oRZ$In
z#~5B-e-v-%Y{qPTnPRN9rbN$(KB;_aeQ*FFd<E^Nz`}1RJ|<Br$)m}3ZPh6Gr7p##
zqTXBdhK`Gc9@@@y*=g=+7QM2B(hhg#7_N_+2aQS<CWZwcA6#Y_zwsddY$QSj=w<Kr
z+1mhVDZXphR*w+Q57sdEmj37eII^3~U@WQ&E{?S;Tb&o&(Bg0n<5Q|mF`sCrcUf2c
zQK!DgwvR}1qg!7xx$I+lsJ-^^g~zC?*zYJGiF$8K8%1_5?@}A<=-knS#*v+>!!vG~
zww0o8#!nnZrcqTB)>Br;IyBixaBP+{<DmBocV-Xnie6co;tlri{Lj-p-_4-#Z`!P7
zaIY5au|1(+i3hDc?!L7{gKGmfL>zP3xQd1Q8PbCuv*^|+^nB?R*p7&0WiTw@e?E(`
zN7N7A6B~orBWD1Q{3P&apv7_%EDS)AxeKDJ@#5a^$~3(>qn^z*g!0TdWElL4*-2M0
zrsNA*4_o-HJ6V^KY}^*pdPq~aH6D9^TkSPIWqCM?DB_YkT(TuuU^X&qTocCclb~!{
zpFCGxRChO?U+QDP#R8QnRnbf)7QJ7SRfe@Gz>P>F1$pJZzrCxTG%*}Eb2#ZYq9t~7
z)2+sIoYKt8bKtk}B^o$Xlw_dh*Feaqij<?YI^WMD8To0KldncqL-C8^>Z{2riP1FF
z-Ihn-tSlgfqbf2{Dhr~;yPlsPK5f)?QCe7-_)>27nk82C4uH~7W({jKElY*LrEvLK
zMO&#>c`enc637{ElL=IImG(38811)(G3mE~J0B8Zmi4=Ivc`At0fEiE!g)>84mB=|
za8yxrp$%^0jFje)_C~$8Wj;Yu0$gb>#YY#p4Qss~_;6%&7oVtGGcq$o-tNts^wxf3
zCRktlvW}s%QbGFjFBbt1`M|G<U7oBr>uTM51b%<QidRJN5*|tL9NlAcy(IdEq03lB
zjT(J9@yMaOmYy}7EY1~V1pPcCYB%bg)Jh(3;lNtHrK%<HoqfJXH|N@R+yk~;<KiNT
zJsy&t{@j<Og<y0Z_hzP9O%;u9|4(`4jnvG2_QJ%@hq|~$Q-}gCm^*ni|FFY+ekv^R
zfzwGqOw2&?RI(|X+3hcEB{?+M@4@t=1*!5CP8k|Juc~L(yq-dw>r|rN6K3J~ovq`d
zvZeZ_;O*^ED*niBaKg#s@ygkp#}#6aHRi5rJi5Ge)7v_iS}{dGMk!(BR(5r>^3o!+
zUolMV(I|fkiShjRD<6h#+_VK}NvZOUyqvc%QMz4e+#$_s*#J#pzdJjlJNtqv;>C^@
zm`_ADvjnlTPl!sQ9tlp*9(|+ifGI}`wjSviZJzp=!)xpjMUD*HH?dY40$tH#vW}h{
z-z1o%1N+!6=A!r%xhA5dsQd~HE2_q;Nf)=BgC0I54^^Zpkj?h6;XjP#alF9Q^J40=
z%k*8G{mkQKfwb_S{Q(lU`FWeGI6u`;e|V-GSFP01@W5)r^#LXOP%XEkh``tzgdR>V
z=Y6-9me*FDi;s)fl(Pj)&<A+~;Yfdd2Xs{cPlXLxDno~OT?ZoL^14!X6*c#wVPCfo
zy^P^W`f40vnJm6?te#w4XSyC9w9bBY-xuy+x##4p?_x>aNP%$)3DoDlera(OleChI
zm`j2p!#7P6b;`>O#!}VX+B(=)<f?Lgyw|+pn?iBPM}3bfEzaN`OI*RNuY>Ln`3=$C
zX*X<JE)r1N5}e;#l-Vh9-Rp1tff=Y^&$s#D(WQ216lr2$pdT3^`7|N2X}5g-)YeI~
zyCKgK|K@3mI=ZpOKa1fD$I!Xhhn~-o+n3|3M3%$c{1pF=zpL*g&oE;?%(Er<Y$Dax
zm`3;NI{y`Rm4y4;Sh1>1NtNDBf5RL@up-CgNu5O~Ge&D}E1;%3%G2|brTGBv@i!~}
zVl!PTlYfk-_`(bya0Ndod=g)BrX#&Ko9?=K5B_O9(ezPYdX5;lNPy+~{A@17L7wV2
zkikg<I@O)<Rqc%%@0xYIm+6_!%UW~nD!^TJ>E$+zj}i(*AOGgovnDqiZp2B)93u*d
zN@BmpPh9gdk`jZMd@JFu!+W+sj9xhKfAdHFom=?yZz$^j<n6mqHl={F93_MCHy7Jy
zBvGD{g^e5GKx^&-bGSzAU|>muWb3br`Rm9#{#qpgU7xxKIBr~h_}dQ}2Bob*NAZY5
zDe-UgD{C8_755&cbbC;DhE5wQ`{kuNUIU4{tMBz>r|zq86F`1w%W)M&sffTg%Y%YF
zol1Gp3=xu&v@5fgi$U>{hL>Db2ENTzxH4X`wSPS2DHZ>DvcHw)5ys_p-2~VrbDQA2
z86>9>I;?1A$t`IsA$g)JDM={tsI3X`ZOLeI)|-i2zL(iTs&FpZ*5A3FH9hT^x~9tG
zS9<gTgGzV+bGGMRN|+IG885BSkV<&w|01vfr0R=Bt%k<EPwPo$+-b}Yw^`{gQSN^O
zrJrRhJGIyznNPEUarITG|MagArdhtqv~D6UGraqIr9Ud8Q7V!M333*U@+>i*?*Y#_
zgG-e@jt%!qR5t#wdyNsj`d!!ats~J0&%Ht)dPhetXH}2Z>EjH(zyKi2ch8=)`jKoN
z6aPTgBcd$Z&QihF@BO>CFHXZ|R&qjnk8{{-H(YqgJ7^d1=J_t_&H1nB{s_|ClP&%t
zsBv9u>FjCwUgl0-`EF8+g$1dE%!#kE90#MBEf%fjbjtj)s%Og{cGONqxx9Gura<q-
zh0ry9T<5JOLE1Lc!I=WOP7lBYHDM1sA=M^{IKk6SRsMwTnJMq%y$=3(>-V2f)01ZA
z2Cpk+{Y+8@)#eydsA8*n0Hl7S14*0lvge^1I$ZB3aMA2UX-!ELc;dJ`Ezh!Y5a#a8
zn4L17^eN}YQ_O9xgh13P>vtGiApN+DEKo_#A@CbB_<KG*IY5G#sO{+O!mA-GUDEyj
zjz5K|4z4%s7p8iZi^e0MQtMN?WuoRi**CMgQG2`I_R=fSDqIzJqQ`~UwY2s|&DHnL
z7yIES_f}?4Lhu#^c$gl(F!lII&KY+Rgc%fE?7*rl2*q+=>=Ub(q)AM<VX0f%**8k1
z?Vk`L?rf>i4f_CR8&kdEfTWiU)Q~F^IBj2~*0A|1n8rBcFg4PdFjy$Qy_OcjmT*=7
z-JIpO_zLPvLw?~WYB<#Utkwyj5r?y_(e+FI)`->o_NgyNLVNM~yRiW{^q0=}cp;E<
z^~39j7yU1;XAs1o_@{owvnzWw`M<W!HA20cNXq|&9eDbx)XLL3Zv=m1d!p*)Nl_;H
zxS##`=Wh3`@ZQZK@NMHJu&s+%P4c|z)YHsbbM9xQ_RKGfbYq@K$H|(zw6N?CU=TG3
zfDs4Xd~D94hhfQ{_v8BqOFHdDFgYr9CoVC4b!c4kvD+eo-BLe%9(MdPUOZ<G<c?)J
zZ4$sSrW@+tdu#E7*hyHNwE{jS&(SoKwFY+;>B}1GO{=W)Va|ayLG#k}i7<J!n0dZ>
zqu+9yF|*Q)`b>jB<FQawv%ylCd{2ODRX(`2s6;Zu#hFHaN~Y)T$6Jh17G{P_6Ya_o
zRxDo_a3Kw4@E?mzvX{6{t$DEn$<amp=b<f_k;uvUUBOoEh=&$pxpra}Nta$Aq$#cH
zX9njs*N*HJ8k1eO&YaQ+N;`QOljlzRYduU|Y{gIW3lD`4dR0;LPEsq4BX!<()f2+q
z^R9^mL%iXFm6T57<Z%R~su@&dZtl$F_z#~;xn4=X2iSn6d9z(pf^GK8O+D$`%Ef!e
z9V+B82(9ce)%K`EqLbTpUFuOlSw<!@t1PA_>0rlgKCQ%9J0ba9X~MJb)T1R&M*PG0
zA`hWJjY!pSTq~91Pb>V`)1R#)0;^`$j<p=|2|K!tH%jx_R~@E4vK9Fa#D{C>5W>Wu
zC&74zyg<+x2nu6%{AP)0w<vL_<Ke7JJ=mN{yIix#Yo+PJIFLJBzjy8aD{8I?Ioo5E
z<m%;q!L#{^T35;a{K$Q4B)kPOGiMx@W2~EQvzwi`-sq?$Du!|9PfqLaoz<;dF~x{1
zp_uR%oipn3CG!h9WlrV;Q-kFW9#77HG&VAs>+z*EYk-@rEk&(f-65s3eJ+j8$;1Lh
z*oe>o=<Y;G;N8YFbENUOtUu#D)$OT)ns7s<PfU4h_CpNaS4#DG4w>{CP4#!!MMuow
zJ!nQ)^Zh{a*1OpBfTa8ix+IkOV4+n=mQ}y4r(ebVof=Vux1$?XolK}-U&Yl1i^Y)E
z+qJl%@Fi_4d!5$APV=BVa$?~YZb1_UZfUR5xUE-pJwB$C{fY8Bqc%1nbA`Zyl<9wR
zMv6$YUNe0=Wi{qp_);hnL9f&#yJfQxioY3$x#zmO(5E|knx-g|*@`bPeSp(mj{DHc
zfX`DAS+Qv1jL09|J-+^?OwN&q9aH{XbH)3Rfh(~5f~nf`@6k4w50CeaigathhICuo
z$atJz`n}f@js_(>W@^&~jShhQ{P~w(`Crto+bVoG#-0uYRkJttz)EgKJMN}NZj|!p
z=|?`@qq{?dHbv!kGjbc5^(@;wf~4|55%+R@NLMD+sESU(Hk`K}2R=%a{i#99@Gf~a
zYw<qp@tQcU6Z<2uouN<q?b{IKl@9#}yUJ4;Q1SK^QN=;!rbQ?}S~zE+4M%7DF1u*d
zsh7Xn)WqY>X>;D`8Q%oJ*{43^x48TYO^b2?M;Jn`<29a)sr}yclaQ26GYwvUrPJe(
zHW1XLzQVTG21aGW#};n>uiCCVs)=pg+m5J!Vxc#sC{m>gf+8aQ&=r*4A;f^vOCZMr
zNEeVqK|nfEf(S|Iks72*OCS-D&;$&D&;kjZH|L&v&hp;1Zhi0lH9NCr&&-~^XZFtb
z{mM`P<gihSh66z*@+|gqpp5P$S(Qy?c+sO@p1s~K)Urn5tVowmL%n3#3bYGq$)0U|
z{-?-qRP(*Gr(4iiCFJDZQ1UFI7u7yqjNU>Tbbs=$zpN(Lfr=zb2?1j9_?(kU%gZp1
ztIryB#P{$Od6V98?4^aTt5zrQ@$=)&Tb{2p7K8cqt0*C@vm9cIAS_xhIw1Mvw|)Ni
z@g2U8@)pDFPSeXQ;#kWVglhQCGlh17<dcag@^`CLU#U+gES#f-uYcX>;Bg+oTXd}|
z3<3%_qzF>z<~8R|-gc$<xT){kQ}dIUiR<Mx*Jrf$K2Ve@z(ym~4R&vu;7L*oY+QxC
zL_`Oqk`RZmxP4IScouuBl*qz^-ilxJk*qC1+*PUa@Y3WpEM~}!5EEOIT(vkvkL$dA
zW#-O@rn7eKZh@}oQG{18|G0mh7V<3bKA%d;@D6^1RxYTD;`v622)CI+4A{Ow)ut)8
zo1A@<KGWyvUaU-=8zrIPV;gc@%)6_Yj;zDFIphvpEPp$nQt*pUC5sP<y&0vZ;n!Do
zpagASiHvzCJL&Fj>sk9+NG0$7paUO%Up~Z?+*A}*zI4_Lk@EnbRQ0e*P<MuM)Ko$0
zk=SSAd*hsk&nI=J=5%WTrI>;M;XUswE#BDbhs>UES+LZ%I*d^Tin=4^x!05gn*7q&
zQfEV{h007W?Rry!3BfQg7%`4;dsXG#wD1XU2idyjhE*n7rCDy&*Fw-VpuVr@EnqC9
z`0}wRI?(KcJV^E;RHV+lmHA*T=gGb(QxAXRJYa4!Ds56%;msE{hs>RQ5Yt~D94kVr
z9#XL<#qMlFW;naPFFZEX=DV`v!_R7&okgvf*lwx}q+t=aV{x8i%+BNw<->8P8X^Ie
z%}~h<hWG|aE(i?XT+|6;iTfiQrD>X>4$+;YS<>1xd`Mx__s%9qN=-qv8F!!>_)S*I
z7273k?NMZ-=cBTFU%XcJ5f)3_rydm=NPGNj==9?DESJ!IHjWp4IXOYuFv%PK1bpqI
z&`4okiSELUre>IImd1dmO#j;JyK1db6;cjMjDU@B<xycnW5!*kjIjgbepUSlzfD6@
z-z=fB=4x#<Ew8Q)6woDO{29)#<{A#-<A&@1oT8zA<dBBbvM|aWfPPfCPESUWlR3P?
z9CBBaZ?0}8A~SiT@$81(^PS=7D;*NuCg^RBo%ZVV^t&y$Zmzyj@n=RI4tDGz*3P{6
zDnczIg<r4m$#%%xzHYDvf22x7-pNr2G6snaFXO59Tg_ct*r(W<zRI?#s0_JhvKn{E
z$2>p#Hd<cK&N&hZc^6@%trGO1v?h}?uWqvUgpjN~;?hG1YVTbnU)CY=(&P{Tcq##1
z3y8cp0>t|%@no)K?WETE<D)*VXD(+6nR%Q{qV4o@-95rwj~3MA+mMTfRl^eYMeXP}
z3<4vh42GEy^1*^{1Y#6<ZkBP2)YW<=SOxGM?s7S%N^B|9aJZj7>{of8Hn~l*x0^B!
zY(O_S<~G~53+Oz5_OSNeI;|kJI%v?+WP4aQeS<Pu>^d#iZW=?hex_u~PG?w+K5$!|
zO1`khS-rUHJ;C~|vBbjG&*mPpPSIDW^ZdJ$q^g?3gCXHFF|A$L4^X|CP#;vHw$U0p
zJojy9v*0~yz_HHiEmEd==vMMZgE_0|T<bS^<w2=A2^Z#7ri5m!Wxi1X2*3LhQiOwn
zFXluDJXxAFcJf-QaaD66B$RL?hlKe<k=6UWES<ZEr%HQztsh8ByS*8mRY$A1UYF?k
zgPncdq%Hk5Zl+w${+?@MAawum5tQx)cUdT{4BVUuaw9DUWMc?Do~{qrYV(vL(lwNK
zTp=!d%b#>W;RZ!D!$yt)8BfWkox;((fFdgNR47+;U?SiU7S&##{w&PveNA08!V11Y
z#QC_TvGqu2yOry`8itUbw_(i5SmM(*_OBI2fd5!983K05Y|GdzLR5P5X#`Q-l~)Rj
z`VO^2cla)FqRPJs9+Ov;Y(Es`J`L4kNI_jz;aN9w$@YrI)v0)?9gpF8{CS31bT{=o
z!awu^=6fuy_tAbiH?NsK3dB$`WuYjSMD~Xv;$Ssy!<uLf5|!O{uW-c%XWGz6BR|jC
zOoBk0o~0HtW{wK7!SBp4`rVBUZIo8h8k%z^!=xPhi2-_?9VrzS8)|}~xA=+$-BROh
zw&Fkyq(JcU7#*{fPgg5-1oHvom{CS5Y{Xzzm+bDh`J{k?Rq*mlgE#QvZvLK1k2p?p
zo7ehjwPw4{n05}F0Pxb}OEG~A{$%uGy$MRDyD{S+x;Cy4iFd1U**>!q%NKnoHmHM(
zT*WLtq$v!fUb*R(Ud^IwgxJm8qDea&5@^e+-cG7S+Yir0z?e;l_I%)#fiLmAJ}BLf
zdqxCzuN*lPY-=5q-0Le-aI?H8=jDsz2WCo+JRZJO0ebRr4pm{1tZ1N=NxJKizPlUf
zJJ*rv$ve+$7=2kwO^Il`DC<Tv^(?F$l;NV1pb-o`x@d>vNz_2hZUpiz`l^F)t+8yk
z@eR&sL35_{#XQ;PY(ejb3$BDdl~!;Oz95!;mQGnsHl<rnJ09>>xoV{XSFnM#-gS1)
z6$5ZG9i^H1rKH~NL*lh6lXgF4pS^_OPHX6a7C&dp_99O71;Sjv?j=`S8)arjqA^Ti
zdy`X}Wr`s&4t5o_eh(-;eSMI9TO#q^E-OyB#<9)!G)|+Ldo2=`3*HtI8iEAM@!HUX
z`)fxgiQt(>KJ&IkZ*XE3V~I5VPIK?7ZWT#_=Gp+DLV@kbIlj!t1}^FCL3$B{xQs~p
ztswOKMF=F6kE0zoKQLFvnsULOvhI1~n)ca@E8~6V6zl|#>zX&speS?r9u#KKt42sJ
zZvAI>-eH8KB|Wt%r(=lXIO((15ajb6NKrUctsnd$SNmi65Rj!8wtx|I3kv`A$FR1g
z4{bUDGsa)EU-*Q$*Bnq^o1B&V4vg>Rav$HKND^uC>ql97>XL4Exm)o2Xz?DgnxNuf
z@nPws$an8Ta1@*9oDhUnSO-1}axs^!%+CkG4LP0Tm6c&C-Q0&;nTeZ|z@c2FRfGz5
z=8jASrHtzdC+3=t55E%^`czX7OI43h--@HZ^TImS;VW!S;WshxAfjLb+g3#g!jFg(
zxhXWs{aT|<z}-x30wXq$?VL)?mZDFPDYmxwY;}kVqdfy&;hImfA+-rsPny`rzY<9v
z$n-?;n|$pe%cl|RPPN8$stSl->n?XnbFklzZ1&hxOc+87etu_VB1<ryf*|smNrG0z
zYg6ROvfnhYlYRKqOIAc{H9a3+m0q<W^>n}O{8nDUEqWyM{FCD@AbLJ|JE_r{>;;8X
z(w|HO#;a2?vhO^LY{q*D9y%|+bg$}0gW~h5;Ku#!ex}M*45g6x*2yz_ZvpLYO@33~
zlWAaNd*E?o{;6}11adu(oUY+I^5)^e>t#)=oFiB^jSJI`CkzTe^@!)vzsWBntl|yV
z#M7Jeoxy(fc3150Ps)c3eOKaU=h%65!9VI$?L)Hn^!q?HXB`LP1B^v|Q-!;GWJaYZ
z@uL~e<K?*}azR>pHVssK(i%L0>D_@;)>H74&g9CZsWVVWzI}+R<62-N{Ms`Ssl*!t
zM%Ade+l>27(=z0nihe&AB%EoVP3ZtFY1YKx1jDB8d>DoL5E3i2!?}tz>aXX2F<>8=
z@~VsVp#5BRo0fb9$1i#G(*d`IFPnS*ExVqr6wlV+9L@^n?XpK?x-xqxivKRU@fFT<
z%V4G4TE<`fn*NI(fdtVsX#6}|+Q<C?uAEaFjwgx}UDFKH?f{8Zb1)*Ks8(inn4ckg
zyDE-{wepPzh@S<#;&KOac|hRNJ<T#h-;+&*qIhc$YN-{808!R^XDibuniR#El(vvK
z`z1SW(bnLGTOGz>sRlJj>SqeC<&%?tsX+}hImyR1##~bs#XE`;y~JNiN8gD9G1J5b
zsXd_<iWfvz-aMpO&*XGKyob$(E1~zwz@=U)MDfk6A_Um?FbF^UN(Qd#awqYu^wE#S
zV1-m|jtKol$Lg#m!gD6SFBEOVGtwyTdTPAUQa*`hlqI=|l$$kXh%uDEr1(FnlAYUE
zIoe$IRc<`|_Nqe#XI962U8z^9{bEK3KCR^DX&;&LJk|&w0{25ICS#o<9d#im;E~8L
z32lK9!3QY<b1}gXbs7>K?At_HuS(uBdG!76wR@vI=SJ&@HvSh=mntGN9T#RJ<>@g1
zL_&B+A*9U=(_9<>Q)LnYA~@Q1Z0P#>fB;yg=X>JOo!6v<1+g^Egh*+q7X2wW5H#b<
zAzOgS811Z3v;%E1_Q$W~4Tz{FD7k0}gb$v`=NU;C*W%@yj}M=o@Ls<;;)Vvt^G8RA
zN>fE^pMQ9BCRNu^zd51c=~zbj+s9p%epzf+rR_w@Q8qGi$gF0)Pj@?A>xzmktl_B*
zVI<@5vG22cc{h|z@HA|)*nP--M+$2(Ng5-IuJlT^(-&b679o8SGZLHEyPNV}%f-Yv
zrsI^*Vg|sNwUs;5g{hZ)S?`f4W!v5=CC`uB@=GWbyOr8ipbF`pRRN!jGjEx8DSz8M
zx3K>}Ji|jV)vw}`CoGm)gnhzDH07l)cQ|rvhHMUSFUe2XX*v74LT1NWAOb3%bw#7k
zB^}WpJbg|w%Iv^_pz?Z&ig&|NswExwWm0-<P==d=hKY68ZNtz^AfHmE`1gJ!|IY8j
zLk)6Ap^@~btLts(Nd8s5EuS~&`i|^k@!4x3pp_LFS%>+FB56alB)yN2$K8^h_wu5U
zDsi2t6ROW?BXQselX6)A3YM95ycS&%m|y)Z7(Z2mZHFkfQQmq5g<Z@pP3iCq_bdWT
z<a~vY8SPeU>J2VRO<L#Kc;6esMIVcAQ?AZTXd7p?L8hr}9eESLAE3gwq;Jjkg-nEn
zZI4tp=QjKdk<^udED}BQO!BFFD1~PW3H$zqo%$WWO{#=BDmLsn_19T!(NL*VdBK>%
z-N2>5zO^2l`M6Hey+oBE{FK({Mz}55Sow_VgU!nx@FiuzX3*?d*xQc_0=Uq%%Fb=r
zS>*l|pAYeNSafsTZU{v)_#pxAZ)4YOR&{VvJ=Vnf1kaOF`M5c+3a(QpD!pVZO-+&m
z*Oy$SrxXw}OFg<71W!&c)OcauRp#Y2DXUd%^!(}r;>ENw(3z<U+9Gi@HvK~V@#_A>
zl$62OSIQ4V9+uVFdZ)Z5%W)WyjmD_%LrNq$S-h%7mTZemKIEy8tH?w9`fAwe`FDdh
zdZ%<b1!nkF{6}yurGs~hFOt!wh1lthgC7@l&RO9k{t<5VkNtln4gMj1^^eK=@uD$p
zm}g8=GVt7iDH+8EC+0iD3y|Kr8%6NA1IF>g5dL$U<~Tzei31-6T>ebp{T(*s|9SsU
zf36#h{#1qg=e}D1&Rg*Rb<DqZ1p2=<c={vu_1|oPB-6a(U(KO<vH!U_RDtWhQq2{>
z`@FWGg-d$F-qS2*plS$tDOq)0^!fXNVor%wOl);BT@Q&}6~wkSOg+<}+i2zNKw-0}
zQP(eopMJK>y~_U};;8WDe47Mswd;2W0Or#(+xD>mrYOOYesXGBk0~+<An$X-0J_mZ
z5>sj%&B(9|ABhNxNW{MX_Ui$44W|&>_Ho?b9N!6>76LGB9|7f%6I;;m4CChc9D?VV
z=I<3e_fPwtg?(-c1PINP{d1>SLo!u?tNwX~HLCH0qy!LfiKmQ{$?MpUYdLhCM&kqk
z&3XN=b+D`PA({J8%awrY%xa}uq6hqL^ts?5MpYi%b@`WTpP?P9f$o&`Lzg4MtWhsu
z&X#jnMNGJmiiQmN!OZ^Y-|H3pT~i%C)g~EP{^FBZ8y;r4yTM@D5)|CY`5Hp_+eaYr
zmugcRa`v#V>aeKr8`l?A7#TMjZnW&h=<U3o(fsk=@_%cq=f2Kg@6;35baBdG?;k!3
zSgQ=#cbEJ3?rO>r+HjprMh?7(IS=l8gfxUWwokCcP&HYDN_+#FOn<(-ms{M&@;WO!
zz&+S?*<nnp{~(foMs>z`fnNCQfpLJV@$ODZ9%0^ZMxj0gs$Nnsk;E4#ft+dk-@JQ2
zzF+HddjZ~t^;4aQvIBW>lK<M?>$f<u?{r>DCh>*n&^`yOtMbxbq$bT~sVs$V9O~&i
z{rXIJZN4vBvqvnhIBz!t;4jx~Ozj>c0je9f0Ljph(UGR=8^ebs_DuLTZg1QXCWiU$
z9f1Hy;|s7(Akuwx|A`7fOy$7N+^6+ajrIx6{<CBBq#Ib2!qbKwS4JFvJW&ctMmhRu
zzAr%LCosL{5Karp0bz0<A$r!2HMH{X(SvOpP@^*6DVyxtt(bR5%Zeo4yo8@IaZs3&
zu9`Fdn4nnPZTgn}wB>5EbWEGWIdB$>qx~tfwOdQg64_FjF(dPsTDWOF;$TsB;NB9h
z3EJ5ycH+3E`X1JJfcZ@3uZ=-3X8p8Rx%cY<$F)kS)9{fBM`9<mDX1Ae*Sy!n9WVgQ
zq$5{qHOoed`_Xs<P;VjFuemHZxGBQ~_Zi07cy_gN+VL4u!?G}h)hKlb1!H|GRO(?h
zjGr+KkMH2n3u2tg;+Awn^hkH}tb(KW%EYe<*CZ#(5`M;@q9Y>7wwB)IqP0<PUcPb9
zRB!3mIuU-*!CS7TW!sm6rS8HK)s$tF0ZuX3{#dQ!T3M_6=#|ZLb5}2>*-TZ+WoJTH
zOgyul*EZaB(|LyDQ&SCzwmIQC4$O%S45ZxL3<g@nZk)ydUx+Ax@vr$eT^wfj;d_Y2
z;EJh^)?RTDpfjR71!z%lGrjhQhhg7DflhhMy07Hd^WI;t?m8#SRyLrwpv4bk9&=pF
zXP6oTstJkM{UdVp!5-Nbp#O2y6VuI#8^hR1#IFb3kv$9}V`)vY>+h#gZfCmGqigwK
z<14Od?6OqZn`4aTXmo3*!?;i+NTN}oy#FFVM|9fZ$os+H@INg73y*+*XY$Sn1+dyT
zPp7jJlcnB_yfm{`6s48WN)0dHQ!CJ$^Uu)8jZ4kIy>W?WQHtIHFYCdZ{B8M!A46@)
z_ScrJKL@DELLSsLW~gyUi~1pL#hkd@&BD%nJn5}@B1GG9tv5|)8Z6%EC5ABw`XWLB
z6&r=%dfUoBh%kIUeLOO9?PdB3K9iE$=;a~~)>%ep?glF`bBC2e!NW?XA~p?rfeM`@
zG_&{GLZQ+Z(y?AF$T+vEp_ix6y5619GHJ6=A#`ssLkxcGR?Tqf!pe%%!J^Fgz=S^W
zUT3XN>J=w}je!b2mS*)HM;i^)W`QCpIURXcJs2W;Eo|>{*Yf$3$#wVK?}r{u{E2#e
z&V269OUw6lK&yW%nLEv=@FW~IIrer=Z_y<06%tsJzt#F<ZS`Ml{}L=w00a?r3yOiE
zB&?9L>or3B4?l1}dK{h?0!GW>yjAYFM)m1<_Ao;GHPI#3Qk$_3!R!v&0>@Gi#zODH
zr8%o47Q5-X^QWKaQ{U3}rg@m!;`_NWo3ol;AHX1j!Rh`N9c8u?J8W)sX_8g9TTbgI
z@_aWd_0xbR3_%u@dn}I|mcJ>4Eltgag+NK1QAN3|poy?w54<Ka<>^_jUoVuZvlhY`
zc0)xI?2Udb)zP-mby3?ww__zQC#S#gv7V{a&Sm<o0&MpE1<D$j)#LpBmsDJTszmC(
zfz{M;4WB_&gP5D|0qI+3Do(4?5})Fq)baFPc3QlXKC!tjC_v)Wm6S&z0welK)6@=D
zxu5Ko5o_Aw<-71gXBq5PVCjRT2{|?l$1ejft)IWzI;4GB0tZqX%bXF8p;A1&Q1*@n
zcs~3Rv8NqwrSGHkjh&vs<4lrNxHP`4O;dO^att9~EfWeKG<Y92C@rXF^g1pZ5?5@j
zWkcLpp>FSFS6#*VvKUm_7!)sF#oO2g+cdQi+q|E@x3fDW<9p<h{^Qx_Y3I#)W~(tT
zwGNgIFeAvSjrYmRl^nP3GS@gj@ZOIefw7zg?h5)H<BvT&{QBFg{W?FW3}W8QBeS`(
oc>Q%}U8<#ZWpl)hd?PsPBY)FF{~S8~UyQIHLvw$WS$-Y=AJEz0Z~y=R

literal 34004
zcmeFZcUY6(mM|It>4HkHQMy#=ASEI{KtM#g)QCtIB0WGLic+Ks2uKi6dNCl<YorSZ
zNbeo#C7}jLx$(@Ib7tn7d%wB&pSjPyvy=U#yl=AC+H0@2*IJu6Nn8Y6)zjA123)#y
z3GjsU01%e|d|FUfCjh{}03Zqg0H{gVt^>$P?=F!Ze`~}UfF^+K(xpGozc=#B<bN6^
z1qJzKDoQG<Kb@L}j)t0=mYRx+_6jX69X+X0(J(Mxp=bE>{?DKM`T3t;k)HI_RMda&
z_`lbP-vQUCFC~#Nkze8ikX^e(e(e&m0{|q!dYOdLAEf@?E|HN_T&5&}L`z4yq53Kb
zd~$L!60nykC`fmQkgfwLu3f%<Q(A+P$;h6H&x={+RpMuA{(BXzEXG4<0okYCVKlU?
zZ0sDIf<nR~w?yUS6%>_}?`Zy|rLA*cSI@-M%-rI!rIo`oM<-_&S2rJDKmPz|V9@I~
z;SrHhZ=;iv->0OeeMm>-<mTlU6c!bie5<UguBol7Z)j`p=<MqL(bGFTGCDRsF*!B8
zw7jzVdu@GVa|?5DcyxSniak63gV!Yh`M;p`56u1pUe`!?k&$RXLG=f(OJo70PJWHz
z@=a;V>l#K>_FhbUGOwta?<Ib&Xr<woHAb^M^&X;S6_8sJ#QZ_+Z<zhp5DWW%gxNn3
z`zK!00DAIEB;t`@1AqYdRD6u8bip?8n{#_(<D7ce!Pd&X8ds+*iX`2~pL(3^lMIXH
zXIyrdcsz&79EPjvzWfXmDHE=Y7b#<}F#7uSti_R^C&>Rsmc<D#2ot$*1+{a@oe20u
zJ3UIcY_+YJ#>U2$B%Wq`medX5sIASoC3=4#s@*sK+q=QU#;0VrZ~G!~x<Qq9K<x=R
zxHu%&Lv&iy^YG5N_}6~qhJs&xYhx%MPo<0$J~Bgz9~FD}O3^OZ;<LDbjQw7f{Rc_x
zmM7fyUn#wQtQYc?!rST}`??2P2lw1e>N8F=s(Igm{4EzJCX=$!emX#<IWqEbFmizk
zwZt&`=9|r1`-<!k#22@3pmPC*nY<^Ix{nk3Mg+LgpMB({T&0$Hp7!eJ4IkA#Pwa5@
z@p9z8{WE~&jN|3t&%B_c9SxyGsn_zElstMW24pIhHDQhs%+i&BdkR6)KUR=hjBQ%A
z7;?9_u!?!Lwpo_=A@jMJ=S2fU>y#Fj_g!UZCNp1AmcVE#tD;$|o03=~`k%K1Lszx$
zCh=c?;}Cc~JEKPWhd4E5L8<GK8uz!Jf{lK09}W6M9S<g54un>`OkeCv%WmOnqfz;U
z%bQl6{c&9>4%{{6tEq&a^xyivDIUBFSIK@}v7{qVLwWzkRTz6!*fO7#BrL|V1AX(6
zt!`a}Kcle4<<E~~fAOx~V)J7R4+{MpTw+`E8#P*%)2RO``dKx!gG=GrwYXpWS3^&4
zV4?wO2E#D<BKBMlHiPPhbj$Ja<zbO^(Zb6$4oauoK2|_<m<#;q@-Q5I9fU4X;H5<@
zbQ*1qEO1Dw4?Ib?kL=NZm0Ss()tF>oiE9^LYZVPr8@-f51W*e_5&?H@g^7Sm{6qjP
zXo=z%5wJm*M+7Viz?ZD*bLIXEcQqFE103OPG@prpUu?QW!1wz^KwAP<Lk@IKwh6-0
z0I}v}E^~J|!2cG=T*6fYM#9SmLjsu&fu$57`+t4CA@&!g1?~m{h`;2UjiX4wi4XyA
zm^4XiT{4*nc$r89guAW9{eKXr|G(n>|3X^od`GYo0U!Rc;K;u>aQyj9;-kMUK-)37
zQZ>(h<h}=TUt%)MAxoO?x-$2*cu^i;JEwD`oo3<YiGqZJYCFWU0@D3pmt3i5d;9Ly
z|2^k$rxx1hOu0)qK$h66X>!Ab-?e(Ul|=vCsz2nR5y<tW%C|<Jy!wQVdB7&NbU_E7
z*QL{v&r=ynoMPu`Oe@KHGujaUx)^w^5AG1+3|XJi@x;tp$}M>1J^B8nIQHy~1695a
zx-3rebzY$Ctd5WDpnOM?&b7Dtx?=b58vne@RdJf22T1t049l$e%2ytE@OOcOv>lCw
zeqwm|7y65L56#eX^~p4#6KhTvNO^MIl^pn@NTN~YUYIWXjptIYsuce1l$oTpYTMdY
zgQ|bXYkBi$JNIyNRi1>Tx89SkTNix!JXVBj!wWA$F8lAsHm`B{#MntBS#N+=n-(dU
z06HW){Ky|&vT4V|SZMk7s3yr!RQQ=e{~CSG7>5!EvK$*y+bwmrxwwF1swDz=%99|d
z)mugIiQ@@ELQsM{{z}Bs$1>ks<zI2r2Aiw!%TDurUJ~LSZl;)OW(Q?~`WoG;#N!E^
z`pili?idXr(9944@k2xaV-5B<5ugU+A_BtviGY>r0|}NPLg{bN5hJkfkO){7!06zq
zOi3a!p$xTjvcQd6FMkb3KU~21C;SUc+y8(m(Ippe(F@<;1-*cG=q@LmGZYg6uYk7j
z_T3g`_#l{)B$G2y*j*s{0um2CoM=U1g&_nLFyD~QdHH*i=v56}Bm$z6JAp?$CPV<4
zdIJ#<IRo=10<v1JkY-8+j+qAidl*`@auSZgw@5-1if<(Xt_eqjHtrM>C_?=HSJbNh
zBOI_8E#OuQX{5WDi`N7`LuU9dKSLb#`8EOQf$1XzVHJr0id`b0+vR_S<BT;LGzKdq
zyjnS>!u^#+lI5Sava#3xi&M-DFF7;BlXveiV&AG75dj)wAT<B>---N>3C;bFaJa8p
zkp?n5$Udh^m<3|4LvsnQOW=z-6X1V8qdNbA&J#bXjQ*9Tp#P!h|4{UQc=UfS2LFdg
z|3~WnP5S>=rLNZhi9Sg-0$~(JLED6NB0#5E`;J+h|H4kojWPbchH#Rv@?+m@d%SH^
zo31DH{@KrMf;J0DK7sJJ!kLY1sZyDZv;hB|-3mi@mL)KjG4Y6`jEDBkEb<>uB;ZV~
z3h{3w;YYz^eoOB3is;-8lt7SW_XQq~=_3O4?6sK9*Af4nVE-BW@dN`*tAq%cy!W?>
zx8M=&BAHG%cTEUwir{m#t-4Jctn~$ZkW>$EsuzI>0OLrO#_$ItEtX$_pS74DUHa3l
zdCAd2r5M@HRD@8B`w8;iVW5^PtH{b<+JORzli~M=Skg12XiIeE6Ko^DFTAZm(c=6B
z*YfSv3v=BNe)Dl9*4Di@>w@)*tZvauYS4*B(C5E0wxD|b_-VeeT)wE@K~2mcT1DpE
zSNLrqz5egl?&&8M6S=tTT&|V<H$zZ19sM6L$3^gUpsIBrBxg%zP*q%$r}J5~+7Pbp
zkYBw1hI67#LeM@z0LPG^fj&|fKo`_|Ebmjz+aM7O0@~C226ZniCH6gLggB_LL>Oc0
z%%|5W7(FLYPNn4$pldhLB{0DunEuk7=(CEk>WqHJr(^OuXIdTT+l^Yav@^K(2X(Xs
zcUKVy^Bxc1v&q$Gpj?_IeD}s1c0#zJ&ez@|CG|oF#8O=Q<<82TKAJSyW;Kch{5tcV
z(P(KJDywGq@D!-1NKz{EWTA<tN)AZ<GIz-%;bqXSdWwboQFuXVKI}SH7UR%vumq;W
zHb~K9D-A1b@1f`F$CCR;DZGC?ssBsROnX7frJZM{j(=U>)H?3oZHGrm4=!m903?0|
zlzrh<Fsol(ap`uRvjmME%BmKygB>rc47eVO!6bCMLl7gM*|5I3$e@V?0{2FP;_g@x
zRBybKAHAclWGg7%UT@@nG8WS}mpM7<^>IC`8dV6@X;r7if-#02cM8K-#>;WaD;XhN
znl-6wF1zN6Y-jOsiLvP$UnAPSI=TE}rG3ni<;vbA6KlO@<m!5onTBI>Q&lnd6Q)w?
z)aX~(hj^<FK0Egqt89(q(F#hf@c4u?!%`ukNfYhU;BcJQB3`?fE@3BEW@>9ZEz7&u
zB`;t~&RFyGUCB4yu)H#Nsgpo-Xc|VUqoF%|U&0~Hd_vCsJsQ_JWySOGhH#kl>oDPK
zP3%ts)9<gEqwMrPZt2SR?o4=O64tVDObAQWEWS)yZv#_{m@%-Qho51((g`ZHkbFGW
zsabX@t*sP(6()c<w{|I<XmVYq1JObqo&5g_GwzWX8^5%ABiJSI2Z^6yWETAT-B}>C
zPP<f8P+H{kP@auD3lTU_pk$_3K+&vi9N7Gta=d=R9c8l{{-Qsl6L%gI-9-C*tfW}m
z9EnM`MGns`1VBtLIJ^1XV%?WTMYPSU_vYqyzN9(!hxS8)c{LGt;cd-n%L(7-fJ^1!
zp|`X=!H?h!*qD2fIxQbkK0KbE0nY*!?E|V@A$2Peu`A@tE6Husf%p%827yS6i>C{n
z{s>rrN`|*}bKESFSGM-@iuQo)!SQyQp-iDt@csD-{e4}+1F;tbz7)rM9zIIFU@YBx
ztK%ly79Ea{w9@^-!n<+8Z(!FjF`e@?X!x6|W-0w&)o+m#Mya}MqtAT(=U*WVVyK0m
zetNJQ_qf7Ir~>XJMYS0!hmov@colA*pGMsrwu3Ni)Sgn#&selv?`ScRX<%~<&-aZ9
zI*X5PT6g77Fr+&!WKBt~Nvo{QOg&$4te5Sv`U$VhmA@r4;&#%|JUqPbAztl&f6<qb
z!HrjJoPXq~Q3ZML{K+miD<)mwMU-t6`9;Z>?q9dmN}_9)Izw(=NI-jhA=7(Z-Nsn=
zr4UAw_^$KuwE_L$3;%DaYU-G&4g;?b^ID?u45mfB;R4k!7#(w=hl^CPFiT*>kq6zQ
zit!_NuKQIZFK$#vKbCs%`LAz37F4u2R6ZOuIUstK-#6#Res*-(_B~E^Z&{ddD6zbv
z7-8l*+O%)HSx{BTB3T*`(yTgon;VfdFjp>hGyJ}JmR2m&uj_XS)tkK3STo2<_N&zE
zmNPm;0F7k%%8V4ljIFF<ANNWB8?lcLKc{_SG2^v<hMZ8wRv<gLt%g88><6UV<V+uS
z8r_qWOtWc{{>dNQnc{d&=cc3c{SLdw6k=lDV}3q#%J)9nAev96tZjoA4AZmN_zmur
z@#Vw{thmq3^%X>K^#u%X`}|ZFfJ#Cl7Ou(fGtAm(`6;|AnspsEV81Ek^30`AMD?ZK
zdbU-k{4r%MS_Z<3Gscdrh`<!xSHzG~U8h#++4;71bk>G<EX#zFmRC+IWb?eb$hyiD
zRZFZz^SJTWi&v^=i2(XziQqOX#W%+i`dz7^JY!WcSMKV1luqkmWNi3oenT_JT=J${
z17nL!5WfpEhs|TF{Vm2IeIe!WOypTsiYH@-;;nYAfM=t~zQNw+Z7aM-aP|5#0;JS^
z>0%9i;kMvVf5&PTnQVLJ++*1*7sfZI_}=`vUt6*rCRbz8kTY~-0!Y8BN|QGU4KNw^
zgsC_br|*FuSAXcmX!<+KoH<_)7m|{ClJL9LzG)ae(Xk6Mz(=gcL&&g-kDyKVmoxNV
zNCo`dEtplDws!1IPy(1fp=edU7g(C=3i8v=X!IJIakU$SOT-7kl=VhZ^tMw)gYu=K
zxofRTXXYQ`4X+OSPWd6t$9u071otG(OLWs(PKvIcKZ|!ClLt+9cZ^S;<mS4bufK$8
zElWsRF4p}z%D$?jQ1I-{*HpPzWAyRikC_byTiXza<&i7A>gdy&LO138i`DYaO^)bO
zL#)w-8#JanO8`^&de^s^s#|e-YjU%pWWj9$!unZY)9u|~H1Xz7uEplFs@AL|hB+zq
zR+SW)_@7$qO*9&aG4l0(os5-5+A-*7Nkh`Lv?UaNm(-+gLD||3BdjJmn*)#V4CBhH
zVU&&aS%FE@<87C_HVYB=_@kxY(WzWY0`%PA$!5o0PiPC}Y8XZ0{LuS$?yOpfLH#ko
zq@6v#2VF^;>>tRcgoK`pNc?hYFl2IPvJUM|JvATFA%!w%CgS$j#?=Q8a_RJgoolK=
zNBx|8u4Gv<y@Auz2W(4Rke{=QylV|251XCVvc*lRk-;-M0o%dW6F-)_?9tHsT?zaj
zf3rxsPf0pLNsC>4?$on)CcgBJWa{}|wKHko{;O`_ox9&=e|~M}aH8dyt25*1arn+5
zzq7!BlXXBJejl%NQ78N5mq5NXZCj;aCne#dHkwvWCimqauT4o<H#X)ZkRKrG;LiB*
z%%VL`@=EYBC{o-rm&wY`Z9Mg`OPB2aysx=UEUyNCEaz~%w0YiEr={2lJg6n1=fjFj
zT6jnIm0LcFo||sx3e|>rsd3LAVHjeBBjvYu?^y2a36AUu)CMAjEqB*MI`wt<aAlDk
z^h*4QVz7qh;vfZ<sU6NGkJN0dIse`L1_pM|hlUQg7q3)>KSSUZ41PB>b`;ar{Ax|l
zy=(3I1ey)poK}n@khzA+jvVnwwFl*=HVeHfn%Qh|o3_ifmgry-_g48Z>yg5JYkJ}4
z_Z#c9%7_g8l<7^dzHO)cINoDxpvjq0FV;~KdT3>AWC2Mr=-hr*hVYy-ZaL=$y}|J-
z#zG_)BM$W{-BoUtr&rT;RO_+|&Khz2xFY6j%3ZN&ZoYGV;nYli@&fIjwvx^6p4xy!
z*lCc2uk)jDj`Vwmm*0HrAOdbt{q{3?-P(O)L|qiBX@EX$8w{Tg&-~UNSiTWpVQ~=g
z)YH*GZ;RzA&G!zk9L%eO@qPB(sFUk+GY60(rE!Z}PeN<CENz?ZYTi3kf2mFjU8h1+
ze|Axv7a89<>Q@+ECIXB`h4h21U9L7I|5&Gu&Q0og2VmK|Bh?0>1xC%2S0)>d%-cFF
zty*=~WCz1eY7lExeO{~Wa-9=>y0*+u?of&r*DI!Sf+|x{pa_sBIP#8DEqbs$lye+;
z+^E78qf^~n?UF^ZTva|Z8NQMM+*6ePRxfD%+9t)vu}9e?ZuaRsQlfl4pr+<XO;wSu
z*6O1)%XO2F_Boytzqj3mU0t$Hc3{i#JeuSwo)HcEWH1ph=ccip4YaZ~l;f4N!cd&^
zBWQklTk*0|ZerV&c9}aRerMkpq?^o^XTV&x)AN?tfP3gBF}K8!1YI_=xu~8)#%%HO
zx;+4HvaOt>M+Ha=lUM>WyUBJh@3Y%NwWpQ&Op~r$H!vtLmssQGFYA9PDZ>zeIei%H
zZkGLZeO#)?NB+Q~er4&!QI^!?rhKqiUm{3h4tZFSfnog4S=hF~Zs%h4Q;hQSvuhcB
zDNfO*iLCd3$7>1NDaH+ry?<x+>Win&QTYQr@=5*c<yE&K>w*N{xI&Fj1`xlKB8YDt
z(wNJ&qme22PM77kXtTbuv6)xFCq8J2@)#W3a{3YK$|gYpGZtHenwsX>{xP%j;en^;
z%`ipn`V<a(+m|(C{vnYZ?CsnuZz6;WYV}TrY&RQ&0v9|UPS@YbayB8qx2e@T(dcgx
zBv3Y^uP*^hxIOGkw;KrI>>60!_1$)AZn)hA-a+3oa|HtZH2f&CWZK6|EPjD2yF2F8
z$00GXL;wSh%d>AutS?=B)%LD9mvBYg?h8*%@dsz#dHamtpX7S*l3^u$kTAZOZcflk
zIpB4-EXlF*Csh@7jR(Fc#u@APSH9hnG}e6<C~z~Nu|z=UMkSf@?~Gt&{pqgWO$l>k
z>1i!|#H1{Z{sMaMvFo8i-fF#LPHeqrl0|^O`QGujM)i<YTCuGwVkf@n{=x3S2qFNT
zw87fKJp!}N*;c$mcwM*<Q&C{(><T6LvZv~pzIgW_v9X57*4qN`0!4WYqQ?1RUpp_l
zHqm_EPzV(gYS$Y@3O6L14DabFPW?{Rd7rn~^Hs0lHnsR8otL7iUL3+A8r3X6Nt0PP
zVeQ@A;88EL<o52P>sT>+ukmVhRoUEU!4S2X;{3AWM)_P-=ltiBP`XE>p}?(Bp;&7o
zz;Tmpd^)66=Bb86+XKw5jdxwxgO8Z*a^BJ<Al>vvcIABJvIpb$P$2e|oS{GAcIt7N
zr{fUq!)*#}5uv!xuaIrJCvkafPM5p-s|T=l5UCSYOr4pyAjUI7b`ZGHkWNT}-1at1
z^bq9nz>NplZ5x!Y{&Yy}%CMWaXjV3`I=ABPv$ovMt?8E=l+B428&iKSk`oR1&w53f
z*D?>uyJZ9Y&AT<1UpQkw247IykOHEoB`f(3kpyNnw$%iEB_aS`PEdw#J|O+g<l((&
zkxyiQdJT+*G160h1Q;zT-)Nw4-`0FZFXGmEn4N-jy!NBb2~i%y8?U<<<XL1B<UE1{
zk^Lg0Cq5>wD!#!WlTlTzl>{1?I@Y8dYSD^_jFP`7XSJE?D|Tzhd=upBkDhMqV}5iu
z>8E}=*ysNK_q!!1S<dE_gzGpd?8tIP0tYngv~!xFxm0F$JLq9%p0#azNWe=W#Qg7d
zLqW$U;OB|zUH*VNvZjdWMM8hr>3c+KZIJE!#HMG=Go%Nj^F?T>-GJ%x=9D0vx|!3o
zyY>7*aBc9m&yYGBbg-=gE7irzf}xn6PsqcDtqq(HoOBJVoFSi82i9~7cnI8V?^e0e
z+ZXZ3fAO8_@l4-`D)9v|&)Bc4LC;KF$`DX!n{g6keh!v|GgcCFC^TnY5@_zr8$W5@
zozb4F+TIAB&1P3;-$L>1go?R=(P{l(T96Rr0`{qx2<uq6*|4r9<iXT!4%0eA0c8rI
zrPI!RDr`(!ix56TUCa)e#N(s}>;PVsJ42RzNmXndUQOb8X!@b!C##L5QSN;G_3K=s
zvWLY;YdEJ{Y72D}dNn}B*Y@5yk6tibA~ZP4`0+}}<m~Or`?nbwb`sxR39R;xsuQG9
znHLMmWz9@GYpfls+_>Fjq%>fRq@F6SNy6qU9n^}oG#h^dJMw?Sq$Q{-E`h@*?C8)Q
zUF9V++g5KlQ!Br?nZJE@>NNMvIv9!^*HzGtaJ5bUSXn7Wd)0Fpb`$Al$AgJTEOIH(
zKu#`b_!I^{sl?|Cn8&zqr_Qqh{5CBYpEgL5_?yMA{0*X`Au@8kvT{@);i*lZJ;X=8
z_y^y8D^myhPqA<Lr?)4g_s&t3`6BJ}kWlBwkfSq?Zxt)};F+hc1C^_>&(lP)#sQ}$
zA#;0kGaj`*!=UF0z?n^O72jqSbGWaE$`Za$BKA?QQ2c_CdqiWCpAsOvF(B?CXl$nI
z&LvZr84@OpO<8W-XWdG(lN;Levra{g!sHzaT2+k)cI=+jHoH#rh0lE`!*aaihOLsp
z;^qoc^8B3w*;B>!Wtm2k0tL<ym+f^V-rQ=tmi$n3!WL56yx%x}vEbzYv@R^)M$78k
z8%K`5bS)&`cw#kT$`ulxSC*N$T|)!_k5F$B>m77(F3rG#%~19Fs^;hrq099ll)*CF
zZpBOufnSkL-|lH2KUJvlrY-?q4ZR6fpE(I7B?nNoVYUM*g`-AnGOR`=R%#TnRS2>$
zmPA~>0cO{D@8Pqj+KahAT}mu%nfJN!eRqd9E!8h1PYzlN;M=UXIuE_;<tAk9j`L;_
zyN#YFDE%4DFWBRiKEvp2E*yB-o!#?B1%|T1uV|)IiB8;AJa&uy){Wa#ADK);fvznq
z<5GJ_oMo}QmDZPcL_qGG>ohE2M)1e-eY^XoH*MQR7hlIy_dgl3m2NK@HvKfME6})E
zbE-P!;HawKF{by>peC!o*{&Z{pF4X4pI>Fmv;t|zn}L>YOjN-sTxDDWI8(6qj}6Q@
z!iTFG6~C3gPqVWzs)~E_>XQ9ONyax#7K;gtuIi#_t?|-jl|gE3<c`H7ch@{Ep52t)
z^7I<RZ(LzWCV}BDi-9Y>U%PI@YNCI~Tj+{uRp(rctQmTYc$`eQ^XAnhv)uCO*V>vd
z-W4g*Q`uQgnwTHnoZmU#4PH?U$8n$|@1twOP_>@&5{#XR&`iI6?P(QwjV`we+f{-1
zr>2euCAM$RdhFljc(`|gXpYOHzCpL{<7{dzf}+OCV0<+%Lf+5Ho_*7n!p-78^dwOw
zu2HDSCbl$rMuRGEA@c?1_V!C#PDc)^8y<tk#Wmd#S6#gi3aVn_-y(w{!NnnYQ#)4W
z-9UPnE{3f`O}3-vyt6zU=Dw_}YG5DW4&gp+keEMfQx4BGHibI7%uz%`&CSnV1kQ<>
zp{3eT(ROrWO)7rN2Hp}>mbIhRDy4nY;_5@(ChdIP6m$Y_Zqo=^{%&WrxeQ2NKQhyi
zEaWPxNuKkao|wJ}oI#d3o2Zu?4}W~R&gLhkQXY($nVx9b+ElUY{sg63p3hzaPnQ~E
zes?ynB5Vtz;k9<uV+QS-C%FpW=`Jr+t#DOj9qj|4eeH^13VApcHvZ6Rc;><lc=hqz
z<m2wZ^&Xxt<7@MOxjIa8{WQN$HrY;A_}VU5%LdK7x?kcSjlx1a_8KZVmHUHSJM)%j
zGYnkLh7H}-W1MW!HAM*E+p5MXGlUA)4^LZ@q*k8Cud>#;&C9zO*{yM!*w*F!t5e-_
z3RyQMq^j@pf4C&zHRvPI`{fe<3x-Rr{K~ESHoGjSiiE0@W)Dcpo)_M;@as8h3Z*zO
zj!R#F-NKgUZt`9oQw6SE0X-U1<u9G>F5=%j$P0>ygGD)5mxi3_%yCHfa4p{1JxfV3
zu)vhPMsMq&f46V&3Ss=4zvx!(4B2j6b*=e@TY)2%x11o!{$wI&Uv;}#I))zOABq-M
zz4-_!)py3auDjc85k@~2iL%&pc$aEbo#iwNAsTFzlWX;Po0rOYp=?WvZ(v5kk$&YI
zTWML6Xna?U!rS12b`NLrfmg82Lfu)z)tdE~Yq#dF{(j-J)<QYKhepNwsu}ww-Ir_D
zo<7ie0C9{r^QMIM(0c7#`kLgwexqFN(dUns7@kwNkLq_D^WAxG1_~FOat~;PSPY-+
zByP@2U{?yTuiHS(a@bv|VF)+0Y{stAnXZP~A?Y|>p#255{;oop407<nAsVMqop2JG
z-KK8Pee$M7(7?qY`~a3;<)W~zJXc>i!oF`4N138}MMNi6ZR9L32^VRt)G?N=I*k&G
zpA(pY$2b=fdMfE4tk|~A2>Wkn^=5&ejMqvZ_s}LECp{hwN+WNUOe487mvMh#&6YCR
zIvdiWnn1-+2}zIVdsY3C650~l!>))$?XAPMrzwI-HtLpo4Plq;0vq?^=J`=rn5xuC
zoce^0%W|||<uFphQ_7f+-qlOh=*vjSS9*&0cJJb?OWc|E$I7O~qSZjLhU(1SXA@=~
zp68)=GRu|1X|J|FvcXiY8JipQbk67m3p0;2pxj;X?#qx4a3m4HjtgEIMF5$h&TZ#X
z;T|v$lMX#+_^7OP8jV1-oqRfnwN!Pk%7;Y&;Ev&ijthYrlh!6gO0B3-HMB<;;O2<{
z7q>*g{Q0~%|73hRKciF%y<3KnehsHCV=uK8<_;-)!EwkdmdjJxKw!alBw+pof^2$A
z1XxPzd6%-VD9g<zP0YFGyB|y`6;_|yO>?QM3^ys}y1PP_3``!6%cX?h&o&tu?(z%i
zKX|U|NFlm&c1mBf{~jP)yV%UOG+(|{H_*HcWOKRGAx`j~cKPaNKB1eP+$Xfm8drnX
zq@*~Y=4OzL-b$g|Eb?hQ9VP-&P~`pbGNM%_4Mwi`w0_6UeK1CaF%EQHyyfOL!sd=v
z+(70M5pZSmg-e5}qOo|IHg!yWlG7vR9)WNAH)$2h(77t!PqAJFP+61eI+7+!v%^S5
z`f&vsTdQO$>cu>I`*J|TL{&10velekTlTw>e6NxIR)uNvd#>ocS{x+!ECrvh{M1hL
zi)qHjUYet)Iie=D()^p+H^?-<2FAGy#pZVBn|taxFa{>6Dj}KU5Wj8O+xfh-=wZf?
z5JIQgB1JRy3>hKtY<Ut|`@Ka1Ev`<FVL6R@enf(L%OW6)XJWUi$W!?CY+$G_8*7|Q
ztn6P&VgenX#Tgd8RcoTxNGdhywcB`YvR=<tZB0V1EyI}?uaLKQDSKZA;?&Sg*gq37
zl40g9cb>I<A=I}7VjxVY^CY)_-J0%7cF5hnZc7BXck>jF3D^ohawb!XIg^(0c);cl
zly!br8n-0H4O7KRl>k|x+J~Lf<x!s_jB+;53$iJ$y7=gF@%78M>2+=9SO}7JUUeoJ
zvzJWP2v;x#h3Jb8>8)wC?kRcd&slSV2jdR}&`sB4Z}YFk>)5RDE3@C=>@^DS&UY5C
zMSRIuR#7Ty4yg24cv!pXIm6W+rIy8cHUFWg*T=QY7Oo<Jm9p&=oQ1X8u^RX!1QQSz
z%Cz0WiFrTIhv`g+R#ovkNk5tcJ$%zyO!59(N1BtLbhm)L@m&na;`@`kWeOo+tx+6L
zxxO5tI<-Eeq}$KE(6U7G-B+Mo3;H1%lSapT>5_iXgrb(84i$^hXk%loN3!RPM|pYr
zx}id`sC4^*mbT)4X_9Wwc1w)A*!B~WZ}asa>|b4x|L{u3d5Vj*DklXUQAe;88{bkZ
zA^;Z~^yiB|QAnfVdNitylmVQ$=?vT-BLz^U{vJU6Z;wJ+O?0X1{4)w^#v?l3GKJwS
zB?9c}vhlpfroLq`sec4ekN*)swa{22MS$;K{%`E8^807()rS9cAT2Reyn<t>otr)+
zgK)l-AtizfYjgxoQWIan6HtE=$?|WL$mr8gE0Xi_pFLL&;LPmQtbgK+k5j)HI*wSe
zhJrMc+}W)?29N<C<hD&_<t9}=I`7?Z+K=@Ce+E{b;;ycf1Wee?+6K%TvIsh3Y$H3}
zX4P(}eKZ}nrq1ZS2;7TLIjpZ`{(a`Nid5-4GcR8sf(^DTL9Y1Bo{4_Yv#BCwjfL)n
z+Jbvz4`P3OKH1|+(8w}ywSwwAMkV;QB$V1n$~K7IvT>NW>3%x1w6HURK3$S1(Ok-=
zz*_ue+CAu6pvfJp;~&!a;UdYvzZF&y{(ZL-<_KY8+0~24B87?t1}9#?b(EDBSmJew
z0Dm@ca1t(IUD#+uvI>sHRX0=;0cGea`1w^9vO2%sj|oQLp@Py+Q|>j$E617nI})e4
zSuBZ$qqpUk7uZmX8Q{yIa+<PkcH~1xeN(UcPvWkQc#;E`g?K(ETr5SFx!Xv+^?kM*
zm9yMf2ye~vb^_}>x8a8|NXmxfvjIDmLv@zQT!dLp6L#fES!+rd#jwS?F?Eh@{pCJp
zQcV8Y7MH~F<wu|}ji>_k4(-r_77h$mq#q;ocCD2i(mo{L&0p&G?6lq8@xvL^sVzID
z$uY}mpp)P0pEvu%5ovyvc11XgD6FQ!kCF@V-k9){;LdYh*MsJZoP1_lS-axHoBtXy
z|MRNtG9Wq-lQR!ZFs~jtno&XOJZgHc32}F)Gmvl3ijMkJ$+U4vUM5Lz|LJEcg<Kx%
z4Rh{c**DxDL)`b^Q!xbU@a6p||MBVCj=0BAMT7S=l<97zUd2BOKPrP7-&};EPi}Bt
z_>htXaZHMf*{!8etHJLLcGba*xR&iG`CC({=8M^!>{Ax^6<JBuz8BwK6wK*L{hrwm
z3Yh?bmli0nuVurKwxU<zgQ4#5aQD+moaV^UMV!s@!2I&gxds!7o}XTu@4<M!Savsf
z03U}3?Im@Y0@JMsQE~~4lN+pUJnCHoUDt+Hpsez^_m|A)0vLjVqtAMv8DbZ8As|v}
z=XCa`k#psd)l<v>!IY$Sh6mTF`fV=)uFR*eWrBZMbVyB&d<U^gZ~~d2Qf=p3sNgvn
zj*q}codLH_DLBuZS4cc?u{4;lRM&u3|6GLSGPSS2IXf{O41~@#bq-$006+~vKojz1
z1=`Zz9jzmW*t8{Qtn8Xkc`m^#@^x|ASe&~rR`8&Cg$PLIKY*wj+0|b>BD9l|BvH>o
z3?b1+{>i#2C)V!fT!ka+YOj*X`+V>{WXS_El<q&e^)7x&O2+dcO7H0zg&1Mu9aEov
zW%(V^HR8L@Gn$fpygo|WIoeSA$Ij6oaUFZ8V|Btf<$l77jk&M|zg`OA?-}9`N!|{M
z*pS0UZIxh!EP!*d(i|L}KFbxpFGlCA4veC=h=B6%M>4bJY#%Hh+ps7aLmXKGNXh(x
z&5Xc);SU7{jS>5M>j=Cn_A+T*Yhhi{=j@VAuEE97L(@leU8|FuTk}Kw5PQPKyO7Hv
z252JSB!uJ|#mGgr+g(9-g(a>4?MH5gzdaT&p;2E=249ZHa8Vf?EPYyEN0)c)qd^`$
zp$TVQe6$7jR&ua3lvE}nf$(7Py9%7r-NLnjhwX8?j!JGtO5_@Au^X%GrbNx&e6YD1
z1?IybLG?0RdrRSHxp<qGYXqnB+<sL2`Tmk;#q8a0#W?nBcF$l2Dfk`rY?5)iYnWer
z<XzZz(d2{5R0ADVo(<Boduh9$lCMzVn3xu`yQ~8d+pV0Q;UNl!GroeH&wCf<`BeFV
zr(>012Er%^{Z}~$Os=MWER<(UvzycAM*T>ER_z#{(bNlAJsvvQ{mIyUQ>NukpO^Qe
zqB&)FFa!l@>0WQrSuDKj_|C6L(2nj*>Sr3(4&^r(rP0r#P*`BIfr#r&IYy49{Qekm
zYj@Ay#pzYIneP*h$3a)G+*4vXF-mgVz(u@x0sCf7O6f7X{-0&^SWaLuLdbv7W<Wu6
zl6pfC0sO3g({JT}({EpHFSJGeT{R#7Lp57xxfp3N1OBB`Apl}K`&gk<-1YJGlce~G
zu6fn?bwe~A?8Mw{_sRh3^~8&I9Y`zJD|%94#@(|7VbWS?!iU3`%GAYlOSeyU=E>1{
zKhDFlD2tW3l70dAj$Ea26by=CAV+a=`;q7NHMJ2+61%^&n2m}|-!eZDA%97#BHIOL
zconkh)6bJr;!iQ^6B|tnp;?V^O{m6_hib2wO8-ib;^~c(46rK^;HQ>mUOnV)*rv`n
zqDsEhs0P#;**QWA8z%JDR8>W3(Tk{v#$R?TT8;~QPj9gjZ_wC0xUJ{ALS3X`DUmdE
zBbOs5nwI`)v{)u)Ax;1t`L2&!f;)O=m*0b$je8wKN)gZLgo1Z7FD^r6Pky4?C6S&D
z;I})=w+gn$dtzctM)~6@Dx8(IH<L_DeQeERF79e9+uojct#mn$`ygo0iTs7Qp<`69
z%N?*DT>y94@B`7=xFPgi&a11G$*iqE%V|Z(G`>sB(%}hY84B+-Z#Oe5((TfBil-kG
zYg=P?wU@3M-R#pw5WZZ<mu!Rz5r%-3wb39)BH-;r77NA$F$1<vP@q|UIzIh|;$3B1
z$CV$GYIj97D9EVGfXeb0Z!f@v9)!j2*u|acsd*iU{qp^tPC{gn18C}0GJ1xl>w(nE
zGL@IqXDRn_2AG65@=}rW5~EcTZUY7&^P#<Gl})wqX67QjucxaobSSQBYn0DJE#C4Y
z9#tKc@=U<xSI<vCQK}En=Y>}sO!5Qmx4?<b6Ht`=(6QCNk3zIac_~QxZzcy#CyV>t
zUs6q$Ws{phwqGWuQ}bV>*3=Bq_o$Y&8d23hrCOOTAVvNhM+$HCXp8PP3XWw8e=mP!
zCxp*!5qb<YZ1V?sj+KAwsGqr#r^&UJg7(+0=TH(z0#LkT+=<*F=>`fc8ouMcRJT?Y
zq2|z~Xmoj0zV8iwh1-Xl7Cxqx)xP%pN@o;%+6e&v_6RjOxI}L*nR=QfF-~S!<|Zn;
z)-z3^2K#VumuFy2wU+mUA7HW6WZ9V_eauUW;%oU|*g^WfomF1wv=ISxU(bYiIU?*?
z#7$F<$4pRK_`QS8Z-@ROoy->P*;SW$Tu6qNv=;NF>}5j+SAx{9y{cy8-U;IoNUn>g
zhi8tZeI|9Qx%uMj4fg{SfmVwIdw$xYLH>Sx3%7>a!t1A$w)%RKBQ`F%O^L~=!Cngj
z-<%s(%eM%vMmBeoyEgg6x)w{t=p!h+sgKIt1qQv89pSDT7tIbs<%c_i2`jubeRVOE
zXzY(^_a%hg5qPT+nO#<R7{vgWyyd<P!HS}Gcz`>#7*;73sMACrS}MBW$-5h8zQL8L
zE>wBXWqLLv?E12kH2UEhj_GmS{+vn(M%_@xl28`{<Ffc`wqz$3nVqLqiv$B-_Z}ok
z-IU)&xBXEz5t~{e;UsL*@nI|YeAPhVxF$2FN+^HZglL7eUcG_S@ryP-l}=#q03*Gn
zMPd^pNbYCR;_cy%i6EVQNRC}$b2|(aGf+tz=zk@6IQU5aOLh|Ycl{W=RS~tA+>c2%
ztiY^yY`g9@iM_}P5!0IeHCQU?E%YH)=5A0)80TH@`!*1~)~_lt5dFr<d1$7qyMu!>
zd-VML^iAg5IkA_`9+ACNp{?ZBFqQnp{6c!tG~+T{ZQXKBSf+f}z4?w#&Jo@cztoCj
zOM9_*#r~_;X?CYV^Cn1f$lqGZR)^uek=ZdF*0)i2&(kS-dU}pjl_&NlUce~TN%-X_
zGF??#%wU=L(`d9kY1>2#pV5t*fWK*ikB&H#<m)Z?(#Aq19M1-MgTk6l5doN9z-hF!
z9V4kELK~k!3I;X81W97FV31S-LMlG^Prh`bgzR>bW_Jf2xtqAOS<b8E3*wr&XWnfc
zt_%yAEMtZvW3!ac(m=PkUt?D=*^9MrLC*VcIV0cTEDCF~zifU{EDO+4byg94i;7nu
zzgf3OO>q_Ej9S`&S9%cvh+T9Vsa7uoL{J8+kqSFB2~q@-jama~(~g)}$!?tib8g%}
zbg>v*&JdXGa75;L5CL0x-+?<{&37~|%9xgWKX4|tKh4}|Ap)HH0|UTvp<>Gk;Z?GT
z>p#6GMV52QhKEe`a|x%;6V5~BeZPFP6ljLm1e28cQ<VXZ(Ahh6JDOw~yo-w?rKi+Y
zV?#KwQe97%^{1R@(YOC}TmHp`k#JvE=Np6X-1Ph7^OVG=xOV^#WZV``uKi0wtPa`N
zb~vqi%z;k+M>xuY2;fE?6_6CA=Rb2u&8yTH4m-|&$EO!s_XHHVSzMc*{{DImVezCW
zcea8YQ&PXyLaJ8`Q^oNnEZ6QL^X6^u300syK2EQcGQRI^d>W~~tgD#-#g|6Pc6|}L
zULXW^R3w1k?!H(vRGpChoTeF+q=!#Ah70<K7KiqLD_gQJBw^&}{nyXUS<?(_7~wBs
z5^Cm^C|wgS20uFIg!2H(@6Yth>l7A<rD7;^JS6w>1GAKJ`lM%He4<AXoRC(2C3;Am
zK;60XN<2sF;-<Zb<`oU^HX4COfiLkj(TD7WTN?*mU*wCl7a8dDu9-ZB-5v4MpWNL&
zh8AR*ywQ5U=Sf4ji}<mr#ut6qZ_!m_#quNK(9}B6GT?F`wLs7q1Zz1B!c&rbJXFC;
zHR*WP7AbrYe6cLM((pCRqX-MK#unyvm%5aD6>Qavk6WbaL!_uN>Gt8tL7BbxDn!4(
z4wDA|WeIyYM3`drtCMc>dw)K0kd4XG%3d*y<9YZSesxQn@w77FRzDzg9(IE?yB`SM
zaIzL)Z8%OIBP6EAs_U5kIql(?)6-!9aLq;b2l=LHC@;KKkK`)>Ujb=6abkapkuX-9
z!+NK;=o|ctWjVNSIMgo={$;0DimqjL$nJUxD&C)zJvql}TtIMYb%x=gN+U2!uf<8^
z7r(~Gi&^8_58i*KThqKF@al1Hct|6c!;_EPuox204&c*rhg3CkaF2(PsY=HI20+_`
zi7!ixQ|pkDo3Y9GACW=WL&6p6^^;|M0ceLR7rxOWc2aoq3o8NaCIY4cx>{IWU^7Tf
zgCzYM%3^+351;T8ruhgI@yEO9Jx6f{`-ja(&Dpu6ZOH5rb=eLEo``@%i`MEuYXq-J
ze93%ckU}W+(1QpwgkWOm&db|4*JC^%JZt}MPPE8X-jq`i?waf(Wl9-Lf2>6i8ttLZ
z1*T8<x`CO~i?%wrOZSr;c;?J8&G@B|8wr!1ZwbNXFYO9<^D4KXT1IyFR_9i8f6$yU
z{U$H3-L?yLegE`OTmW6CEK=_>(=zAZasdokYJSekr5vHcL#1SVnq-b`8Q6V(e0-mP
zJeqqrWA@6ix-M*sd-ss<-TnHbAIr#z-;6lUQV4Gv`t?eDwkIc-7?^EZ?lz^mjaC&l
zhK1w%0HxPB%A)kFmgh|>+clFbiUBlAjUKrb_{~?HIxG=|Z^OQQG)*}jv*~Zac&6vi
zRw-J=XG3IOKJcE+xjp!hrk|u5Y1T-j(TF42mSiNSi4!M)9lTJ-DPqq^1e3#m&cl8f
zA0PjUoe%aZwRx;xtn0yPY5igOT4}LZ79|6-`JW97@6aC5k;)`|i7t>NiA%R$z}TY7
zBMaY}d_y!;iRvS3V>w$g2j6#LYPcBR7Dv1YcwKqA*<CrLr#oZUO)53R2{(||>W8jm
zQsG=85fCSWS$j)@DU$>fIsYG+fY^)+ve15Y4m4`INxFD5RCG*r)$nW2QgEi49<Yhv
z-mAm=p{HC8_zl=jP6WuPza|1gNwt2_<zTv{_&ZI?OXj!WL9#Iy`OJi1UUmLX`YSXC
z58r1TyhyqjMSyaou!f|fXL?r<mIH_-tsa`S$iL6Y-^M2dpqAc+vXN@_5<bHhNa4-p
zVv7?EEVvHd$@rNhA+t!5y3@iCcMsN0fNK%~LL^^+5gVf%fIG`3=o6fez>Y=jMKfQ<
z4?0z4$jtB0%G7#NFOHUZfl0u&)|<QL6TTznv!8RS@JKDQMR|xX&gxm;tJQq&n%oxu
zLT!6L)|urj+|4sn*EqOfVm35eyQKJ`JnOJ7{yfY1;vq~8UA{|$hIC|6P54O&366P8
z3&_mstXa-V^)r8Bde?Kq949@GqJmj3Sr3w7OO1#8SRNl=;oGwoOVO<VE3sa?bwgXD
zl}CfJ#R*%wxGU8O<Wj#0-ZD4ZVjICWK0XxAMCb~19({Lw+p{^}3|@Rbq_ya>b5ko`
zLjI@GCsjV+hf8PKy(s_1ES|2#7a*%*rQQ@X4uNvt=|l7Bo|zwn2bgy0?@sc$qH@1E
zM+KIIc3rgz56|`8kDl)o<wRfbpY4d`#2((|B&lT_O)=~dW<GAInHN~)hB)3aXDy!j
znHUxZpW^6Idntdhjiy>GOTJKp0ZCr(YdO;yhfh=aE%?t?YY&`svw_|Gsoo)vCw?#B
zuCXodgo5y2JaPJdbh?m559z(9Pu0yD>V95ZpVfBe|MfEH6}aprYz#XXRi9fN9ZxGY
z7uI+TUq#8DZ+~at3a76r@G=TMwvL76@(|AK2vPn6u4A|c!UC|Gt&<Brlf1&x1ZPs`
zvu<@>QL`GS_Q2@}Q{2{KnN93^%Xy#0%*gESBLG=b27xneIUCO+^>zVk?gqpKp_D<N
z61L-;3<<RQ-8iO+l|p<J=Q`n?fgNdyQCMTAmIrx5+d!14+Uks5|KMHqGfyc$%G9kr
zqbs<?zc~E|ym;BxJyvgY-F>PyNT4N|<|2pKO(NhaWjzs)$MlG5nQF)Sf_DR6MfIxb
zO73PT9omo3T(VJN!y)A%k#iXRoo6a9(JSeaYL-FBHBx%iqY2bT22P4p?wYC4Bz$5t
z{A5C%7Roxlc0OScVQ_s$kqvO>8ubdWGLawj6>FPA;#2;@NcetQ`DWA;0rZhA(3z!&
zXVXVz%H2;8^%>V~avS{kOKGsKyt0QyqSd*W9I4=E1GLo3d5ULB2w%W56-=;UY6&!%
zkP9^zbE|~61RzeWwt7@DwC7TFeAi}d2FIBx#j9#V;pkD)2?4gb@L!ut3m3mP3?uHy
zz<+Ko?e}aySEuwU%C{YPAC#|EK=6FH;1$o$!(rkUU6eo6(35{)WN|UHnvEWuC-K;4
z;WjW<q?W|Ew-|Tui=gxCFn*HUih&dO8a<2$)Ig?L^D0pg{_x%}n2?^kgqu5VSKT*Q
zZQr<Uy@#V&2s(pJee6|!jwJa6I#hx)Vf6;v&{ky`&Jc&ErN0GOG1SYEJY+@RjpEyX
zjVmdaU34mdJb#t3m5Lm)Z7G*g@Lu*_E*AB!GD|$uVX{|Cl^C@)1ZRW0!GG#*24IW-
z+!OfQ-oPb=YN=`YIU`haku8Zn@YNzW18sZ1(yfQ3wSM>>fIl9W!d?dBYNiGWp7D<k
z@;~otAmE6AznNgZypR9&@0h^33+TIyv^qopn~DwOIQ)w^^Ep5$5rvpor`ZPQpwNE-
z*=;s}S3+-SxH(vOSdE*DXVl%k4LqkQPh3ftPadm<5&@g{@z$+wUfHZmXAQSd+58~A
zyWK&*<w-_3lS;zrk1tFZF>~O-@B#r(n_)U8C5e;u3#5H3PgxrfD;ly1P=TJWMB^w3
zYpVR+*;fg-aEACoKf_Bn&}b8AF#}G%dGF->)L3im>DV|%&uX_ODlbtE!dxhbZA&U+
zzcduuy};}@7!RU9g_iW&PpDFr8Z2G({ivocv#@BcGAEr(GacPx)s*q!7T}!*J4*@%
za$=93=!5{LusQP}Zm5(U>*>|4JCWhb9+DRphYoRUyG&i0KPt}L?$u~~-?WX~IYjrh
zqb{j(<wLF83BbAvQoUN7lplEkvUDrC^Qwu@i@wv}uxAwltH<R<-45PozcKlGVp&5Y
zsr~Yy{_F7I^sVIP8gq3E@>f6YKlCD9)%E-A+zT@6uZK6!+aay+o&k5Vqi+tCQ5fsM
zeroTuy9$(^74ea_irPZli2zkUIF8ML2<RA#GwA?MS&&IpxCH<ucgIiGw0NhENih_3
zI($@&6j}Su50(rul1NBEhR!hV`N3O2YdnhO7uC2Tm=j!fMJJBkvmF{~WS{uDf3#T(
zZZ>WwOLhRnrnsYE@V>-jlBJl7Nk7H8U~)Yi=azZ?T8f}1Rk@^<Hv@cp18^?6sFl0G
zJTTft5tl8zD@_DEQ6rVdYwLnh3_fQQha*G)<)`gaPR8Bx3q7^^ILjk7Zl1nIf>kXR
zfgea%Hve)T{~LurXTC%#BC2h}V1-w7V&xvgM>p@x?S6#8>3tf?H!l0g&k{y0vZsMn
z-5p}DYft9|N7)wxE*_+`TO9K;82ox2JQaGM2#`B;(Pp3i72j)&n<R0_aNw%qAwIP$
z5WfEL`NBKlbBmXa=^P(O3-H-Q({>5?uNI>*<SIGgOn&hbE^^y$+_)-PeI(p?wFoz{
z6<STwv0t(e3<#?5$vF}W7hp?|-Q}@F012aEXwG5#0z-=uvQ)dpIeJHTHUqWBOUeN$
zSU`XCgPd(bNQQ(KTm-|0i}L~<AHdH|K#kY{f|e5G{FD(d2ux6y9Ya=uup))KJYIn^
ztz=ljBAdHeJs?BuIV`UA{G_Z1W`I5e9b8WUok)^0D=}t0x)^IKED4ay^!OZAt(-v!
zq*QBVrf6JO!lCXi@4%e(>N}Y%H650DY{JPZHhFoFaltiUx+YmLHJ^Ou;oHxa+CSqJ
zzS37v+A%)TV7bVqH|iL?)z<Lnp=!zQz+ga#vf$bFYA8!5do=UmbK_!#{GUfg4O4#W
z;M53Ul)CWrj3vLTkLBC|cuhZ!lKs6TqcX+eM=u+?`c!lOt&R$S1I5UrCnlwPMN3P%
zR>H009S=*J!opP(kP4QnMd@GrtFGVW5UMzWaB6;WleW&!LelAeR2`4wq$dj$jvpK0
z^iC~WOSxZ=?7UHn<N69;p;9#=1^dN1vd_)M_T^PA)<~QDhMlL=Y&+oPC=Z07CPui!
zdCj1kpl*S4-|aJun*NgJC8q0X_K{4rJcywB6Esg^gJ^I%J|T?=Xds2^>EQx!X@a6M
z7P+!;!Bw4&mqL*I(pQQUc5aVOp6TE;_|GRemg_m;Z`BnNTaL2C#wPIwM_mmIubyQ3
zV^0pK2yevB3;DsA1d{o>Jqr?mb7M&-Fszj04oESJ1OsxCE9;XT9nRzO>6cvSXLu_a
zOy(<$6Z;D3f&abMd?f-t6)`112%v1a07*562EkjIn;iT;5q`D^*HpWVp_arEI<pxK
zQ<kqtAr-_06M@wnNjh(WWG3$aC||b|f1d@h?L%!O><`kpc5&YddqmL3&1S&gVg|c`
zScQZ|!|v?Zc~MN~X$;}ED`#X(wRPOny}^g$&$aSo2i9~|Kg)kix-9u~()qdP_wN7(
z3&PC@_-xV^$0wK%X|a!!W~ul5qMg9{@Xx3ce@4yyw;#$g)p7Y3BB9;tboh7zH5B|^
zou#^=VMJA!PRl*G<bEyNVdedUrlk8NpDI-<&df}mN#~Q1jsY?TpXn5K8(v(MAH?54
zG)Q4B@6_UsNNN?u*90ffGGWL~n(<-k3Yr4%-Y0)=7_Q;#rtCGsyO1B~pF9|YSG3S!
zSyy%xrc>vx&xT|z%L+g~++AgW4!DmK0ZUFK(D@7_;b=-jOt}I+l5lGqbvcv^2EwpK
z?6Vn;i&u#lb4)XT5P^~@_AVCpCXaf7wTXcC0d)ljf(|ttZQ@D<bZws}eUwgM)LPoq
zHd>AU_AzJQaY!2+GWa`a>~;*3rA4VoOW?+54v7T|fxwPz7KiYc$*uDov9$&#@%6a=
zXVA(nFKo^@d-7jHM<|KYw92Sl5PNHnsyV9b|0wP|pqkpcby1YwEFd671q7uDh;*VN
zAR<zw7ZH#qAiWb6=}ke1B1H%tLZtUZx-{t^orGQjp$AfY8;|Gz&pG$LckdXlIYvhI
zihC^9UVD`}zxmB?rN@zkh#7lp3hJ##nX8cTz?zEJ%9WAy?~;V0RX%fR>h`z}V=P}_
z?n)Fgv+b!>LZJ2*8>&%JEz@ox*JPBS_E$*{_VGW0VWJNNis#-ukE(YfVH@G%K7@QD
zaP@=H+yl5o9cTpzu_C~!zPOFB)~z=N!u)GTXZn?ym(m&j8HP9qPt2QvyB=$PK&M~n
zOID1b>9rV-e(|0UuOFxRN{_!eyN=`;`o7Tf;VB;xaOi$fpO@vo0RAo+@HxR~j8`X7
zHP7*u;G*WhjA~a$hRT0PQt1KVve!B>IJ76|wj+AoAUCLOhRtAB3UdwRa>i6`VWrFM
zdBs`3z~mQJ@8a-v!NA@m*n$?KEAjO-J~LGae_TL_D+R1`nNWik>4#3LcKO+&YW^@n
zLJj`Rkb!2d#(p4;%qh2rI^q-OE~c~1+D0cY8ah3<=HU7~&)rt>Jm8@ah9|tK=Zn?l
z+R+_XQi$I<aFYRuNVbQ>qeV$Fssz3Sz!_r%mQ%zPK)&UDIu-&a;5&Yj1@;5Zo8M2e
z-um=|DKb$4A26u;7y&ByANT#PrT14YYJa(v`(G9GovJh!OveD^&z3k-{2Jj5P}}GO
zlAfYC^5Yh?EvDjqRk-I_B~Odp8Xrlbfw51ARc%Z%^~u85kA9N*k<3B%7OzP+uprF2
zxgIHfY*n}rJY(xLzTC-D@Fd)who|uL<;3@|Svi>QoIkNx?oDvi1vGN}NiSuWNVGYC
zfoi9Cdi3Q_vbPL?E&uuuiAyHKCy?lkfpF#kF$)Y}BEU2sw5U8V&PIgU^X<(?F=t0R
zxyn`Di=kNLU;aEgCq-cI!opi>T`<&mC7;fnJHtf*VtGa@$&YiOo(@<gUw4k!0adma
zQW)AK!MEZy_$K6i<Sc;1v5ulHtmnd%&o?P(wp!cizvTWveMdr?>ov1$TI=YL!85Zr
zNrKFpjP&!s3Jm(X?Y=&eW&$y2ANJFY&fZa1-tkgha0!>cBO1Af$LKpvd*!?HO>C^y
zs*1R8COo!3|HO5$LKv*68yT%<phTF0X%BtM7oKn;G(`#&NU+ILTfQ@qGkTEXKl%mO
zV5xMaA_L@dSCfzzE4(U(V9>fKt}|6GNy>CGJBMr0c!RfT6$e1pF?`mxIelDkRzj`F
zXmtP=)qLP$3!Yya{UQiGi<OSyqxqaM@s(UG8D}mBi)}_-4sRTKFN6`%ABnN|_a)hG
zOp_0NecU5x^JCmKy*%>0Z@gdYY9c;o=G!`G7Ls0K3i@&@c#fXMg~c3K>cY1Ac2&dM
zH9I@}74+p@p7G+@c{2C*!G=J~z(B54d)|Tgk~SG>qGH9I6^R;;Z2&Bp2#atADi8pj
z0)AiJW+eEuyxdlLb5gQqxG-EqsK~}B!^Hm(!)AC*8xoNi-ngvBjEi}YkT0bJt@Eoq
zaN6iym-WbaM3X9MU9R>#emQ_=D}hAqh-M52amxqJIg!s%6rxPPoNJmejU3SsVYqT#
zDX-7j4iS?#oM8iBz^DO|VlN?u1=t7P2*({uD3yf~&TXQ=MDl<;fM<0z0|0FD0HL42
zWB2c~OE?IdH3Y)#`RPeaw#7(3i1BR`w9Xn({b+Kft5DC=QR_|Cf%CP>fIDz-<Bb4I
zR0j71$j-?=U>!p}ORL7n8MGe8d>4e{mx{1?rx(=Eb*YPqB8b!EL@$8>vB{0q><yVC
zSt0<irzt@Tn7Bj1B<e$KJ-Az{g&U`H+(&@1W+Y*8M4e7L)%}xfxIUNk3TWa>=o~lB
z0~uHLlZ>CT5WtzNfM(lqW7Xi?jEB`4z&b!>!VPFD*@Bx9hzr1!|5tr+IPV!CqI5)o
z16C;-4W*xCaoVKPXUN?%AOdyRQPq3k=9?hw`6s}>DFd?QBgP@9r+iqzOjACY+dHO+
zQR|`HFD5+lkcY)<3xzjWpJ-C1?6Sf?i&o?jK+d99C-rZgx*lDY_SGO^IsHp|vkQZx
zmtRQnr()Vd0DM17x{Q3M1f|f?>sF$B)p&}16(Jhbi@1PW-={~bo8UtSy@~1T<B6?l
zQ@E*gzESTfPWRa1Ie<srsj2TT774JszYzwvL<vk@PTsBK)47gYQHF!)5lK0i`g(KI
zmj{<5y0_m?+ICraNwm2R)FaVL>$1oa{s@c^?^e%J^hU*mrb1HS6$Q|`KwO1u$xP6;
zNwHWN!g22sxKR;tAt7#kh6#*P%L8w%6224jM9VKC<IH)(nz~*fI0uWz+nT@EC#|Gj
zIb>_@>~4_=wfuggnfXZd1bT-~MNBu*URG}oJGH(4U;^CC9gJHbroQ?%9wSgNycq9g
zI<9ChM~Dx~J*|A+U|n@<RyzeyrwE(@5DwF=6!6ongV6DZ_u-C(_rhx5V!x>lo?&b;
zm?DSIS;VJfH8rF2u?G7E*uCMQE`~%{QoqYs?8z+LnG%K9-B);z$Sq(Y0ae#$d>_#V
zoooMbLFuNapPm~0F_eHjhj;u+Sd{+G9?MSJqkbUlE7hHjCM^QHXMh@>$>3cO(1Pu!
zV0O^D>Ii5z(s-}NR3+r&>w?#6{A4uS+!sj$T+Ac1#^boc=FA}uIk3GFev{z8f%gWa
z%eY?y;TmAQp$@o&ML@vC>h$}mIVKa6s{7OvRt03umv8uTDtpXer;xP3DsA}*F!4vZ
z3Cckw;HDqgI3nHjMPQV@;U+xh##YMn{3KJ70un{AmXtuYhy_$@OX?={!A&TY@iji^
zGK|o^BppZRRy%B?ubVnQ;a6M?7<ECw9@Fd{08G`4P#3}lQ}EV#@b7ZuA7$pFRv><A
z)nu_N;RAS=6inc)$M4Xf=wzpg7RRjBX}a3ze31k8dg|aGWbD9X3(x%o=2cw!N!Gy%
z?0ABm;50C>;mvDyY2utWLjXuYOas`5*5XK4;{N#q@(~i{1p;6PAK(EfUmUwO*(hYR
zpILW&abc0qt>N1gx2lFeC%A4<39Ay6g(eO!AAm^rL1^X$P%o$fyv@Hb4Z%AG$ZS#M
zx>#8iYr6XSUJ9iOO@ATZZWY3I?Nz*ATA~$iLPEmi(dd*#6{J1&q9%^sHOsEH5|U@(
z6N?g>G&WV0P$pBfj`m83#^^2K7ZJ>GB&ukKEg7X)5vAs6Hzw&(HHFCCv502#q7?42
zggnVw=(^a6v0EtZ7fAvi6Ze+mz5!d%AGu(^ziG{{ux^O}i>BqpKiC|FX;)dd9>I@)
zfc_+VH=X|~vYDPBaP%KlRBHZBVC138?-4%r>?KGCG@A@6p9FITQ7L_1H8@ePJzJew
zQq3?HzcEDr#nin+`XbQ#z9*!o1(z{n@Ky`JZD8B$9Rth(=TB%jWA|CSW`O)7%|u_?
z7ufr9&{%~#&2&su#23U=fMyL4Wd^zFG4;x*!!N8<o6oIZIN$8p>ee~2%Vz?G^YjI=
zwWY`iv0O&y!KXB42%-hMfr@i@-Nv6}OxJ8#sTMxefXfH;M=`C>N0W^u7lMj5DIZ+R
z$p1QT(9B(a%)~swmY+E!a!DiKRaRh`<t`b~fnDHa`#x-xKr{o-0Jb|jsKWUt+0yD7
ziByFfem)SK&_3{z)74XWE;QMm*Yc~an=39YeE=zdoXtc6{ZQ`GZghEILw=JMr>B^n
zQ=6W&vMrB)HNi0Fkha2}wuk`c+3O_I6n5FzIRiV|=p7}J?E!N_(?6JgBm|Y0%z6%5
zfV%NsiV0r8w_tE&bX*^H+Z~AhFLBO#2K%v>jVd<aBJia?lI~Vr3%g-1@fD<VE2=?F
zI3=miY`_mGClU>?2Mku)cYKbaGOOhM-XA>sA1uZ`%{4SEW=Qad?hTpA8FWa8ihs>+
zQ?POdPl?ElM)dg^h{#cDGT$}yL((OFT(usn<PmDuX-ApmYUCih`eAJNLXM~_f;_6c
z&&dUOob@T+-r-;hR8~Zs1D?kYc%DWZD{OBYq>C!<z?dS}_38!Aq6Mo#(#I0{d43ys
z-9>@c`;8n-{suc~?g^t^C8CT*eu^<3wnrzL<PCz+bO>nz&oDuIjm=YYH&8!AnGOBY
z-CS+&mt@Z|0a2qzI?XW#x3)FdJX2QHTn9gki(l)g2%E2}x~td^7GpDfs(bKZZ<p-s
zi_?xO(QA5o`Gp<J@iJRJozlkQEofdSRbl16diM^1XT)LTxYxI^;;SQVD1%n6>#8M#
zT2j5Ite-l@%0Ab*o4)yFSMpE=YF9k5AB@{74jSM-53koQ{$f-t##vDyV^@xMO?}(G
zF0Q6v6v3ZhYT-wEg$jtU`5^hof}<i~2eVD80=<z}pR;$p>aaFg3uW}8-e2Qi;)lnV
z0>Nm+2g34kvM1vl&I>-`@`HRoC2s#c?!vQC2+gzrc3d^rVcBHqeMpOe^jgGYHGcdm
z8hO=!)Eh4y)aN(4-n*sK)p8`dS&y8uFp@}&(yHWjiD-}*HlcJRyFDAc!}0iSQ7?4|
zcdTqH$^MAs1-g&zib<zmEP$EW4IMnIuT}GH2TOVc^(-ZOx>=l7l=K1bzr^|4pk3&v
zg@<GMCU~vmWIMGK?QFDy3@pAy-}rWE)X;>PK-7<3(HP8w@zn;h5ywJWwOjgQc^LTw
z)XXFc?Dx*zAJMb1p(~;(eb-FhNKxNQVl6|lfwmvX^K|qQe1!cxnLqaV#u3D9n?OhW
zTmbU>^@Qr*O6IA`WdG|MQXXBC(xUtbZe}?~xHDZ*+ypXa&h~XjY|zNG+B2O0><`Nj
z^$y-7hkW)|@!e`)$=uYI1&1I)6Sq6$$pmM?xNBg{90k%P5Zl{m&?TAgBG|&7U0<WN
zHS+x`rvYe<)syGRoL67~gdg_t>0=r>&%m>rB(vVcIR@cI?7oGNm+)G-)rihA1mfM#
zElL_vl*J-jxMPefW?t_qNZrQ5%4juYX{F^8t7F9JHe@&6MM;$=a+U`CBs)(dcqDo{
zI5#wdPJ!93l^0>L2u?pl*oSwQREYh^^&N6TrfVvfZUe)kHty!}==kfW25lL~3=kBU
zYL6AW^m>i!(17p9e2lwT(jG73_xFw|d4ICy_mIEI@_%FGohLi@3Q)A#jN`gWObu}7
z4wo0qyC_#-A>v~e(B;2emT<m<@F4I@r>_p9WP87nKJ-yJr)<HNe{PxV7oSd?aes?t
z)|_-*PHJ+{L!v1$2|1ggNKMSTR5iH4AJ;?@a;?~{8@t=?Hbv^ahQ958ZJg9XmmXka
z_nq~IOdEaB*+jbP=Vt~_J!`0&g%HjQq9I?`e1z8bHZeU{Cr_)>+iOhTM^33umVVx)
znPq%HsFTKSY<r5YnBYr^+=s-a-E?Xkv5N||bL0eU?V^_w0S4ys%8orDZlr!ky%xcZ
zRVA=QX~a*RYndiTRDHtb48TVWd#hs~>nMKe@n)I98uW%p@NWv$+fcU$DqdZ}CL_eF
zs1|ppQYnZ+qqDuESj6=g#aB4`+mwADY=I+HhuN}v0uq5fZhT7OFr3&Z0lfZbNor(u
zU!yZ1NNVk}V6M6)MWW?H_c*hC#sYG$E{xE5;htSso+*DdH?Jk4pn1(0<s%_ggjuf%
zm>(cMdf48&!Q7<uY3(``b83EO7Bb!2$H<JUQpa)wS=xavIwb=)>+XCk-dH%J#9gWB
z{)0jDiR0|d#5od8HYloSqh1Qzu(69#v=K9N9B5xKGrcwoD@}W<18f;&1njx|LsfKo
z8<?5kGI~L4>lrfNu}XWX6aNrd_mZo>?Z&$}8*S5XD;62n@|0msY6fi}d&z<6RWQ7F
z14J?B!Xb8;D)VIfL+$yrSc8N42K{%3W{06};C9$~ZGgfbToritFQ&vP(2d3w3oB9^
zVCCug_lD_vA=q$lN0Si|G)1?PThtfL4L`He-dMZ&<irl$H_8JX`CPJKcaM1VElbrO
zXe-bDJ<Zxc#!OW4_3ly*<JN`2g+PO`cnsfgkYENrcs7n>dFE_@luHo~tXDEpUYPM=
z1IBk&WxBog%LeQ<qn4l^hXLB4859-7kCOmw7Y82$)1mT<i)8orOB0R44y-k6=f++!
z?=d!u;)GnH%c(90x29bLbkW#fI6Ik@<C6|RLE=H-6^AOes73Jvx5f^=I9tH{;Xfe6
ztuk<I?Fh8qQMwfjRfL&qfxYV+gov8`Pux{};qP{jD{QV?mU7?%vZYh`J@3!fSm2lM
z=kCJTkh5?wjnzX~dUTfb^3CN}#AonS2+d;0#E<*Llj#vD!qPiJ9*R!zruLzQlG}%$
z99|plGH-FmAZN?jHR|aQ>{yX(Pbq9yfkoDtIJbA9{43Rgj!P~vAgp#=qy;-{sSIKq
z*IfJftH6jcyJSIaI?9*!CTw%(WuV~TSL{`LGt&O`<c*nS_z|~6s?Sujp#Z3`XB47*
zYT&R_Uwr|rv<Vsy+dsgnuJ^jQTJd$_f?FSCsX~8zV{Mv3^z%=JxDUCJqNb5IgA_^q
ziUP#!fES*<=glLmqggS+moExG=lSk+FSX%Ee9usVsrYQ*3|a<ctZk8REid?{>w<jX
zYO3|Yt{GC|5FRW4utz%Hyc52$%<uU~RMQAlPV_KiB2NbPzZAmczg9Q-eq}Q6^s-(I
z9~wRu*ETa@&Q^Et+)GHM6j?(KlvQTz%28~0miSI^2jy<p{!?OI03-g<gp#ejCou%=
z#a-X;GEXa5<xWl<gAB5Q^_UNN?yF7#grC<8zNfso_O=fXXiyT8y&x}eH`4qkS^CE#
z19DtyGInBLZ>Ie7^p}KwZ&$DliLqi2<aJ-bD`jItOs(2rfwD0Uca5=CGgwQ>kyyqU
zv0HsxxolLsxKd!fG}Op|^VL(z>_GZiBu<zi%9TbmLY}t3sE6RT0_pE%JD|RFSMgI!
zkXh`k{75iy^0D%iB)DcQec+>LOub~x>!X$_Hc#D0Gr0540B^<#NTfj+gpp_tvDtk|
zWn1rU`&Rnh4>gR&4+t!BsD)^@!2mfl@xh~4*0HoeU<DB!Ln!Qyqgm`3(|Wg?uq6=!
z<+6<p>!>>7HWh2N^4V-Z;%?fc(}4NJJud0@C<G(jy|1?P9_V>KQ%JmH^@AO7YH$Fa
zemZh1H#{?GrU}8-A0Wo@@gy4cNvl?SwT7Arq~~x5MuS>GX9J#WG45AIdiJQB4~c~&
zZ#*Swkyb^gl=rnx2XYw!6Q@w8P3^8i5`3@}-`ndG*WR5=OG%f*P>!$YI(>le9q1(X
z=Kdsm4#!=mKWJ4~@1+Y+z(0#ZO}w#lkyJD2L=0(RyI8+lhQ|V-3RW&JH^y(5o>)}~
zGan%g-lIy7uE(<9GP5vPoY6fDj*y0m^}4#SeHdDVD3?F2Q}(b(*8*H$Kh@s<ETxKt
zpbA9t|Lx~!c@&yolKGqC^S3<{0A2pbF#E@*`DeWO<I?$$7sC$X$o!JMWZ=fc$bdlZ
zmn115<Yr-Lf25zE>97weHEU;SqkLE=CJ=x7p>_8avJ9Pe+HcbGxPk$w%HyXsDY{;p
zF7+E-FTS*(S5T|!iE7zFqh58x_A|O2Vn+k$kCa_!W5dXvrkg-x?<k+w<^9(*`G-Lu
zmaP2ZtCRCsd!7Ql;wgI(p2q^k-^oO7YpHE$lKCw~9`sJU-an$3X!H|4h`5QosGgC%
z^a;%>>8Rczy6~ZC^Q<auS+hMu-<P6KYQooOUcTY*EHO=7=~qW1J3E1}ipS<!{+gxR
zf(fO``Kg9<QH{w|Si=a!yUf_Ad>r`_9Vt-U+(Gwe*ZlMQX{3OHzzNzDDf?`S&C(?6
zAdia8nJ@5gOKckyEf}L~S}_nH=W65X<hvi^Ha$JXh7qw+v;C5A0NDz@M9XoH2`8UI
zbGSd5Ue;cBxib2-d#qq=EZ_I~6-n%b`2nHG??cfkdrJYdUh%5Cnb$%k!hUA+Vf=BM
zy8g-a{A*d*=cQFkZ58p2GxAr0A<QS3q@rN(TU{j&2r9UsRQrSO@0P_K9033xg!CTp
zor{D2lKb{KMeB4AW%I%GwV|Y5jf&*`6=;(7c_kqo>2bA-%X!i5V;U0r{l&YyWsVcR
z!YUaKkjm*N?djx6v;dS}>Q%{D0+<tk1IUztGuYzS9N8$c9xB4j)l}A0#)7Y?Syopi
zO>4wHeqF6*n15a6_P18QgAn9%I4w@|K?MLzqbO@fZU$b};1hCk*|eOJ*MC%Oyr>*?
z_JX24Q=;A5S|)MWqHlGP{?$}<?d;x*BKeLx_@89D%i@zrQMl@-bK(1Lb;hj?Ldkw2
zwXlQABt`I`M;FYxV_(j9qduH47LeCPrR$cn&l6(S4R!t6bz*2Fv|-lCr1^s1LId%W
zNe`-SbA3wfVfc)7_0$z#>(EQ7{rAOdxJAuX0u4zctBTigYi6;d1{D=sxnXS)0%ggx
zCNZl{W413MN}^b4zTjJJTt1{V0NZTiopL9u7Km|iHcBuGrm|+_51>!f!sB+BkhW|g
z{n-zVr_Ua0$(ELW2)=eoL}t}WY%AV1!_#IzaWi{#v2y+Uk<24?f$<#i@7osS6^ZNk
zH7I`gC|%^^W6f!EUyi-coz?iR-ba3;2m&QBUtVzbBK*RHgE@0`5;wa8=0%yQc~su+
zgtwd34l}eHPR@x|K9RC?Q7m-#B77pOvC<tEf9Qd^OH$`FpIHZxZX1)hGsd(qm1m*)
z_**Sy)HiP&`rk`4YV#StT4@s%^2iW1F=1{~JXH@wXDm_DVBtb#y|i0mep7A@!eGf-
z1A<g3n71ouvN=cDZ-1xV_9mRpo8n4|+Lcqb%FZG0WzU}Y#*jrsB`+$IZ;C3&teFo3
z2qCNr=ZKAMZ>rk&o9xPUV2@eIUQG9;xs~RO!OZP^HiEv>_erLtX)iE)C=LrP@UzA6
zXOFKT&xk^?#P6{IP63dlum{Oh)17=07fJ*BP_V@vt&WB8?Y?4)8yBE!hFSBeoR!|j
zYc5?DUs1l!rgPM)%(cVP3f#gN1md8!a(e0QVHa^>*1h*Zvg5Vc!HjyJXX@%<KB&~U
zMLMNU(*;x1W-D(QR8VP|h-Bc&U%#?DnvADcZ*;op1`tdQ!_CLp*w2Z@PaM3yv?g48
zD#DA2>*hp_(hWy_Bv#u@(z8Y+3tRm8a_q)7y6J>M`P-GnMZp_8yc#UcV)5g%XHN!m
zt|MDhC%3!Bh&N^q#ewC#FIF|aZicJY<iL&KN%Y<xI@G&gS5o8VN4J+tZeD}p9+$X>
zJ!sqvSL94@!raQ3v){NHiI$mT8M!ll>kX9`Sq_WpxUT&b-I$CQ)2e-=*<mmpxA=Sp
zy|m=qKq-80Y8#*=2BlOf_!RGymAv5XFus|cmi7w3Q?!>te&_98kXJyhZL+L+jXOi^
zCHFIYNTw{<;+3n;)#RhWhmYYLxC=%&TQtQ$fKv9fU2T>FCq`s$dr?`Y@wzW3qs4=c
zyP3+*v^tAe^EZPn?i-TEk7@jGD)A-_SmB<Yz1|2BPa9pnGG*cNaZF`Fhsg55&5X-F
z5~<nN^Hx{t3D0=WJ#hRnxMb#8rkS&8HQ9+Z3c8Y#biJxH-k~RFP~W>>aK_OgV7#<2
zMNsg}C}sA;%J_<4v+#Mx`->*tDVN2HqS+E@J?I{Dyh?eSwM)_9j)r4Y8Cxxa2Yj4&
zlr1n6k^KWWWfyLUC+F~d!bAD$;joYNE!s~wPEf6r74PU1>j<ENagAJVx;3Wd(Q^}~
znvSO``;}g-+56gFV_LsP6Ta~@{^rBH_+iaXScNYzbtA78u+LcdI^{0qPpMz)%$8!a
zI;*dts9J}Ju~0Yi?mtj;=_AMmqFt)Mwi6Ab`!*@bAtOy7cjpkLZ*Hn&wZYM8jtaRk
z7rd5-T~p>gn0FT-m{t@gdmDOu@T<3z4PUvwyP>*d=ERy<rlE)nRhaK{qi-MXo^xtG
zTQgP5$V!@$RcYXYal+qNRcYvAXtsr6SvvP&mO@OF*WV<CdPizCmIl08z8msgnh-dH
zmjkegcYWIrKk|{L;iHofRAu^bB{B@BiQ<n8@I<RmajRlCD)Jr19oR(HKbO0^J|{2W
zTvl0VE-j||Zpe_6ITXa|lc0)yXwF;T=jo_GVIL5_M~yKT^bSb;`ivZx7?z_K`#EyY
z$!fnP)+GjrN7p+!WmfF9$G|?bcpbHMeb`-@YbdLu>-=;t;-U#t@Q{ij6DwOepxx5!
zZE?Pwo6{#)X^SfZ?az6OQ&d~q(}^!}K=rv(cfX(t7aNBqLgnN&wkfsm<8atB>X|V?
zBhQijIy2cR3#_+9tWmu5c9HsGoq<Ca<YTsQ>QvFB%c!R#=(M=NB^E8s{I$E^iWT+g
zze`K5gXoZUQ<Ps3G+Pu9SCo;+{BZH6^BM1n4$g5+#zZ=UN7#>yV<r+RPp^GsD?Jzd
z7-Y{FXDroTRaGB#uX@1KM6Pa-Hgh6N$5_K-M~ODPU+o6;l<r^>CUP}YkZH~BL4r2P
z5&msw)ux&i6<98IZK$fT6MsNLUL_PqQW^{P$unjC5z0Tg6h=@8ME5vMXbh}xNYdZk
zBGmZ<B8g>Erq^TD<|=I4T{$Az%#0q%^ujy=syB(J6(E&g2n*0wD5~mPhJfw;eNt4m
zV~VQj?vQVK!!58gn0yowbibl}NS>RoY30aoWd!b=RH8v=F*f2gkg2h-8C}2MBlgx=
z`u*!-w)cmB?5R4yp6cT7Se*WD)21fK!aVL4|C#k%f1}p&k>r&s-6fC=xW2)46q)U4
zZ%#EL*~<j@A!93kZ^q*%+n?=Es|&sD-VvgTcWzI5Sp1HFJN&?q(=gfwu95^|5usPB
zurqIj2$Dd+(#GV6k;dtY%9{i66Y}A4W&SE%bT7FRA-&EEA3p;i1O`qKv9*Mzj2s_q
z(X~fNBTI*3s>VNGU}``>UHq<ija5Je&oxnzy?Noc_~mF(rnTa3Z>HOhS^Xz`?B;q(
znj{aKl}zHE13fQHWCNcEE7w7)#GOEtCp;XwT2alV(OMrv_by&MHmgvSv+<OEaXNOb
zg}v(CzS#x6S}A=itv5=~2X2lmx;pb|Q5ZdJQK4FGVW_|WCKIM41NRBF8Sa6HpEgNn
zay;@#@@8)g9m}fW+YBhV^y5}|Jet0!#%W|O=L{qjD~gfJ#z{0D$-AzQcq_JUL7@Dh
zZ5ft%t#q!&^k$x-<xTA3YaZG69OHFkmhk2B&t#fbW2-7xR-A~UJKIzXGItB@pKemX
zJz0{y%{R@Q;L3}xvXJ$ixrQsf`aqI3IQ(+h9j&7`p*<zfXk1SBT9z&LKB1N-n@bra
z$OIPJ)#gAQod*q<-?a)83YuBEgkB4Dopj%kJIzX&@LhHk0mmeuI3=2bt`6+ZoHjL9
zEe0q#Lh3dy07+n_)JR=EibH8VJGG@%_!gzux>dz=CQb_f%nn3L;;<X%oo24DcjPXO
zsy>5Jj#+CAIsg`kd)D^W`uBgxoj-a0>$-TXl-Rse-^gm`nxo?=bnwXbVQF;CaI{r)
zxszZO%lf7rENRVP8K2|BlACR6*XvxRee>!n)kemo>gJWVHXQzER6b^#u4zw6774$o
z)W>+rJmkL4cS$1s$$i4wba~u_u5#t;HVu=n#xCKKw5&IAT~k75+CAo;u0B&Xj752J
zI7GemVsU@{NKnyYyy{Lh@v}?4r6)>yvq;1vuY94xPB`P;6o06u%vXIKyw$bph44mx
z4ti*Gn_R9^_JMK3O?+KSLZ@368WpV}<?>oB+qUo!mUtj9+M`ofB{E~$$7h=UG00p~
zL2&ZIe(`_^NoJW#9Dyy8(#WxgR9>KZ`pRfN$+5DsM)|RxsLOe5=KRT^?>D+a1OZlb
zv$Kz6xqvVjWl=Aso<Ft9{XA?v&E`!4?1-2-Y%IZkKWCNtB=ZmUA8wCE40Ji8VqkX=
zr0qd4j@u`1{?PQWrljDOpZVEg`vYeZrZ*J;4Cx%WSV+C3zKZx!yiTWr%AhYLhGpB<
z8hVP5>*(2t&KoTu*c0<$LBat-<=6>(@3^ZFu9PH$(NKzH3CfAn&GF$3winKv{fwdD
zO84fHF{_qM%%vTT6Wl}Y0jEA~OFUFO8{=%s`N(HXZhR!rfN%rgb`JeJW9+w<!f7}Y
z_*;7c`1c70fOg1eIB4GLI2#Q>bbn=|^@fnn2maP{4EmR*<Fb6;@70j(^Df{G?r*;4
zrU_!f!M_@FZbsJMAAeMME5ifQ$7w!tA&vL7ZPk6K%if)=m@^C2c5m5q9hnSstpO%M
z5S35UX!D3{P=jR#F$rzx0v9EyIdZnPsKW~G+mPM#hiJNO)j!wQK#HJY>5yeOSEYfz
zyZht$idr)kAPhEilp=b@GGALSJ2+QZXrf_y{7^yG#LM3n!-%!|Izt=8VK0^Jw7b0q
zdAH(i@8J2Nm=9T5Q|_DVPSe6Zrv2tJ=f~iPM<>Qz*UYci;^emYjYnXjo|}xz$&d02
z8{S)3<Ei4mkId-Yp?<9#!lq-W6|jAQ`r^4dyQe{N)pbcLi8=9VAN5qSCrfCcG!*`1
zWaOWj`+dm2_Tk!_5fb(B_8DN>WznLRk~|lMq{V4YSXxv>1TWabKp~){z%|ujpx%6~
zr_g@>Cs`p^EM@q)mIrC)Xc>&MYAg=);KiQ+k`hC0TE=Yen{*oaJ6j2@`%<K<pVYC4
zR7b{rt0{+ld$*l$c^pM~y{9_PLB6R98Q7n|wm6OlT)~OGDAjO5D?7qu`R<k1Yza4%
z8`tMdJp7ow(|zi8-l){dm%_ssn=hO#Fr!jpM1Y+C+$T<onHKix44>&sgS#-pufk9#
z3fg>OZN6lFMXRu#NuiQpcG*ltTGvM0=KeD?LA1@rr>r$EN7RG`<G9bqy;K#ak^Zsn
zFCr*js>LTFR}Ga^xzybr-{yT$q|820+R|ezsBWJPahjRl%vBmO6w+r;u@yQkW9~n_
zfvHT|e;{XJ<EUOBt3inZCY(h?ngTAuvk({epbtViJ86HeGM_#>_=lRG(ucXnzJ`a+
zG~&7O1zBY|6rROF)C4NPW^L|r;g~jBIb&fs)=2?%ala*kE=%Z9jWL$sEMbp!zwwNw
zX=d?K>JY&Uf69C%O=ycR_EV94Y|=q|b7rGwVC71t*^?F5hHp&k-KB+B)@{1BZ)+*P
zAjuNr1GKSgsE=DJa8DH8B=Ft+O5wcI$R{MjfO}tUGUK(+M=~sU1W-H{Hr9pRErOJ_
zN>6tPOO+D9Js*ae=57qlRCZ;Em~?a*WV-k(B#w6QdYPZbE;WG}gZdDcD(Z(=G*20i
z+dIE=kgD{iz)WZl1`SiCaf=!0U#$t4s7|ncp1rk59yc2oilpD`aRETd<l*83&QSPG
z7VSoO^TODV@C`QSCtzV@IqUtmZCBzfZ4$g*xFJLs&l}_uKPfor8`ujTnOGPM9U}K$
zLu#`_gSFkfs&*_il>;w80yQ1B+MBsUFkAeMwL!sX=Bj>p1wK{6sHS%0X(~@e)cSMC
zosrA)MF`KPla23LCF)LmLn$iY+?#{W;;IVlNoNp&>djx;?fJ4c-I=?b;|JKDDe>Ne
zvM&1a9IBCbwW*y-yBoROJiGKrtrHrrRw(D_?N6wbb{)%R$G*3`d&A9s%Hm#PQGMEG
zH-Il~$iMh=Vfk-<lTRt0!d*lKE;T!9sJ9sCOZbFtd74OA=J~w7C=eamxwQT$vY?0Q
z9Is_o^^c6~7)bZUL_bl+fHOEyw!^LDH)$dRdzAJeQ>lRRTt!vveLef!3ukXSU-1;5
zse0eZu2~ksN)k=BgR>U{OV9gZU%}m#<v{(55jS@8n%;l$n4cS-#*8`O8$`#6Qpmv>
zCIlyerUs%l%Cp5hlI`npRGG_HkydD9>nIepUvs%Eg3LGb;=q)4w=$>oq1xohMI5{d
zU`N*TZAqYnWa&r3^6W-}ME$``Gp4I0Q-L`ho&sa+i&svDBRYSG16<KBZAu2;J#=EV
zC9T&wvXU$CIY?R(MWRpU`(o6aT$XWfbu;!r{|WO-7v1GeCZCB$gcx=t-*+}oo-)TL
z^kO)sLXDuAy)ptCPf|P4J>vC7&5>3<BynW&u!WZ{i{&k2nxvC(x!D7MsiYC_O81Lu
zE-$K>YB+4Hbso3lZ@+b*5iFy8WoSKj!E*^YbLjPByX-mIa6emGpkhK94)Gq|I|kD?
z<N>v<U%c02?(1JaCr85>0{)PzT01_i=vb}_*&hCH6=7($I|>}at$fHc@EtT$2xO33
z9O)j%AsPQe98yrTkt8*u$mLkFn#=&pTdsY7{Tt+#0sW~ALraL;+XwH4ID(DdpGp4M
zsOHvT#;#K+>#iGY57RZi`Mq>>ZZozB0}TbS`D9qdX^}=~iTM(Y6^Cgq>0R#pA9n!8
z#9{5u<2hU}8b@%Hin!2fe#L^x^q$lF5Jc;}nf$%e+ufha%Ivf*eE#~CmAMBUtq%e?
zQBfPJy4@vCysKTRo`wB~4j$eB*|XlLu$On#{OTxwvJ=8O&S$-+a(P<hk-yow8@q2e
z)_NYKa|GCxn5iIywwPj%jx-*5koq9cM|EzkT;%};P9!OOJ2n4ORWy>Shx^x`xV<B!
zJDr6%AU&Y~pk^~ls(&J$|A)&bjx*B5R+0Nm08th=qDl2Z1)A}%%FoB|4Ef)CXa6$@
z`Ty4M6=-rGG|dH!qd(Qq3e9=uT8@za!d?HGT|fGtW!L{zck2J)^{Mf4fN?Y`$q#A;
zdw{p)hIq0S4^nlt06C*IAjrP^J+U{~JA)CJC_~>9%V^f{JO4Ud%JRS2Ofn7fWP8vx
zg5#JFK`K`vMaTnx@}Yy;t!4MG`^A34iE^eJjkDR|PRir$vFK=5^B%xt`~C?y&JqIx
z1e6kf9WZRG0gzd}fC$dZ4ia<RD0E^Q04%;N5xO?yZ8`cQ_g!!*<ugZ=K*9iyE*+&x
z;E{D9k^@ghpwPr-?=9~Wg7FOCZp2)hYb)zw!za?2R4LM{aWILTAEy-{m9s>;Q~Rr+
z{rleB9iBE<6~QrzSJ??a$u1FrkjIHZg2D<I#WAQ!X#QO@bgdtANV(6cxoF`!XSn#g
z?Teq%5C8L)<Q~@^LJR{P-!Bd27%c-gNdV?opPVKDzW}Bx4G6_P2wvs{!bh{>!1`n!
z=kg8w!<}Svz$FnY(CRPsw+Dm%^)YmgcKw6y{I2_wyAqwh0Z_Z--)ct(iP%>j1-6D)
z0sk1{s+CzaCS$9avxRh0YMxt0bS|iT%9~G(RRjV6WgUNwBK&u*Iemds$%K_i$YLPU
zFnFg&c9V41IE)B311}$51LiJ3$bEG@j)r>y+dmu_UqHwHI;L#E7YO_OaZK5N@l9^B
zk>1wO_7xZl0NKqHm`8V*QQgv#D<d<^H+`I-D)Dn}nfb(yRWjz*=-g{2iCiO^#;G#u
zsS{RtnKf{n2|I|eR}EyhTumUcw8a529}&=IN3p1-Zka-Fu@=emAXSpN2jF%BNe4?s
zKgkZ}feTtIAf}d9#SIkJuX|bUb#i}4>}2O4r<^N*k^0BI+3m!`o7|B{ir^7b@JxdG
zkD>MEwfCUZz@-r`j;-h3e)^G~buh}9>w&WEcWXvq@S9Qjpi)~y5vv$$icY0Vkus;U
zl@vNI<x{d%ah=71Kl^BE)>c<w+cE-eZCoXUWIr12-2!xpJn16bwnapSc}^WZG`W8M
zWG2EA;C#a}=Skah=|@lPeifF8Hb8SE=fIYak#$!anClJ?f07w<Ym=%`lYuxD4Nqs{
zg~VE~syXme+(Mz@S|x&^eh?VZ3@cc*&p?i5(u*d~XJ@nWtZj92S*K4tQR`xG3@)|~
z0M3CSl>h3zxL-ZF`|G;l0junLREI55qOo;x$Z^=yhWAs|{JTMI(@}zO3^&Pd66g@s
zKQ4QL+&c{?pcidLM+LyL`0q)Pi(u4qpxHYEb0k8t#b4e~9Pm;Y|9B_DFF@>|xix?)
z>!!I_QTFF60WM||OsiVJ=f`kqj<?F~S??BKbaPr&0VO(xWlIlfK*Pjab$|?ZagCM3
zl%Dh2<{8_l|6+ul_{aZ~7sq=39@7Eu`v+11r0vf!eq65k0{(ie3ASdNzAe@Q9t9Fs
zer4pW$iMxEMe<kc<ZstJHyQq>GWl1<$^X4;&f~^%0uyoryc_U-ct!oVOuKnR`nA8_
zr#S64i=0A{m=C!sfj|@w$K9V~xqr^dA>YgY=!t*!%>V83$tmzR6#y7@282-uw3Xdv
n!BZ>1@D5UirGvk90aQ8*{@*&CdE0mYLeV+-|KXbP=h*)M22Yu1

diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index a9120b1881..0061fb761f 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -71,7 +71,7 @@ The **Set up School PCs** app guides you through the configuration choices for t
 
     ![select start](images/app1.jpg)
     
-2. Choose **No** to require students to sign in with an account, or choose **Yes** to allow students to use the PC without an account, and then select **Next**.
+2. Choose **No** to require students to sign in only with an account, or choose **Yes** to allow students to use the PC without an account too, and then select **Next**.
 
     ![account required?](images/setup-app-1-access.png)
 
@@ -93,7 +93,7 @@ The **Set up School PCs** app guides you through the configuration choices for t
 
 The setup file on your USB drive is named SetupSchoolPCs.ppkg, which is a provisioning package. A provisioning package is a method for applying settings to Windows 10. When Windows 10 refers to *package*, it means your setup file, and when it refers to *provisioning*, it means applying the setup file to the computer.
 
-1. Start with a computer on the first-run setup screen. 
+1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
     ![The first screen to set up a new PC](images/oobe.jpg)
 
@@ -134,7 +134,7 @@ The setup file on your USB drive is named SetupSchoolPCs.ppkg, which is a provis
     ![Sign in](images/sign-in-prov.png)
 
     
-That's it! The computer is now ready for students.
+That's it! Sign out and the computer is now ready for students.
 
 ## Learn more
 

From bdd179da263266e828dbe8539262a8967e80e583 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 09:50:32 -0700
Subject: [PATCH 12/92] add clarification that Windows Firewall does not block
 proxy traffic

---
 ...nfigure-windows-10-devices-to-stop-data-flow-to-microsoft.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
index 6383bcab54..af80d923ca 100644
--- a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
+++ b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
@@ -285,7 +285,7 @@ When you enable the **Don't search the web or display web results in Search** Gr
 
     -   For **Remote port**, choose **All ports**.
 
-> **Note:**  If your organization tests network traffic, you should not use Fiddler to test Windows Firewall settings. You should use a network traffic analyzer, such as WireShark or Message Analyzer.
+> **Note:**  If your organization tests network traffic, you should not use Fiddler to test Windows Firewall settings. Fiddler is a network proxy and Windows Firewall does not block proxy traffic. You should use a network traffic analyzer, such as WireShark or Message Analyzer.
 
 ### <a href="" id="bkmk-cortana-mdm"></a>1.2 Cortana MDM policies
 

From 1be0b4969c678c719b6011d057241d39241a9f5f Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 10:00:04 -0700
Subject: [PATCH 13/92] Bug# 7673920

---
 windows/keep-secure/credential-guard.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md
index 45c0237c18..870a49c024 100644
--- a/windows/keep-secure/credential-guard.md
+++ b/windows/keep-secure/credential-guard.md
@@ -239,6 +239,10 @@ You can use System Information to ensure that Credential Guard is running on a P
     -   Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password.
     -   Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials.
     -   You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials.
+
+### Kerberos Considerations
+
+When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead.
     
 ## Scenarios not protected by Credential Guard
 

From aadf64b246dac67d9edce845ea304c029ee1e050 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 26 May 2016 10:04:39 -0700
Subject: [PATCH 14/92] fix link

---
 education/windows/use-set-up-school-pcs-app.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index 0061fb761f..c70d97b92d 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -138,5 +138,5 @@ That's it! Sign out and the computer is now ready for students.
 
 ## Learn more
 
-See [The Set up School PCs app technical reference](set-up-school-pcs-technical.md) for prerequisites and provisioning details. 
+See [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md) for prerequisites and provisioning details. 
 

From 2bd0f78cab549ec80f63506ad78b0eb0a0159a95 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Thu, 26 May 2016 10:33:29 -0700
Subject: [PATCH 15/92] sync text change

---
 education/windows/use-set-up-school-pcs-app.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index c70d97b92d..1e5af39910 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -91,13 +91,13 @@ The **Set up School PCs** app guides you through the configuration choices for t
 
 ### Apply the setup file to PCs
 
-The setup file on your USB drive is named SetupSchoolPCs.ppkg, which is a provisioning package. A provisioning package is a method for applying settings to Windows 10. When Windows 10 refers to *package*, it means your setup file, and when it refers to *provisioning*, it means applying the setup file to the computer.
+The setup file on your USB drive is named `SetupSchoolPCs.ppkg`, which is a provisioning package. A provisioning package is a method for applying settings to Windows 10. When Windows 10 refers to *package*, it means your setup file, and when it refers to *provisioning*, it means applying the setup file to the computer.
 
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
     ![The first screen to set up a new PC](images/oobe.jpg)
 
-2. Insert the USB drive. Windows Setup will recognize the drive and ask you if you want to set up the device. Select **Set up**.
+2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
 
     ![Set up device?](images/setupmsg.jpg)
 

From ee33567d363460eb64df083fdb6a12ac91805b64 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 10:35:25 -0700
Subject: [PATCH 16/92] updated settings table

---
 windows/manage/images/settings-table.png | Bin 53302 -> 53290 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/windows/manage/images/settings-table.png b/windows/manage/images/settings-table.png
index 2acf11d281deb136db05e093d42f839aa648364b..6b77ce6002fd066d381da73078837f7d6bc3b679 100644
GIT binary patch
literal 53290
zcmc$GcQ~Bu`t@jo7&SW4OUP(L2+_+RYLr9`Vlbix38MFCVGzCdM4}6#6TJ=6h~A~B
zNf7OOv3IuJ&e{8S{`jsdJu~mq*K^-%t@{ntR97TCM|%zg0ud@J$!mc?n0>&{7kHS!
zzq~nT{1NyK!&ysF7F0YyzXJRP+e$`F1_UaLBG@;>0sfBfsHE=<0ui+x|HSBYC`5oj
zgH6ivGCFRzJ|BE>pwQj!jPf}QUNc!&^OPlzgfrr?Fj(V^MRUNzFkgJ7G_Xw(&U`fw
z1N(4eN^0IVM^iia&nl1)1<IcHz|9ZBq%38-{3dQPP1dl=dYB{Kd3bGYqT>F$sw*S+
zi7YG!&<(eeggi<{E38V|pB>yvZB07bJ34GSDp9yj4*Y1>)->JE$i5f`{4j}-&v~$1
zHjlM%C(J^hA-*PQ(ac%swX4K38d<|&fLNYsF;mW831%UtFt|$GkLivSG9u=IeO;d}
zWgBskLxr4so)%*1CoV)=970L+z|B!F#`<Memt4@>0l5lk23o>*a^VmO@hi~oN{eZZ
z7_ZJp7q~j|E^M0%)jLgDTI2U^Gis!@X1wcU^hv!<{HDw(13U0SODCgDm=`|oViJ3M
zPiN30B0-jJ+3Glgm@h}$M+ZJb9c<!SQ5NplvDO1i4E`A5wmT1US2!fTM@-eR?G8YB
zvxR(FYIl_0nQtKFSxCoa4VHZc$U-ww<+jZ}<t{z74osy??QS=5^S`}1@bH<ox<Co7
ztm1Xie3%*)FQ_OkMY)+~-|urL_d-3H5c*)y=TL4G_2?p+U7c}lqZyN>n=_hdT-HB@
zcM~B-tnos!pa72?>dKy0X=~+S9TGxJcG7QL^}N_OPBIL<>QQ?O>ue)N#7jBtwJvMQ
zj|XNxa@aldb;X53)<IH4D_6g$IaOa1b$na&4ayLyRNkeekIzF~fR69&kQtMkTOkK;
z>C=BLSW`x!ZX31UT_dhH!rvVzSY2>je7Mxf(m3~azW{z|hWB7->hYac0;8BsyotRQ
z1#my{4*7*}@uY#a*yn>QD`c(g32C#fWJJV_Y<+?%VULMZuPNW7pO^A`@j0I)R351<
zoifhhwvwMQesz6hYe_lElt=^C|IJZyJ5^;nU1x>9*d9)~^XV$l*q9?_Gfomw9IH+y
zQwmZX9D6~^BCJInYbUyKge^{Sz;Ifc?tbl)>pG#hjGiP?7C~%vT%EH+582Wd_J;j<
zBd!F!FcQ9is$Jgb*(HC}<#~SA_j(8JyO=aijPyF6HDYng#k}DkPt=%Mmf!AJ|4>$3
zKmVyf#gV(+b>y1AJz^DwMXg-Tv|Z~_4Ge$e!jnkwYAZ@HV60Rd%WA>DjGNZ_hx5QN
zW30>hXm*y>_Lf)rl?!g^Nkpo2%D1l6F?G%b2HarhLDh1OxVx2q>&A^CGLSm-ETc9c
z_7fiHQN)~XeYg{F=yRBH)LFUc)bA35ULeOdH~6X?aKJ#E?0C37!?c~d6&L%}cUb>f
zKtv_e=%a^A_-JutG-{k_yO75rx6{kTEylVy#ItfalT%aJQ-abpRx3`c%^iJS-O3s_
zOW2qqR9=fWL?IvFj(1a5GI#BDhtAd{rkxN!SU?_YBR6_@-ep}^JW(T$K3tJCCUDiC
zmq=)u!1sc2t*sbRK#xvcA?DrYHDn9_tW)_q#?`1?QGuwb)u}zK!Pwq~8P2g%G{}jP
z&=*`?=Iyk;x7OIEaf_d56AufWkCb1`?$2VqT9x1koxM7dHde{MA9!`1^|_$acDD4$
zW(E#nzLdPROaPog;sLpoh2Fd$3Z)d7f#DuTWaWu82)olW)BSeI2ol1(Ks;0n(d%-p
zwH?jp&zA8yhpK%JHsuz+4Wb#E{$9^J^+iT|f)pJW5Kpj7Ea_yG-uB3`OA6~`y6l7;
z9dp-X+meUh%pHn}cMH9flQeK~<n7MgT+<s@yY?<9-Aw)79mU0A3|za5T>hk_3gFAj
z(sTti;Q@kinK-$SISB$Of%FkV^ZEHJj+Ahr)FE|I$|yM7Zi34G{O(Y5YCZoFBh3_w
zHx3IOM6i=oZa`0co-{o>oM4yN#clPlL25lQHS02Za|a_6Xa8vO0fCe|O+EL@b$K`L
z1T~CYVeetL%Asa1+NMBr(kW|+8Y&(v%6)mmVs03fvmP3bh0FK2BNkOh&2g0ICQLn)
zZw7KLaOVe0-K8*LAvU5&x&&L-PR|bDoRKS*T3APX%4sj1yRtKwKq=?rIAC_gt;%V1
zT)mc!owSQuIas8<Q^Bb51J+hw%<X#&df34;@uV9x1b+8=ak_=UBW)N2b@GSiAmTO|
z<3~XZ+wW$S^J^Kn1|dY^Dqnr?YVAINu5#q@hGXYJGAU-Q5cconQbsUv^ZHm6z+;G4
ze!|iLQSM$D+m!XSjxX~dZ88P?FsG$~Rq^8)(`R32q?sVNf4{TVwzdquc-R<3U`+<`
z9jawZjp2<}{2Cj1dNBFuB9&lFmG$I>UCmrC!{}RBL~m4@N^1}iOVe%Ts8P-OUZrNm
zg?>?58cdUZSNUq`BDJ&~6ze`LTc#++CWn`jUKx|%f;d!k1G-M&+#{t)i**sY*__yA
z>>blG6b}~@AN{c$b&EH6^<l74gpuHAQXFc0@ru&&eflJ&O%3dkVJ?^!Rf6{Rtw*DV
z{^XzPaf8iPP;ARRa=c0}SnUVTw-YE{yBW3j=>%~fD9so96@)YJCz&2zD7N2xu=B7l
z59FP#1|RKcF{Ji(N|t{W^g2`SQI`3wsk_RE8N=hL$-#mrYX^_H=dudFW<m-#<~WaD
z!CBTp*h8Q@_~;-MxC<**e$i-p;(Xithi%T=YX^P>k27U#+G3FITpmm>U4-*`8Bl32
zcepxZsf2txqMHV&C*PFSthrE)C(vho1J0%5{Hg-8(^B%NqL3*rISC{-VQ#v#6bH9M
zF~(>4ib7-@E4%%bW!~Y|5KcozsU+J_HZK`D-e4?Q_+}h#7iv6TWj*$@i(|5;NDPEe
z@o@y#goh~qAe8Hd7?SHN{fI#s^rdSLBV8JMhQ-zL^(}e$o#|%&$`x*j)w;G=Rh6a8
zrNDIM+JG+Xtu@Dcu?*g|F<nOIra8wDahD2ImdV{iz!o$nT>;(waY9M&wu9{bz#Yyp
zJ!Z?p)G*9Ss^de3DDF}U#qVUc7!?8stmv?b2ESmE_L=3^Qk|E<y2yc=e;c8^fB$Hb
z(XCHo1NG(MjtGs5CiZ)qN{p*Y8Qx|P!T^+U+jJb>2(@J0y!qX!U0yEZMr*|N>zM^<
z5wAOfd~rttg#zlSM2Sq<u8J%VCJ-CZDIdy=R0=&7*P0C$Zr-;=h1@hWL97lb82-3K
z)#g(}t=el@GL)}~$y-p#6@gqwk;OmUIX{EUB&6K@QB0Kl@exH=z*|N67$5#CT^L}=
zHl$eh6V*%Z_$BGG!2vn&VlwK`457yi+Y>Xoz|q=F!WanYdB=J|MEeHb@)J0V{2~kw
zmnU)h)glj;{GyZMB9qdnz+LG4UVSxi-Az8%3eF-VsFnVr@Tfh96gc~Z{k@A<y7tI~
zeAS1j?_k|&>w2_q#+x3nO=4uBDp>>EbM^H&UkWR;3ij`|#cb+Kb3$G4<GDLWZ1ZDN
z8Kt_F6xrNsE1@%v-_njAu1FhBk{kb+%cO`wC2)`6vTnp4CThut6u0^bh~t0W$Nd5!
zV03bay}+iF4o9J<-HC~-C7mnSNH_L#RP4O%)1t65*u!n-$gA*cG-MXzUQvgoI2-68
z`x@wlW^T(s7Nw_4AsR-*tUGOOssvjoQW4Zq{RM32+@uKRUAayz<&b)@;k#1Wjm~zc
z+ZtQVRnTq~NvQI7A>zp3PksgV@#HrAA>$H)H4ur_10Xhp&04N2fLHOfA_iF5e3svf
z)bqfA?<-A>%KRWeiunj_G3aED@0rZ&+*rsOa+Fwq-5+zCa4|C^UEj&QSh0gx1;)c_
zFRO!j3AW6)!E}M^TsNcGjZeBLRO6n^kMzwIubxpM;+Nkir8=6k%DInwAv2in9hliE
zaUmX&Y=3dHRFw8(9fQmNIbao<(45bbwOPv2XF7g*mO?NC1O4fvHM6R=(9q}*c-uFA
zg%0)8uv%k?MeZcNHUa+asNmwZw2Df&HIEJSuArLjqu?LKB(#J#E4wtsn`2Z*2o<tr
zZ8(#0$RdL;86Yk)n4SdL*R!h5_hW{_+bDQo<ix-%wyrIH{rWX%;P69^cK#Y?RwNuG
zQ>t$uM8GC2g>Rj$5Il<!k1(j2Q2qLKe0<wdg{^v_n$Emqkuxg-F8vpuL{6mcSk3mD
ze{m0bPOKpI^m}@G@{5f%M;UO7rS%Xr`u#pzuCjqbFiqU6#NjzVT!x*kK`Avw{YD_H
z_p1|)6{loHJ-m18hu3y`u<q_nhTcz43lHq)-#!#w5|mM3jX2Zftd>}+ln;Z|M(oQ%
zY9a=4r7tdMmNqgV5n!5#;3PBg@@Ob~B0?EO6B~f~FsCSKf9q&?^o>G;#=Hr%<nV#p
zl{*8w8lWLOI}+P?N?=m@HDr@DBg;%te%yYSBFKep-<$GMCYbMU%ypVQdG;(<8w5|y
zeh@S*`a}(`ssxv&bi8>vGKLFi&$RlTp8h@OfyLq<8hlZa8q}ZYH{Lf%i5Pz<+v~h+
z_#xxTs>goN+wvYhFmAvHLz!P1jrXm{9RC5WnG!Itf8dI_o6yQ9Lx@orDdyXQ2ZU7^
zWBbbBC`F1^b4Q!e{8=olLO&a`*MqXHQS3>Sr72&ijyxNu@7(>O`Q?+{P49yMDWTOm
z8n3<Sq-Ruv#XM`?FJ5d9)dvrU4F-o`P8iDY58+vz8EM}Q>gKPj*tZ8C%bep%a1`(Z
z7qhTND}d$lu&RcpF=`UFoC*4x89gp$wa2Iuyzfs++Q}mR5N5OYX)<YCYuII9zH?`1
zr<;*?KEd<IMMm+4u}1FVkG5J)l}nPLaI7DMm28Q~KtViV6&1G%Q^crci&wvG5QgfS
zx+ZVmo-()x^Ki#+T8k-<Lx~I4*B?`AG07r#$O{jTST|SB$62!!5;M^JuH9c3`#2<D
zm?GoDtp`w>Pb;6Ft}cCdDe=m4wipm;zxpX>$k5WI6q_=V<amR1yHVOYi-Xwf;(aK`
zo2Z#ZByg{=7h!WOknwU*a>LeR3$pKT?(Zvri)W+cv^aEHL)nw!Nks;QZcWzYW$mxe
zzo^cpD=J>7f52L|I-K0IbxFkYmd^JUv?loQI~<!PvJ~gHZH%wuO*!HWdef<2jFq{q
zgPX|&LIeg$tvgcEynY;n)30nNS__3ObML<biDr?h1N$VRhDPJnVZ~9Cevn<t_Vz;K
z{d>m!d>Xn!QZ<K2neM#+EICU}4m=nwUMt<6Mj+?$<mHz$=@5g=w_>9?NH+9U9VC@j
z@VlDI!lsZ)=GRa%->?a#31#M<$Y7y?b~|H_q;RGwxz2OXyoyonjZ4A88dBR;WT_h{
zDH5%IU^N%^`A0(dBpp4yaDkwF^AMiynH>?G%y$EEG3*j>-oX>%_nt1Gx>`6@%BsC9
z8`hhp;YYv(Fh;Ip|26@klr&+uz`3Py5oCz^GU4jd{uJwK57G8EF|7?8Uy^nP-@ku2
zTc4?HS6S)&FL(p{wD|u0)br=YIXON_-uc~1Lb7DoDR~MN(zlO?nBOIxd(0pxTo->u
zPLn^c8OQF&*<Bfb8Q={#gcaqyZsPq1Jj2t?SJTiiS^nH4A!hMoGK(%uK1eulXM0`n
zHyk8MR#o`}mR)$6rDXdEe$i`td&UYtzF$z336dndG59K>b8PFJA!C?}&KC)Z%g-|q
zJK_C9cqwZb;`<Sne)2gpJzho#G*v+IqnPXaeU&ucwOg`mWMu;?O>2`QrQAn7=I+K6
zRa24Un+wL^)0Q+FLzaJSsjx#&^C_d-G=?BcsAuF}J-zB}F>9u#it$8xw1<Y)G#~5D
zR$q-IN)5KgAKxFCYdb(01UYb7t2?7S$LkOCDvH7%WOOy@-8%TT?)W-&i*`bjO<0i?
zG}ZR~*HObO)COgGisblXrox5!Tn!PX-rQ7<Z)ODp>e7txAsH~9^oNgciY(c#K0W%n
z`F<y`Y=AWCV9$A^>O!55QAO23(#OV56C_X3{%uEer`in>@=#y`nq9^BEzBP5(41Z;
zPX&f~U?6a;f_JlYhU5ArG$?ZBW|~?0X!r$3lpjh*dU{DVBZ18(;)sHV8t&ke_jtX*
z(FQUnObFhGi-?BK;vZTV?6pf}@YNU?UDerp@Zqt^(X>X?o;`d@(v9O&dxcGJUB>e-
zUP2{Vm9rHy%swLer$eQllKb}SP}%BSuOl*JGFd=cYTq!x>yQfF=F~uytHqeF<I&X3
zR(E%Y!yw6i*9d8Yg{efk_fiZ^rNgv)BxX(W`}<xId%eG5^uc6%U_L%3e~weEqq9@v
z(2==mey@N)to-8xmdo!L2PE_jHk4gnO_?ZQ{ki=LOk&l+mU@L?od=kLnk^_OR-b;v
zyc34i(g8mf)oloT6H-W5I3ur4q!k8%@xERJD<vt`x_b6kB3&voKNlpsa$X`<v*VVm
zZuqMA_U*{1?!@4im0Nq)mU>bh!d%}f=2Z6~rG^L<ZaWKMZb^s}OXcV@4IyhVH`3a_
z(nB|u!Oi;42c8PxqX+%~98fpMjwsUZDBo+V@9LKM0c5vqP7Di^8&^jL{yXAH`$Pgk
z1kjNGR|&RX8@et3?kjyRIgM89(6lykj-0lfD0-o*K6jidU?Ej~e%`b@1935Z&NaXN
zeA&_GBZnJi9~KY1YD<ibZ*KK!Q}h!TOBrZx9!@t$)67eq9){?~kojK^15;x~Vmg*S
zBHGe<!dIArQiooXP62c$e12EIZfk@9{~ETw5PFGaIHuJ$wCptt>%y(DYV2t1|A2B>
zGN;@1{Wkxv=k=V98-Ux=t%KAyWJqC}g{DF#V_co&b!z^Sj^5ps7=>$u)OiQRVGyP@
zg(BU0mPFO7Kf$p36bz?-&ds*O+}XJyw@?O1!womvwZ@!FH!i%te!r&42d#%Cf7*-5
z?Fgw~P$TRZJh9`g&CPwPU)+y;bZGITC7Ukn)glt{YP(PJ?59o`PXM8QiSSfWeo9=&
z)M~cdLoS$Vch*G}OpTa-5eEiM^{=d~5TqScD;B6uY3Lxo$Xn=U4>>A?L)x)`Ys#@M
zX?dl#cC9~N$-dV?q$8sL&!0iR6#Z*#JdHv<`CtQ_Q=XKY4(~mu{cu}LWq*VXD@;zt
zaL@_cPCNJzgMsMVQN${y^Y&k2<?y@q-AAX7iec|)Re<-r3&VvPt8gq3bQ$Z{ch!6t
zHIiXd>t(F$S`Yo_;a(I#CKo=t25`xm8>M<E=A+w@sQtqVe&=cnKT4YIhd^MJo3bJQ
ztp25_mGjMmf`rZv&WL-D+&)ibq!fR7e=wK){L7%uw#1>Vjs5~vKtPKwwRF&1b)6gR
zz?~7p4j)qhH=Djd7Y%`Q8TLD1n081(usNAI8DnIrZAJT&a2Fo<Fz7Xgr=tG(X*eQR
z)E$zUw+X5hPp6!_OO;F_)s2Ug7#MYHnZI}L3cw*jd9zwT#-dU@U@2>HT9^Cx<Jr2e
zSCmrGv(ScSyk^>YMo$9)ZtG_I7bg2#yZ%M(RdQ7&)yBKuh!5W=PxUW<z#T+1xZSsN
z->#@?h+4cHcf(UyoE#a1@pH-Bmt$8%eGxIO0%&zI{)a-{Y)lpkSlTk*yOc&|ol@Be
zXpIcfZhg{}WGapEOhNe=I_IxAM1G4-#e!tMxea1sU7Qy#IWOg|d!@G;o<i&LX@2*r
zWk8xG$nz?G{z6iocB0?AK0z$%T9vsck;=>PdNLPxaAmiR>L(-q;0>05mVX~xKEnRG
z#?QuGc|W_H`xyGnk^$(G{;1_bJ_Zj9*Jg9@y&N@Ij*}3(>=e+lFzmm<HGGjzzmSJ2
z%5Y?&7KO>jrw}Yax7TWF3F8&|P;c<)$@@enW<K3wn%H&f@ki<{GR2&rvC_;ImD}O+
z>Gyd1ZURSQdLja@NYLZ`)ZMjw6a6}W*7?J=C<{A@G~+i1<LRqaB`(E%yZMNlUP2Fg
zBZw#gDdW2SV<0i~<L|%yfQTuH>vl(;Z><v%FPG8<eVmQhbC^a7=G3V$szDS>q~{k|
zJ1q-*{QFwtM+K|Mlo4kvN6{4l<~n3b76CcUdTVO>+D-8q`re!u^vcm`bkdaA^F*|z
zY#~R)$+7-XX7iFWMx~TAl0ZuRPa;{#Hm2X!{~@sc(J}aXI2h`v+&t;~H)MG6(3w91
zlu1=MJ-@Jgai`+z#l#bw79Onyv+(2Z`h!1=UbJcpDsON@G4sWBUG7zOyebw%qjg&$
z`of(1m^+pDTB|3JGW0$K4$|ky1J3euAB5M|dcD4Ue3@*L{uJr$crfH2vyF=z+?T1E
z3FN5UMaMZRNxr`7pkJJ7jPwmYu1PX#W~XQVHK_!cLOV{hOg!rIRRmQF4b*yWc1R`V
zd|~fR2(oPexX?<u?R!V{nzXZ9Obs4U(^AXX;SWL(GSbdkbcE@Om{)mcdfmBeO+~Hv
z0TfMgayDgp$#tZJc(;4+^3shpTO*Y5k<*YzKtS7~OE8dhpMR`-oE+ngK=YSCG1hQ4
zfw!VemWzR!@>(};$hhbaU=V_z`R8W@LL=($X9-7#=kCpN-V=!VAWcbM@5X&)S(f_>
z2tHfjEG%tj1S^SednAzWyu>Gom<ZtIRWwwW6^XHv6$`gnk-a^MGg!xOQU(wi%ZpF6
zd7|WrB=y72&E<Rv!Ue;A(0~DE;Fqb%)g%Beix{Glz&xVU+++KKaoNY_N9An?2LT<)
z*MF|&uK?cnQdIc6tBuXO<z<un4C|l&-%d{RFz!^A3rS>Yi=z)KXIp1WdRyK>CNcut
zJcVoL0H)-ZrvU84$tgPtFn%Ed0M>&H*xNuJ5A1D#jo1LGz|?@N?VKH6QhItLdeq0m
zrRS@cbcOV9*U9m7fQU4%k@LX=`&Ew$_LvWwA0h?Jw=hm4$4_AqxUW)7DM|n~0?_;3
z(?^!>O8(W|f*lB~Oacp5j4gb8w;^_=!mM#SXn<g`fbW^k>Q!j>FAZIs`rBJ&b34ub
zG!w}8<(I%EITTU}3<5X<@Xs%UrshIl-JH7RVEZw$-MnMobpHDeDk|k&lgs^k*VoSP
zQuP)!F)%zzc5Vbn8vuRE<5&Ww5-@gbEjFu|E^>9LF96&iZ>AYUL)Kw7Q@ELZdH90}
zI<I0=fx+k@`hytA7}F8Iqv8VPEn-5@=b?H6uqR){E0FYk3)0{9;UCipUM2j#Ct1k3
zl@()h8WJbUd#SBeY=dlHo=q`{A`UfRrZdXadU`9$drt`6EZtq*3Ak|zd0R9p@7|yM
zR;oxqXv(TfXMo5JU{A_F2|uvsJpL4io1}f6h-ma$SA839^)B93%J9P;@|K)+yH%T<
zj1Kkba^t|n!hySlErryXk5r9|))aBwN}>bAivuLy{8=k~C@sXgZDPhH5K{;#wK5hz
z8CA^PtQSyNDnUFe5UNw3nE~o4E6dpsN!v@sUrIczoK%!YHqKv|o15eGsfjk(JQ%^b
zpnp#SmHdf#DINNJhfQpDt*I><NvU*vuOB#4Wgv2q;ws;aDQG}W=}tDHg2k<%JLU$o
z-Dv)F3^!dwb1OW0SeLT(ge5zTq-ihkT-<xIIMLlBr=1cuXvZfJU-ix9zV5cO$IEw(
z!?m!bl-aazL(4pZVkD;-VuVskI#xV_BM<4TqkY-2S^?~5<IYCAMM;CyBxG)BsIiy+
z(8eM+sq*MLC2-6A8cH9i&Mib5()JK**n3=hS@zLjph%?r6YujU;!RF%O9~c@5JH@7
z;P9X9E~j@2VC<A$%+y(%r8l-ry*QkO+-|w`3H9g99jS_?@bn3%W$*Cm=yeHCSxn-L
zG$27$Rb5KBr)Lt#(T2C(SiW~09$8Ynu$!Dp*c*Fu?{bs4?$G}9j~pEKHDV%2k_-lr
zpdVkOG{+f)(u`GR-D3IGqms^gpy_nDR)Q((^scqROa45e7HV2ZjS>IB{Mt1Tlz@Wr
z_zJ*qvnw?PMV%QU=6A3EfU%{gs}!BitB24dI!CJi=_0|Y{9h(Y+p_2VQKy#`6`&EH
z-MWMHnDO&d^$eCd{R$FQ#`JYVxu?WB&K&^FQ>2*oiuw~A;-9WhVFz%qrH_aLhR(67
z{XAQ&jZu*Y6JukS#eO8LSmB)_P)`2;f{Ix^m1m;qtF290J4<!3XgI4c(|afn05>Ta
zfkMYv>5E1fWEU(gHi{Us)bcb<PzwsL;cW-cmaM7E(nR|Dn^sf;L$&oL8<sx~#9O1S
z&mXCJx<8XBDgBnEr1)lXM0<qND~8l}O}&*ek}2S~&%c^uG0$3yzalxcr-&JR=)vtZ
zvDCoS#QmCrCfc19i@;}e`5-(aNx03S=GH@bmbdOJ+Y=tNHx^9Xp(RDx-|J9@jrC~e
zbwYOe#;f?;v}TYqybazIa25JC1@1B6%b{i{Ty+sjBvw4I)i5`fjW^Zr=u#e-ZzKwc
zQrAj&&(AG><4ZF(e!VAu*uMF(BqStfG4&mGZB}5vD<_6LYvmd8R`zl*C5<Z(bgO&z
zRJyU;xG|AhQCoC4(rZ3<zC%n={QKIV+PnLo5AXKB{ciPikHIIa>e*&^iwxs-!ZF+G
zp6KaHCN0$Z9mEfCWX<{{1Gv5?G}BXo@o-2N_bUptTe0~3r&s78<7*sgm@c9;%taky
zoG)D{I+|m&M$ni@ekRs_>FN#*JxUYs^VDKk{(PSce!nk<kr>+Tj)P<U({y;Ndcu~z
z0e97?Ni7+K!w19U5lWn?J$w)E2=@G7He-;=h^P3%Q?G_EJtaQtxCLG!IS!2CvEOD#
zs}?2(-+q@&ey3@$F}fbzw5QTccdZcUvZ_!k%^A9j?T+;^9r8exEF2zYi}mCQ67A+|
z2K|5>Nxh;HFcd^O!ZA1nfFqCAYVY~sh1bET&-G4s=E!Od`sAuvS-o%bs}Y%I1zk^}
zg)D}kI1;MkU0=;tLiFZ!YDj6jFDJLp<qJvk0@8ewYD!Wl<B!tkH7}Z0)4F-s)jBm?
zBBG))_Ge_hySFu{To7-*$=@lKO7$qOoQ++6xYiUz=q88%cun0u6n^E*Uc-JV48XkU
z4B`zoG~^i?f&1)<mJ!BB{FkY8*d5bOkXuMX>gLDi61N)@qdS|GwjaYXw8%E7{rL(i
zsEG;qREy(%6=(%SgR}fp3Na}8VDq!?0!XF3gP@Wm%E(8QaR)kEtB8fHCu;3WFA^Af
z#~z5)J>9F7n6NQfF-qD}+ZgzP{2EX5g|o%sB3Gk>^UkgEOH5N~00F!%4vOd>j@f|X
zwP7_M%MAD~c0iur+$!pT!f=eYWV(k?Q{&>O33o?|2N2|u6*LntA;qQJ5?_@t;JvlI
zGu@~ox2{`n84T8}^`#iTvk^OXg}sIAy&9)GMI=gP!BP30W6u28+Qqww1S&AA{wme}
zK&4=0f{4BKMJe&xFVB}dp4y0(Om-F5RpxK*_Yh`KJ@(=ks!Tm%cUJ<I9wF39`Maf8
z;e+96Dc*@jWXohQl6Z=)h|th9_Tck@*1fbTeeu)sK$+QoR`Cgg9#@}oBS$OMD+Lk<
zV5Pk*0XLPZS?2)N{c;!PJP4Cgbh@#5O*NeJ_R;9k)U(zX{d;>(CUq~17ZVD&lNpVC
zDl_K~TKt#=yL@2fS<Txb-!r;ufOU<4!|;-PK-4LD?ArPy!55lO6cFhFO92VoXPMzt
zG`>)-<esr8VPo}o`4_9Tku>jX^;#fKWH8Kei^<+6w=-3I>(9-l-NOf)icb-lFQ!qR
z-xS|`+x;fVqpXPwgSm6zDf<4T!UI<m66t(Gh`h)GW9VnGrsBo%k7<#Y%0HR#K5%e!
ze4k1bsA_l7Y<)uc4}|n-SI|ugVUX19UJUCOuV2Sic-B_NX7?6p`Ch1w50JSA+&~cN
zln5b6Y%gz>jMKB0#6^2WJN<J?rg7DRZ`nH74n-ne2=8;l3e_BwV#s)D?>CXC=BJ6h
z*;JaJj?H^-A~|-;&6H`qsRiLE*L^%KQE<02Q2eSec_oM#kN+nAH6%XA$n3`ZNiW5l
z&%{b|K0EpxWtM@Jz#?%Gd#h|a$P>Ok+|uvWA}6!ju?)vls!B(<S65YK<MNenggCy>
z{$kR%31xUTY0Mw4hF`<z=V_;xT_Ot>O6!CN-yqROB*w^HkH=1D8!>pRH*1;vo}TcV
zF*6YBAW>Ovz9(UuJU~L6A+B|jge4@rvMP?gFUPHTDDH@mA9=cF%hJhWx`9r)ij(dM
zCB^@N=egS2khSxv?tDu1JIx;qXspbW6#FFjH|wel_2Fm~f17^u{SVFDoI7hPPprcw
zy8$AYQ`n)zY)hgGSNeoTYJbTxx3e*~-=7tBb0^7Ku-hE)#_28PO}VaF>pk{aD620H
z8(V|h?{2o{HjBiO?5@6A{Brr?RND^dl$)s`rztkkzRMrF;zqbSFxAE*5U%c2O%Xsz
z<2|hnFpHrjjSZ9UU(<zmMs&Ayec51T6e;mp`TQ|^l5>+U{-%$FIQ`|NdX6qacH73Q
zW$qq?&D&^6&}o_pe+rP{$nXgFFDsb}!Hhd`*8hU;k+d(DvA?+909F0db9KyXsAvk=
zxMR_7Fej>L95QudqbnW<sf8m-I$&g*e}zy)2gpdBQkrsvR9k>QpPZ)D)L^tDuqOIl
z01jH;fVfHkKMjWq%dMp}Q^mX{m4(lA<_Wa3N!6xlXK4%PX1Gnr9TSJT%}<Q`D|i2n
z+L>SDpj!_n<DN=;U*7<p^SHtYI?ZRb1}noLkbrWnly(X`X*+K6LP8YBD2G5k0S3Ns
zxQMaJZ4J1do6~q&1lPK0@U?S7F}+D?v6ON)ARWg{zYK9HaI`B3Yq>QJr-IcN@SGrY
ze0`FH1<y-;H8Z?x=QD9N*6>>Lql{&0Mn<XKwxIo(wG7_nuBV?uUmN*c*+y8ma}JSC
z9r4JX-h#KczSBmm&3OK@7c(E9lD?&HwbZ1)<mRWaU}5Q{2n6deQr;nnwqghXuQa4$
zug}*wX0ZgITyaY^6T%>Ou*M0jp2&z;5cqA_CJ@BOu8Rr8tQCPw1bO}#%U}9)EFWWh
z63dTi_)lqSc}}gaH@I0zpRQ@&Hp#Dhr9zD7o={L7H;k!4hz_tjhKl$JLtigy>(DD9
zn^_b(Wbdcb_r_OYPKDDsE%<hBfuz%~Et9PTVgA#LK}rF*7>;Kncg@V>m)VH8pPU{5
zw8`Jh)u2`37iT5O&WRe=Mfug43-dw&*`QD3(^5)y3j;=k)z!-n-2(zJKA*IB66&A-
z56WWn5dtBn{Nr#6fUDyZr!=(z+UHay_U(CktYX;)36wk{TOp^h4OzWr%&8@0*dv(H
z%Cl&UH6?)qQRjly<Tl?fyp<)odkZ<D<0N5=U6Ts##Q@n^VX!r5N`sPw`AH_?eAvoA
z?Y~TRE^-wv?ke`FU2bS;F>@9pfmLM%wwxdZ#va4dUyuSv>?#mTIP$;>3EimgVOUpa
zSLmlNa8>qO%$nE?+YYn_1(RM;vB|{Iq^rmZ*G}XX{pj;1xSorT!I7OAmn5+hl6=WN
zm+BlI$B25`9d|aT^=>WOaz;Boaek5=lQ~#T7GnIQ&6Yie^k2~lS+K&xTG+*Zq20>A
zyV6bkh3nK1MG?{Gi&w{|q>#@rVp<5<=T7&+<TemgoZ`l@g@QycKk~Qi0awLRB(Cqr
z$yBle8U}{u3F9ZA0A|TMaX!y7=Xde5hh#(X#g+4`o|V1o7Xp%;k9D$t;7)!8{l9~A
zz|BF>lrl0hLM6865T%~fm{Eux3q4u16A=L*wr1`N4vjcFPo?mn#^a~#BWO~7`%I59
z6%AcXiHyhvzAJ9)Oa~^~2O0(2d;ppBS6+>`8nAtZQ<arh0j!hJsJu1VBED#e>C6kr
zy(eFrwjW@NYFA>rotEG|)lgujd-%9>^CkD4Cc4_HR1+#Hve&LbfVUeK^<G6B3QO$S
zoy-AOcGdU*S)0F$V7ij$w=ds1@+bAgEmeu&_EC(xHSPy0RyV1>Nuqqp>VJHinJE-q
zlKM&T9w)&KFIe-Kq$i}C<WLS+S?@frD09Jx1{x^XEz||W-9l)BQ9&J-W{%0^;eH^Q
zxb@GHiI!<@$ZrH>?wG4FB9mDoON|{TpM|xfD@-Ov9pwj(^h3pm*!Ot!#;pS$8l2CT
z|Arm$yYV}Lpd%&>qE8>a-^MFtKHbBL^NuBelMNk=li-M-9Y_dBBBmn$j`<)%1I)+I
z?a(tE4k0JW{b3}OX~aL$UslP2W!3-98BL4y=D93;tZvk&3@syNMl~+4so!8o9@Fu(
zH(V)u_Pn5?=w-%-k%sS&2Of(~#eIGn1$RgqYB_cgoo;`&Srsn8ZuS_%H?1eA{Vop-
z9SyK7z8m4Gx-kEL?4dZzJTIh&L54kep@*u6MT72A4be4}G@z~A@dW*P?CZZgb1w8f
z;DbQ?2lgWAto+ge1S&KrY)XBErY>_4Mx`~IULm<sL04uHKJ0elO2PHcix_~n#G<F)
z&u=+@pA}`i^zKcnVME1Th5HA+3TuQ!L@6UQvOfi#2-}o&;Pe8^5@4VHYs6T{e;P67
zWSEis+@rtxq`(vZAL-dY5D@@F5-3c2C;?<e8vZ8~;R#v<a*U8kNQi7VjFNTR?SAP<
zEOQUBzZjzlZ<{(vp#j&~FZkrkj~II;b>4)*X7G}&*Tv!MRoh=*S9-_H@R^0fK_{M+
z%oFZtRs|(9wWmDQ+fA5pWwq_n^nz>N6wk1$$GYH%<qpLX0ZQqW7~esoheq4e{Yy~`
z_jF%-i#YWrh&)&hW&!vH<_AC$l7W3f#ylQ9hn1KffE$ze2$VoC?uK@u#9>{lW0|vW
zp^Z0+gA$+61^<kBIDR@4EpW5`_H;yO84~4JvH67!w1D&30Ksp7I1K@x{X@l1@>~Qk
zTcB(|+)Q!RGjk9F6`<sSF=cRZKiVkduj!Hw;J`qjO2h(&^bw}&v{B##@0L`OHI)FA
zIz}z%q8JUvy}R-6e0c$vDtx#~4~r0FL<05Zp+#6NKU?YZif5hZ)E#y;RmY=3vVW%K
zTWsw3t5C4p{cl6TlIG*#bI@j;nOq93m+fH?Ej3>9%pA0WG#P;&NB5&(as$<LEktx>
ziaOa#m1}fVJ<44VZQQGLaHE4LSqEn+$HC%Q&6Q5#)w}nN5d5X<n1wP`n6+S5TnsCB
z1|c_wK56r1*)ZSK`QtwROPZmnDHs>90r-b@7>k3hPcec3XQ9lAdVoVKa!e<y%3fw}
zgJzdXlMgMh1o&mf+`pF9KF`GxX66|`y({1}Nw9lgeRnB^%#$LbUN&Op8x}N*SAX8X
zoob~q&_5tJHN$JEj^r~fEo_==`=!Rl<&o^6A^-A>JCkY8#D%J!?2LaOHrF@Qu)29q
zs=C1A%cZnS&W&7?`izm2u$%)xwpTVCQgR2q5M}U<F~&G^n9hB*KV}!i!UQxGZ&=*$
z^2HFs&#Zt}g5X;A_{BkKou#0*fsr1dd(`nTL$M(LRLb?u;oA6j9n(-a896=VJ|)dC
z9zStMFPM4l-qEaUewuZC{aqEg-I;DX2L+KE#=Y*};P)r;E<awnX}?on_&Fde%lGhH
z5nUKt7cy`j!xUf&PjkK)tt2=~MvPD)m$yg~JLWRA-LNgCfp52RZ5lf8b$-%a3gURG
z%`a{kkg2%oB2&Z$T<)WUWu^+y8&>JePvY!LoP34MoSl6LMLDq1<fp^-6E?x&ANV%_
z5@8eL3TopFbofmkOP+d)%C!2IEl@3Rp~8My0!Iq2>hoM}xg+B^o3id#(?@GT%{N;v
zw$t5r!ZrnqEj-|{mvJ?_!nD)v+~aOKL$MhN0;6@vm0|vI_a+PeyT#*}Iyj|$P7`S9
zwG$TO3Fz9OQ`b{s{$P$7ZkcmDpScvkyty0F>9RL_o{L{{=u8;l$!*4J<W{Ix9>Y(+
zvtjcjB6=G7`E>_14LxjF_w!YztG)z?tjC&kxzDyF+0R%(nE8K=GtKVFp#W!Ggw$_H
zdyZ?`Ujc5Kt5o9TL#mqJK3CST_o!I!o~h#K%;BMoIUxxkinS=R&YeLJ*~{?7Hy3<{
zmYP0Y+P>gtF?Pl$R|=eEz$ypZ1L#gE{9h!j|H&$MDz+U*4!>Ou$AP4)^MeOJWUY?A
z3~`NY{}qc3P!&Am_8foE@?tgNteIy>jg8E%<^?~mG#!i03mf}(1}bw52fC?116lW+
zXEQ?iqN<iCUPzL!6pnd3xHHz#)P{4G7OkM@V9DN-CL1B0j`7g>!OqmAx~0+S(fcs2
zWF^%VRhkk%OA5rV|0xjdyG2FSai&AeJhz^8HR~U4+G6$)daNsS+}+@r4kxGC8e<RN
zDS{ryUP>bWQ2RSPFD)cXcZSRBCNm#m$=Mv(j>m{l3<5I6m(iYgMoI)h#{Rs)W@MD!
zVg&Q4$XL{pd;rw<8ol+Ck`fV~4Rw;+Ktf9e-=Z$6xy()N&OBx-!eL?dfASMclk~`)
zox$APa0(i>4@Pil7v}fA1eiwZR%Y|Vew8$ok_7z3Hp1{(C~aa0ZNzJj@iZ&nw55=s
zPNhX2m?J@Bbo?v3#>?RKAY`m-O}J50ImzEROwcuJmS4XFSe4%ruX|CyH##<{xJ7&I
zk|Z6&ITr_<7J1gxGju;D;jz3V?aKV2oX8g^JG{7}YZ@F&e%G0K(JT*_S~;8d5(v{6
zBAhnQrjwkjk6^n1LyOPj5Q0jb1E~7W=lAuw-aMAk{;d%iFpJP3mH%LUX3Km3yh|F(
zJhKtH6+Icp!m5yhFA90*)PljEzD96$%t+dlAvI5UT6q{yC%=>9K1qRLxoY>21BB7B
zId<J1o|A)PA@!#Is=hn&j`l|Fm%PsM7wH4VAHD50w#ROY-CXq4uCI`!ZLomjssQ%~
zeygw|$+i197tZV%xT4x1h6})Cbcs(7Ql}o1xvgDhHPI^A)6dBGsWV$#nN8V}Oq@^{
z1kXt_Wj@V=Tc~)2D$4PI9>B-NN8H@!;)6HaVn0lV**|+3zx6Tl^Gg*Q?!l7rb@%I|
zxN>qdJ0Ivs|3EsUM*))s#(ezObhf0+46SQWSd4=I?lb>^9y3tIMgeBxwRFrY3JEza
zu&BDNO|7s9_XG(Cl%MrN&#o-Bdkb<a$SLib7;ubf?h2+qJg_?QsrXOs4ibbANgzNs
z<7u3+8B04_0R(fjAvX;4H8GFM&I*OW^hSs|w3;4{)^Gm!C|DrWVw&5WEVh>g3*F$x
z;2%a7JlINFZc4V##>&L%YkY&VBl%TgT+p#~Vqvja+C}>i)m6Op>CV9O$<Z2?y2FL+
zZ7^;~{|bcEQAn2J%$z^X0qby<`(Ix@_xqUsy`j_z3!LNQ!TJaO7m(uGu#$Ejlvw}*
zdAy9s+#d;G%ed(r()2S(Q}(iJ+GG{<oPQMuXr;pb(QlN2RdR$pE8Cf4ahr|uf8crl
zM`GYt^5Cx^*+8m$o$7ZiGi6PR;QsATL4TR|Q=mQQe{-4Sb-6KxuCR$FzH*64<cgt=
z-Jx}8q`#TxiBnT<3tT+^7ZyPFv9Ah>xhM<~Y4-AKHi>s_cZScQa)Bd$(*ic(gIzpz
zYgC!hFAT#!b~E$WoWuH=JfC|*4Pd5@^15M9%;jJ%*fO+=-AO!0p##=&f;->CeI!jB
zt7`5Se*gC3Qqy5eli14N)>}O1_x))#WK)4uv&c1O#f3xOQ$5I`4#QtcH9$bk0igGt
zNc~r`oDv{t%l(#>1Ee!K4Kg!5bBsmbyiZuu9jYZX4b5K|#-8TpfyMtdSlRsrSd|x@
zf>rp>PHRTa+(LjLIX?GV6oNn14Lx~{_K7X~e0=6+7n3@A>8gd|7}LkU-*7R1Q<Zwt
z0rAe*K-=AWA$TynN0OShr`d`+@aMzWR3g5HL7sBgbb)HnyAFI>(q=Mq8`|L!3t=bR
z!N1D$3p<pGx<Fs;U3g(=>4Z;^h+OUR#AZmLIvUMlPV;Z_`%}Z_M|{X43)VEWAH<&+
zagifpWgtxcm!8RpX#7em>QJAAd(lIK{CGdzeFAyDD_lJ>z?OzBTZ%J$s9ReO)5X0X
zcVTsnQRr>NZwvKH0hYzv{<5+rL&G|_;t}jXHRmV2^1qcm{8cO$$UTx@P{8N%eTpFs
z=Cy`*6g-=;rvCGco_M@uW35Be(^K{)ZA0f@?B6%<dtc8wP8ZhHc=fnU>_j<u?7;(L
z0E!cg)J@(iOtmPOygdGOjaQjSCtmPBNkTuV5tyMF^cHT{+E?sN3-(PFaRF6tz{fLG
za2w0pa!hqoFXC_f2*S`)Kf=$hP-u$*-tb*oU1=O#FMAAxfJ})-&I?MK7c>7_6Z-kg
z#{eGylqYC&t?4TW$YkiDdx!Dj$nzgVW#&s%3O6$o($_;+_IGimKUgD73uHrR%kAK$
z#Iq7yHC$kHi4&-<Ibkb=H;nUNatKdtqv_6h@)5_LS&<+i*FzSp%NRaam|NUp>~=$O
zzJAzM2Gc$1indF}Xxrh&Yl2?DYYaO_&MjY<CNAYc;4&0FGD~J}4th*31R`vA-tVpa
zGe$`+{~bo{>yG-0#A)uX9*c*ksvuKcMdD<dbo$bP3r4cq53gzk_~ty6f0mq9oFZ}i
zehpy3er?H5M?s&MK?PpsHJvPq^8h5Of0^^I9Z@n*6E5(2MuC6t<Q)ZK#MM_@8n75n
zs~Hwn_pPI22D767R%&24BspVx7E8*S+N8+M|9`Ry{08{etNu;$%}>ZB(yJ3eDwkmM
zoHSc3RQwKff{qf*Qr)JkN*n&y2uH5h1M2$K{~mDl?jC6ezH;UKx%Dxtj)UIJ8_oJR
zkTF(dPL68|U^pghAiRFB{!5$&S7GF?S;hs|C8<5r`P;xu{<Ex`W>hn#@kGJ@d75$V
z06I!PZm5X)Gv%6-p%khKV)2?#Q&aK5_y<2f?)G8img;WC>>79z>=L+E>?Zrq<eHyD
zIj;MNCn$e-9h2!y4xII?)-p9Gc&fGh{K5$%+JZ3n6Doqbr-NhePNn@^hQBI=h#4hh
zuQ&rk6xs+Tt&@_6iww8JAlgnBdt#bn5eB`qD&wl>Q*yEzFCCjhf2lD8n9u)`*q;9h
z;lG$z|01RR^JgmU)%OKA7RtWYx4sQwxuENzp`rGPljbn{r1i&W3L0EuhWWK+omDE}
zZf~AQoq1Qs2fQEVQ~lSyRSCkP%@XnWce>a2Cc2(4>~kbUXP)+Y8>nNkY2OWRSPP3&
z_7%;75&++3`o|@#ztuF<C`mTZ1QHNDrC2^-a>e0AWoV!)RT35PIf0xZ+P>p_S^3As
z)PCb{8MhedGWg$$&X)Q3*uQ*Xz8z)r;)Rs<#P$xsbBo6&5F+qRGtkc|N&<qJ718D=
zaZ$XQjE=Rw75k*^;EjCkr_8>dqWV32G5`e_g>u37W)OFap6m_doidmtj~spSjor!&
z@K^#V+n-_SABIlRw+2lRnXu?Qtbh%+BV_6K9JLHp%~6?-(d`<}OJE>%KvGlC2tfc0
z&-luH^NzN%-?wN~@hrD|H}oWJ9r#yOU2K^?A<RE72a1c|p!u$x=zDLy@q2K1VS0<T
z9Mk@wY3LhD0>HHenin@hbg3YNs98BtB3iKUzm!)z{w%MMuRZ&tyb`^p4;02SZ53xA
z9Pc&*9F?-VwO)N!vj#V;3-dT?!nUe?+rrk(bp*Tvi5bX)0e8I>EuX{qu%@@0(+9($
zNZof%w;E8!uGVS`yN~H4`MCE?kr%PfY81C$kA0<|CQl&6c1gQL>>dwzAf!xzA~7RX
zs1_nq&DiJ>FI?;r1v})|^sb@ozZ9ze^veUJz1$tob7;5Jg=_wjDoowDo8*8Sf<HA+
z8Yod6(egmCVBO5hL{Viw&$tyx0;EOS_C$a02O9WISi$tlX#ctxaE_ouFE;ZN6b5=j
zf=#2%F$2Q{It|jH5a*E*B<aXS(EdK5`)iTr&hult%wHyP<Ue=&uYmCT#Etgn|Nn3L
zu5=;H?hL_3^e2yfR(GYm#$dmf!wY#QL+?5POWV^j*5CPi{<bg`h`3Mr&mCRFl_vR5
z45%rZFr2LfUml|1Za#>vXX~J9%FNBwzeXh<lgZ_in%Q3)18P%CyL@F+NL{_v3YKba
zU>P6+X^!hf|Cxq+8DRF0@2C?#Kj>o!pgj~`t!_AQl+9M?@QOSxYJJsHl;SMx`o`yh
zyRB!d-qOR)!-LwDu}2e9#iL_~s`sYm_$uRdy#=l;-weVyi|atP23RNe4|N|j;57`V
zshd&vw>j|55eP)wN`hl8Lz{sj5G>Xwgv(oG<E>wpc=ZdrGA%&*AZ1n)_8AOhbWkcL
z!b;J!g^OWuDB6Z2yniRb`cD=0KKF)Q1%G^R5!B~PH#VF+u(eyuaVN~9$RH%%)iVQ~
zUA$SASffjzWnOYB!l$73L>L@?A?t1Gn|$FA;Z3FDn~8Bz^vm$qnZlONlr*045iW|>
zuZ#iGr#R07l$!UzKQ&tz+-11lw-YK%>x+A_`CkWBe8-95alP}eYj^6ZDW(7gmoYep
zg0j@Oh>#GIhbROF5*>uhMf&uJLrnZf-9R^FG5Kyj(!~(kf$AX*zy$e4>#=E=pYdpY
zBS7X|eB(i^IXlVL|3WtQ{)>KGtfXP~4gg75P6VNoN1W08Mm0((41RpDGfuP?VV5-(
zzy=YT@>}(Ya~TJ(s%NTE>Z@j|-M1(COf+SzLOA_T)Dh+>sWztH?GbzngA4?}Ruq-i
z-Ns|{P_qsKwPl)U%cq0T41khZ$K4dr6E9&Te9D}w?VHe#h4(!?Q!9YdT+rLfK%CUW
z{3!H4x+#Cx7Ml|w2SsN;kq=`qha`|fOlsUvegZ~_b=W+=P$5q*P6V5ACzn133IFCM
zda;OFU&NIA&K##kxW~qAem&kkQ97sr;=c<Wp+AqfwDd8LW^_pj@C2D!D$7zflE45$
zPiYAM1~OGP!Lnn)h0^#XVv+@GU8xy9qH(wyTymSgFI9bD5O`mcIGu(9Ru^8^MXStS
z9?ml{-E}k1lX`z&;O;nke%mkRt>{B2X!2R7x#jf(O<_ELs`>W?REp!<^VC((1A`bK
z#tHr`Wc>D#KSgz?Rjq+QwbOBx(vJV%|3Q{Sp#zIpoMh|>=bA~;!hWm3$y)<fNuLT(
zLSb5s^dovpSXR3!5*QsRHx{GAah=>xpBYJNI#PF@%z8g}bv6SY_yS0;4qnL~zi|K)
zs|N_9Cqg}qmCo%yBIbrJSFy_5*c4g!H{@LiP@Y)%An4AYz^8)&`q6&wrl5EX4}`;L
zKbC?i93t(ih&6J1^hyvoYNi4^qS8_b&z&-$`ymZKgwXl+j02G_@O<(QOwUuBx<Hy<
z%Y`d_7zA9rTtaWoX}%4T>;~Su@p&BFy>+DRk{r$9s%yhdp8LIE8VW-w%flH0a7@z>
z@+tKlZnga1<IH8xmj`g!9S^sRMrjF}FT#k{ftWUgpv$STZrIzCIH~I+9MwPs{Q*UY
z3jr8HV5vMWW`4+aOtmEf<@X^=O&2pi&k!UEFCGzP&RB4#?t^bA<3Bo{@%IpNXUY*n
z>W3G*IiFO`GlWC*-s2&t<^-Z_p7^=*Llt%~C`cg0&4Kkgv~qw<U<d+pmZam@q*q6n
zvJPgR*q%@tBZlNpDHe709r=J^A+Vhw7~%9xS?$i>qWz&vY(VTZPfOWREtjBJPDRkK
z%)nDgeKMFxeN_6*%NRO>3K7aOd0$~9miqMTrp=qs&S<tA8Nm_IodR;2nuLn3=AEGU
zeza{qt6pIjNRR9>!FZnV#G^4iNJ&V-weVL}uTN$hXIS)DK<-H<btY4x)+Q^DhG0GA
z$*e)fF7pD^)<q#>0s=6aI@vGN%(a&+3^Ja46UWW0Ca?jt9FtZ==*z27bUdDO)(d31
z<HSrKwsUm&bkHY5tkR4mrM#CLCAVA=y+`mGzNt-kvik}<x)3Ot3=IBl;~<$&2~CKT
zxAovemmisgpO)Pf{2$8h{^094TVPVSW(KbSsyP88urw0J^9K)@YoLeR#yi*3SM_L4
zwS`&AETfMLQU21{p^$;Vp00~6RbcI6DqLfhuV6}rwz1?4Z+t)B?f|^lB5A&iI#mAI
z*6>>0w$QVlrcJ$DHx<6PvR1?UL^bd|<?vB}c{&VE9gx|Gt3(~pjLi_aN6Z)wdDxI7
z@xBCwW?^;v7v7DtRU?{H0WuY)G^Syoku9P=uEz|mjPI*$tx=@nk`@3?Un;U67#-I=
zT3IODz&B50W!T$Z%D1_C|ER{&W>4^qS5y<);KpwIbY|3^O6doiXX1c+7hfJJM~nSU
zg1Yqu))jmh?KYQ=xtkFJ%Dc6Xk4tOY;^zH{I)QbwSGrq?@__?Q!z`P-6J=u#B~8nm
zNq*Izs;#Fh|4s|rboIeMQ%3>JO|WIl!K3TQk*$Xc9J#ms$B6qHVCg+X-rARx(lgRR
zBB<d_$9ENOvpQCndJx{g9TX}5p~YCA>OMNeuD$Bu-kPdCm$jI8wz;S0{yZ_&rb?sF
z%S_gyVoojRgPHMIAUu&*^gQCRJzH|}O@d#DVAYkWAF$d|Nv|w4HA|=1%e(=-)Hw%=
z!_(pIDhIVKJ4vdbgFxCF5HiR#Od&kN_g}gt*meln+qdnArd00Z%-6*>XOp%9J4uEt
z{X(<y`cTbUCT8=t2CN1%^Me4Oyp|@)I6I<bSn&_p34qO^y_07B4^o;;z^IRq!w)^F
zUwH2i%x45JpW!I0ku5wtsRM?<8I}OaXeL%c2NVi;9R^TzXv#MA&>>3!z78~SQjvVr
z&u#mmzKL(Us_4@lZ}+F!yDi@o39d~t(o@3%_BmPUt_^RWr`euRjvm4@Bze8<i{DK&
z&Bi)Z)09cuHphZ>J4)0djrkJDYK5s6lNVN)uJl9+2<6mNT;~muz+zz_#{PpSCEfKp
zm<$Y5tk6el;>dUrGxYoKkt=NhMOIvvAKA)F_4cXgjS!k2BKDe&a(sA`f!yrTOvMjn
zI2b5D_~~-}%=e4?V9N9tmn+~V5SP)M67&bA1JAk=D006|{Ga%jlXv;Zcn#tu<7~73
zy}K0{H=Z&u394E8j#Fk~5cz8-nAR?*iZZ)Kq@Yjc7NcsTZyuUr4HQzI8b5zA!~Jco
z@UJ<_32Oa5A9}RzaPe?=m926Jj|q7B(eH{W{<d1-kKTjYqcF&i;Nmz3OkJ1?HO%hM
zeuHcc7$#6|@;;jsaYmQ~B#*nOnO#@=fjx%v?Bf5dbb+l987T0Ft~M6{#W?@y{bTNG
z(RA0|pOmuw&QQ=o0UVE%{)X~E)2mJ8fiHbIfZTa3nok5{@zr>*8mM6^aLOb5jWXz8
z63?rAE%qg4oBY5O`yvB{&-7dAp%))alRmfpd&J>&oZzwx=F6OqnRG6p`FE9rp)ho2
z5hx5oD@WBs^>m0W%;&GNC8;Z4{+4T=Fu|PElwGKcHO(d+I3t$&VGrJZz%T=aG41Mz
zkx)ywV?4#S*6<q~FhpdwWZVMjkRb|M{eeW}|5bP9@ldY+{~t4qZDij|_N}qYUbgIO
zN+HW&Y@sAsN{qEI%D$5=N<t!(WXZl{%~By*TJ1uK-!(YpoKv0poX_|B`2NnnN9K0V
zeZQ~kdcR+<=c}CJuy^fmpNf9yVhcQp7y&-PM{81kgl!ibV+cz4i_|08!ZD7d0;2wn
z{n}xF#XV^K9rxgAw~2fB7(FT(Lo-q)?JYD&8!@8`4O1oBVVL8*IlfNM80H<t7Df&s
z?Z>wl0<Uz&HFO~UBe4(v>;@K?^3`CW0`=lA@UcFIDth4V%!5EeVO1Q#XEGGxT`U#r
zZiKgbF(Bn=nSh7^(w_bwm%VRDJOGL_h&q6$5}YVWOiOYDqP@}K8`2zb6RV(DZ6+uM
zVLWq;juG=7BmWk+#6z1(ej={*i?~U~g#gR16jKJt4wEUB{Z(Ljl>mDDBe^ClA-lbc
zX+F2AJtHMY;IB(2AWre(%JFR1pL7J9<wH1;?rP)5Y1#W$eSUjvE`9z?7`|U&XGQ!A
z%kVF!5wyE<bN-C3C{=jGPOcfBC<Wi<hK`0@L?xI{8c=;kHAHXQgmazB0qiUN5n83J
zmw$}UcOH_q#%i$+JH+}PfxgOfPrxSZJ7mT0G<ztg$?7deQUgVq@OGf)Hc4xNY(3oT
zi7WF)7tAf+DMwz(dzhP>Bk+k6z`jxg1(<dc7B_$X=LJkKV9R^;*8=8^6qS%N&&fj`
z{||R--|o28_J(aFvO$RMa2(gxZmsb5c567V6;SbJknMO}@<ikWMN>{&+O&N+M64tv
z%)ud;-Jg6o8ID<KmMo@n@&d@A*Vi5G7Yr3FF44(-k1R&6`(v`$a{Sg{><@t9AIlI{
zI5|xXDbDs#nU*Y%__bO7;)&St)j`r#vRn4Dgjspjp5iy&k7^Q-F)6r<^83B~ZK&At
zNG-fFBe2DT=dbc9m9+ZBN{E$^MST^;8k5H=|3|N9ysTi>Q!=CyN<46LR3BRRouc()
zM$I2ZOV(RxnDOsL3w^H^k~2lHSQGF@D*cJTW$`d<ON-{&n%%-<Loo($v$G~)*y>;6
zh;_QI$B(nkZSSVOl@$g<i33+7O8xQAL7v3}&?VTZRTCtI4}m5Kb_CZM93Jpxzg6VC
zuwM1Nzo6jO>cq{^Ny7fU0=!<nE~qBN{57l-@9Y=(&l|~Ln)H|Is8RfQ_I?v)*jm@v
zF5RkHPY?;v2xegjCT&%C13-3=keb#ya|!=v#fo?SkIfns!pqvd!3moU!mRgeXhxn9
zULDbXjr757*=x{4U#Tu%CN`-q&<$qo@4H3SlP>a!(p&&OrvI-Erhm9aHn)@C;Vix!
z)?ZtCfooxH89g^k_)m6d-+mIE-!xEU3A^Z#Teep5`rRPSHJrELNA$4yi69NX)4Xi+
zJ3b5S?(XmlExs7$MPlBp052(H&2Mkhz6m;-sp_tQv0dNI#e0-MY4f|Kjh}fum`Y;D
z5L6R9uo+G1GIfj5>6HqDKtjs2P_==*FQp~c*~s>~+c=`qitc=U(w&aMn@uQLZZ_G`
z_#1fVC7IK0Q2fQwl$~<;w-t@?zsDsgB>(h7hN7XwC>ht$orBh_teh#z2zOo?A6G`a
z)ZmCCOA2&?0GvwCD$om0Ak=5>nQuLQQ#4%yG{SZ_N%T=CgbQU;1!@vvW1QQfcZ)L9
zPX)Cof$gD~*qrj-d$j!@`yYx`T+e>95^`m3ZZ2Bhv`J`n{f+;X{QGI@?Ms)=>ct)N
zrrI<2WrQ7ntMq*xAwxyL_*@RUAFr2*y?q`*+RGHN1{3d$C4-yYe8<;X$CpRk8A0DI
z%#Q>%c(aurQiXSl%ENoe+-}y`kd4anlfHD!QTdBf^C#k`&l<DLnw~hH^dFD$UE1KI
zHhSsoFtR8YI-g@_4h97ushto`i6S6Wh;Jb{MNv)whrQ`g^3X75V_dD0+RsemS9$Er
zuSxkQ);9Q*#vXi|GK;XEJkL@?b%h;L94>LrW(g;S%%{cdh8x5+PWU55%kP19mwH93
z*~O@ga_|{|u!wW=|I=9(I86Wg7mc#R(rHFljqCAl$@*9!7*k7$s-2Ll4Ar?Vv}Imx
zN-DvXq<Lg4buh?CJa>kHs>UUVsPj*tF0AO2%ESRXv@8Tx00rcQznB(=;FWBaFRegE
zyuDIWg2;o73q#GMF$&2-<8z=7h#`atvW`Q%Ecg!*N$`^brTkZ8zW(6Vd-N;}L~Ap1
zjL-E&r+3~cnUm+2X?aBre4b>YL%-XI-uCi;6-aFE%b=|#JJeUG=J&x-#yeiY(Eo{D
zAAboOCuZAu`VX2boKgMy46vB&Fq{T!C;y$M{W=;8*|H5wj0F5)qMn{%SN4g0I(GEf
zF~Rjzla37vt&zradoRxLT$D|GgTG0CDU`DK5&fl$V@qv?yNH%$;XfSEpebg7R+zQ7
z6~{Icb_<D`5|5scOc~LW5t_aHh-1m;_e&_w?TnepxVY_hR$l@;Io5&s2lu~x79Ksw
zFG_)5P)26~WL?^zvG>bc#pEqP6)6x@ISre`W)GBXyP88m3!2-Fj&4zj`t`mShxuiC
z<FN+kr}ocJaMoo%m5XX<BYm-l4BKe9mI2iRJh@aQW*1|HxN%w!?_D(u>3%g~F-MA<
zs;z{XnG*OXsM07<&MO)mc!fOmj%j#wY3{>CC{AM+5=rRf;{)IA3@-jqB|q;Gy-ipF
zmmDy6AZ7cKNkXnPs=yERO7k#k08$`f#CVn>m3mY~MC3_Qa6U#Zq@D9WBF@GqS*CFh
zk54?6i!@9IbNF5}sh2eOcq|e>9IwO^vtL%I#@IbDUf@}`V=k$Ec3_YlCK5hMGvxHh
z1L(wl3+8=gW&Jee*6|$&hCq3fPi=!CptlpjwlttOX^C8c!|x4eJ-I(&sTN}ZDZQvn
ze~5-l=#YK7mNQR6p!j|phDlD5hCOFOAFy5r3z#0)%r4=CMyVPnapK^)lIIa9-CZ%J
zFeY*N>3#2D_p%iCKd!WV3HM_h=Ul%09l2NR-^nn|1%D#Lc&wOLiUBeVj)X9If#?qs
z!Y0mWKZS(0E>+Wzb_7M#q9&b)W;o}hVUL$aZj-`^0(}xWa+n<LE!oI!9XzpwV+Nyl
z;A`1l2Gt}LO%U<hZWiasgduh|%DYg$M^43eKUDiSZvXU)pdkx5{9v+?eK|r;9P4mp
zF?=EKO=b2GH0r?X`M}rnd%PIHcql}MtuY&8$>&(dNgA|=wA#2Q@fIBQGDxFPF_hH4
zjhQYf5Q}*@3wjEG<_we@hki=l-PDk6NN(HQyO)dps5<&LfI)yGJ3(<(eHJy&TvPk0
z9mcu9#1@wy)|+r#XDVnv_$K2xX_=gj)br+|>6_~ydO_FZAkNYa#CoJ4PlO$;h48Fa
zNoaA{=XsPX9+^>!Wn{tO<jUE=Ut2_Q@9)P0N4H-FO@nvdyrONDO3muY;Y%H|Oh>4!
zO{$6ZaFOcB7A7gF8G9s(hatp;F_UWXr74&2(nwHwgMFNh*22KHof8#NAl5y$Tie~8
zjCw4m7yf$8T|D?W(EtI$B{*ovo7NVBe&n&U>5%+>yXnwhzSVRHX@BN8TXkt_+uYCA
zHCNu0K!3Bn%Kt&pV>t1p!z7P*T$U7?n5>#duh!M^5_}K-%Nf9|*>G_a^iVnT(rdf)
z0dd7K0BWv3pgy|i1$`f;>{KR=`c0GRhfUS&bC)`<wLh2rezyYLA+fOw>MYxAk35k$
z!$?X7m&U*+AChb15iO*^&Pj&6-K4&HG5iuOd`lht6&l0PtoYv}tW&O&)ywZ(L&3n7
z@H-A;wQ@-s--|moBAX|KpR8`*wk%I+8JX!Wg5LJVnch{E6tK7aDN^R?jjguEH&N@2
zhS}>)Qa)43J+Mg>RZj)8OROVpX7=xsWWEW*@<hD(L?t+zV^BgBO-4QzOmvXn>}~w*
z01#@S(r~R=@@`L=HdD`TH??Yu6B>`wAo<fyiUCNzBN^Tqt!Ic^pbD?vc<g>o!1rj$
zXiX{Qx}f^5YmJ#wb3#2sLhGyEHGN}48AJWg3f4XmZhT7r;Y{kd4Q#U;`)%_%r*%-H
zwhMKb$3<w`0A_>VPlvAIa;o8coq0z+vgT~2PQXpF8v<t@Qh1D$+Brs4=vkr0L)A2D
ze!nBTDgOQQnd9|)aG>7PY5mCw!r$>p;2C~HHm~GGd@C6Zd#^CxC`DCixVwUL$h#on
z`5?Z?np)v*HyXd+Uld->?Klo9r~>uGRdv2S!txGh4VGspd|n^ecfil_2npr=-A(7<
z`snHegXwgw*yt$#kwo{Lx%mbGvWZJPWe;gz7@ZTC>SG=}7ytBVnnlISh0J2|;NZB0
zja(uymioHqBpBM<1iKBj$r3iZ%Wwr989L*o3B%V%L%h_|uc48Fzue{k?UQdu;jJsL
z4m7|{5Hd@t?1iHsAqR91!y@iy?LsA98b8Zd%^?Dt1dN6O!HQe#FlQE+wdR5BUmQz)
zmF1F@oTKYm@b{`ucn6C*>+idS`n2%Hms*;(j}DC=)=%QiQAPUlJR8;&4Z-GmmFpU$
z0PuOPZmArV^a`5q=*R7j#|7`Lj>ot6QC;C7Qj~`DXE3dAKm22i*0&q-KLgA9;}H1Y
z?`7b+9vB>r@fY^v-)at+q^}ofN6eQdJNPqBe^df{)|@Q-Ae@Nq*ODQUSS4eMcB=ig
zDN*N#{iG-2&o0n=j?e<Jj?i!7uy8&G-1zESwcebfXIHK(LmyOJU-1lRSm4>~%WYB6
zP$-1=x&_!N_US?_f;3RM66plh>MyPvN^2&4Z<geHvGa$@yIaM0r+G7W_I4uhFM!#-
zI9n*hr=5Wxfyg@VuZfo@-8t#6;1lJS=?Cu#LO+JEXvY$E%=0i7xty4z-4J!Q<@R}9
zcW-QH{k{ixS&aA|`7V)z2Yu!*k*;!$$eVRW8unA)tXOxMZtf1%%jBrqI1#wj7XJ2h
zruXB<>FG2^uY;}^+e2=U-w;&@kYBBaRLR-M1rWRvtge`kVOO?DWkOWhn*24;=Gfl@
zZMYu1#Rb}wT*H5q5!krHN&xT@m4c#lNfc36@8)ov3<H~<0f$n^LeqJF4G}97#8ZR1
z)4#P3{q~h{4w?h<im2Y+!`TrA;?Mhd7>%->p7>l58ByZ~c6q<%RMmQA@VkGFFNK@T
ze=UJr##WwYXoWW-x%p!1uO?=M>=C8(e4?II2vtKrIP!S|q$+}G-qm)vMR_jb*S3dW
ze>cJT1E9wcnkYluhYz`q5g~r1qyq1whB#MI1k6Pj)}x9SfCMyN2v5#@E&wI^q4#E-
z8av@NWKhc=5e`?M{MCujh3YvH!}VRme#G{E@Xx(VRHDQ;(Dq(r;tPFIK+pRxX@!3W
z?f1LY3SHF{Vezg)+{Np9Rr7(YpN*Ejt_Y!5Rp5DqVh=n&Tn1@Aad^M&-@;Ew14NVc
zw9`fEl<B}%`TKM7Z%^%Jp;4H(31Smjrsleg6kT!V5H2RTi&xyLcc=+!k6`r5_QoTz
z<#<q4^O)y18MB5GTkODZ)z<)hH4GcX9XNa>7ILSNA<7%q6Ws@6xJi;x8~{&muP0QE
zqC{bkqBm;9Pz+DfR|0(#pZd%_nIbKq>)+K^HS9joFTc`H_+vyY|2Dbr>+L34^Z*Mm
zG-j9SJ|wh3zXsP6UQ;AsI;z(MtV808Ac$7LMf$4cic*S>-GP>eqrX3H@(rWd!UcZ&
z&^`thFs#<T-0cUF^+FLb(8)tlDxuhzJSF$8oK`$~M)BCOz27NjKThZRdoi<G99Wd|
ze-})nuUd3*PERxer+_>MyQ&!QVLlomZ8Qh_#mV@F9wnHJ|K;L&p~ARwGg(oTj@R43
z$Hb?FZwo}QO{-m#Kvnh191NI(H+NqD5X7~K%llI~BY^%<a^Av>(wBRK-pa~1LwHH;
zA)_tU!|VYqG*AvNtO!@@E>SQ6g8Z5e=<C&oMxwW?&#yE=H-Xas*L$Da5gnU?pdZh=
zzuke&)8kL3++TmP#Z?ezOZ5wAE_=Ao=apSf`|Q3BdiL)n2gV7VUL@L5Cw^T!>f_n7
zL{~qIE*g$Sk!fhF8LMt?e8z5_E|ip5Y8Vr-b`^HLu-4Sr{?0<?!TlS{A!}h1eHP^8
zYVFd6#IDN3$vYOgppys-@Pg=3c3hL+sD_aPP&smruV*a8$m<s)0WTgMWR;{@F{k7H
z^TRw$&v?`>!G|h_o>vwqcO_n=wo<MRi4}LsLCA{r>6_Stb7g$iq%;{t=Vb?61YRUH
z%&H+58}=(aGK!?;_Xzs;B`73+8DQX<<yV*TBF++3c(d_$Ku=oZ9VJU=^KBmU_Txv2
zN4<qHA#-b2yuuJwLA%>jlXSwcT%Z;Dn|WHx->F5LClI0=QuxfD+Ru}dzJ(c!HzjxY
z1V_+#GH5IjW2YEXT*&-xm5VFl-o8n~O8yFlYDfJz%<rEK0ZRIhhT*q|3>R1Ugu|#e
zW31ElQwqfF>A7Ncd%0&7y&xmo_#_I>1QXUiM$7tz9Y!bNA5-9Z{Ffw*_R<@^p%E)P
zY`0hwperc4q1<(ty2wXpQA3sF=*iLCH$3|w_bHa}xY;=RD8v(x7)PQ}6Lht%Dr+OJ
zN7yf)9W_Qa2jn~dDmIlN>THy9mzNJ9<;^KN^OS4SF&@oNuQ><vu`)UNiYA`a{s<YK
z=PbwoFys-(fSEip@prdpo2TDEnsYRCrg%;4FopN+AEK|Fi0GzvllDnke@@7p;CKJ1
zwtfhtiAb2W9helHHiHDF<9=<gMiP?WsG<s2Bx8G*u&Bu9pH$}-^MEr!JM6D{08FfZ
zogW#WQh{IOwv=%Q=*Cw}C)bMM`aan6+dltB!;1X>itzE<NB#q#`Rf*w_;}<Q@9E?R
zufr-<9^8wGp#G(%+UD*lU0-;CTjZ(uD7$jSqo0q{OD+F8PJe!GPsFZy$I7nJ!Z~-K
z75+@~8@@0AQMO#z(b8BkN3Zb>Kh(9z*J!c`VmLA%%XJjpS*V4xafvHD-N&GzdRt5M
z3hu1?>xQwc7Wh{3z}JDYlIVvS9!67qmscyPg(9!wgHc@Ks&tIZk3XB7i8I&n*NXdi
zg{q$X-}~sJxPr-nUe3dBIrl8t8S_eN+Sx)aPs|!?AnOC<kr?cMr98Gc?NKQHz{X2+
z<DN?#bkawob0QBH`gcRg;NTt19=on;fzGD}9EjgEZ&9rUQ?cw=hg$LnU_e_fC<@sq
z4tNXCBd5z_6BcdP6J;>Xd?eW{<zqMW&o~e;kG#gtxl?DL{t@*2D2tm$hy0n)kBv`d
zomo4zt^+4SrR+V&TeB4)_}k;{h<V)fLZ8sZ7}A-e$AQXyb~vCTQ<Ig$W&M6&^@KR)
z9WnnAA_R9<6yL8&f4&_6vH(tlS8Hb$;QvSF_g|DK{^!GLMnPb?8tkD4naM8eYhFDX
zFq1knv&?LYpHw5<BzVUF8@w~};GK~new2#eR2CkX(WF1UM_$aC+Y71sJqx{ng*h|b
zN-!1s)`)N70>d98zC1j+I4}M^XiGoAN9{P2%cb9LlHu^!kP+q2+dz6Cf%R#s%om2x
zQm+upzMxEh&nkNoTHGX=-%@t-PS9|vYT=3K*^=^7a11?gQaF?JK_wlve~c0##~Z2?
z%{xspAxI1|?iG$xa%cV*E%=|xn?e1mUM>b=?XAnfCAw~D1FCo@Dyfz7Zq8$rqQ_xW
zo^M@i{3OOx8q<;Kq#2(WFqUXL_4%7ReQ+IriFlfXa7}z8Kr<3yei4skXecEZi4l-n
zsBA4_{GMDWxADhk)Z}eX3GS=g0dQxH-*lB+oX90WWS<A#l_7{blkz-3%BxRCyPjS&
zhjREfK!k~7q0b@SN3hu%1GSFo#t1fn^0-s@98dBg|DqX(yEP0Wb*tOol!73xt)Jkb
zB*<#?qDDzY)%Ea3K#PBjm4A()!F)xSX1(dPz*C{J24sPQugxpr6~g|y8uoZj{RRQE
ze@BDf`wkj(&~OV4x@C6xuxljD13tc)m{9Fa{-o~7ma;A4*m+a5%kAnWEA~_%%!sN%
z9!0xUD2$qP`?N`%rc`j}-w!FoBa;vf!@nfxR?wsLTg^M%{ojF%PmcokUrnJ_B$vj=
zt>R$9@lj$yQGH2>sAy5!3G^scTHw&p6DZ;1VpPQoYp!HP3j#OT1av0_f{~B6kt6bv
zh6DG!d@ZIOkN5Yj%^y`+2zYmuE~ZjmN*E1a)l-#-$)4G02k96%slrwq>{j@q7fzy8
zubs*{K}}#UhNYMZ0%(37q0}Hj3*gO@QsL;T4)T`02TMyl)naY%RKXGEEp!ip$eDZ0
zzI4g(AMCDdN0>Dkwv;YKGk{~e1*yRrB>^gP$c}AdJ@@CXkF_wE-^PBy?~YnGH&Z{`
z8v<Fw=tc4;JM%7nY4-Xz1M6>LNxsi$QeqB=0AJH3#&&=G43*$9ydR&OH&x=mL$oi6
zAVc|=GNZunrD*qeq58=F3PmN}5hlc80Zj;er1o67D39#yjF~dS>WM>Q(2LJ*Zfk~q
zIWg)J3#%mpO6@5=Ee|HH<xQB(WUuJwVT;_3SWGBlo&D^6YZ;fwNWO888+H`Gy;szL
zbP+iN8xpD$X#|hRJ8yyZT)I=^6hf&Ud1h_p3=0OcmN@MAq@;;;tJU|51o-VZDHq^}
zp~xU}_~QeBz4K5c+sM8Ks_B#3PZ>7$iN5B#rO=^Ar@%p6(yV@+_`Vyl&a`P75alHq
z-^lk%<!&qi8`cuHIC|m%K9qLz@zSn`1}RbR8X=<4v_Q4)T2DrZnQ5&U%J!_)v}=C!
z{dqxiAP@idM#5chbSYHe(@MTm!3M>iLZ>(<xDRvo#hil(D#GL^P*g`vYwvamn^QGJ
z)DyP~hso%%*9bp#K!9yxr8*+(E`}Z<9Mzzn3xHC-jX~w1@8{_d!I7UK3!Sz0{PR#}
z@qvriW`%lee=m*i^J&Yi`SO<A=f;d5FpoWgiGZM1IcSvaqz;rc#vpVz4Sh>lMC1}J
ziXRi)i;8d+@MBazQ&EGW!Zx;vCsPkN;FXiMV;NJ*((!VlcPro0xkD`#CT$ZiTAw@M
zHCO^-i1IjJ({=9x+|u%z^nF=xrN7gc{DmQlp9)7HaLxrBx;t70FW!$+E^-Q}q*;o1
zB*CmIA}AADqv#F#Z}#LT*(bc4ItWz^&=pC*SCtOHKdwQh%KU0BdMR0hvDqvS(xmR}
zKb>GeRYAvC9)ZL^<)_tIZJZRRMOL9+0D?56JI0hMJjs7aHm|SX8_?VoO!bHJ2fXDB
zz$r-IjT{NX(!_Fgi(~>aXH6L<5<g*xv%tOxK`qYGcB@#5RGWv`Ho=24C$_cvwgUrb
zArW%wt)Fg}!=~4#M~=}9EfnnSk4lXwi^vt`@$!Q=as~}jNLl&J{9%v$Szs&c#&@nM
zevl-9wsoJ;A;#`enwJ)j)oV4JsdNpFJ=JBYtJQ|x2-h;|edB6Q^<Fpjx}y${F?ISr
z0jlSbli3n4F2{w!bNofTT#t2Cgx__YD}hThq<=7#FNm@xGG_+Du!Lwj?iV%2jFxVx
z(<8FK)=~YFv+{Bm?wpbTn#$myKdqZNM_>e!;<$EwZHQpb^&|QDat!fz)nP0eJuO@{
zuVb9k2s^o)GVl<6)c6gZC~)RMy3u)zGi&Ibp%n;D$;3kqFTskl+Z0qQ)J>J{M7b;E
zYB#>T!n1So{V{%9xO!T6tML%M$p^hL!>D+7)aS9<%foc+#!`tVQC=X2>hECa?K#ty
z*{OFKn{MnPpQ)nS*=fhJ7E(X|vq-5MGl@#z5e_(s-BAATNqqhUg!xfdVkZe>(--yK
zfznbm!WVa<+5-IpT-N-F+oB!wpOr}eLCtRl-+6)o4cDtGW<HNNFS6NwvX49?KlbYY
zKvi5=?H>kIeXh}qku^hD_E!aNz|ZoT61OZ}jy05=a+=QDSezeN3B1!mdG*WZvpuDI
z9{8HxE&Y=CwyM#>Uf|Z6l}l$K3G7e63!n-@ie~FB@a&!s+H=&9V(Q7Yco1EJA2^i2
zDUJSk(V={I9V(kS10?w|R9{P<eWyZ{64l==FhDeZUKkRQ8VOt3!)}D}E+b;Z8*-Xb
zf$kz;YH*YPuB`OO@!sRse*xw2rGmL#OzcuJL9F~RYfa9~fa(c4Mg}A)!7+Q&%Xs2E
z8vCDI70LeuHsfVL>jPrE;V_AAP2gxoio*=a(T{IegoDI#2CoV4_!uq$*ze0n=Rscg
z&M%OFT?$uZvwPbfRFCws)uE^0%H4vuNFW-MZ}CQH=t;b#IW71l;hhLz6E{^D9r7Zy
zhFndgPa}(OrLFBC<2S~bQtgi;`%bz4*%<0iU)E*7Nu8oJc+`a&3@%Ul+)lf9g|C!R
zA;baVD2CyTj-!4aD_JWi&ZD@Hj(6b`xED_Nd}i=~XvdTw+W-~8gb&Xlm7ExduAF2+
z*e~tf$3Fui>dyFNziz<EXJK1Pj-{oeyHIkIRRI<enLbD1w1)OFSFb%nLSU?of@pY#
zUd(WGaM8TZ-Y8rmcdEz9HK?ds*O>*fB8cFQcYNRrmXooN0pE`sl0S1x?cE70f>Ne{
zrC8~t*gIaP{E<$RlhG{E2;~60ec~72i^$4&3ABn0d247=Vno&|h)!wdjtkJ;kDIs#
zbe+!9@-<?eBsarbD@?1~FhdO0&gN7B%np%}+%Q;|&Z-*wgO0*m(q-rEUWLB@6dyLs
zynDAqE=+OfYo~yZJELLple}iu!Z9LT=i;x^D>>$C)WGdK`I0Vi?zKwUE&60bP~*z}
zPKN3Q7?zD=e@Z_9Vc&3r;CjTCs0_RkxukG-wAoX#*DZ5sG--P4%%60ev<+K2&J~cP
zyAz6p?M)oMs6<4MWe*6=pegE|IIN1){jP^}XGH_%obtj@tmd4>i8^2$%9#+ew)QQ%
z=N^7#-R4uxpJ+!n8i+1LviUxu=<t0EaN!ODjyr!53Gwm<+y8ZrAuX`tCbb7|lr*m_
zKiuO%+q}>$q<e9+!y^kn7$EKd2Kq;VesA85d8=(@M>S`nUb4g3?Lbnu%8LbmJi@7}
zKxVR2pUI{j<2;x7AC#QS%u854Arc4gBSbvGeq>isZE2zZlz9d9pYoyaOZY}A(!$@R
z++t8ZzxoBuNA-GNae2kFC$w?*bf1JF3c_!UrYE$H%4!&|js<+dF`YNFqJA-W_Rm>S
zogl1!MmKxqIz-m236`zmQ!+cUu}&}VfXz1%mNtZO-ohVh_Pg7fNgo?|r6oSD3lf49
zeNAWIIcBLApA&m4bH6%icx0Gje1xiLQyMfS)??}%w4lr$lENkX!bC}H|DMCQ=1>(7
zlU!42l?2QIn@Uq=+Z<96ffqpy)kLIa4r^v0HTmCUQK=hG3W-7<U)97TMk38RIaw6$
zt2iS@MT(-uYyB^DF|btU!DSr<z!r=%v9|%m@}yen2p&HaZ~z9b!1dI}G(QZgTz0hN
zF`JqbCui)+fnUI1nRZPTrwy-x48oh)Hek6xKETwrJfVfY97QU*k5De*l#X-pk?Lkg
zkljaMb~1~NL(k*UzJE`_?u;?kK7BCVg`rx8a49O3XvOt4onu0b0wCiuiPH`t1MzQi
zly;$R)_JBq_3{8YE%MbR;_`y=J}>#bWD!}b(OOz&Jc{wH&5TvMXCW235h-m0H}PCz
z&wlAvzYZzwGU7ZWCtnkA<b6T})IYd#zv*b7V6X08Kpgax%=+~(nE;iqoZWOCz}c-;
zxS^hzez}uPl&U;sT<2|cj7(KvOxk3mznUZKK<%ec$2T-=LYzesXLV_m`CP9Y$%ze&
z=kMp6VnaPv*H(csI6O8KS8h>fa1fD$Wao!sx}FP#+!<!Xmr;qZaetASfJueFaxd0Y
zU?z<wgF3U^)0e#nZZ@{u>z~D}qO+iIe)Yj|p70==RZ`f)cFB}W*t?=PmxegovDsfD
zI1*wlVXFI9{lj3F$6LqHlQNO~9obFNLvn1@1|pE~anbhD;`X)+9^k&dIHEf5<m$zD
zi+yrGlmwa}iMyxP2Jd&D6fbfTg|1#I{p0c&an|3T=GgL5f1PHMlsM1<oY&>O@4{nb
zUQ@I(;Dabw^^3KTd$5u-apzLsB1(=Njeh1Wgo#`@DICyzJ)erNB^=KPQaTannp*yt
zk;LI~&~ChsF*AZ{EiTOy*YiUY`ibn}NukIDwR>I@nA2*nZtA$VU4_%NQ9`<df`;Dw
z4q-f95p?EYm#;CNnR-Ns{;YIg#emT0WoOQjqV#rtqU+kbQoiUA`b1HZu|U*KiRqkF
z^Q2xKJyk_1oI~(bqbN|zI+VcK%R@S<j*C$0I03kG+DeL}u}1<ra`JbRU131Fk)Slt
zhpaQ?^S3Xov;8YTVS5ckFNz^{M4HhgevLG1_-iUnJMY&~**3$)#P-GRZwa<f#J~Q3
z0O9>#8HoNn5=<AnHOrN-!d*wY*}jL&bnfC|#9Nu>bm}4!-GM>@#teP^RYxv7U)W?Z
zo^Il?c`cRI3(~O<>H$1cgC*<-X=eSw1XUS<O&&aoDje7y84pTJb!%Xb&ah_F*QytA
z{S^+1hjR-=uDpHrE?no~9nZFe-Pq?W^7CgFKE-zw2)@0@zG3CH)L&P3_-u!x|8xD?
z$p_JpOv<4h+!T#C22v1SQ*|UuG~~_Y{##M0wpnEk6wH(6y@G|%@`#a0#Xdx-7ghCA
zxRW)+5LO~ra^~1DWd!ByGnv<ttQfgWSt<sO)1fzo69ls@i#qw<KrPsP%W66BjFFqB
zKC6kocIo5?Z{;7#NgTAyKl|8vWBs|CbK~^hekW(&ocl9#^d_zRj~I3@p7AAizYrc9
z)V!JT?gSEz?v~)E5P*1B5W5yAe&+BYb<ua?irs15+=p{B@tmsy7n6rf4Ja5Ia?1q@
zW5>c9fXv{1Z(I{Cm3Y)pdCD}w0EorXi#0$uNeI9=yiyawr(WXS`*-a!)ZG#QMg@sk
z-T1}e@Bvuayrg27K;?T~D9Z*t76mIL^8))5r6LEVHl#|@2Zm<%=a*0MYY~R@T+u3j
zTq9@d-(;zA94whlM5t^pDJcF`MdhIn|AGDChq3Co%Mw7iC6y*FB{)LeQdQvNaU1vL
zg^nsCvp-=}_PF1t1U4{>1ZY9h(#ca2ZOUd=!_T-bYL+!cs8*XXkvr|%@7-Qv?^crj
zJ~zpOXCJwaGylP|+lxj|pY{wIzIgKCjrnKIsg{(}n(lpSS!HeZ^29#M8gmyP)Gd#t
z;(-Qek$vD42o;Nq!`dk_u;7B&*mTsXXCm5yFcQ)32F9$8L``?^Hl<slQ|O5#3=#R$
z3|DX6AQP5<ad@bQPn4)l59UHlOUS3*I3d~%M7{_3tRcpp7_wg##c0g~Q4B8HOkl^m
zm>#@Iq^~zlJ`zanx-XV_{yl&I2j6i$tL)DXvGz2<vYjJLNO2@eyTqM)&oR=kMqELc
zE0V=h*B$Sb17kNmgrfo*S*cqx!2m6LmFT>clYaXBFAqFGz!`8_HP|{do6-fo-V9yq
z#{UGqD`|{T5~asF3B-gn><tpQAkzH!18A~MsIvzHMcUhmg_+?<b9Cnrk-3<l2=^VT
z`|<fakl16mSoJSs`m+d>xm~=-Z#1-OY#q9g5x89Y5K5IEE#}L-$7z@SV?KPQ>7`qE
zDsyb7dHNqy&Cwx%F&(+r2}#yg6nNqiS+7P~?}_F8|Hupbb`gNEQO<llcSQF2=R#O|
zd&1Q4zE~`)Z*CSXoCw*|(6D~W`2*9QFRhCKTz8o@Z7+I6McM~)?)YZ02JHXhB=r5!
z$x(Y{bqG1e)^Ge^i$7}}`=&^;6K#^2J2hD)d4jz{;L!^PF^L(X<>0Zx8Qtlu4}E8q
z-ds@F`X|l)>D&M0XMDuZ=nG3hMXN01Fc5x8>`RB{L{gE5Vgm@tb2glhdh9o<u=u%_
z#tgotrO{X^JHA1*X|_%xh-$M@yivz)3@{h0!*WoAw*d>M3U}c#piZ$4Uz8DAEM*K7
z;aevE{dJ?wxiFDubCeD0pJ)`pOY$(Zh}qO}Pl}_2Ytkdk^>ol66&Z^%u3L;)y(ucL
zqrYhZ;Woe_6>*TB=BAHKRM6Q2PUP~`E_8unMB1vwtZT^ufhV!6Vc3}dfQ;}wr7AXT
zo}Wq{nO&sF%xKU_N`!7fM`axrS-v|Wwb1oS_HvwGy}aUKIZ#>u9(+!0`NOo!)9eIW
z^a#d5b7dvrs!I!aAjlNWPpZU1M@&5D|0n}vd&JQ1T7>(jkb-=9V6sf7@{{Laa}g>a
zU&-3Vq@kshtV!~m{dyE8DE`tjffBj;eZSx6T7TEDO%6Kp%#nepVcF#%1bnyJHi}Jk
z?0$3rb+)UVyIN0Owx7;E*ZaN#SrS<%pZ%jZPaeJsAk0;;!4v+1wyYr_VRDo8k`_{p
zqrtx&H^h*$*LEfRUr8F#Cohn}{8m}gE?sN(qzhyt(uUt<ZA%W|<a_VIUlK^mB>yHF
z-tBX9jI@soavY$<kfIFw6$<f9Py!rg9T^;am_Fd9mVM+)$zPKDklZ->WNUVTcDc|l
zrTB^E9-+crg{VO!k+Tt}YOoGCu66QVI{_(>ZW=R;#Pft0ilNct6U9xeMY?%B!oiNL
zT##S3ocPUb3~t~;%{lKrbF?MyUXGAk)6OYoJ*tQjO(w{Av77U#HS!o*p(x|IzQ<do
zl`bv;9`FD}(Dl-}39XH{1V_fp0?@6!rKvM-4TVAu*^kNey8^YHc`X4t(6+3<jcRi!
z4I(%hpZL23t0?VnumT1Nd_+Vk^nNk2e3>2AFwSoqY1bujZ0_m-F9<!Ol!`TEM7JYE
zf|2&x&dhSo?yYu}d7hn%ax)mSi&j0fjo6w<gCe6$7buLR;;7qJApKC{7%l8nn8@xq
zQnvsBFMDkS0UII=<d@aMzE8dgw7k$x!#H<<6IcE?IgKgq6{+JI{MA$s?-(CT{puM0
zcmBG+hm?U-Vmy4stv(UXT?bONgPyhjg?jHp)nboNga79UG80LjzX8ykK`I;$SWA-8
z<x(F2#@h3S+&Qn{z6&1e>Bn!rXbsaHt@6pb@$=4=z}^1(AQ7UiZ1xN$>vi@33l61p
zfp-B5&G88dx<e}_Xa>7U^;OlgJU0YV3e_r3fQ&FY#$#K#8X<*M4~GYOnZp{f%{5IQ
z<~a6B7W%$<|2A`&XI?1oxbFeE-TSB3cs7xXTc06v-s!wYRA$X$yw6eM-k@T^#g-_Q
z*#}Ld6B&NfWAl&1=?xMDL`s^9I5yMLek;)opS^^Q%>PpX1rynE+kFVsc@HHSXPM@V
z2=sb8^d!Nj8<^`!p;T_sM~3HQiTL#)9WB5lT6{M$_qv3hzsPgel)Xo*n^fTGOLv22
zRL)wp_Y#N)3z&ML1{vDuqbNJu9y^7I97m%x8e}9BtdzuBO9jL>n>bF7R;CsRj)ys3
zI%#qG!Th_uYd?-Brm+vg^AAy#0<hrC<QA&OtAL`-9|reP;(Nn$KfAb@&4Y$fIBG1j
z{T!^L8-gJoydu#m22T%b$hYDN=Nxcj8*+>57ZYN*#y-xVS4uPzc1*Vp@DMU|${?oC
zt7`+i;1CWSt-I~AV(qFT#_0A|7--o1NAc?T)Zs4h?dMg$8W*70Dhw`DL#<0CnJckT
zougXa!1NSE{04}$R2DmXz|R3MTrt4Sg#RJ67YFo}!{EI6I4M&?Xcz)9>UbvZy_+<%
zgXMEp+vAC*RFXuyj)o?;Qhm3X^b`3}02kP<3vWNLel#7p#N9OGfQ-T$Fr!?&m~)Zr
z0d}nAt@ZfIuWtHXlhOi~xS{65lVvOh9gJyy8GX={sLnC3iRzRD>qvI%dodIqQ-Xpb
z^iS}tHMKW$<9;z>5)nWo%4A8p{j{y~Tq4Cg9IvU7q&f5?P6bGTA_x>_ZZ=i(ofMWs
z+_hxT36jXsVI;OU%n>6Ti8LBF$1mKC!c@jpGpz`|-^1ihtH8XFF2YQ&_NMN*!0F9y
z)n+^BrzE%*d_`3bCosXsQ5i|xyy$w8$uINbCrm`gFzeHg(uAA}O}8?Ma%M1&?V5D#
znsgAsG<M3lg`R56WiS$MbDJEMg_>R#^f921mTFvRsd@ilk4KH@3jfDlWuu8V+qG0K
zxZl7Onhb+nltkCFKj9z+6K!HGx86L~FmQ75&c3l<;rQD-j**JaP;0cGzr^4~kU>4(
zQ2ye=6}#6oY%@v;)EZ6fVF-+L`<sdfb+u)2!x=htF7(<^gZHT61mtmW6A<^k-X3k`
zhz!t+Q$l@9pWi0_Zn7v3AHsQuKu_4Fv)xnfp2tWR?X6w!d1arE$lK>La;?}0@@zjW
z-_JMM3Z~o!TmCx`60%u*=d5YV{L@nM=FJ<@)GuXfx!NPLJ7*$W<Kpjz(o+GIJ2>-z
zIC>B#Eaf@%>>2&k6N0LjvT{c|F2?g-yi3OzU%gr(w7<;nyE}GVR6VX^wHZ<mmghBt
z`!73=r{&O4Yf&Gz2t!DXt)18Tw634W-0c^JU9911=Iy8*c8GjQ`NI*%>ikpQoqwHG
zcGu!G=fu7{T@C8%IWE1s=VdE;9s?FrK}0qC8MQ}X?$FSglkO0CX67;VFD(<5e;QFo
z2!a5lPCEz?!0;0=kZ206jGheGF5WNkXn9#DUQv`Zcc`Yt4apHVxCD$^BCtlp0>SA?
zaJn?Y<6RRNBqrQdxI!6*8V7mwqeyzj-QsP{0n*$Ur2Xut33W!^dnm4=Su3T>Tk86}
z|1ge)Z)js&g1|sZd^Wn5UcM`KiEumun;n#W#s03#7?KQ<pijcD#RreLT&tu?<#V6H
zS*G<}B0W}*4{I+`71}YzlbR`gJ@S+$C{%Drg^#JaGu&?QvR9L$vCQm*y*{uYQJvz^
zONumt+bY03VpxKxzb9TT)cqmrZtp%s`p!{cy2WN|c5gF_kCL0l)vj1*n{_rNijz-L
z65=Q<$&i%zj#!)29>K)9ws2BTS+ds36VV=W>-GE~V?9XLpo?=?NXv{I+Z8FA5aIEd
zOI(4D5%GlYNoI{7J86QMy=zCk*)HPW=eDnUFi`D$z@TQyAVbcDuUd(yJwTzD3Z~B5
zd@_{Z+61V{D4tJP`De`aR_mo)uUXOfFwVQc9Orc|enwqvw$?@ZHl0~YR7B)Oyyvmg
z>CS@X3;UM?Q{tYqh(evunyftyFnuM}S<D48tR{k}EyM(v_6YEPzB&1#xkdR%a_AFh
zp#yQHOK$Fl%V#g#@2~2v5S>aMOI_-EEg&|e_oo-QOAHiT`;3?qyn9*w(4>5~cEg1Q
z!Xp>%E{@SS3fI&LGiwPAB}mwCrW+=9?Dkfx3ca7-Q?fFc;ZMUs-k@g!>nOIcKg(EC
z&2Gm!aKwa|(MwnOLjSmvo2>B6Ui?CywqNQXH7$c=&cEHcNf<v-IGU2{1G*1CJH}p}
zfFL1me_9Zua}}L)8XXLLrOLUl-MvHo>iHgetC<E#SOg8)3lBCoMI1I)4;b9zPJt|8
za1YFg&8k^|h?j@UW(shG6r5#YNKFeS+hi^MLkKeKMi-e1&bGW2+8)u1n^mcM%=Iir
z_p4{vkj0%O5yr+O58*ec8>=M0pI0&^ARVD}J~rspC|0zvM+9RRArlU7hYXOGE6`yB
zBjK-jMuIw^DHFFCjOh48AwtX?6D@DtbD{&)pz|t%2TT4zQ~Re$Ji`I816)S>22F22
ztnbXW|4{}E@cCfRcvty4x?ZFDo_GnDYX7z10@adjx<%NmkjJ#gUk)IDx+O=g*Y>hs
z-^|q*W6Nn0=DL)LB$m_2Db2t0xLy2?G}G3Od3)W`*{LM>F+u+KjZ~YxqVFyvTfrFL
zT>ZGkNNTyD*KMU|t|iK))?ztvekltKxmzdYvjoY2XCc^Pri$XbSsC75$r_`~nwNJn
zGeCO0A3KbH-y;Fp>j@DS$*Bh|1w}_$Kks{V<T)*Vr!nAiOvG$OjQ*z%Ra^&#CPRgp
z!&oPyv7^kh90YI`KgRJ-f4$Ft*e2k){^$kcguh?AD4!l^?m*vanep;|q4K*$Mr8|*
z7wa>(Z80P?n7an&ySQbUy-ZFna5B`9)voSCAOm!}&f8l$#k{lRNdKf@A}qEFy`V|q
zStAEY57TPWRh@>mY1hSxe2?60v3KzWw(8=n_R}!C{x}c$6VE=|n=3oi+tn$r=WQDl
zzHtIni9pOcXLJdpJX_o%wHe>T;wB8G*~zmnFn7fvD5ZN@Istg_2)Q~X)ozEaRp|^=
zHr!H}+%|o#1eM2wnu;v3J;^hZ@<}6jk%o>1A_V9asNC^AgXQl5cIkJOv5!=Uw$ebp
zdXWi|Hk-*gQEjhyN}_4w_cP2gIN&pAWOk5McfadJfpsXvxaQjD0T`LVDZT|hltN1&
z17E+gV7i}WB@0HRoR8`5@`-YA_NaM>->vvOi2IC8Irclr9X~lueEEx+;j6pQ@8IUi
zg3mZXBg(i4Pkj4au}>u_{ZGpdDQN+m6Xe8>T%lJjTI*RuaPwHW#K9qUk&(qH0a4Ch
z>KgssB=-6hF5O69)A&FHRrJTZHsDmlgvRT%jWW-LF9^3aP+gJ8IhVKpc8l9I{<{oE
zFH3x^TZpL~W>1;2_0v0mw^@OBgS<de(li_JYxEM0PwTiw(zoi7eigTiSJ)2#cvab@
z1_#fCmYBX3tS;evC|o>{)!v`k-eU#1n&I`D=EW5~ks|&2(Lhp~wrWRA<cq*mI7GYl
zouwM&bFB)zTHRb2Y|%ytfNhvV$n@hsl<95j!?)+Svu1PQNZVRC`s|#|L7<%ko5~)L
zlIF$MEC$w$0-nh|dMHLWlFo|`mfpldaNre2X`fvtC|?2-HgZU}v6~n0%|qa$G1xxW
zo%Q}FR<<abHk(iMrwV-5AS%IReacBd>pJJ@G*gwe@7SJ!!|vsed^?R`+l0GsmkS)j
zl=$KD7Ki^*`Tq)C1u=dm=xl<GNdo&IHV`iUr;SCV_P?7k3#^^e)zh<h{r=Gb8JkZ&
zJFo6XU8leQ%+vM|U+yZor)kFrKIvy?ot$}d)8PweoyAtx$(Ul~8JB6Zn{Q@wbxto9
z5rT8Pi=^F;xYQ;cg<+(`Tk9FF)$cNOq3=j&$bv_eFjB``K=d_pC$YJ7WyDBG!HOT~
zSY;>A9r~q`zwyne$k7ZkOXrt%V}>8s2)!{HI&QXl9IYQ@DbqZ0SUC&}+16M6vdmSu
zoCNk&ZUK~VM(IroimbSL@BioxRVg$?@;LL+nDpe7`71Mzv!Mi|`5-N1N4aOe?xxNc
zLX@^QA}F5F6K;CB)iQ&z>5P9EzYXON+D5mctCG9Q$kUq7&%Ga-pSE+nu(#cj_x6gD
zCvWGDiwTW1=sBzK7W9k^f)tkm^X1WzcpUe8C-39gIY6odoz#Gk6~XFvDF}N5BFt=d
zSt4~}sg3k%{3w+m_jsPY5Ad-DzreHa;c~4kCi?ejv9I3%MJeRGUUB#}ebWMgPVPQJ
zIaMY+)u_O;uyn=ZcCujG$@A>SP6<~JbXJes0~V`25<iyI6#<5aO%klRoe@2??E7eu
z82UnF;J?U{)gQ;TsN$jdrP)2mCy@C{AnN_@QGuf00OpcRO8U{iy4ZmQ8##^g38_4k
zNDrQ2j#Ft4m6d0-lviIiJD*mOJZ9GFwWR9);`;vBspF?sDsQ|G$jCr=2P=MkGD5o!
zgHr&}-F%kx8il<5_knV^mz5MV{K`b!C6oz4Ugu=$ufIQ9l&UjN+wS1XbTP=?Q;5#O
zlYJ5lugJ>23UXN~C0~UMFaw_dPrPV0&~IxKZl1D$S09v_6_qY%NQ}8(UD||+v|;|+
z-ae=m3N;gC?L_4Y(_TFkFjLjZke_(GAUgznD4!%DJTrOz>LK@3i{occEp;@|4lW7N
zKa`Y`a?-UU`u1sQU?p5ov}*fA))|{OV}jOCju0j9<bF^YfliybEO8vN+0dyeYbZr$
z2p-citF{J@W0Q^5Ff$(?E>YKQ;SU0pO3>V<U5)VzBH(L;E-lA(TzennCAX$0|E<7^
zh5m^<g-fwDmTdesWEBhl`v3oRx4viRd1aG+m#3YamR8j{=zGDfW$_`$8gr;G$mDPq
zhZ60`<iKTb6Y1n|oj-qSedC$z@(6F3;FaYkY@w=I@<i;%Od=(+Ln1RV0uPnKoR2^?
zwau-C`JwCSj~miO%>6SDQR?uD-;op+I8JIrrOkD{OrXRtnLDEVfy403bRvu1HHQa|
zBNuI_KD6<m#m-K)eOPJp)+0UmU~1{(^V*LVg;)2Tm@N9NMC>smb4;~PpTabb&X<H!
zP@dSq>U301;YX6n<W{ARPuABz1=Zv%(kJAElx7sY%+^`ozq%S(klB6Z^VtXQ+^<z$
zc#<)KW*B&I#kotE5kLNV{WWMvtDaI4=Mk(|6rzdk(MM+dY#IYKL!VbX)SiCaczgF7
zN5v?$Y6Rn{S0=h0-TkhAnE{?))1?t2QY+`s(=1O)c~wowbj`W3V3M{zey`x$n+|L4
zi|)J@%(iPvckE|maxyKgcU*5K+OW@-I>IaFWpm-!<a72foXR=KS>u&lUuzBc!$T?5
zq?%F&+!TPA6zJA%HMc@<Vd3cTA*>;@C0pdY-5AJ-bF`3pSe!r8HMY>VWN`(1=;(<Y
z5wDDadmejWT}2W^f?8qn1XS@rnxlbcQ0TK&cD==~ar|b!I;DC7eLNaceurSaIcVHv
z5|5ONu@WJTWaN8Q)6`tBvF08)S*x$m0WGJ8U8^n><o%E?szY*Z9FZr4JxWmIg5OD*
zcEgprFq~(?EFv}Im|^0o-~|?vbb7d=pB&yGUIQnobmu2LLQW?o8HYQbC3#i1QObHf
zjqwdU+_C3^jTUFFnG~LSF;|zTW2X0XS$^JB&G3VrvNGGSkZs}d2OkTpS(%8GN@EpW
zj7<>Npt5@*4HGzx3U<BgHYES@N}yF2PoBXCBP+&fE<bW&p1LfJ!=U)vbA1@E7*Mit
ztxIqUtnR6_SEBD;QV<fPo>dewqy&GauQZLUHAxbw3%)%^iH>)s_CeQ3UKceeT@tA~
ze`lPR0aMC{qm%7Wtir)@g|p3ywcM4_PtUDS-sL*p!hDI@;zQ+H>&#kM&-#f-$>nP;
z7uFZwz8%hG`pm+AvLJsIjh1@;xqddts&DvQ+o8G+)^eo4I*qz1PKqQNqtGXAbWr1n
z@wmQiA9}B9|6#~p1B+n7jGE@leCkaVu{;F45hpW478yG7vtHNUx(=;*h(aI{0kf){
zatBFV2jx<ChjL&9Q-a!#H(*@J&My+J^gun2V3hs1E1U)#yxm!$XM@x{d7RJ7xQ~A6
zm~Ze)J+0%MZ-3x?{sk+mv6bbi(0x@GGP7k*PlZ1Zb|j}^Da>Ex6=nJ~Qp;4OpFi~A
zN}~P1&KE%;it0uZ{1*K|4O5Ma*B@)ra!&S2ti0BMp9_3sqDGZOc{@AHK+3_~oHkt$
zLB@~}c0L0_SS;+yON`B)^Ltp7+K3;fE4nyn!)wnj)ia7w2ANwQOj)5}<X83eOgKf4
z87x`XJv&lLI9(tlfA{*l`fyJ4>bZw{GjGklbO%ikSj3)o3_Wye-;A(`Z^pn~k3H61
zMEI6>=>kJP<OGZsm!QAU49r4=ac_PUg&3cfjJ_ff?VAIbbSOiH9Xj$hzKI4a7ln%3
z(OAy++yu!lEw8)OUJH!A6t&M1diIPEUmLc{<fvt~=(%jsYE65Y3fndnj@By+u@e}-
zn}_?7$BU(D>@!Cxih5Q=kFgf5%o2UhPCZ#sa?1MbQq9fw(}$k+nF)BVo?q_>yLIx3
zpzmZ)ao%$9rTF<roMq@48SX606Fc5@sD@_x$+LJt0hl|s(dJRvA`E`@h#-Z1erK|0
z>n@d^?GO}>x&jZRwi(cPg9m?khQVmu6q6Gj+JR!nHtUG*IZb$WZb+D0>p=>XzywBc
z3A+$$ywVk>#yYCpTFoOA@(P0H1ub6<Wr03U4!W!Bb~BP**Hf84ex$E*wb7}2a<#wY
zMcGFejrs@50d*~W-o>sNM#Ua`qPr9*%%5FoOT#^@gE9oi4nVNDB8dC$hfLLLIP}S0
z%Q!G+<=<7L?@Kwfizq!Z&vJ6FZgDxd)>lQZscsmkDb%$fFbc6Y<~&6{M-A(+KG9}Z
z6fE&vg6kgXh?dI+oI&M^dXJLteXFEe0#{OWuilV`?h=pB3k>m#mXKmFw(#cl_&m6u
z%<kAJN8`AWMXNzsWo3@ML88I?`c9xezqB`^-BF(-)CFSDNV3He4jt^9#f|;8x<et<
zAIK-Cee<c7TM18SE|W2B5OasoYd&2rus+E25x>U9VJ=r;Y(6@ITbGk@apAy0!!IMF
z(O5U(v)xvAUQZvm6n}f5tn}?@b#+8B6X*B;WsEg)f-_5EwO>3;m&Q9Pa#sTw6|Y>|
zv*!SCh}^huTznw|4VEP1kYFxc)mr0=C<g*A;t2-n%Q20w<~-$C^x%gzf;FY((p3C-
zG-Bh#uQ-Y6m|h7Ud2ngAOFcwSRF1JaGI~;oCWPKZ5_i2>kyO{vo}w5-o)5zhFH8v{
zo-;nU^)|6?os_Hc;X5N{G8pcID)TkH#SO-y5qj{V$?W>m&&x}HvQi4&qS_lCv%*;y
zjprog5bdku<CA^sM#-!7=hOFJ@XQRKeJ#ld2j%yKxHcSj+lu+;y3{q`QP?1h9LCW}
zISX}L*g(^m`M?D6LbeXi2J(;`%R`sBvON!yj?-B9l;6nBnS0jtEW<nAZ;rG+^WnRM
z(BSZImszYIHP`n3w6vP>B;mZ_;2Uc5C`!*P38}n`XP?z_p2d1aBa(Zv@~OKu!s=gH
zcwfAIy;O)Pj6b^Jb!rHRn7MuN<zh>5m0H-7<NdzUqEv^S6C1{Ztey>@Lma9b!ac&~
z$G8qM@n!6`p629W?dGkE9!VxXFj?59z86rKHGXq3BEdG35?m;}=P)A!&$N67tN!`{
z8aWILoQ!ybs*J`2kJhO|wMItk2LZT0ubIv6Av&6h26K$Bk2g9sTn-uQMX}=Ihmy2<
z$r-Q~{l)g;6UHTWD!vBos2b87%5tI6Ud_JJSSfW+p4;!%+U>LoVkCD-Rt<Tr#*eH@
zPJJn3KRqoUyS(<MukWGWen89bH8oynZgMGyTCXVGIXNR^n`vo>t20~QEN|k`{bcIM
zX1RlWb*v$=p}Q<6IbopR6=U4mrMU|NE8b&6cTOrIg~#on1E*Q;72YHJ3e|XQqC}?7
zqjG8d?)UWa9>H_Tgk`nq4(Pt)%(@%s(VdfPO*lM*JiU8h^=WTI=+msm`#jv-SA2a7
z%Eun?Xx?9NA8v9k|ETbCt|jRzdsfEA3H&<xP{RxTBGhEExI*n|9J^wljsGbDEP?5z
z*^MiKImHoLUu^d};Lip=LPFx+Vr*edi3`LC(k4Oz12^#utpBdU@W^+H)Lhh<++9d1
zX-gLur*N!mO{F^2hUK}A(gBCaCL@i$t7ND3`dG>zRIRnewQzVP>rVDB9ejApV@ZoX
zj^5j_>NX!$#qG+v$7?}U1D|c3XK0_1eK2b@5`XUnVE{Y6*1X4R99$G5_<1=sEunfb
zhglV`r*OQ9Vs9R$Br1TrF-6GJ&W0RwZQzNGHV=udR(t|iKymnS2B<0c$x%xOF{m9o
zj3HN4H9?eGq5C8P^hA&H?ba<dH7UDO@oBVoQj-1M+XA{u?*qP5^@gQ(@$w4}#(fv+
z>a^Z(<R%1hfjh)V_RRn59XjNYo!3qfW0-f&;4<|i6slcy|HNt0CMatIXP?1cV)r`x
z6n}jQ>RJ2}e#1mRJ5Ena1&KK(VW=!5rYnfV$u7&ZD2+{8cYsHL?rPP&<>bol4zdfM
zNi8ahb6!q0Iu1>rxKN%w_9COka)RcdafN==1^Kuo@QPxCxyT`}zJ5<*$qIdwP=3-g
zTp0w}oyam)n<zXEM~Rl_^foMXyWT6m(x=vG)IlK6N8wqc@LqS=umln|&JSE_L0{q#
z!iJA4s8;VeP+hITyc?S@bTH<@m-k7*V*AQUk*%lC-+7;!kwMw#6zF8eEAif}(M3F;
z#J{zB%*GH`?(A)#hRLMre7m#LGx-hoGHLg%Mj`mAXCsM8TF~)(u78BZNMB3nv4F}-
zLlT41L(fH-39=kSKW=h?2zNt?5?wk+d(A#I?WqV!jCLP8^f{p7^WIy5)!s$d-A2;q
z_FCTc%s^k9k(tc0)ceybQ+l2BV-w?5o>vLd4tI>)mecB5kG+3pa?S;XQa2`xswd@o
z2fnMlWEZ}DSAnhwP@LC!u&E_;bMmq>=YbAZ|J+^lvQqQ(@VR0tGOe9Ii`{*wWpfR<
g$`dd?KE6gTai{ZOyPvNU1pKF=qI;-73FZI)03Z%X-v9sr

literal 53302
zcmc$`1yqz>7dAXJl1dNVCFOv0cL@lnAQI{zgD`YRH%iI?f=V|iBGTR9AcAzav@|G4
z{x@LoKJmWK^L_un{<TEGHJo$b`|NX_y{~=k6Qre~gpWgs0|J5YRg~qmK_JwRz*hw}
zD)2w4$OHuN4~o6Ek}N2%gL)D80o_dInhXf^?kVoUT@2vo3pUF7_8<^J<H;Awd+Tf{
z2=u8<MP5etk<s$unl*{(_VLr&qre^Gb(JbPk}ySUY{tAIRJbxRlLCst9`S9<IKkwm
z891Kj4fLv%rk3O@N7%u<sZUr*UJe?Y+-5gHQPbABW?nibYfx<7&AMu}cO>cjY1<~=
zTukl73mVr1CDt*Ejyv}4js*63^LKH?j<=4FCXV;%6t0s1e?Fx!rd>Pzu32oA1f2Hn
zxm5)>yfFb<$ko<<QHXz3Jv?wPj|xtSKX5GsZ%lj;uT{WMYbI0HVlGpkUMMW^OQu4g
z6|H3;^d%3woleSC`yQ@{IK@WC9!5DKLP0smHFA>joX(f!=48lgX;T&Eh?F?2IEELQ
zxWS{ku=Y^_+?mWSo3SEfXS-i}gt`Hy6=RR{^59*59(W~P+SIdsRy8$~n&U@HBu7<}
zN4xjqBy>mYs);W;q0@Px3+@vMh8F4}Y*Sue?z<lzz{A1DJaRm7ymOoqCR3JW)n<pw
z+7rJcfsRHtwC>o}d97jvTzgApGeQ53d=8p|-9}>G$aL2edB!sTqE5{F%tSJcg77-8
z0taNd6@7l)gR0l~jjq#2)f4L+k1=q$-{8VY80X*2e!TRlG{8MeZ7Ye=9P1N0{_=@E
zy*R`mmoP+|7e7l_J(p(o!0HZEQ?}_+SXG~&Ywe!jCh_r|%}bBUT(RVZZ>=jf2#1h@
z^UWgr>||**G)nhPx0rkG2+hA~E_YZ{dDc3&#LAuPeG5w+&jw3Ma8c~dHM`;hxbRY+
zJK0l3W<%)U1KFNNhN9V`cZhFVUZVaT?j%%)i*DM`!BDlq)x*G8eujzfoz<2d)En*w
zP0n{-9{0jntJJ)<oikppqh<|SrMOL$A(J;y=u+Vbv7U05f^88AL)o&KA~+A%-P7me
zQ3&MjdxtniAGRA%WF|^cK!MxEP39QvFBYRoNz^7e;66BeW{*!lpZNjQr?%#PS_Zxn
z%AJTsX%SfroPwaeH2$FtolJ`5ULT=FF??B<nJRR_qPwvnlnT!tt=D61=-gDc8z|wX
z4O1T0ui=3Y23&gF8Pk)=4I!6E6rpP%dtohY$@gJ*@=n1PeVzTz+F{^(r1*`OQpFtd
z=!TS1Zw`x?c7wk6a0o-U#vW$WTR~T2&=yo;>33XqtV$K!vo32>;ok{hdWu<mHw!cT
z!-e}ddwYhH>|>6er^k77U9#mSU=2^@-rqtN-5pfkYwGo<E+rOx`K(BO?riPYtd)mh
zN4s0iP?#k8urR0f1#e=eX~MnZgQVm8#dCJ;!zyxFIv2TmQk^N6cgivX4bqYHJLy}|
zQ4W6H*FXA&3NQ?XKiR*~DGZB1jMDF9bMvN;coexrn&-t;6~ofRv;^J9$eg3JqqQ5$
zyJ$3&%rQ~~6G(&PEwdUKd;H1BT^Oyqogd!McH#9Aq+IZ$NcDN7t!!>Hyvw!v@v-HJ
z2dAgJHX)~?T*s&jHxz*n!ywP82o$>KH`QSceA5mE>zHCY=~u3VPpnSt<A3sNTbyDW
z&ey`SBg6N`EWP4ox4yqt)2NxqC%B1C)0qjApG$2|VG=8j&F7vLGfWs3xN_hxHpA4;
zZ?}^w-ME>A;g~5UZ!Y8KN-N<?B4w&K6PSol_FqGBc_L`$4$}*M1>b@$+G_;LneEFt
zXrPg88fqAnaD>7-lVqV*IVcptVGGiV0%a0!+ng&iFmE5wd3HOX9M&rx#m(n4QEz^d
zE@7JXl%>MAq~<u7$scxdtgIE(gtR+Gm6E~Z)gU<sBY?HK9aG$%>m&>#${p$yaf7e%
zF{UDuG2yV!7uW86#$$n@mRMCim}1+ruSj`HO-&Wv@Fb9bxCFidlkfH_Z_=ct!w+pG
zwm(8_kS@v(p;X$SNWlx610^p_aX8sB8V3k|8mrx*qV?k!z<NnL0TS>zo-nYUV$<|9
zW045P)|@Tk@a}EVTzV=<DJ*|@YN&RsfmHK4-y~R@zQWu+0^DJk$>$txFUTfOMXMAm
zExuw=4pm*BIrVnEW_)uN65mW=E*S41`Z4UY%%iBSQg|YlhXB}#n(Fv_H*|rpV+fz>
z(@l-IkrExtAn6um(JDbYa@+4#LZP3vp`C#$oh(e#U|b)UwhOI-qCM>>xRvrpX=u)k
zij~y3W2<l5qtxxkEO+n(N7WqsY_-2vaIdmv@Pwde;3b2n&7f9&a&bK<R2d%`6)=aP
zO@V^aex)uRNjpSUWi}N<6?fC*7Qo-vKCF(Oq7BPB9oP`p$?3faygXlV?x-e!*!-e{
zcb5nYbtF%O(soo>Vx`xbkhmsQn6fCnfCQB;bn;??LbypJ_2rj*$zqSilEXH-GKt^S
z(`+MXVoFRm=QT_Q9tO>`FG$1H(VQTuGKG=$X@=^;k(gw|Wd^R3B<r~MKS*gUp|Nw>
z$t58TC0i$9YD_04+E(Iale;A^r=i&KVmb5;Td4>EQ3bUUYvd7eeZIq!(4vqY^Btp-
zUKV~1NPY@oCasE}VR`F?R;Q*F&(ueE3s;t$yx@t@mtPcxg6>?kaqhxrCH`33-ghmL
z&>B%rQm0we%04pq=t85WM${8w1Z7dHWKsJUF^wQD_X`?A213Io=~qm%6AW1I$>IAd
ze!eW46(;9RpfI-wtURcaPaCWJZUizOx5_n@it3%q>dDz5Kr8^WdQNohQwiq1*zjSe
zA*O;J9?uU)GZ>D^k~44l1D%VxSH%o523V9}lHT#nWaVzxpBy-MEHhE&qv2pzwD!ES
z)f@E1KV({za-dEP1pE}A%246<BVd<(7K`FW6!F54tv1p~<wQHIp{NlD9M8xEK@H;J
zu=K{Z>nv&T9V6hBG(pJdr0hSR3pVd6hI?5$M7zhVARBgw!8tzoW1X3W4wY-bCgY9@
zTP3bwo5f)~vr5JHS#?Hx4(}vb)b);djTE^V8p>!>cSdJcA-Fl@?HaBjD*pC7^Ruyh
zH4h|qrxDaZoDxya*hoek?gt<4#Y$MzVjg=OLoe+$&8MwCqe#QfirDTBl{s)a9=CoJ
zs=0w!d9o`6F1n6BXi<bBrmR`p`M9DUnU_+?-O&5^DUXZ6sB=v)JeHSIUzcRTijAq*
zmT|H}fIf`=twJ~&MQaEC-qtMsykfUkrvMi|i;%%+CniM_x82sm#gLC<6)-igS?Dey
zd4l=y^3`DnwK`LSxP~W~)+PD!O-a~FXz=`q0q0@>gJx7P+n+v3KQ_rnpy9a(b`7gM
zy<gm&wZ6;&9Ta{z!|9W_t0K4PGyyj<effoT4Ln(u<30wl?GcodcD_o)0Ev|ugf*bE
z3G#yJA+cf*EFXAtQ%S_ymJup^(51M*QI3kt&SyBpGDL|9ato>zm(^|?F~E|IMw2Sp
zi`g59pqXkHbs;d4vxza?tUq+CotkBVDP&-beS41|vXWP)skcC)e&btKS8l@g?yidB
zFymrRhUta4*J}q#>Quv<se>6(1TPuDF0UXSoy1a$Pg_|<9moW?r({g#rC?@ykD_{_
z-m&nZybSdh{Z#2vwyjUDMto^U$|<LP=gn5kWEvC!r%n|_+2KIOM=r?O+7sa7el3sX
zzIrFHmS@9JZnDZwrF2q=ke~ab!Oc<mqb<9OA7k!90%r(mbXaIMAGS3eT7K^+4rouD
z3bfacjI9DkE`zOrm=WLEus;~D+%<C!u_CKf%3>V|y?t{OuLfC1>eIe3D!chO+_7<l
zk%@T6Z##h|z1I7|rV{^}BF2a6V+9S<8^4FBSbV_}J6~by!Oz@NFwH8@lF#UOL_`Qd
zq(&U1+%GXA1;41IOJ6I=+9^o`TRE&&OSRNx7I2;fs4*2=4eMWs##X-o0cH<|f)%Th
zoX0?z;Q!mP>&eiZMGvfAV%YV-%B-A&Llc5i*?~XfDGGt7-_+P-A?q|1^eN$R_)QD_
z`%mJ)_v{3EodY^yWvL2*(<rA=G!f}-{w}Tvn82MbM!5~pX$T#J^X3JNOj&?34~9s2
z<jwGc%u~qh!2=!#!g1QTl5dC1MP1nR*sN+H4}6+t#2Dm?kXqt(5$d?5aji8qar@(z
zAv2|iPWML(zN@gOUDCR!9z)iS8r1468~Ag)+d^!|FAg^K%w%l$<q&x<tFyAq)DOh&
zM9A>z-xk1SW}UbIj=YXQED1a|{Sb;p`)Kl$)Nzqh^lS+5FlBLti|{Lvt&esxCY;yI
zZ{K({`_4D<)!v$-b=d9q?yT7`|10O7F1O-t%F@)q_bp-nq@s}EsmXf3-VStb2wpw#
z$ldMokneq^191j>pM%Ow?f6{XrjhU8d@&ZStVll&Y6y8&Z2UB|Dfj*nv9y3J6?#;L
zLZS4%&4dUB9tF%-=y`mWmV@~Wj&_u7(W_nuyS93-UcX+v=zZyNwh_Z4^@mZH&>}BI
zV2s|lmIlR@gK!VdUNyQt^0Kr%Yon*_GjUXmW4QdmM3O<?%HZMWmv0h2^%965$+{_g
zCGUdSSX{=Yr^J>uW%n~FC<4|)y@nXV%rdhrvrmMqCGouQ5L+7Fi=wLt5-7v(oMQuz
z(%rz`sdqGu3np|(#_R~Vo)q9u2TW=rB*uI6-My=?dv9uQKrHWI4@*jbwhZjHKlvh_
z{8QeWWsj1Y<1XLK%~zik1JMi(Wca$U&CacwbQ3ujg#Ozd@L>Me`Fp7N@d}FcA$WnR
zSP#?cX>7RX?Quivo=QY_-c!!RSe{$9obG%~lkwFLe@z|EVIks~YH{!0^b8?6PFsyv
zMfT;a6kcuT!>NO)*&9hs_fQToZxg8ttTJM!)nn8{%>iG0?#>3q*7bbHcz>J?%#ORe
zfmWa4{f0H46r2;%ULWHUg7>|Wf*aEC6!3+rxOank*PAsR*EDX>y&TtdwQ~FZF8)oH
zy@hMiNKfUrXRFU#CZbm@Lz}JitNmE=VS~Q;?U(!u3}vu>Po}Keyy*80UdQtqy`?`X
zBq#s~m1a`16C@?Q5I%*wwol;FEb$bP=K8i<>RYp61}`}YHQ{cTOWw`h9)B%lN5%6d
zN3zzgah`>g4v)}m%Gz2!q6^#Lya8v)FGG^|3JAQ%b!fbOK@pe8JSV5PAh26xWCE<k
zvy%nL<id4gni+3Z;VUPQ^MDcTb^kahemcB;A8XUNvLbIaHtW@Gx;tJ)*~^Cuo%wwn
zROn!Q^r_?3<B4_j->-r#@BWSvEuxz^!mEwbGmRmvgwb#5!jd<o@1BmIXfiNoc-FBO
zP92LS8s}6~gnC;{oSfXdYXM4(l^t(ii<P>XZ3U0E#Hx*lC@SSP>N8Hl{5j9<CGFc9
zbVYC3)qvgJmKv9(Q7l0uvI`aI?|)iCPDk-!X=41zWZI=f`sZBSFENOs*8K5)pbB@0
z6)Vw3^?rDso}-CU^HhC(wrM+Oy%Ll7xgGxlm2NwYQPUk)R#%%@F7sMQjX+r_87}y?
zcBksoU-_<qj1W`6^vyVdy5MP20QVf)Q`pr|oFn^g_ft$i2z*YB|J9J;H+BKJzkEQy
zIsht^__t1wieC4HAV0r-irf0P!J^_dnu=s)U6|YxFCnQkefq8+*qG8<1T~&$_pmNe
z*c|b!yka#}B}YyY)Y^rev34|m5c<GJK5Z(P3>=K*&(OpACoJ1m39Nli9hU!{wyyot
z8I+E`SHSeRl3knzC6(fb#~80xU2KI`?RT$L?g+f$tlHF*(Y$f!oL1`Y66?dmP85}P
zDSC~e;yV~XPQ^yjSjNvjShUJtpUc&>co-36zH@>|dzzJ-+DWfTysI}>%=1S{f^Z|$
zJ-@Deor^ho#Ax+`I&?fyc+>XFUTjAm&!SiA`aRQ?0Vbv^U!D&v_%dD*p+woGEs0Ay
z1AmnZf*zeU_#?07I>RPH1bLkepeF8|<Tm}&On#L#cP`+aj2?Qcw`2~!YJRZ2x!aU(
zn!t4FcxOJwLd@y7?19BRe=*wA+D@bEhYA8qpBZ1{1~<*X&?m*Ljy~{>{V>>vF;Xx{
zqLq=3ualU-6N55Y^57MJXq4y>3ORT|1q0oaXS<5o@ct+Vq%&;%NR@xeVyb(g1-^v0
z8)jv9v6=Xwt*9f!OVZe(xX82Y=xg}p+M{~Sr&v}k<C2e9=bH;HF1sbYS@SAN&Z$}|
zMBMcv*EiH+W>sRMn2>Ya;s-o3EbuZ%R|es5DX<Z=RJ1OEax(WoG`rinq<m~s-Qk6x
zVwPU4_3QC9MT~xm$=ZGuDecYI_V)T&I_u}6?Vj$&nim!Z$<aAQ_Y(?M@fT<0&h7@~
z1qB5~N!?-R+CN%M&5IALQ6BsHcuO<pmIqPD_x;zf<TFcr-ZvaQNUNFnVG32%$rH@^
zXaH5tV6zb=rCx;8i3TU$;h9{hBILJW+)HMA>RsVOsWCHIcM}?6n<6OW4X2(R-?-Xy
z@7=r9;H0JTgjbRR)j8Xv-!|`y7--J-Z%dYDIj>wEyS!DyF*ZaIGFITaA9UtQ&(})g
zyy8C3@s5yo{&Yxbcb%onSM>^zQFz{IIa@tiru1Lqyd-3VL+~6X>lYE2p4wx4ymmGb
zE(jU?AZn#@=Yx(S{`OcQEAv<4;>9a(23uZQxV#-l!pn*>_YOYbC&lWz^NCY;8h>_>
zK>*%Q??Kr5bFy@jSV`DK;2UHFQ8*@@EY;)A2uE)&rMYIO>kcvZMG<~}EK;pn;_uhg
z)tEn9FH0eGM&G#{OCMR>8t6OR)V=Y=@5@uNXVr8xlqI6ypPs!``Wi#|&;9YlTGfNR
z+e9B4@xXq}Tac7Yms*QT0rW6rdn0=6`?jnvkqjCB_8s}#mg%aY8D!uR3yyIj=}dh5
zW<gTgpk>k8yw%aAg!apJRK`3myp%NW2(Wz5X31Z>TlRC7?0hvKCb{z1^cq?_YuW)h
zY5Es$RpM2&xxPmtk_iRMIVfpG6E_ejGsUoy;9KZX=D!e<Z0HmraSq<v0(heyuDD)f
zb~tBthDzGOYNx15{~UPxX}293!*@${;lYi5e%IS5>HqxsQxwZrr#c6cdS@oj-Ax?(
zxuws=bFE!k6Qr_fQy&r-(dxBNm{^64U@-;7iaD+53~#a4huju;w)}FZ?CZrJFbP0B
z5M!pwTCkq&o7+%!S`+2WfQj}OFJ9n|`IWxUeB&W?J>@F#vl}M}#SI}L<YVq>Sb0$J
zc5SXkXoT@QympMD)Y9{049?dld++BM{q3z@thM6(`dXt$TIsJJtSv5rJtC)gmnvm}
zKy;%TDV*fFrH`z=y9IzAb|c>6WmR$)H?=?@*7B)6l%T+CEvg%fzh)hRP;aT^J*;ul
z?0MC2`6=nPZl9NstC}(Syx7@Lwj2;k<IA-94&2}o@`%cUM+n=}v~pkN+uUBAjE!u*
z4*dTRGLN%6Uj}`61%STlD~DtNKv2Fu^LnQ!<aw<BynLiUIwaH$I89H($$uW;kz#87
zG~ctz%Mg%jL4Z*hX7=W!P|PKmTwE8}Pmgs2=5HFutznpM-xVdAOfY%*!%Gl3BU4zb
z2k6=}G34S#{=(DOo!&s2CcR}F-a^d!7Cy<YF_R`7Ad0s9VZ$7<t8&<toR)LFJKZhA
zgjZO;msl!CX8rmQ|A`g7$Cj&h=eHDYseO6;#dxi3^9$X<>nNYNccp}htu7nO!ym@Y
zzU<R+!#LmWSwe+7anOF-K{b8>05EBY$`l2R?E;1TODIu9L8^}}y&E+BimhmPBnEyS
zcea!wJ#G+7l3IkU4%Vv+@v$xL${i@8ot9lF5tr`U#mxsLiC?CkRZF{uU*WK~>!s+I
zpa^moxez#u$k3ting7UyM&S~>r$gn}8Ssd8aQ0Fs>)R{2_6-XyQFxfAv8|aI@ngwl
z_BV8vkIWvb>9=hV8xj)}vw4+i>3uuwQ7{z2_dry9A)HU*db`I=hPyCv7dY<Q<xOv-
zcG+MwL~FD5vr$Ee#)Zp{DBIdTnZeJW+qhmb=|E&?#V2fdyK{myY%@Aw*lw;&z%YSI
z@R6$^xCOS1>xXD9>x6AR6bZbSwj!VSDxM#6O0tZa#@FwTCaCDHj9*q0S&;Zr{PVX!
z+*n@;4hbW@aiF`is{1u%@mj`wNi1F4kgI5E=1#dpwT1Db(TkmHiybX`%Q1aodjIiw
zSN9gtBh88Vc`&riaLUr@9igO6nw;1+WMA*vAb~7CPGGYfw^-#F3-h44ZEe~r%;537
z=%hpUec9DixT9e*(wn@0>bqyNU(XeZhi!@IL**z?8R^wz6t#+d8kjncWCdd1-@f5C
zbXWf7sCbXN%jcNP4~;q_<H7LU@|c~au+cy@i&vlCj;_0?G-EY3>OTsUIp+f}PJBSQ
z6+PD%^jNvuG9uwd1TLyT_K}I@y+!{|hUpS(A5HZ^cQHp<#RjC&F&T_IO~j~XVZzr-
z$ax_%K|~^EBG^1ikNJGLZ=w%%B|T1XZrIZJcnfgN+_D$SEfa%Yj9F#(w~l-c2J-S=
z@6YDE>c<+O<K}de5*4s?{D29hz^MhCK-7kMS2c(7(1DR9iaDZBEw~h2@d@>7dX0Hs
z5WZxBsB#Fg%c?Bgg&UJBk&03~GAAra9CbL~9yr-P29MYY^jjMUP~f#)l0);z=AJ_M
zaACvLf#l}1vdMc6cTqwXHm>)l?q*;`@b@Q%*##h%zOMfafG{7vauRS3t-W5q2>pY8
zl$0mwxw*cBrXpCq;C!6h`{u|7q&@jVG!c~w9?xzbS34@CuOFKx23CSH29~tufkQZE
zc9_mwpWR^B`{D0vypqr{Kg0O&5^8@Q<`I7fvia_yrYhn@=X*6k%4OQsu9G!P8$|71
zKuy}BG!jCHXZjV4neq#DIXqGchi^r*0O$>TR-UoOd7_K-HNkSWu(&Wqajw1s5FYE^
zWciKzZFzB@KYNvy?u3RNny#2p{d%o(9Vort8O>m1n}t*!pbjn|v0>AHV;aU__29|R
zW9Bq22K@dsvTm0zlm@n%LI_?n+G#nD`DD$0N7_GFh~bNnb3r-Uf1Ejsr{QYKw#3kY
zv;9OI9C1)GVHIj1NY{BvTwKXRK9a7waB~CajJ*JY^tiRCV|7oL+`{Ct!xZIP?c+T?
z{Cmty^gvorMgoqQ(S0hg>Bh!y*66;5n?N3_X{?ts>U{RZz}c)-^C`2mS()|oSghwn
zb(Z;!sb}wTTwg8KQdQ5ciEaHjwENIbB4%u_K$Zqs7~(GK*^2;iyZ2fUbn~_KTcOhJ
z_r$hsGbY>Lnh;M725KFg9952q1IRC1)Y5{3^xwP7otnm!Ljkjv7j3<3Y1=|ZOFJUr
z14g_?rFX>@aqQ|KzhO|8N$hxykD(~1@l1UHcJ&*yP7Y93ved}ksqb1?b+qkbck2dZ
zH61|ETVw#G0UX)@&4aow0fg)Q|1ey43qbktQV&(>imd%uUid^5W`Dk@!R*3nZgz;d
z$g?HY>K%Y}*W_*n+e((;Bx1I2mL;1cxdL6PtEJ0jzLA!@*C$LD4nrU={IWynS_1j8
zd(FZ_^Fy1%FEqD25B<CxAvXNqzSZ-K@Fp4>4DDNb9H(Ji1BieyJgn<?L1(!RGW#UT
zLIgqwZwk~QQ#)Kk3GU!<=|WAUEzAfE5cO$y-Sa@+%ZkZtj?$X($}IuI1xOnWy>I9X
zbso_QKn!vg3z@hlC0wK4%TFuv%%4ig;Wp)dujz12T|NF_O7`y1jwZR|tiZOyQl3=2
zS3%WM)L?e)F@fBfV@AHBJ;AknW`4mivz(gOjA+swIs;?_&zL@QIV1}PW+dV{e!k>=
zO97M161~LGl;O;=flPyM;{G3^^OC=a&PV!AqjN0Z(=<|5HRU7~0A?#mMbW<2S2som
zM(>zSgaOGxvdmR~^nvLL6gXiBo(uPol0Nz`C-2_*2hsQ_Kc4KVm(Avd;9(2KVhA^}
zb-W&uj=|N?x?!W~!tFw~H_3U&>tX?AT~M!4c76oB=0g>6rp0xvhZg5oGac~igRnz3
zyI?WFH9Dl%%2GvzapJ3o9yW(vsRcV}a*a2$KxfIMPw2QI0wuXJr>8sr8?P=@dNPM?
zg~$?JToPZ6ZCI6fJEg<B4Z}j}u#yPWCL0i7$!i1!B~o$y=lXej&`}1%ImL;F96b%k
z%KOCPZp{eR+}Sh|5WPo3aKb1mHa?4f*^RYwnTUk3p#M5q!%y$`-8t;dDN$m?O5#!q
z*y#E;jV3n)oLfIR&3E+MyG`FLC{2xit=pps;-KAe52ahVqWNjl>yswE1rN~9+>sk{
zgmx%~r+7IO58!5g#@UjRN6v0;p9Tkw`#odMa7aak!{h%79%Y}I^YinQS72E`y=JgK
ze(4CKS!yD|Uyu^z9K-YElyqS2iS+Og+NmBQYqj2AX(=<^3b)~9KiXSmj_$%{KgZad
z<_dT(1iycpiG44M8$3c6?9jI?At7<UGb$A1?o3nyLkFLuHEGGgxE`fV8{fyJi1@ZA
zbQZrzu3>z?k&=h>{zwJZ+ig=^Gd}oOr0?1IRhBtwV^ytoZM>)G)%u6~7!o(WPK1qb
z&IS<p@Uk;(j;UyMVc$Q`g6)!BhU}`9ts(eGz(%&W6awW#LMvJRVFW&aUY_jV?#zZF
z&s6juoKcHmnnED)zvL(Oh?X}gc_tFjFXE%8K%&nL7-^0`(GMu|?Y%G^OR(v9Z!o}6
zm6Zn7K@`mJI>u4MVUcUwr}<`2CwewNJyV!;Y>TEISrTS@d`E%$B4Uw*5{0JBA^E6x
zeDcu^iLd?%8uMuaHy#$&+OaOEAE8RpNR<1vhwNh?L*8snCw(F}<bFe!=T-gr!&|R)
zzn;Gfyay+~vP@#I=+=l`V5OYGJI94Zr*~nkjF?QN<9KgBXC}jsvqa0ufoXYpTXBuR
zdY%ibCcMLC3cN;lOt?@Nn{OD4mEMzs&otyR*W1EjS3>caM@jKO-i(sEPL?=L@G3<p
zArn3iFZbIg_2!iM$P^m}fo}UE)~6xbSR&Q?1ji7#lc4QFV|e#oeV}t@Npvx_RM*uj
zS8O*Q;|7>cNE!A%>**xVsXVedYTbOLdGE@E7cSMhFA*nTXX3C*>;{<4iJ=?fFi^%p
zp(phK=>hGAl8CBzHU$q+W8`ka3efs>Ir2bX(GxoGQ9W!#MR_48dAfB~1I^x}Sc(;S
z(JlrmO&-{i3E`<yT;f+m3{c6;n<f_mF*Q;!^{S8&QS+_I3@bb2H4koc3EtG*&>5@L
z>3f_h^el12$dk+L%i`$E@%eAtc^(;VrsF~xVpR9v8Qip%y5K2u;pv(NYDgeA_6W5M
z`v|GSdA}Xd{-7$AkZ;pr00mKB!@rUho|{v0&)4}1!B;bzRNZ@2;wZj*XaZbOyM1W&
zFR$U>iG7GI88ZJ-3yYJSPwpkRr#97NW?}To;wZ_GJ!FnuS-M4;mh0*<hwTiHCZ1x!
zDDQ59x!Frz>(Opqmq!mr4BmxZ9oRIgMvT~)U;Fy~8I>e&&aTO$M<T~+n-ROK%t)9&
z_qi>u9jSP7Xa_{yAeKgjAF9yg$V3KVN=VV~I&@n@Anq~5iJ-|Z!>ryY2^pZ|R3D|7
ztWRztuQ*}D0-8l#FTx@DZH#_q%CStJfdc(iBq|gOm27CLrtTkcF`75YqW|KV=*>7J
z43zuyWPmUqq;L81!|+o<U@r_uk8l*>E#JvCK^MUWqvS!>7Im+5a!4lz9CcKn({v{B
zK9<}f2tje7c3IqB&b4?~TjCw@+3qGx>@8z;B`-F8PhjA^IGm^QP6@`hoUOig%#oId
z@y1q>hlT4sMq@C*RiywR%|<|$^c<u`6h<d<r$6khRS3qTR!v9>6fk)BYK1+CXC-}M
zlZz_<b9VthP+aid2Nks{kMWg_W(X?p6z8kk$EKBVVKDQ3Xw&Z(h*3GPrd*_4)&=UR
zlaOXIo+YQ+i|UyPqJ7_#XC|X&^^7HljoeMx*K6ycwlb|1YZ|^!6(9MYuiTgem7BY0
zs2^|m65aM~E&5X+juP37!SV&z<C2t9=lJf6C(H^qS5M3PV=L=5Fx7tBFk#Fx5Bt#9
zF_oLCmm>d6wgW1--z7YNOufi;Cck@IrUOm4AW+c9DT~VOFK7W2cK}D5y@r$WU*hwW
z4@Kt)pEc}b-|3_^4S+FM1_^neG9qU*_}`vLO*6Asqie7n(6Vz?f6(&M6cG4kQY-IM
zM>3L9DU!ukLvF6FEy-+Pl-<>nk6YGYx%~Jz#VshclxKXci0%dsz?%zJb1Oo?Yc<>Z
zs}k2<<GdBW*{O5mcx-{&*yuUQt}hYeM8fl`D$H3o3Tx0AFBQw!_|<~*gfXweyfwcz
z6_d^?@qX+k9+2_+XugP1X06@(=4!9zC4Q+?oj}oAllps^<Dr__t=Mg;>yO?QeEWhx
zJa_zP;d@7`VXl%mDs}+mPPl@fe42DdcAM`ddr+ltL*|Oje96F`lRB9!ksHCo{Z;J}
zVM#``NzaRN?U|>Kk4Ej_?^o#tELYq!ohCQPhcCaXeWK`b2kLij*!TEa;15*Nr_2OP
z4<p($dB>N%7woNRJ{wAtDGRSmH}!tEPt}mP4o=3$4c8W0LbDOo2kGb1Tp>YAdxP}G
zX#60E*%TyBr|uoz?VcSbv%sG3IC-Jb*KnzEmc#`Gm(W!B$n^Gnvs4mq#qHZtcaB}(
zKQlg_%zBR|bl;jzJZfutsQ6j+r~VzO+nu^bUx$$SwIP;uxT@Li&i6JqDMQz$s!+}n
zMeSh~0CMEWzzb-m8G<2~hrNe&*|n$`uN7Ror_P2-WJzW%8rzf@n!i3-CJKhzm<6ih
z2z2+TgsDWOh=4eSJL>>V6b(|$o4_Fz-mr{43FuS6q?5*(?H#NH9)s6!OAW4f^u`p#
zd}ga)Wo6YkvPsEb-p>lDu%p~#bR3}TkkU8$s$$u@;}vr8?0`90_0Mj?KUW=QnyG+k
z!QF@6t6@=b1DcFx!M_)=)F_LOy7|$glfF9E4@67N#-j`6+gt*X4QDU{dDcL~^@p7b
zL$W|>HS0f1FRr;g^M$i+Ks}_nC79Fmm7DXcz0U2-Zu^n8r?Zw42?jm;qlx3iZynx#
z+|P6{yU*p+wzR@l&&xiwF&5O?W?@n@V&x4Fr%JZG)%jzmsH$e2MEauuMZ9<oUkHmF
z%sh?`h~wf2uiMh65QLC`afe)N)D8M^+_|lgFVI#$(STeyQ*_eFan{9pIs}Zz%QA8{
z*LzD!?@?Lg%~rcIl}>fPT-v%U<Zh(BQNO-!cXUj`a5jBJ&EpkJty4Ba<pLX!s)ki^
zLOSa?s<jJ!qRk|ku@Jyx_`JR^z{6#!fZ3AueM_Os<SA&cFoCkE3L%5_O%}z|?Dqex
zL$-Pq6eRmMIkU0yzLnXdE&1WU7?iGW6);CqDzyhL#63`RnUgC67>mi*BhqF-2FHTI
zD)$v9taU&(E--TIE>qoNuf7uqCWcGD7=Vh3EJ{fk%xqvn7|sv$B^Xo}x+qwEZev+f
zNMq`sl1BFX5@DY0@@2Pds~@|3VOfF{+>1FH=7eHis8gt)ILlD<rl+a4KfNnH0N0Vp
zCVEbqI9X7!k%!=Jw!>SozQ8JWO<Efk2C<72@0SE_jVkk!{0E#vrGCJ9i|HAhs~Z{l
z?MR6KT1jDGC1de*p?YG$p8%#mNZx&|ChhV~n!)R~k8JoJ>Z37-;Hvg}obH^ewW;zS
zJLj*s`+~}3=)kE3^*1D#f6Vaz0#^_4CMW#-&ot(YpI@8%`0-=FYW>Llp8lGoUsT>t
z&SuJq{|_w7Z;t<2B@aX}-Pq4+<xzdTAJ*dW%Ox+-YA+xwlKnC_BNb&#`-O|$%8R}G
zM&Zu(cBo|QI{8^C7T{d8JoZ@I-LO8V^L#VTy>DKGEIau<RA>9YL-aSZ2Nh)z$u*b#
zf#QPNBHZ=UBRwcz-&VB}J`7=de4;g2e8BkPU}@w_JNMy+{3t|(qFTas=5zm7-ULI#
z?qm6><`2Vfl@#ywUpf9&rZ{<pg<_f#Uyvi(A%Q{-zQ57dRMSl;b-df<V7R&k$p!(x
z0~7AoTMd4Ix*$C+2wIg|a@E>i^K(}0dp1_?FVsQ1wNj;bM&9keziJ?sltc6AAmCf@
z5^rkPBqv_-Z_cef6DShA(?a+Jiu(&bBcXU4y1;Z9Q-xIlld=~}@g<cLe2rV@bdvnI
ze?^nrz6<)r$LYHw7(&n@y#{CbG4sSN%gDgu^ge=I!U1X*Su6oM3#C#-EKYd)u9Eqo
zNu!vK!H3)7NeeHZKNtSq7|>9#mc+C4!F(a4*U(G&80yl;_O8qOh$ir)T7HJ|F-Fj2
zZ~DIZRFqlShr;#UK=@SLk>ocg{n;Ytk}SZ{PL75Cb8MvH`bE}8M%tX5n*iSR&V2yY
zY0NfE1J4davVjFVy%1@tHvtl-V0!MwTpLxXzzy2O;cquB@3$9M-Ljq$ymMQ}!*e$9
zlNzTa1#L$IKyUnd-qjo=ef509^r!9Gz4)EQfTm(3h~mAI;e!n#`Bt1$F_`-QtS*|O
z{W7mDFGO2n&Rc;Dta}6b5CmVkK*osy;ef!PzM%^bR?M{Cv!mPxNY%FX{{mQC=ZM%7
zr}#z0{&&*$N2%=pXTtUmj6@1<FrfWfU&Ay3v`FU^6#_3}mcLY%ueFybdyZHOwQ$Ed
z0}_J^rUD1mC=^j^=)VyNTQ2k35&!qucOAad-ySm>UUk#d{In2-=XJqA0JZGghmC{r
z_Qo~$j5Mrvn{4TfP<U%EA6g-5;{1|c2)4ZyHhuzyjC(BZjJdtMNowSho1FFPsItqT
zrm72&X`B!bUHEl?j_8c>k-iAXZ)lb8uV8l`1M08-j?~>ZWu7EpXWY5`nN+CDY1G#G
zwx)V~w3|+|i95=#YlK)y(#r6-d#I1)P?N+cH}}vL%KU(4ixLnN01Sks5a|A9Lh>n#
zJ#7S?jBppbAnk%uNd^uj1526$$L8B?c>Bm`&+g*vMvzLIs1oDR+9&P-r{yEt_WlmD
zhgh^;Db=ZaA+TO0pDqjqB545|G~K|(bA}xa!9!+UYwiM*Vv>Vl>53|HWZz%$QzQUq
zb@~ykbB#O~ZQ8?}ubY9M4Wz)vlx#>nD`FB`QLikqc;};!D2NA}Oo|-8fZw5a_=Q^x
z)7X3cZf6ski#(m`gI5zjdW3ns=y%!pG#`=|(@!{1J8nBWAhp~2y{>(51nbjG)gvdk
z>005}!>42d&u)1LLYCjwovbJ;WlF{GMS2$9al$@$8$~{}O99aY@SsNO)j?F81kyY2
zK@AWx-Bv3=ufX82@O1)N#rQUz3{h_`0k8{6?4;o2B~akA!}9jn&y0RP0c_IvuSk(s
zDMYY^KYUKE|7?Q3B*&(WK108A^~iMiUkS<-4-c=3cLEkw7m#&C;{$|*XQhNr;T=Xa
z$VWyTT=`3tcc6S1b-Oh<iZm`M2uZ50?=Fa}1-Xl49c(FFki=C?WY}9jK*?0f;<C%D
z3U)A-t(TDt|5USe1KSB79}FKUUe$4LFVeHj&7RJxaL#%~c+HwqqO|%zucN=G{A%^5
zl|{pS)twJj)~e2eE%!=u$30VljRR=Ue#V2+=iCRi+MXBENssd2#)Cerg$PO(d>Ydf
z48BM^H5;Dg(Z?7RPP8`@k+E_@Bd`}FICgq<J#9005~=*s7F4usI*0V3%1m{_3%peR
zRsDw{6EB=Hzi+m1UwigAtE8HAM9-dkt&gf4Kek^t$+&!KD>9fc@G;un<y;>2Ncyx(
zkyPG*qUr~G$-#0`&sbntWM32@K{)AuWr)bFhebUo>_iP!|FGhZnJyR>T3A*nj^KSy
zY_gk*o`k^^B1EaZb_F#dvbCHV1+}t6&dz<)m(tEARNYAcS~Od{Y7A&b<RM2bN5mq{
zG;uqGGqp~RhGV>%H;N_8j$qe^_PbK<zK%LR@hu1?L-}vtB3&?4RKQeWdY#Dy8GM3S
ztPex!V4QVgG=1*y(%DD+x>2~2lLlyApHFooFo7C{!iS(dF+{EN1_c4O=jL-eYQ0B+
z?hM`p0wfBNp>=|v_M<@%IE=j{XI&XO@ZHgI{^pvc5n^Q5uGOt;;fbU0MS#~urw-#A
zJ>jL!XnCA%o-}~?U(_ei|BA8)Y`|ls3*EOlit<N-@#2*aeZ>6@IZ8LPtEiJSVk1xq
zce&yoMHLZ?_fF4igBj|t59WkPLWH5|g@ex0P9SomEPsk%e*2ar%X4)x$5$%|WIbCO
z10NlnSCWrp*Z8g@Fh5;b?!@o;RaK9HB1B=pHP>hRAtr$Q>dD%evqSSMG%-#BLIOo@
z3-1%FNmA<9{<hk)d=l_(h~%-MarxRGC<8J8x%7h+ovcAEGh#AlB>@eDj|s<VJ?~L-
z0wa^5J^Kgkx&&x(%+<iM7YrxL<y+XlWgCALP6B2-2_b*W;ee=P%Gv(GgE`rq$(48J
z789DXRAHcVJc#^RA+X4%^2Hy{j3j>uCCWJs=o2gj%ntnJFX^v()}G8;_uQu3na+jq
z0_QkvEdIc3v+aHYM)L}xLdC;xiHV6<Hr8xpFwZF=(VgD`qB(*7@X7IKo)?h3JqJA-
z<B*1LR};20h@4($Jo5kVT4L_Pf#!hoLSk)Ibs*_QlMR<Um>oiorusG+68d@CppKja
zNdMJ}kn7ZdAVFD(xOL{%gpsw?;#0QinAZA*l^`a%(mb!l<)z3YHXPoY{hksKqQda+
znxHOh_&J)fj2zr|>|qU-Hq)iJ12rL!)P(OjVkYb4hgebg2PB1~im(ntXRdV7<0ca+
z-KM0XdK2@A4I2nC>xt8Bxn7qEa8kH14qKM0e`o*}p`PdMKjtC)3=Cxc@G$8P(STkH
zvnU1{*M|Ls2c61B#@l|8J@k%fgkWQX5=zV6c12BU1+>pvehAm6ueY%Cw|4Vw=vu23
zFnQ|Px}(e5V->L^FTpnnZXvdAom6IU2iyOo-6IV9JMG?-^uW!F>H-btOB0=1JB)Ju
zDEZP3@4j$B;$7p(Y`@5dHmVYKM#&rA1fe^14GpUh%4VnpDky%)5P?x|`ig=E%j=2f
zP~c2kea}uxgQ!mS|BAv+`=L+%j|bskISKCTH`QG~LI@X&Nx_0}R;W;X8&JFVs$pM-
z*`xT_+C&d~W3}cZZHD3FU3qZy@#1G3(jj;!%7%X#HTx(q`Jb;(5M4isojVOVA@p0`
zNml^5-ouCh#F!0ZEOwnfOESN--&@%_Wk~G|BO2LD25G;!R(xO0J20r}rBhXf%l|$g
z3fD`882>;rCl`WA!OX3>8y7vz5C|TkTr*M!T_-e(up}H4b{A}*1uGo0O+2r|zK|5W
z)!{PEh}QVw#a0mCrhnHQ@vQhW_0y34pXr*z^3S0FHoDLW3_sO(?Q$XmgR~PUZC9l{
zkXGn47`dx3J=QB&@un}D00lM3ft&Vma;pDSnvFjf1-eu#HWJ$;wlB!^+Wi;N0VlHR
z*||<FOPwhMGH>h4QpcO|p(@7GjoHYZ)UHckY+|s5DN}HMmsT#S$=^`Do`A$rEWZpG
zj;q3DNq2+^;inmMAASgP+we)rJz5FF{u5WrMT=}12;rtW{hb%eO*^Y%75DmlXh<Jp
zVWq`feGQ=edBOIRE(OeEJ1kg$EibTZhaBzQ57xeYOMLgPHuumn>KV+R`8?CVr%Hz%
zbK2bzd<!6UyRSY@<-!<M`4{aS+y_=2A3xq%pskV+gs<$M@Wj7)*^^ceE1{@AR2GSU
zB}6~P+(lLze;LGIKUEq2q!N58McQ~vjQ%=ON2z`<^DA+?6C8@wttV!F!qRr92R?6v
z1ijsu>#>blxm@?m^k*jik2DnrO20<cb_AW!UJhX!NpBm}2Ppb^s@eUGtv2VAyt*0U
z8>~fS{EQ@h<!(c{PIe{z7?2x2D}Lh==SC@2EiQS*Tz_7<>G-gGb~t=YDsO1`yZTDq
zXWpV)x?Y#UFmIj9!htj~J94r#I>Q3*H8MG^HwJkGWC3jyf8Ba<yab(mu)N}DW@jW`
zSyHeww0ES0`|`tUNh&ZwQ3L3Aj(i=#FroE90dpC*`Z`{-zr8d!B<2cm_|;i;{40`F
zAld6N!*2p4G#F1nOH&Ju$h)GAuS*+3f-f9=rCb0-SS=)UHux`FDh&RjrDEmbSxd!l
z@eqU?0@~}Wt(XJ|_pt@thYPi>dfxz_{)b%?=M_uN*P&WB>J>02QSV*S($n%f=w-ZL
zej;^h2HJK0M=+@)curKw4gpnDC4}G!Kofit9hAw4DNy<@Py#D{A6RkAauETN5#2}3
z1z!#-D(qi73%*6d-OFdHVGd2A@hrb&c(bd)c)i2`zzDyjWW*PZy437%x@WDBs?cKB
z{GWXgoS{GZAkMQAXKt9vg#!4)Uv@$KTJpc?fB41G{eM9TV&BMY|BVN3O1tDF$L`Mm
zDcQaFQeExa*Rj!^2L{ZwE2UJQW7@?Us*`uWRQ`sB@`2M1g}U<X0K;vXJKGrsCx5R-
zIw+Zn5C^Kq{W)G+P*DWci2ZU*(q0g73BZAdCcW`Z#@Z(0u^A!HO>z%T)=9I>_P>>5
zwOKTx8f(eUoO=?LK763iCOBiEi$Y4hJ&KCF=WCRt2<L{VH)a9)>L_Cmx9ai?sl+D+
ztXOHKY~k*s6-OC`uhsUF*sJvP_rD^QKZ?#>mEmE(yEXP39svropn+aXy^|Q%RiDx)
zvf*Kd+Qsi*h+c^=WUw7*`6qdSiV_qtoj4t`8AfgrZZhEC5-ejE?R;wos;tY}k|S>>
zcK-mRLPq-kto<wdDJRv8FY3hQhW~gs4jur~(66FM#YZIbx0bjA{ZmeottL#Q;DT#R
z$y7-gQ?VIn^=8+7WCO5^d*18B*6~o<>BTp|9g-t`MUzt=h5uFFKY;c36(G(Z75rab
zhy!)5XGGf+U+cku2?7iZ8F<l;!=#Bp;1N6D+N=$kvtD+)i2$cCpQI*U=Z(55Gmaf#
zQo(;kL|&gb=9WFHJpFdXh%t;1yiZBcbi&L@MkYs>6GAdHMpOi!94sJN-;Cv{EhKqs
z1KpUPn~du6tKFQ{v79Bjo;cM{@XJy$g<l=4uC3X-xenBHS3}m~3Jk;E4RXIOO+v3t
z9(12rU9Wa9lRoE;&!VRRWzmSu(neJ?y54OBLlX33NPJxtJhbkszk6i8qRE!8D!zr%
z25K$;%Kz>P<DEa&yhJpS@Y{;LPC%npv9B&H(u~N?W=#Rp6&2DEQngnFAJM^ic;9_c
z=kRF%lO%-*7-;$s>mh30rP|k=A#t`Gmx?$Z?sIgk6~EE9H@TOlV7jLCIPi_eQPeXG
z7UpxWK$^XBPXUvD;{lfiB@b&IV6BHeNbfds%$DX5JfQ1_|8PxiHVRMOd-)DrS!s7E
zm<>I`{J(UA`9!?IV8J^#!I_PC389zL(53laIQ<Ne<V=4SPu`oI6;FO)>8T9#zZJiK
z<H6sTy?^h@|J&j=aGdUr#lLt_-YN0O&2o5n=Qp7JjCDq>Soim=R^1A@BPYI%gxR*u
zvHc0K|0*BtVgnzgo>niOb&`Uy2x({57Iat1fpZ6FU6>uH<dy%cIyO-CV2%A*_1Ix-
z{8l`D&^+!O0KaHLqZNYzJa2>*Yve!UD(Qa3ZSS@{8Tzt>{A}*Z6r)zt&E(Z_Y<@?_
zuk^Q#w)s&=`NxE%K-sw_0GuMAO%u&&Bn`J0>kf}rN(3e2p(g}_`ijBZUF5||EWJ2E
zi;|`&h7=*Kxbm85Gmr6YBa*P*&b`P&zPl&gq7VL5jW$le8x5`YSXb`|F&nt~P10cE
z7$&3R(r3oh=yQ`o`ge5q@ETnauZ$_Z8Wv`P%2Aieic(yny4H|PORw8#52;@v64V<O
zjJJeY26REYKD%6;lV0bJR5r6EO@)&G`_2JD%Ff!xh~L{c+7$r7ijHAknesXXAoCeO
zzjF~poiThbg%OR$oBA=J*2K9+=rKdTDXZ!PBp<%c{C`9x-an&Kcfu(uIp_bLXvPhg
z2(q@v>=%N@1F=zk*eOEB3t5i}#w!5vKtLMx*Yh0tlwFZxFvKMyz`JtG{!xa9=l45I
ziq`Epp>Y%1uu&^Io;?=-pwLo9ND;4qNlpxuXka}&8t-{rMK6=G;GKqZ{D{!ncgOM?
zw(sW-(Z0VmG`zLbrgP&BVV=}&-EW=_u)(Eh{9hX$W3NUJff5$`3|&Hvz7=cpA~`sl
zFCOUUMJC_Psa6L1YqdI&#9jSa<P8729rbsqCwUFH(a0MIx1}JnJ`Y%GUAc?UBK!tZ
zbiH&WD4X+<p06T3S5zb%Fvz*gEv;eqEOV1=r2qAV&5;jDEoY5R^3#O}jF%=V*A{|r
zU^(eh(^7}t?$7;w{`@S-476`-)Q*g}wX_@+d@Bt5l|lXAg3%w8HUNozGWTyK{9lD(
zf8yW%wjK4vqt0kLV}-yiwW8Ha-xE@vb9-GFoKB8AXwYhAJC$`dfB!pKXBh2yJ%4is
z(pxsmH63Bxv?!9-=S>E_+ww2MtMfy#+>q!z@jqF)vGSFb#tT7Y;GL^yMU>osSVVb?
zg9ebHCuhf*EVz;#vU~V?+x3!bh8T@(X|MG3*cW%kimuB&z%3XU6h2(AWVT`y3Ep~^
z+{1DmGENALQkqP<8)>FehDHfx$N~)wUDC68vTrXi6W@9da`YFfng4=Qk^oMfmtg5p
zmPcsYy#XaxYTXgYMl}&be~wPuKq%H)3vk;=iE^X6mQSe{WP1U9f;}17Jv!7u!My1P
zu>U$T%mGYs^^H#z6h*47BX@%YDZRzm>uS~G{++a)_e9!$z7ab4*$Y6t)9Ct<1=YX*
zCbbrw<Ryt#)Xrq$u6*-aICY?AJ#5qm!$^aw5EZt5J-;&_k5%1licJh-@R9%sjItMD
zT!y2h_!rHn|3&V8+KdXENk2s5H!DtBWX#KMdeauJ%EI0>+G`2LmnkDq_^?IoF-%@#
z&gA0)dt8){qDL?s9-H!-7#5{K2K<#kg<jcsYd{<AAE_n>cg!gKfmY666RWf`pA<US
zi*)2OXnE78-KS+0Fnv;xjPGTHhK#a-d!6)|yV*b8<8w)rqSTdB&H`!1iCtVKm&w4q
z)&l*<^^9N6NUA&oXj4EQWuYd!O+e(eJ;mrZPhXiL1J~!t&-)ya3&N&wafNN^hvri8
zkrZ!4J#H?31X<u>o1?}j<A(eXIm~~c#KlfGZiw{5Xc1%so9rA=D&!EY#|e`g%s|+R
z(lqlVK&%lcWo#yC#YsnF_({#lagM?gl0bEF3notDNY6x{M(v{^6mJ4q`J;Ls1pv(R
zP@}5K3dmo=fQu3=l<ICgDZs9W-u@GGf`G#2c?8n~bQ`?rG3Mubi?Bk@ugqVx7oBol
z<H<j-H2E*zT$D#_)S(gjfAjL`9(X8HYomU0(O|S&QwB2MLnPBQfslIE8t4(RE-rW+
zFCNjObJ7OeY^}Wn^xpC^AX+qs4G+xaVIg=!{cL0>H4!2Tt#KgX_+D|5>L8qulWU=v
zN#4z^vhSsvnwV%*MNg@jof(gDHY#X4gf#C#8JhtGUfFIGDR47}^erW{#(TrU{+K&c
zY3QK>W&+qQBnhogE_LGLf2nJjpni37dqE~bTlIv=)$&-#F6PJLN-s<A)V(aNPwpDY
z5P~;Yj^F)$ja?L9*{|}|RZ<-7eK^4M>JuRl`zEN**}z?_Z@Y{&LM3LOcX}@;zj<>q
zA}iXWx(ZiF9x;qFykJ}orXPxOSx5+5B$*3R#_Ao=Qm<bSE`zn?m(*QzaUsy6RgJ#@
zSvT96$%)d~&EmbxG`~n4@pMxdPcdzG&^PUD#AXK$2=){9R<@kt8QKs$y+Q05p1u3j
z!0!8;9CvLOh4dnxbDg*NjU_pFjer42H0zUwkH{wj#e9U4)`^8#G7^AnJVd&<p^6iC
z6*x2!LZ!bkm>_7FbA~?MGP+pc9RalVL|8nhFea!RjjGmzsc*tkT2HTcFi)3%DG4)1
z?JEkp!jT<qgxSCqg0_mMmuN~C2^D}rm!#na2p<a(U{57EcMwsw4_^Yt0;vamz!=XE
zGz=epj`!(tmTFW}dC}{W0ddmpfmlk~R7avae;c(eI*^OG(fc7TJI^q4MF=?<gmZ1a
z!Iz--u_Ar;$XJ0tBU<d7K1w2m#$8^JQ)@>bW*raV={TyY9Dw&15<vGoqn843C{NV2
zS7K~P!P~<Ai2<X=$%2uZS5LdFTRjmnpFq#|^BR)Bw;30lz7?u=g$5n`#KVBgdj3zk
z=>8zeINv5B<3R{qbC4o?Qe%^iGXKMMJT6LQ<Ro4m&O{$z=p^W0C30b8{sgCK)?cYI
zD7KlIKtTHmH>C_FFfPMOj43FX4BQu9n#At;`M;1dS0B=BMc0u>U;Mtxe0mqplAAYh
zBaixISK0CUJEZqumZB!{%z!cwu!^4?^Z!i4_4b0D%!N2Wr2j+_=9gT9<@cZ-LVp7V
zh#cH7Fr!rorwEq~N{W!!wEw4_AdE#DAG9zTC?*<R&;Z?tZ)l50Ft0+(G~|<}aHk3G
z-j>1pGHQe|rmA8=r(4?sDH}k0>;~V4qCfpBN~M1BZ>1D#dqlsQB5Y1fi`VYEpAan$
z1mSKCjA_@e$gE(^8G$uTv1)Tj)1PLwFfdhg@!rWsP7>tnU=`>v_@)7~hW>j_<$O2B
zuZd}t3xS(SqK%Gl@rrZ?o?j-<SIYoN2T9NRa^ZG{0qra33D|rjPw8c_cys{sQv3zI
z^7o0%DZS$V-kHrup^?lV9!?*<f+LDOv?+ln<o&>hc^5Y7oIaBTR2qrn(`+#!DiTc)
zK-KDX5A_|WmZq;)D{2uEN#<!b{J)i81Pj)D`ubY3)0I(xu%U!LdkrN`-{v^7`vHKl
zn%?U@Ycdpo^v?$!`~tW@Xe0`+;U+Yh&G-p#ih|-g5J>#b<~FwD)(^f!0EL4N2I^D5
zs!;%|Mh?i7o=9LuI|k;0;xqiXaDi)1T^nv90H~&n$wS6=GBTO`j|2RNo)r)uXq}8o
z3yeylT)3lviJ){P(AVQS!X@B=WW&GiCmpAF@jSc?(R#mr-6ImA0I(>(BxGOOPWyf_
zj)b0b@v!UfjH#@5VQXIO-N{YXw~>m}h5<%U&`15tQ@VB9H_{P!t&_TxjK?ROml!)t
zC#lXwz09zu$7AE;{DR+Ni|M$A47CcrR7T~>Gcn6(O%w(^sP}mPe}A9EpF{<JO-K_B
z!_Y6D>*+Xsz`v!XqqG#6lF#);lph0XvOt~@As@~mmVeO<S3?3$^qQZmTDx++;Y4^A
zH%`X%BGlP<&toSs^G3ie+RF<$ua2#@V|aPhaolAtAb_rqU`2{^_jR4B9Zrege{{>3
z5%G*Kk>E*NT3F{fErYTR&}o_zl93V{deL(JR!k>Pvdm0Sw%|<LHE&0g)mc{WaqEUP
ziLNDP(7z;^zo_N6SyVBq16?QdlqvW?`IE?o%>N;V&FLLy9AKc(y@PIs@R_drHq5`L
zM7q%8w4IWq>#OxfdTb^NPakMdHA4YpoR2l4d3Dod{-5&xJf6z6jr+&fVp-;Srpz-T
zgou`TDpLv}LrbZU44GNxjF~BO$WS3u=9v~U5249WNTvpvitmYb*=@D6@8@}bfBf#h
z_UnGFmTR5Ybsgt%9>?){e<(H=1^OiZK^qf4_$%7jS0iJLbDFYmDx*y9kaq66WnM6B
zEhOSYjy+SiR}iKSZm+e^O`yL@t=ABM@Zc7nGL=z8NgLkak{;W?Xy8=?yeieV&5^TS
zo;7h-Yn@Cp0=gP^lf104>ZyW$`0X>dfnw+q%+O$Kr`khOcIKawGV@Bh?~<~It2Hmi
zT;F!0fFwyzM3x3TzU=Sx!<#AVwpn-?zKPp`PoafHLkRgEYBF{kG6(*k$R`y=<v$(w
zk9!Tq{Z)R#jlqEAb}|P8!bP-VJKf@kk<{Ra<&Z9_K4o37sA*vX^&%1hVwL&{$1Smn
z*yj{9_xw<mC(~xhy>~Mn&bhfu^-D^@Z7**U5gH_Y;pD|vRR+HRDbhf->jexyZyXfT
zUuLJ7hQg~G*<7e?dflm`n94M2#4iq^y{1D&i<(6-I&7^R6gl#nzB?20iVUs~*w@1p
zvv-XNv9Wi7yfLT{_6K3^?|eZ}iH`k8+Z|C@mWq4<?)V<WF)#Cxm6ca>b5iHed+M*(
zN4~&fudI=5RTYsX+x3GTg9u=1JM3~^z%GA#TTUw$W1j6^$^FAk9RvWUwL_fQMcw%u
zMG=uLWVLH5O0uCgb!DnDs#}p2wd<+h`q!v#<k_DPIxk7*v6_uRF80%a)GzsC1TK*P
zL!jP370UE;FalMc;ZLPBzhaNcjN+@_0JmF5q+#oU{fl-eO+`z8K;YErSl<7bvF#GV
zeNWmJlqaZzx!TG8YsU6NyNl83ZSzf1x}uE~f7Q^Ikr(GL*^U1MeS`e%(uMxJM5AtN
zq4!}103``^c}q9qM%Dc^4eNhP-F^(4DXYeS6M>XzTF>;sTno*Uhy}CESGgc}Q-3XX
z|IXZONG=AT@D%#+Qi^0_4!35*{P&x^#V^$Q5jx3~<G)hETq7)Ii?{F<-ZdGLiUz`M
z64zCp&wis%%i47xc0E&s);GgabNIDS)Tv_ykkRZB!1k|+jlF+ShQ@kpgpgS-75$Q$
zHaJAF>(C8?;E<V_%kO-TnlzP{YQrlBO+n!Tz`P{?9VpYjY8)8=^g}X=td_fCabzTN
zD{%`i@rF4-p2dA(^8pgg_~W5lja-bDZE5PJ<L2h%zcj?KYHCR_wsSUn5_MlruwrVT
z3z_7%=WoNA!T#RuO2GAwK!;$Z6~xHY(kl@%Nv-HQ3tpk@f;#T!XE0b%C+L5JA@H?4
z#AUkpLZz+;=k%^wK14*dfY6QpZaXv{Bo&4Jq5>Z!hknf`H;A|<`1RF^X)ce;5u}3k
z$dQ~=RyXB|r1is=-lWepWBX%l(x0HBj=sM>50c~U>-`I|s@(vl4*_~{Z%CNFp=RNH
zWz^_D;fts`A*)?8MJBED-jPPHl750JZi`Go34C{v=YJhHAjv(Eu&cEewg><PtMfnP
zCEHS{J){G^t}^d|9O~~~HdA!*Kbc`Z$w=7fuGW9+*@%axjqtU3^{cCPJx`0crN@4A
zPJPpkANBL_!23+J-gITPmLBBFV@7cJz}tVg`_Wi<4ElF7Ixf!uvSGhLF1-!DgFE=X
z3gfyFG7kPFDeyN~ZQw-E9l!kbVsUV~2!<3<J^w+hx5C=pyn}r25|e@mO3#xNVtNG9
zr8*WtZ^QjrBx#|ca@_}_74}NbHrGskHIMXJ*Bo;@Is4HSRSDz*#ZykiNZRyDt2xY`
zPF8&YQ-7<)R#Q=|NpErhVMWj`V4T^88ZoTVyvFoQN5e!!Izp9%=V14#(!=T%YCKGx
z<S~BWN-pdN+$B1*UaNrPB!e5Xr9J)&-(@zV8v%{D;OvienNWEHN;eck2nUKoE4xPK
zT-@$(PHizBJ~YPb(<^VWQdd)%^TXiRbL!0rM|pYh$FAIMHao9Cd3>N+^0d2!%c-~J
zb8jBomL_*Tc<XMhu`r@rp*!h*s-oyHRi*jT=crNY=*5*?4{s{kgOb)F+_z}4DCi@z
zNFo`3<ybhMIOKYc;V9foEmb(YhR>ez89^)hX)`kcOT-k9`XAvFs}eVlD}a3KN85=T
z3jiyZVX-z8&~U5bOS)%>!Q3PIEEH{BCo0BIjf|)-X_i&+pW|^{Vw1bpydTy6k9RQ@
z4R&})CWN??he+?mdvbU5^nC@0;`vr3Y-!)3vJQ99BYAyV)5?Z%9<ov)f)gX8%CXOB
z0m>UWwV=?D@H%D0kV@G>X{!I&#*}9^QTPj-*)}5Bh#SkYaW)$AoYn@)EQx-n%`97>
zrGH~rF*=~lqqusdPIJ`rX4lS{^?R38RaGABzYDCI$RUreJIKAq<-h6jzdt_Pvj`aN
z#k;zBKJ1nFs@L6jt^WU&w2z!}goLc_n}~dS>T3_)EbDXppxPSA!_LlxnG4VtkRJ#|
zlHbfzZGAjpLFVPRk1sn$FxRSHxdyP*)SK#uraW(CE=*M1tXYn#NqRDZOSO%ny;k!p
z6m7cFPCB?H|BhZT{Y(D+1<W2h<)m${A52P)a*h~Ng}ka5`{L2-?4|VOV9qlB{(~k^
z*J3V86@ORPegx77DX90M+I!Dx1E9-V5nfC-)g>#%C1?|}Rwr|-D=#OLTQmf2YMeMb
zc$DnDr>Av!>G|cGS4yu-pORc$!JnfXFqTi3<}U<uT#MCP=i9A?sax*;Yhl3FPt&2V
z*NuNNH9tpfqia)HAz&?1OLd`2Q9213-+$XxJH<KeUb@$YcrYW+;;13Ao4FVohlNy0
zd7m;xa*T*>x=Q&ddoaNXczT*wnq}4^3S!r&F@x(QEt>BP({mbfZuCw@)-xO8=wZ*(
z?!|lQoA@>FML~3j_p)`>Ez2Oc-MRbRt!Z1a;6}C`LMRe%oYRr1Rmq1foXw7zb$|*L
zgsC?vH3JK<KxkWAM_FQOTS%x<Q8_@;Eu*ME*b|_I^>Jn}Ej~c(t|xn^&*Eqplx99v
zr|vHB^HV}aNQ{z<Sk^iM#P0BLQyQ_P>N{-um$yc=2W`K|KW%DiYGvf7h;`qz*V0v&
zGtQV_Yh2}Qzb73Sy0&qZ6dd8_8<zDDpv$-e3P=Os;vM{gMJOm`F_m2SirKAfGMCXz
z?2TPgv{WC6Pn#6g#3U|nB~qYf#Yy8UGB8MZK9Xi4NW7^M0B;MD0wQ&>r=PednuyTB
zUO4GlD+_X9t9C*O=@_5JEJ2_3q|%waEU@vZ!?6u_ZQ4Vm-}X<DzNPLDk-q4wN0M#=
zFKELT)VH3!k5azho;^I@t~eGSRKdezMWW<vzHHTz3L)C8fzAW==YaIHJ61Rvqw58P
zxOql>=(?2&>|P9&(-Y|NO9$xVnW<?}{xS1v`A~_`Y)drJZ2p{W=?mAUKTLx+PwgS2
zADKEI0o9AN0<Aoj*W`rlB1)4j-!4UvarOgh=nb!}7-%_>Immu~=w)3B3_<+N!f;1H
zM@g5ku7N!29A*N(#S?leI^Pgf^&+fR7+{?LWqRZFaZpGdUEh4MSqmzOTPTC@nyjlE
zB!7h<O|FGt0`3c%(qzYIR(T2vJnXPrs}ygrzhgNvdAiTp^kj)c5x2-lLAcHYr$%HY
zlmYK}Ip#>=O>zdR?$a3xW(mv^=i>xmule)ZlUlJvOs@GWR47_~XdwTyO6eBq;fL}+
zCb}PJ5M40_$YH#+mx|24F1+D8Mb}=8A_dPr-Su-v{K5+7g+SlJA{8_ArqQ77Jlu&3
zm8M;!vaED*29uSLo!RJOM)UBk*;zVxlR^$*L2$bkV=}V|b$2~2)#Z=+G|=#`FL62g
z)RQi|ve_=S+VU0tCEA+!R#X7!gZg!b<iF4z>_<W6VuQJ4Sl5O!c8F<=Ms;i%mdAjj
zFULpw<(d;s=AL4%Z@bgqF#~Nvd_pS%^D-C<(-qn9DhF~fICHriC>f)gQpArZlsoRd
zeSw$oHsvch+iwgNzD5>S!BKS{w@YrhmYU~GYz&SR6ocG!osO8708k-84fcEeLgg*t
z{|$)Q_nrD*U@<>3l79o2{Ya2nC~4`b+yO~`^IHF^LSmcj%B@Skbck5}Fqpm5oBHvm
z+yE7SbGhR!)J`z8#7=CK?<tS`!?7)t%byL}-DaYWF4%pt0beMZ(Hd(aP>$B~Fs7q|
zY;B0N`F}diq7*~8)9d=4sx;@bOmuxp7=CNOaj5S=j@sR^{0AAv8jv%NrKvJh&osG=
zr|lEH3n7}GYX`9xFrHnNqB>5hbcs5nvg^E7BEXja6EWZ}_$w0Q`n^J^09V?FUDMBc
zBX7&SBYo5B@2HQ;R;dw2lNuU?V`UX!`Iu0Lf|?}*xz)@GD}+_xyTCG*l=xhk$>gRw
zH04dR#(j^fENoIS@9cd)MnR|V3n;)p#U~RYn)PeV6A+9EwtcK5S2zhftlo3dBBR|+
zu=``nl5tp5Eb#F;{F4X6SQh`uN&nqwipnCss?+YQJG>`4Y^47a!^0RNn#AIx57swH
zJ*K62rM&E{{BV+pUbA6x37HhfNDgJTsXQEWyqk2Xrs|s7sW)ReR#%%v2Mya@mlUlV
zGmi{R=~}N;WsLibjlKD@$qo8bKMqq~r7p%uMAoSZJmpehZtle1us$n75(MCfQ+i3a
z>f!uxu>SkEhTOI9zk7EXM={EbkI{0JM2Y}`P3C&w4xGtB>0q4@aqE;e%GC@OGI17J
zU}USS03QKtH3O*(!9Oe1et#&jMrN)>9L}e)b4S>!FXl7c|GK(S8+ah-GQN;^^A)Tb
z5@SCbDN;o+q`1~6Zpg{4zPpsmv%ZaG^xBk?-r=PDc%QjfGqy1afXBlAvu6Zh_)dT8
z#|ZG2r3}L4mgp`XV*%1prZsQZLGjK1D0JPsC-visf8UMzal^OEyMoA(f3i|!G=wk~
zcfD}iMmeD4^jp*c>mnAr{H}RyO2%M<jl2^k>mwZm^*D~MENc^dSCnw^w(6^Y=nU}<
zviQB~5Sa@BnRqn@W}Cp&q`+bgF95d~FLHx%^gmC+b1lR1Rfl%JTp;-_ed?)fqG2RN
zNKMk8lH&H|mPa{VZ4Jysx8{?t@imMUJ^~EM66i^Y;)v1Nm~`Zgy?X5Xk}asJqP~@A
zHDQZaS~N{l=?BPl@H9KTM5$pPRNz7InG>9mqzB7{Pcw+OX$YB&m5%f7n?B&a`3UFd
z;EBkW;uq4y<NMU0tuF%U$JU_*T`cKtFO5e_7X=LrvBa~ic!fR<<kXM;vnFA+M@^#i
z-Y;qrZrnmtbcB&N(+9({4}r|VMB}6wVN1jk?7Xm<p8cS9<JJFKf~eo_1EP;f-6=5T
zrJJ8ofnVTymNP~3QA+3`B`pl@NJmNhA4LkFgU+?pL5E+e`tlWPDeW_W5E6TLX7hBT
z{GLtMacavYcRn$2=3@94y9U`(s%XK#RcM}q^0fTr>7&^k5H2jfC_zB`(v*UBPm=f0
z9$z)I=a9UKpql-_jaujR*o}VD{L89g;r&ik^~d|Gf-4BBUw8PtewV?0kB|Q^>I*=z
z`L6~yW5$|ac1xMIBc_GWp`SQU3pmT(<N3RyCi^<jW1a2F^y<5}baGz*ca8HOp%9dj
zvKh3~vyL8r)vkjJB#Tgw3nP{;1|h%TwTSZl6vSe5un>&J3zRhBwNvzb+AxcVhXmUJ
z=Z{qN&L{VXHQ{dhrpnq+)fx|iV%b%CuZTl5gyBZgq|ErK(#Y4zAF#M+LTA_D<S9FW
zP2o?g3tNE=&n=%IYWJdLJ_gx;azVF6w`(pL(`UX_L*yu@E?iKXQq~;X0g(_)4Cbm3
z*!oCKA0>nsgUox}y=nvb#PDCb+MNDY8`zZ}<%1C(RqQ-UDyVz*=qL*&p@*gye1QA|
zH&zUX#b|aFOnpk4Amv8-ttU$5)c^H}54!X}UWKhfIZ`B=2;`z50&rp7$Gk)Z%r;K@
zJy%Fj#|G6B%^=T}+n4s?&h?dT1*>^-T{K|9yb@z~@|n>Tztt!&vo7!w@}3Jm-fBVx
zMkL?C=Y8PMfPQIM|2^h^(_n$|E_e`RtN#<}%+HsNS#s@$OB<Qjtw(5xty^(9dbG1F
zmWtL3WOv(r^3AKikvwc4ntN+f(185;Jpy21%(+L%WcVjzE<yRaT}S+8BvX)(Xsmvy
z&6~qlBV^3+ypo?k7RqcV5(51o$UgHg_U%XQrxy8d@~Z7D<^PX!D!!?0iK=+K$Fs_D
zF%XvcYRBD}_w*55{h)aBAE!iaq1?V#MC!)u{KMfbBU-Vf`!92Te=?f4dP5Xju7t$L
z7J+!;|8Rc@%;h9iRB<W2zS4!3oq&j-Wh)U>hmZBYpLnd*79R1c-rw$RZ+`&e!*2Sg
zkgsM6MA^?NH}(=aF#b}EwUPS`4f-SYa|dpBD##qZyncF5wv+kw2fu7_yzJ0>r;ecf
zzpw{?#L6wu)W{{yE;@ksb?T7N3R$5r{Us5wN&JUl#yte0-Dhfp2&To}N%3V9BYT+g
z<6Zp2shnt3mT*5!ktW&@dKHz4$ee%4;?shCjQ1#Qot<VZD*qPMpL?@B)9^OdY?#;;
z2E7pLfG!H942bQs!<a41i&BvNI^3BFpB;+Hge#^>LtY?HLxlu{OiWn|K!?Wfj{r?^
zA2+jb0(Zp`cJ_g-O{MM*k%H36y0z-=C<1z&%cEH(DS41-`F?B~-w+)+&5MPQJZ99D
z2&g2j*KGRpL;J#ae$V(ZygolfLp1Ff3<37eP4gLUXQTq0lGnoK1uBImc0|1C4aSI$
z9Ay3&h+hM^pk+=)tH$w1P4XXSHiW^~LqeK*Hdvr?33;etBu$7+j!sVPdk?JAT?@QO
zE#iW3c}RiIL;|UYgfI|N*^f%My&&6#TmD^=ro!jmz44XkGLHUZBoQ8I|AE0U+qmB$
zI)6OD?Ld}xk!(=CB~?TQHf<VM2-~~B_TyjtkNu(ltNELuLd*N|tMhjRCdU^>v}M(Q
zLtWlg4C5Bk<jQDCYAn0}p{8y7>i65Z$9zKkow>&!k&OpqK9|Bq!6Q_R?#q#vz(V#~
z%J~0MOA`><pjbGUB{0bLI$xIW)LIO?4zfF6ZJMhNr(b4}7hnV)s1=57p`2TIFB^Om
zT^8|hadtE7E$ocAvAJ&7UUIO~)3B)I<E;^|$Ho@<*&8f$OIqdtygce^9>4ok${n$N
z%F##KynvKl`%;^Kcp}c<rkN=?gmB#bfw*cuM?JTit5V=N_WvF#LGw80TAz(O(-_@&
zl@lk=sBxSP_9~MvQzhT2==&4<pK1IKLjGQ9Rm~*=MrF$|3OpSHaW$|0rO7&eT}s~~
zG=kF1)eI^bb_cYnA7m=h>`^NFouwcsl?8PyTM@l#zmBz=P4KWO*~0}3^guj^WgIXE
zu<-{-rf-b_o35<sg_DJ0|1I)iMb2FX4Q{L>=o{(J6(?3+d`TdfsS{^(;M(8#;*S?L
z+}1Og03|9Fijs1uwr8)`m5)Ivj(%~#_3F#Pd`hl!mt^{cBD=vpo7*wb%3yq-w~Y*E
zSEnF*_S;nU^2(l7tKSVOevil7?cu#g6u%z;V*W=<)V;j^el@)#>I<{kjdK6>K@zkw
z<led>{_5$*g0XusSC<BVLi)~><5%a9kdCoDbuG(16|3I{7{OOGPP&GF`--5O3X0%7
zzcR;$sIg)rQ1G{1_<gB=q+lnB+hWRdy=rv&cHJ2~kgeIW)Lt1Xs-ZWJZh<4_m;E0x
zw>q7ug|zB#U}vWHpxhAdtZxe8;aDX9+|S;ZI?E(^8KV#_cE9aW&O^VKC5rh5QHup-
z#h|Anby?7i`noee99AleE%lb-K%qV|NuCNp)%bq9xc0|q&~F`Xq3<2;0${efgXL$B
zdKvVlDqSWw=L1SM>NO^r)5sfdOe^%!Wf^@0r|eP>^aZ*z{Pn4XTtYgS6+gEiT?|e^
zx7OwJA{G4l-Jw_TYq$)YUOQ)*?x}zM57c<3I54EBX}nsD^3nmeK$`S*>h8)LtvL9t
zZfEBYRmat#yJ#TrG;I_;N+2j%1joRMsI--&*W2!`tl$SU-v2T)wAEI7FO~RLkN33@
z`yKUb)zp&*L-BFWI2LF|MBI)=wP6?>t{>&&UabmNZI(DrXhfl#L5GvxQ{qHqYX&<Q
z*$o@Y%Y^TLa)=^f;n{(jxH&xZHssrDl_5DHWydH^Wt+OmY4e~CZN?JCA_rJ5VA7_{
zkjaMs(s9LvM>tH9F?6UY6rBE+0*f4{#MC9GKa#_o>)cFX0WgrQ`GMZ$g72-{*617j
zESYK$vM^}o;`z9DKF(OlpkCmB$;67;4&Z(2V=~z%ORyyDj<7OI-V~UENE&<7^^PN7
znxPSYCVfSk%ix0Cb!)*tNm+hh@PTy}A7w(RfVn`7Vp_!;%RqBm(wB8NwU3%d2tuT#
zA!5T~95#nix*KfE`0Rj%H7dWE3f0-4qL;BD81ygf&cc#Z-}>#Pg|0K?{?&%fjQ-~U
zdGKEm`Dxj=hzz>hi!}jL-$?n}1^V9=_qKl44+{KtGxH}!tJ-zy=-IVx8w=i=fY;x?
zcn@jozMS*^f2a9ln^kD37qLjBHdd^G3F3I(EDJC>LqGYl(x2wTqZ=2n)=E!Z;ndrg
zB~<@11ou2id|mpr%`vqIsDehQ<l}1Ps}(IcK;tGLl*M}igPL|&)+4}$YC9V4tMUg>
z%Chu8+(;vW9}DF^xpgA-JwYKQr_HX&1oGjD$K{xJ-e0_sFV)B5v(I{8p1>AWvrQ1_
z8cEU!pAyz(FVvHaFbT>iPDrztvB=fvhOj>$h|fC=^Z}nDPcuE{#7|9zjUY36VU_lH
zg!75XK!|%=Kl{E{68v!i$YKlZqd9ShxJ_>L=3h>~GMpIsQ3+cJgTdFex5<ePQYr4I
zREHk)D(^e2F%qNu9&fKg;h&pEtufF5X_qAT!1f5y8GBrQ8P6$y?LsF3YqmEWT5JQ+
z4iI%2%;V-4$#fDM(zV2r$=1S~aoYuhC5TyM#0D?f+W@}2ihX)Iij$x_YE3ySJ4t#Y
zh5Q=T@Edj-d)8%WOIl!$=4-4Gi-Pt4U6!Ny3RA9V)C1cry7y3)%M1MQVxTsu!^n(g
z!EW~Za0rQX$D+YYWj;bP)X6T0!Obs5L*TtZb4$?<L-Hg<H!b3@_eZk+`Vp1owBeCi
zSeV&~VJ4>!qLLa37i1L?F)$<9k$MpC#As&QvR%UVUj?wNxoWp^u9TMv43|@dE&^`w
z8Uq_M0S397$h;(z0rw?)yw}wbm7-Q*z8qd$rdWJhFNd>h@*@s2BKJ7x23PHFBDz!M
z2;g2?VNCV<+CDvso?nn(FIY-B$MHafv=dT!M^ss!vS4yX`qi=9;L(YzHrnPebGDW=
zR|!AXO61~PVE&_x;8(gxZN9A(2-QCvM3B%%c8jJb`4M_ltxg%^gcX^th@L<04DsY?
z{R3Eo>U1H3S2YNDv%J(!i2)@dkuqbI@Wpw>Zt(aX_4{1)@o_nl^ELZx<`9*0sr82+
zM&Nm|PA-FVADqYj#lH1J%6&er@A{?wWmFGenWxuTEG=X>{F$#ODJw2#iHf+2zP@BR
zF}|=vs;IiDR#u<0YJueG*v^vcy+@$eGZnmfd*l1>;`iwE)M*OdCB93M^h}(GQ^PJi
z2|CibI>9#_Fj}5QPaJ&sl3DM;12Lp6d3|49Isd3&u`|`*zdQ=AOT&vMv;W4CR&u=_
z_6#=|?{t+S4zoT}9!-!Rc_mFO(ZfR9i;0~qgk_wByjigHQ>D%a5LpF&5`sD!B-3(9
z<!A^<tqdas*rb~EMQCk<Bv8&%#Aq{muMpcvaX&NmITVq;B$4AW=3RK`hc#~B23~#k
z5^2WHtYk>FRb}9F-lNlF_+5d6%uS?$9K=Lk3##Wgfh0@h(-WT*JwD>SiyM*K)X^E&
z(r&)81z;KVf6~(sI0$T&8vfNg;0Hb9m-_TA*MRRI+hS~eFnCbd`C(laKV?z4??T@*
zvtRfV8o_tdXPV<!<UDHG+?g*-f>OoteUvJ;ya2Y2Y1=LUk-3;#BdanVwMT+NDtj*-
z5}H@qpBB@Y68<-sM-4TtcGfCxfSW1yY09S6k5lFmG6K*vQMihuO0@uCRyuu%Ju?^q
z?8jatr|_u8@sj&sSOKH=N+gzm6bct&*2=-i!xyNSSrG|y$5iUl5RF1Fy7n9e`n4(R
zx}GWIZ@;ql=vLTZ`g&J1I%X*WD~9oExJjR*W%{9D0{d7$3|<j+d2G6<jN6Zu7|*yT
zs>K;(fT)swG6_n5iK7!pyXm}gv4zHapDSY5u!J15s|m7FZHMgFS1`TiizGqdZgPkh
z&YCtdqvfPr;blyr6W6T;+2#s!A>qh81_;r$w7M+051F><n4tyA5%pNG&ZI}e5;iH$
zV?8z%iOjRlQzNm^+*;>{_h`TWP7*-Adtoq0KV_m#tQ39B>BnzZoTK9*T0C`G7)5pp
zd+-88h2s#XlkPd3iSBq<s1JPh7By`_0qM|nT6^`b!&ss4;6%Y^<xnS8NaLN8)JE|C
zhPCnPT{S=!6gD)N-4vySSwMuy`Wd}LQ~0{@RmvV{hBw0`!hN63;wPykS;Yj+Hg<n1
zJDJ`}+W@94$}vap3DOvL&Tagec;MzwD-Zr`*q!<{!Uvh6Zx6Q$iqI6u_MN|}v+${$
zugl^icPR_ReWe_SUp3%0JC#J-n-nnp`OMbMTPc-Rn?B2~92EgA>G67Yj2%wh%fc%6
zJA*%&-Bcw6%$-|Ed*bfcI7IJm@qFPYS&Ktg&K5xF>~FL%w+7H;RX+JxtJdp&D4Tfn
zJs=iE&~@5@Fsvg1(d+hF7c9`kzReJ-nAFPu4nEtqfkfh`_ANN>9#Q&crj4~i;PbZ^
zlRGJ$c%)VUXUq~{Y7ZmN4@Z**lke46Bia3g*ltqN4vg29`ePpwx*yvWvRhieJ088+
z;1YVhK;5u<lcpG5aJK#LQ6|!A4N<U-7SXC2SC5FuJ4#{BJ*r*^J}3A52}x9X+Kyq;
zR@D4S&h;0T`6oR8_rmS=xB}p%?E&WhUQ_(*JJKBN{^8%Jn1WmhUdtl^KH|stg|r)Q
zy-yLP-K=>uk;mdJ{k1uV_{;JOF0U=>-~8k+2LjeA#9!@Dq*Ze{K>6|!G(v4jx$#v{
zHOaJ%&AeJ!&uHnZ(TYJ(5jKw#)zG2*=)v34o4SS?i|9F*fiCE9OB0yEfdjtZpM&^s
zekZtP=!62^j4UPmUE)0&IhWP1NKxERl={z~&)NB9cJzH@@wvjvBhED`w4!b)Y+P0J
z3h?k`Du7S@pBA18^L7!QF|5uOpu@*6Vt($wHQwq~j8?+mT(8{>PU%-VbBHD}7aDmQ
zW6u6@zuUBec}Dt&O!IyjmSBPk7@dgo&_lJxHvOIh8GdW%R+G4J#YA*6#(@~!DQAql
zN7<N(?2<-jWlxn{mw(Wb^af^;Y&%I|igDe*^Qc(J2~IP;3cMvRQY!0Ho0Y!+^Vdqy
z{z|cr`9Ki$W5MkGwrm2LZmL3Y`S^^w+2#=y3Ra+7QxGN6;Ek`vIA50wm%MVQ;(Y<z
zt$xLe^Idhaa!?)s8Y>zKgA*%{tIqYaHI)}c<=J`C1%z0f@{z)Db2zF&7qph@W9efb
zCpj7pS~8t(M$!uYTvFGrOrj+FGILH|#}juxX@$CH5;tOjM)wUY0PFWdCSn)&B`N!f
z=qSRTDRN&-J=I3MO#*u<G6-kIaGL5$d^Ey39g|LkVua5Zmcv@oW0E81$uQ{b0K7${
z>k34q)#KF1_?(a0r@!wzRn!%g+V^IZAcd&RCy`T`_`+}w)F#$$qgOc-QqrTxCVx!2
zKFR7jfihG^?i?Neq9yg^i(z{rw_W!@ZqHl(jNDE=$=zf2_ACw#r3wWFsf4_u_nVV5
zQPC38e$mM-5#DjPn+{l-x;K~G-w5X<i%)PkK_Mr4^fB|j82>DuDelM2Ch{5t3I}N}
zHR+3ZKi~`zp`C|V7O|KV=f$-YZiwO7-(XU^{PIpbDoJ9(wony8PaZ{xVKrZ>DQWkg
zK$Dbe#d;M~&>5VguX()2>@uZ?*}^;7@kgc=F+zIu4(24y9AYCM(&-D-xz@rlW$_UO
zIi-LNY$J<1W2`Q`y!Y`fD&P8DYkKS3;R^~+t^kCQ;ME&WZr<xdvj;AV2wDkYtOk_)
zb#36K{Fl>58~l5Xefv#Btvr0Goa00EFhr(Kxe?XRX>THlpjXm=n$wARcK7!4$t%!L
ziMl?t1pMYP1>9m1CK&y(m~GDE6c-O<kaF6>hECN~%yKufXI)I7Je*J3jUz&#FBoR|
z@d?y8Z0%ISEDa;!iFj5>20ng?@MFLYk4^XuYgd04>QaWg=T3?`lLvt1Dc{2>7057P
zb3joNSxLa~NA7!Twt*0FRbnwJ#KHy}F|Jx*BCOp^n`Qga4`qJVBpIewCNjcj(SENz
z`2hcL{ZU@Qd{Pq<JdCbHI{SW6I}vfSf^KFMcLZsu-$nt|_Tw0<Ag1w`*g=P8TkH@$
z03dq1-ufFLOlrk~<|X*-KaJBVzk_GL(GU(*T8I7E?^3M3?>YbLVD4U9oG(w`g$oz>
z?TKG9B$R%xX8nR6<O%R5Rw5WUyWAbNj}<5Hvj4>PJveqw^9wN6<w_^j+@<HXh&W9A
zxLG%V`_}KYcfiBUdzU#k3D6PMo*`QlGvTKnjUG_-%;EAB$g+L(XFZD@bQXu&cm4MO
zCYU|+<ssN8oOzQ~e-`QFw{QE}D99bskzKe6{rl+n<s`a+OZN}HcR5{{<-fjQpf38P
zI@>52%Z8<v)hCzs@<%4rJNjWo>|D5oi^W8C6$=yV=p%>js|bj*ye?a}(m4vbG~p!W
z7ba<Py;#x;8`gfV7=<+6JN?)zf7p+`=8k*anJ{jP?gjVOByHQeM(9NuVCT9`8sIx>
zs7%4!dcO~*Qu*NI9d!lF5jVWIVkPAnOx>Zx*9?+*o9ROV)@dl`P=qjBHfPB-2_yUh
zQj-G=ZD){Z(UX``&dD^PkH?7a0$Pm2xi24A@7&8=YFx^9G+bRG_OOxor4*vF2DT?E
z21EY@E?avBIhhvK1qg0{WqN%>NXm1sCOy$f1qMHpJ`|09kjS&1sJSu{Bb`_xvaEwy
zHi16Z%3u*Mdh?zbBg0ASlqYOpIP*UK#R)$9g+XZj%~;)L7byq_d6+$1TXhOcqGRNV
z%M(x`0TjsBv6~gg1$5;2GS*NE2d`I<ge$;PEHE#QQ7{lrbn_oxc+(3;nShblsL>4Z
z3Em@nn43NLr@2|%^&>mxW@KNy$r!fEV1x!FrIOy76~fb7_fNmed&f>o)<1(HLfXQU
zG_@lmNrwtehw)*SPbiz7b_&b;BqioONie2<88bvfH~RC5AOehuQ`m{J&0d6WOA-}<
zU1rzgLF{lp$#~QsHjr!Ch(Y_oJ4A747fl9sIi5^8;RKoHwZRJsHnP^4wsOf}VGv?x
ztgV$bVX4H#!O|J?5Fb0j`ibt*{_BT?x^GFK)7W}hLt6P$kDruV!!Tis>xr5QES;4b
zwLMmdyMJWZ4_XM$r)ygrLO#GD?3TmAIEx=#Qe+bWb%Ny*SSpurC>P<ji->X5Sxgr=
zMabB(I(3RS3kBZlE<s8`vy0DGp&_%>0p3cGj}nz3xc|u!om&AYEV@W;aOqMmdq>Z$
zQ}k1P9F$Nb-8EqIuYTspKn3_(J2t%<ChPM#2RWP>HjSAF>$iW`Jo(8H{dHb2!CG}=
z^`-=5B;?wBwRS7s2S<ssrhi7P2#-F|i|w7cjZ_?`bPNiy??~fPgE~eIoE@YYzu+H#
zfN;lrc3VoZk1=U09NbYj@Wgwrq)&p>WBa|fBWm5kc_~qIjiH+mxIva{6f#X0DF2&u
z%{GNEzlKEgl}{BE6vD>3yzl!ejLSq^TO6%_QX4vxC&9an|NE)wcBY-FY23{ZGmJ8;
z3@!ACB1B|0AC7|_8vtX|Hzg>c9!QHXe4Zge5#``#=vN85Tft3lMXzJ;UkoyAaIQ!L
zQWNlbYgLf!_zjFyf$TFMRV8a1d{QMwyH;Ovm6CAr39VKf((g$1<jCSmYuG|TPf-4$
zo6cIiGH9%feE@#;u}{NEPzz;H9=UA@V__s#TD91u`9m-*=^|LHbs8<^t97J6xnzt_
zXmYMf^N@FE&T2<>V+f!4!SJLm+s_%xv0lw7sa(mxOZ=aKURL~<fj&WbN4BwZ3ENiZ
z;NA?kd4~rmL`Ir|suz8?WiHPmd9V8MhrI7@x&qT5`O%APu)O9a=<%7<WD)jaK$vH@
zjDhhTlQOhUd&_<9KcLBs#lE4*hR>dBL<rUdeB54iUVK>wD%@hHhu{Q?@x`~;&dRHF
z?k&a<?Z(VBxo(dup7RG8pAW-hu<AxMsHqH7Q)S|!vOXe_Dl*-cIic2Tf{j=A2<pFc
zto#<#kyo4vF}+r;E1{)Ftx<(WGOr-Fu_E~{$lxr5IzP03!O=^=E8@``1@HC98OI+W
zgj~FqhT!X^)htJ3p)s)dv;mIQzoLg<qK`jK!T;4CmA1rFwWW5TW0B2oj=Y1tbse&X
zbYQ4lFJdY-jmQw$ng++E82S7h!=^)qDnE#z?qK$9W>!{>IKXjs)|T>;HpJwHj{Y&-
zY-D+}159lfR#shzV{#{M?dU=Z;LB3LI4bo?MhcXH5i5>pH2sWvC5gvuWGwmeIixcF
zW&8>%4_os_bRXD8_(TrpiAI~?{8229eDUT;C2U*341UvK5mTaR1hD?gCbQ8Q#2bn+
zudk-26}&qcp~#@{tT4!Pw)G&Ot1!=CuGre1C~nPOk>6#s!5SgG<5I3IwIia7TzYdP
z7`EW*w7p<7g-pKR77S$TzvZHt>YXc6*lvV_cifj5UzUanVAzAO_ik>p5wu?^MF%Ya
z!%py$Ft>Ua_yId4|8c1QbZBegOw((N>;=5E9-IFI>3zfB{mOks>7am8x!ab~?^y@Z
z_*IAd)l!8I&pav*TMvI>i|)bU!ucDJ?a*GHW$`O)tZ0A=-MZFhAC?J|wbLAfVf0@*
zUNL)}%e*ciAmO#X7J3J`Zj4%Y{>p=><jFZ|>XvWc0wR@<F{^Cqp?5wX-^Ru3NzzVS
ziHNXOG+9@)<IFykn6FfB(0jz6idJzyP97=SdHc?Fva`2<xdyTXc%Si_7JD~;v_qP1
zET8u)1-J$=;VeJ@rkY*7Vs2A6OJm3h{9fRfbx!Ng9EU7yDB(Er785aP1hU(KM^it>
zLd4LEL_iN2u5KXtRyrKH(SdOp%SES7`=kQy^;13@%Z?;EsgMIPKtqbW$V#kc#Q<|J
zlM!dssY5HkQ&)@p@)gdTbr$1i6C0F$s4MQdrNPFU8WE@ycvu%{q8jUvC*16-7;9&6
z0Tj}pmBafmBtBr_2lWnA6bC5a9fx=#eG04awmV)anyPDoM%u&nahnvhf|28QIvg;=
zw6Rgp;V{v5VF{pDjyB5*WgD_*8L^L^5*C=gN^bip>#T3Sf^Zh#BQ|y4RfF(bn~ZfH
z!$3v&XZB1Uyrq~P&nGnX#tT$x3KEKn0_7O5M-LK<RtcA6-hZ<am=_or7<Jr`i*J47
z?VY?t{~F~NO93A>Vs+ig=n1D^nJVwTPOeel$<r?AA<M0z^e|XdO=vkn5tW=#_8ejX
zoIDBr6(?OV8Zl;k;BSj{TsS|-!q)nLk1m>8M391-cDinAoNM^4y=ZS!nM}roTghZ%
zI7HDM9p-`iE+Vl5J7VvG4pLtb)3KQiY68Z-O{#cN@B{qDu_Cyfu@-iLIwsdUAjrFk
zSmdWBCs@jYdyI2Av}jz;a@DV03b*ZC#3AUQ8V&d5=n}>r^g0S8K-!tUWfBYH6z^Ui
zH7RaJezR>8?uZk!zLb0HSjpUjp_bcMobz9zt;&k;u6=1EOo`KR6FipacacVZ8)Vt<
z=+|vgW_F4BYa;cH3LVv6onDVpu#;%|@IhQO6yQW!K4aE2gfA?(iVxp^z?lmA!*+|5
zfeLvFi%*~uXgk~|Uil3#)9Nomiw_gg<&=r5GD=@@-ZE<cBl|cUAv#lh@0~(+YCFFI
zT%H2s$p@7-LJR6qlEA!^n))A1k*5_Cx)c%u6tL&zCc2p`4ltUT$cSCJNTiP(m7g8w
zoHHZ2=$U*}+34jp$`d|aW(zjB47Wy(oi09QgylB)q2*u8KP;mbzC7O|m=_;#N)Ro9
z55>65o<(W``MZ8<>dEWQcXY0yM0vkfeWjI<N8ckE^b$cvD8TFD2gl0qH8#Y>zDzs$
z!iJIn!}7Y|)f2J2Ac|4FIQEnE@K#|*euovjz3P#Xav;?KsNn5SpI{qzT|Q{^aHcLS
zsL{tqtNr%r?HvBwJNK>0Q21_g7e8~DgSQ7qg=FU@+Ge5u*LKD3-pF=~;-^ul{dbg!
zgF<{Z-Cftmzm(UBxdjBwlrNBFUL9naAQL~noH@y{XNhOq&gr`y%T|uPvEFvd;P68c
z(xnnKin=rZX~qI^W(6~O85(^cF*4{p-DmY+f}8OtuLeh)XsHzVTH~tGm)pR5lk$_!
zfTx&Cd)y<%-SFd>XntTgre<jz7%E!vUd%6jGW=C*60-+2t*t+dBanB^2x)V~Uli+P
zaEL4CpUS!aW{MKc14fk9rfE?nQS+=|ct%xVW%RO75ZUZq_}7I-Odd_t+%=rtaok1>
zuK2{4Lr(J~CjL#IqG@{sRh{DSt><Y(g0|R&$~Mu#1VnT#uR9NrBdA22HVU%{C=3M2
z^_+y5oA#IgpZ>YaEWDL(XV_Sba^?tlnCT8OhRX>>QbkJK>1YT{?}wToxU=~(rxC!-
zomOS#t$guYuC9ycx?i24>9KI5I@qisA%9+#)hJqGg3|$FyCEJiLJ(F+IuY(uXg}K5
zlPc=*f%~~SW3h`F9SxMwP|Jlv9cUu|;ZFRUCW!leLDb*6pdN?LAQ4}bKQEHsQF93~
z;;wtHL<e<=w6()5fZO?`MU*Gk6`<BqWg3p>w+P!apYUJrju#JB*9hfO&q^;SD8~Fi
zL6{)v`#_jE|Hi3oA3h-(hEog*K9~wr;kPYZo-`W~;qG6HzUoLrwz~z1VWfte5G{rq
zhr#FDeGG?<_b>_;d4EKQ_WU>ngBKw8a?s3Z5PoUWnh8niS6?plXcWqy|3G;O20Re5
zhRvu0*pNtL$bzb4cd7cy!j*a4qkN1p=CF}L)At6%wxJV<zF3<G<}7OUeV#S`=1ik)
zrU>M}u(MomsM@fVnTBQCcq*YGD(<gG`Kra6=uX&(g|zeri~5%=!9;jL#I0dTQK-D%
zC$g%e>(zlydLK23N}r`3F;o;RK$GHpjt1ji4CEPkpx4WfJ^A(2=&CR6AE`yxH-2jS
zb{~mj!Q{aSMUt}5AqQX?(H6>BSbVF3g@WlFQ+GNV?_e&cU7IE`3L`#TAf6eQf1{{-
zvPh85fkTp(R;Z0UN4T<)$lH&jF-%azPQ>W|3jXMtLa{m9!*>U;6|=HT8^3}3HeV%<
zhjpxDe=x4B$eWML%00_y=vkaS`*pgzV4&4=H=q-bZ6FiP^rBhg%JCQac!#bO=$t}X
zXFTuc=vHdu89~Nzj`QiQ1X&cdbv{e+O3J@Mbj-W|l86PY?pz&KVJc@xKhVMR*i(#h
zr8L(S0^=R0k!kLW>TyNadu=ojHR#rW*nb(k-F-2ts!zZGObnBZ3iG{3>v6ldeM)}s
zw^<)Qo5+A>vi`)1+vebFY4&(fFZgM%p=0`c=nt7i)KZNZ&p%)I=}_`-9y0$225tY|
z0QcqSi~PwWIm`yYP1knuA^)ug^h1!sKtYQ=^)lu*uBXH~eKPfxchXkI$0Y=&3oJK;
zXL`3rnO2wP@qe|4+=A7l`hvOg@4c)-V7C?%^D5Sgm*e%*3m4Vng9*gZ8*K{|j^-~}
zCOo*aj@9qOr|V}MRK7FFAzv!1oV(rUrwoo6_OP7S-=3Iy-!?K>)gcv{a*iP-zWBZ!
z+xX_jb6cy&^Ndd|=iKgIAAL_f!kb%rL(yGl_-9%Y6|WFeRBxDQE?&04oUF{-I2=Q(
zaKZCpN3xyn(WYWxjRNbJ;?_<@hS-r~IBPaOHXC@DeW`LHjJIj%-?$CoWJ`xrg`B9V
zv&P5Jh?j)Sj#CsyML0qg?^?Ih>@_mGFKvBHG~SjEC<+-VI>Ff#2{t3ud_dM{;x8$;
zuG5-<2r@nEx!VajsGMxd%=%U&>4xaRH>=`aNo#^M*sPkKw*?2t3+yy*3zziimL6{n
zPi|;9IEqE=O*9)_#X=t^wf~^L7hr^(npY?_hwbAE?i{k&oDjaV`DBC5=aa;dcyOd(
zVPCPkDb>yNCRXSw=0Qu$J6Vau<tTW?dpF41=pBoUyhk?R@Zmj$o8eQ2M>uY81CFi#
z;G^z~MUr}xdo20`w`nHQltbl0J-oYr3ljx48SY+~+L4oRr5s@oZOIqyYkpX|m}E59
zZU{UkXVu%d<OcVN5)fBCh$=!CoYV^@2>ipc|4)ipthF-m9;8MWx-hYG%w22;XP6^s
zjMNUcYIVX%Yno8@16Bm@bgtZvDfwtD$S4uVsaU6+g>J<hx^`4VJM7R|B>Ix_#o<%H
zZ;Fxaj~V$t-sx^7uvg^bK143DKZyAdD3|d@+YzcJ5W@G_;$ykR$AalPcZ&lO@^KS#
z1bjM&#m6wPSQihNAQ?@wh#)?TZbPJXHJ~BT9mN?UO5C6erSV!rlgCNzlMjF;F|CaZ
zKQ;km!t;EmQ%aoESbRo&DI8Fu!*2rFy4)0s%ah|D9rwD_&5U@O8Tg+27%c=yhs|$S
z^4Dbod3G6Qc&Aw$_7n?dDkf2@-XY!H!%@HC3~*P2?t-zp&C&!mm(Yo91|haRqx;Wr
z6%b1TnasYpDd6(;wLIRmzPdn5zurDV96QU;HN5mUHqtff#jEE~XK2Xegih`r3Cs8t
zDNVw+WyhpNkq;(UGp-OR=;M_|-5)G$ArTY)UYGhd>Lju|IohdT{lD;orQAAz*e$4b
z_#Qv$k{)mr)IPi_kN(PAWYE^b$WU4H6{T$YSeuzbi~nYg?u#=g5;qs{8-<#lviQ_M
zlSXef;;$x62Qhw|N8+em`|M(;=6Q_t(Fr2Os~QJZ%N)L{UDS>HbX?2nVd3X@5fSkY
zPdvZ3;de+9WUDSjh^ynHarS(3_wv2~1bRck_1?a8P_2RjN+8zT3xHvl{b!Dhe{+ci
zmkr0mxTHjX8q2ef{W2EW)jZK`u6pas-J2eq9F$xTCG!X`(cxiqqjmze45KwkX>a`*
zGGGqHgs(xoh$Bv#)hNpvJ^`aX-Ny2ZLXj@#uN<sxQYqoPtWLwWqB+x&0_O3YhEx~X
zLB>KfinOwSvI44<gIR~NR7#M*v}f`P@C(U?2-59@^C$SraibLc9Ix+NxaBf;2fTn<
z^l=x~7UF<Ia-DT&CkK)Hkk;AbLyMjLv4yb{oE01#9O@f3X$7<ES-};ybZaaQPZ>Lp
z>z`Xvu@p)53}F5)+@zd-3)bdSGLrsyTA86i>d9Q<vYR3ppV)Ax;0PaN0zE<KlO_3z
zp#lciRImD;I_BaYJscitB%@v#I@}7Op2i&Dr*MWR9-?th9|w#;If<Qr`0!3p%FN58
zTxpT&oKMexqvXX7{yx!xhyXiC8HLFM_M{8W@bIZ`vHBke0?hHVmm$`6ruFAY;zdJ!
zq<asB2t;IYeFP@Lpt$m9MV?)AB=XT)rF>ugGsN8{OapY4z-_jl2_N-x!cfHK1|5N8
zqlKZj=8^O7a4pUZcDgMNm`5-_L&23WuQL!5+A6gk0Kb?Q*dhO$he@H=j~^Or1b9>Y
z6bEBqbJ{Tw3+gf|TERlge`fGD`UsOad>oM>R)S`!p3!>({n&Psw|Hr{erbD0TH4Uv
z2G$6psiy-;2GvE*3f2?t><bF%tb=2GX`o85L+kB61tvh6;+N=6baQKfvw)Rs+c8AK
z><9Ts=Ngs~L+F!dDQR*rW4ftGzw3t$MzEeMQPH9dIVP*a%^E?4=uSeGdWjU-(G}!T
zo{*cR)QmK3Gr|Nv27|OERJR=gfO;2vHc;Mep(dU8%)ue8Yfd(Tm-UN+zW?fPEznpa
zvBy6GYnSNvobmrbnP#_3-H%Q<AmayN|2m!CspJ2cfoU*6F6z1t*Cg=z9{94b{*D@3
z{b+5Sh@32a&~K=EDnoZjk-LU@Kn{x_TD?;1byAhtp}76kO6yP!A_|ex-#lqUd6r)Y
z1J#t!D&Kr~bJNpxYK_%A!tdJVfr)X&bVdqNB{(S#^I;*bQ6@VdTHjWZswQLye1h<k
z4_TnrdHc{u>_HYRaq=b*Oxvh-GjAE6Cz<uPdf3^*hhEgXSEM+G1w4v>8~e$?NYcTB
zS?Y9_`irou19o@otsQUbqxAD6x!)_sa?Yu)b~#Z5ulfXd=+(HiC!JKXPI4_Sn(DKg
z5?&n<T%cA(xH`V43?=a)DJmY~?r!?RrlX>AYSqW#r0S%We}Wsuqt{deoU{_=UR^7-
zUtQINR+z^l^#sSV;}Lq1X|2;4ltInQ$B#aAfBe>sIVJu;=U1V^jnE`vhL@twt#6+t
z5ZT}VVq+s1S3E$MLak~6{uoK9$*w<!`^o+Zn~!aRPMh>u{RkG#_<Vs@hz&XZ7d5r=
zF?j1S6VpiM_U^`BbO<(UTqW>)z?o{$M08<f#6eQ}4X95@>P==Wa(9J)@{2eP36_T(
z91F}9X&pgo4`a<?7(}&AI}W#NLaGIE@IJwcF+)`F50-f_L0fN!sGm)XU(hSJ8>~vF
ze<^+Jm@V_eFm3ea#!}eCP5w=@HgEUk`^W5_`BcvtEi5fxbgEscKKF5sdG1BCoQOA}
z?33Q{RSK8`X4%e)1+DljQQW!V<Y)Gt^7Mo2EDyau_0|P6aHB2G_M4`WKIm7!rN+nC
zM|eJn6r;<z$Ctl<Nk@R2d?i&^TT6Ko>M0d1ejcwAiw)yB&Z9ux=(p+Af!_9P1vdOc
z`lGSt+C==<W6g^otla@biE6}=M~0J%-LXAfQdjlVx)5D`l{ej%)2ptzOin$wyYfg>
zy4dRS<5pK!^;bfUY6er1KA6KV1(F4#Q$Np-bJCf@nJ-*=cq%n;RVAAYt*KHhU!i@&
zP5YF>YfY*F3dZ^YEeK<7K9i4)4c%cZKf|-;+9-_E<R|;jiwB3@3BDhT#Zql@;t+uk
zT2Vwu8qZ}|D2YLp1;rof7jn7<<w9uv3Fk{WWSAmcGgU=^{(6`I5!(^n>qy7mJVWmL
zu2zm}UBjolj1yl~OiYBXD=8|9x^GyWdUw%LY~iY*LvGr7Q%8|li9=0{WZdej2A3L5
z?~%&j6boNk-}uaCbuW%d&NNjf750<8Z5gCX4ZO`UGxylf++!-gTU!74q|gxQMy5kZ
z18tA$!GVTWXY<o2BN$Qq?ci!n6y_ms231VfBhn?*58LBME20P-uOGxyhg~EhVxt(r
zY2wF<JnMEH>C$Uko;LYepwhT(sARr3F;)uynY4xB;=m_L&IJQ^+nMv&oE>Y~4#WP2
z^KRow>>C2n{V%DHx?a_vxwOFl@(vh?G>eU`Nb#0<3E@9{9QU*~nec|m3oIU-v^y^`
zad=RqE{eg{>=v1b%S=Jj@j7ic5~wU?{0ACvJ@K*#GId!pCL_<CjmL5<$!<UkNfr_m
zkf~=q4Jj8doEJZ%PaJ=n?(`!S0Rvet4tPLa=X;0yh|BMXBbHR2ReW81vT7i4uBL2p
z`1upc#}}pEfBkei;I92#lKp0-+KBN%nt1eP<gxJT%9RjB3z-}GXJ;ua%sj|)VUaq_
zt*8c>I{BiUxM&gR3xy||$|YnW>3)pTcaomYVz4@huqSdgs%K);$hVN1^w>ewvnY+~
z<Y`Xb7EiLowrd>`ysKQ9jDeNsRiAe4ej(0rmsT8@v?2VQxe6I}svPuUwKCBWt*8*$
z!<$cThlU0_b{W`R_#E~4u7jtY?o?;Og{tA_YpR~F5aZEO4&|B!%bxdF9bYWZj|<bi
z!DdQjYT`SzB!R{Jd}l>5RC2?S7WJ&zckPo#IM@d7$;4%phcJ*JSfl)VJjJ=kZ<DEq
zu-;MAG*_xKb$}x@DQ`KdJYXEiFx9EO^psVQ57KF~a!<wIo?4J-mah?eW6_kFuIDx$
z)*NEPF5`f>u68RKG3SGP0kN!0?u~`jeHF_m&Q*MEc}vfr|3TYx)1-IS&&7y~dG<xK
zorpIc2nA+Y2=b3nn(XX><HUoUJk}#x>@V%tHtCLYT78@}^1Q0&szg5@_mujO$HT7m
ztAY+ynlm+y)SEpxoH&Qof|D>#KGBekk&i$wF1uE7EY*6m(+-SIWl-X+K2CA@*dl4{
zR{Zr%(ZzN0drC7-Y5ndC{2S?{>fkw}lEk_lpW@4NYehv-cQyY~o}^X*TRL4;Qt{Z>
zD;HN_y7u*U|5xo-_?b1XjyY-~7`VGG){}!4C)Sk4-;_r2!HRGz*VF<3Yf_^ss;cC-
zl}q*64=Xi(wk8QyRN!kByo_Mu?BJ&e#kEQVdxV|{kC}?U7N)nvr8oiOjnAXQ#{T^5
zOCzKkevvO;8hMBM2W;Ijj(c=}{cAza2Tn8nT^e8QbQ@=lHdj5w9}a{S2t->h&jT;G
zV^|;{9o8TC>w9IzFHvu}ju|t~CRCO!UnN}EJ+?8B*-ly=HD<a1Mn4)aZvFJA)1eCK
zEJu`uS~dkcD2|7|_d_zHLJePGU#HbiF6Mo6d_s$Fl9*x5bam#Cqv*kMhxwk)WR0$*
zuGf_WRmNOU5Xf~!WC^wwq%ilPg$}ZcZDQkI?VAJUNsQAs+wziUBSZQ*FZ<j~x@t|I
zVjFh&LL{lJi;km^#3c~qziOykzPcu1jOOGBu&WKZ?|FVIB;e7>bGB=r?_wV0J$~T8
z6LzbTmMK57k(Wlt<XMM)tVoNRkTy%G(DT=J!fB5`#Ly0$S84HOOOHCkHTg_;KJm!H
zwErVw;+uxb_tPmp)OuD=tfaTs#uu8rlH%=p{@LWJ>r>aSUup3|y6~}F7jQt(VE}`;
zn1BEN!cd_?yww#oF8<njwL-!miQG(?{EhIF99)nGXLGgg8ife)wF}|6WgwbDLsF34
zwa*uF7ml76&{jRH2%H!NmBMQf+V?W%@3YAkN?uwg`tk|!@nLMTS8|pk<LbPU^VF9o
zUFB1Q)>dv7&-%lnmOm%fn9s+Sb~?hb3n^*3s8uz=Mo%6pxV6#8-@nX9N6CGO&9fjG
zgG}w#V_snb)%$1caf;Yz1+}xZs17Od9)!RtB->bKY*G{B>}xDD@`_m7EMu0+bWRB6
zl`{<8VkwZ!QoM!56i5^zAxSFvRONi}f7(%M6&BsnU?q;!$9r&ux8A+h+?G39q|*~l
zD)8c1mk?cxT%7X3tM7XhAsQ?1Fi3LLFNuz#BQ;F)5R4Sr(-yL{Sk(FnsZV`4ILHxq
z)en^&Gj*}C3{|W)(Pxv<hu@4kp>dX9tpE9j`7%Cr<)G2+zQT)I&#*)BYi`$!zjnW;
zq3%9AnxW5F!uKM)JxQagsA<zLa%5fh;=+UWW8jH25NU9RZ0&T&)8~7#ahe>f*yN%q
z^SROyGUlCH*K@*=XdL-m?j-o9i_m<FOyP6-{H`%)FtEkwAvs1Fkp#3*ESFeYydz<G
zcOZ<itkjKXLK2HZ%~TY%+x#CqBkoG9&761>jGxlcVR+4Lko=W~v4e%`)0ZmCwUrrP
z2fVy+KX0BgRA2%(k2bX1`^U}01vhUV!+hYf5!HAvJ;9yf>@#khK2(sycXh6GaE$x+
zuwj{sMty)8p4O&SxWHB@n3{kjq>(uQX`62F9%{~}p1q(P5w)bkOYyPm{_s$l({k03
zix-YNTb^AOb99)my3~@;@gV=xG9jD#@ToX__FbFQi8Dv2LW2-)ylk|Z`Zsv}s5H|Q
ztYw<nFco_&qca77tHFV$fQf>@K9wj)a00R}{w$<IO&=an|M1v*(_7b_+8UaavFW_*
zMNk1zgHPiU`ig5zhhJWL;mRTK!einS;Y~j0oLW!8OP^({`J+idhIEup=0`xncyK=)
ziBLV|9h7^<-9qr*d3IVp@|9^AmidT-(u1!M^H$EhxA|U4M2L&b*=9+_@0uF}6hjEG
zA*|F0`-b}ZVWaiwgUx{{QKilw^J>NJSEmzVd|bQJEb!TRld?37T6JreJ5DzS`yK+d
zd(p20cEYliX~p4(^`dXADAOmM)TROgJm1YpNr-&9qP?u<?s+9=;ib_GSt!Dr<l{pA
z=gLa(Bok(`VMYiMGzt<lW;3fqZhwuxmK_M;TmK&``CtEmxv?_gnRVaD{0sq13IhJ8
NqM$CHCu`#U{{c4rHk|+f


From 37307850904a8474a466fa1fb99371380d1c2a91 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 14:45:35 -0700
Subject: [PATCH 17/92] renaming network exhaust doc

---
 windows/manage/TOC.md                                      | 2 +-
 ...re-windows-10-devices-to-stop-data-flow-to-microsoft.md | 7 +------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md
index 621ce3f5ca..9a7fe85b18 100644
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@@ -18,7 +18,7 @@
 #### [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)
 #### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](set-up-a-kiosk-for-windows-10-for-mobile-edition.md)
 ### [Lock down Windows 10 to specific apps](lock-down-windows-10-to-specific-apps.md)
-### [Configure Windows 10 devices to stop data flow to Microsoft](configure-windows-10-devices-to-stop-data-flow-to-microsoft.md)
+### [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 ### [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
 ### [Configure access to Windows Store](stop-employees-from-using-the-windows-store.md)
 ### [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md)
diff --git a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
index af80d923ca..66f10dbf1e 100644
--- a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
+++ b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
@@ -1,11 +1,6 @@
 ---
 title: Configure Windows 10 devices to stop data flow to Microsoft (Windows 10)
-description: If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider.
-ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
-keywords: privacy, stop data flow to Microsoft
-ms.prod: W10
-ms.mktglfcycl: manage
-ms.sitesec: library
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services
 ---
 
 # Configure Windows 10 devices to stop data flow to Microsoft

From 92d301af76670b278b742624514a116e6cb9a3a3 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 14:46:07 -0700
Subject: [PATCH 18/92] renaming network exhaust doc

---
 ...system-components-to-microsoft-services.md | 1264 +++++++++++++++++
 1 file changed, 1264 insertions(+)
 create mode 100644 windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
new file mode 100644
index 0000000000..f8496916b0
--- /dev/null
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -0,0 +1,1264 @@
+---
+title: Manage connections from Windows operating system components to Microsoft services (Windows 10)
+description: If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider.
+ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
+keywords: privacy, manage connections to Microsoft
+ms.prod: W10
+ms.mktglfcycl: manage
+ms.sitesec: library
+---
+
+# Manage connections from Windows operating system components to Microsoft services
+
+**Applies to**
+
+-   Windows 10
+
+If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
+
+Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro.
+
+If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
+
+Some of the network connections discussed in this article can be managed in Windows 10 Mobile, Windows 10 Mobile Enterprise, and the July release of Windows 10. However, you must use Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511 to manage them all.
+
+In Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511, you can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft services as described in this article to prevent Windows from sending any data to Microsoft. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
+
+We are always working on improving Windows 10 for our customers. We invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows 10 work better for your organization.
+
+Here's what's covered in this article:
+
+-   [Info management settings](#bkmk-othersettings)
+
+    -   [1. Cortana](#bkmk-cortana)
+
+        -   [1.1 Cortana Group Policies](#bkmk-cortana-gp)
+
+        -   [1.2 Cortana MDM policies](#bkmk-cortana-mdm)
+
+        -   [1.3 Cortana Windows Provisioning](#bkmk-cortana-prov)
+
+    -   [2. Date & Time](#bkmk-datetime)
+
+    -   [3. Device metadata retrieval](#bkmk-devinst)
+
+    -   [4. Font streaming](#font-streaming)
+
+    -   [5. Insider Preview builds](#bkmk-previewbuilds)
+
+    -   [6. Internet Explorer](#bkmk-ie)
+
+        -   [6.1 Internet Explorer Group Policies](#bkmk-ie-gp)
+
+        -   [6.2 ActiveX control blocking](#bkmk-ie-activex)
+
+    -   [7. Live Tiles](#live-tiles)
+    
+    -   [8. Mail synchronization](#bkmk-mailsync)
+
+    -   [9. Microsoft Edge](#bkmk-edge)
+
+        -   [9.1 Microsoft Edge Group Policies](#bkmk-edgegp)
+
+        -   [9.2 Microsoft Edge MDM policies](#bkmk-edge-mdm)
+
+        -   [9.3 Microsoft Edge Windows Provisioning](#bkmk-edge-prov)
+
+    -   [10. Network Connection Status Indicator](#bkmk-ncsi)
+
+    -   [11. Offline maps](#bkmk-offlinemaps)
+
+    -   [12. OneDrive](#bkmk-onedrive)
+
+    -   [13. Preinstalled apps](#bkmk-preinstalledapps)
+
+    -   [14. Settings &gt; Privacy](#bkmk-settingssection)
+
+        -   [14.1 General](#bkmk-priv-general)
+
+        -   [14.2 Location](#bkmk-priv-location)
+
+        -   [14.3 Camera](#bkmk-priv-camera)
+
+        -   [14.4 Microphone](#bkmk-priv-microphone)
+
+        -   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
+
+        -   [14.6 Account info](#bkmk-priv-accounts)
+
+        -   [14.7 Contacts](#bkmk-priv-contacts)
+
+        -   [14.8 Calendar](#bkmk-priv-calendar)
+
+        -   [14.9 Call history](#bkmk-priv-callhistory)
+
+        -   [14.10 Email](#bkmk-priv-email)
+
+        -   [14.11 Messaging](#bkmk-priv-messaging)
+
+        -   [14.12 Radios](#bkmk-priv-radios)
+
+        -   [14.13 Other devices](#bkmk-priv-other-devices)
+
+        -   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
+
+        -   [14.15 Background apps](#bkmk-priv-background)
+
+    -   [15. Software Protection Platform](#bkmk-spp)
+
+    -   [16. Sync your settings](#bkmk-syncsettings)
+
+    -   [17. Teredo](#bkmk-teredo)
+
+    -   [18. Wi-Fi Sense](#bkmk-wifisense)
+
+    -   [19. Windows Defender](#bkmk-defender)
+
+    -   [20. Windows Media Player](#bkmk-wmp)
+
+    -   [21. Windows spotlight](#bkmk-spotlight)
+
+    -   [22. Windows Store](#bkmk-windowsstore)
+
+    -   [23. Windows Update Delivery Optimization](#bkmk-updates)
+
+        -   [23.1 Settings &gt; Update & security](#bkmk-wudo-ui)
+
+        -   [23.2 Delivery Optimization Group Policies](#bkmk-wudo-gp)
+
+        -   [23.3 Delivery Optimization MDM policies](#bkmk-wudo-mdm)
+
+        -   [23.4 Delivery Optimization Windows Provisioning](#bkmk-wudo-prov)
+
+    -   [24. Windows Update](#bkmk-wu)
+
+## What's new in Windows 10, version 1511
+
+
+Here's a list of changes that were made to this article for Windows 10, version 1511:
+
+-   Added the following new sections:
+
+    -   [Mail synchronization](#bkmk-mailsync)
+
+    -   [Offline maps](#bkmk-offlinemaps)
+
+    -   [Windows spotlight](#bkmk-spotlight)
+
+    -   [Windows Store](#bkmk-windowsstore)
+
+-   Added the following Group Policies:
+
+    -   Open a new tab with an empty tab
+
+    -   Configure corporate Home pages
+
+    -   Let Windows apps access location
+
+    -   Let Windows apps access the camera
+
+    -   Let Windows apps access the microphone
+
+    -   Let Windows apps access account information
+
+    -   Let Windows apps access contacts
+
+    -   Let Windows apps access the calendar
+
+    -   Let Windows apps access messaging
+
+    -   Let Windows apps control radios
+
+    -   Let Windows apps access trusted devices
+
+    -   Do not show feedback notifications
+
+    -   Turn off Automatic Download and Update of Map Data
+
+    -   Force a specific default lock screen image
+
+-   Added the AllowLinguisticDataCollection MDM policy.
+
+-   Added steps in the [Cortana](#bkmk-cortana) section on how to disable outbound traffic using Windows Firewall.
+
+-   Changed the Windows Update section to apply system-wide settings, and not just per user.
+
+## <a href="" id="bkmk-othersettings"></a>Info management settings
+
+
+This section lists the components that make network connections to Microsoft services automatically. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
+
+The settings in this section assume you are using Windows 10, version 1511 (currently available in the Current Branch and Current Branch for Business). They will also be included in the next update for the Long Term Servicing Branch.
+
+-   [1. Cortana](#bkmk-cortana)
+
+-   [2. Date & Time](#bkmk-datetime)
+
+-   [3. Device metadata retrieval](#bkmk-devinst)
+
+-   [4. Font streaming](#font-streaming)
+
+-   [5. Insider Preview builds](#bkmk-previewbuilds)
+
+-   [6. Internet Explorer](#bkmk-ie)
+
+-   [7. Live Tiles](#live-tiles)
+
+-   [8. Mail synchronization](#bkmk-mailsync)
+
+-   [9. Microsoft Edge](#bkmk-edge)
+
+-   [10. Network Connection Status Indicator](#bkmk-ncsi)
+
+-   [11. Offline maps](#bkmk-offlinemaps)
+
+-   [12. OneDrive](#bkmk-onedrive)
+
+-   [13. Preinstalled apps](#bkmk-preinstalledapps)
+
+-   [14. Settings &gt; Privacy](#bkmk-settingssection)
+
+-   [15. Software Protection Platform](#bkmk-spp)
+
+-   [16. Sync your settings](#bkmk-syncsettings)
+
+-   [17. Teredo](#bkmk-teredo)
+
+-   [18. Wi-Fi Sense](#bkmk-wifisense)
+
+-   [19. Windows Defender](#bkmk-defender)
+
+-   [20. Windows Media Player](#bkmk-wmp)
+
+-   [21. Windows spotlight](#bkmk-spotlight)
+
+-   [22. Windows Store](#bkmk-windowsstore)
+
+-   [23. Windows Update Delivery Optimization](#bkmk-updates)
+
+-   [24. Windows Update](#bkmk-wu)
+
+
+See the following table for a summary of the management settings. For more info, see its corresponding section.
+
+![Management settings table](images/settings-table.png)
+
+### <a href="" id="bkmk-cortana"></a>1. Cortana
+
+Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730683).
+
+### <a href="" id="bkmk-cortana-gp"></a>1.1 Cortana Group Policies
+
+Find the Cortana Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Search**.
+
+| Policy                                               | Description                                                                           |
+|------------------------------------------------------|---------------------------------------------------------------------------------------|
+| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.                          |
+| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.          |
+| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search. <br /> Default: Disabled|
+| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.                                        |
+| Set what information is shared in Search             | Control what information is shared with Bing in Search.                               |
+
+When you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
+
+1.  Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Firewall with Advanced Security** &gt; **Windows Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
+
+2.  Right-click **Outbound Rules**, and then click **New Rule**. The **New Outbound Rule Wizard** starts.
+
+3.  On the **Rule Type** page, click **Program**, and then click **Next**.
+
+4.  On the **Program** page, click **This program path**, type **%windir%\\systemapps\\Microsoft.Windows.Cortana\_cw5n1h2txyewy\\SearchUI.exe**, and then click **Next**.
+
+5.  On the **Action** page, click **Block the connection**, and then click **Next**.
+
+6.  On the **Profile** page, ensure that the **Domain**, **Private**, and **Public** check boxes are selected, and then click **Next**.
+
+7.  On the **Name** page, type a name for the rule, such as **Cortana firewall configuration**, and then click **Finish.**
+
+8.  Right-click the new rule, click **Properties**, and then click **Protocols and Ports**.
+
+9.  Configure the **Protocols and Ports** page with the following info, and then click **OK**.
+
+    -   For **Protocol type**, choose **TCP**.
+
+    -   For **Local port**, choose **All Ports**.
+
+    -   For **Remote port**, choose **All ports**.
+
+> **Note:**  If your organization tests network traffic, you should not use Fiddler to test Windows Firewall settings. Fiddler is a network proxy and Windows Firewall does not block proxy traffic. You should use a network traffic analyzer, such as WireShark or Message Analyzer.
+
+### <a href="" id="bkmk-cortana-mdm"></a>1.2 Cortana MDM policies
+
+The following Cortana MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+| Policy                                               | Description                                                                                         |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Experience/AllowCortana                              | Choose whether to let Cortana install and run on the device.                                        |
+| Search/AllowSearchToUseLocation                      | Choose whether Cortana and Search can provide location-aware search results. <br /> Default: Allowed|
+
+### <a href="" id="bkmk-cortana-prov"></a>1.3 Cortana Windows Provisioning
+
+To use Windows Imaging and Configuration Designer (ICD) to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies** to find **Experience** &gt; **AllowCortana** and **Search** &gt; **AllowSearchToUseLocation**.
+
+### <a href="" id="bkmk-datetime"></a>2. Date & Time
+
+You can prevent Windows from setting the time automatically.
+
+-   To turn off the feature in the UI: **Settings** &gt; **Time & language** &gt; **Date & time** &gt; **Set time automatically**
+
+    -or-
+
+-   Create a REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters** with a value of **NoSync**.
+
+### <a href="" id="bkmk-devinst"></a>3. Device metadata retrieval
+
+To prevent Windows from retrieving device metadata from the Internet, apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Device Installation** &gt; **Prevent device metadata retrieval from the Internet**.
+
+### <a href="" id="font-streaming"></a>4. Font streaming
+
+Starting with Windows 10, fonts that are included in Windows but that are not stored on the local device can be downloaded on demand.
+
+To turn off font streaming, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1.
+
+> **Note:**  This may change in future versions of Windows.
+
+### <a href="" id="bkmk-previewbuilds"></a>5. Insider Preview builds
+
+To turn off Insider Preview builds if you're running a released version of Windows 10. If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds.
+
+-   Turn off the feature in the UI: **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Stop Insider builds**.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Toggle user control over Insider builds**.
+
+    -or-
+
+-   Apply the System/AllowBuildPreview MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
+
+    -   **0**. Users cannot make their devices available for downloading and installing preview software.
+
+    -   **1**. Users can make their devices available for downloading and installing preview software.
+
+    -   **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
+
+    -or-
+
+-   Create a provisioning package: **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowBuildPreview**, where:
+
+    -   **0**. Users cannot make their devices available for downloading and installing preview software.
+
+    -   **1**. Users can make their devices available for downloading and installing preview software.
+
+    -   **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
+
+### <a href="" id="bkmk-ie"></a>6. Internet Explorer
+
+Use Group Policy to manage settings for Internet Explorer.
+
+### <a href="" id="bkmk-ie-gp"></a>6.1 Internet Explorer Group Policies
+
+Find the Internet Explorer Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Internet Explorer**.
+
+| Policy                                               | Description                                                                                         |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Turn on Suggested Sites| Choose whether an employee can configure Suggested Sites. <br /> Default: Enabled <br /> You can also turn this off in the UI by clearing the **Internet Options** &gt; **Advanced** &gt; **Enable Suggested Sites** check box.|
+| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | Choose whether an employee can configure enhanced suggestions, which are presented to the employee as they type in the address bar. <br /> Default: Enabled|
+| Turn off the auto-complete feature for web addresses | Choose whether auto-complete suggests possible matches when employees are typing web address in the address bar. <br /> Default: Disabled </br> You can also turn this off in the UI by clearing the <strong>Internet Options</strong> &gt; **Advanced** &gt; **Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog** check box.|
+| Disable Periodic Check for Internet Explorer software updates| Choose whether Internet Explorer periodically checks for a new version. <br /> Default: Enabled |
+| Turn off browser geolocation | Choose whether websites can request location data from Internet Explorer. <br /> Default: Disabled|
+
+### <a href="" id="bkmk-ie-activex"></a>6.2 ActiveX control blocking
+
+ActiveX control blocking periodically downloads a new list of out-of-date ActiveX controls that should be blocked. You can turn this off by changing the REG\_DWORD registry setting **HKEY\_CURRENT\_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to 0 (zero).
+
+For more info, see [Out-of-date ActiveX control blocking](http://technet.microsoft.com/library/dn761713.aspx).
+
+### <a href="" id="live-tiles"></a>7. Live Tiles
+
+To turn off Live Tiles:
+
+-   Apply the Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn Off notifications network usage**
+
+### <a href="" id="bkmk-mailsync"></a>8. Mail synchronization
+
+To turn off mail synchronization for Microsoft Accounts that are configured on a device:
+
+-   In **Settings** &gt; **Accounts** &gt; **Your email and accounts**, remove any connected Microsoft Accounts.
+
+    -or-
+
+-   Remove any Microsoft Accounts from the Mail app.
+
+    -or-
+
+-   Apply the Accounts/AllowMicrosoftAccountConnection MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed. This does not apply to Microsoft Accounts that have already been configured on the device.
+
+To turn off the Windows Mail app:
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Mail** &gt; **Turn off Windows Mail application**
+
+### <a href="" id="bkmk-edge"></a>9. Microsoft Edge
+
+Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730682).
+
+### <a href="" id="bkmk-edgegp"></a>9.1 Microsoft Edge Group Policies
+
+Find the Microsoft Edge Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge**.
+
+> **Note:**  The Microsoft Edge Group Policy names were changed in Windows 10, version 1511. The table below reflects those changes.
+
+| Policy                                               | Description                                                                                         |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Turn off autofill                                    | Choose whether employees can use autofill on websites. <br /> Default: Enabled                      |
+| Allow employees to send Do Not Track headers         | Choose whether employees can send Do Not Track headers.<br /> Default: Disabled                     |
+| Turn off password manager                            | Choose whether employees can save passwords locally on their devices. <br /> Default: Enabled       |
+| Turn off address bar search suggestions              | Choose whether the address bar shows search suggestions. <br /> Default: Enabled                    |
+| Turn off the SmartScreen Filter                      | Choose whether SmartScreen is turned on or off.  <br /> Default: Enabled                            |
+| Open a new tab with an empty tab                     | Choose whether a new tab page appears.  <br /> Default: Enabled                                     |
+| Configure corporate Home pages                       | Choose the corporate Home page for domain-joined devices. <br /> Set this to **about:blank**        |
+
+### <a href="" id="bkmk-edge-mdm"></a>9.2 Microsoft Edge MDM policies
+
+The following Microsoft Edge MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+| Policy                                               | Description                                                                                         |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Browser/AllowAutoFill                                | Choose whether employees can use autofill on websites. <br /> Default: Allowed                      |
+| Browser/AllowDoNotTrack                              | Choose whether employees can send Do Not Track headers.<br /> Default: Not allowed                  |
+| Browser/AllowPasswordManager                         | Choose whether employees can save passwords locally on their devices. <br /> Default: Allowed       |
+| Browser/AllowSearchSuggestionsinAddressBar           | Choose whether the address bar shows search suggestions.. <br /> Default: Allowed                   |
+| Browser/AllowSmartScreen                             | Choose whether SmartScreen is turned on or off.  <br /> Default: Allowed                            |
+
+### <a href="" id="bkmk-edge-prov"></a>9.3 Microsoft Edge Windows Provisioning
+
+Use Windows ICD to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies**.
+
+For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](http://technet.microsoft.com/library/mt270204.aspx).
+
+### <a href="" id="bkmk-ncsi"></a>10. Network Connection Status Indicator
+
+Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftncsi.com to determine if the device can communicate with the Internet. For more info about NCIS, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
+
+You can turn off NCSI through Group Policy:
+
+-   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off Windows Network Connectivity Status Indicator active tests**
+
+> **Note**  After you apply this policy, you must restart the device for the policy setting to take effect.
+
+### <a href="" id="bkmk-offlinemaps"></a>11. Offline maps
+
+You can turn off the ability to download and update offline maps.
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Maps** &gt; **Turn off Automatic Download and Update of Map Data**
+
+### <a href="" id="bkmk-onedrive"></a>12. OneDrive
+
+To turn off OneDrive in your organization:
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent the usage of OneDrive for file storage**
+
+### <a href="" id="bkmk-preinstalledapps"></a>13. Preinstalled apps
+
+Some preinstalled apps get content before they are opened to ensure a great experience. You can remove these using the steps in this section.
+
+To remove the News app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage**
+
+To remove the Weather app:
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingWeather"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage**
+
+To remove the Money app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingFinance"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage**
+
+To remove the Sports app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingSports"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage**
+
+To remove the Twitter app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "\*.Twitter"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage \*.Twitter | Remove-AppxPackage**
+
+To remove the XBOX app:
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.XboxApp"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage**
+
+To remove the Sway app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.Office.Sway"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage**
+
+To remove the OneNote app:
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.Office.OneNote"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage**
+
+To remove the Get Office app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.MicrosoftOfficeHub"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage**
+
+To remove the Get Skype app:
+
+-   Right-click the Sports app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.SkypeApp"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage**
+
+### <a href="" id="bkmk-settingssection"></a>14. Settings &gt; Privacy
+
+Use Settings &gt; Privacy to configure some settings that may be important to your organization. Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
+
+-   [14.1 General](#bkmk-general)
+
+-   [14.2 Location](#bkmk-priv-location)
+
+-   [14.3 Camera](#bkmk-priv-camera)
+
+-   [14.4 Microphone](#bkmk-priv-microphone)
+
+-   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
+
+-   [14.6 Account info](#bkmk-priv-accounts)
+
+-   [14.7 Contacts](#bkmk-priv-contacts)
+
+-   [14.8 Calendar](#bkmk-priv-calendar)
+
+-   [14.9 Call history](#bkmk-priv-callhistory)
+
+-   [14.10 Email](#bkmk-priv-email)
+
+-   [14.11 Messaging](#bkmk-priv-messaging)
+
+-   [14.12 Radios](#bkmk-priv-radios)
+
+-   [14.13 Other devices](#bkmk-priv-other-devices)
+
+-   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
+
+-   [14.15 Background apps](#bkmk-priv-background)
+
+### <a href="" id="bkmk-general"></a>14.1 General
+
+**General** includes options that don't fall into other areas.
+
+To turn off **Let apps use my advertising ID for experiences across apps (turning this off will reset your ID)**:
+
+> **Note:** When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
+
+    -or-
+
+-   Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo**, with a value of 0 (zero).
+
+To turn off **Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Turn off the SmartScreen Filter**.
+
+    Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **File Explorer** &gt; **Configure Windows SmartScreen**.
+
+    -or-
+
+-   Apply the Browser/AllowSmartScreen MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
+
+    -or-
+
+-   Create a provisioning package, using:
+
+    -   For Internet Explorer: **Runtime settings** &gt; **Policies** &gt; **Browser** &gt; **AllowSmartScreen**
+
+    -   For Microsoft Edge: **Runtime settings** &gt; **Policies** &gt; **MicrosoftEdge** &gt; **AllowSmartScreen**
+
+    -or-
+
+-   Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost\\EnableWebContentEvaluation**, with a value of 0 (zero).
+
+To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
+
+> **Note: **  If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically.
+
+ 
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the TextInput/AllowLinguisticDataCollection MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
+
+    -   **0**. Not allowed
+
+    -   **1**. Allowed (default)
+
+To turn off **Let websites provide locally relevant content by accessing my language list**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Create a new REG\_DWORD registry setting called **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile**, with a value of 1.
+
+### <a href="" id="bkmk-priv-location"></a>14.2 Location
+
+In the **Location** area, you choose whether devices have access to location-specific sensors and which apps have access to the device's location.
+
+To turn off **Location for this device**:
+
+-   Click the **Change** button in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Location and Sensors** &gt; **Turn off location**.
+
+    -or-
+
+-   Apply the System/AllowLocation MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Turned off and the employee can't turn it back on.
+
+    -   **1**. Turned on, but lets the employee choose whether to use it. (default)
+
+    -   **2**. Turned on and the employee can't turn it off.
+
+    **Note**  
+    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
+
+    -or-
+
+-   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowLocation**, where
+
+    -   **No**. Turns off location service.
+
+    -   **Yes**. Turns on location service. (default)
+
+To turn off **Location**:
+
+-   Turn off the feature in the UI.
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access location**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+    -or-
+
+To turn off **Location history**:
+
+-   Erase the history using the **Clear** button in the UI.
+
+To turn off **Choose apps that can use your location**:
+
+-   Turn off each app using the UI.
+
+### <a href="" id="bkmk-priv-camera"></a>14.3 Camera
+
+In the **Camera** area, you can choose which apps can access a device's camera.
+
+To turn off **Let apps use my camera**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the camera**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+    -or-
+
+-   Apply the Camera/AllowCamera MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Apps can't use the camera.
+
+    -   **1**. Apps can use the camera.
+
+    **Note**  
+    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
+    
+   -or-
+
+-   Create a provisioning package with use Windows ICD, using **Runtime settings** &gt; **Policies** &gt; **Camera** &gt; **AllowCamera**, where:
+
+    -   **0**. Apps can't use the camera.
+
+    -   **1**. Apps can use the camera.
+
+To turn off **Choose apps that can use your camera**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-microphone"></a>14.4 Microphone
+
+In the **Microphone** area, you can choose which apps can access a device's microphone.
+
+To turn off **Let apps use my microphone**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the microphone**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose apps that can use your microphone**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-speech"></a>14.5 Speech, inking, & typing
+
+In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
+
+> **Note:**  For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
+
+ 
+
+To turn off the functionality:
+
+-   Click the **Stop getting to know me** button, and then click **Turn off**.
+
+   -or-
+
+-   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Regional and Language Options** &gt; **Handwriting personalization** &gt; **Turn off automatic learning**
+
+   -or-
+
+-   Create a REG\_DWORD registry setting called **AcceptedPrivacyPolicy** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Personalization\\Settings**, with a value of 0 (zero).
+
+   -and-
+
+    Create a REG\_DWORD registry setting called **HarvestContacts** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\InputPersonalization\\TrainedDataStore**, with a value of 0 (zero).
+
+### <a href="" id="bkmk-priv-accounts"></a>14.6 Account info
+
+In the **Account Info** area, you can choose which apps can access your name, picture, and other account info.
+
+To turn off **Let apps access my name, picture, and other account info**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access account information**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose the apps that can access your account info**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-contacts"></a>14.7 Contacts
+
+In the **Contacts** area, you can choose which apps can access an employee's contacts list.
+
+To turn off **Choose apps that can access contacts**:
+
+-   Turn off the feature in the UI for each app.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access contacts**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+### <a href="" id="bkmk-priv-calendar"></a>14.8 Calendar
+
+In the **Calendar** area, you can choose which apps have access to an employee's calendar.
+
+To turn off **Let apps access my calendar**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the calendar**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose apps that can access calendar**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-callhistory"></a>14.9 Call history
+
+In the **Call history** area, you can choose which apps have access to an employee's call history.
+
+To turn off **Let apps access my call history**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access call history**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+### <a href="" id="bkmk-priv-email"></a>14.10 Email
+
+In the **Email** area, you can choose which apps have can access and send email.
+
+To turn off **Let apps access and send email**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access email**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+### <a href="" id="bkmk-priv-messaging"></a>14.11 Messaging
+
+In the **Messaging** area, you can choose which apps can read or send messages.
+
+To turn off **Let apps read or send messages (text or MMS)**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access messaging**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose apps that can read or send messages**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-radios"></a>14.12 Radios
+
+In the **Radios** area, you can choose which apps can turn a device's radio on or off.
+
+To turn off **Let apps control radios**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps control radios**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose apps that can control radios**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-other-devices"></a>14.13 Other devices
+
+In the **Other Devices** area, you can choose whether devices that aren't paired to PCs, such as an Xbox One, can share and sync info.
+
+To turn off **Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone**:
+
+-   Turn off the feature in the UI.
+
+To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access trusted devices**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+### <a href="" id="bkmk-priv-feedback"></a>14.14 Feedback & diagnostics
+
+In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft.
+
+To change how frequently **Windows should ask for my feedback**:
+
+**Note**  
+Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
+
+ 
+
+-   To change from **Automatically (Recommended)**, use the drop-down list in the UI.
+
+   -or-
+
+-   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Do not show feedback notifications**
+
+   -or-
+
+-   Create the registry keys (REG\_DWORD type):
+
+    -   HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\PeriodInNanoSeconds
+
+    -   HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\NumberOfSIUFInPeriod
+
+    Based on these settings:
+
+    | Setting       | PeriodInNanoSeconds         | NumberOfSIUFInPeriod        |
+    |---------------|-----------------------------|-----------------------------|
+    | Automatically | Delete the registry setting | Delete the registry setting |
+    | Never         | 0                           | 0                           |
+    | Always        | 100000000                   | Delete the registry setting |
+    | Once a day    | 864000000000                | 1                           |
+    | Once a week   | 6048000000000               | 1                           |
+
+     
+
+To change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**:
+
+-   To change from **Enhanced**, use the drop-down list in the UI. The other levels are **Basic** and **Full**.
+
+    > **Note:**  You can't use the UI to change the telemetry level to **Security**.
+
+     
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection And Preview Builds\\Allow Telemetry**
+
+   -or-
+
+-   Apply the System/AllowTelemetry MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Maps to the **Security** level.
+
+    -   **1**. Maps to the **Basic** level.
+
+    -   **2**. Maps to the **Enhanced** level.
+
+    -   **3**. Maps to the **Full** level.
+
+   -or-
+
+-   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowTelemetry**, where:
+
+    -   **0**. Maps to the **Security** level.
+
+    -   **1**. Maps to the **Basic** level.
+
+    -   **2**. Maps to the **Enhanced** level.
+
+    -   **3**. Maps to the **Full** level.
+
+### <a href="" id="bkmk-priv-background"></a>14.15 Background apps
+
+In the **Background Apps** area, you can choose which apps can run in the background.
+
+To turn off **Let apps run in the background**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-spp"></a>15. Software Protection Platform
+
+Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by applying the following Group Policy:
+
+**Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Activation**
+
+The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
+
+### <a href="" id="bkmk-syncsettings"></a>16. Sync your settings
+
+You can control if your settings are synchronized:
+
+-   In the UI: **Settings** &gt; **Accounts** &gt; **Sync your settings**
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Sync your settings** &gt; **Do not sync**
+
+    -or-
+
+-   Apply the Experience/AllowSyncMySettings MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed.
+
+    -or-
+
+-   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **Experience** &gt; **AllowSyncMySettings**, where
+
+    -   **No**. Settings are not synchronized.
+
+    -   **Yes**. Settings are synchronized. (default)
+
+To turn off Messaging cloud sync:
+
+-   Create a REG\_DWORD registry setting called **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging**, with a value of 0 (zero).
+
+### <a href="" id="bkmk-teredo"></a>17. Teredo
+
+You can disable Teredo by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx).
+
+-   From an elevated command prompt, run **netsh interface teredo set state disabled**
+
+### <a href="" id="bkmk-wifisense"></a>18. Wi-Fi Sense
+
+Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them.
+
+To turn off **Connect to suggested open hotspots** and **Connect to networks shared by my contacts**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Network** &gt; **WLAN Service** &gt; **WLAN Settings** &gt; **Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services**.
+
+    -or-
+
+-   Create a new REG\_DWORD registry setting called **AutoConnectAllowedOEM** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config**, with a value of 0 (zero).
+
+    -or-
+
+-   Change the Windows Provisioning setting, WiFISenseAllowed, to 0 (zero). For more info, see the Windows Provisioning Settings reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620909).
+
+    -or-
+
+-   Use the Unattended settings to set the value of WiFiSenseAllowed to 0 (zero). For more info, see the Unattended Windows Setup reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620910).
+
+When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
+
+### <a href="" id="bkmk-defender"></a>19. Windows Defender
+
+You can opt out of the Microsoft Antimalware Protection Service.
+
+-   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Join Microsoft MAPS**
+
+    -or-
+
+-   Apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+    -or-
+
+-   Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpyNetReporting** to 0 (zero).
+    
+    -and-
+    
+    From an elevated Windows PowerShell prompt, run **set-mppreference -Mapsreporting 0** 
+
+You can stop sending file samples back to Microsoft.
+
+-   Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Send file samples when further analysis is required** to **Always Prompt** or **Never Send**.
+
+    -or-
+
+-   Apply the Defender/SubmitSamplesConsent MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Always prompt.
+
+    -   **1**. (default) Send safe samples automatically.
+
+    -   **2**. Never send.
+
+    -   **3**. Send all samples automatically.
+
+    -or-
+
+-   Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SubmitSamplesConsent** to 0 (zero) to always prompt or 2 to never send.
+
+You can stop downloading definition updates:
+
+-   Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define the order of sources for downloading definition updates** and set it to **FileShares**.
+
+    -and-
+
+-   Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define file shares for downloading definition updates** and set it to nothing.
+
+You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
+
+### <a href="" id="bkmk-wmp"></a>20. Windows Media Player
+
+To remove Windows Media Player:
+
+-   From the **Programs and Features** control panel, click **Turn Windows features on or off**, under **Media Features**, clear the **Windows Media Player** check box, and then click **OK**.
+
+    -or-
+
+-   Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
+
+### <a href="" id="bkmk-spotlight"></a>21. Windows spotlight
+
+Windows spotlight provides different background images and text on the lock screen. You can control it by using the user interface or through Group Policy.
+
+-   Configure the following in **Settings**:
+
+    -   **Personalization** &gt; **Lock screen** &gt; **Background** &gt; **Windows spotlight**, select a different background, and turn off **Show me tips, tricks, and more on the lock screen**.
+
+    -   **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start**.
+
+    -   **System** &gt; **Notifications & actions** &gt; **Show me tips about Windows**.
+
+    -or-
+
+-   Apply the Group Policies:
+
+    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image**.
+        -   Add a location in the **Path to local lock screen image** box.
+
+        -   Set the **Turn off fun facts, tips, tricks, and more on lock screen** check box.
+
+        **Note**  This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Do not display the lock screen**.
+
+         
+
+    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Do not show Windows Tips**.
+
+    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Turn off Microsoft consumer experiences**.
+
+For more info, see [Windows spotlight on the lock screen](../whats-new/windows-spotlight.md).
+
+### <a href="" id="bkmk-windowsstore"></a>22. Windows Store
+
+You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled.
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Disable all apps from Windows Store**.
+
+### <a href="" id="bkmk-updates"></a>23. Windows Update Delivery Optimization
+
+Windows Update Delivery Optimization lets you get Windows updates and Windows Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
+
+By default, PCs running Windows 10 Enterprise and Windows 10 Education will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
+
+Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delivery Optimization.
+
+### <a href="" id="bkmk-wudo-ui"></a>23.1 Settings &gt; Update & security
+
+You can set up Delivery Optimization from the **Settings** UI.
+
+-   Go to **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Choose how updates are delivered**.
+
+### <a href="" id="bkmk-wudo-gp"></a>23.2 Delivery Optimization Group Policies
+
+You can find the Delivery Optimization Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Delivery Optimization**.
+
+| Policy                    | Description                                                                                         |
+|---------------------------|-----------------------------------------------------------------------------------------------------|
+| Download Mode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>None</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>Group</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>Internet</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>LAN</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li></ul>|
+| Group ID                  | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
+| Max Cache Age             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
+| Max Cache Size            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
+| Max Upload Bandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
+
+### <a href="" id="bkmk-wudo-mdm"></a>23.3 Delivery Optimization MDM policies
+
+The following Delivery Optimization MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+| Policy                    | Description                                                                                         |
+|---------------------------|-----------------------------------------------------------------------------------------------------|
+| DeliveryOptimization/DODownloadMode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>0</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>1</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>2</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>3</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li></ul>|
+| DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
+| DeliveryOptimization/DOMaxCacheAge             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
+| DeliveryOptimization/DOMaxCacheSize            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
+| DeliveryOptimization/DOMaxUploadBandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
+
+
+### <a href="" id="bkmk-wudo-prov"></a>23.4 Delivery Optimization Windows Provisioning
+
+If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
+
+Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windows ADK)](http://go.microsoft.com/fwlink/p/?LinkId=526803), to create a provisioning package for Delivery Optimization.
+
+1.  Open Windows ICD, and then click **New provisioning package**.
+
+2.  In the **Name** box, type a name for the provisioning package, and then click **Next.**
+
+3.  Click the **Common to all Windows editions** option, click **Next**, and then click **Finish**.
+
+4.  Go to **Runtime settings** &gt; **Policies** &gt; **DeliveryOptimization** to configure the policies.
+
+For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730684).
+
+### <a href="" id="bkmk-wu"></a>24. Windows Update
+
+You can turn off Windows Update by setting the following registry entries:
+
+-   Add a REG\_DWORD value called **DoNotConnectToWindowsUpdateInternetLocations** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
+
+    -and-
+
+-   Add a REG\_DWORD value called **DisableWindowsUpdateAccess** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
+
+You can turn off automatic updates by doing one of the following. This is not recommended.
+
+-   Add a REG\_DWORD value called **AutoDownload** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
+
+    -or-
+
+-   Apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Notify the user before downloading the update.
+
+    -   **1**. Auto install the update and then notify the user to schedule a device restart.
+
+    -   **2** (default). Auto install and restart.
+
+    -   **3**. Auto install and restart at a specified time.
+
+    -   **4**. Auto install and restart without end-user control.
+
+    -   **5**. Turn off automatic updates.
+
+To learn more, see [Device update management](http://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](http://technet.microsoft.com/library/cc720539.aspx).

From 24e2237b197fce2142f3e3e271321a4d5db6328d Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Thu, 26 May 2016 14:55:45 -0700
Subject: [PATCH 19/92] fix tagging

change W10 to w10 (lower case) and changed author of CFaw to
greg-lindsay
---
 windows/deploy/activate-forest-by-proxy-vamt.md              | 2 +-
 windows/deploy/activate-forest-vamt.md                       | 2 +-
 ...ctivate-using-active-directory-based-activation-client.md | 4 ++--
 windows/deploy/activate-using-key-management-service-vamt.md | 2 +-
 windows/deploy/activate-windows-10-clients-vamt.md           | 2 +-
 windows/deploy/active-directory-based-activation-overview.md | 4 ++--
 ...-10-operating-system-image-using-configuration-manager.md | 4 ++--
 ...deployment-with-windows-pe-using-configuration-manager.md | 4 ++--
 windows/deploy/add-manage-products-vamt.md                   | 2 +-
 windows/deploy/add-remove-computers-vamt.md                  | 2 +-
 windows/deploy/add-remove-product-key-vamt.md                | 2 +-
 ...information-sent-to-microsoft-during-activation-client.md | 2 +-
 .../deploy/assign-applications-using-roles-in-mdt-2013.md    | 2 +-
 ...ld-a-distributed-environment-for-windows-10-deployment.md | 2 +-
 windows/deploy/change-history-for-deploy-windows-10.md       | 4 ++--
 windows/deploy/configure-client-computers-vamt.md            | 2 +-
 windows/deploy/configure-mdt-2013-for-userexit-scripts.md    | 2 +-
 windows/deploy/configure-mdt-2013-settings.md                | 2 +-
 windows/deploy/configure-mdt-deployment-share-rules.md       | 2 +-
 ...ustom-windows-pe-boot-image-with-configuration-manager.md | 4 ++--
 ...ate-a-task-sequence-with-configuration-manager-and-mdt.md | 5 +++--
 windows/deploy/create-a-windows-10-reference-image.md        | 2 +-
 ...-to-deploy-with-windows-10-using-configuration-manager.md | 4 ++--
 windows/deploy/deploy-a-windows-10-image-using-mdt.md        | 4 ++--
 .../deploy-windows-10-using-pxe-and-configuration-manager.md | 4 ++--
 ...ws-10-with-system-center-2012-r2-configuration-manager.md | 4 ++--
 ...eploy-windows-10-with-the-microsoft-deployment-toolkit.md | 2 +-
 windows/deploy/deploy-windows-to-go.md                       | 5 +++--
 ...n-for-windows-10-deployment-with-configuration-manager.md | 4 ++--
 .../get-started-with-the-microsoft-deployment-toolkit.md     | 2 +-
 .../getting-started-with-the-user-state-migration-tool.md    | 4 ++--
 windows/deploy/import-export-vamt-data.md                    | 2 +-
 windows/deploy/index.md                                      | 4 ++--
 windows/deploy/install-configure-vamt.md                     | 2 +-
 windows/deploy/install-kms-client-key-vamt.md                | 2 +-
 windows/deploy/install-product-key-vamt.md                   | 2 +-
 windows/deploy/install-vamt.md                               | 2 +-
 .../deploy/integrate-configuration-manager-with-mdt-2013.md  | 2 +-
 windows/deploy/introduction-vamt.md                          | 2 +-
 windows/deploy/key-features-in-mdt-2013.md                   | 2 +-
 windows/deploy/kms-activation-vamt.md                        | 2 +-
 windows/deploy/local-reactivation-vamt.md                    | 2 +-
 windows/deploy/manage-activations-vamt.md                    | 2 +-
 windows/deploy/manage-product-keys-vamt.md                   | 2 +-
 windows/deploy/manage-vamt-data.md                           | 2 +-
 windows/deploy/mdt-2013-lite-touch-components.md             | 2 +-
 windows/deploy/migrate-application-settings.md               | 4 ++--
 windows/deploy/migration-store-types-overview.md             | 4 ++--
 windows/deploy/monitor-activation-client.md                  | 4 ++--
 ...nitor-windows-10-deployment-with-configuration-manager.md | 4 ++--
 windows/deploy/offline-migration-reference.md                | 4 ++--
 windows/deploy/online-activation-vamt.md                     | 2 +-
 windows/deploy/plan-for-volume-activation-client.md          | 2 +-
 .../deploy/prepare-for-windows-deployment-with-mdt-2013.md   | 2 +-
 ...-installation-of-windows-10-with-configuration-manager.md | 4 ++--
 windows/deploy/proxy-activation-vamt.md                      | 2 +-
 ...s-7-client-with-windows-10-using-configuration-manager.md | 4 ++--
 .../deploy/refresh-a-windows-7-computer-with-windows-10.md   | 2 +-
 windows/deploy/remove-products-vamt.md                       | 2 +-
 ...s-7-client-with-windows-10-using-configuration-manager.md | 4 ++--
 ...eplace-a-windows-7-computer-with-a-windows-10-computer.md | 2 +-
 windows/deploy/scenario-kms-activation-vamt.md               | 2 +-
 windows/deploy/scenario-online-activation-vamt.md            | 2 +-
 windows/deploy/scenario-proxy-activation-vamt.md             | 2 +-
 windows/deploy/set-up-mdt-2013-for-bitlocker.md              | 2 +-
 windows/deploy/sideload-apps-in-windows-10.md                | 4 ++--
 ...simulate-a-windows-10-deployment-in-a-test-environment.md | 2 +-
 windows/deploy/understanding-migration-xml-files.md          | 4 ++--
 windows/deploy/update-product-status-vamt.md                 | 2 +-
 .../update-windows-10-images-with-provisioning-packages.md   | 4 ++--
 ...-to-windows-10-with-system-center-configuraton-manager.md | 4 ++--
 ...de-to-windows-10-with-the-microsoft-deployment-toolkit.md | 2 +-
 windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md    | 2 +-
 ...dt-database-to-stage-windows-10-deployment-information.md | 2 +-
 .../use-the-volume-activation-management-tool-client.md      | 2 +-
 windows/deploy/use-vamt-in-windows-powershell.md             | 2 +-
 windows/deploy/use-web-services-in-mdt-2013.md               | 2 +-
 windows/deploy/usmt-best-practices.md                        | 4 ++--
 windows/deploy/usmt-choose-migration-store-type.md           | 4 ++--
 windows/deploy/usmt-command-line-syntax.md                   | 4 ++--
 windows/deploy/usmt-common-issues.md                         | 4 ++--
 windows/deploy/usmt-common-migration-scenarios.md            | 4 ++--
 windows/deploy/usmt-configxml-file.md                        | 4 ++--
 windows/deploy/usmt-conflicts-and-precedence.md              | 4 ++--
 windows/deploy/usmt-custom-xml-examples.md                   | 4 ++--
 windows/deploy/usmt-customize-xml-files.md                   | 4 ++--
 windows/deploy/usmt-determine-what-to-migrate.md             | 4 ++--
 windows/deploy/usmt-estimate-migration-store-size.md         | 4 ++--
 windows/deploy/usmt-exclude-files-and-settings.md            | 4 ++--
 .../usmt-extract-files-from-a-compressed-migration-store.md  | 4 ++--
 windows/deploy/usmt-faq.md                                   | 4 ++--
 windows/deploy/usmt-general-conventions.md                   | 4 ++--
 windows/deploy/usmt-hard-link-migration-store.md             | 4 ++--
 windows/deploy/usmt-how-it-works.md                          | 4 ++--
 windows/deploy/usmt-how-to.md                                | 4 ++--
 windows/deploy/usmt-identify-application-settings.md         | 4 ++--
 windows/deploy/usmt-identify-file-types-files-and-folders.md | 4 ++--
 windows/deploy/usmt-identify-operating-system-settings.md    | 4 ++--
 windows/deploy/usmt-identify-users.md                        | 4 ++--
 windows/deploy/usmt-include-files-and-settings.md            | 4 ++--
 windows/deploy/usmt-loadstate-syntax.md                      | 4 ++--
 windows/deploy/usmt-log-files.md                             | 4 ++--
 windows/deploy/usmt-migrate-efs-files-and-certificates.md    | 4 ++--
 windows/deploy/usmt-migrate-user-accounts.md                 | 4 ++--
 windows/deploy/usmt-migration-store-encryption.md            | 4 ++--
 windows/deploy/usmt-overview.md                              | 4 ++--
 windows/deploy/usmt-plan-your-migration.md                   | 4 ++--
 windows/deploy/usmt-recognized-environment-variables.md      | 4 ++--
 windows/deploy/usmt-reference.md                             | 4 ++--
 windows/deploy/usmt-requirements.md                          | 4 ++--
 windows/deploy/usmt-reroute-files-and-settings.md            | 4 ++--
 windows/deploy/usmt-resources.md                             | 4 ++--
 windows/deploy/usmt-return-codes.md                          | 4 ++--
 windows/deploy/usmt-scanstate-syntax.md                      | 4 ++--
 windows/deploy/usmt-technical-reference.md                   | 4 ++--
 windows/deploy/usmt-test-your-migration.md                   | 4 ++--
 windows/deploy/usmt-topics.md                                | 4 ++--
 windows/deploy/usmt-troubleshooting.md                       | 4 ++--
 windows/deploy/usmt-utilities.md                             | 4 ++--
 windows/deploy/usmt-what-does-usmt-migrate.md                | 4 ++--
 windows/deploy/usmt-xml-elements-library.md                  | 4 ++--
 windows/deploy/usmt-xml-reference.md                         | 4 ++--
 windows/deploy/vamt-known-issues.md                          | 2 +-
 windows/deploy/vamt-requirements.md                          | 2 +-
 windows/deploy/vamt-step-by-step.md                          | 2 +-
 .../verify-the-condition-of-a-compressed-migration-store.md  | 4 ++--
 windows/deploy/volume-activation-management-tool.md          | 2 +-
 windows/deploy/volume-activation-windows-10.md               | 2 +-
 windows/deploy/windows-10-deployment-scenarios.md            | 4 ++--
 windows/deploy/windows-10-deployment-tools-reference.md      | 4 ++--
 windows/deploy/windows-10-edition-upgrades.md                | 4 ++--
 windows/deploy/windows-adk-scenarios-for-it-pros.md          | 4 ++--
 windows/deploy/windows-deployment-scenarios-and-tools.md     | 4 ++--
 .../deploy/windows-upgrade-and-migration-considerations.md   | 4 ++--
 windows/deploy/xml-file-requirements.md                      | 4 ++--
 135 files changed, 217 insertions(+), 215 deletions(-)

diff --git a/windows/deploy/activate-forest-by-proxy-vamt.md b/windows/deploy/activate-forest-by-proxy-vamt.md
index f178e14406..1e852d5221 100644
--- a/windows/deploy/activate-forest-by-proxy-vamt.md
+++ b/windows/deploy/activate-forest-by-proxy-vamt.md
@@ -2,7 +2,7 @@
 title: Activate by Proxy an Active Directory Forest (Windows 10)
 description: Activate by Proxy an Active Directory Forest
 ms.assetid: 6475fc87-a6f7-4fa8-b0aa-de19f2dea7e5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/activate-forest-vamt.md b/windows/deploy/activate-forest-vamt.md
index 267e03be9c..082bac639c 100644
--- a/windows/deploy/activate-forest-vamt.md
+++ b/windows/deploy/activate-forest-vamt.md
@@ -2,7 +2,7 @@
 title: Activate an Active Directory Forest Online (Windows 10)
 description: Activate an Active Directory Forest Online
 ms.assetid: 9b5bc193-799b-4aa5-9d3e-0e495f7195d3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/activate-using-active-directory-based-activation-client.md b/windows/deploy/activate-using-active-directory-based-activation-client.md
index 15ae96825a..dbf9a5a617 100644
--- a/windows/deploy/activate-using-active-directory-based-activation-client.md
+++ b/windows/deploy/activate-using-active-directory-based-activation-client.md
@@ -3,11 +3,11 @@ title: Activate using Active Directory-based activation (Windows 10)
 description: Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects.
 ms.assetid: 08cce6b7-7b5b-42cf-b100-66c363a846af
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
-author: CFaw
+author: greg-lindsay
 ---
 
 # Activate using Active Directory-based activation
diff --git a/windows/deploy/activate-using-key-management-service-vamt.md b/windows/deploy/activate-using-key-management-service-vamt.md
index 4c5d735436..9681860156 100644
--- a/windows/deploy/activate-using-key-management-service-vamt.md
+++ b/windows/deploy/activate-using-key-management-service-vamt.md
@@ -3,7 +3,7 @@ title: Activate using Key Management Service (Windows 10)
 ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac
 description: 
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/activate-windows-10-clients-vamt.md b/windows/deploy/activate-windows-10-clients-vamt.md
index 91b743947e..2d77f355dc 100644
--- a/windows/deploy/activate-windows-10-clients-vamt.md
+++ b/windows/deploy/activate-windows-10-clients-vamt.md
@@ -3,7 +3,7 @@ title: Activate clients running Windows 10 (Windows 10)
 description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy.
 ms.assetid: 39446e49-ad7c-48dc-9f18-f85a11ded643
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/active-directory-based-activation-overview.md b/windows/deploy/active-directory-based-activation-overview.md
index 7f47592aa7..9a64d7572a 100644
--- a/windows/deploy/active-directory-based-activation-overview.md
+++ b/windows/deploy/active-directory-based-activation-overview.md
@@ -2,11 +2,11 @@
 title: Active Directory-Based Activation Overview (Windows 10)
 description: Active Directory-Based Activation Overview
 ms.assetid: c1dac3bd-6a86-4c45-83dd-421e63a398c0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
-author: CFaw
+author: greg-lindsay
 ---
 
 # Active Directory-Based Activation Overview
diff --git a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 13a328ea77..5a3eadbc33 100644
--- a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Add a Windows 10 operating system image using Configuration Manager (Windows 10)
 description: Operating system images are typically the production image used for deployment throughout the organization.
 ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b
-keywords: ["image, deploy, distribute"]
-ms.prod: W10
+keywords: image, deploy, distribute
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 8e72718b82..de701986b4 100644
--- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10)
 description: In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines.
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
-keywords: ["deploy, task sequence"]
-ms.prod: W10
+keywords: deploy, task sequence
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/add-manage-products-vamt.md b/windows/deploy/add-manage-products-vamt.md
index 6bbbfaf218..88d5145472 100644
--- a/windows/deploy/add-manage-products-vamt.md
+++ b/windows/deploy/add-manage-products-vamt.md
@@ -2,7 +2,7 @@
 title: Add and Manage Products (Windows 10)
 description: Add and Manage Products
 ms.assetid: a48fbc23-917d-40f7-985c-e49702c05e51
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/add-remove-computers-vamt.md b/windows/deploy/add-remove-computers-vamt.md
index eae34332f2..2ad22c3d7f 100644
--- a/windows/deploy/add-remove-computers-vamt.md
+++ b/windows/deploy/add-remove-computers-vamt.md
@@ -2,7 +2,7 @@
 title: Add and Remove Computers (Windows 10)
 description: Add and Remove Computers
 ms.assetid: cb6f3a78-ece0-4dc7-b086-cb003d82cd52
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/deploy/add-remove-product-key-vamt.md b/windows/deploy/add-remove-product-key-vamt.md
index 5776806c20..d659ae2507 100644
--- a/windows/deploy/add-remove-product-key-vamt.md
+++ b/windows/deploy/add-remove-product-key-vamt.md
@@ -2,7 +2,7 @@
 title: Add and Remove a Product Key (Windows 10)
 description: Add and Remove a Product Key
 ms.assetid: feac32bb-fb96-4802-81b8-c69220dcfcce
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
index 8a21466ddb..39133a9d8c 100644
--- a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -3,7 +3,7 @@ title: Appendix Information sent to Microsoft during activation (Windows 10)
 ms.assetid: 4bfff495-07d0-4385-86e3-7a077cbd64b8
 description: 
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
index dab995bb1e..1319888616 100644
--- a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
+++ b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
@@ -3,7 +3,7 @@ title: Assign applications using roles in MDT (Windows 10)
 description: This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer.
 ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7
 keywords: settings, database, deploy
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
index 32a354ad0e..f015c71c1f 100644
--- a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
@@ -3,7 +3,7 @@ title: Build a distributed environment for Windows 10 deployment (Windows 10)
 description: In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
 ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
 keywords: replication, replicate, deploy, configure, remote
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index 3ca65edd17..00404f4def 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -2,10 +2,10 @@
 title: Change history for Deploy Windows 10 (Windows 10)
 description: This topic lists new and updated topics in the Deploy Windows 10 documentation for Windows 10 and Windows 10 Mobile.
 ms.assetid: 19C50373-6B25-4F5C-A6EF-643D36904349
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Change history for Deploy Windows 10
diff --git a/windows/deploy/configure-client-computers-vamt.md b/windows/deploy/configure-client-computers-vamt.md
index b3618bac74..704c8d01f9 100644
--- a/windows/deploy/configure-client-computers-vamt.md
+++ b/windows/deploy/configure-client-computers-vamt.md
@@ -2,7 +2,7 @@
 title: Configure Client Computers (Windows 10)
 description: Configure Client Computers
 ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
index 590f112414..a94bee6b7b 100644
--- a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
+++ b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
@@ -3,7 +3,7 @@ title: Configure MDT for UserExit scripts (Windows 10)
 description: In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
 ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7
 keywords: rules, script
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/configure-mdt-2013-settings.md b/windows/deploy/configure-mdt-2013-settings.md
index af41a8a1bb..ba84efd5c1 100644
--- a/windows/deploy/configure-mdt-2013-settings.md
+++ b/windows/deploy/configure-mdt-2013-settings.md
@@ -3,7 +3,7 @@ title: Configure MDT settings (Windows 10)
 description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) 2013 is its extension capabilities; there is virtually no limitation to what you can do in terms of customization.
 ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
 keywords: customize, customization, deploy, features, tools
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/configure-mdt-deployment-share-rules.md b/windows/deploy/configure-mdt-deployment-share-rules.md
index 908f92144b..5eeadbbfd6 100644
--- a/windows/deploy/configure-mdt-deployment-share-rules.md
+++ b/windows/deploy/configure-mdt-deployment-share-rules.md
@@ -3,7 +3,7 @@ title: Configure MDT deployment share rules (Windows 10)
 description: In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine.
 ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
 keywords: rules, configuration, automate, deploy
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 049c3e93c2..a5cbfb7886 100644
--- a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
 description: In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
-keywords: ["tool, customize, deploy, boot image"]
-ms.prod: W10
+keywords: tool, customize, deploy, boot image
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 03c856a7dc..0838ebde59 100644
--- a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -2,9 +2,10 @@
 title: Create a task sequence with Configuration Manager and MDT (Windows 10)
 description: In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
 ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
-keywords: ["deploy, upgrade, task sequence, install"]
-ms.prod: W10
+keywords: deploy, upgrade, task sequence, install
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: mdt
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/create-a-windows-10-reference-image.md b/windows/deploy/create-a-windows-10-reference-image.md
index f81f4eac9a..50ec7f2fcf 100644
--- a/windows/deploy/create-a-windows-10-reference-image.md
+++ b/windows/deploy/create-a-windows-10-reference-image.md
@@ -3,7 +3,7 @@ title: Create a Windows 10 reference image (Windows 10)
 description: Creating a reference image is important because that image serves as the foundation for the devices in your organization.
 ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa
 keywords: deploy, deployment, configure, customize, install, installation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index c47ac7bc38..5dbd28f0c8 100644
--- a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Create an application to deploy with Windows 10 using Configuration Manager (Windows 10)
 description: Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
 ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
-keywords: ["deployment, task sequence, custom, customize"]
-ms.prod: W10
+keywords: deployment, task sequence, custom, customize
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/deploy-a-windows-10-image-using-mdt.md b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
index 23176dbd84..7f92cbc0d8 100644
--- a/windows/deploy/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
@@ -2,8 +2,8 @@
 title: Deploy a Windows 10 image using MDT 2013 Update 2 (Windows 10)
 description: This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically.
 ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c
-keywords: [eployment, automate, tools, configure
-ms.prod: W10
+keywords: deployment, automate, tools, configure
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
index 0cdf8e0509..2bc874cf8b 100644
--- a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
 description: In this topic, you will learn how to deploy Windows 10 using Microsoft System Center 2012 R2 Configuration Manager deployment packages and task sequences.
 ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
-keywords: ["deployment, image, UEFI, task sequence"]
-ms.prod: W10
+keywords: deployment, image, UEFI, task sequence
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
index 32ee03ca6c..e3e558c24b 100644
--- a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Deploy Windows 10 with System Center 2012 R2 Configuration Manager (Windows 10)
 description: If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10.
 ms.assetid: eacd7b7b-dde0-423d-97cd-29bde9e8b363
-keywords: ["deployment, custom, boot"]
-ms.prod: W10
+keywords: deployment, custom, boot
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
index 765f29c16d..93028930c5 100644
--- a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -3,7 +3,7 @@ title: Deploy Windows 10 with the Microsoft Deployment Toolkit (Windows 10)
 description: This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically.
 ms.assetid: 837f009c-617e-4b3f-9028-2246067ee0fb
 keywords: deploy, tools, configure, script
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/deploy-windows-to-go.md b/windows/deploy/deploy-windows-to-go.md
index 609ae81687..b4e13c5b8c 100644
--- a/windows/deploy/deploy-windows-to-go.md
+++ b/windows/deploy/deploy-windows-to-go.md
@@ -2,10 +2,11 @@
 title: Deploy Windows To Go in your organization (Windows 10)
 description: This topic helps you to deploy Windows To Go in your organization.
 ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f
-keywords: ["deployment, USB, device, BitLocker, workspace, security, data"]
-ms.prod: W10
+keywords: deployment, USB, device, BitLocker, workspace, security, data
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: mobility
 author: mtniehaus
 ---
 
diff --git a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 67136031be..2ed9de7378 100644
--- a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Finalize the operating system configuration for Windows 10 deployment with Configuration Manager (Windows 10)
 description: This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
 ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
-keywords: ["configure, deploy, upgrade"]
-ms.prod: W10
+keywords: configure, deploy, upgrade
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
index 57d9153cb2..85ad95c548 100644
--- a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
@@ -3,7 +3,7 @@ title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10)
 description: This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 in particular, as part of a Windows operating system deployment.
 ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee
 keywords: deploy, image, feature, install, tools
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/getting-started-with-the-user-state-migration-tool.md b/windows/deploy/getting-started-with-the-user-state-migration-tool.md
index d83c01ec2d..8dae688326 100644
--- a/windows/deploy/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deploy/getting-started-with-the-user-state-migration-tool.md
@@ -2,10 +2,10 @@
 title: Getting Started with the User State Migration Tool (USMT) (Windows 10)
 description: Getting Started with the User State Migration Tool (USMT)
 ms.assetid: 506ff1d2-94b8-4460-8672-56aad963504b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Getting Started with the User State Migration Tool (USMT)
diff --git a/windows/deploy/import-export-vamt-data.md b/windows/deploy/import-export-vamt-data.md
index aff3d6376f..d33f27e139 100644
--- a/windows/deploy/import-export-vamt-data.md
+++ b/windows/deploy/import-export-vamt-data.md
@@ -2,7 +2,7 @@
 title: Import and Export VAMT Data (Windows 10)
 description: Import and Export VAMT Data
 ms.assetid: 09a2c595-1a61-4da6-bd46-4ba8763cfd4f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/index.md b/windows/deploy/index.md
index a3b28ded45..0e5d1a0f8b 100644
--- a/windows/deploy/index.md
+++ b/windows/deploy/index.md
@@ -2,10 +2,10 @@
 title: Deploy Windows 10 (Windows 10)
 description: Learn about deploying Windows 10 for IT professionals.
 ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Deploy Windows 10
diff --git a/windows/deploy/install-configure-vamt.md b/windows/deploy/install-configure-vamt.md
index a660854f6f..49b3f8ec44 100644
--- a/windows/deploy/install-configure-vamt.md
+++ b/windows/deploy/install-configure-vamt.md
@@ -2,7 +2,7 @@
 title: Install and Configure VAMT (Windows 10)
 description: Install and Configure VAMT
 ms.assetid: 5c7ae9b9-0dbc-4277-bc4f-8b3e4ab0bf50
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/install-kms-client-key-vamt.md b/windows/deploy/install-kms-client-key-vamt.md
index f1e5cd2769..9605053d6a 100644
--- a/windows/deploy/install-kms-client-key-vamt.md
+++ b/windows/deploy/install-kms-client-key-vamt.md
@@ -2,7 +2,7 @@
 title: Install a KMS Client Key (Windows 10)
 description: Install a KMS Client Key
 ms.assetid: d234468e-7917-4cf5-b0a8-4968454f7759
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/install-product-key-vamt.md b/windows/deploy/install-product-key-vamt.md
index a3f4a3760e..71817b7b80 100644
--- a/windows/deploy/install-product-key-vamt.md
+++ b/windows/deploy/install-product-key-vamt.md
@@ -2,7 +2,7 @@
 title: Install a Product Key (Windows 10)
 description: Install a Product Key
 ms.assetid: 78812c87-2208-4f8b-9c2c-5a8a18b2d648
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/install-vamt.md b/windows/deploy/install-vamt.md
index 02275fb993..07a9a72b5b 100644
--- a/windows/deploy/install-vamt.md
+++ b/windows/deploy/install-vamt.md
@@ -2,7 +2,7 @@
 title: Install VAMT (Windows 10)
 description: Install VAMT
 ms.assetid: 2eabd3e2-0a68-43a5-8189-2947e46482fc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
index 1ad2dbc2bd..4a30f0f74c 100644
--- a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
+++ b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
@@ -4,7 +4,7 @@ description: This topic will help you understand the benefits of integrating the
 ms.assetid: 3bd1cf92-81e5-48dc-b874-0f5d9472e5a5
 ms.pagetype: mdt
 keywords: deploy, image, customize, task sequence
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/introduction-vamt.md b/windows/deploy/introduction-vamt.md
index ee0060ad4e..3d51c0dd02 100644
--- a/windows/deploy/introduction-vamt.md
+++ b/windows/deploy/introduction-vamt.md
@@ -2,7 +2,7 @@
 title: Introduction to VAMT (Windows 10)
 description: Introduction to VAMT
 ms.assetid: 0439685e-0bae-4967-b0d4-dd84ca6d7fa7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/key-features-in-mdt-2013.md b/windows/deploy/key-features-in-mdt-2013.md
index 7982bb6d03..03f562ac8e 100644
--- a/windows/deploy/key-features-in-mdt-2013.md
+++ b/windows/deploy/key-features-in-mdt-2013.md
@@ -3,7 +3,7 @@ title: Key features in MDT 2013 Update 2 (Windows 10)
 description: The Microsoft Deployment Toolkit (MDT) has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0.
 ms.assetid: 858e384f-e9db-4a93-9a8b-101a503e4868
 keywords: deploy, feature, tools, upgrade, migrate, provisioning
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/kms-activation-vamt.md b/windows/deploy/kms-activation-vamt.md
index 4cd554a80b..beed3fb86f 100644
--- a/windows/deploy/kms-activation-vamt.md
+++ b/windows/deploy/kms-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Perform KMS Activation (Windows 10)
 description: Perform KMS Activation
 ms.assetid: 5a3ae8e6-083e-4153-837e-ab0a225c1d10
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/local-reactivation-vamt.md b/windows/deploy/local-reactivation-vamt.md
index 2cd36eb80b..72b132e799 100644
--- a/windows/deploy/local-reactivation-vamt.md
+++ b/windows/deploy/local-reactivation-vamt.md
@@ -2,7 +2,7 @@
 title: Perform Local Reactivation (Windows 10)
 description: Perform Local Reactivation
 ms.assetid: aacd5ded-da11-4d27-a866-3f57332f5dec
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/manage-activations-vamt.md b/windows/deploy/manage-activations-vamt.md
index 1f15048dea..effac81fd1 100644
--- a/windows/deploy/manage-activations-vamt.md
+++ b/windows/deploy/manage-activations-vamt.md
@@ -2,7 +2,7 @@
 title: Manage Activations (Windows 10)
 description: Manage Activations
 ms.assetid: 53bad9ed-9430-4f64-a8de-80613870862c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/manage-product-keys-vamt.md b/windows/deploy/manage-product-keys-vamt.md
index fffe5de77e..a495718fe7 100644
--- a/windows/deploy/manage-product-keys-vamt.md
+++ b/windows/deploy/manage-product-keys-vamt.md
@@ -2,7 +2,7 @@
 title: Manage Product Keys (Windows 10)
 description: Manage Product Keys
 ms.assetid: 4c6c4216-b4b7-437c-904e-4cb257f913cd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/manage-vamt-data.md b/windows/deploy/manage-vamt-data.md
index adbd4c4ec6..00bbd3982f 100644
--- a/windows/deploy/manage-vamt-data.md
+++ b/windows/deploy/manage-vamt-data.md
@@ -2,7 +2,7 @@
 title: Manage VAMT Data (Windows 10)
 description: Manage VAMT Data
 ms.assetid: 233eefa4-3125-4965-a12d-297a67079dc4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/mdt-2013-lite-touch-components.md b/windows/deploy/mdt-2013-lite-touch-components.md
index 6766bdc104..48f1a250ad 100644
--- a/windows/deploy/mdt-2013-lite-touch-components.md
+++ b/windows/deploy/mdt-2013-lite-touch-components.md
@@ -3,7 +3,7 @@ title: MDT 2013 Update 2 Lite Touch components (Windows 10)
 description: This topic provides an overview of the features in the Microsoft Deployment Toolkit (MDT) 2013 Update 2 that support Lite Touch Installation (LTI) for Windows 10.
 ms.assetid: 7d6fc159-e338-439e-a2e6-1778d0da9089
 keywords: deploy, install, deployment, boot, log, monitor
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/migrate-application-settings.md b/windows/deploy/migrate-application-settings.md
index af79e440f7..6a8ffdc612 100644
--- a/windows/deploy/migrate-application-settings.md
+++ b/windows/deploy/migrate-application-settings.md
@@ -2,10 +2,10 @@
 title: Migrate Application Settings (Windows 10)
 description: Migrate Application Settings
 ms.assetid: 28f70a83-0a3e-4a6b-968a-2b78ccd3cc07
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migrate Application Settings
diff --git a/windows/deploy/migration-store-types-overview.md b/windows/deploy/migration-store-types-overview.md
index cf0c52812e..9ee233402b 100644
--- a/windows/deploy/migration-store-types-overview.md
+++ b/windows/deploy/migration-store-types-overview.md
@@ -2,10 +2,10 @@
 title: Migration Store Types Overview (Windows 10)
 description: Migration Store Types Overview
 ms.assetid: 3b6ce746-76c6-43ff-8cd5-02ed0ae0cf70
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migration Store Types Overview
diff --git a/windows/deploy/monitor-activation-client.md b/windows/deploy/monitor-activation-client.md
index 5a3050cb0b..26c8257cc3 100644
--- a/windows/deploy/monitor-activation-client.md
+++ b/windows/deploy/monitor-activation-client.md
@@ -3,11 +3,11 @@ title: Monitor activation (Windows 10)
 ms.assetid: 264a3e86-c880-4be4-8828-bf4c839dfa26
 description: 
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
-author: CFaw
+author: greg-lindsay
 ---
 
 # Monitor activation
diff --git a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
index 7802d20b05..12aae5a28c 100644
--- a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Monitor the Windows 10 deployment with Configuration Manager (Windows 10)
 description: In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench.
 ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce
-keywords: ["deploy, upgrade"]
-ms.prod: W10
+keywords: deploy, upgrade
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/offline-migration-reference.md b/windows/deploy/offline-migration-reference.md
index 6ad60f1704..f54d3b4c7b 100644
--- a/windows/deploy/offline-migration-reference.md
+++ b/windows/deploy/offline-migration-reference.md
@@ -2,10 +2,10 @@
 title: Offline Migration Reference (Windows 10)
 description: Offline Migration Reference
 ms.assetid: f347547c-d601-4c3e-8f2d-0138edeacfda
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Offline Migration Reference
diff --git a/windows/deploy/online-activation-vamt.md b/windows/deploy/online-activation-vamt.md
index 5f537d3e20..65311aa3e8 100644
--- a/windows/deploy/online-activation-vamt.md
+++ b/windows/deploy/online-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Perform Online Activation (Windows 10)
 description: Perform Online Activation
 ms.assetid: 8381792b-a454-4e66-9b4c-e6e4c9303823
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/plan-for-volume-activation-client.md b/windows/deploy/plan-for-volume-activation-client.md
index 3247677c72..d5ed360f3e 100644
--- a/windows/deploy/plan-for-volume-activation-client.md
+++ b/windows/deploy/plan-for-volume-activation-client.md
@@ -3,7 +3,7 @@ title: Plan for volume activation (Windows 10)
 description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer.
 ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
index a7b98b2ab3..8f2bbad1b9 100644
--- a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
+++ b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
@@ -3,7 +3,7 @@ title: Prepare for deployment with MDT 2013 Update 2 (Windows 10)
 description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT) 2013 Update 2.
 ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226
 keywords: deploy, system requirements
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index d9735f4ee1..88a8cac968 100644
--- a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10)
 description: This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
 ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
-keywords: ["install, configure, deploy, deployment"]
-ms.prod: W10
+keywords: install, configure, deploy, deployment
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/proxy-activation-vamt.md b/windows/deploy/proxy-activation-vamt.md
index c848bcd8ab..ab273007b8 100644
--- a/windows/deploy/proxy-activation-vamt.md
+++ b/windows/deploy/proxy-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Perform Proxy Activation (Windows 10)
 description: Perform Proxy Activation
 ms.assetid: 35a919ed-f1cc-4d10-9c88-9bd634549dc3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 7d5143cf31..68b0a74563 100644
--- a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
 description: This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2.
 ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
-keywords: ["upgrade, install, installation, computer refresh"]
-ms.prod: W10
+keywords: upgrade, install, installation, computer refresh
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
index 70dadf1711..f6ea4a2125 100644
--- a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
@@ -3,7 +3,7 @@ title: Refresh a Windows 7 computer with Windows 10 (Windows 10)
 description: This topic will show you how to use MDT 2013 Update 2 Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process.
 ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f
 keywords: reinstallation, customize, template, script, restore
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/remove-products-vamt.md b/windows/deploy/remove-products-vamt.md
index 8dca272b68..da875ea27e 100644
--- a/windows/deploy/remove-products-vamt.md
+++ b/windows/deploy/remove-products-vamt.md
@@ -2,7 +2,7 @@
 title: Remove Products (Windows 10)
 description: Remove Products
 ms.assetid: 4d44379e-dda1-4a8f-8ebf-395b6c0dad8e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 44bc003fca..b9f521531f 100644
--- a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
 description: In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft System Center 2012 R2 Configuration Manager.
 ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
-keywords: ["upgrade, install, installation, replace computer, setup"]
-ms.prod: W10
+keywords: upgrade, install, installation, replace computer, setup
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
index bc78de5970..a862edf501 100644
--- a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -3,7 +3,7 @@ title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
 description: A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10; however, because you are replacing a machine, you cannot store the backup on the old computer.
 ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 keywords: deploy, deployment, replace
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/scenario-kms-activation-vamt.md b/windows/deploy/scenario-kms-activation-vamt.md
index a43796b90b..385af084f9 100644
--- a/windows/deploy/scenario-kms-activation-vamt.md
+++ b/windows/deploy/scenario-kms-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Scenario 3 KMS Client Activation (Windows 10)
 description: Scenario 3 KMS Client Activation
 ms.assetid: 72b04e8f-cd35-490c-91ab-27ea799b05d0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/scenario-online-activation-vamt.md b/windows/deploy/scenario-online-activation-vamt.md
index 69d308ee9c..41dda833ac 100644
--- a/windows/deploy/scenario-online-activation-vamt.md
+++ b/windows/deploy/scenario-online-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Scenario 1 Online Activation (Windows 10)
 description: Scenario 1 Online Activation
 ms.assetid: 94dba40e-383a-41e4-b74b-9e884facdfd3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/scenario-proxy-activation-vamt.md b/windows/deploy/scenario-proxy-activation-vamt.md
index 8666ae35c6..2e475d02b4 100644
--- a/windows/deploy/scenario-proxy-activation-vamt.md
+++ b/windows/deploy/scenario-proxy-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Scenario 2 Proxy Activation (Windows 10)
 description: Scenario 2 Proxy Activation
 ms.assetid: ed5a8a56-d9aa-4895-918f-dd1898cb2c1a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/set-up-mdt-2013-for-bitlocker.md b/windows/deploy/set-up-mdt-2013-for-bitlocker.md
index 5af8715c60..7a76f8cdf7 100644
--- a/windows/deploy/set-up-mdt-2013-for-bitlocker.md
+++ b/windows/deploy/set-up-mdt-2013-for-bitlocker.md
@@ -3,7 +3,7 @@ title: Set up MDT for BitLocker (Windows 10)
 ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38
 description: 
 keywords: disk, encryption, TPM, configure, secure, script
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/sideload-apps-in-windows-10.md b/windows/deploy/sideload-apps-in-windows-10.md
index 63f3fe6fef..9af7d4e4bc 100644
--- a/windows/deploy/sideload-apps-in-windows-10.md
+++ b/windows/deploy/sideload-apps-in-windows-10.md
@@ -2,10 +2,10 @@
 title: Sideload LOB apps in Windows 10 (Windows 10)
 description: Sideload line-of-business apps in Windows 10.
 ms.assetid: C46B27D0-375B-4F7A-800E-21595CF1D53D
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Sideload LOB apps in Windows 10
diff --git a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
index a8391582fa..a6c8789efb 100644
--- a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -3,7 +3,7 @@ title: Simulate a Windows 10 deployment in a test environment (Windows 10)
 description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT.
 ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c
 keywords: deploy, script
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/understanding-migration-xml-files.md b/windows/deploy/understanding-migration-xml-files.md
index 528c77f8d3..c03bc14e24 100644
--- a/windows/deploy/understanding-migration-xml-files.md
+++ b/windows/deploy/understanding-migration-xml-files.md
@@ -2,10 +2,10 @@
 title: Understanding Migration XML Files (Windows 10)
 description: Understanding Migration XML Files
 ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Understanding Migration XML Files
diff --git a/windows/deploy/update-product-status-vamt.md b/windows/deploy/update-product-status-vamt.md
index deca904c0c..0e7af45fec 100644
--- a/windows/deploy/update-product-status-vamt.md
+++ b/windows/deploy/update-product-status-vamt.md
@@ -2,7 +2,7 @@
 title: Update Product Status (Windows 10)
 description: Update Product Status
 ms.assetid: 39d4abd4-801a-4e8f-9b8c-425a24a96764
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/update-windows-10-images-with-provisioning-packages.md b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
index 4a553d8b90..e9415d414b 100644
--- a/windows/deploy/update-windows-10-images-with-provisioning-packages.md
+++ b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
@@ -2,8 +2,8 @@
 title: Update Windows 10 images with provisioning packages (Windows 10)
 description: Use a provisioning package to apply settings, profiles, and file assets to a Windows 10 image.
 ms.assetid: 3CA345D2-B60A-4860-A3BF-174713C3D3A6
-keywords: ["provisioning", "bulk deployment", "image"]
-ms.prod: W10
+keywords: provisioning, bulk deployment, image
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
index 030ab711f2..0f66363610 100644
--- a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
+++ b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
@@ -2,8 +2,8 @@
 title: Upgrade to Windows 10 with System Center Configuration Manager (Windows 10)
 description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
-keywords: ["upgrade, update, task sequence, deploy"]
-ms.prod: W10
+keywords: upgrade, update, task sequence, deploy
+ms.prod: w10
 ms.mktglfcycl: deploy
 author: mtniehaus
 ---
diff --git a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 35b90474ab..18dfaf7fdf 100644
--- a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -3,7 +3,7 @@ title: Upgrade to Windows 10 with the Microsoft Deployment Toolkit (Windows 10)
 description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
 ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
 keywords: upgrade, update, task sequence, deploy
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
index 229fb16df0..64e70ced04 100644
--- a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
+++ b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
@@ -3,7 +3,7 @@ title: Use Orchestrator runbooks with MDT (Windows 10)
 description: This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
 ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
 keywords: web services, database
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index 14749270e7..32208d3e25 100644
--- a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -4,7 +4,7 @@ description: This topic is designed to teach you how to use the MDT database to
 ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46
 ms.pagetype: mdt
 keywords: database, permissions, settings, configure, deploy
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/use-the-volume-activation-management-tool-client.md b/windows/deploy/use-the-volume-activation-management-tool-client.md
index 4303bd18a1..1e4f5c32b2 100644
--- a/windows/deploy/use-the-volume-activation-management-tool-client.md
+++ b/windows/deploy/use-the-volume-activation-management-tool-client.md
@@ -3,7 +3,7 @@ title: Use the Volume Activation Management Tool (Windows 10)
 description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys.
 ms.assetid: b11f0aee-7b60-44d1-be40-c960fc6c4c47
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/use-vamt-in-windows-powershell.md b/windows/deploy/use-vamt-in-windows-powershell.md
index 1247d95759..01de72d0a6 100644
--- a/windows/deploy/use-vamt-in-windows-powershell.md
+++ b/windows/deploy/use-vamt-in-windows-powershell.md
@@ -2,7 +2,7 @@
 title: Use VAMT in Windows PowerShell (Windows 10)
 description: Use VAMT in Windows PowerShell
 ms.assetid: 13e0ceec-d827-4681-a5c3-8704349e3ba9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/use-web-services-in-mdt-2013.md b/windows/deploy/use-web-services-in-mdt-2013.md
index 6fbe628335..1d8755df14 100644
--- a/windows/deploy/use-web-services-in-mdt-2013.md
+++ b/windows/deploy/use-web-services-in-mdt-2013.md
@@ -3,7 +3,7 @@ title: Use web services in MDT (Windows 10)
 description: In this topic, you will learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
 ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
 keywords: deploy, web apps
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: mdt
 ms.sitesec: library
diff --git a/windows/deploy/usmt-best-practices.md b/windows/deploy/usmt-best-practices.md
index b8772fe9f4..8da6b08353 100644
--- a/windows/deploy/usmt-best-practices.md
+++ b/windows/deploy/usmt-best-practices.md
@@ -2,10 +2,10 @@
 title: USMT Best Practices (Windows 10)
 description: USMT Best Practices
 ms.assetid: e3cb1e78-4230-4eae-b179-e6e9160542d2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # USMT Best Practices
diff --git a/windows/deploy/usmt-choose-migration-store-type.md b/windows/deploy/usmt-choose-migration-store-type.md
index 3e3f520ceb..5938b48748 100644
--- a/windows/deploy/usmt-choose-migration-store-type.md
+++ b/windows/deploy/usmt-choose-migration-store-type.md
@@ -2,10 +2,10 @@
 title: Choose a Migration Store Type (Windows 10)
 description: Choose a Migration Store Type
 ms.assetid: 4e163e90-9c57-490b-b849-2ed52ab6765f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Choose a Migration Store Type
diff --git a/windows/deploy/usmt-command-line-syntax.md b/windows/deploy/usmt-command-line-syntax.md
index 8e62c88e30..22cf9c33aa 100644
--- a/windows/deploy/usmt-command-line-syntax.md
+++ b/windows/deploy/usmt-command-line-syntax.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Command-line Syntax (Windows 10)
 description: User State Migration Tool (USMT) Command-line Syntax
 ms.assetid: f9d205c9-e824-46c7-8d8b-d7e4b52fd514
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Command-line Syntax
diff --git a/windows/deploy/usmt-common-issues.md b/windows/deploy/usmt-common-issues.md
index d1865b8873..88980d6d7b 100644
--- a/windows/deploy/usmt-common-issues.md
+++ b/windows/deploy/usmt-common-issues.md
@@ -2,10 +2,10 @@
 title: Common Issues (Windows 10)
 description: Common Issues
 ms.assetid: 5a37e390-8617-4768-9eee-50397fbbb2e1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Common Issues
diff --git a/windows/deploy/usmt-common-migration-scenarios.md b/windows/deploy/usmt-common-migration-scenarios.md
index dd61667933..9262ef9b0f 100644
--- a/windows/deploy/usmt-common-migration-scenarios.md
+++ b/windows/deploy/usmt-common-migration-scenarios.md
@@ -2,10 +2,10 @@
 title: Common Migration Scenarios (Windows 10)
 description: Common Migration Scenarios
 ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Common Migration Scenarios
diff --git a/windows/deploy/usmt-configxml-file.md b/windows/deploy/usmt-configxml-file.md
index dea99cd9e0..4484c03e2d 100644
--- a/windows/deploy/usmt-configxml-file.md
+++ b/windows/deploy/usmt-configxml-file.md
@@ -2,10 +2,10 @@
 title: Config.xml File (Windows 10)
 description: Config.xml File
 ms.assetid: 9dc98e76-5155-4641-bcb3-81915db538e8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Config.xml File
diff --git a/windows/deploy/usmt-conflicts-and-precedence.md b/windows/deploy/usmt-conflicts-and-precedence.md
index 9de02f7dca..3b570d51e5 100644
--- a/windows/deploy/usmt-conflicts-and-precedence.md
+++ b/windows/deploy/usmt-conflicts-and-precedence.md
@@ -2,10 +2,10 @@
 title: Conflicts and Precedence (Windows 10)
 description: Conflicts and Precedence
 ms.assetid: 0e2691a8-ff1e-4424-879b-4d5a2f8a113a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Conflicts and Precedence
diff --git a/windows/deploy/usmt-custom-xml-examples.md b/windows/deploy/usmt-custom-xml-examples.md
index c1fa2bd582..4d60c4903c 100644
--- a/windows/deploy/usmt-custom-xml-examples.md
+++ b/windows/deploy/usmt-custom-xml-examples.md
@@ -2,10 +2,10 @@
 title: Custom XML Examples (Windows 10)
 description: Custom XML Examples
 ms.assetid: 48f441d9-6c66-43ef-91e9-7c78cde6fcc0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Custom XML Examples
diff --git a/windows/deploy/usmt-customize-xml-files.md b/windows/deploy/usmt-customize-xml-files.md
index 94619ce485..30930f05ad 100644
--- a/windows/deploy/usmt-customize-xml-files.md
+++ b/windows/deploy/usmt-customize-xml-files.md
@@ -2,10 +2,10 @@
 title: Customize USMT XML Files (Windows 10)
 description: Customize USMT XML Files
 ms.assetid: d58363c1-fd13-4f65-8b91-9986659dc93e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Customize USMT XML Files
diff --git a/windows/deploy/usmt-determine-what-to-migrate.md b/windows/deploy/usmt-determine-what-to-migrate.md
index 24c81b0742..27ad2ea86d 100644
--- a/windows/deploy/usmt-determine-what-to-migrate.md
+++ b/windows/deploy/usmt-determine-what-to-migrate.md
@@ -2,10 +2,10 @@
 title: Determine What to Migrate (Windows 10)
 description: Determine What to Migrate
 ms.assetid: 01ae1d13-c3eb-4618-b39d-ee5d18d55761
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Determine What to Migrate
diff --git a/windows/deploy/usmt-estimate-migration-store-size.md b/windows/deploy/usmt-estimate-migration-store-size.md
index 1dbd440416..a331a99c09 100644
--- a/windows/deploy/usmt-estimate-migration-store-size.md
+++ b/windows/deploy/usmt-estimate-migration-store-size.md
@@ -2,10 +2,10 @@
 title: Estimate Migration Store Size (Windows 10)
 description: Estimate Migration Store Size
 ms.assetid: cfb9062b-7a2a-467a-a24e-0b31ce830093
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Estimate Migration Store Size
diff --git a/windows/deploy/usmt-exclude-files-and-settings.md b/windows/deploy/usmt-exclude-files-and-settings.md
index 99918b8c5c..e856679334 100644
--- a/windows/deploy/usmt-exclude-files-and-settings.md
+++ b/windows/deploy/usmt-exclude-files-and-settings.md
@@ -2,10 +2,10 @@
 title: Exclude Files and Settings (Windows 10)
 description: Exclude Files and Settings
 ms.assetid: df85baf1-6e29-4995-a4bb-ba3f8f7fed0b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Exclude Files and Settings
diff --git a/windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md
index 8bd8e87680..c679d58b27 100644
--- a/windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md
+++ b/windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md
@@ -2,10 +2,10 @@
 title: Extract Files from a Compressed USMT Migration Store (Windows 10)
 description: Extract Files from a Compressed USMT Migration Store
 ms.assetid: ad9fbd6e-f89e-4444-8538-9b11566b1f33
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Extract Files from a Compressed USMT Migration Store
diff --git a/windows/deploy/usmt-faq.md b/windows/deploy/usmt-faq.md
index e69272bc26..715340a82d 100644
--- a/windows/deploy/usmt-faq.md
+++ b/windows/deploy/usmt-faq.md
@@ -2,10 +2,10 @@
 title: Frequently Asked Questions (Windows 10)
 description: Frequently Asked Questions
 ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Frequently Asked Questions
diff --git a/windows/deploy/usmt-general-conventions.md b/windows/deploy/usmt-general-conventions.md
index ab6c9ad6b3..020557c402 100644
--- a/windows/deploy/usmt-general-conventions.md
+++ b/windows/deploy/usmt-general-conventions.md
@@ -2,10 +2,10 @@
 title: General Conventions (Windows 10)
 description: General Conventions
 ms.assetid: 5761986e-a847-41bd-bf8e-7c1bd01acbc6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # General Conventions
diff --git a/windows/deploy/usmt-hard-link-migration-store.md b/windows/deploy/usmt-hard-link-migration-store.md
index afddeaf45d..e65487a0bd 100644
--- a/windows/deploy/usmt-hard-link-migration-store.md
+++ b/windows/deploy/usmt-hard-link-migration-store.md
@@ -2,10 +2,10 @@
 title: Hard-Link Migration Store (Windows 10)
 description: Hard-Link Migration Store
 ms.assetid: b0598418-4607-4952-bfa3-b6e4aaa2c574
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Hard-Link Migration Store
diff --git a/windows/deploy/usmt-how-it-works.md b/windows/deploy/usmt-how-it-works.md
index 8e6b12231e..0c274924a6 100644
--- a/windows/deploy/usmt-how-it-works.md
+++ b/windows/deploy/usmt-how-it-works.md
@@ -2,10 +2,10 @@
 title: How USMT Works (Windows 10)
 description: How USMT Works
 ms.assetid: 5c8bd669-9e1e-473d-81e6-652f40b24171
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # How USMT Works
diff --git a/windows/deploy/usmt-how-to.md b/windows/deploy/usmt-how-to.md
index 4baa318509..1a22d71262 100644
--- a/windows/deploy/usmt-how-to.md
+++ b/windows/deploy/usmt-how-to.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) How-to topics (Windows 10)
 description: User State Migration Tool (USMT) How-to topics
 ms.assetid: 7b9a2f2a-a43a-4984-9746-a767f9f1c7e3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) How-to topics
diff --git a/windows/deploy/usmt-identify-application-settings.md b/windows/deploy/usmt-identify-application-settings.md
index ca14712f31..5fa216f2b3 100644
--- a/windows/deploy/usmt-identify-application-settings.md
+++ b/windows/deploy/usmt-identify-application-settings.md
@@ -2,10 +2,10 @@
 title: Identify Applications Settings (Windows 10)
 description: Identify Applications Settings
 ms.assetid: eda68031-9b02-4a5b-a893-3786a6505381
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Identify Applications Settings
diff --git a/windows/deploy/usmt-identify-file-types-files-and-folders.md b/windows/deploy/usmt-identify-file-types-files-and-folders.md
index 3ab8ded02b..49766ca745 100644
--- a/windows/deploy/usmt-identify-file-types-files-and-folders.md
+++ b/windows/deploy/usmt-identify-file-types-files-and-folders.md
@@ -2,10 +2,10 @@
 title: Identify File Types, Files, and Folders (Windows 10)
 description: Identify File Types, Files, and Folders
 ms.assetid: 93bb2a33-c126-4f7a-a961-6c89686d54e0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Identify File Types, Files, and Folders
diff --git a/windows/deploy/usmt-identify-operating-system-settings.md b/windows/deploy/usmt-identify-operating-system-settings.md
index 232fabdc33..27fd8c0c25 100644
--- a/windows/deploy/usmt-identify-operating-system-settings.md
+++ b/windows/deploy/usmt-identify-operating-system-settings.md
@@ -2,10 +2,10 @@
 title: Identify Operating System Settings (Windows 10)
 description: Identify Operating System Settings
 ms.assetid: 1704ab18-1765-41fb-a27c-3aa3128fa242
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Identify Operating System Settings
diff --git a/windows/deploy/usmt-identify-users.md b/windows/deploy/usmt-identify-users.md
index 1f23cb942d..6d081727c3 100644
--- a/windows/deploy/usmt-identify-users.md
+++ b/windows/deploy/usmt-identify-users.md
@@ -2,10 +2,10 @@
 title: Identify Users (Windows 10)
 description: Identify Users
 ms.assetid: 957a4fe9-79fd-44a2-8c26-33e50f71f9de
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Identify Users
diff --git a/windows/deploy/usmt-include-files-and-settings.md b/windows/deploy/usmt-include-files-and-settings.md
index 6142749d13..411525684e 100644
--- a/windows/deploy/usmt-include-files-and-settings.md
+++ b/windows/deploy/usmt-include-files-and-settings.md
@@ -2,10 +2,10 @@
 title: Include Files and Settings (Windows 10)
 description: Include Files and Settings
 ms.assetid: 9009c6a5-0612-4478-8742-abe5eb6cbac8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Include Files and Settings
diff --git a/windows/deploy/usmt-loadstate-syntax.md b/windows/deploy/usmt-loadstate-syntax.md
index a82a0b4357..36c3dfb311 100644
--- a/windows/deploy/usmt-loadstate-syntax.md
+++ b/windows/deploy/usmt-loadstate-syntax.md
@@ -2,10 +2,10 @@
 title: LoadState Syntax (Windows 10)
 description: LoadState Syntax
 ms.assetid: 53d2143b-cbe9-4cfc-8506-36e9d429f6d4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # LoadState Syntax
diff --git a/windows/deploy/usmt-log-files.md b/windows/deploy/usmt-log-files.md
index 89fc388cf9..9796591745 100644
--- a/windows/deploy/usmt-log-files.md
+++ b/windows/deploy/usmt-log-files.md
@@ -2,10 +2,10 @@
 title: Log Files (Windows 10)
 description: Log Files
 ms.assetid: 28185ebd-630a-4bbd-94f4-8c48aad05649
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Log Files
diff --git a/windows/deploy/usmt-migrate-efs-files-and-certificates.md b/windows/deploy/usmt-migrate-efs-files-and-certificates.md
index 43a57ddc5d..d4e2db536f 100644
--- a/windows/deploy/usmt-migrate-efs-files-and-certificates.md
+++ b/windows/deploy/usmt-migrate-efs-files-and-certificates.md
@@ -2,10 +2,10 @@
 title: Migrate EFS Files and Certificates (Windows 10)
 description: Migrate EFS Files and Certificates
 ms.assetid: 7f19a753-ec45-4433-b297-cc30f16fdee1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migrate EFS Files and Certificates
diff --git a/windows/deploy/usmt-migrate-user-accounts.md b/windows/deploy/usmt-migrate-user-accounts.md
index 25c9490cbc..6c87c9b043 100644
--- a/windows/deploy/usmt-migrate-user-accounts.md
+++ b/windows/deploy/usmt-migrate-user-accounts.md
@@ -2,10 +2,10 @@
 title: Migrate User Accounts (Windows 10)
 description: Migrate User Accounts
 ms.assetid: a3668361-43c8-4fd2-b26e-9a2deaeaeb09
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migrate User Accounts
diff --git a/windows/deploy/usmt-migration-store-encryption.md b/windows/deploy/usmt-migration-store-encryption.md
index bb6343401f..1e8ea1a8e0 100644
--- a/windows/deploy/usmt-migration-store-encryption.md
+++ b/windows/deploy/usmt-migration-store-encryption.md
@@ -2,10 +2,10 @@
 title: Migration Store Encryption (Windows 10)
 description: Migration Store Encryption
 ms.assetid: b28c2657-b986-4487-bd38-cb81500b831d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migration Store Encryption
diff --git a/windows/deploy/usmt-overview.md b/windows/deploy/usmt-overview.md
index f3d7f0b860..928044a3cf 100644
--- a/windows/deploy/usmt-overview.md
+++ b/windows/deploy/usmt-overview.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Overview (Windows 10)
 description: User State Migration Tool (USMT) Overview
 ms.assetid: 3b649431-ad09-4b17-895a-3fec7ac0a81f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Overview
diff --git a/windows/deploy/usmt-plan-your-migration.md b/windows/deploy/usmt-plan-your-migration.md
index eaed479359..2b6ce76d7f 100644
--- a/windows/deploy/usmt-plan-your-migration.md
+++ b/windows/deploy/usmt-plan-your-migration.md
@@ -2,10 +2,10 @@
 title: Plan Your Migration (Windows 10)
 description: Plan Your Migration
 ms.assetid: c951f7df-850e-47ad-b31b-87f902955e3e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Plan Your Migration
diff --git a/windows/deploy/usmt-recognized-environment-variables.md b/windows/deploy/usmt-recognized-environment-variables.md
index 8246122fd9..edebf602f1 100644
--- a/windows/deploy/usmt-recognized-environment-variables.md
+++ b/windows/deploy/usmt-recognized-environment-variables.md
@@ -2,10 +2,10 @@
 title: Recognized Environment Variables (Windows 10)
 description: Recognized Environment Variables
 ms.assetid: 2b0ac412-e131-456e-8f0c-c26249b5f3df
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Recognized Environment Variables
diff --git a/windows/deploy/usmt-reference.md b/windows/deploy/usmt-reference.md
index ffe3b71ef8..753146d6b9 100644
--- a/windows/deploy/usmt-reference.md
+++ b/windows/deploy/usmt-reference.md
@@ -2,10 +2,10 @@
 title: User State Migration Toolkit (USMT) Reference (Windows 10)
 description: User State Migration Toolkit (USMT) Reference
 ms.assetid: 2135dbcf-de49-4cea-b2fb-97dd016e1a1a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Toolkit (USMT) Reference
diff --git a/windows/deploy/usmt-requirements.md b/windows/deploy/usmt-requirements.md
index ace2abc84a..c8632b0b4a 100644
--- a/windows/deploy/usmt-requirements.md
+++ b/windows/deploy/usmt-requirements.md
@@ -2,10 +2,10 @@
 title: USMT Requirements (Windows 10)
 description: USMT Requirements
 ms.assetid: 2b0cf3a3-9032-433f-9622-1f9df59d6806
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # USMT Requirements
diff --git a/windows/deploy/usmt-reroute-files-and-settings.md b/windows/deploy/usmt-reroute-files-and-settings.md
index a948ee7c8c..99dd2eb09c 100644
--- a/windows/deploy/usmt-reroute-files-and-settings.md
+++ b/windows/deploy/usmt-reroute-files-and-settings.md
@@ -2,10 +2,10 @@
 title: Reroute Files and Settings (Windows 10)
 description: Reroute Files and Settings
 ms.assetid: 905e6a24-922c-4549-9732-60fa11862a6c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Reroute Files and Settings
diff --git a/windows/deploy/usmt-resources.md b/windows/deploy/usmt-resources.md
index 0cb115c915..cc268ff816 100644
--- a/windows/deploy/usmt-resources.md
+++ b/windows/deploy/usmt-resources.md
@@ -2,10 +2,10 @@
 title: USMT Resources (Windows 10)
 description: USMT Resources
 ms.assetid: a0b266c7-4bcb-49f1-b63c-48c6ace86b43
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # USMT Resources
diff --git a/windows/deploy/usmt-return-codes.md b/windows/deploy/usmt-return-codes.md
index 4354a11ca8..365b49b5c7 100644
--- a/windows/deploy/usmt-return-codes.md
+++ b/windows/deploy/usmt-return-codes.md
@@ -2,10 +2,10 @@
 title: Return Codes (Windows 10)
 description: Return Codes
 ms.assetid: e71bbc6b-d5a6-4e48-ad01-af0012b35f22
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Return Codes
diff --git a/windows/deploy/usmt-scanstate-syntax.md b/windows/deploy/usmt-scanstate-syntax.md
index ff2636ee8c..5083385534 100644
--- a/windows/deploy/usmt-scanstate-syntax.md
+++ b/windows/deploy/usmt-scanstate-syntax.md
@@ -2,10 +2,10 @@
 title: ScanState Syntax (Windows 10)
 description: ScanState Syntax
 ms.assetid: 004c755f-33db-49e4-8a3b-37beec1480ea
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # ScanState Syntax
diff --git a/windows/deploy/usmt-technical-reference.md b/windows/deploy/usmt-technical-reference.md
index 232f27f2fa..5bdf666976 100644
--- a/windows/deploy/usmt-technical-reference.md
+++ b/windows/deploy/usmt-technical-reference.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Technical Reference (Windows 10)
 description: The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
 ms.assetid: f90bf58b-5529-4520-a9f8-b6cb4e4d3add
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Technical Reference
diff --git a/windows/deploy/usmt-test-your-migration.md b/windows/deploy/usmt-test-your-migration.md
index 05e999a34d..e460f17de8 100644
--- a/windows/deploy/usmt-test-your-migration.md
+++ b/windows/deploy/usmt-test-your-migration.md
@@ -2,10 +2,10 @@
 title: Test Your Migration (Windows 10)
 description: Test Your Migration
 ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Test Your Migration
diff --git a/windows/deploy/usmt-topics.md b/windows/deploy/usmt-topics.md
index a58a88b007..4fe5cace86 100644
--- a/windows/deploy/usmt-topics.md
+++ b/windows/deploy/usmt-topics.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Overview Topics (Windows 10)
 description: User State Migration Tool (USMT) Overview Topics
 ms.assetid: 23170271-130b-416f-a7a7-c2f6adc32eee
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Overview Topics
diff --git a/windows/deploy/usmt-troubleshooting.md b/windows/deploy/usmt-troubleshooting.md
index 576f9801c9..33296077f4 100644
--- a/windows/deploy/usmt-troubleshooting.md
+++ b/windows/deploy/usmt-troubleshooting.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Troubleshooting (Windows 10)
 description: User State Migration Tool (USMT) Troubleshooting
 ms.assetid: 770f45bb-2284-463f-a29c-69c04f437533
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Troubleshooting
diff --git a/windows/deploy/usmt-utilities.md b/windows/deploy/usmt-utilities.md
index eb9081b082..08df5661f2 100644
--- a/windows/deploy/usmt-utilities.md
+++ b/windows/deploy/usmt-utilities.md
@@ -2,10 +2,10 @@
 title: UsmtUtils Syntax (Windows 10)
 description: UsmtUtils Syntax
 ms.assetid: cdab7f2d-dd68-4016-b9ed-41ffa743b65c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # UsmtUtils Syntax
diff --git a/windows/deploy/usmt-what-does-usmt-migrate.md b/windows/deploy/usmt-what-does-usmt-migrate.md
index 83b3851c29..89ba8aa60b 100644
--- a/windows/deploy/usmt-what-does-usmt-migrate.md
+++ b/windows/deploy/usmt-what-does-usmt-migrate.md
@@ -2,10 +2,10 @@
 title: What Does USMT Migrate (Windows 10)
 description: What Does USMT Migrate
 ms.assetid: f613987d-0f17-43fe-9717-6465865ceda7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # What Does USMT Migrate?
diff --git a/windows/deploy/usmt-xml-elements-library.md b/windows/deploy/usmt-xml-elements-library.md
index 87ffc8c9c3..f4f412fc2a 100644
--- a/windows/deploy/usmt-xml-elements-library.md
+++ b/windows/deploy/usmt-xml-elements-library.md
@@ -2,10 +2,10 @@
 title: XML Elements Library (Windows 10)
 description: XML Elements Library
 ms.assetid: f5af0f6d-c3bf-4a4c-a0ca-9db7985f954f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # XML Elements Library
diff --git a/windows/deploy/usmt-xml-reference.md b/windows/deploy/usmt-xml-reference.md
index 49d7403f8f..4023b52759 100644
--- a/windows/deploy/usmt-xml-reference.md
+++ b/windows/deploy/usmt-xml-reference.md
@@ -2,10 +2,10 @@
 title: USMT XML Reference (Windows 10)
 description: USMT XML Reference
 ms.assetid: fb946975-0fee-4ec0-b3ef-7c34945ee96f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # USMT XML Reference
diff --git a/windows/deploy/vamt-known-issues.md b/windows/deploy/vamt-known-issues.md
index 1e014a3e46..4aa2185e8f 100644
--- a/windows/deploy/vamt-known-issues.md
+++ b/windows/deploy/vamt-known-issues.md
@@ -2,7 +2,7 @@
 title: VAMT Known Issues (Windows 10)
 description: VAMT Known Issues
 ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/vamt-requirements.md b/windows/deploy/vamt-requirements.md
index 9da49547b0..06a8615669 100644
--- a/windows/deploy/vamt-requirements.md
+++ b/windows/deploy/vamt-requirements.md
@@ -2,7 +2,7 @@
 title: VAMT Requirements (Windows 10)
 description: VAMT Requirements
 ms.assetid: d14d152b-ab8a-43cb-a8fd-2279364007b9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/vamt-step-by-step.md b/windows/deploy/vamt-step-by-step.md
index e886684243..5582bd3417 100644
--- a/windows/deploy/vamt-step-by-step.md
+++ b/windows/deploy/vamt-step-by-step.md
@@ -2,7 +2,7 @@
 title: VAMT Step-by-Step Scenarios (Windows 10)
 description: VAMT Step-by-Step Scenarios
 ms.assetid: 455c542c-4860-4b57-a1f0-7e2d28e11a10
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/verify-the-condition-of-a-compressed-migration-store.md b/windows/deploy/verify-the-condition-of-a-compressed-migration-store.md
index 233beb97f0..ee16be2715 100644
--- a/windows/deploy/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deploy/verify-the-condition-of-a-compressed-migration-store.md
@@ -2,10 +2,10 @@
 title: Verify the Condition of a Compressed Migration Store (Windows 10)
 description: Verify the Condition of a Compressed Migration Store
 ms.assetid: 4a3fda96-5f7d-494a-955f-6b865ec9fcae
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Verify the Condition of a Compressed Migration Store
diff --git a/windows/deploy/volume-activation-management-tool.md b/windows/deploy/volume-activation-management-tool.md
index 04af72f880..887c116352 100644
--- a/windows/deploy/volume-activation-management-tool.md
+++ b/windows/deploy/volume-activation-management-tool.md
@@ -2,7 +2,7 @@
 title: Volume Activation Management Tool (VAMT) Technical Reference (Windows 10)
 description: The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
 ms.assetid: 1df0f795-f41c-473b-850c-e98af1ad2f2a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/volume-activation-windows-10.md b/windows/deploy/volume-activation-windows-10.md
index e57043d4ca..eda56e2651 100644
--- a/windows/deploy/volume-activation-windows-10.md
+++ b/windows/deploy/volume-activation-windows-10.md
@@ -3,7 +3,7 @@ title: Volume Activation for Windows 10 (Windows 10)
 description: This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows.
 ms.assetid: 6e8cffae-7322-4fd3-882a-cde68187aef2
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/windows-10-deployment-scenarios.md b/windows/deploy/windows-10-deployment-scenarios.md
index 54221f9de3..e76d648bb0 100644
--- a/windows/deploy/windows-10-deployment-scenarios.md
+++ b/windows/deploy/windows-10-deployment-scenarios.md
@@ -2,8 +2,8 @@
 title: Windows 10 deployment scenarios (Windows 10)
 description: To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider.
 ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5
-keywords: ["upgrade, in-place, configuration, deploy"]
-ms.prod: W10
+keywords: upgrade, in-place, configuration, deploy
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/windows-10-deployment-tools-reference.md b/windows/deploy/windows-10-deployment-tools-reference.md
index e71eedae97..597900fb82 100644
--- a/windows/deploy/windows-10-deployment-tools-reference.md
+++ b/windows/deploy/windows-10-deployment-tools-reference.md
@@ -2,10 +2,10 @@
 title: Windows 10 deployment tools reference (Windows 10)
 description: Learn about the tools available to deploy Windows 10.
 ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Windows 10 deployment tools reference
diff --git a/windows/deploy/windows-10-edition-upgrades.md b/windows/deploy/windows-10-edition-upgrades.md
index 72baf3a243..21981254a9 100644
--- a/windows/deploy/windows-10-edition-upgrades.md
+++ b/windows/deploy/windows-10-edition-upgrades.md
@@ -2,10 +2,10 @@
 title: Windows 10 edition upgrade (Windows 10)
 description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported.
 ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Windows 10 edition upgrade
diff --git a/windows/deploy/windows-adk-scenarios-for-it-pros.md b/windows/deploy/windows-adk-scenarios-for-it-pros.md
index 3fb2944f22..8821ada189 100644
--- a/windows/deploy/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deploy/windows-adk-scenarios-for-it-pros.md
@@ -2,10 +2,10 @@
 title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10)
 description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.
 ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Windows ADK for Windows 10 scenarios for IT Pros
diff --git a/windows/deploy/windows-deployment-scenarios-and-tools.md b/windows/deploy/windows-deployment-scenarios-and-tools.md
index a66deb1389..ba4f22b7c5 100644
--- a/windows/deploy/windows-deployment-scenarios-and-tools.md
+++ b/windows/deploy/windows-deployment-scenarios-and-tools.md
@@ -2,8 +2,8 @@
 title: Windows 10 deployment tools (Windows 10)
 description: To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process.
 ms.assetid: 0d6cee1f-14c4-4b69-b29a-43b0b327b877
-keywords: ["deploy, volume activation, BitLocker, recovery, install, installation, VAMT, MDT, USMT, WDS"]
-ms.prod: W10
+keywords: deploy, volume activation, BitLocker, recovery, install, installation, VAMT, MDT, USMT, WDS
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/windows-upgrade-and-migration-considerations.md b/windows/deploy/windows-upgrade-and-migration-considerations.md
index 2b5ee05766..7763b0502d 100644
--- a/windows/deploy/windows-upgrade-and-migration-considerations.md
+++ b/windows/deploy/windows-upgrade-and-migration-considerations.md
@@ -2,10 +2,10 @@
 title: Windows Upgrade and Migration Considerations (Windows 10)
 description: Windows Upgrade and Migration Considerations
 ms.assetid: 7f85095c-5922-45e9-b28e-91b1263c7281
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Windows Upgrade and Migration Considerations
diff --git a/windows/deploy/xml-file-requirements.md b/windows/deploy/xml-file-requirements.md
index 50c5e1b161..100306e84d 100644
--- a/windows/deploy/xml-file-requirements.md
+++ b/windows/deploy/xml-file-requirements.md
@@ -2,10 +2,10 @@
 title: XML File Requirements (Windows 10)
 description: XML File Requirements
 ms.assetid: 4b567b50-c50a-4a4f-8684-151fe3f8275f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # XML File Requirements

From e2d0123c20b0595f63cba39c262c2536c0dbbbce Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 26 May 2016 15:11:40 -0700
Subject: [PATCH 20/92] checking in 7707381

---
 windows/deploy/TOC.md                         |  1 +
 .../deploy/upgrade-windows-phone-8-1-to-10.md | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 windows/deploy/upgrade-windows-phone-8-1-to-10.md

diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index 86ea7532e1..af7eb425d9 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -20,6 +20,7 @@
 #### [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt-2013.md)
 #### [Use web services in MDT](use-web-services-in-mdt-2013.md)
 #### [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt-2013.md)
+### [Upgrade Windows Phone 8.1 to Windows 10](upgrade-windows-phone-8-1-to-10.md)
 ## [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
 ### [Integrate Configuration Manager with MDT 2013 Update 2](integrate-configuration-manager-with-mdt-2013.md)
 ### [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
new file mode 100644
index 0000000000..cc27c183b0
--- /dev/null
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -0,0 +1,19 @@
+---
+title: Deploy Windows 10 using PXE (Windows 10)
+description: PXE-initiated operating system deployments in System Center Configuration Manager let client computers request and deploy operating systems over the network. In this operating system deployment scenario, the operating system image and both the x86 and x64 Windows PE boot images are sent to a distribution point that is configured to accept PXE boot requests. 
+ms.assetid: b001a736-91db-4f91-bd92-278e267e06d9
+keywords: deploy
+ms.prod: W10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: mdt
+author: greg-lindsay
+---
+
+# Deploy Windows 10 using PXE
+
+This walkthrough describes how to set up a third-party PXE server by using Windows PE 2.0. The process includes copying Windows PE 2.0 source files to your PXE server and then configuring your PXE server boot configuration to use Windows PE.
+
+## Related topics
+
+[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)

From 512d1a6040207b81f06f6c518027de8e199598b2 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 15:28:33 -0700
Subject: [PATCH 21/92] updating link

---
 windows/manage/lock-down-windows-10.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/lock-down-windows-10.md b/windows/manage/lock-down-windows-10.md
index 142d9f3824..61004d8822 100644
--- a/windows/manage/lock-down-windows-10.md
+++ b/windows/manage/lock-down-windows-10.md
@@ -47,7 +47,7 @@ Enterprises often need to manage how people use corporate devices. Windows 10 p
 <td align="left"><p>Use this article to make informed decisions about how you can configure Windows telemetry in your organization.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Configure Windows 10 devices to stop data flow to Microsoft](configure-windows-10-devices-to-stop-data-flow-to-microsoft.md)</p></td>
+<td align="left"><p>[Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)</p></td>
 <td align="left"><p>Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro.</p></td>
 </tr>
 <tr class="odd">

From f581ce6e3ca6a705e3d6e95d368d8414bdbad790 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 26 May 2016 15:46:44 -0700
Subject: [PATCH 22/92] template topic for 7707381

---
 .../deploy/upgrade-windows-phone-8-1-to-10.md | 88 +++++++++++++++++--
 1 file changed, 83 insertions(+), 5 deletions(-)

diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index cc27c183b0..af2b3989cc 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -1,8 +1,7 @@
 ---
 title: Deploy Windows 10 using PXE (Windows 10)
 description: PXE-initiated operating system deployments in System Center Configuration Manager let client computers request and deploy operating systems over the network. In this operating system deployment scenario, the operating system image and both the x86 and x64 Windows PE boot images are sent to a distribution point that is configured to accept PXE boot requests. 
-ms.assetid: b001a736-91db-4f91-bd92-278e267e06d9
-keywords: deploy
+keywords: upgrade, update, windows, phone, windows 10, mdm, mobile
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -10,10 +9,89 @@ ms.pagetype: mdt
 author: greg-lindsay
 ---
 
-# Deploy Windows 10 using PXE
+# How to enable a Windows Phone 8.1 upgrade to Windows 10 Mobile in an MDM environment
 
-This walkthrough describes how to set up a third-party PXE server by using Windows PE 2.0. The process includes copying Windows PE 2.0 source files to your PXE server and then configuring your PXE server boot configuration to use Windows PE.
+## Summary
+This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. See the How to determine whether an upgrade is available for a device section to determine whether your device is eligible for the update.
+
+The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must "opt-in" to be offered the upgrade.
+
+For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in.
+
+For Enterprises, Microsoft is offering a centralized management solution through Mobile Device Management (MDM) that can push a management policy to each eligible device to perform the opt-in.
+
+If you use a list of allowed apps (whitelisting) through MDM, see the documentation here to make sure system apps are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are known issues listed in the documentation that could adversely affect the device after you upgrade. See this documentation for rules to avoid.
+
+Some enterprises may want to control the availability of the Windows 10 Mobile upgrade to their users. With the opt-in model, the enterprise can blacklist the Upgrade Advisor app to prevent their users from upgrading prematurely. For more information about how to blacklist the Upgrade Advisor app, see the How to blacklist the Upgrade Advisor app section. Enterprises that have blacklisted the Upgrade Advisor app can use the solution that's described in this article to select the upgrade timing on a per-device basis.
+
+## More information
+
+To provide enterprises with a solution that's independent of the Upgrade Advisor, a new registry key in the registry configuration service provider (CSP) is available. A special GUID key value is defined. When Microsoft Update (MU) detects the presence of the registry key value on a device, any available upgrade will be made available to the device.
+
+### Prerequisites
+
+•Windows Phone 8.1 device with an available upgrade to Windows 10 Mobile.
+•Device connected to Wi-Fi or cellular network to perform scan for upgrade.
+•Device is already enrolled with a MDM session.
+•Device is able to receive the management policy.
+•MDM is capable of pushing the management policy to devices. (The minimum version for popular MDM providers that support the solution in this article are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.)
+
+### Instructions for the MDM server
+
+The registry CSP is used to push the GUID value to the following registry key for which the Open Mobile Alliance (OMA) Device Management (DM) client has Read/Write access and for which the Device Update service has Read access.
+
+[HKLM\Software\Microsoft\Provisioning\OMADM] 
+"EnterpriseUpgrade"="d369c9b6-2379-466d-9162-afc53361e3c2”
+
+The complete SyncML command for the solution is as follows.
+
+Note The SyncML may vary, depending on your MDM solution.
+
+SyncML xmlns="SYNCML:SYNCML1.1"> 
+  <SyncBody>
+    <Add>
+      <CmdID>250</CmdID>
+      <Item>
+        <Target>
+          <LocURI>./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/ EnterpriseUpgrade</LocURI>
+        </Target>
+        <Meta>
+          <Format xmlns=”syncml:metinf”>chr</Format>
+        </Meta>
+        <Data>d369c9b6-2379-466d-9162-afc53361e3c2</Data>
+      </Item>
+    </Add>
+    <Final/>
+  </SyncBody>
+</SyncML>
+
+The OMA DM server policy description is provided in the following table:
+
+OMA-URI  ./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade 
+Data Type  String  
+Value  d369c9b6-2379-466d-9162-afc53361e3c2 
+After the device consumes the policy, it will be able to receive an available upgrade.
+
+To disable the policy, either delete the OMADM registry key or set the EnterpriseUpgrade string value to anything other than the GUID.
+
+### How to determine whether an upgrade is available for a device
+
+The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process.
+
+However, the Windows 10 Mobile Upgrade Advisor app is the best mechanism to determine when an upgrade is available. The app dynamically queries whether the upgrade is released for this device model and associated mobile operator (MO).
+
+We recommend that enterprises use a pilot device with the Windows 10 Mobile Upgrade Advisor app installed. The pilot device provides the device model and MO used by the enterprise. When you run the app on the pilot device, it will tell you that either an upgrade is available, that the device is eligible for upgrade, or that an upgrade is not available for this device.
+
+Note The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the Windows 10 mobile page.
+
+### How to blacklist the Upgrade Advisor app
+
+Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows Phone Upgrade Adviser is listed in the following location:
+
+http://windowsphone.com/s?appid=fbe47e4f-7769-4103-910e-dca8c43e0b07
+
+For more information about how to do this, see the Try it out: restrict Windows Phone 8.1 apps topic on TechNet.
 
 ## Related topics
 
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
+[Windows 10 Mobile and mobile device management](windows-10-mobile-and-mdm.md)

From e301f2077303dc39878e6e42c6bf775769dce366 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 26 May 2016 15:59:58 -0700
Subject: [PATCH 23/92] testing link

---
 windows/deploy/upgrade-windows-phone-8-1-to-10.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index af2b3989cc..659792f6e8 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -94,4 +94,4 @@ For more information about how to do this, see the Try it out: restrict Windows
 
 ## Related topics
 
-[Windows 10 Mobile and mobile device management](windows-10-mobile-and-mdm.md)
+[Windows 10 Mobile and mobile device management](..\manage\windows-10-mobile-and-mdm.md)

From f046a5fec059b3fed76b6f3225a0535247bee884 Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Thu, 26 May 2016 17:07:01 -0700
Subject: [PATCH 24/92] tagging update

change W10 to w10 (lower case), add security pagetype to various
---
 .../access-credential-manager-as-a-trusted-caller.md         | 2 +-
 windows/keep-secure/access-this-computer-from-the-network.md | 2 +-
 windows/keep-secure/account-lockout-duration.md              | 2 +-
 windows/keep-secure/account-lockout-policy.md                | 2 +-
 windows/keep-secure/account-lockout-threshold.md             | 2 +-
 windows/keep-secure/account-policies.md                      | 2 +-
 windows/keep-secure/accounts-administrator-account-status.md | 2 +-
 windows/keep-secure/accounts-block-microsoft-accounts.md     | 2 +-
 windows/keep-secure/accounts-guest-account-status.md         | 2 +-
 ...l-account-use-of-blank-passwords-to-console-logon-only.md | 2 +-
 windows/keep-secure/accounts-rename-administrator-account.md | 2 +-
 windows/keep-secure/accounts-rename-guest-account.md         | 2 +-
 windows/keep-secure/act-as-part-of-the-operating-system.md   | 2 +-
 .../ad-ds-schema-extensions-to-support-tpm-backup.md         | 2 +-
 .../add-apps-to-protected-list-using-custom-uri.md           | 5 +++--
 ...rules-for-packaged-apps-to-existing-applocker-rule-set.md | 2 +-
 windows/keep-secure/add-workstations-to-domain.md            | 2 +-
 ...figuration-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/adjust-memory-quotas-for-a-process.md    | 2 +-
 windows/keep-secure/administer-applocker.md                  | 2 +-
 windows/keep-secure/administer-security-policy-settings.md   | 2 +-
 .../keep-secure/advanced-security-audit-policy-settings.md   | 2 +-
 windows/keep-secure/advanced-security-auditing-faq.md        | 2 +-
 windows/keep-secure/advanced-security-auditing.md            | 2 +-
 ...erts-queue-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/allow-log-on-locally.md                  | 2 +-
 .../allow-log-on-through-remote-desktop-services.md          | 2 +-
 windows/keep-secure/applocker-architecture-and-components.md | 2 +-
 windows/keep-secure/applocker-functions.md                   | 2 +-
 windows/keep-secure/applocker-overview.md                    | 2 +-
 windows/keep-secure/applocker-policies-deployment-guide.md   | 2 +-
 windows/keep-secure/applocker-policies-design-guide.md       | 2 +-
 windows/keep-secure/applocker-policy-use-scenarios.md        | 2 +-
 windows/keep-secure/applocker-processes-and-interactions.md  | 2 +-
 windows/keep-secure/applocker-settings.md                    | 2 +-
 windows/keep-secure/applocker-technical-reference.md         | 2 +-
 .../apply-a-basic-audit-policy-on-a-file-or-folder.md        | 2 +-
 windows/keep-secure/audit-account-lockout.md                 | 2 +-
 windows/keep-secure/audit-application-generated.md           | 2 +-
 windows/keep-secure/audit-application-group-management.md    | 2 +-
 windows/keep-secure/audit-audit-policy-change.md             | 2 +-
 .../audit-audit-the-access-of-global-system-objects.md       | 2 +-
 .../audit-audit-the-use-of-backup-and-restore-privilege.md   | 2 +-
 windows/keep-secure/audit-authentication-policy-change.md    | 2 +-
 windows/keep-secure/audit-authorization-policy-change.md     | 2 +-
 windows/keep-secure/audit-central-access-policy-staging.md   | 2 +-
 windows/keep-secure/audit-certification-services.md          | 2 +-
 windows/keep-secure/audit-computer-account-management.md     | 2 +-
 windows/keep-secure/audit-credential-validation.md           | 2 +-
 .../audit-detailed-directory-service-replication.md          | 2 +-
 windows/keep-secure/audit-detailed-file-share.md             | 2 +-
 windows/keep-secure/audit-directory-service-access.md        | 2 +-
 windows/keep-secure/audit-directory-service-changes.md       | 2 +-
 windows/keep-secure/audit-directory-service-replication.md   | 2 +-
 windows/keep-secure/audit-distribution-group-management.md   | 2 +-
 windows/keep-secure/audit-dpapi-activity.md                  | 2 +-
 windows/keep-secure/audit-file-share.md                      | 2 +-
 windows/keep-secure/audit-file-system.md                     | 2 +-
 windows/keep-secure/audit-filtering-platform-connection.md   | 2 +-
 windows/keep-secure/audit-filtering-platform-packet-drop.md  | 2 +-
 .../keep-secure/audit-filtering-platform-policy-change.md    | 2 +-
 ...it-force-audit-policy-subcategory-settings-to-override.md | 2 +-
 windows/keep-secure/audit-group-membership.md                | 2 +-
 windows/keep-secure/audit-handle-manipulation.md             | 2 +-
 windows/keep-secure/audit-ipsec-driver.md                    | 2 +-
 windows/keep-secure/audit-ipsec-extended-mode.md             | 2 +-
 windows/keep-secure/audit-ipsec-main-mode.md                 | 2 +-
 windows/keep-secure/audit-ipsec-quick-mode.md                | 2 +-
 windows/keep-secure/audit-kerberos-authentication-service.md | 2 +-
 .../keep-secure/audit-kerberos-service-ticket-operations.md  | 2 +-
 windows/keep-secure/audit-kernel-object.md                   | 2 +-
 windows/keep-secure/audit-logoff.md                          | 2 +-
 windows/keep-secure/audit-logon.md                           | 2 +-
 windows/keep-secure/audit-mpssvc-rule-level-policy-change.md | 2 +-
 windows/keep-secure/audit-network-policy-server.md           | 2 +-
 windows/keep-secure/audit-non-sensitive-privilege-use.md     | 2 +-
 windows/keep-secure/audit-other-account-logon-events.md      | 2 +-
 windows/keep-secure/audit-other-account-management-events.md | 2 +-
 windows/keep-secure/audit-other-logonlogoff-events.md        | 2 +-
 windows/keep-secure/audit-other-object-access-events.md      | 2 +-
 windows/keep-secure/audit-other-policy-change-events.md      | 2 +-
 windows/keep-secure/audit-other-privilege-use-events.md      | 2 +-
 windows/keep-secure/audit-other-system-events.md             | 2 +-
 windows/keep-secure/audit-pnp-activity.md                    | 2 +-
 windows/keep-secure/audit-policy.md                          | 2 +-
 windows/keep-secure/audit-process-creation.md                | 2 +-
 windows/keep-secure/audit-process-termination.md             | 2 +-
 windows/keep-secure/audit-registry.md                        | 2 +-
 windows/keep-secure/audit-removable-storage.md               | 2 +-
 windows/keep-secure/audit-rpc-events.md                      | 2 +-
 windows/keep-secure/audit-sam.md                             | 2 +-
 windows/keep-secure/audit-security-group-management.md       | 2 +-
 windows/keep-secure/audit-security-state-change.md           | 2 +-
 windows/keep-secure/audit-security-system-extension.md       | 2 +-
 windows/keep-secure/audit-sensitive-privilege-use.md         | 2 +-
 ...wn-system-immediately-if-unable-to-log-security-audits.md | 2 +-
 windows/keep-secure/audit-special-logon.md                   | 2 +-
 windows/keep-secure/audit-system-integrity.md                | 2 +-
 windows/keep-secure/audit-user-account-management.md         | 2 +-
 windows/keep-secure/audit-user-device-claims.md              | 2 +-
 windows/keep-secure/back-up-files-and-directories.md         | 2 +-
 .../keep-secure/backup-tpm-recovery-information-to-ad-ds.md  | 2 +-
 windows/keep-secure/basic-audit-account-logon-events.md      | 2 +-
 windows/keep-secure/basic-audit-account-management.md        | 2 +-
 windows/keep-secure/basic-audit-directory-service-access.md  | 2 +-
 windows/keep-secure/basic-audit-logon-events.md              | 2 +-
 windows/keep-secure/basic-audit-object-access.md             | 2 +-
 windows/keep-secure/basic-audit-policy-change.md             | 2 +-
 windows/keep-secure/basic-audit-privilege-use.md             | 2 +-
 windows/keep-secure/basic-audit-process-tracking.md          | 2 +-
 windows/keep-secure/basic-audit-system-events.md             | 2 +-
 windows/keep-secure/basic-security-audit-policies.md         | 2 +-
 windows/keep-secure/basic-security-audit-policy-settings.md  | 2 +-
 windows/keep-secure/bcd-settings-and-bitlocker.md            | 2 +-
 windows/keep-secure/bitlocker-basic-deployment.md            | 2 +-
 windows/keep-secure/bitlocker-countermeasures.md             | 2 +-
 windows/keep-secure/bitlocker-frequently-asked-questions.md  | 2 +-
 windows/keep-secure/bitlocker-group-policy-settings.md       | 2 +-
 .../keep-secure/bitlocker-how-to-deploy-on-windows-server.md | 2 +-
 .../keep-secure/bitlocker-how-to-enable-network-unlock.md    | 2 +-
 windows/keep-secure/bitlocker-overview.md                    | 2 +-
 windows/keep-secure/bitlocker-recovery-guide-plan.md         | 2 +-
 ...e-bitlocker-drive-encryption-tools-to-manage-bitlocker.md | 2 +-
 .../bitlocker-use-bitlocker-recovery-password-viewer.md      | 2 +-
 windows/keep-secure/block-untrusted-fonts-in-enterprise.md   | 5 +++--
 windows/keep-secure/bypass-traverse-checking.md              | 2 +-
 .../keep-secure/change-history-for-keep-windows-10-secure.md | 3 ++-
 windows/keep-secure/change-the-system-time.md                | 2 +-
 windows/keep-secure/change-the-time-zone.md                  | 2 +-
 windows/keep-secure/change-the-tpm-owner-password.md         | 2 +-
 .../keep-secure/choose-the-right-bitlocker-countermeasure.md | 2 +-
 .../configure-an-applocker-policy-for-audit-only.md          | 2 +-
 .../configure-an-applocker-policy-for-enforce-rules.md       | 2 +-
 ...-endpoints-windows-defender-advanced-threat-protection.md | 3 ++-
 .../configure-exceptions-for-an-applocker-rule.md            | 2 +-
 ...y-internet-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/configure-s-mime.md                      | 2 +-
 .../keep-secure/configure-the-appLocker-reference-device.md  | 2 +-
 .../configure-the-application-identity-service.md            | 2 +-
 .../keep-secure/configure-windows-defender-in-windows-10.md  | 2 +-
 ...te-a-basic-audit-policy-settings-for-an-event-category.md | 2 +-
 windows/keep-secure/create-a-pagefile.md                     | 2 +-
 windows/keep-secure/create-a-rule-for-packaged-apps.md       | 2 +-
 .../create-a-rule-that-uses-a-file-hash-condition.md         | 2 +-
 .../keep-secure/create-a-rule-that-uses-a-path-condition.md  | 2 +-
 .../create-a-rule-that-uses-a-publisher-condition.md         | 2 +-
 windows/keep-secure/create-a-token-object.md                 | 2 +-
 windows/keep-secure/create-applocker-default-rules.md        | 2 +-
 windows/keep-secure/create-edp-policy-using-intune.md        | 3 ++-
 windows/keep-secure/create-edp-policy-using-sccm.md          | 5 +++--
 windows/keep-secure/create-global-objects.md                 | 2 +-
 ...e-list-of-applications-deployed-to-each-business-group.md | 2 +-
 windows/keep-secure/create-permanent-shared-objects.md       | 2 +-
 windows/keep-secure/create-symbolic-links.md                 | 2 +-
 .../keep-secure/create-vpn-and-edp-policy-using-intune.md    | 5 +++--
 .../keep-secure/create-your-applocker-planning-document.md   | 2 +-
 windows/keep-secure/create-your-applocker-policies.md        | 2 +-
 windows/keep-secure/create-your-applocker-rules.md           | 2 +-
 .../creating-a-device-guard-policy-for-signed-apps.md        | 2 +-
 windows/keep-secure/credential-guard.md                      | 2 +-
 .../dashboard-windows-defender-advanced-threat-protection.md | 4 +++-
 ...ge-privacy-windows-defender-advanced-threat-protection.md | 3 ++-
 ...in-security-descriptor-definition-language-sddl-syntax.md | 2 +-
 ...in-security-descriptor-definition-language-sddl-syntax.md | 2 +-
 windows/keep-secure/debug-programs.md                        | 2 +-
 windows/keep-secure/delete-an-applocker-rule.md              | 2 +-
 .../deny-access-to-this-computer-from-the-network.md         | 2 +-
 windows/keep-secure/deny-log-on-as-a-batch-job.md            | 2 +-
 windows/keep-secure/deny-log-on-as-a-service.md              | 2 +-
 windows/keep-secure/deny-log-on-locally.md                   | 2 +-
 .../deny-log-on-through-remote-desktop-services.md           | 2 +-
 ...-applocker-policies-by-using-the-enforce-rules-setting.md | 2 +-
 windows/keep-secure/deploy-edp-policy-using-intune.md        | 5 +++--
 .../deploy-the-applocker-policy-into-production.md           | 2 +-
 .../determine-group-policy-structure-and-rule-enforcement.md | 2 +-
 ...lications-are-digitally-signed-on-a-reference-computer.md | 2 +-
 .../determine-your-application-control-objectives.md         | 2 +-
 .../keep-secure/device-guard-certification-and-compliance.md | 2 +-
 windows/keep-secure/device-guard-deployment-guide.md         | 4 ++--
 .../devices-allow-undock-without-having-to-log-on.md         | 2 +-
 .../devices-allowed-to-format-and-eject-removable-media.md   | 2 +-
 .../devices-prevent-users-from-installing-printer-drivers.md | 2 +-
 ...-restrict-cd-rom-access-to-locally-logged-on-user-only.md | 2 +-
 ...-restrict-floppy-access-to-locally-logged-on-user-only.md | 2 +-
 ...rl-message-when-users-try-to-run-a-blocked-application.md | 2 +-
 windows/keep-secure/dll-rules-in-applocker.md                | 2 +-
 ...-group-policy-structure-and-applocker-rule-enforcement.md | 2 +-
 ...document-your-application-control-management-processes.md | 2 +-
 windows/keep-secure/document-your-application-list.md        | 2 +-
 windows/keep-secure/document-your-applocker-rules.md         | 2 +-
 ...in-controller-allow-server-operators-to-schedule-tasks.md | 2 +-
 .../domain-controller-ldap-server-signing-requirements.md    | 2 +-
 ...ain-controller-refuse-machine-account-password-changes.md | 2 +-
 ...r-digitally-encrypt-or-sign-secure-channel-data-always.md | 2 +-
 ...er-digitally-encrypt-secure-channel-data-when-possible.md | 2 +-
 ...ember-digitally-sign-secure-channel-data-when-possible.md | 2 +-
 ...domain-member-disable-machine-account-password-changes.md | 2 +-
 .../domain-member-maximum-machine-account-password-age.md    | 2 +-
 ...ember-require-strong-windows-2000-or-later-session-key.md | 2 +-
 windows/keep-secure/edit-an-applocker-policy.md              | 2 +-
 windows/keep-secure/edit-applocker-rules.md                  | 2 +-
 ...omputer-and-user-accounts-to-be-trusted-for-delegation.md | 2 +-
 windows/keep-secure/enable-the-dll-rule-collection.md        | 2 +-
 windows/keep-secure/encrypted-hard-drive.md                  | 2 +-
 windows/keep-secure/enforce-applocker-rules.md               | 2 +-
 windows/keep-secure/enforce-password-history.md              | 2 +-
 windows/keep-secure/enforce-user-logon-restrictions.md       | 2 +-
 windows/keep-secure/enlightened-microsoft-apps-and-edp.md    | 5 +++--
 ...rror-codes-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/executable-rules-in-applocker.md         | 2 +-
 windows/keep-secure/export-an-applocker-policy-from-a-gpo.md | 2 +-
 .../keep-secure/export-an-applocker-policy-to-an-xml-file.md | 2 +-
 .../keep-secure/file-system-global-object-access-auditing.md | 2 +-
 windows/keep-secure/force-shutdown-from-a-remote-system.md   | 2 +-
 windows/keep-secure/generate-security-audits.md              | 2 +-
 .../get-started-with-windows-defender-for-windows-10.md      | 2 +-
 .../getting-apps-to-run-on-device-guard-protected-devices.md | 2 +-
 windows/keep-secure/guidance-and-best-practices-edp.md       | 5 +++--
 windows/keep-secure/how-applocker-works-techref.md           | 2 +-
 .../keep-secure/how-to-configure-security-policy-settings.md | 2 +-
 windows/keep-secure/how-user-account-control-works.md        | 2 +-
 .../keep-secure/impersonate-a-client-after-authentication.md | 2 +-
 .../implement-microsoft-passport-in-your-organization.md     | 2 +-
 .../import-an-applocker-policy-from-another-computer.md      | 2 +-
 windows/keep-secure/import-an-applocker-policy-into-a-gpo.md | 2 +-
 windows/keep-secure/increase-a-process-working-set.md        | 2 +-
 windows/keep-secure/increase-scheduling-priority.md          | 2 +-
 windows/keep-secure/index.md                                 | 2 +-
 .../initialize-and-configure-ownership-of-the-tpm.md         | 2 +-
 .../installing-digital-certificates-on-windows-10-mobile.md  | 2 +-
 ...on-display-user-information-when-the-session-is-locked.md | 2 +-
 .../interactive-logon-do-not-display-last-user-name.md       | 2 +-
 .../interactive-logon-do-not-require-ctrl-alt-del.md         | 2 +-
 .../interactive-logon-machine-account-lockout-threshold.md   | 2 +-
 .../interactive-logon-machine-inactivity-limit.md            | 2 +-
 ...tive-logon-message-text-for-users-attempting-to-log-on.md | 2 +-
 ...ive-logon-message-title-for-users-attempting-to-log-on.md | 2 +-
 ...ns-to-cache-in-case-domain-controller-is-not-available.md | 2 +-
 ...logon-prompt-user-to-change-password-before-expiration.md | 2 +-
 ...domain-controller-authentication-to-unlock-workstation.md | 2 +-
 windows/keep-secure/interactive-logon-require-smart-card.md  | 2 +-
 .../interactive-logon-smart-card-removal-behavior.md         | 2 +-
 ...ate-alerts-windows-defender-advanced-threat-protection.md | 3 ++-
 ...ate-domain-windows-defender-advanced-threat-protection.md | 3 ++-
 ...gate-files-windows-defender-advanced-threat-protection.md | 3 ++-
 ...stigate-ip-windows-defender-advanced-threat-protection.md | 3 ++-
 ...e-machines-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/kerberos-policy.md                       | 2 +-
 248 files changed, 278 insertions(+), 256 deletions(-)

diff --git a/windows/keep-secure/access-credential-manager-as-a-trusted-caller.md b/windows/keep-secure/access-credential-manager-as-a-trusted-caller.md
index f6f7140989..ff24a84d8c 100644
--- a/windows/keep-secure/access-credential-manager-as-a-trusted-caller.md
+++ b/windows/keep-secure/access-credential-manager-as-a-trusted-caller.md
@@ -2,7 +2,7 @@
 title: Access Credential Manager as a trusted caller (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Access Credential Manager as a trusted caller security policy setting.
 ms.assetid: a51820d2-ca5b-47dd-8e9b-d7008603db88
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/access-this-computer-from-the-network.md b/windows/keep-secure/access-this-computer-from-the-network.md
index 00a88b6ba8..1cb598fcfd 100644
--- a/windows/keep-secure/access-this-computer-from-the-network.md
+++ b/windows/keep-secure/access-this-computer-from-the-network.md
@@ -2,7 +2,7 @@
 title: Access this computer from the network (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Access this computer from the network security policy setting.
 ms.assetid: f6767bc2-83d1-45f1-847c-54f5362db022
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/account-lockout-duration.md b/windows/keep-secure/account-lockout-duration.md
index 9b8fd5a9f4..1d438057a4 100644
--- a/windows/keep-secure/account-lockout-duration.md
+++ b/windows/keep-secure/account-lockout-duration.md
@@ -2,7 +2,7 @@
 title: Account lockout duration (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Account lockout duration security policy setting.
 ms.assetid: a4167bf4-27c3-4a9b-8ef0-04e3c6ec3aa4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/account-lockout-policy.md b/windows/keep-secure/account-lockout-policy.md
index edf3c1a723..6a13c989d3 100644
--- a/windows/keep-secure/account-lockout-policy.md
+++ b/windows/keep-secure/account-lockout-policy.md
@@ -2,7 +2,7 @@
 title: Account Lockout Policy (Windows 10)
 description: Describes the Account Lockout Policy settings and links to information about each policy setting.
 ms.assetid: eb968c28-17c5-405f-b413-50728cb7b724
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/account-lockout-threshold.md b/windows/keep-secure/account-lockout-threshold.md
index 56fedf53b7..828a524fe0 100644
--- a/windows/keep-secure/account-lockout-threshold.md
+++ b/windows/keep-secure/account-lockout-threshold.md
@@ -2,7 +2,7 @@
 title: Account lockout threshold (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Account lockout threshold security policy setting.
 ms.assetid: 4904bb40-a2bd-4fef-a102-260ba8d74e30
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/account-policies.md b/windows/keep-secure/account-policies.md
index 487d575c7f..ca8fb5a3b4 100644
--- a/windows/keep-secure/account-policies.md
+++ b/windows/keep-secure/account-policies.md
@@ -2,7 +2,7 @@
 title: Account Policies (Windows 10)
 description: An overview of account policies in Windows and provides links to policy descriptions.
 ms.assetid: 711b3797-b87a-4cd9-a2e3-1f8ef18688fb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-administrator-account-status.md b/windows/keep-secure/accounts-administrator-account-status.md
index 6c992c3bcb..5a3cde966e 100644
--- a/windows/keep-secure/accounts-administrator-account-status.md
+++ b/windows/keep-secure/accounts-administrator-account-status.md
@@ -2,7 +2,7 @@
 title: Accounts Administrator account status (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Accounts Administrator account status security policy setting.
 ms.assetid: 71a3bd48-1014-49e0-a936-bfe9433af23e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-block-microsoft-accounts.md b/windows/keep-secure/accounts-block-microsoft-accounts.md
index a482a7a88c..cc479c5bc2 100644
--- a/windows/keep-secure/accounts-block-microsoft-accounts.md
+++ b/windows/keep-secure/accounts-block-microsoft-accounts.md
@@ -2,7 +2,7 @@
 title: Accounts Block Microsoft accounts (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Accounts Block Microsoft accounts security policy setting.
 ms.assetid: 94c76f45-057c-4d80-8d01-033cf28ef2f7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-guest-account-status.md b/windows/keep-secure/accounts-guest-account-status.md
index 2e66ee3ae1..f9054008ac 100644
--- a/windows/keep-secure/accounts-guest-account-status.md
+++ b/windows/keep-secure/accounts-guest-account-status.md
@@ -2,7 +2,7 @@
 title: Accounts Guest account status (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Accounts Guest account status security policy setting.
 ms.assetid: 07e53fc5-b495-4d02-ab42-5b245d10d0ce
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/keep-secure/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
index 9d8ddd27c9..eb700fe6ec 100644
--- a/windows/keep-secure/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
+++ b/windows/keep-secure/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
@@ -2,7 +2,7 @@
 title: Accounts Limit local account use of blank passwords to console logon only (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Accounts Limit local account use of blank passwords to console logon only security policy setting.
 ms.assetid: a1bfb58b-1ae8-4de9-832b-aa889a6e64bd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-rename-administrator-account.md b/windows/keep-secure/accounts-rename-administrator-account.md
index 8873990424..5c79c1d38b 100644
--- a/windows/keep-secure/accounts-rename-administrator-account.md
+++ b/windows/keep-secure/accounts-rename-administrator-account.md
@@ -2,7 +2,7 @@
 title: Accounts Rename administrator account (Windows 10)
 description: This security policy reference topic for the IT professional describes the best practices, location, values, and security considerations for this policy setting.
 ms.assetid: d21308eb-7c60-4e48-8747-62b8109844f9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-rename-guest-account.md b/windows/keep-secure/accounts-rename-guest-account.md
index f82b907968..aa06c480c3 100644
--- a/windows/keep-secure/accounts-rename-guest-account.md
+++ b/windows/keep-secure/accounts-rename-guest-account.md
@@ -2,7 +2,7 @@
 title: Accounts Rename guest account (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Accounts Rename guest account security policy setting.
 ms.assetid: 9b8052b4-bbb9-4cc1-bfee-ce25390db707
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/act-as-part-of-the-operating-system.md b/windows/keep-secure/act-as-part-of-the-operating-system.md
index 5d4a39d466..a35393e223 100644
--- a/windows/keep-secure/act-as-part-of-the-operating-system.md
+++ b/windows/keep-secure/act-as-part-of-the-operating-system.md
@@ -2,7 +2,7 @@
 title: Act as part of the operating system (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Act as part of the operating system security policy setting.
 ms.assetid: c1b7e084-a9f7-4377-b678-07cc913c8b0c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
index 214bc1763d..8e62ff36b5 100644
--- a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
+++ b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
@@ -2,7 +2,7 @@
 title: AD DS schema extensions to support TPM backup (Windows 10)
 description: This topic provides more details about this change and provides template schema extensions that you can incorporate into your organization.
 ms.assetid: beb7097c-e674-4eab-b8e2-6f67c85d1f3f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
index 3f9700cfb4..eb028e5f03 100644
--- a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
+++ b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
@@ -2,9 +2,10 @@
 title: Add multiple apps to your enterprise data protection (EDP) Protected Apps list (Windows 10)
 description: Add multiple apps to your enterprise data protection (EDP) Protected Apps list at the same time, by using the Microsoft Intune Custom URI functionality and the AppLocker.
 ms.assetid: b50db35d-a2a9-4b78-a95d-a1b066e66880
-keywords: ["EDP", "Enterprise Data Protection", "protected apps", "protected app list"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection, protected apps, protected app list
+ms.prod: w10
 ms.mktglfcycl: explore
+ms.pagetype: security
 ms.sitesec: library
 author: eross-msft
 ---
diff --git a/windows/keep-secure/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/keep-secure/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index c05eb4ebd2..d99dda899b 100644
--- a/windows/keep-secure/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/keep-secure/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -2,7 +2,7 @@
 title: Add rules for packaged apps to existing AppLocker rule-set (Windows 10)
 description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
 ms.assetid: 758c2a9f-c2a3-418c-83bc-fd335a94097f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/add-workstations-to-domain.md b/windows/keep-secure/add-workstations-to-domain.md
index 7cdeb90a8b..fac531b419 100644
--- a/windows/keep-secure/add-workstations-to-domain.md
+++ b/windows/keep-secure/add-workstations-to-domain.md
@@ -2,7 +2,7 @@
 title: Add workstations to domain (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Add workstations to domain security policy setting.
 ms.assetid: b0c21af4-c928-4344-b1f1-58ef162ad0b3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/additional-configuration-windows-defender-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-defender-advanced-threat-protection.md
index 604d4ba268..93d466aa32 100644
--- a/windows/keep-secure/additional-configuration-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/additional-configuration-windows-defender-advanced-threat-protection.md
@@ -3,8 +3,9 @@ title: Additional Windows Defender ATP configuration settings
 description: Use the Group Policy Console to configure settings that enable sample sharing from your endpoints. These settings are used in the deep analysis feature.
 keywords: configuration settings, Windows Defender ATP configuration settings, Windows Defender Advanced Threat Protection configuration settings, group policy Management Editor, computer configuration, policies, administrative templates,
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: security
 ms.sitesec: library
 author: mjcaparas
 ---
diff --git a/windows/keep-secure/adjust-memory-quotas-for-a-process.md b/windows/keep-secure/adjust-memory-quotas-for-a-process.md
index 4568ef9fe0..44fe866134 100644
--- a/windows/keep-secure/adjust-memory-quotas-for-a-process.md
+++ b/windows/keep-secure/adjust-memory-quotas-for-a-process.md
@@ -2,7 +2,7 @@
 title: Adjust memory quotas for a process (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Adjust memory quotas for a process security policy setting.
 ms.assetid: 6754a2c8-6d07-4567-9af3-335fd8dd7626
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/administer-applocker.md b/windows/keep-secure/administer-applocker.md
index 232b69b1ef..0940acac92 100644
--- a/windows/keep-secure/administer-applocker.md
+++ b/windows/keep-secure/administer-applocker.md
@@ -2,7 +2,7 @@
 title: Administer AppLocker (Windows 10)
 description: This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
 ms.assetid: 511a3b6a-175f-4d6d-a6e0-c1780c02e818
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/administer-security-policy-settings.md b/windows/keep-secure/administer-security-policy-settings.md
index 59bc1ce37f..de0baa4b22 100644
--- a/windows/keep-secure/administer-security-policy-settings.md
+++ b/windows/keep-secure/administer-security-policy-settings.md
@@ -2,7 +2,7 @@
 title: Administer security policy settings (Windows 10)
 description: This article discusses different methods to administer security policy settings on a local device or throughout a small- or medium-sized organization.
 ms.assetid: 7617d885-9d28-437a-9371-171197407599
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/advanced-security-audit-policy-settings.md b/windows/keep-secure/advanced-security-audit-policy-settings.md
index 5b5faf0b14..14ecaca52f 100644
--- a/windows/keep-secure/advanced-security-audit-policy-settings.md
+++ b/windows/keep-secure/advanced-security-audit-policy-settings.md
@@ -2,7 +2,7 @@
 title: Advanced security audit policy settings (Windows 10)
 description: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 ms.assetid: 93b28b92-796f-4036-a53b-8b9e80f9f171
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/advanced-security-auditing-faq.md b/windows/keep-secure/advanced-security-auditing-faq.md
index eef52f8d63..3bfa640035 100644
--- a/windows/keep-secure/advanced-security-auditing-faq.md
+++ b/windows/keep-secure/advanced-security-auditing-faq.md
@@ -2,7 +2,7 @@
 title: Advanced security auditing FAQ (Windows 10)
 description: This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
 ms.assetid: 80f8f187-0916-43c2-a7e8-ea712b115a06
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/advanced-security-auditing.md b/windows/keep-secure/advanced-security-auditing.md
index 5ed85a625d..bdec74db1c 100644
--- a/windows/keep-secure/advanced-security-auditing.md
+++ b/windows/keep-secure/advanced-security-auditing.md
@@ -2,7 +2,7 @@
 title: Advanced security audit policies (Windows 10)
 description: Advanced security audit policy settings are found in Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies and appear to overlap with basic security audit policies, but they are recorded and applied differently.
 ms.assetid: 6FE8AC10-F48E-4BBF-979B-43A5DFDC5DFC
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
index ee4ce0a4a9..46dddb36a1 100644
--- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: View and organize the Windows Defender ATP Alerts queue
 description: Learn about how the Windows Defender ATP alerts queue work, and how to sort and filter lists of alerts.
 keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/allow-log-on-locally.md b/windows/keep-secure/allow-log-on-locally.md
index fdfa7ab402..3cbeacb088 100644
--- a/windows/keep-secure/allow-log-on-locally.md
+++ b/windows/keep-secure/allow-log-on-locally.md
@@ -2,7 +2,7 @@
 title: Allow log on locally (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Allow log on locally security policy setting.
 ms.assetid: d9e5e1f3-3bff-4da7-a9a2-4bb3e0c79055
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/allow-log-on-through-remote-desktop-services.md b/windows/keep-secure/allow-log-on-through-remote-desktop-services.md
index cc51c9cbea..d409837c30 100644
--- a/windows/keep-secure/allow-log-on-through-remote-desktop-services.md
+++ b/windows/keep-secure/allow-log-on-through-remote-desktop-services.md
@@ -2,7 +2,7 @@
 title: Allow log on through Remote Desktop Services (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Allow log on through Remote Desktop Services security policy setting.
 ms.assetid: 6267c376-8199-4f2b-ae56-9c5424e76798
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-architecture-and-components.md b/windows/keep-secure/applocker-architecture-and-components.md
index 39e8bbf34c..98760516ec 100644
--- a/windows/keep-secure/applocker-architecture-and-components.md
+++ b/windows/keep-secure/applocker-architecture-and-components.md
@@ -2,7 +2,7 @@
 title: AppLocker architecture and components (Windows 10)
 description: This topic for IT professional describes AppLocker’s basic architecture and its major components.
 ms.assetid: efdd8494-553c-443f-bd5f-c8976535135a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-functions.md b/windows/keep-secure/applocker-functions.md
index d3ab5362dd..eaad056c7a 100644
--- a/windows/keep-secure/applocker-functions.md
+++ b/windows/keep-secure/applocker-functions.md
@@ -2,7 +2,7 @@
 title: AppLocker functions (Windows 10)
 description: This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
 ms.assetid: bf704198-9e74-4731-8c5a-ee0512df34d2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-overview.md b/windows/keep-secure/applocker-overview.md
index 6918af6f1e..954c093d80 100644
--- a/windows/keep-secure/applocker-overview.md
+++ b/windows/keep-secure/applocker-overview.md
@@ -2,7 +2,7 @@
 title: AppLocker (Windows 10)
 description: This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies.
 ms.assetid: 94b57864-2112-43b6-96fb-2863c985dc9a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-policies-deployment-guide.md b/windows/keep-secure/applocker-policies-deployment-guide.md
index f0bce74c2a..2adc3ff79b 100644
--- a/windows/keep-secure/applocker-policies-deployment-guide.md
+++ b/windows/keep-secure/applocker-policies-deployment-guide.md
@@ -2,7 +2,7 @@
 title: AppLocker deployment guide (Windows 10)
 description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
 ms.assetid: 38632795-be13-46b0-a7af-487a4340bea1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-policies-design-guide.md b/windows/keep-secure/applocker-policies-design-guide.md
index 7954db3edb..2e331c4fb8 100644
--- a/windows/keep-secure/applocker-policies-design-guide.md
+++ b/windows/keep-secure/applocker-policies-design-guide.md
@@ -2,7 +2,7 @@
 title: AppLocker design guide (Windows 10)
 description: This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
 ms.assetid: 1c8e4a7b-3164-4eb4-9277-11b1d5a09c7b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-policy-use-scenarios.md b/windows/keep-secure/applocker-policy-use-scenarios.md
index ce30809f52..64a8fd4db0 100644
--- a/windows/keep-secure/applocker-policy-use-scenarios.md
+++ b/windows/keep-secure/applocker-policy-use-scenarios.md
@@ -2,7 +2,7 @@
 title: AppLocker policy use scenarios (Windows 10)
 description: This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
 ms.assetid: 33f71578-89f0-4063-ac04-cf4f4ca5c31f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-processes-and-interactions.md b/windows/keep-secure/applocker-processes-and-interactions.md
index 0243055da8..5f07c7d07f 100644
--- a/windows/keep-secure/applocker-processes-and-interactions.md
+++ b/windows/keep-secure/applocker-processes-and-interactions.md
@@ -2,7 +2,7 @@
 title: AppLocker processes and interactions (Windows 10)
 description: This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
 ms.assetid: 0beec616-6040-4be7-8703-b6c919755d8e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-settings.md b/windows/keep-secure/applocker-settings.md
index 77509f8e43..7af2350b9d 100644
--- a/windows/keep-secure/applocker-settings.md
+++ b/windows/keep-secure/applocker-settings.md
@@ -2,7 +2,7 @@
 title: AppLocker settings (Windows 10)
 description: This topic for the IT professional lists the settings used by AppLocker.
 ms.assetid: 9cb4aa19-77c0-4415-9968-bd07dab86839
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-technical-reference.md b/windows/keep-secure/applocker-technical-reference.md
index 164a159782..1c797a1679 100644
--- a/windows/keep-secure/applocker-technical-reference.md
+++ b/windows/keep-secure/applocker-technical-reference.md
@@ -2,7 +2,7 @@
 title: AppLocker technical reference (Windows 10)
 description: This overview topic for IT professionals provides links to the topics in the technical reference.
 ms.assetid: 2b2678f8-c46b-4e1d-b8c5-037c0be255ab
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/keep-secure/apply-a-basic-audit-policy-on-a-file-or-folder.md
index 5828778660..fd5dcf7155 100644
--- a/windows/keep-secure/apply-a-basic-audit-policy-on-a-file-or-folder.md
+++ b/windows/keep-secure/apply-a-basic-audit-policy-on-a-file-or-folder.md
@@ -2,7 +2,7 @@
 title: Apply a basic audit policy on a file or folder (Windows 10)
 description: You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log.
 ms.assetid: 565E7249-5CD0-4B2E-B2C0-B3A0793A51E2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-account-lockout.md b/windows/keep-secure/audit-account-lockout.md
index 6c7ebbb0e2..be3326efee 100644
--- a/windows/keep-secure/audit-account-lockout.md
+++ b/windows/keep-secure/audit-account-lockout.md
@@ -2,7 +2,7 @@
 title: Audit Account Lockout (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Account Lockout, which enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out.
 ms.assetid: da68624b-a174-482c-9bc5-ddddab38e589
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-application-generated.md b/windows/keep-secure/audit-application-generated.md
index f7c31ca13a..3aa2716aa8 100644
--- a/windows/keep-secure/audit-application-generated.md
+++ b/windows/keep-secure/audit-application-generated.md
@@ -2,7 +2,7 @@
 title: Audit Application Generated (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).
 ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-application-group-management.md b/windows/keep-secure/audit-application-group-management.md
index 3055b72f6d..76cdabda54 100644
--- a/windows/keep-secure/audit-application-group-management.md
+++ b/windows/keep-secure/audit-application-group-management.md
@@ -2,7 +2,7 @@
 title: Audit Application Group Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Application Group Management, which determines whether the operating system generates audit events when application group management tasks are performed.
 ms.assetid: 1bcaa41e-5027-4a86-96b7-f04eaf1c0606
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-audit-policy-change.md b/windows/keep-secure/audit-audit-policy-change.md
index 65b7d6261e..de2aca1b0a 100644
--- a/windows/keep-secure/audit-audit-policy-change.md
+++ b/windows/keep-secure/audit-audit-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit Audit Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy.
 ms.assetid: 7153bf75-6978-4d7e-a821-59a699efb8a9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-audit-the-access-of-global-system-objects.md b/windows/keep-secure/audit-audit-the-access-of-global-system-objects.md
index 767ec7c30a..9fcecc87b1 100644
--- a/windows/keep-secure/audit-audit-the-access-of-global-system-objects.md
+++ b/windows/keep-secure/audit-audit-the-access-of-global-system-objects.md
@@ -2,7 +2,7 @@
 title: Audit Audit the access of global system objects (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Audit Audit the access of global system objects security policy setting.
 ms.assetid: 20d40a79-ce89-45e6-9bb4-148f83958460
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
index 49b518da5a..3bd9ddd1b8 100644
--- a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
+++ b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
@@ -2,7 +2,7 @@
 title: Audit Audit the use of Backup and Restore privilege (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Audit Audit the use of Backup and Restore privilege security policy setting.
 ms.assetid: f656a2bb-e8d6-447b-8902-53df3a7756c5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-authentication-policy-change.md b/windows/keep-secure/audit-authentication-policy-change.md
index e26a96a284..712e480800 100644
--- a/windows/keep-secure/audit-authentication-policy-change.md
+++ b/windows/keep-secure/audit-authentication-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit Authentication Policy Change (Windows 10)
 description: This topic for the IT professional describes this Advanced Security Audit policy setting, Audit Authentication Policy Change, which determines whether the operating system generates audit events when changes are made to authentication policy.
 ms.assetid: aa9cea7a-aadf-47b7-b704-ac253b8e79be
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-authorization-policy-change.md b/windows/keep-secure/audit-authorization-policy-change.md
index 3bff0a5dd9..7e426a2044 100644
--- a/windows/keep-secure/audit-authorization-policy-change.md
+++ b/windows/keep-secure/audit-authorization-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit Authorization Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Authorization Policy Change, which determines whether the operating system generates audit events when specific changes are made to the authorization policy.
 ms.assetid: ca0587a2-a2b3-4300-aa5d-48b4553c3b36
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-central-access-policy-staging.md b/windows/keep-secure/audit-central-access-policy-staging.md
index e53abd2a09..28539eb491 100644
--- a/windows/keep-secure/audit-central-access-policy-staging.md
+++ b/windows/keep-secure/audit-central-access-policy-staging.md
@@ -2,7 +2,7 @@
 title: Audit Central Access Policy Staging (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Central Access Policy Staging, which determines permissions on a Central Access Policy.
 ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-certification-services.md b/windows/keep-secure/audit-certification-services.md
index f23bdde027..f5aa0959d7 100644
--- a/windows/keep-secure/audit-certification-services.md
+++ b/windows/keep-secure/audit-certification-services.md
@@ -2,7 +2,7 @@
 title: Audit Certification Services (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Certification Services, which determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed.
 ms.assetid: cdefc34e-fb1f-4eff-b766-17713c5a1b03
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-computer-account-management.md b/windows/keep-secure/audit-computer-account-management.md
index 5211936625..f336c85c74 100644
--- a/windows/keep-secure/audit-computer-account-management.md
+++ b/windows/keep-secure/audit-computer-account-management.md
@@ -2,7 +2,7 @@
 title: Audit Computer Account Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Computer Account Management, which determines whether the operating system generates audit events when a computer account is created, changed, or deleted.
 ms.assetid: 6c406693-57bf-4411-bb6c-ff83ce548991
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-credential-validation.md b/windows/keep-secure/audit-credential-validation.md
index 7f4232806f..fdacd0aa43 100644
--- a/windows/keep-secure/audit-credential-validation.md
+++ b/windows/keep-secure/audit-credential-validation.md
@@ -2,7 +2,7 @@
 title: Audit Credential Validation (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Credential Validation, which determines whether the operating system generates audit events on credentials that are submitted for a user account logon request.
 ms.assetid: 6654b33a-922e-4a43-8223-ec5086dfc926
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-detailed-directory-service-replication.md b/windows/keep-secure/audit-detailed-directory-service-replication.md
index ae2e46a570..295527e35e 100644
--- a/windows/keep-secure/audit-detailed-directory-service-replication.md
+++ b/windows/keep-secure/audit-detailed-directory-service-replication.md
@@ -3,7 +3,7 @@ title: Audit Detailed Directory Service Replication (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Detailed Directory Service Replication, which determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.
 ms.assetid: 1b89c8f5-bce7-4b20-8701-42585c7ab993
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/audit-detailed-file-share.md b/windows/keep-secure/audit-detailed-file-share.md
index f60e4dd5f2..4d0294c79c 100644
--- a/windows/keep-secure/audit-detailed-file-share.md
+++ b/windows/keep-secure/audit-detailed-file-share.md
@@ -2,7 +2,7 @@
 title: Audit Detailed File Share (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Detailed File Share, which allows you to audit attempts to access files and folders on a shared folder.
 ms.assetid: 60310104-b820-4033-a1cb-022a34f064ae
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-directory-service-access.md b/windows/keep-secure/audit-directory-service-access.md
index 230dce9a69..2c88e66d93 100644
--- a/windows/keep-secure/audit-directory-service-access.md
+++ b/windows/keep-secure/audit-directory-service-access.md
@@ -2,7 +2,7 @@
 title: Audit Directory Service Access (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Access, which determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed.
 ms.assetid: ba2562ba-4282-4588-b87c-a3fcb771c7d0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-directory-service-changes.md b/windows/keep-secure/audit-directory-service-changes.md
index 361827a614..18b22defe5 100644
--- a/windows/keep-secure/audit-directory-service-changes.md
+++ b/windows/keep-secure/audit-directory-service-changes.md
@@ -2,7 +2,7 @@
 title: Audit Directory Service Changes (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Changes, which determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS).
 ms.assetid: 9f7c0dd4-3977-47dd-a0fb-ec2f17cad05e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-directory-service-replication.md b/windows/keep-secure/audit-directory-service-replication.md
index 9f09abada9..8dde61d22d 100644
--- a/windows/keep-secure/audit-directory-service-replication.md
+++ b/windows/keep-secure/audit-directory-service-replication.md
@@ -2,7 +2,7 @@
 title: Audit Directory Service Replication (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Replication, which determines whether the operating system generates audit events when replication between two domain controllers begins and ends.
 ms.assetid: b95d296c-7993-4e8d-8064-a8bbe284bd56
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-distribution-group-management.md b/windows/keep-secure/audit-distribution-group-management.md
index 1e259424ed..80cfcea450 100644
--- a/windows/keep-secure/audit-distribution-group-management.md
+++ b/windows/keep-secure/audit-distribution-group-management.md
@@ -2,7 +2,7 @@
 title: Audit Distribution Group Management (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Distribution Group Management, which determines whether the operating system generates audit events for specific distribution-group management tasks.
 ms.assetid: d46693a4-5887-4a58-85db-2f6cba224a66
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-dpapi-activity.md b/windows/keep-secure/audit-dpapi-activity.md
index 1e7c77ac71..30db4c39a8 100644
--- a/windows/keep-secure/audit-dpapi-activity.md
+++ b/windows/keep-secure/audit-dpapi-activity.md
@@ -2,7 +2,7 @@
 title: Audit DPAPI Activity (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit DPAPI Activity, which determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface (DPAPI).
 ms.assetid: be4d4c83-c857-4e3d-a84e-8bcc3f2c99cd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-file-share.md b/windows/keep-secure/audit-file-share.md
index 8040bc118a..af74a0b2a8 100644
--- a/windows/keep-secure/audit-file-share.md
+++ b/windows/keep-secure/audit-file-share.md
@@ -2,7 +2,7 @@
 title: Audit File Share (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File Share, which determines whether the operating system generates audit events when a file share is accessed.
 ms.assetid: 9ea985f8-8936-4b79-abdb-35cbb7138f78
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-file-system.md b/windows/keep-secure/audit-file-system.md
index 53faccfac6..1ddb1c3d49 100644
--- a/windows/keep-secure/audit-file-system.md
+++ b/windows/keep-secure/audit-file-system.md
@@ -2,7 +2,7 @@
 title: Audit File System (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File System, which determines whether the operating system generates audit events when users attempt to access file system objects.
 ms.assetid: 6a71f283-b8e5-41ac-b348-0b7ec6ea0b1f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: security
 ms.sitesec: library
diff --git a/windows/keep-secure/audit-filtering-platform-connection.md b/windows/keep-secure/audit-filtering-platform-connection.md
index a23961c6d9..4b8c95c652 100644
--- a/windows/keep-secure/audit-filtering-platform-connection.md
+++ b/windows/keep-secure/audit-filtering-platform-connection.md
@@ -2,7 +2,7 @@
 title: Audit Filtering Platform Connection (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Connection, which determines whether the operating system generates audit events when connections are allowed or blocked by the Windows Filtering Platform.
 ms.assetid: d72936e9-ff01-4d18-b864-a4958815df59
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-filtering-platform-packet-drop.md b/windows/keep-secure/audit-filtering-platform-packet-drop.md
index fda5bc89e7..96935fa8b7 100644
--- a/windows/keep-secure/audit-filtering-platform-packet-drop.md
+++ b/windows/keep-secure/audit-filtering-platform-packet-drop.md
@@ -2,7 +2,7 @@
 title: Audit Filtering Platform Packet Drop (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Packet Drop, which determines whether the operating system generates audit events when packets are dropped by the Windows Filtering Platform.
 ms.assetid: 95457601-68d1-4385-af20-87916ddab906
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-filtering-platform-policy-change.md b/windows/keep-secure/audit-filtering-platform-policy-change.md
index 97f04007ea..10c8a9459b 100644
--- a/windows/keep-secure/audit-filtering-platform-policy-change.md
+++ b/windows/keep-secure/audit-filtering-platform-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit Filtering Platform Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions.
 ms.assetid: 0eaf1c56-672b-4ea9-825a-22dc03eb4041
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-force-audit-policy-subcategory-settings-to-override.md b/windows/keep-secure/audit-force-audit-policy-subcategory-settings-to-override.md
index 2ceff2fa34..50880766f6 100644
--- a/windows/keep-secure/audit-force-audit-policy-subcategory-settings-to-override.md
+++ b/windows/keep-secure/audit-force-audit-policy-subcategory-settings-to-override.md
@@ -2,7 +2,7 @@
 title: Audit Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Audit Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings security policy setting.
 ms.assetid: 8ddc06bc-b6d6-4bac-9051-e0d77035bd4e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-group-membership.md b/windows/keep-secure/audit-group-membership.md
index bfbd5e7887..d738bb1582 100644
--- a/windows/keep-secure/audit-group-membership.md
+++ b/windows/keep-secure/audit-group-membership.md
@@ -2,7 +2,7 @@
 title: Audit Group Membership (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Group Membership, which enables you to audit group memberships when they are enumerated on the client PC.
 ms.assetid: 1CD7B014-FBD9-44B9-9274-CC5715DE58B9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-handle-manipulation.md b/windows/keep-secure/audit-handle-manipulation.md
index da8a48ee26..6b9fb9ab21 100644
--- a/windows/keep-secure/audit-handle-manipulation.md
+++ b/windows/keep-secure/audit-handle-manipulation.md
@@ -2,7 +2,7 @@
 title: Audit Handle Manipulation (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Handle Manipulation, which determines whether the operating system generates audit events when a handle to an object is opened or closed.
 ms.assetid: 1fbb004a-ccdc-4c80-b3da-a4aa7a9f4091
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-ipsec-driver.md b/windows/keep-secure/audit-ipsec-driver.md
index 7394906faa..dbe0ede32c 100644
--- a/windows/keep-secure/audit-ipsec-driver.md
+++ b/windows/keep-secure/audit-ipsec-driver.md
@@ -2,7 +2,7 @@
 title: Audit IPsec Driver (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit IPsec Driver, which determines whether the operating system generates audit events for the activities of the IPsec driver.
 ms.assetid: c8b8c02f-5ad0-4ee5-9123-ea8cdae356a5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-ipsec-extended-mode.md b/windows/keep-secure/audit-ipsec-extended-mode.md
index 89f0857940..5030fc74a2 100644
--- a/windows/keep-secure/audit-ipsec-extended-mode.md
+++ b/windows/keep-secure/audit-ipsec-extended-mode.md
@@ -2,7 +2,7 @@
 title: Audit IPsec Extended Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Extended Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
 ms.assetid: 2b4fee9e-482a-4181-88a8-6a79d8fc8049
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-ipsec-main-mode.md b/windows/keep-secure/audit-ipsec-main-mode.md
index 203307a841..872af92c04 100644
--- a/windows/keep-secure/audit-ipsec-main-mode.md
+++ b/windows/keep-secure/audit-ipsec-main-mode.md
@@ -2,7 +2,7 @@
 title: Audit IPsec Main Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Main Mode, which determines whether the operating system generates events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
 ms.assetid: 06ed26ec-3620-4ef4-a47a-c70df9c8827b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-ipsec-quick-mode.md b/windows/keep-secure/audit-ipsec-quick-mode.md
index 79de06ad17..8a3446cb65 100644
--- a/windows/keep-secure/audit-ipsec-quick-mode.md
+++ b/windows/keep-secure/audit-ipsec-quick-mode.md
@@ -2,7 +2,7 @@
 title: Audit IPsec Quick Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Quick Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
 ms.assetid: 7be67a15-c2ce-496a-9719-e25ac7699114
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-kerberos-authentication-service.md b/windows/keep-secure/audit-kerberos-authentication-service.md
index 85498b7404..f8665de37e 100644
--- a/windows/keep-secure/audit-kerberos-authentication-service.md
+++ b/windows/keep-secure/audit-kerberos-authentication-service.md
@@ -2,7 +2,7 @@
 title: Audit Kerberos Authentication Service (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Authentication Service, which determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.
 ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-kerberos-service-ticket-operations.md b/windows/keep-secure/audit-kerberos-service-ticket-operations.md
index 5f00cf260a..4e3a1976d6 100644
--- a/windows/keep-secure/audit-kerberos-service-ticket-operations.md
+++ b/windows/keep-secure/audit-kerberos-service-ticket-operations.md
@@ -2,7 +2,7 @@
 title: Audit Kerberos Service Ticket Operations (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Service Ticket Operations, which determines whether the operating system generates security audit events for Kerberos service ticket requests.
 ms.assetid: ddc0abef-ac7f-4849-b90d-66700470ccd6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-kernel-object.md b/windows/keep-secure/audit-kernel-object.md
index 783f4c3e18..6600a97c21 100644
--- a/windows/keep-secure/audit-kernel-object.md
+++ b/windows/keep-secure/audit-kernel-object.md
@@ -2,7 +2,7 @@
 title: Audit Kernel Object (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kernel Object, which determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores.
 ms.assetid: 75619d8b-b1eb-445b-afc9-0f9053be97fb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-logoff.md b/windows/keep-secure/audit-logoff.md
index 05aee8928a..56970b2562 100644
--- a/windows/keep-secure/audit-logoff.md
+++ b/windows/keep-secure/audit-logoff.md
@@ -2,7 +2,7 @@
 title: Audit Logoff (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logoff, which determines whether the operating system generates audit events when logon sessions are terminated.
 ms.assetid: 681e51f2-ba06-46f5-af8c-d9c48d515432
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-logon.md b/windows/keep-secure/audit-logon.md
index fb98f6691c..bd363a9eb0 100644
--- a/windows/keep-secure/audit-logon.md
+++ b/windows/keep-secure/audit-logon.md
@@ -2,7 +2,7 @@
 title: Audit Logon (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logon, which determines whether the operating system generates audit events when a user attempts to log on to a computer.
 ms.assetid: ca968d03-7d52-48c4-ba0e-2bcd2937231b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md b/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
index 67760b944f..ab8412a168 100644
--- a/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit MPSSVC Rule-Level Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit MPSSVC Rule-Level Policy Change, which determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe).
 ms.assetid: 263461b3-c61c-4ec3-9dee-851164845019
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-network-policy-server.md b/windows/keep-secure/audit-network-policy-server.md
index 5f060ff57e..f98d7f0579 100644
--- a/windows/keep-secure/audit-network-policy-server.md
+++ b/windows/keep-secure/audit-network-policy-server.md
@@ -2,7 +2,7 @@
 title: Audit Network Policy Server (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock).
 ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-non-sensitive-privilege-use.md b/windows/keep-secure/audit-non-sensitive-privilege-use.md
index e1321ebc6a..45dd5b1a2c 100644
--- a/windows/keep-secure/audit-non-sensitive-privilege-use.md
+++ b/windows/keep-secure/audit-non-sensitive-privilege-use.md
@@ -2,7 +2,7 @@
 title: Audit Non-Sensitive Privilege Use (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
 ms.assetid: 8fd74783-1059-443e-aa86-566d78606627
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-account-logon-events.md b/windows/keep-secure/audit-other-account-logon-events.md
index 57eaa771fa..4511233562 100644
--- a/windows/keep-secure/audit-other-account-logon-events.md
+++ b/windows/keep-secure/audit-other-account-logon-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Account Logon Events (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Other Account Logon Events, which allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
 ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-account-management-events.md b/windows/keep-secure/audit-other-account-management-events.md
index 737c91e478..48fecc4788 100644
--- a/windows/keep-secure/audit-other-account-management-events.md
+++ b/windows/keep-secure/audit-other-account-management-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Account Management Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Account Management Events, which determines whether the operating system generates user account management audit events.
 ms.assetid: 4ce22eeb-a96f-4cf9-a46d-6642961a31d5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-logonlogoff-events.md b/windows/keep-secure/audit-other-logonlogoff-events.md
index 14b371601d..5b9c517af5 100644
--- a/windows/keep-secure/audit-other-logonlogoff-events.md
+++ b/windows/keep-secure/audit-other-logonlogoff-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Logon/Logoff Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Logon/Logoff Events, which determines whether Windows generates audit events for other logon or logoff events.
 ms.assetid: 76d987cd-1917-4907-a739-dd642609a458
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-object-access-events.md b/windows/keep-secure/audit-other-object-access-events.md
index 71b1ee1965..3d453c1927 100644
--- a/windows/keep-secure/audit-other-object-access-events.md
+++ b/windows/keep-secure/audit-other-object-access-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Object Access Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Object Access Events, which determines whether the operating system generates audit events for the management of Task Scheduler jobs or COM+ objects.
 ms.assetid: b9774595-595d-4199-b0c5-8dbc12b6c8b2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-policy-change-events.md b/windows/keep-secure/audit-other-policy-change-events.md
index 7e2c53404a..5ef649bca4 100644
--- a/windows/keep-secure/audit-other-policy-change-events.md
+++ b/windows/keep-secure/audit-other-policy-change-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Policy Change Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Policy Change Events, which determines whether the operating system generates audit events for security policy changes that are not otherwise audited in the Policy Change category.
 ms.assetid: 8618502e-c21c-41cc-8a49-3dc1eb359e60
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-privilege-use-events.md b/windows/keep-secure/audit-other-privilege-use-events.md
index 839251f763..5babb23a8a 100644
--- a/windows/keep-secure/audit-other-privilege-use-events.md
+++ b/windows/keep-secure/audit-other-privilege-use-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Privilege Use Events (Windows 10)
 description: This security policy setting is not used.
 ms.assetid: 5f7f5b25-42a6-499f-8aa2-01ac79a2a63c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-system-events.md b/windows/keep-secure/audit-other-system-events.md
index 2b28658209..3bb668bd64 100644
--- a/windows/keep-secure/audit-other-system-events.md
+++ b/windows/keep-secure/audit-other-system-events.md
@@ -2,7 +2,7 @@
 title: Audit Other System Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other System Events, which determines whether the operating system audits various system events.
 ms.assetid: 2401e4cc-d94e-41ec-82a7-e10914295f8b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-pnp-activity.md b/windows/keep-secure/audit-pnp-activity.md
index aef1c0ae47..c80884e78c 100644
--- a/windows/keep-secure/audit-pnp-activity.md
+++ b/windows/keep-secure/audit-pnp-activity.md
@@ -2,7 +2,7 @@
 title: Audit PNP Activity (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit PNP Activity, which determines when plug and play detects an external device.
 ms.assetid: A3D87B3B-EBBE-442A-953B-9EB75A5F600E
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-policy.md b/windows/keep-secure/audit-policy.md
index 87cf555f43..2cd2c8cd95 100644
--- a/windows/keep-secure/audit-policy.md
+++ b/windows/keep-secure/audit-policy.md
@@ -2,7 +2,7 @@
 title: Audit Policy (Windows 10)
 description: Provides information about basic audit policies that are available in Windows and links to information about each setting.
 ms.assetid: 2e8ea400-e555-43e5-89d6-0898cb89da90
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-process-creation.md b/windows/keep-secure/audit-process-creation.md
index dbe4b6bc69..c9c6d41c57 100644
--- a/windows/keep-secure/audit-process-creation.md
+++ b/windows/keep-secure/audit-process-creation.md
@@ -2,7 +2,7 @@
 title: Audit Process Creation (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Creation, which determines whether the operating system generates audit events when a process is created (starts).
 ms.assetid: 67e39fcd-ded6-45e8-b1b6-d411e4e93019
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-process-termination.md b/windows/keep-secure/audit-process-termination.md
index 4208a938c3..9f4fde6d86 100644
--- a/windows/keep-secure/audit-process-termination.md
+++ b/windows/keep-secure/audit-process-termination.md
@@ -2,7 +2,7 @@
 title: Audit Process Termination (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Termination, which determines whether the operating system generates audit events when an attempt is made to end a process.
 ms.assetid: 65d88e53-14aa-48a4-812b-557cebbf9e50
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-registry.md b/windows/keep-secure/audit-registry.md
index 40ea22bf27..2f58eb5560 100644
--- a/windows/keep-secure/audit-registry.md
+++ b/windows/keep-secure/audit-registry.md
@@ -2,7 +2,7 @@
 title: Audit Registry (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Registry, which determines whether the operating system generates audit events when users attempt to access registry objects.
 ms.assetid: 02bcc23b-4823-46ac-b822-67beedf56b32
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-removable-storage.md b/windows/keep-secure/audit-removable-storage.md
index 1892857f3e..cdfc2b415e 100644
--- a/windows/keep-secure/audit-removable-storage.md
+++ b/windows/keep-secure/audit-removable-storage.md
@@ -2,7 +2,7 @@
 title: Audit Removable Storage (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive.
 ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-rpc-events.md b/windows/keep-secure/audit-rpc-events.md
index dfb512694b..8bd9607c04 100644
--- a/windows/keep-secure/audit-rpc-events.md
+++ b/windows/keep-secure/audit-rpc-events.md
@@ -2,7 +2,7 @@
 title: Audit RPC Events (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit RPC Events, which determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made.
 ms.assetid: 868aec2d-93b4-4bc8-a150-941f88838ba6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-sam.md b/windows/keep-secure/audit-sam.md
index c682e87a89..734ac0681a 100644
--- a/windows/keep-secure/audit-sam.md
+++ b/windows/keep-secure/audit-sam.md
@@ -2,7 +2,7 @@
 title: Audit SAM (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager (SAM) objects.
 ms.assetid: 1d00f955-383d-4c95-bbd1-fab4a991a46e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-security-group-management.md b/windows/keep-secure/audit-security-group-management.md
index 65d91ba967..7ff17d66f3 100644
--- a/windows/keep-secure/audit-security-group-management.md
+++ b/windows/keep-secure/audit-security-group-management.md
@@ -2,7 +2,7 @@
 title: Audit Security Group Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed.
 ms.assetid: ac2ee101-557b-4c84-b9fa-4fb23331f1aa
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-security-state-change.md b/windows/keep-secure/audit-security-state-change.md
index efda133f49..e8c184b3e0 100644
--- a/windows/keep-secure/audit-security-state-change.md
+++ b/windows/keep-secure/audit-security-state-change.md
@@ -2,7 +2,7 @@
 title: Audit Security State Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security State Change, which determines whether Windows generates audit events for changes in the security state of a system.
 ms.assetid: decb3218-a67d-4efa-afc0-337c79a89a2d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-security-system-extension.md b/windows/keep-secure/audit-security-system-extension.md
index e605195736..428a0d685c 100644
--- a/windows/keep-secure/audit-security-system-extension.md
+++ b/windows/keep-secure/audit-security-system-extension.md
@@ -2,7 +2,7 @@
 title: Audit Security System Extension (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security System Extension, which determines whether the operating system generates audit events related to security system extensions.
 ms.assetid: 9f3c6bde-42b2-4a0a-b353-ed3106ebc005
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-sensitive-privilege-use.md b/windows/keep-secure/audit-sensitive-privilege-use.md
index 2c7cd5a902..718aa00bd9 100644
--- a/windows/keep-secure/audit-sensitive-privilege-use.md
+++ b/windows/keep-secure/audit-sensitive-privilege-use.md
@@ -2,7 +2,7 @@
 title: Audit Sensitive Privilege Use (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Sensitive Privilege Use, which determines whether the operating system generates audit events when sensitive privileges (user rights) are used.
 ms.assetid: 915abf50-42d2-45f6-9fd1-e7bd201b193d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/keep-secure/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
index 5ce9aeecf7..0cd45cc597 100644
--- a/windows/keep-secure/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
+++ b/windows/keep-secure/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
@@ -2,7 +2,7 @@
 title: Audit Shut down system immediately if unable to log security audits (Windows 10)
 description: Describes the best practices, location, values, management practices, and security considerations for the Audit Shut down system immediately if unable to log security audits security policy setting.
 ms.assetid: 2cd23cd9-0e44-4d0b-a1f1-39fc29303826
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-special-logon.md b/windows/keep-secure/audit-special-logon.md
index 439cf91d3d..f4bad313c7 100644
--- a/windows/keep-secure/audit-special-logon.md
+++ b/windows/keep-secure/audit-special-logon.md
@@ -2,7 +2,7 @@
 title: Audit Special Logon (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Special Logon, which determines whether the operating system generates audit events under special sign on (or log on) circumstances.
 ms.assetid: e1501bac-1d09-4593-8ebb-f311231567d3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-system-integrity.md b/windows/keep-secure/audit-system-integrity.md
index dfc2666ebf..38fd5a5ce5 100644
--- a/windows/keep-secure/audit-system-integrity.md
+++ b/windows/keep-secure/audit-system-integrity.md
@@ -2,7 +2,7 @@
 title: Audit System Integrity (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit System Integrity, which determines whether the operating system audits events that violate the integrity of the security subsystem.
 ms.assetid: 942a9a7f-fa31-4067-88c7-f73978bf2034
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-user-account-management.md b/windows/keep-secure/audit-user-account-management.md
index 1f05f3085b..a763d8ea76 100644
--- a/windows/keep-secure/audit-user-account-management.md
+++ b/windows/keep-secure/audit-user-account-management.md
@@ -2,7 +2,7 @@
 title: Audit User Account Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit User Account Management, which determines whether the operating system generates audit events when specific user account management tasks are performed.
 ms.assetid: f7e72998-3858-4197-a443-19586ecc4bfb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-user-device-claims.md b/windows/keep-secure/audit-user-device-claims.md
index 254bfb2c7d..e5576c4bdf 100644
--- a/windows/keep-secure/audit-user-device-claims.md
+++ b/windows/keep-secure/audit-user-device-claims.md
@@ -2,7 +2,7 @@
 title: Audit User/Device Claims (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit User/Device Claims, which enables you to audit security events that are generated by user and device claims.
 ms.assetid: D3D2BFAF-F2C0-462A-9377-673DB49D5486
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/back-up-files-and-directories.md b/windows/keep-secure/back-up-files-and-directories.md
index 2cddb14842..6f6a7b8805 100644
--- a/windows/keep-secure/back-up-files-and-directories.md
+++ b/windows/keep-secure/back-up-files-and-directories.md
@@ -2,7 +2,7 @@
 title: Back up files and directories (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Back up files and directories security policy setting.
 ms.assetid: 1cd6bdd5-1501-41f4-98b9-acf29ac173ae
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
index 5f46d91a0d..aee1050952 100644
--- a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
@@ -2,7 +2,7 @@
 title: Backup the TPM recovery Information to AD DS (Windows 10)
 description: This topic for the IT professional describes how to back up a computer’s Trusted Platform Module (TPM) information to Active Directory Domain Services (AD DS) so that you can use AD DS to administer the TPM from a remote computer.
 ms.assetid: 62bcec80-96a1-464e-8b3f-d177a7565ac5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-account-logon-events.md b/windows/keep-secure/basic-audit-account-logon-events.md
index 4bfa89fd5b..392a87e381 100644
--- a/windows/keep-secure/basic-audit-account-logon-events.md
+++ b/windows/keep-secure/basic-audit-account-logon-events.md
@@ -2,7 +2,7 @@
 title: Audit account logon events (Windows 10)
 description: Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account.
 ms.assetid: 84B44181-E325-49A1-8398-AECC3CE0A516
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-account-management.md b/windows/keep-secure/basic-audit-account-management.md
index ee0cf33722..364a455ec2 100644
--- a/windows/keep-secure/basic-audit-account-management.md
+++ b/windows/keep-secure/basic-audit-account-management.md
@@ -2,7 +2,7 @@
 title: Audit account management (Windows 10)
 description: Determines whether to audit each event of account management on a device.
 ms.assetid: 369197E1-7E0E-45A4-89EA-16D91EF01689
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-directory-service-access.md b/windows/keep-secure/basic-audit-directory-service-access.md
index 0d48b78b27..b377adcecc 100644
--- a/windows/keep-secure/basic-audit-directory-service-access.md
+++ b/windows/keep-secure/basic-audit-directory-service-access.md
@@ -2,7 +2,7 @@
 title: Audit directory service access (Windows 10)
 description: Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified.
 ms.assetid: 52F02EED-3CFE-4307-8D06-CF1E27693D09
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-logon-events.md b/windows/keep-secure/basic-audit-logon-events.md
index d83d80357e..143c150317 100644
--- a/windows/keep-secure/basic-audit-logon-events.md
+++ b/windows/keep-secure/basic-audit-logon-events.md
@@ -2,7 +2,7 @@
 title: Audit logon events (Windows 10)
 description: Determines whether to audit each instance of a user logging on to or logging off from a device.
 ms.assetid: 78B5AFCB-0BBD-4C38-9FE9-6B4571B94A35
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-object-access.md b/windows/keep-secure/basic-audit-object-access.md
index 6ae03e3c93..05d9500660 100644
--- a/windows/keep-secure/basic-audit-object-access.md
+++ b/windows/keep-secure/basic-audit-object-access.md
@@ -2,7 +2,7 @@
 title: Audit object access (Windows 10)
 description: Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified.
 ms.assetid: D15B6D67-7886-44C2-9972-3F192D5407EA
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-policy-change.md b/windows/keep-secure/basic-audit-policy-change.md
index 0590d832ee..9aee64c9c8 100644
--- a/windows/keep-secure/basic-audit-policy-change.md
+++ b/windows/keep-secure/basic-audit-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit policy change (Windows 10)
 description: Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies.
 ms.assetid: 1025A648-6B22-4C85-9F47-FE0897F1FA31
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-privilege-use.md b/windows/keep-secure/basic-audit-privilege-use.md
index 38a2117169..62d38eec12 100644
--- a/windows/keep-secure/basic-audit-privilege-use.md
+++ b/windows/keep-secure/basic-audit-privilege-use.md
@@ -2,7 +2,7 @@
 title: Audit privilege use (Windows 10)
 description: Determines whether to audit each instance of a user exercising a user right.
 ms.assetid: C5C6DAAF-8B58-4DFB-B1CE-F0675AE0E9F8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-process-tracking.md b/windows/keep-secure/basic-audit-process-tracking.md
index 9fd272a03c..acfe7b0fb1 100644
--- a/windows/keep-secure/basic-audit-process-tracking.md
+++ b/windows/keep-secure/basic-audit-process-tracking.md
@@ -2,7 +2,7 @@
 title: Audit process tracking (Windows 10)
 description: Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
 ms.assetid: 91AC5C1E-F4DA-4B16-BEE2-C92D66E4CEEA
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-system-events.md b/windows/keep-secure/basic-audit-system-events.md
index 7724e17654..70674dbb21 100644
--- a/windows/keep-secure/basic-audit-system-events.md
+++ b/windows/keep-secure/basic-audit-system-events.md
@@ -2,7 +2,7 @@
 title: Audit system events (Windows 10)
 description: Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.
 ms.assetid: BF27588C-2AA7-4365-A4BF-3BB377916447
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-security-audit-policies.md b/windows/keep-secure/basic-security-audit-policies.md
index 0ad34f0790..1de3ff5747 100644
--- a/windows/keep-secure/basic-security-audit-policies.md
+++ b/windows/keep-secure/basic-security-audit-policies.md
@@ -2,7 +2,7 @@
 title: Basic security audit policies (Windows 10)
 description: Before you implement auditing, you must decide on an auditing policy.
 ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-security-audit-policy-settings.md b/windows/keep-secure/basic-security-audit-policy-settings.md
index eeade033ce..82989b0eee 100644
--- a/windows/keep-secure/basic-security-audit-policy-settings.md
+++ b/windows/keep-secure/basic-security-audit-policy-settings.md
@@ -2,7 +2,7 @@
 title: Basic security audit policy settings (Windows 10)
 description: Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy.
 ms.assetid: 31C2C453-2CFC-4D9E-BC88-8CE1C1A8F900
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bcd-settings-and-bitlocker.md b/windows/keep-secure/bcd-settings-and-bitlocker.md
index bee0c9e8f3..ccd9afd831 100644
--- a/windows/keep-secure/bcd-settings-and-bitlocker.md
+++ b/windows/keep-secure/bcd-settings-and-bitlocker.md
@@ -2,7 +2,7 @@
 title: BCD settings and BitLocker (Windows 10)
 description: This topic for IT professionals describes the BCD settings that are used by BitLocker.
 ms.assetid: c4ab7ac9-16dc-4c7e-b061-c0b0deb2c4fa
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-basic-deployment.md b/windows/keep-secure/bitlocker-basic-deployment.md
index e63322f296..b83692c713 100644
--- a/windows/keep-secure/bitlocker-basic-deployment.md
+++ b/windows/keep-secure/bitlocker-basic-deployment.md
@@ -2,7 +2,7 @@
 title: BitLocker basic deployment (Windows 10)
 description: This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
 ms.assetid: 97c646cb-9e53-4236-9678-354af41151c4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-countermeasures.md b/windows/keep-secure/bitlocker-countermeasures.md
index 687bf6047b..7e1f6c7414 100644
--- a/windows/keep-secure/bitlocker-countermeasures.md
+++ b/windows/keep-secure/bitlocker-countermeasures.md
@@ -2,7 +2,7 @@
 title: BitLocker Countermeasures (Windows 10)
 description: Windows uses technologies including TPM, Secure Boot, Trusted Boot, and Early Launch Antimalware (ELAM) to protect against attacks on the BitLocker encryption key.
 ms.assetid: ebdb0637-2597-4da1-bb18-8127964686ea
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-frequently-asked-questions.md b/windows/keep-secure/bitlocker-frequently-asked-questions.md
index 4d179869fb..23dc64932f 100644
--- a/windows/keep-secure/bitlocker-frequently-asked-questions.md
+++ b/windows/keep-secure/bitlocker-frequently-asked-questions.md
@@ -2,7 +2,7 @@
 title: BitLocker frequently asked questions (FAQ) (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-group-policy-settings.md b/windows/keep-secure/bitlocker-group-policy-settings.md
index 77412bda71..8d3864a681 100644
--- a/windows/keep-secure/bitlocker-group-policy-settings.md
+++ b/windows/keep-secure/bitlocker-group-policy-settings.md
@@ -2,7 +2,7 @@
 title: BitLocker Group Policy settings (Windows 10)
 description: This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption.
 ms.assetid: 4904e336-29fe-4cef-bb6c-3950541864af
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-how-to-deploy-on-windows-server.md b/windows/keep-secure/bitlocker-how-to-deploy-on-windows-server.md
index e7035aa4e8..e57e269aff 100644
--- a/windows/keep-secure/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/keep-secure/bitlocker-how-to-deploy-on-windows-server.md
@@ -2,7 +2,7 @@
 title: BitLocker How to deploy on Windows Server 2012 and later (Windows 10)
 description: This topic for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later.
 ms.assetid: 91c18e9e-6ab4-4607-8c75-d983bbe2542f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
index 37e9e8b02d..16e0aa12b2 100644
--- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
@@ -2,7 +2,7 @@
 title: BitLocker How to enable Network Unlock (Windows 10)
 description: This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it.
 ms.assetid: be45bc28-47db-4931-bfec-3c348151d2e9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-overview.md b/windows/keep-secure/bitlocker-overview.md
index 897f3dd747..58f3047141 100644
--- a/windows/keep-secure/bitlocker-overview.md
+++ b/windows/keep-secure/bitlocker-overview.md
@@ -2,7 +2,7 @@
 title: BitLocker (Windows 10)
 description: This topic provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features.
 ms.assetid: 40526fcc-3e0d-4d75-90e0-c7d0615f33b2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-recovery-guide-plan.md b/windows/keep-secure/bitlocker-recovery-guide-plan.md
index 80df5a2c52..61d362d1a3 100644
--- a/windows/keep-secure/bitlocker-recovery-guide-plan.md
+++ b/windows/keep-secure/bitlocker-recovery-guide-plan.md
@@ -2,7 +2,7 @@
 title: BitLocker recovery guide (Windows 10)
 description: This topic for IT professionals describes how to recover BitLocker keys from AD DS.
 ms.assetid: d0f722e9-1773-40bf-8456-63ee7a95ea14
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/keep-secure/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index a20d25ff66..8d48b8aff4 100644
--- a/windows/keep-secure/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/keep-secure/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -2,7 +2,7 @@
 title: BitLocker Use BitLocker Drive Encryption Tools to manage BitLocker (Windows 10)
 description: This topic for the IT professional describes how to use tools to manage BitLocker.
 ms.assetid: e869db9c-e906-437b-8c70-741dd61b5ea6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/keep-secure/bitlocker-use-bitlocker-recovery-password-viewer.md
index 61521699b2..850c7507b0 100644
--- a/windows/keep-secure/bitlocker-use-bitlocker-recovery-password-viewer.md
+++ b/windows/keep-secure/bitlocker-use-bitlocker-recovery-password-viewer.md
@@ -2,7 +2,7 @@
 title: BitLocker Use BitLocker Recovery Password Viewer (Windows 10)
 description: This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer.
 ms.assetid: 04c93ac5-5dac-415e-b636-de81435753a2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
index 032ef98517..83a3f113a9 100644
--- a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
+++ b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
@@ -2,9 +2,10 @@
 title: Block untrusted fonts in an enterprise (Windows 10)
 description: To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature.
 ms.assetid: a3354c8e-4208-4be6-bc19-56a572c361b4
-keywords: ["font blocking", "untrusted font blocking", "block fonts", "untrusted fonts"]
-ms.prod: W10
+keywords: font blocking, untrusted font blocking, block fonts, untrusted fonts
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: security
 ms.sitesec: library
 author: eross-msft
 ---
diff --git a/windows/keep-secure/bypass-traverse-checking.md b/windows/keep-secure/bypass-traverse-checking.md
index d07fea0ff5..60df8885da 100644
--- a/windows/keep-secure/bypass-traverse-checking.md
+++ b/windows/keep-secure/bypass-traverse-checking.md
@@ -2,7 +2,7 @@
 title: Bypass traverse checking (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Bypass traverse checking security policy setting.
 ms.assetid: 1c828655-68d3-4140-aa0f-caa903a7087e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 5f96e1fcb1..3c7d6abdfe 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -2,9 +2,10 @@
 title: Change history for Keep Windows 10 secure (Windows 10)
 description: This topic lists new and updated topics in the Keep Windows 10 secure documentation for Windows 10 and Windows 10 Mobile.
 ms.assetid: E50EC5E6-71AA-4FF1-8356-574CFDB8079B
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/change-the-system-time.md b/windows/keep-secure/change-the-system-time.md
index 4ac7356093..e6f43e3f88 100644
--- a/windows/keep-secure/change-the-system-time.md
+++ b/windows/keep-secure/change-the-system-time.md
@@ -2,7 +2,7 @@
 title: Change the system time (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Change the system time security policy setting.
 ms.assetid: f2f6637d-acbc-4352-8ca3-ec563f918e65
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/change-the-time-zone.md b/windows/keep-secure/change-the-time-zone.md
index 1b27d5afe9..3eb72473a5 100644
--- a/windows/keep-secure/change-the-time-zone.md
+++ b/windows/keep-secure/change-the-time-zone.md
@@ -2,7 +2,7 @@
 title: Change the time zone (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Change the time zone security policy setting.
 ms.assetid: 3b1afae4-68bb-472f-a43e-49e300d73e50
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/change-the-tpm-owner-password.md b/windows/keep-secure/change-the-tpm-owner-password.md
index 7241d40deb..ba11bc7a8c 100644
--- a/windows/keep-secure/change-the-tpm-owner-password.md
+++ b/windows/keep-secure/change-the-tpm-owner-password.md
@@ -2,7 +2,7 @@
 title: Change the TPM owner password (Windows 10)
 description: This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 ms.assetid: e43dcff3-acb4-4a92-8816-d6b64b7f2f45
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/choose-the-right-bitlocker-countermeasure.md b/windows/keep-secure/choose-the-right-bitlocker-countermeasure.md
index 3e84e8f209..0293f672ae 100644
--- a/windows/keep-secure/choose-the-right-bitlocker-countermeasure.md
+++ b/windows/keep-secure/choose-the-right-bitlocker-countermeasure.md
@@ -2,7 +2,7 @@
 title: Choose the right BitLocker countermeasure (Windows 10)
 description: This section outlines the best countermeasures you can use to protect your organization from bootkits and rootkits, brute force sign-in, Direct Memory Access (DMA) attacks, Hyberfil.sys attacks, and memory remanence attacks.
 ms.assetid: b0b09508-7885-4030-8c61-d91458afdb14
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-an-applocker-policy-for-audit-only.md b/windows/keep-secure/configure-an-applocker-policy-for-audit-only.md
index 58ba26536b..206c0415fe 100644
--- a/windows/keep-secure/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/keep-secure/configure-an-applocker-policy-for-audit-only.md
@@ -2,7 +2,7 @@
 title: Configure an AppLocker policy for audit only (Windows 10)
 description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker.
 ms.assetid: 10bc87d5-cc7f-4500-b7b3-9006e50afa50
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-an-applocker-policy-for-enforce-rules.md b/windows/keep-secure/configure-an-applocker-policy-for-enforce-rules.md
index 3d6aa8a2c7..55e87ba39a 100644
--- a/windows/keep-secure/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/keep-secure/configure-an-applocker-policy-for-enforce-rules.md
@@ -2,7 +2,7 @@
 title: Configure an AppLocker policy for enforce rules (Windows 10)
 description: This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
 ms.assetid: 5dbbb290-a5ae-4f88-82b3-21e95972e66c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
index 79f9ff560f..aede6f38ed 100644
--- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Configure Windows Defender ATP endpoints
 description: Use Group Policy or SCCM to deploy the configuration package or do manual registry changes on endpoints so that they are onboarded to the service.
 keywords: configure endpoints, client onboarding, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, sccm, system center configuration manager
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/configure-exceptions-for-an-applocker-rule.md b/windows/keep-secure/configure-exceptions-for-an-applocker-rule.md
index 0d4e3eefd6..be96e323ed 100644
--- a/windows/keep-secure/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/keep-secure/configure-exceptions-for-an-applocker-rule.md
@@ -2,7 +2,7 @@
 title: Add exceptions for an AppLocker rule (Windows 10)
 description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
 ms.assetid: d15c9d84-c14b-488d-9f48-bf31ff7ff0c5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index aef3743b8f..e0564e8606 100644
--- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Configure Windows Defender ATP endpoint proxy and Internet connection set
 description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
 keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, web proxy auto detect, wpad, netsh, winhttp, proxy server
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/configure-s-mime.md b/windows/keep-secure/configure-s-mime.md
index 1d5a83822d..7b9906f26d 100644
--- a/windows/keep-secure/configure-s-mime.md
+++ b/windows/keep-secure/configure-s-mime.md
@@ -3,7 +3,7 @@ title: Configure S/MIME for Windows 10 and Windows 10 Mobile (Windows 10)
 description: In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them.
 ms.assetid: 7F9C2A99-42EB-4BCC-BB53-41C04FBBBF05
 keywords: encrypt, digital signature
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-the-appLocker-reference-device.md b/windows/keep-secure/configure-the-appLocker-reference-device.md
index 59e6e81b2d..97d6fd1361 100644
--- a/windows/keep-secure/configure-the-appLocker-reference-device.md
+++ b/windows/keep-secure/configure-the-appLocker-reference-device.md
@@ -2,7 +2,7 @@
 title: Configure the AppLocker reference device (Windows 10)
 description: This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
 ms.assetid: 034bd367-146d-4956-873c-e1e09e6fefee
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-the-application-identity-service.md b/windows/keep-secure/configure-the-application-identity-service.md
index 0714a613da..84a1d64b98 100644
--- a/windows/keep-secure/configure-the-application-identity-service.md
+++ b/windows/keep-secure/configure-the-application-identity-service.md
@@ -3,7 +3,7 @@ title: Configure the Application Identity service (Windows 10)
 description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
 ms.assetid: dc469599-37fd-448b-b23e-5b8e4f17e561
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/configure-windows-defender-in-windows-10.md b/windows/keep-secure/configure-windows-defender-in-windows-10.md
index 72c2a16a9b..b52b5f6c57 100644
--- a/windows/keep-secure/configure-windows-defender-in-windows-10.md
+++ b/windows/keep-secure/configure-windows-defender-in-windows-10.md
@@ -2,7 +2,7 @@
 title: Configure Windows Defender in Windows 10 (Windows 10)
 description: IT professionals can configure definition updates and cloud-based protection in Windows Defender in Windows 10 through Microsoft Active Directory and Windows Server Update Services (WSUS).
 ms.assetid: 22649663-AC7A-40D8-B1F7-5CAD9E49653D
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/keep-secure/create-a-basic-audit-policy-settings-for-an-event-category.md
index cdd372d271..69742a74b0 100644
--- a/windows/keep-secure/create-a-basic-audit-policy-settings-for-an-event-category.md
+++ b/windows/keep-secure/create-a-basic-audit-policy-settings-for-an-event-category.md
@@ -2,7 +2,7 @@
 title: Create a basic audit policy for an event category (Windows 10)
 description: By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization.
 ms.assetid: C9F52751-B40D-482E-BE9D-2C61098249D3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-pagefile.md b/windows/keep-secure/create-a-pagefile.md
index c914d790aa..a8c65abbab 100644
--- a/windows/keep-secure/create-a-pagefile.md
+++ b/windows/keep-secure/create-a-pagefile.md
@@ -2,7 +2,7 @@
 title: Create a pagefile (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create a pagefile security policy setting.
 ms.assetid: dc087897-459d-414b-abe0-cd86c8dccdea
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-rule-for-packaged-apps.md b/windows/keep-secure/create-a-rule-for-packaged-apps.md
index 3909260775..f0ed699e79 100644
--- a/windows/keep-secure/create-a-rule-for-packaged-apps.md
+++ b/windows/keep-secure/create-a-rule-for-packaged-apps.md
@@ -2,7 +2,7 @@
 title: Create a rule for packaged apps (Windows 10)
 description: This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
 ms.assetid: e4ffd400-7860-47b3-9118-0e6853c3dfa0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-rule-that-uses-a-file-hash-condition.md b/windows/keep-secure/create-a-rule-that-uses-a-file-hash-condition.md
index 261eea052b..4a1038f165 100644
--- a/windows/keep-secure/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/keep-secure/create-a-rule-that-uses-a-file-hash-condition.md
@@ -2,7 +2,7 @@
 title: Create a rule that uses a file hash condition (Windows 10)
 description: This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
 ms.assetid: eb3b3524-1b3b-4979-ba5a-0a0b1280c5c7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-rule-that-uses-a-path-condition.md b/windows/keep-secure/create-a-rule-that-uses-a-path-condition.md
index 8553577fac..89a34500cd 100644
--- a/windows/keep-secure/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/keep-secure/create-a-rule-that-uses-a-path-condition.md
@@ -2,7 +2,7 @@
 title: Create a rule that uses a path condition (Windows 10)
 description: This topic for IT professionals shows how to create an AppLocker rule with a path condition.
 ms.assetid: 9b2093f5-5976-45fa-90c3-da1e0e845d95
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-rule-that-uses-a-publisher-condition.md b/windows/keep-secure/create-a-rule-that-uses-a-publisher-condition.md
index 11ceca1e52..214dca0f70 100644
--- a/windows/keep-secure/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/keep-secure/create-a-rule-that-uses-a-publisher-condition.md
@@ -2,7 +2,7 @@
 title: Create a rule that uses a publisher condition (Windows 10)
 description: This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
 ms.assetid: 345ad45f-2bc1-4c4c-946f-17804e29f55b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-token-object.md b/windows/keep-secure/create-a-token-object.md
index 99055b694f..8decf358bf 100644
--- a/windows/keep-secure/create-a-token-object.md
+++ b/windows/keep-secure/create-a-token-object.md
@@ -2,7 +2,7 @@
 title: Create a token object (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create a token object security policy setting.
 ms.assetid: bfbf52fc-6ba4-442a-9df7-bd277e55729c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-applocker-default-rules.md b/windows/keep-secure/create-applocker-default-rules.md
index eb37fb2112..930d2bc4d7 100644
--- a/windows/keep-secure/create-applocker-default-rules.md
+++ b/windows/keep-secure/create-applocker-default-rules.md
@@ -2,7 +2,7 @@
 title: Create AppLocker default rules (Windows 10)
 description: This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
 ms.assetid: 21e9dc68-a6f4-4ebe-ac28-4c66a7ab6e18
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-edp-policy-using-intune.md b/windows/keep-secure/create-edp-policy-using-intune.md
index e2dab16028..c5d390ea1c 100644
--- a/windows/keep-secure/create-edp-policy-using-intune.md
+++ b/windows/keep-secure/create-edp-policy-using-intune.md
@@ -2,9 +2,10 @@
 title: Create an enterprise data protection (EDP) policy using Microsoft Intune (Windows 10)
 description: Microsoft Intune helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
 ms.assetid: 4b307c99-3016-4d6a-9ae7-3bbebd26e721
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/create-edp-policy-using-sccm.md b/windows/keep-secure/create-edp-policy-using-sccm.md
index 9e4288873e..fa412028a7 100644
--- a/windows/keep-secure/create-edp-policy-using-sccm.md
+++ b/windows/keep-secure/create-edp-policy-using-sccm.md
@@ -2,10 +2,11 @@
 title: Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager (Windows 10)
 description: Configuration Manager (version 1511 or later) helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
 ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529
-keywords: ["EDP", "Enterprise Data Protection", "SCCM", "System Center Configuration Manager", Configuration Manager"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/create-global-objects.md b/windows/keep-secure/create-global-objects.md
index 1f047ee451..c131685bec 100644
--- a/windows/keep-secure/create-global-objects.md
+++ b/windows/keep-secure/create-global-objects.md
@@ -2,7 +2,7 @@
 title: Create global objects (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create global objects security policy setting.
 ms.assetid: 9cb6247b-44fc-4815-86f2-cb59b6f0221e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
index 074fababfc..c623dd725f 100644
--- a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
@@ -2,7 +2,7 @@
 title: Create a list of apps deployed to each business group (Windows 10)
 description: This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.
 ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-permanent-shared-objects.md b/windows/keep-secure/create-permanent-shared-objects.md
index 33ab226516..bcc0896951 100644
--- a/windows/keep-secure/create-permanent-shared-objects.md
+++ b/windows/keep-secure/create-permanent-shared-objects.md
@@ -2,7 +2,7 @@
 title: Create permanent shared objects (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create permanent shared objects security policy setting.
 ms.assetid: 6a58438d-65ca-4c4a-a584-450eed976649
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-symbolic-links.md b/windows/keep-secure/create-symbolic-links.md
index 857a5a7ca9..994d8de789 100644
--- a/windows/keep-secure/create-symbolic-links.md
+++ b/windows/keep-secure/create-symbolic-links.md
@@ -2,7 +2,7 @@
 title: Create symbolic links (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create symbolic links security policy setting.
 ms.assetid: 882922b9-0ff8-4ee9-8afc-4475515ee3fd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md b/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md
index 16034ac23d..760968b092 100644
--- a/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md
+++ b/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md
@@ -2,10 +2,11 @@
 title: Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune (Windows 10)
 description: After you've created and deployed your enterprise data protection (EDP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your EDP policy.
 ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/create-your-applocker-planning-document.md b/windows/keep-secure/create-your-applocker-planning-document.md
index 263be36d5e..f2b23f5937 100644
--- a/windows/keep-secure/create-your-applocker-planning-document.md
+++ b/windows/keep-secure/create-your-applocker-planning-document.md
@@ -2,7 +2,7 @@
 title: Create your AppLocker planning document (Windows 10)
 description: This planning topic for the IT professional summarizes the information you need to research and include in your AppLocker planning document.
 ms.assetid: 41e49644-baf4-4514-b089-88adae2d624e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-your-applocker-policies.md b/windows/keep-secure/create-your-applocker-policies.md
index b7a23cc02d..e4ecc44cee 100644
--- a/windows/keep-secure/create-your-applocker-policies.md
+++ b/windows/keep-secure/create-your-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Create Your AppLocker policies (Windows 10)
 description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
 ms.assetid: d339dee2-4da2-4d4a-b46e-f1dfb7cb4bf0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-your-applocker-rules.md b/windows/keep-secure/create-your-applocker-rules.md
index ee0590e89b..8bcb7daf24 100644
--- a/windows/keep-secure/create-your-applocker-rules.md
+++ b/windows/keep-secure/create-your-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Create Your AppLocker rules (Windows 10)
 description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
 ms.assetid: b684a3a5-929c-4f70-8742-04088022f232
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md b/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md
index ee2f72275b..a1b2db57b3 100644
--- a/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md
+++ b/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md
@@ -2,7 +2,7 @@
 title: Create a Device Guard code integrity policy based on a reference device (Windows 10)
 description: To implement Device Guard app protection, you will need to create a code integrity policy. Code integrity policies determine what apps are considered trustworthy and are allowed to run on a protected device.
 ms.assetid: 6C94B14E-E2CE-4F6C-8939-4B375406E825
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md
index 870a49c024..1202cb6ae3 100644
--- a/windows/keep-secure/credential-guard.md
+++ b/windows/keep-secure/credential-guard.md
@@ -2,7 +2,7 @@
 title: Protect derived domain credentials with Credential Guard (Windows 10)
 description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
 ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
index aa142cc631..07afd4227c 100644
--- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,11 @@ title: View the Windows Defender Advanced Threat Protection Dashboard
 description: Use the Dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
 keywords: dashboard, alerts, new, in progress, resolved, risk, machines at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
 ---
 
 # View the Windows Defender Advanced Threat Protection Dashboard
diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
index 1286313495..6db6f55321 100644
--- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender ATP data storage and privacy
 description: Learn about how Windows Defender ATP handles privacy and data that it collects.
 keywords: Windows Defender ATP data storage and privacy, storage, privacy
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 ---
 
 # Windows Defender ATP data storage and privacy
diff --git a/windows/keep-secure/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/keep-secure/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index 6fe17f05af..99fd9c7f66 100644
--- a/windows/keep-secure/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/keep-secure/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -2,7 +2,7 @@
 title: DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax policy setting.
 ms.assetid: 0fe3521a-5252-44df-8a47-8d92cf936e7c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/keep-secure/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index d4c42764a5..6b5d3ee2c2 100644
--- a/windows/keep-secure/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/keep-secure/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -2,7 +2,7 @@
 title: DCOM Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the DCOM Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax security policy setting.
 ms.assetid: 4b95d45f-dd62-4c34-ba32-43954528dabe
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/debug-programs.md b/windows/keep-secure/debug-programs.md
index 4b133fd251..810c6a21b5 100644
--- a/windows/keep-secure/debug-programs.md
+++ b/windows/keep-secure/debug-programs.md
@@ -2,7 +2,7 @@
 title: Debug programs (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Debug programs security policy setting.
 ms.assetid: 594d9f2c-8ffc-444b-9522-75615ec87786
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/delete-an-applocker-rule.md b/windows/keep-secure/delete-an-applocker-rule.md
index ad342ee6cf..3d4888fb73 100644
--- a/windows/keep-secure/delete-an-applocker-rule.md
+++ b/windows/keep-secure/delete-an-applocker-rule.md
@@ -2,7 +2,7 @@
 title: Delete an AppLocker rule (Windows 10)
 description: This topic for IT professionals describes the steps to delete an AppLocker rule.
 ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-access-to-this-computer-from-the-network.md b/windows/keep-secure/deny-access-to-this-computer-from-the-network.md
index df4e48dc46..fbad5a0ca8 100644
--- a/windows/keep-secure/deny-access-to-this-computer-from-the-network.md
+++ b/windows/keep-secure/deny-access-to-this-computer-from-the-network.md
@@ -2,7 +2,7 @@
 title: Deny access to this computer from the network (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny access to this computer from the network security policy setting.
 ms.assetid: 935e9f89-951b-4163-b186-fc325682bb0b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-log-on-as-a-batch-job.md b/windows/keep-secure/deny-log-on-as-a-batch-job.md
index d3abeeb6d5..5edb8ca898 100644
--- a/windows/keep-secure/deny-log-on-as-a-batch-job.md
+++ b/windows/keep-secure/deny-log-on-as-a-batch-job.md
@@ -2,7 +2,7 @@
 title: Deny log on as a batch job (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on as a batch job security policy setting.
 ms.assetid: 0ac36ebd-5e28-4b6a-9b4e-8924c6ecf44b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-log-on-as-a-service.md b/windows/keep-secure/deny-log-on-as-a-service.md
index 8fa66ee734..7acdea2a4c 100644
--- a/windows/keep-secure/deny-log-on-as-a-service.md
+++ b/windows/keep-secure/deny-log-on-as-a-service.md
@@ -2,7 +2,7 @@
 title: Deny log on as a service (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on as a service security policy setting.
 ms.assetid: f1114964-df86-4278-9b11-e35c66949794
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-log-on-locally.md b/windows/keep-secure/deny-log-on-locally.md
index 916d358f89..cd84f05560 100644
--- a/windows/keep-secure/deny-log-on-locally.md
+++ b/windows/keep-secure/deny-log-on-locally.md
@@ -2,7 +2,7 @@
 title: Deny log on locally (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on locally security policy setting.
 ms.assetid: 00150e88-ec9c-43e1-a70d-33bfe10434db
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-log-on-through-remote-desktop-services.md b/windows/keep-secure/deny-log-on-through-remote-desktop-services.md
index 6877912bae..8e5065b443 100644
--- a/windows/keep-secure/deny-log-on-through-remote-desktop-services.md
+++ b/windows/keep-secure/deny-log-on-through-remote-desktop-services.md
@@ -2,7 +2,7 @@
 title: Deny log on through Remote Desktop Services (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on through Remote Desktop Services security policy setting.
 ms.assetid: 84bbb807-287c-4acc-a094-cf0ffdcbca67
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index b7056845e4..b5ecdf6702 100644
--- a/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -2,7 +2,7 @@
 title: Deploy AppLocker policies by using the enforce rules setting (Windows 10)
 description: This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
 ms.assetid: fd3a3d25-ff3b-4060-8390-6262a90749ba
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deploy-edp-policy-using-intune.md b/windows/keep-secure/deploy-edp-policy-using-intune.md
index 6893478523..7b23a44cf2 100644
--- a/windows/keep-secure/deploy-edp-policy-using-intune.md
+++ b/windows/keep-secure/deploy-edp-policy-using-intune.md
@@ -2,10 +2,11 @@
 title: Deploy your enterprise data protection (EDP) policy using Microsoft Intune (Windows 10)
 description: After you’ve created your enterprise data protection (EDP) policy, you'll need to deploy it to your organization's enrolled devices.
 ms.assetid: 9c4a01e7-0b1c-4f15-95d0-0389f0686211
-keywords: ["EDP", "Enterprise Data Protection", "Intune"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection, Intune
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/deploy-the-applocker-policy-into-production.md b/windows/keep-secure/deploy-the-applocker-policy-into-production.md
index 32e3cd0d65..e56061213f 100644
--- a/windows/keep-secure/deploy-the-applocker-policy-into-production.md
+++ b/windows/keep-secure/deploy-the-applocker-policy-into-production.md
@@ -2,7 +2,7 @@
 title: Deploy the AppLocker policy into production (Windows 10)
 description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
 ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/determine-group-policy-structure-and-rule-enforcement.md b/windows/keep-secure/determine-group-policy-structure-and-rule-enforcement.md
index 5733fd532e..1544475c03 100644
--- a/windows/keep-secure/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/keep-secure/determine-group-policy-structure-and-rule-enforcement.md
@@ -2,7 +2,7 @@
 title: Determine the Group Policy structure and rule enforcement (Windows 10)
 description: This overview topic describes the process to follow when you are planning to deploy AppLocker rules.
 ms.assetid: f435fcbe-c7ac-4ef0-9702-729aab64163f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/keep-secure/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
index a02d55ecc7..ccf2483c4d 100644
--- a/windows/keep-secure/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/keep-secure/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@@ -2,7 +2,7 @@
 title: Determine which apps are digitally signed on a reference device (Windows 10)
 description: This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
 ms.assetid: 24609a6b-fdcb-4083-b234-73e23ff8bcb8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/determine-your-application-control-objectives.md b/windows/keep-secure/determine-your-application-control-objectives.md
index 65098f5d72..a74a000710 100644
--- a/windows/keep-secure/determine-your-application-control-objectives.md
+++ b/windows/keep-secure/determine-your-application-control-objectives.md
@@ -2,7 +2,7 @@
 title: Determine your application control objectives (Windows 10)
 description: This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
 ms.assetid: 0e84003e-6095-46fb-8c4e-2065869bb53b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/device-guard-certification-and-compliance.md b/windows/keep-secure/device-guard-certification-and-compliance.md
index 9edecd273d..6ac463047e 100644
--- a/windows/keep-secure/device-guard-certification-and-compliance.md
+++ b/windows/keep-secure/device-guard-certification-and-compliance.md
@@ -3,7 +3,7 @@ title: Device Guard certification and compliance (Windows 10)
 description: Device Guard is a combination of hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications.
 ms.assetid: 94167ECA-AB08-431D-95E5-7A363F42C7E3
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/device-guard-deployment-guide.md b/windows/keep-secure/device-guard-deployment-guide.md
index 3d9a53be0e..f98d7216ea 100644
--- a/windows/keep-secure/device-guard-deployment-guide.md
+++ b/windows/keep-secure/device-guard-deployment-guide.md
@@ -3,9 +3,9 @@ title: Device Guard deployment guide (Windows 10)
 description: Microsoft Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security.
 ms.assetid: 4BA52AA9-64D3-41F3-94B2-B87EC2717486
 keywords: virtualization, security, malware
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
-ms.pagetype: devices
+ms.pagetype: security, devices
 author: challum
 ---
 
diff --git a/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md b/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md
index 0d237c5cd4..d8f1d31192 100644
--- a/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md
+++ b/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md
@@ -2,7 +2,7 @@
 title: Devices Allow undock without having to log on (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Allow undock without having to log on security policy setting.
 ms.assetid: 1d403f5d-ad41-4bb4-9f4a-0779c1c14b8c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md b/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md
index 9c9a232738..bffc76a5e9 100644
--- a/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md
+++ b/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md
@@ -2,7 +2,7 @@
 title: Devices Allowed to format and eject removable media (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Allowed to format and eject removable media security policy setting.
 ms.assetid: d1b42425-7244-4ab1-9d46-d68de823459c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md b/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md
index c71b4b04d5..0bf0ba89a9 100644
--- a/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md
+++ b/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md
@@ -2,7 +2,7 @@
 title: Devices Prevent users from installing printer drivers (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Prevent users from installing printer drivers security policy setting.
 ms.assetid: ab70a122-f7f9-47e0-ad8c-541f30a27ec3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md b/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
index e42ea9042c..5e399e075e 100644
--- a/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
+++ b/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
@@ -2,7 +2,7 @@
 title: Devices Restrict CD-ROM access to locally logged-on user only (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Restrict CD-ROM access to locally logged-on user only security policy setting.
 ms.assetid: 8b8f44bb-84ce-4f18-af30-ab89910e234d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/devices-restrict-floppy-access-to-locally-logged-on-user-only.md b/windows/keep-secure/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
index 3246e36da5..1716725907 100644
--- a/windows/keep-secure/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
+++ b/windows/keep-secure/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
@@ -2,7 +2,7 @@
 title: Devices Restrict floppy access to locally logged-on user only (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Restrict floppy access to locally logged-on user only security policy setting.
 ms.assetid: 92997910-da95-4c03-ae6f-832915423898
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/keep-secure/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
index 267ba483ac..85c56528b1 100644
--- a/windows/keep-secure/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/keep-secure/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@@ -3,7 +3,7 @@ title: Display a custom URL message when users try to run a blocked app (Windows
 description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
 ms.assetid: 9a2534a5-d1fa-48a9-93c6-989d4857cf85
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/dll-rules-in-applocker.md b/windows/keep-secure/dll-rules-in-applocker.md
index 4f99109b04..b6e4cd9e93 100644
--- a/windows/keep-secure/dll-rules-in-applocker.md
+++ b/windows/keep-secure/dll-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: DLL rules in AppLocker (Windows 10)
 description: This topic describes the file formats and available default rules for the DLL rule collection.
 ms.assetid: a083fd08-c07e-4534-b0e7-1e15d932ce8f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/keep-secure/document-group-policy-structure-and-applocker-rule-enforcement.md
index f583b63513..72c1c10193 100644
--- a/windows/keep-secure/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/keep-secure/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -2,7 +2,7 @@
 title: Document the Group Policy structure and AppLocker rule enforcement (Windows 10)
 description: This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
 ms.assetid: 389ffa8e-11fc-49ff-b0b1-89553e6fb6e5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/document-your-application-control-management-processes.md b/windows/keep-secure/document-your-application-control-management-processes.md
index e0ef522601..6e2a75390d 100644
--- a/windows/keep-secure/document-your-application-control-management-processes.md
+++ b/windows/keep-secure/document-your-application-control-management-processes.md
@@ -2,7 +2,7 @@
 title: Document your application control management processes (Windows 10)
 description: This planning topic describes the AppLocker policy maintenance information to record for your design document.
 ms.assetid: 6397f789-0e36-4933-9f86-f3f6489cf1fb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/document-your-application-list.md b/windows/keep-secure/document-your-application-list.md
index c20e6831ad..735dc55515 100644
--- a/windows/keep-secure/document-your-application-list.md
+++ b/windows/keep-secure/document-your-application-list.md
@@ -2,7 +2,7 @@
 title: Document your app list (Windows 10)
 description: This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
 ms.assetid: b155284b-f75d-4405-aecf-b74221622dc0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/document-your-applocker-rules.md b/windows/keep-secure/document-your-applocker-rules.md
index 5603fcefdc..68d32d07d7 100644
--- a/windows/keep-secure/document-your-applocker-rules.md
+++ b/windows/keep-secure/document-your-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Document your AppLocker rules (Windows 10)
 description: This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded.
 ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/keep-secure/domain-controller-allow-server-operators-to-schedule-tasks.md
index 73dd753654..feafcec116 100644
--- a/windows/keep-secure/domain-controller-allow-server-operators-to-schedule-tasks.md
+++ b/windows/keep-secure/domain-controller-allow-server-operators-to-schedule-tasks.md
@@ -2,7 +2,7 @@
 title: Domain controller Allow server operators to schedule tasks (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain controller Allow server operators to schedule tasks security policy setting.
 ms.assetid: 198b12a4-8a5d-48e8-a752-2073b8a2cb0d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md b/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
index 8f75f7faa7..10001b50e6 100644
--- a/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
+++ b/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
@@ -2,7 +2,7 @@
 title: Domain controller LDAP server signing requirements (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain controller LDAP server signing requirements security policy setting.
 ms.assetid: fe122179-7571-465b-98d0-b8ce0f224390
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-controller-refuse-machine-account-password-changes.md b/windows/keep-secure/domain-controller-refuse-machine-account-password-changes.md
index 3d0dc98ace..563e0956a9 100644
--- a/windows/keep-secure/domain-controller-refuse-machine-account-password-changes.md
+++ b/windows/keep-secure/domain-controller-refuse-machine-account-password-changes.md
@@ -2,7 +2,7 @@
 title: Domain controller Refuse machine account password changes (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain controller Refuse machine account password changes security policy setting.
 ms.assetid: 5a7fa2e2-e1a8-4833-90f7-aa83e3b456a9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md b/windows/keep-secure/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
index dde52ba0d7..b748e75485 100644
--- a/windows/keep-secure/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
+++ b/windows/keep-secure/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
@@ -2,7 +2,7 @@
 title: Domain member Digitally encrypt or sign secure channel data (always) (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Digitally encrypt or sign secure channel data (always) security policy setting.
 ms.assetid: 4480c7cb-adca-4f29-b4b8-06eb68d272bf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-digitally-encrypt-secure-channel-data-when-possible.md b/windows/keep-secure/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
index 9412bf6ae7..241c83b30b 100644
--- a/windows/keep-secure/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
+++ b/windows/keep-secure/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
@@ -2,7 +2,7 @@
 title: Domain member Digitally encrypt secure channel data (when possible) (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Digitally encrypt secure channel data (when possible) security policy setting.
 ms.assetid: 73e6023e-0af3-4531-8238-82f0f0e4965b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-digitally-sign-secure-channel-data-when-possible.md b/windows/keep-secure/domain-member-digitally-sign-secure-channel-data-when-possible.md
index 6f0cdd5ea0..dfa36d1360 100644
--- a/windows/keep-secure/domain-member-digitally-sign-secure-channel-data-when-possible.md
+++ b/windows/keep-secure/domain-member-digitally-sign-secure-channel-data-when-possible.md
@@ -2,7 +2,7 @@
 title: Domain member Digitally sign secure channel data (when possible) (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Digitally sign secure channel data (when possible) security policy setting.
 ms.assetid: a643e491-4f45-40ea-b12c-4dbe47e54f34
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-disable-machine-account-password-changes.md b/windows/keep-secure/domain-member-disable-machine-account-password-changes.md
index a7e862cea4..e933a14786 100644
--- a/windows/keep-secure/domain-member-disable-machine-account-password-changes.md
+++ b/windows/keep-secure/domain-member-disable-machine-account-password-changes.md
@@ -2,7 +2,7 @@
 title: Domain member Disable machine account password changes (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Disable machine account password changes security policy setting.
 ms.assetid: 1f660300-a07a-4243-a09f-140aa1ab8867
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-maximum-machine-account-password-age.md b/windows/keep-secure/domain-member-maximum-machine-account-password-age.md
index b97cf3f485..841729d203 100644
--- a/windows/keep-secure/domain-member-maximum-machine-account-password-age.md
+++ b/windows/keep-secure/domain-member-maximum-machine-account-password-age.md
@@ -2,7 +2,7 @@
 title: Domain member Maximum machine account password age (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Maximum machine account password age security policy setting.
 ms.assetid: 0ec6f7c1-4d82-4339-94c0-debb2d1ac109
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-require-strong-windows-2000-or-later-session-key.md b/windows/keep-secure/domain-member-require-strong-windows-2000-or-later-session-key.md
index 320d44e467..2d179f76d3 100644
--- a/windows/keep-secure/domain-member-require-strong-windows-2000-or-later-session-key.md
+++ b/windows/keep-secure/domain-member-require-strong-windows-2000-or-later-session-key.md
@@ -2,7 +2,7 @@
 title: Domain member Require strong (Windows 2000 or later) session key (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Require strong (Windows 2000 or later) session key security policy setting.
 ms.assetid: 5ab8993c-5086-4f09-bc88-1b27454526bd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/edit-an-applocker-policy.md b/windows/keep-secure/edit-an-applocker-policy.md
index 2faffd200f..8bd9ebfcea 100644
--- a/windows/keep-secure/edit-an-applocker-policy.md
+++ b/windows/keep-secure/edit-an-applocker-policy.md
@@ -2,7 +2,7 @@
 title: Edit an AppLocker policy (Windows 10)
 description: This topic for IT professionals describes the steps required to modify an AppLocker policy.
 ms.assetid: dbc72d1f-3fe0-46c2-aeeb-96621fce7637
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/edit-applocker-rules.md b/windows/keep-secure/edit-applocker-rules.md
index 2f47922cd0..3fcada9c5e 100644
--- a/windows/keep-secure/edit-applocker-rules.md
+++ b/windows/keep-secure/edit-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Edit AppLocker rules (Windows 10)
 description: This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
 ms.assetid: 80016cda-b915-46a0-83c6-5e6b0b958e32
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/keep-secure/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
index b3dcd0cd1a..6e5addb821 100644
--- a/windows/keep-secure/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
+++ b/windows/keep-secure/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
@@ -2,7 +2,7 @@
 title: Enable computer and user accounts to be trusted for delegation (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Enable computer and user accounts to be trusted for delegation security policy setting.
 ms.assetid: 524062d4-1595-41f3-8ce1-9c85fd21497b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enable-the-dll-rule-collection.md b/windows/keep-secure/enable-the-dll-rule-collection.md
index 1dd233aee5..3a23c140a8 100644
--- a/windows/keep-secure/enable-the-dll-rule-collection.md
+++ b/windows/keep-secure/enable-the-dll-rule-collection.md
@@ -2,7 +2,7 @@
 title: Enable the DLL rule collection (Windows 10)
 description: This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
 ms.assetid: 88ef9561-6eb2-491a-803a-b8cdbfebae27
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/encrypted-hard-drive.md b/windows/keep-secure/encrypted-hard-drive.md
index 884275ee7e..7de2f367e0 100644
--- a/windows/keep-secure/encrypted-hard-drive.md
+++ b/windows/keep-secure/encrypted-hard-drive.md
@@ -2,7 +2,7 @@
 title: Encrypted Hard Drive (Windows 10)
 description: Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enforce-applocker-rules.md b/windows/keep-secure/enforce-applocker-rules.md
index 0f83a7ff57..31ab2aa2b8 100644
--- a/windows/keep-secure/enforce-applocker-rules.md
+++ b/windows/keep-secure/enforce-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Enforce AppLocker rules (Windows 10)
 description: This topic for IT professionals describes how to enforce application control rules by using AppLocker.
 ms.assetid: e1528b7b-77f2-4419-8e27-c9cc3721d96d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enforce-password-history.md b/windows/keep-secure/enforce-password-history.md
index b78ac67236..a52801d820 100644
--- a/windows/keep-secure/enforce-password-history.md
+++ b/windows/keep-secure/enforce-password-history.md
@@ -2,7 +2,7 @@
 title: Enforce password history (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Enforce password history security policy setting.
 ms.assetid: 8b2ab871-3e52-4dd1-9776-68bb1e935442
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enforce-user-logon-restrictions.md b/windows/keep-secure/enforce-user-logon-restrictions.md
index 40eef86d2b..39f83bb850 100644
--- a/windows/keep-secure/enforce-user-logon-restrictions.md
+++ b/windows/keep-secure/enforce-user-logon-restrictions.md
@@ -2,7 +2,7 @@
 title: Enforce user logon restrictions (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Enforce user logon restrictions security policy setting.
 ms.assetid: 5891cb73-f1ec-48b9-b703-39249e48a29f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-edp.md b/windows/keep-secure/enlightened-microsoft-apps-and-edp.md
index c0cd2aac59..bf8d546f56 100644
--- a/windows/keep-secure/enlightened-microsoft-apps-and-edp.md
+++ b/windows/keep-secure/enlightened-microsoft-apps-and-edp.md
@@ -2,10 +2,11 @@
 title: List of enlightened Microsoft apps for use with enterprise data protection (EDP) (Windows 10)
 description: Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your Protected Apps list.
 ms.assetid: 17c85ea3-9b66-4b80-b511-8f277cb4345f
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
index f6244f66e0..6e239a2aea 100644
--- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Review events and errors on endpoints with Event Viewer
 description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service.
 keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Advanced Threat Protection service, cannot start, broken, can't start
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/executable-rules-in-applocker.md b/windows/keep-secure/executable-rules-in-applocker.md
index b74b7fe29a..ebad0e1645 100644
--- a/windows/keep-secure/executable-rules-in-applocker.md
+++ b/windows/keep-secure/executable-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Executable rules in AppLocker (Windows 10)
 description: This topic describes the file formats and available default rules for the executable rule collection.
 ms.assetid: 65e62f90-6caa-48f8-836a-91f8ac9018ee
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/export-an-applocker-policy-from-a-gpo.md b/windows/keep-secure/export-an-applocker-policy-from-a-gpo.md
index 90c10baeee..6476c88d16 100644
--- a/windows/keep-secure/export-an-applocker-policy-from-a-gpo.md
+++ b/windows/keep-secure/export-an-applocker-policy-from-a-gpo.md
@@ -2,7 +2,7 @@
 title: Export an AppLocker policy from a GPO (Windows 10)
 description: This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
 ms.assetid: 7db59719-a8be-418b-bbfd-22cf2176c9c0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/export-an-applocker-policy-to-an-xml-file.md b/windows/keep-secure/export-an-applocker-policy-to-an-xml-file.md
index a5ebd52102..f3f9d22190 100644
--- a/windows/keep-secure/export-an-applocker-policy-to-an-xml-file.md
+++ b/windows/keep-secure/export-an-applocker-policy-to-an-xml-file.md
@@ -2,7 +2,7 @@
 title: Export an AppLocker policy to an XML file (Windows 10)
 description: This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
 ms.assetid: 979bd23f-6815-478b-a6a4-a25239cb1080
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/file-system-global-object-access-auditing.md b/windows/keep-secure/file-system-global-object-access-auditing.md
index 5853de4758..13e7b15ca7 100644
--- a/windows/keep-secure/file-system-global-object-access-auditing.md
+++ b/windows/keep-secure/file-system-global-object-access-auditing.md
@@ -2,7 +2,7 @@
 title: File System (Global Object Access Auditing) (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, File System (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the file system for an entire computer.
 ms.assetid: 4f215d61-0e23-46e4-9e58-08511105d25b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/force-shutdown-from-a-remote-system.md b/windows/keep-secure/force-shutdown-from-a-remote-system.md
index c9f51b7ed0..e635eb56d3 100644
--- a/windows/keep-secure/force-shutdown-from-a-remote-system.md
+++ b/windows/keep-secure/force-shutdown-from-a-remote-system.md
@@ -2,7 +2,7 @@
 title: Force shutdown from a remote system (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Force shutdown from a remote system security policy setting.
 ms.assetid: 63129243-31ea-42a4-a598-c7064f48a3df
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/generate-security-audits.md b/windows/keep-secure/generate-security-audits.md
index 78b578d1e3..437bdc47d0 100644
--- a/windows/keep-secure/generate-security-audits.md
+++ b/windows/keep-secure/generate-security-audits.md
@@ -2,7 +2,7 @@
 title: Generate security audits (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Generate security audits security policy setting.
 ms.assetid: c0e1cd80-840e-4c74-917c-5c2349de885f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md b/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
index f7b4350a6f..9f8709dce5 100644
--- a/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
@@ -2,7 +2,7 @@
 title: Update and manage Windows Defender in Windows 10 (Windows 10)
 description: IT professionals can manage Windows Defender on Windows 10 endpoints in their organization using Microsoft Active Directory or Windows Server Update Services (WSUS), apply updates to endpoints, and manage scans using Group Policy SettingsWindows Management Instrumentation (WMI)PowerShell.
 ms.assetid: 045F5BF2-87D7-4522-97E1-C1D508E063A7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md b/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md
index f9af00d1cd..42e7d1cff1 100644
--- a/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md
+++ b/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md
@@ -3,7 +3,7 @@ title: Get apps to run on Device Guard-protected devices (Windows 10)
 description: Windows 10 introduces several new features and settings that when combined all equal what we're calling, Device Guard.
 ms.assetid: E62B68C3-8B9F-4842-90FC-B4EE9FF8A67E
 keywords: Package Inspector, packageinspector.exe, sign catalog file
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/guidance-and-best-practices-edp.md b/windows/keep-secure/guidance-and-best-practices-edp.md
index cf4d35de03..805ac84dfc 100644
--- a/windows/keep-secure/guidance-and-best-practices-edp.md
+++ b/windows/keep-secure/guidance-and-best-practices-edp.md
@@ -2,10 +2,11 @@
 title: General guidance and best practices for enterprise data protection (EDP) (Windows 10)
 description: This section includes info about the enlightened Microsoft apps, including how to add them to your Protected Apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with enterprise data protection (EDP).
 ms.assetid: aa94e733-53be-49a7-938d-1660deaf52b0
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/how-applocker-works-techref.md b/windows/keep-secure/how-applocker-works-techref.md
index ad2bc595e0..f9bf8450f5 100644
--- a/windows/keep-secure/how-applocker-works-techref.md
+++ b/windows/keep-secure/how-applocker-works-techref.md
@@ -2,7 +2,7 @@
 title: How AppLocker works (Windows 10)
 description: This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.
 ms.assetid: 24bb1d73-0ff5-4af7-8b8a-2fa44d4ddbcd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/how-to-configure-security-policy-settings.md b/windows/keep-secure/how-to-configure-security-policy-settings.md
index 275dfdaccb..6a307acac3 100644
--- a/windows/keep-secure/how-to-configure-security-policy-settings.md
+++ b/windows/keep-secure/how-to-configure-security-policy-settings.md
@@ -3,7 +3,7 @@ title: Configure security policy settings (Windows 10)
 description: Describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a domain controller.
 ms.assetid: 63b0967b-a9fe-4d92-90af-67469ee20320
 
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/how-user-account-control-works.md b/windows/keep-secure/how-user-account-control-works.md
index ca5e6eef25..90bba5477f 100644
--- a/windows/keep-secure/how-user-account-control-works.md
+++ b/windows/keep-secure/how-user-account-control-works.md
@@ -2,7 +2,7 @@
 title: How User Account Control works (Windows 10)
 description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
 ms.assetid: 9f921779-0fd3-4206-b0e4-05a19883ee59
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: operate
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/impersonate-a-client-after-authentication.md b/windows/keep-secure/impersonate-a-client-after-authentication.md
index 6735e29692..9dc1b4f485 100644
--- a/windows/keep-secure/impersonate-a-client-after-authentication.md
+++ b/windows/keep-secure/impersonate-a-client-after-authentication.md
@@ -2,7 +2,7 @@
 title: Impersonate a client after authentication (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Impersonate a client after authentication security policy setting.
 ms.assetid: 4cd241e2-c680-4b43-8ed0-3b391925cec5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
index 95e304939b..1680e13ed9 100644
--- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
+++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
@@ -3,7 +3,7 @@ title: Implement Microsoft Passport in your organization (Windows 10)
 description: You can create a Group Policy or mobile device management (MDM) policy that will implement Microsoft Passport on devices running Windows 10.
 ms.assetid: 47B55221-24BE-482D-BD31-C78B22AC06D8
 keywords: identity, PIN, biometric, Hello
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/import-an-applocker-policy-from-another-computer.md b/windows/keep-secure/import-an-applocker-policy-from-another-computer.md
index 199d82deae..0f0e11976b 100644
--- a/windows/keep-secure/import-an-applocker-policy-from-another-computer.md
+++ b/windows/keep-secure/import-an-applocker-policy-from-another-computer.md
@@ -2,7 +2,7 @@
 title: Import an AppLocker policy from another computer (Windows 10)
 description: This topic for IT professionals describes how to import an AppLocker policy.
 ms.assetid: b48cb2b2-8ef8-4cc0-89bd-309d0b1832f6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/import-an-applocker-policy-into-a-gpo.md b/windows/keep-secure/import-an-applocker-policy-into-a-gpo.md
index a5dfd645ac..c03e2d5282 100644
--- a/windows/keep-secure/import-an-applocker-policy-into-a-gpo.md
+++ b/windows/keep-secure/import-an-applocker-policy-into-a-gpo.md
@@ -2,7 +2,7 @@
 title: Import an AppLocker policy into a GPO (Windows 10)
 description: This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
 ms.assetid: 0629ce44-f5e2-48a8-ba47-06544c73261f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/increase-a-process-working-set.md b/windows/keep-secure/increase-a-process-working-set.md
index da0458fb81..237be32d51 100644
--- a/windows/keep-secure/increase-a-process-working-set.md
+++ b/windows/keep-secure/increase-a-process-working-set.md
@@ -2,7 +2,7 @@
 title: Increase a process working set (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Increase a process working set security policy setting.
 ms.assetid: b742ad96-37f3-4686-b8f7-f2b48367105b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/increase-scheduling-priority.md b/windows/keep-secure/increase-scheduling-priority.md
index a7d5d1646b..727d53c8e1 100644
--- a/windows/keep-secure/increase-scheduling-priority.md
+++ b/windows/keep-secure/increase-scheduling-priority.md
@@ -2,7 +2,7 @@
 title: Increase scheduling priority (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Increase scheduling priority security policy setting.
 ms.assetid: fbec5973-d35e-4797-9626-d0d56061527f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/index.md b/windows/keep-secure/index.md
index 5b1c59fb81..b605acb372 100644
--- a/windows/keep-secure/index.md
+++ b/windows/keep-secure/index.md
@@ -2,7 +2,7 @@
 title: Keep Windows 10 secure (Windows 10)
 description: Learn about keeping Windows 10 and Windows 10 Mobile secure.
 ms.assetid: EA559BA8-734F-41DB-A74A-D8DBF36BE920
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
index 2b407e7511..a1d2220641 100644
--- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
@@ -2,7 +2,7 @@
 title: Initialize and configure ownership of the TPM (Windows 10)
 description: This topic for the IT professional describes how to initialize and set the ownership the Trusted Platform Module (TPM), turn the TPM on and off, and clear TPM keys.
 ms.assetid: 1166efaf-7aa3-4420-9279-435d9c6ac6f8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 99bab3e2fa..33f7e83a76 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -3,7 +3,7 @@ title: Install digital certificates on Windows 10 Mobile (Windows 10)
 description: Digital certificates bind the identity of a user or computer to a pair of keys that can be used to encrypt and sign digital information.
 ms.assetid: FF7B1BE9-41F4-44B0-A442-249B650CEE25
 keywords: S/MIME, PFX, SCEP
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md
index 998c7d3a6d..7c1d049314 100644
--- a/windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md
+++ b/windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md
@@ -2,7 +2,7 @@
 title: Interactive logon Display user information when the session is locked (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Display user information when the session is locked security policy setting.
 ms.assetid: 9146aa3d-9b2f-47ba-ac03-ff43efb10530
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
index 945989b859..0177def043 100644
--- a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
+++ b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
@@ -2,7 +2,7 @@
 title: Interactive logon Do not display last user name (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Do not display last user name security policy setting.
 ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/keep-secure/interactive-logon-do-not-require-ctrl-alt-del.md
index 34a748af68..f2741165ce 100644
--- a/windows/keep-secure/interactive-logon-do-not-require-ctrl-alt-del.md
+++ b/windows/keep-secure/interactive-logon-do-not-require-ctrl-alt-del.md
@@ -2,7 +2,7 @@
 title: Interactive logon Do not require CTRL+ALT+DEL (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Do not require CTRL+ALT+DEL security policy setting.
 ms.assetid: 04e2c000-2eb2-4d4b-8179-1e2cb4793e18
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-machine-account-lockout-threshold.md b/windows/keep-secure/interactive-logon-machine-account-lockout-threshold.md
index 3e7824eedb..ee2f89dfe2 100644
--- a/windows/keep-secure/interactive-logon-machine-account-lockout-threshold.md
+++ b/windows/keep-secure/interactive-logon-machine-account-lockout-threshold.md
@@ -2,7 +2,7 @@
 title: Interactive logon Machine account lockout threshold (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Machine account lockout threshold security policy setting.
 ms.assetid: ebbd8e22-2611-4ebe-9db9-d49344e631e4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-machine-inactivity-limit.md b/windows/keep-secure/interactive-logon-machine-inactivity-limit.md
index 9fb56662fb..5ecfd51a7e 100644
--- a/windows/keep-secure/interactive-logon-machine-inactivity-limit.md
+++ b/windows/keep-secure/interactive-logon-machine-inactivity-limit.md
@@ -2,7 +2,7 @@
 title: Interactive logon Machine inactivity limit (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Machine inactivity limit security policy setting.
 ms.assetid: 7065b4a9-0d52-41d5-afc4-5aedfc4162b5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/keep-secure/interactive-logon-message-text-for-users-attempting-to-log-on.md
index 2277884c62..6ee93f3d7a 100644
--- a/windows/keep-secure/interactive-logon-message-text-for-users-attempting-to-log-on.md
+++ b/windows/keep-secure/interactive-logon-message-text-for-users-attempting-to-log-on.md
@@ -2,7 +2,7 @@
 title: Interactive logon Message text for users attempting to log on (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Message text for users attempting to log on security policy setting.
 ms.assetid: fcfe8a6d-ca65-4403-b9e6-2fa017a31c2e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-message-title-for-users-attempting-to-log-on.md b/windows/keep-secure/interactive-logon-message-title-for-users-attempting-to-log-on.md
index 7e5719c49b..5fd221ea00 100644
--- a/windows/keep-secure/interactive-logon-message-title-for-users-attempting-to-log-on.md
+++ b/windows/keep-secure/interactive-logon-message-title-for-users-attempting-to-log-on.md
@@ -2,7 +2,7 @@
 title: Interactive logon Message title for users attempting to log on (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Message title for users attempting to log on security policy setting.
 ms.assetid: f2596470-4cc0-4ef1-849c-bef9dc3533c6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/keep-secure/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
index 651f08183b..c57b5db6e3 100644
--- a/windows/keep-secure/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
+++ b/windows/keep-secure/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
@@ -2,7 +2,7 @@
 title: Interactive logon Number of previous logons to cache (in case domain controller is not available) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Number of previous logons to cache (in case domain controller is not available) security policy setting.
 ms.assetid: 660e925e-cc3e-4098-a41e-eb8db8062d8d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md
index 6e08f688d8..3b6173cf5c 100644
--- a/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md
+++ b/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md
@@ -2,7 +2,7 @@
 title: Interactive logon Prompt user to change password before expiration (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Prompt user to change password before expiration security policy setting.
 ms.assetid: 8fe94781-40f7-4fbe-8cfd-5e116e6833e9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md b/windows/keep-secure/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
index 9660b5770a..0faeff4378 100644
--- a/windows/keep-secure/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
+++ b/windows/keep-secure/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
@@ -2,7 +2,7 @@
 title: Interactive logon Require Domain Controller authentication to unlock workstation (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Interactive logon Require Domain Controller authentication to unlock workstation security policy setting.
 ms.assetid: 97618ed3-e946-47db-a212-b5e7a4fc6ffc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-require-smart-card.md b/windows/keep-secure/interactive-logon-require-smart-card.md
index faf1834204..2441b3c3e7 100644
--- a/windows/keep-secure/interactive-logon-require-smart-card.md
+++ b/windows/keep-secure/interactive-logon-require-smart-card.md
@@ -2,7 +2,7 @@
 title: Interactive logon Require smart card (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Require smart card security policy setting.
 ms.assetid: c6a8c040-cbc7-472d-8bc5-579ddf3cbd6c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-smart-card-removal-behavior.md b/windows/keep-secure/interactive-logon-smart-card-removal-behavior.md
index 29eba6fd2b..a2ba648b93 100644
--- a/windows/keep-secure/interactive-logon-smart-card-removal-behavior.md
+++ b/windows/keep-secure/interactive-logon-smart-card-removal-behavior.md
@@ -2,7 +2,7 @@
 title: Interactive logon Smart card removal behavior (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Smart card removal behavior security policy setting.
 ms.assetid: 61487820-9d49-4979-b15d-c7e735999460
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
index 02e10c15b7..20a073c239 100644
--- a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate Windows Defender Advanced Threat Protection alerts
 description: Use the investigation options to get details on which alerts are affecting your network, what they mean, and how to resolve them.
 keywords: investigate, investigation, machines, machine, endpoints, endpoint, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 ---
 
 # Investigate Windows Defender Advanced Threat Protection alerts
diff --git a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
index f5864ee6f3..fd75059fff 100644
--- a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate Windows Defender Advanced Threat Protection domains
 description: Use the investigation options to see if machines and servers have been communicating with malicious domains.
 keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL 
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 # Investigate a domain associated with a Windows Defender ATP alert
diff --git a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
index 3b0b76a04d..2f82d6927e 100644
--- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate Windows Defender Advanced Threat Protection files
 description: Use the investigation options to get details on files associated with alerts, behaviours, or events.
 keywords: investigate, investigation, file, malicious activity, attack motivation, deep analysis, deep analysis report
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 # Investigate a file associated with a Windows Defender ATP alert
diff --git a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
index 5e516f6425..e1427b0400 100644
--- a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate Windows Defender Advanced Threat Protection IP address
 description: Use the investigation options to examine possible communication between machines and external IP addresses.
 keywords: investigate, investigation, IP address, alert, windows defender atp, external IP
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 # Investigate an IP address associated with a Windows Defender ATP alert
diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
index a248e46dd3..4778e194e5 100644
--- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate machines in the Windows Defender ATP Machines view
 description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines view.
 keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, active malware detections, threat category, filter, sort, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, low severity
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/kerberos-policy.md b/windows/keep-secure/kerberos-policy.md
index fa68f49ac1..0cb40c4482 100644
--- a/windows/keep-secure/kerberos-policy.md
+++ b/windows/keep-secure/kerberos-policy.md
@@ -2,7 +2,7 @@
 title: Kerberos Policy (Windows 10)
 description: Describes the Kerberos Policy settings and provides links to policy setting descriptions.
 ms.assetid: 94017dd9-b1a3-4624-af9f-b29161b4bf38
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security

From 87875ceac0c7d83370747aefb68e924ac1e4ccfe Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Fri, 27 May 2016 08:41:59 -0700
Subject: [PATCH 25/92] changed from opting out of MAPS to disconnecting from
 MAPS

---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index f8496916b0..d171860de7 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1083,7 +1083,7 @@ When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings scr
 
 ### <a href="" id="bkmk-defender"></a>19. Windows Defender
 
-You can opt out of the Microsoft Antimalware Protection Service.
+You can disconnect from the Microsoft Antimalware Protection Service.
 
 -   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Join Microsoft MAPS**
 

From 50c264bd5520b155cac03254995bce162ba5b460 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Fri, 27 May 2016 09:31:05 -0700
Subject: [PATCH 26/92] fixing typo

---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index d171860de7..616f93dc73 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1209,7 +1209,7 @@ The following Delivery Optimization MDM policies are available in the [Policy CS
 | Policy                    | Description                                                                                         |
 |---------------------------|-----------------------------------------------------------------------------------------------------|
 | DeliveryOptimization/DODownloadMode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>0</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>1</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>2</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>3</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li></ul>|
-| DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
+| DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> **Note** This ID must be a GUID.|
 | DeliveryOptimization/DOMaxCacheAge             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
 | DeliveryOptimization/DOMaxCacheSize            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
 | DeliveryOptimization/DOMaxUploadBandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|

From f268382871a30d36102aed6499cee6cce893c82f Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Fri, 27 May 2016 11:40:00 -0700
Subject: [PATCH 27/92] updating content

---
 windows/keep-secure/TOC.md                    |   4 +-
 ...k.md => isolating-apps-on-your-network.md} | 184 +++++-------------
 ...s-by-using-ikev2-in-windows-server-2012.md |  80 ++++----
 ...-administration-with-windows-powershell.md | 174 +++++------------
 ...windows-firewall-with-advanced-security.md | 147 ++------------
 5 files changed, 154 insertions(+), 435 deletions(-)
 rename windows/keep-secure/{isolating-windows-store-apps-on-your-network.md => isolating-apps-on-your-network.md} (59%)

diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index e64df92184..03655002f2 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -430,8 +430,8 @@
 #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)
 #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)
 ### [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
-#### [Isolating Windows Store Apps on Your Network](isolating-windows-store-apps-on-your-network.md)
-#### [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md)
+#### [Isolating Windows Store Apps on Your Network](isolating-apps-on-your-network.md)
+#### [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2.md)
 #### [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
 #### [Windows Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md)
 ##### [Understanding the Windows Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
diff --git a/windows/keep-secure/isolating-windows-store-apps-on-your-network.md b/windows/keep-secure/isolating-apps-on-your-network.md
similarity index 59%
rename from windows/keep-secure/isolating-windows-store-apps-on-your-network.md
rename to windows/keep-secure/isolating-apps-on-your-network.md
index 8da591bc98..09367196c5 100644
--- a/windows/keep-secure/isolating-windows-store-apps-on-your-network.md
+++ b/windows/keep-secure/isolating-apps-on-your-network.md
@@ -1,18 +1,24 @@
 ---
 title: Isolating Windows Store Apps on Your Network (Windows 10)
 description: Isolating Windows Store Apps on Your Network
-ms.assetid: fee4cf1b-6dee-4911-a426-f678a70f4c6f
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Isolating Windows Store Apps on Your Network
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-When you add new computers and devices that are running Windows 8 to your network, you may want to customize your Windows Firewall configuration to isolate the network access of the new Windows Store apps that run on them. Developers who build Windows Store apps can declare certain app capabilities that enable different classes of network access. A developer can decide what kind of network access the app requires and configure this capability for the app. When the app is installed on a computer running Windows 8, appropriate firewall rules are automatically created to enable access. Administrators can then customize the firewall configuration to further fine-tune this access if they desire more control over the network access for the app.
+When you add new devices to your network, you may want to customize your Windows Firewall configuration to isolate the network access of the new Windows Store apps that run on them. Developers who build Windows Store apps can declare certain app capabilities that enable different classes of network access. A developer can decide what kind of network access the app requires and configure this capability for the app. When the app is installed on a device, appropriate firewall rules are automatically created to enable access. You can then customize the firewall configuration to further fine-tune this access if they desire more control over the network access for the app.
 
 For example, a developer can decide that their app should only connect to trusted local networks (such as at home or work), and not to the Internet. In this way, developers can define the scope of network access for their app. This network isolation prevents an app from accessing a network and a connection type (inbound or outbound) if the connection has not been configured for the app. Then the network administrator can customize the firewall to further restrict the resources that the app can access.
 
-The ability to set and enforce these network boundaries ensures that apps that get compromised can only access networks where they have been explicitly granted access. This significantly reduces the scope of their impact on other apps, the computer, and the network. In addition, apps can be isolated and protected from malicious access from the network.
+The ability to set and enforce these network boundaries ensures that apps that get compromised can only access networks where they have been explicitly granted access. This significantly reduces the scope of their impact on other apps, the  device, and the network. In addition, apps can be isolated and protected from malicious access from the network.
 
 When creating new Windows Store apps, a developer can define the following network capabilities for their app:
 
@@ -30,52 +36,46 @@ When creating new Windows Store apps, a developer can define the following netwo
 
 -   **Proximity**
 
-    Provides near-field communication (NFC) with devices that are in close proximity to the computer. Proximity may be used to send files or connect with an application on a proximate device.
+    Provides near-field communication (NFC) with devices that are in close proximity to the  device. Proximity may be used to send files or connect with an application on a proximate device.
 
-**In this document**
+**In this topic**
 
 To isolate Windows Store apps on your network, you need to use Group Policy to define your network isolation settings and create custom Windows Store app firewall rules.
 
--   [Prerequisites](#bkmk-prereq)
+-   [Prerequisites](#prerequisites)
 
--   [Step 1: Define your network](#bkmk-step1)
+-   [Step 1: Define your network](#step-1-Define-your-network)
 
--   [Step 2: Create custom firewall rules](#bkmk-step2)
+-   [Step 2: Create custom firewall rules](#step-2-create-custom-firewall-rules)
 
 ## Prerequisites
 
+-   A domain controller is installed on your network, and your devices are joined to the Windows domain.
 
--   A domain controller is installed on your network, and your computers are joined to the Windows domain.
+-   Your Windows Store app is installed on the client device.
 
--   Your Windows Store app is installed on your client computer.
+-   The Remote Server Administration Tools (RSAT) are installed on your client device. When you perform the following steps from your client device, you can select your Windows Store app when you create Windows Firewall rules.
 
--   The Remote Server Administration Tools (RSAT) are installed on your client computer. When you perform the following steps from your client computer, you can select your Windows Store app when you create Windows Firewall rules.
-
-    **Note**  
-    You can install the RSAT on your computer running Windows 8 from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkID=238560).
+    >**Note:**  You can install the RSAT on your device running Windows 10 from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
 
      
-
-## <a href="" id="bkmk-step1"></a>Step 1: Define your network
-
+## Step 1: Define your network
 
 The **Home\\Work Networking** capability enables access to intranet resources. Administrators can use Group Policy settings to define the scope of the intranet. This ensures that Windows Store apps can access intranet resources appropriately.
 
-The Windows Store Internet Explorer app that is included with Windows 8 uses the network capabilities to detect which zone it should use. The browser uses the network capabilities to ensure that it operates in the correct security zone.
-
 A network endpoint is considered part of the **Home\\Work Network** if:
 
 -   It is part of the local subnet of a trusted network.
 
-    For example, home users generally flag their network as Trusted. Local computers will be designated as such.
+    For example, home users generally flag their network as Trusted. Local  devices will be designated as such.
 
--   A computer is on a network, and it is authenticated to a domain controller.
+-   A  device is on a network, and it is authenticated to a domain controller.
 
     -   Endpoints within the intranet address space are considered private.
 
     -   Endpoints within the local subnet are considered private.
 
--   The computer is configured for DirectAccess, and the endpoint is part of the intranet address space.
+-   The device is configured for DirectAccess, and the endpoint is part of the intranet address space.
 
 The intranet address space is composed of configured Active Directory sites and subnets, and it is configured for Windows network isolation specifically by using Group Policy. You can disable the usage of Active Directory sites and subnets by using Group Policy by declaring that your subnet definitions are authoritative.
 
@@ -109,113 +109,32 @@ All other endpoints that do not meet the previously stated criteria are consider
 
     If you want the proxy definitions that you previously created to be the single source for your proxy definition, click **Enabled**. Otherwise, leave the **Not Configured** default so that you can add additional proxies by using local settings or network isolation heuristics.
 
-## <a href="" id="bkmk-step2"></a>Step 2: Create custom firewall rules
-
+## Step 2: Create custom firewall rules
 
 Windows Store apps can declare many capabilities in addition to the network capabilities discussed previously. For example, apps can declare capabilities to access user identity, the local file system, and certain hardware devices.
 
 The following table provides a complete list of the possible app capabilities.
 
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Capability</th>
-<th>Name</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><strong>Internet (Client)</strong></p></td>
-<td><p>internetClient</p></td>
-<td><p>Your outgoing Internet connection.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>Internet (Client &amp; Server)</strong></p></td>
-<td><p>internetClientServer</p></td>
-<td><p>Your Internet connection, including incoming unsolicited connections from the Internet The app can send information to or from your computer through a firewall. You do not need to declare <strong>internetClient</strong> if this capability is declared.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>Home\Work Networking</strong></p></td>
-<td><p>privateNetworkClientServer</p></td>
-<td><p>A home or work network. The app can send information to or from your computer and other computers on the same network.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>Document Library Access</strong></p></td>
-<td><p>documentsLibrary</p></td>
-<td><p>Your Documents library, including the capability to add, change, or delete files. The package can only access file types that are declared in the manifest. The app cannot access document libraries on HomeGroup computers.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>Picture Library Access</strong></p></td>
-<td><p>picturesLibrary</p></td>
-<td><p>Your Pictures library, including the capability to add, change, or delete files. This capability also includes Picture libraries on HomeGroup computers and picture file types on locally connected media servers.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>Video Library Access</strong></p></td>
-<td><p>videosLibrary</p></td>
-<td><p>Your Videos library, including the capability to add, change, or delete files. This capability also includes Video libraries on HomeGroup computers and video file types on locally connected media servers.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>Music Library Access</strong></p></td>
-<td><p>musicLibrary</p></td>
-<td><p>Your Music library, including the capability to add, change, or delete files. This capability also includes Music libraries on HomeGroup computers and music file types on locally connected media servers.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>Default Windows Credentials</strong></p></td>
-<td><p>defaultWindowsCredentials</p></td>
-<td><p>Your Windows credentials for access to a corporate intranet. This application can impersonate you on the network.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>Removable Storage</strong></p></td>
-<td><p>removableStorage</p></td>
-<td><p>A removable storage device, such as an external hard disk, USB flash drive, or MTP portable device, including the capability to add, change, or delete specific files. This package can only access file types that are declared in the manifest.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>Shared User Certificates</strong></p></td>
-<td><p>sharedUserCertificates</p></td>
-<td><p>Software and hardware certificates or a smart card, which the app uses to identify you. This capability can be used by an employer, a bank, or government services to identify you.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>Location</strong></p></td>
-<td><p>location</p></td>
-<td><p>Provides access to the user's current location.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>Microphone</strong></p></td>
-<td><p>microphone</p></td>
-<td><p>Provides access to the microphone's audio feed.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>Near-field Proximity</strong></p></td>
-<td><p>proximity</p></td>
-<td><p>Required for near-field communication (NFC) between devices in close proximity. NFC can be used to send files or connect with an app on a proximate device.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>Text Messaging</strong></p></td>
-<td><p>sms</p></td>
-<td><p>Provides access to computer text messaging functionality.</p></td>
-</tr>
-<tr class="odd">
-<td><p><strong>Webcam</strong></p></td>
-<td><p>webcam</p></td>
-<td><p>Provides access to the webcam's video feed.</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>Other devices (represented by GUIDs)</strong></p></td>
-<td><p>&lt;GUID&gt;</p></td>
-<td><p>Includes specialized devices and Windows Portable Devices.</p></td>
-</tr>
-</tbody>
-</table>
+| Capability | Name | Description |
+| - | - | - |
+| **Internet (Client)** | internetClient | Your outgoing Internet connection.|
+| **Internet (Client &amp; Server)** | internetClientServer| Your Internet connection, including incoming unsolicited connections from the Internet The app can send information to or from your device through a firewall. You do not need to declare **internetClient** if this capability is declared. 
+| **Home\Work Networking** |privateNetworkClientServer| A home or work network. The app can send information to or from your  device and other devices on the same network.| 
+| **Document Library Access**| documentsLibrary| Your Documents library, including the capability to add, change, or delete files. The package can only access file types that are declared in the manifest.| 
+| **Picture Library Access**| picturesLibrary| Your Pictures library, including the capability to add, change, or delete files.| 
+| **Video Library Access**| videosLibrary| Your Videos library, including the capability to add, change, or delete files.| 
+| **Music Library Access**| musicLibrary|Your Music library, including the capability to add, change, or delete files.| 
+| **Default Windows Credentials**| defaultWindowsCredentials| Your Windows credentials for access to a corporate intranet. This application can impersonate you on the network.| 
+| **Removable Storage** | removableStorage| A removable storage device, such as an external hard disk, USB flash drive, or MTP portable device, including the capability to add, change, or delete specific files. This package can only access file types that are declared in the manifest.| 
+| **Shared User Certificates**| sharedUserCertificates| Software and hardware certificates or a smart card, which the app uses to identify you. This capability can be used by an employer, a bank, or government services to identify you.| 
+| **Location**| location| Provides access to the user's current location.| 
+| **Microphone** | microphone| Provides access to the microphone's audio feed.| 
+| **Near-field Proximity** | proximity| Required for near-field communication (NFC) between devices in close proximity. NFC can be used to send files or connect with an app on a proximate device.| 
+| **Text Messaging** | sms| Provides access to text messaging functionality.| 
+| **Webcam** | webcam| Provides access to the webcam's video feed.| 
+| **Other devices (represented by GUIDs)** | &lt;GUID&gt;| Includes specialized devices and Windows Portable Devices.| 
 
- 
-
-In Windows Server 2012, it is possible to create a Windows Firewall policy that is scoped to a set of apps that use a specified capability or scoped to a specific Windows Store app.
+You can create a Windows Firewall policy that is scoped to a set of apps that use a specified capability or scoped to a specific Windows Store app.
 
 For example, you could create a Windows Firewall policy to block Internet access for any apps on your network that have the Documents Library capability.
 
@@ -255,16 +174,13 @@ For example, you could create a Windows Firewall policy to block Internet access
 
 17. Click **Predefined set of computers**, select **Internet**, and click **OK**.
 
-    This scopes the rule to block traffic to Internet computers.
+    This scopes the rule to block traffic to Internet  devices.
 
 18. Click the **Programs and Services** tab, and in the **Application Packages** area, click **Settings**.
 
 19. Click **Apply to application packages only**, and then click **OK**.
 
-    **Important**  
-    You must do this to ensure that the rule applies only to Windows Store apps and not to other applications and programs. Non-Windows Store applications and programs declare all capabilities by default, and this rule would apply to them if you do not configure it this way.
-
-     
+    >**Important:**  You must do this to ensure that the rule applies only to Windows Store apps and not to other apps. Desktop apps declare all capabilities by default, and this rule would apply to them if you do not configure it this way.
 
 20. Click **OK** to close the **Properties** dialog box.
 
@@ -328,16 +244,6 @@ Use the following procedure if you want to block intranet access for a specific
 
 23. Close Group Policy Management.
 
-## <a href="" id="bkmk-links"></a>See also
-
+## See also
 
 -   [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
index 95639e5917..fa9c66bfb4 100644
--- a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
+++ b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
@@ -1,18 +1,22 @@
 ---
 title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows 10)
 description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
-ms.assetid: 290d61e6-ec8c-48b9-8dcd-d0df6df24181
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
+# Securing End-to-End IPsec connections by using IKEv2
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-In Windows Server 2012, Internet Key Exchange version 2 (IKEv2) support is broadened from previous Windows versions.
+IKEv2 offers the following:
 
-For example, in Windows Server 2012, IKEv2 does the following:
-
--   Supports additional scenarios, including IPsec end-to-end transport mode connections
+-   Supports IPsec end-to-end transport mode connections
 
 -   Provides interoperability for Windows with other operating systems that use IKEv2 for end-to-end security
 
@@ -24,30 +28,25 @@ For example, in Windows Server 2012, IKEv2 does the following:
 
 -   Uses certificates for the authentication mechanism
 
-In Windows Server 2008 R2, IKEv2 is available as a virtual private network (VPN) tunneling protocol that supports automatic VPN reconnection. IKEv2 allows the security association to remain unchanged despite changes in the underlying connection.
+You can use IKEv2 as a virtual private network (VPN) tunneling protocol that supports automatic VPN reconnection. IKEv2 allows the security association to remain unchanged despite changes in the underlying connection.
 
 **In this document**
 
--   [Prerequisites](#bkmk-prereqs)
+-   [Prerequisites](#prerequisites)
 
--   [Computers joined to a domain](#bkmk-step1)
+-   [Devices joined to a domain](#devices-joined-to-a-domain)
 
--   [Computers not joined to a domain](#bkmk-step2)
+-   [Device not joined to a domain](#devices-not-joined-to-a-domain)
 
--   [Troubleshooting](#bkmk-troubleshooting)
+-   [Troubleshooting](#troubleshooting)
 
-**Note**  
-This topic includes sample Windows PowerShell cmdlets. For more information, see [How to Run a Windows PowerShell Cmdlet](http://go.microsoft.com/fwlink/p/?linkid=230693).
-
- 
+>**Note:**  This topic includes sample Windows PowerShell cmdlets. For more info, see [How to Run a Windows PowerShell Cmdlet](http://go.microsoft.com/fwlink/p/?linkid=230693).
 
 ## Prerequisites
 
+These procedures assume that you already have a public key infrastructure (PKI) in place for device authentication.
 
-These procedures assume that you already have a public key infrastructure (PKI) in place for computer authentication.
-
-## <a href="" id="bkmk-step1"></a>Computers joined to a domain
-
+## Devices joined to a domain
 
 The following Windows PowerShell script establishes a connection security rule that uses IKEv2 for communication between two computers (CLIENT1 and SERVER1) that are joined to the corp.contoso.com domain as shown in Figure 1.
 
@@ -65,10 +64,7 @@ This script does the following:
 
 -   Indicates the certificate to use for authentication.
 
-    **Important**  
-    The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
-
-     
+    >**Important:**  The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
 
 -   Creates the IKEv2 connection security rule called **My IKEv2 Rule**.
 
@@ -106,15 +102,11 @@ New-NetIPsecRule  -DisplayName "My IKEv2 Rule" -RemoteAddress any -Phase1AuthSet
 -InboundSecurity Require -OutboundSecurity Request -KeyModule IKEv2 -PolicyStore GPO:$gponame
 ```
 
-## <a href="" id="bkmk-step2"></a>Computers not joined to a domain
+## Devices not joined to a domain
 
+Use a Windows PowerShell script similar to the following to create a local IPsec policy on the devices that you want to include in the secure connection.
 
-Use a Windows PowerShell script similar to the following to create a local IPsec policy on the computers that you want to include in the secure connection.
-
-**Important**  
-The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
-
- 
+>**Important:**  The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
 
 ![powershell logo](images/powershelllogosmall.gif)**Windows PowerShell commands**
 
@@ -132,23 +124,18 @@ New-NetIPsecRule  -DisplayName "My IKEv2 Rule" -RemoteAddress any -Phase1AuthSet
 
 Make sure that you install the required certificates on the participating computers.
 
-**Note**  
--   For local computers, you can import the certificates manually if you have administrator access to the computer. For more information, see [Import or export certificates and private keys](http://windows.microsoft.com/windows-vista/Import-or-export-certificates-and-private-keys).
-
--   You need a root certificate and a computer certificate on all computers that participate in the secure connection. Save the computer certificate in the **Personal/Certificates** folder.
-
--   For remote computers, you can create a secure website to facilitate access to the script and certificates.
-
- 
-
-## <a href="" id="bkmk-troubleshooting"></a>Troubleshooting
+>**Note:**  
+-   For local devices, you can import the certificates manually if you have administrator access to the computer. For more info, see [Import or export certificates and private keys](http://windows.microsoft.com/windows-vista/Import-or-export-certificates-and-private-keys).
+-   You need a root certificate and a computer certificate on all devices that participate in the secure connection. Save the computer certificate in the **Personal/Certificates** folder.
+-   For remote devices, you can create a secure website to facilitate access to the script and certificates.
 
+## Troubleshooting
 
 Follow these procedures to verify and troubleshoot your IKEv2 IPsec connections:
 
 **Use the Windows Firewall with Advanced Security snap-in to verify that a connection security rule is enabled.**
 
-1.  On the **Start** screen, type **wf.msc**, and then press ENTER.
+1.  Open the Windows Firewall with Advanced Security console.
 
 2.  In the left pane of the Windows Firewall with Advanced Security snap-in, click **Connection Security Rules**, and then verify that there is an enabled connection security rule.
 
@@ -179,19 +166,18 @@ Follow these procedures to verify and troubleshoot your IKEv2 IPsec connections:
 6.  Open the wfpdiag.xml file with your an XML viewer program or Notepad, and then examine the contents. There will be a lot of data in this file. One way to narrow down where to start looking is to search the last “errorFrequencyTable” at the end of the file. There might be many instances of this table, so make sure that you look at the last table in the file. For example, if you have a certificate problem, you might see the following entry in the last table at the end of the file:
 
     ``` syntax
-    <item><error>ERROR_IPSEC_IKE_NO_CERT</error>
-    <frequency>32</frequency>
+    <item>
+      <error>ERROR_IPSEC_IKE_NO_CERT</error>
+      <frequency>32</frequency>
     </item>
     ```
-
     In this example, there are 32 instances of the **ERROR\_IPSEC\_IKE\_NO\_CERT** error. So now you can search for **ERROR\_IPSEC\_IKE\_NO\_CERT** to get more details regarding this error.
 
 You might not find the exact answer for the issue, but you can find good hints. For example, you might find that there seems to be an issue with the certificates, so you can look at your certificates and the related cmdlets for possible issues.
 
-## <a href="" id="bkmk-links"></a>See also
+## See also
 
-
--   [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md)
+-   [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
 
  
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index 05bbcfd63d..23f9e3d1c0 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -1,21 +1,22 @@
 ---
 title: Windows Firewall with Advanced Security Administration with Windows PowerShell (Windows 10)
 description: Windows Firewall with Advanced Security Administration with Windows PowerShell
-ms.assetid: 3e1e53af-015e-427d-a027-c2e8ceee799d
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Windows Firewall with Advanced Security Administration with Windows PowerShell
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-The Windows Firewall with Advanced Security Administration with Windows PowerShell Guide provides essential scriptlets for automating Windows Firewall with Advanced Security management in Windows Server 2012. It is designed for IT pros, system administrators, IT managers, and others who use and need to automate Windows Firewall with Advanced Security management in Windows.
+The Windows Firewall with Advanced Security Administration with Windows PowerShell Guide provides essential scriptlets for automating Windows Firewall with Advanced Security management. It is designed for IT pros, system administrators, IT managers, and others who use and need to automate Windows Firewall with Advanced Security management in Windows.
 
-In Windows Server 2012 and Windows 8, administrators can use Windows PowerShell to manage their firewall and IPsec deployments. This object-oriented scripting environment will make it easier for administrators to manage policies and monitor network conditions than was possible in Netsh. Windows PowerShell allows network settings to be self-discoverable through the syntax and parameters in each of the cmdlets. This guide demonstrates how common tasks were performed in Netsh and how you can use Windows PowerShell to accomplish them.
-
-**Important**  
-The netsh commands for Windows Firewall with Advanced Security have not changed since the previous operating system version. The netsh commands for Windows Firewall with Advanced Security in Windows Server 2012 are identical to the commands that are provided in Windows Server 2008 R2.
-
- 
+You can use Windows PowerShell to manage your firewall and IPsec deployments. This object-oriented scripting environment will make it easier for you to manage policies and monitor network conditions than was possible in netsh. Windows PowerShell allows network settings to be self-discoverable through the syntax and parameters in each of the cmdlets. This guide demonstrates how common tasks were performed in netsh and how you can use Windows PowerShell to accomplish them.
 
 In future versions of Windows, Microsoft might remove the netsh functionality for Windows Firewall with Advanced Security. Microsoft recommends that you transition to Windows PowerShell if you currently use netsh to configure and manage Windows Firewall with Advanced Security.
 
@@ -25,88 +26,30 @@ Windows PowerShell and netsh command references are at the following locations.
 
 ## Scope
 
-
-This guide does not teach you the fundamentals of Windows Firewall with Advanced Security, which can be found in [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md). It does not teach the fundamentals of Windows PowerShell, and it assumes that you are familiar with the Windows PowerShell language and the basic concepts of Windows PowerShell. For more information about Windows PowerShell concepts and usage, see the reference topics in the [Additional resources](#bkmk-additionalresources) section of this guide.
+This guide does not teach you the fundamentals of Windows Firewall with Advanced Security, which can be found in [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md). It does not teach the fundamentals of Windows PowerShell, and it assumes that you are familiar with the Windows PowerShell language and the basic concepts of Windows PowerShell. For more info about Windows PowerShell concepts and usage, see the reference topics in the [Additional resources](#additional-resources) section of this guide.
 
 ## Audience and user requirements
 
-
 This guide is intended for IT pros, system administrators, and IT managers, and it assumes that you are familiar with Windows Firewall with Advanced Security, the Windows PowerShell language, and the basic concepts of Windows PowerShell.
 
-## System requirements
+## In this topic
 
-
-To run the scripts and scriptlets in this guide, install and configure your system as follows:
-
--   Windows Server 2012
-
--   Windows PowerShell 3.0 (included in Windows Server 2012)
-
--   Windows NetSecurity Module for Windows PowerShell (included in Windows Server 2012)
-
--   Windows PowerShell ISE (optional feature in Windows PowerShell 3.0, which is installed by using Server Manager)
-
-**Note**  
-In Windows PowerShell 3.0, modules are imported automatically when you get or use any cmdlet in the module. You can still use the **Import-Module** cmdlet to import a module.
-
-Use **Import-Module** if you are using Windows PowerShell 2.0, or if you need to use a feature of the module before you use any of its cmdlets. For more information, see [Import-Module](http://go.microsoft.com/fwlink/p/?linkid=141553).
-
-Use **Import-PSSnapIn** to use cmdlets in a Windows PowerShell snap-in, regardless of the version of Windows PowerShell that you are running.
-
- 
-
-## In this guide
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Topic</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>[Set profile global defaults](#bkmk-profileglobaldefaults)</p></td>
-<td><p>Enable and control firewall behavior</p></td>
-</tr>
-<tr class="even">
-<td><p>[Deploy basic firewall rules](#bkmk-deploying)</p></td>
-<td><p>How to create, modify, and delete firewall rules</p></td>
-</tr>
-<tr class="odd">
-<td><p>[Manage Remotely](#bkmk-remote)</p></td>
-<td><p>Remote management by using <code>-CimSession</code></p></td>
-</tr>
-<tr class="even">
-<td><p>[Deploy basic IPsec rule settings](#bkmk-deployingipsec)</p></td>
-<td><p>IPsec rules and associated parameters</p></td>
-</tr>
-<tr class="odd">
-<td><p>[Deploy secure firewall rules with IPsec](#bkmk-deploysecurerules)</p></td>
-<td><p>Domain and server isolation</p></td>
-</tr>
-<tr class="even">
-<td><p>[Additional resources](#bkmk-additionalresources)</p></td>
-<td><p>More information about Windows PowerShell</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+| Section | Description |
+| - | - |
+| [Set profile global defaults](#set-profile-global-defaults) | Enable and control firewall behavior|
+| [Deploy basic firewall rules](#deploy-basic-firewall-rules)| How to create, modify, and delete firewall rules| 
+| [Manage Remotely](#manage-remotely) | Remote management by using `-CimSession`| 
+| [Deploy basic IPsec rule settings](#deploy-basic-ipsec-rule-settings) | IPsec rules and associated parameters| 
+| [Deploy secure firewall rules with IPsec](#deploy-secure-firewall-rules-with-ipsec) | Domain and server isolation| 
+| [Additional resources](#additional-resources) | More information about Windows PowerShell| 
 
 ## <a href="" id="bkmk-profileglobaldefaults"></a>Set profile global defaults
 
-
-Global defaults set the system behavior in a per profile basis. Windows Firewall with Advanced Security supports Domain, Private, and Public profiles.
+Global defaults set the device behavior in a per-profile basis. Windows Firewall with Advanced Security supports Domain, Private, and Public profiles.
 
 ### Enable Windows Firewall
 
-Windows Firewall drops traffic that does not correspond to allowed unsolicited traffic, or traffic that is sent in response to a request by the computer. If you find that the rules you create are not being enforced, you may need to enable Windows Firewall. Here is how to do this on a local domain computer:
+Windows Firewall drops traffic that does not correspond to allowed unsolicited traffic, or traffic that is sent in response to a request by the  device. If you find that the rules you create are not being enforced, you may need to enable Windows Firewall. Here is how to do this on a local domain  device:
 
 **Netsh**
 
@@ -114,9 +57,7 @@ Windows Firewall drops traffic that does not correspond to allowed unsolicited t
 netsh advfirewall set allprofiles state on
 ```
 
-Windows PowerShell
-
-The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.
+**Windows PowerShell**
 
 ``` syntax
 Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
@@ -124,7 +65,7 @@ Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
 
 ### Control firewall behavior
 
-The global default settings can be defined through the command-line interface. These modifications are also available through the Windows Firewall with Advanced Security MMC snap-in.
+The global default settings can be defined through the command-line interface. These modifications are also available through the Windows Firewall with Advanced Security console.
 
 The following scriptlets set the default inbound and outbound actions, specifies protected network connections, and allows notifications to be displayed to the user when a program is blocked from receiving inbound connections. It allows unicast response to multicast or broadcast network traffic, and it specifies logging settings for troubleshooting.
 
@@ -141,11 +82,9 @@ Windows PowerShell
 
 ``` syntax
 Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow –NotifyOnListen True -AllowUnicastResponseToMulticast True –LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log
-
 ```
 
-## <a href="" id="bkmk-deploying"></a>Deploy basic firewall rules
-
+## Deploy basic firewall rules
 
 This section provides scriptlet examples for creating, modifying, and deleting firewall rules.
 
@@ -153,7 +92,7 @@ This section provides scriptlet examples for creating, modifying, and deleting f
 
 Adding a firewall rule in Windows PowerShell looks a lot like it did in Netsh, but the parameters and values are specified differently.
 
-Here is an example of how to allow the Telnet application to listen on the network. This firewall rule is scoped to the local subnet by using a keyword instead of an IP address. Just like in Netsh, the rule is created on the local computer, and it becomes effective immediately.
+Here is an example of how to allow the Telnet application to listen on the network. This firewall rule is scoped to the local subnet by using a keyword instead of an IP address. Just like in Netsh, the rule is created on the local  device, and it becomes effective immediately.
 
 **Netsh**
 
@@ -202,7 +141,7 @@ Note that this does not batch your individual changes, it loads and saves the en
 
 ### Modify an existing firewall rule
 
-When a rule is created, Netsh and Windows PowerShell allow the administrator to change rule properties and influence, but the rule maintains its unique identifier (in Windows PowerShell this is specified with the *-Name* parameter).
+When a rule is created, Netsh and Windows PowerShell allow you to change rule properties and influence, but the rule maintains its unique identifier (in Windows PowerShell this is specified with the *-Name* parameter).
 
 For example, you could have a rule **Allow Web 80** that enables TCP port 80 for inbound unsolicited traffic. You can change the rule to match a different remote IP address of a Web server whose traffic will be allowed by specifying the human-readable, localized name of the rule.
 
@@ -287,7 +226,7 @@ Enable-NetFirewallRule -DisplayGroup “Windows Firewall Remote Management” -V
 
 ### Delete a firewall rule
 
-Rule objects can be disabled so that they are no longer active. In Windows PowerShell, the **Disable-NetFirewallRule** cmdlet will leave the rule on the system, but put it in a disabled state so the rule no longer is applied and impacts traffic. A disabled firewall rule can be re-enabled by **Enable-NetFirewallRule**. This is different from the **Remove-NetFirewallRule**, which permanently removes the rule definition from the system.
+Rule objects can be disabled so that they are no longer active. In Windows PowerShell, the **Disable-NetFirewallRule** cmdlet will leave the rule on the system, but put it in a disabled state so the rule no longer is applied and impacts traffic. A disabled firewall rule can be re-enabled by **Enable-NetFirewallRule**. This is different from the **Remove-NetFirewallRule**, which permanently removes the rule definition from the device.
 
 The following cmdlet deletes the specified existing firewall rule from the local policy store.
 
@@ -303,7 +242,7 @@ Windows PowerShell
 Remove-NetFirewallRule –DisplayName “Allow Web 80”
 ```
 
-Like with other cmdlets, you can also query for rules to be removed. Here, all blocking firewall rules are deleted from the system.
+Like with other cmdlets, you can also query for rules to be removed. Here, all blocking firewall rules are deleted from the device.
 
 Windows PowerShell
 
@@ -311,7 +250,7 @@ Windows PowerShell
 Remove-NetFirewallRule –Action Block
 ```
 
-Note that it may be safer to query the rules with the **Get** command and save it in a variable, observe the rules to be affected, then pipe them to the **Remove** command, just as we did for the **Set** commands. The following example shows how the administrator can view all the blocking firewall rules, and then delete the first four rules.
+Note that it may be safer to query the rules with the **Get** command and save it in a variable, observe the rules to be affected, then pipe them to the **Remove** command, just as we did for the **Set** commands. The following example shows how you can view all the blocking firewall rules, and then delete the first four rules.
 
 Windows PowerShell
 
@@ -321,34 +260,32 @@ $x
 $x[0-3] | Remove-NetFirewallRule
 ```
 
-## <a href="" id="bkmk-remote"></a>Manage remotely
+## Manage remotely
 
+Remote management using WinRM is enabled by default. The cmdlets that support the *CimSession* parameter use WinRM and can be managed remotely by default.
 
-Remote management using WinRM is enabled by default on Windows Server 2012. The cmdlets that support the *CimSession* parameter use WinRM and can be managed remotely by default. This is important because the default and recommended installation mode for Windows Server 2012 is Server Core which does not include a graphical user interface.
-
-The following example returns all firewall rules of the persistent store on a computer named **RemoteComputer**.
+The following example returns all firewall rules of the persistent store on a device named **RemoteDevice**.
 
 Windows PowerShell
 
 ``` syntax
-Get-NetFirewallRule –CimSession RemoteComputer
+Get-NetFirewallRule –CimSession RemoteDevice
 ```
 
-We can perform any modifications or view rules on remote computers by simply using the *–CimSession* parameter. Here we remove a specific firewall rule from a remote computer.
+We can perform any modifications or view rules on remote  devices by simply using the *–CimSession* parameter. Here we remove a specific firewall rule from a remote device.
 
 Windows PowerShell
 
 ``` syntax
-$RemoteSession = New-CimSession –ComputerName RemoteComputer
+$RemoteSession = New-CimSession –ComputerName RemoteDevice
 Remove-NetFirewallRule –DisplayName “AllowWeb80” –CimSession $RemoteSession -Confirm
 ```
 
-## <a href="" id="bkmk-deployingipsec"></a>Deploy basic IPsec rule settings
+## Deploy basic IPsec rule settings
 
+An Internet Protocol security (IPsec) policy consists of rules that determine IPsec behavior. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.
 
-An Internet Protocol security (IPsec) policy consists of rules that determine IPsec behavior. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. For more information about IPsec, see [Windows Firewall with Advanced Security Learning Roadmap](http://technet.microsoft.com/library/dd772715(WS.10).aspx).
-
-Windows PowerShell can create powerful, complex IPsec policies like in Netsh and the Windows Firewall with Advanced Security MMC snap-in. However, because Windows PowerShell is object-based rather than string token-based, configuration in Windows PowerShell offers greater control and flexibility.
+Windows PowerShell can create powerful, complex IPsec policies like in Netsh and the Windows Firewall with Advanced Security console. However, because Windows PowerShell is object-based rather than string token-based, configuration in Windows PowerShell offers greater control and flexibility.
 
 In Netsh, the authentication and cryptographic sets were specified as a list of comma-separated tokens in a specific format. In Windows PowerShell, rather than using default settings, you first create your desired authentication or cryptographic proposal objects and bundle them into lists in your preferred order. Then, you create one or more IPsec rules that reference these sets. The benefit of this model is that programmatic access to the information in the rules is much easier. See the following sections for clarifying examples.
 
@@ -356,7 +293,7 @@ In Netsh, the authentication and cryptographic sets were specified as a list of
 
 ### Create IPsec rules
 
-The following cmdlet creates basic IPsec transport mode rule in a Group Policy Object. An IPsec rule is simple to create; all that is required is the display name, and the remaining properties use default values. Inbound traffic is authenticated and integrity checked using the default quick mode and main mode settings. These default settings can be found in the MMC snap-in under Customize IPsec Defaults.
+The following cmdlet creates basic IPsec transport mode rule in a Group Policy Object. An IPsec rule is simple to create; all that is required is the display name, and the remaining properties use default values. Inbound traffic is authenticated and integrity checked using the default quick mode and main mode settings. These default settings can be found in the console under Customize IPsec Defaults.
 
 **Netsh**
 
@@ -408,7 +345,7 @@ Windows PowerShell
 New-NetIPsecRule -DisplayName “Require Inbound Authentication” -InboundSecurity Require -OutboundSecurity Request –Phase1AuthSet MyCertAuthSet -KeyModule IKEv2 –RemoteAddress $nonWindowsGateway
 ```
 
-For more information about IKEv2, including scenarios, see [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md).
+For more info about IKEv2, including scenarios, see [Securing End-to-End IPsec Connections by Using IKEv2](securing-end-to-end-ipsec-connections-by-using-ikev2.md).
 
 ### Copy an IPsec rule from one policy to another
 
@@ -428,8 +365,6 @@ $Rule | Copy-NetPhase1AuthSet –NewPolicyStore domain.costoso.com\new_gpo_name
 
 ### Handling Windows PowerShell errors
 
-****
-
 To handle errors in your Windows PowerShell scripts, you can use the *–ErrorAction* parameter. This is especially useful with the **Remove** cmdlets. If you want to remove a particular rule, you will notice that it fails if the rule is not found. When removing rules, if the rule isn’t already there, it is generally acceptable to ignore that error. In this case, you can do the following to suppress any “rule not found” errors during the remove operation.
 
 Windows PowerShell
@@ -488,7 +423,7 @@ Windows PowerShell
 Show-NetIPsecRule –PolicyStore ActiveStore
 ```
 
-You can monitor main mode security associations for information such as which peers are currently connected to the computer and which protection suite is used to form the security associations.
+You can monitor main mode security associations for information such as which peers are currently connected to the device and which protection suite is used to form the security associations.
 
 Use the following cmdlet to view existing main mode rules and their security associations:
 
@@ -520,9 +455,9 @@ It is important to note that the revealed sources do not contain a domain name.
 
 ### Deploy a basic domain isolation policy
 
-IPsec can be used to isolate domain members from non-domain members. Domain isolation uses IPsec authentication to require that the domain computer members positively establish the identities of the communicating computers to improve security of an organization. One or more features of IPsec can be used to secure traffic with an IPsec rule object.
+IPsec can be used to isolate domain members from non-domain members. Domain isolation uses IPsec authentication to require that the domain-joined devices positively establish the identities of the communicating devices to improve security of an organization. One or more features of IPsec can be used to secure traffic with an IPsec rule object.
 
-To implement domain isolation on your network, the computers in the domain receive IPsec rules that block unsolicited inbound network traffic that is not protected by IPsec. Here we create an IPsec rule that requires authentication by domain members. Through this, you can isolate domain member computers from computers that are non-domain members. In the following examples, Kerberos authentication is required for inbound traffic and requested for outbound traffic.
+To implement domain isolation on your network, the devices in the domain receive IPsec rules that block unsolicited inbound network traffic that is not protected by IPsec. Here we create an IPsec rule that requires authentication by domain members. Through this, you can isolate domain-joined devices from devices that are not joined to a domain. In the following examples, Kerberos authentication is required for inbound traffic and requested for outbound traffic.
 
 **Netsh**
 
@@ -535,15 +470,13 @@ Windows PowerShell
 
 ``` syntax
 $kerbprop = New-NetIPsecAuthProposal –Machine –Kerberos
-
 $Phase1AuthSet = New-NetIPsecPhase1AuthSet -DisplayName "Kerberos Auth Phase1" -Proposal $kerbprop –PolicyStore domain.contoso.com\domain_isolation
-
 New-NetIPsecRule –DisplayName “Basic Domain Isolation Policy” –Profile Domain –Phase1AuthSet $Phase1AuthSet.Name –InboundSecurity Require –OutboundSecurity Request –PolicyStore domain.contoso.com\domain_isolation 
 ```
 
 ### Configure IPsec tunnel mode
 
-The following command creates an IPsec tunnel that routes traffic from a private network (192.168.0.0/16) through an interface on the local computer (1.1.1.1) attached to a public network to a second computer through its public interface (2.2.2.2) to another private network (192.157.0.0/16). All traffic through the tunnel is checked for integrity by using ESP/SHA1, and it is encrypted by using ESP/DES3.
+The following command creates an IPsec tunnel that routes traffic from a private network (192.168.0.0/16) through an interface on the local device (1.1.1.1) attached to a public network to a second device through its public interface (2.2.2.2) to another private network (192.157.0.0/16). All traffic through the tunnel is checked for integrity by using ESP/SHA1, and it is encrypted by using ESP/DES3.
 
 **Netsh**
 
@@ -559,8 +492,7 @@ $QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName “esp:sha1-des3”
 New-NetIPSecRule -DisplayName “Tunnel from HQ to Dallas Branch” -Mode Tunnel -LocalAddress 192.168.0.0/16 -RemoteAddress 192.157.0.0/16 -LocalTunnelEndpoint 1.1.1.1 -RemoteTunnelEndpoint 2.2.2.2 -InboundSecurity Require -OutboundSecurity Require -QuickModeCryptoSet $QMCryptoSet.Name
 ```
 
-## <a href="" id="bkmk-deploysecurerules"></a>Deploy secure firewall rules with IPsec
-
+## Deploy secure firewall rules with IPsec
 
 In situations where only secure traffic can be allowed through the Windows Firewall, a combination of manually configured firewall and IPsec rules are necessary. The firewall rules determine the level of security for allowed packets, and the underlying IPsec rules secure the traffic. The scenarios can be accomplished in Windows PowerShell and in Netsh, with many similarities in deployment.
 
@@ -568,7 +500,7 @@ In situations where only secure traffic can be allowed through the Windows Firew
 
 Configuring firewalls rule to allow connections if they are secure requires the corresponding traffic to be authenticated and integrity protected, and then optionally encrypted by IPsec.
 
-The following example creates a firewall rule that requires traffic to be authenticated. The command permits inbound Telnet network traffic only if the connection from the remote computer is authenticated by using a separate IPsec rule.
+The following example creates a firewall rule that requires traffic to be authenticated. The command permits inbound Telnet network traffic only if the connection from the remote device is authenticated by using a separate IPsec rule.
 
 **Netsh**
 
@@ -605,15 +537,15 @@ New-NetIPSecRule -DisplayName “Authenticate Both Computer and User” -Inbound
 
 ### Isolate a server by requiring encryption and group membership
 
-To improve the security of the computers in an organization, an administrator can deploy domain isolation in which domain-members are restricted. They require authentication when communicating among each other and reject non-authenticated inbound connections. To improve the security of servers with sensitive data, this data must be protected by allowing access only to a subset of computers within the enterprise domain.
+To improve the security of the  devices in an organization, you can deploy domain isolation in which domain-members are restricted. They require authentication when communicating among each other and reject non-authenticated inbound connections. To improve the security of servers with sensitive data, this data must be protected by allowing access only to a subset of devices within the enterprise domain.
 
-IPsec can provide this additional layer of protection by isolating the server. In server isolation, sensitive data access is restricted to users and computers with legitimate business need, and the data is additionally encrypted to prevent eavesdropping.
+IPsec can provide this additional layer of protection by isolating the server. In server isolation, sensitive data access is restricted to users and devices with legitimate business need, and the data is additionally encrypted to prevent eavesdropping.
 
 ### Create a firewall rule that requires group membership and encryption
 
-To deploy server isolation, we layer a firewall rule that restricts traffic to authorized users or computers on the IPsec rule that enforces authentication.
+To deploy server isolation, we layer a firewall rule that restricts traffic to authorized users or devices on the IPsec rule that enforces authentication.
 
-The following firewall rule allows Telnet traffic from user accounts that are members of a custom group created by an administrator called “Authorized to Access Server.” This access can additionally be restricted based on the computer, user, or both by specifying the restriction parameters.
+The following firewall rule allows Telnet traffic from user accounts that are members of a custom group called “Authorized to Access Server.” This access can additionally be restricted based on the  device, user, or both by specifying the restriction parameters.
 
 A Security Descriptor Definition Language (SDDL) string is created by extending a user or group’s security identifier (SID). For more information about finding a group’s SID, see: [Finding the SID for a group account](http://technet.microsoft.com/library/cc753463(WS.10).aspx#bkmk_FINDSID).
 
@@ -670,9 +602,9 @@ Set-NetFirewallSetting -RemoteMachineTransportAuthorizationList $secureMachineGr
 
 ### Create firewall rules that allow IPsec-protected network traffic (authenticated bypass)
 
-Authenticated bypass allows traffic from a specified trusted computer or user to override firewall block rules. This is helpful when an administrator wants to use scanning servers to monitor and update computers without the need to use port-level exceptions. For more information, see [How to enable authenticated firewall bypass](http://technet.microsoft.com/library/cc753463(WS.10).aspx).
+Authenticated bypass allows traffic from a specified trusted  device or user to override firewall block rules. This is helpful when an administrator wants to use scanning servers to monitor and update  devices without the need to use port-level exceptions. For more information, see [How to enable authenticated firewall bypass](http://technet.microsoft.com/library/cc753463(WS.10).aspx).
 
-In this example, we assume that a blocking firewall rule exists. This example permits any network traffic on any port from any IP address to override the block rule, if the traffic is authenticated as originating from a computer or user account that is a member of the specified computer or user security group.
+In this example, we assume that a blocking firewall rule exists. This example permits any network traffic on any port from any IP address to override the block rule, if the traffic is authenticated as originating from a  device or user account that is a member of the specified  device or user security group.
 
 **Netsh**
 
@@ -687,7 +619,7 @@ Windows PowerShell
 New-NetFirewallRule –DisplayName “Inbound Secure Bypass Rule" –Direction Inbound –Authentication Required –OverrideBlockRules $true -RemoteMachine $secureMachineGroup –RemoteUser $secureUserGroup –PolicyStore domain.contoso.com\domain_isolation
 ```
 
-## <a href="" id="bkmk-additionalresources"></a>Additional resources
+## Additional resources
 
 
 For more information about Windows PowerShell concepts, see the following topics.
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security.md b/windows/keep-secure/windows-firewall-with-advanced-security.md
index 199b30568c..3adc42213a 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security.md
@@ -1,147 +1,42 @@
 ---
 title: Windows Firewall with Advanced Security Overview (Windows 10)
 description: Windows Firewall with Advanced Security Overview
-ms.assetid: 596d4c24-4984-4c14-b104-e2c4c7d0b108
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Windows Firewall with Advanced Security Overview
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-This is an overview of the Windows Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features in Windows Server 2012.
+This is an overview of the Windows Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
 
-**Did you mean…**
+## Feature description
 
--   [Windows Firewall with Advanced Security in Windows Server 2008 R2](http://technet.microsoft.com/library/cc732283(WS.10).aspx)
+Windows Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local device. Windows Firewall with Advanced Security also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the device is connected. Windows Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Firewall with Advanced Security, so Windows Firewall is also an important part of your network’s isolation strategy.
 
-## <a href="" id="bkmk-over"></a>Feature description
-
-
-Windows Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a computer, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local computer. Windows Firewall with Advanced Security also works with Network Awareness so that it can apply security settings appropriate to the types of networks to which the computer is connected. Windows Firewall and Internet Protocol Security (IPsec) configuration settings are integrated into a single Microsoft Management Console (MMC) named Windows Firewall with Advanced Security, so Windows Firewall is also an important part of your network’s isolation strategy.
-
-## <a href="" id="bkmk-app"></a>Practical applications
+## Practical applications
 
 
 To help address your organizational network security challenges, Windows Firewall with Advanced Security offers the following benefits:
 
--   **Reduces the risk of network security threats.**  Windows Firewall with Advanced Security reduces the attack surface of a computer, providing an additional layer to the defense-in-depth model. Reducing the attack surface of a computer increases manageability and decreases the likelihood of a successful attack. Network Access Protection (NAP), a feature of Windows Server 2012, also helps ensure client computers comply with policies that define the required software and system configurations for computers that connect to your network. The integration of NAP helps prevent communications between compliant and noncompliant computers.
+-   **Reduces the risk of network security threats.**  Windows Firewall with Advanced Security reduces the attack surface of a device, providing an additional layer to the defense-in-depth model. Reducing the attack surface of a device increases manageability and decreases the likelihood of a successful attack.
 
 -   **Safeguards sensitive data and intellectual property.**  With its integration with IPsec, Windows Firewall with Advanced Security provides a simple way to enforce authenticated, end-to-end network communications. It provides scalable, tiered access to trusted network resources, helping to enforce integrity of the data, and optionally helping to protect the confidentiality of the data.
 
--   **Extends the value of existing investments.**  Because Windows Firewall with Advanced Security is a host-based firewall that is included with Windows Server 2012, and prior Windows operating systems and because it is tightly integrated with Active Directory® Domain Services (AD DS) and Group Policy, there is no additional hardware or software required. Windows Firewall with Advanced Security is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).
-
-## <a href="" id="bkmk-new"></a>New and changed functionality
-
-
-The following table lists some of the new features for Windows Firewall with Advanced Security in Windows Server 2012.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Feature/functionality</th>
-<th>Windows Server 2008 R2</th>
-<th>Windows Server 2012</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>Internet Key Exchange version 2 (IKEv2) for IPsec transport mode</p></td>
-<td><p></p></td>
-<td><p>X</p></td>
-</tr>
-<tr class="even">
-<td><p>Windows Store app network isolation</p></td>
-<td><p></p></td>
-<td><p>X</p></td>
-</tr>
-<tr class="odd">
-<td><p>Windows PowerShell cmdlets for Windows Firewall</p></td>
-<td><p></p></td>
-<td><p>X</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### <a href="" id="ikev2-for-ipsec-transport-mode-"></a>IKEv2 for IPsec transport mode
-
-In Windows Server 2012, IKEv2 supports additional scenarios including IPsec end-to-end transport mode connections.
-
-**What value does this change add?**
-
-Windows Server 2012 IKEv2 support provides interoperability for Windows with other operating systems using IKEv2 for end-to-end security, and Supports Suite B (RFC 4869) requirements.
-
-**What works differently?**
-
-In Windows Server 2008 R2, IKEv2 is available as a virtual private network (VPN) tunneling protocol that supports automatic VPN reconnection. IKEv2 allows the security association to remain unchanged despite changes in the underlying connection.
-
-In Windows Server 2012, IKEv2 support has been expanded.
-
-### Windows Store app network isolation
-
-Administrators can custom configure Windows Firewall to fine tune network access if they desire more control of their Windows Store apps.
-
-**What value does this change add?**
-
-The feature adds the ability to set and enforce network boundaries ensure that apps that get compromised can only access networks where they have been explicitly granted access. This significantly reduces the scope of their impact to other apps, the system, and the network. In addition, apps can be isolated and protected from malicious access from the network.
-
-**What works differently?**
-
-In addition to firewall rules that you can create for program and services, you can also create firewall rules for Windows Store apps and their various capabilities.
-
-### Windows PowerShell cmdlets for Windows Firewall
-
-Windows PowerShell has extensive cmdlets to allow Windows Firewall configuration and management.
-
-**What value does this change add?**
-
-You can now fully configure and manage Windows Firewall, IPsec, and related features using the very powerful and scriptable Windows PowerShell.
-
-**What works differently?**
-
-In previous Windows versions, you could use Netsh to perform many configuration and management functions. This capability has been greatly expanded using the more powerful Windows PowerShell scripting language.
-
-## <a href="" id="bkmk-links"></a>See also
-
-
-See the following topics for more information about Windows Firewall with Advanced Security in Windows Server 2012.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Content type</th>
-<th>References</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><strong>Deployment</strong></p></td>
-<td><p>[Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md) | [Isolating Windows Store Apps on Your Network](isolating-windows-store-apps-on-your-network.md) | [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><strong>Troubleshooting</strong></p></td>
-<td><p>[Troubleshooting Windows Firewall with Advanced Security in Windows Server 2012](http://social.technet.microsoft.com/wiki/contents/articles/13894.troubleshooting-windows-firewall-with-advanced-security-in-windows-server-2012.aspx)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
+-   **Extends the value of existing investments.**  Because Windows Firewall with Advanced Security is a host-based firewall that is included with the operating system, there is no additional hardware or software required. Windows Firewall with Advanced Security is also designed to complement existing non-Microsoft network security solutions through a documented application programming interface (API).
 
+## In this section
 
+| Topic | Description
+| - | - |
+| [Isolating Windows Store Apps on Your Network](isolating-apps-on-your-network.md) | You can customize your Windows Firewall configuration to isolate the network access of Windows Store apps that run on devices. |
+| [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](securing-end-to-end-ipsec-connections-by-using-ikev2.md) | You can use IKEv2 to help secure your end-to-end IPSec connections. |
+| [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md) | Learn more about using Windows PowerShell to manage the Windows Firewall. |
+| [Windows Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md) | Learn how to create a design for deploying Windows Firewall with Advanced Security. |
+| [Windows Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md) |  Learn how to deploy Windows Firewall with Advanced Security. |

From 8e6dba25e9dbe4f0c138a416b6de2fb4abc6f94e Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Fri, 27 May 2016 13:46:06 -0700
Subject: [PATCH 28/92] update tagging

change W10 to w10 (lower case); add ms.pagetype; added authors
---
 ...ge-privacy-windows-defender-advanced-threat-protection.md | 1 +
 ...ate-alerts-windows-defender-advanced-threat-protection.md | 1 +
 windows/keep-secure/load-and-unload-device-drivers.md        | 2 +-
 windows/keep-secure/lock-pages-in-memory.md                  | 2 +-
 windows/keep-secure/log-on-as-a-batch-job.md                 | 2 +-
 windows/keep-secure/log-on-as-a-service.md                   | 2 +-
 windows/keep-secure/maintain-applocker-policies.md           | 2 +-
 ...age-alerts-windows-defender-advanced-threat-protection.md | 4 +++-
 windows/keep-secure/manage-auditing-and-security-log.md      | 2 +-
 .../manage-identity-verification-using-microsoft-passport.md | 2 +-
 windows/keep-secure/manage-packaged-apps-with-applocker.md   | 2 +-
 windows/keep-secure/manage-tpm-commands.md                   | 2 +-
 windows/keep-secure/manage-tpm-lockout.md                    | 2 +-
 windows/keep-secure/maximum-lifetime-for-service-ticket.md   | 2 +-
 .../keep-secure/maximum-lifetime-for-user-ticket-renewal.md  | 2 +-
 windows/keep-secure/maximum-lifetime-for-user-ticket.md      | 2 +-
 windows/keep-secure/maximum-password-age.md                  | 2 +-
 .../maximum-tolerance-for-computer-clock-synchronization.md  | 2 +-
 .../merge-applocker-policies-by-using-set-applockerpolicy.md | 2 +-
 windows/keep-secure/merge-applocker-policies-manually.md     | 2 +-
 ...ft-network-client-digitally-sign-communications-always.md | 2 +-
 ...-client-digitally-sign-communications-if-server-agrees.md | 2 +-
 ...t-send-unencrypted-password-to-third-party-smb-servers.md | 2 +-
 ...amount-of-idle-time-required-before-suspending-session.md | 2 +-
 ...rk-server-attempt-s4u2self-to-obtain-claim-information.md | 2 +-
 ...ft-network-server-digitally-sign-communications-always.md | 2 +-
 ...-server-digitally-sign-communications-if-client-agrees.md | 2 +-
 ...work-server-disconnect-clients-when-logon-hours-expire.md | 2 +-
 ...network-server-server-spn-target-name-validation-level.md | 2 +-
 .../keep-secure/microsoft-passport-and-password-changes.md   | 2 +-
 .../microsoft-passport-errors-during-pin-creation.md         | 2 +-
 windows/keep-secure/microsoft-passport-guide.md              | 3 +--
 windows/keep-secure/minimum-password-age.md                  | 2 +-
 windows/keep-secure/minimum-password-length.md               | 2 +-
 ...quirements-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/modify-an-object-label.md                | 2 +-
 windows/keep-secure/modify-firmware-environment-values.md    | 2 +-
 .../keep-secure/monitor-application-usage-with-applocker.md  | 2 +-
 .../monitor-central-access-policy-and-rule-definitions.md    | 2 +-
 windows/keep-secure/monitor-claim-types.md                   | 2 +-
 ...onboarding-windows-defender-advanced-threat-protection.md | 3 ++-
 .../keep-secure/monitor-resource-attribute-definitions.md    | 2 +-
 ...tral-access-policies-associated-with-files-and-folders.md | 2 +-
 ...he-central-access-policies-that-apply-on-a-file-server.md | 2 +-
 .../monitor-the-resource-attributes-on-files-and-folders.md  | 2 +-
 .../monitor-the-use-of-removable-storage-devices.md          | 2 +-
 .../monitor-user-and-device-claims-during-sign-in.md         | 2 +-
 .../network-access-allow-anonymous-sidname-translation.md    | 2 +-
 ...allow-anonymous-enumeration-of-sam-accounts-and-shares.md | 2 +-
 ...ess-do-not-allow-anonymous-enumeration-of-sam-accounts.md | 2 +-
 ...f-passwords-and-credentials-for-network-authentication.md | 2 +-
 ...cess-let-everyone-permissions-apply-to-anonymous-users.md | 2 +-
 ...rk-access-named-pipes-that-can-be-accessed-anonymously.md | 2 +-
 ...access-remotely-accessible-registry-paths-and-subpaths.md | 2 +-
 .../network-access-remotely-accessible-registry-paths.md     | 2 +-
 ...ss-restrict-anonymous-access-to-named-pipes-and-shares.md | 2 +-
 ...network-access-shares-that-can-be-accessed-anonymously.md | 2 +-
 ...k-access-sharing-and-security-model-for-local-accounts.md | 2 +-
 windows/keep-secure/network-list-manager-policies.md         | 2 +-
 ...y-allow-local-system-to-use-computer-identity-for-ntlm.md | 2 +-
 ...twork-security-allow-localsystem-null-session-fallback.md | 2 +-
 ...ion-requests-to-this-computer-to-use-online-identities.md | 2 +-
 ...curity-configure-encryption-types-allowed-for-kerberos.md | 2 +-
 ...t-store-lan-manager-hash-value-on-next-password-change.md | 2 +-
 .../network-security-force-logoff-when-logon-hours-expire.md | 2 +-
 .../network-security-lan-manager-authentication-level.md     | 2 +-
 .../network-security-ldap-client-signing-requirements.md     | 2 +-
 ...curity-for-ntlm-ssp-based-including-secure-rpc-clients.md | 2 +-
 ...curity-for-ntlm-ssp-based-including-secure-rpc-servers.md | 2 +-
 ...m-add-remote-server-exceptions-for-ntlm-authentication.md | 2 +-
 ...ity-restrict-ntlm-add-server-exceptions-in-this-domain.md | 2 +-
 ...ork-security-restrict-ntlm-audit-incoming-ntlm-traffic.md | 2 +-
 ...restrict-ntlm-audit-ntlm-authentication-in-this-domain.md | 2 +-
 .../network-security-restrict-ntlm-incoming-ntlm-traffic.md  | 2 +-
 ...urity-restrict-ntlm-ntlm-authentication-in-this-domain.md | 2 +-
 ...-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md | 2 +-
 ...-configure-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/optimize-applocker-performance.md        | 2 +-
 windows/keep-secure/overview-create-edp-policy.md            | 3 ++-
 ...ged-apps-and-packaged-app-installer-rules-in-applocker.md | 2 +-
 windows/keep-secure/passport-event-300.md                    | 4 ++--
 .../password-must-meet-complexity-requirements.md            | 2 +-
 windows/keep-secure/password-policy.md                       | 2 +-
 windows/keep-secure/perform-volume-maintenance-tasks.md      | 2 +-
 windows/keep-secure/plan-for-applocker-policy-management.md  | 2 +-
 ...lanning-and-deploying-advanced-security-audit-policies.md | 2 +-
 ...l-overview-windows-defender-advanced-threat-protection.md | 3 ++-
 .../keep-secure/prepare-people-to-use-microsoft-passport.md  | 2 +-
 ...-your-organization-for-bitlocker-planning-and-policies.md | 2 +-
 windows/keep-secure/profile-single-process.md                | 2 +-
 windows/keep-secure/profile-system-performance.md            | 2 +-
 .../keep-secure/protect-bitlocker-from-pre-boot-attacks.md   | 2 +-
 windows/keep-secure/protect-enterprise-data-using-edp.md     | 5 +++--
 ...-by-controlling-the-health-of-windows-10-based-devices.md | 4 ++--
 ...hared-volumes-and-storage-area-networks-with-bitlocker.md | 2 +-
 .../recovery-console-allow-automatic-administrative-logon.md | 2 +-
 ...allow-floppy-copy-and-access-to-all-drives-and-folders.md | 2 +-
 windows/keep-secure/refresh-an-applocker-policy.md           | 2 +-
 .../keep-secure/registry-global-object-access-auditing.md    | 2 +-
 windows/keep-secure/remove-computer-from-docking-station.md  | 2 +-
 windows/keep-secure/replace-a-process-level-token.md         | 2 +-
 .../requirements-for-deploying-applocker-policies.md         | 2 +-
 windows/keep-secure/requirements-to-use-applocker.md         | 2 +-
 windows/keep-secure/reset-account-lockout-counter-after.md   | 2 +-
 windows/keep-secure/restore-files-and-directories.md         | 2 +-
 .../run-cmd-scan-windows-defender-for-windows-10.md          | 3 ++-
 .../run-the-automatically-generate-rules-wizard.md           | 2 +-
 windows/keep-secure/script-rules-in-applocker.md             | 2 +-
 .../secpol-advanced-security-audit-policy-settings.md        | 2 +-
 windows/keep-secure/security-auditing-overview.md            | 2 +-
 windows/keep-secure/security-considerations-for-applocker.md | 2 +-
 windows/keep-secure/security-options.md                      | 2 +-
 windows/keep-secure/security-policy-settings-reference.md    | 2 +-
 windows/keep-secure/security-policy-settings.md              | 2 +-
 windows/keep-secure/security-technologies.md                 | 2 +-
 windows/keep-secure/select-types-of-rules-to-create.md       | 2 +-
 ...onboarding-windows-defender-advanced-threat-protection.md | 3 ++-
 .../settings-windows-defender-advanced-threat-protection.md  | 3 ++-
 windows/keep-secure/shut-down-the-system.md                  | 2 +-
 ...-allow-system-to-be-shut-down-without-having-to-log-on.md | 2 +-
 .../keep-secure/shutdown-clear-virtual-memory-pagefile.md    | 2 +-
 .../store-passwords-using-reversible-encryption.md           | 2 +-
 windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md   | 2 +-
 windows/keep-secure/synchronize-directory-service-data.md    | 2 +-
 ...ng-key-protection-for-user-keys-stored-on-the-computer.md | 2 +-
 ...ompliant-algorithms-for-encryption-hashing-and-signing.md | 2 +-
 ...-require-case-insensitivity-for-non-windows-subsystems.md | 2 +-
 ...engthen-default-permissions-of-internal-system-objects.md | 2 +-
 windows/keep-secure/system-settings-optional-subsystems.md   | 2 +-
 ...-windows-executables-for-software-restriction-policies.md | 2 +-
 .../keep-secure/take-ownership-of-files-or-other-objects.md  | 2 +-
 ...test-an-applocker-policy-by-using-test-applockerpolicy.md | 2 +-
 windows/keep-secure/test-and-update-an-applocker-policy.md   | 2 +-
 windows/keep-secure/testing-scenarios-for-edp.md             | 5 +++--
 windows/keep-secure/tools-to-use-with-applocker.md           | 2 +-
 windows/keep-secure/tpm-fundamentals.md                      | 2 +-
 windows/keep-secure/tpm-recommendations.md                   | 2 +-
 ...onboarding-windows-defender-advanced-threat-protection.md | 3 ++-
 ...oubleshoot-windows-defender-advanced-threat-protection.md | 3 ++-
 .../troubleshoot-windows-defender-in-windows-10.md           | 2 +-
 windows/keep-secure/trusted-platform-module-overview.md      | 2 +-
 ...trusted-platform-module-services-group-policy-settings.md | 2 +-
 .../types-of-attacks-for-volume-encryption-keys.md           | 2 +-
 .../keep-secure/understand-applocker-enforcement-settings.md | 2 +-
 .../understand-applocker-policy-design-decisions.md          | 2 +-
 ...es-and-enforcement-setting-inheritance-in-group-policy.md | 2 +-
 .../understand-the-applocker-policy-deployment-process.md    | 2 +-
 ...nderstanding-applocker-allow-and-deny-actions-on-rules.md | 2 +-
 windows/keep-secure/understanding-applocker-default-rules.md | 2 +-
 windows/keep-secure/understanding-applocker-rule-behavior.md | 2 +-
 .../keep-secure/understanding-applocker-rule-collections.md  | 2 +-
 .../understanding-applocker-rule-condition-types.md          | 2 +-
 .../keep-secure/understanding-applocker-rule-exceptions.md   | 2 +-
 ...nderstanding-the-file-hash-rule-condition-in-applocker.md | 2 +-
 .../understanding-the-path-rule-condition-in-applocker.md    | 2 +-
 ...nderstanding-the-publisher-rule-condition-in-applocker.md | 2 +-
 ...nce-computer-to-create-and-maintain-applocker-policies.md | 2 +-
 ...r-and-software-restriction-policies-in-the-same-domain.md | 2 +-
 .../use-the-applocker-windows-powershell-cmdlets.md          | 2 +-
 .../use-windows-defender-advanced-threat-protection.md       | 3 ++-
 ...ows-event-forwarding-to-assist-in-instrusion-detection.md | 2 +-
 ...n-approval-mode-for-the-built-in-administrator-account.md | 2 +-
 ...-prompt-for-elevation-without-using-the-secure-desktop.md | 2 +-
 ...ation-prompt-for-administrators-in-admin-approval-mode.md | 2 +-
 ...ol-behavior-of-the-elevation-prompt-for-standard-users.md | 2 +-
 ...ect-application-installations-and-prompt-for-elevation.md | 2 +-
 ...account-control-group-policy-and-registry-key-settings.md | 4 +++-
 ...only-elevate-executables-that-are-signed-and-validated.md | 2 +-
 ...ss-applications-that-are-installed-in-secure-locations.md | 2 +-
 windows/keep-secure/user-account-control-overview.md         | 2 +-
 ...-control-run-all-administrators-in-admin-approval-mode.md | 2 +-
 .../user-account-control-security-policy-settings.md         | 4 ++--
 ...tch-to-the-secure-desktop-when-prompting-for-elevation.md | 2 +-
 ...file-and-registry-write-failures-to-per-user-locations.md | 2 +-
 windows/keep-secure/user-rights-assignment.md                | 2 +-
 ...ting-options-to-monitor-dynamic-access-control-objects.md | 2 +-
 windows/keep-secure/using-event-viewer-with-applocker.md     | 2 +-
 ...g-software-restriction-policies-and-applocker-policies.md | 2 +-
 windows/keep-secure/view-the-security-event-log.md           | 2 +-
 windows/keep-secure/vpn-profile-options.md                   | 4 ++--
 windows/keep-secure/what-is-applocker.md                     | 2 +-
 ...of-windows-support-advanced-audit-policy-configuration.md | 2 +-
 windows/keep-secure/why-a-pin-is-better-than-a-password.md   | 2 +-
 windows/keep-secure/windows-10-enterprise-security-guides.md | 4 ++--
 windows/keep-secure/windows-10-mobile-security-guide.md      | 4 ++--
 windows/keep-secure/windows-10-security-guide.md             | 2 +-
 .../windows-defender-advanced-threat-protection.md           | 3 ++-
 windows/keep-secure/windows-defender-in-windows-10.md        | 2 +-
 windows/keep-secure/windows-hello-in-enterprise.md           | 5 +++--
 windows/keep-secure/windows-installer-rules-in-applocker.md  | 2 +-
 windows/keep-secure/working-with-applocker-policies.md       | 2 +-
 windows/keep-secure/working-with-applocker-rules.md          | 2 +-
 192 files changed, 220 insertions(+), 200 deletions(-)

diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
index 6db6f55321..a5d2bec8ce 100644
--- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+author: mjcaparas
 ---
 
 # Windows Defender ATP data storage and privacy
diff --git a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
index 20a073c239..d724b1862d 100644
--- a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+author: mjcaparas
 ---
 
 # Investigate Windows Defender Advanced Threat Protection alerts
diff --git a/windows/keep-secure/load-and-unload-device-drivers.md b/windows/keep-secure/load-and-unload-device-drivers.md
index 0ef993463c..a0500dbf3c 100644
--- a/windows/keep-secure/load-and-unload-device-drivers.md
+++ b/windows/keep-secure/load-and-unload-device-drivers.md
@@ -2,7 +2,7 @@
 title: Load and unload device drivers (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Load and unload device drivers security policy setting.
 ms.assetid: 66262532-c610-470c-9792-35ff4389430f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/lock-pages-in-memory.md b/windows/keep-secure/lock-pages-in-memory.md
index c2d3f4a39d..c1da29a511 100644
--- a/windows/keep-secure/lock-pages-in-memory.md
+++ b/windows/keep-secure/lock-pages-in-memory.md
@@ -2,7 +2,7 @@
 title: Lock pages in memory (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Lock pages in memory security policy setting.
 ms.assetid: cc724979-aec0-496d-be4e-7009aef660a3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/log-on-as-a-batch-job.md b/windows/keep-secure/log-on-as-a-batch-job.md
index 6ffcaa330e..e2be507be1 100644
--- a/windows/keep-secure/log-on-as-a-batch-job.md
+++ b/windows/keep-secure/log-on-as-a-batch-job.md
@@ -2,7 +2,7 @@
 title: Log on as a batch job (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Log on as a batch job security policy setting.
 ms.assetid: 4eaddb51-0a18-470e-9d3d-5e7cd7970b41
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/log-on-as-a-service.md b/windows/keep-secure/log-on-as-a-service.md
index 04d7784d74..eff13752ec 100644
--- a/windows/keep-secure/log-on-as-a-service.md
+++ b/windows/keep-secure/log-on-as-a-service.md
@@ -2,7 +2,7 @@
 title: Log on as a service (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Log on as a service security policy setting.
 ms.assetid: acc9a9e0-fd88-4cda-ab54-503120ba1f42
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maintain-applocker-policies.md b/windows/keep-secure/maintain-applocker-policies.md
index bc85d3af36..43bd39884e 100644
--- a/windows/keep-secure/maintain-applocker-policies.md
+++ b/windows/keep-secure/maintain-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Maintain AppLocker policies (Windows 10)
 description: This topic describes how to maintain rules within AppLocker policies.
 ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
index 12cc2527bd..718b2e22ce 100644
--- a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,11 @@ title: Manage Windows Defender Advanced Threat Protection alerts
 description: Change the status of alerts, create suppression rules to hide alerts, submit comments, and review change history for individual alerts with the Manage Alert menu.
 keywords: manage alerts, manage, alerts, status, new, in progress, resolved, resolve alerts, suppress, supression, rules, context, history, comments, changes
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
 ---
 
 # Manage Windows Defender Advanced Threat Protection alerts
diff --git a/windows/keep-secure/manage-auditing-and-security-log.md b/windows/keep-secure/manage-auditing-and-security-log.md
index 48c840cc7b..7a6cfdc0ea 100644
--- a/windows/keep-secure/manage-auditing-and-security-log.md
+++ b/windows/keep-secure/manage-auditing-and-security-log.md
@@ -2,7 +2,7 @@
 title: Manage auditing and security log (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Manage auditing and security log security policy setting.
 ms.assetid: 4b946c0d-f904-43db-b2d5-7f0917575347
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
index 7f4b06da3d..bb891d67c5 100644
--- a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
+++ b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
@@ -3,7 +3,7 @@ title: Manage identity verification using Microsoft Passport (Windows 10)
 description: In Windows 10, Microsoft Passport replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a Windows Hello (biometric) or PIN.
 ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E
 keywords: identity, PIN, biometric, Hello
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-packaged-apps-with-applocker.md b/windows/keep-secure/manage-packaged-apps-with-applocker.md
index dcad549bfa..e1a7639af3 100644
--- a/windows/keep-secure/manage-packaged-apps-with-applocker.md
+++ b/windows/keep-secure/manage-packaged-apps-with-applocker.md
@@ -2,7 +2,7 @@
 title: Manage packaged apps with AppLocker (Windows 10)
 description: This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.
 ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-tpm-commands.md b/windows/keep-secure/manage-tpm-commands.md
index 1aa0ca5061..0620207ec5 100644
--- a/windows/keep-secure/manage-tpm-commands.md
+++ b/windows/keep-secure/manage-tpm-commands.md
@@ -2,7 +2,7 @@
 title: Manage TPM commands (Windows 10)
 description: This topic for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users.
 ms.assetid: a78e751a-2806-43ae-9c20-2e7ca466b765
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-tpm-lockout.md b/windows/keep-secure/manage-tpm-lockout.md
index 7c75700ed0..61c94cc77e 100644
--- a/windows/keep-secure/manage-tpm-lockout.md
+++ b/windows/keep-secure/manage-tpm-lockout.md
@@ -2,7 +2,7 @@
 title: Manage TPM lockout (Windows 10)
 description: This topic for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows.
 ms.assetid: bf27adbe-404c-4691-a644-29ec722a3f7b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-lifetime-for-service-ticket.md b/windows/keep-secure/maximum-lifetime-for-service-ticket.md
index 3a0a6fff86..fd43969eb0 100644
--- a/windows/keep-secure/maximum-lifetime-for-service-ticket.md
+++ b/windows/keep-secure/maximum-lifetime-for-service-ticket.md
@@ -2,7 +2,7 @@
 title: Maximum lifetime for service ticket (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum lifetime for service ticket security policy setting.
 ms.assetid: 484bf05a-3858-47fc-bc02-6599ca860247
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-lifetime-for-user-ticket-renewal.md b/windows/keep-secure/maximum-lifetime-for-user-ticket-renewal.md
index c1f175c55b..f807fae4e2 100644
--- a/windows/keep-secure/maximum-lifetime-for-user-ticket-renewal.md
+++ b/windows/keep-secure/maximum-lifetime-for-user-ticket-renewal.md
@@ -2,7 +2,7 @@
 title: Maximum lifetime for user ticket renewal (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum lifetime for user ticket renewal security policy setting.
 ms.assetid: f88cd819-3dd1-4e38-b560-13fe6881b609
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-lifetime-for-user-ticket.md b/windows/keep-secure/maximum-lifetime-for-user-ticket.md
index e1a9089dd7..e37ae53435 100644
--- a/windows/keep-secure/maximum-lifetime-for-user-ticket.md
+++ b/windows/keep-secure/maximum-lifetime-for-user-ticket.md
@@ -2,7 +2,7 @@
 title: Maximum lifetime for user ticket (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum lifetime for user ticket policy setting.
 ms.assetid: bcb4ff59-334d-4c2f-99af-eca2b64011dc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-password-age.md b/windows/keep-secure/maximum-password-age.md
index 30fb8319a2..488f04f383 100644
--- a/windows/keep-secure/maximum-password-age.md
+++ b/windows/keep-secure/maximum-password-age.md
@@ -2,7 +2,7 @@
 title: Maximum password age (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum password age security policy setting.
 ms.assetid: 2d6e70e7-c8b0-44fb-8113-870c6120871d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-tolerance-for-computer-clock-synchronization.md b/windows/keep-secure/maximum-tolerance-for-computer-clock-synchronization.md
index f5f976b55a..63ebd1f934 100644
--- a/windows/keep-secure/maximum-tolerance-for-computer-clock-synchronization.md
+++ b/windows/keep-secure/maximum-tolerance-for-computer-clock-synchronization.md
@@ -2,7 +2,7 @@
 title: Maximum tolerance for computer clock synchronization (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum tolerance for computer clock synchronization security policy setting.
 ms.assetid: ba2cf59e-d69d-469e-95e3-8e6a0ba643af
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/keep-secure/merge-applocker-policies-by-using-set-applockerpolicy.md
index 42b8495ede..2e095a1533 100644
--- a/windows/keep-secure/merge-applocker-policies-by-using-set-applockerpolicy.md
+++ b/windows/keep-secure/merge-applocker-policies-by-using-set-applockerpolicy.md
@@ -2,7 +2,7 @@
 title: Merge AppLocker policies by using Set-ApplockerPolicy (Windows 10)
 description: This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
 ms.assetid: f1c7d5c0-463e-4fe2-a410-844a404f18d0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/merge-applocker-policies-manually.md b/windows/keep-secure/merge-applocker-policies-manually.md
index c511afb3cd..2747de84e0 100644
--- a/windows/keep-secure/merge-applocker-policies-manually.md
+++ b/windows/keep-secure/merge-applocker-policies-manually.md
@@ -2,7 +2,7 @@
 title: Merge AppLocker policies manually (Windows 10)
 description: This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
 ms.assetid: 3605f293-e5f2-481d-8efd-775f9f23c30f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-client-digitally-sign-communications-always.md b/windows/keep-secure/microsoft-network-client-digitally-sign-communications-always.md
index 597e001a91..1cb4c83e11 100644
--- a/windows/keep-secure/microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/keep-secure/microsoft-network-client-digitally-sign-communications-always.md
@@ -2,7 +2,7 @@
 title: Microsoft network client Digitally sign communications (always) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network client Digitally sign communications (always) security policy setting.
 ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/keep-secure/microsoft-network-client-digitally-sign-communications-if-server-agrees.md
index 3f25ac2921..4594534751 100644
--- a/windows/keep-secure/microsoft-network-client-digitally-sign-communications-if-server-agrees.md
+++ b/windows/keep-secure/microsoft-network-client-digitally-sign-communications-if-server-agrees.md
@@ -2,7 +2,7 @@
 title: Microsoft network client Digitally sign communications (if server agrees) (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Microsoft network client Digitally sign communications (if server agrees) security policy setting.
 ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/keep-secure/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
index 56635e06cc..901baabc0f 100644
--- a/windows/keep-secure/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
+++ b/windows/keep-secure/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
@@ -2,7 +2,7 @@
 title: Microsoft network client Send unencrypted password to third-party SMB servers (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network client Send unencrypted password to third-party SMB servers security policy setting.
 ms.assetid: 97a76b93-afa7-4dd9-bb52-7c9e289b6017
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/keep-secure/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
index 76e38d84c1..f124f2216c 100644
--- a/windows/keep-secure/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
+++ b/windows/keep-secure/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Amount of idle time required before suspending session (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Microsoft network server Amount of idle time required before suspending session security policy setting.
 ms.assetid: 8227842a-569d-480f-b43c-43450bbaa722
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/keep-secure/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
index ea1b074c71..d979a1d65a 100644
--- a/windows/keep-secure/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
+++ b/windows/keep-secure/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Attempt S4U2Self to obtain claim information (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Microsoft network server Attempt S4U2Self to obtain claim information security policy setting.
 ms.assetid: e4508387-35ed-4a3f-a47c-27f8396adbba
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-digitally-sign-communications-always.md b/windows/keep-secure/microsoft-network-server-digitally-sign-communications-always.md
index 23d423e6d9..e71590b3cf 100644
--- a/windows/keep-secure/microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/keep-secure/microsoft-network-server-digitally-sign-communications-always.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Digitally sign communications (always) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network server Digitally sign communications (always) security policy setting.
 ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/keep-secure/microsoft-network-server-digitally-sign-communications-if-client-agrees.md
index 2f327071cb..6ad33d8c8d 100644
--- a/windows/keep-secure/microsoft-network-server-digitally-sign-communications-if-client-agrees.md
+++ b/windows/keep-secure/microsoft-network-server-digitally-sign-communications-if-client-agrees.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Digitally sign communications (if client agrees) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network server Digitally sign communications (if client agrees) security policy setting.
 ms.assetid: c92b2e3d-1dbf-4337-a145-b17a585f4fc1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/keep-secure/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
index b2737896f1..529004e2f0 100644
--- a/windows/keep-secure/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
+++ b/windows/keep-secure/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Disconnect clients when logon hours expire (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Microsoft network server Disconnect clients when logon hours expire security policy setting.
 ms.assetid: 48b5c424-9ba8-416d-be7d-ccaabb3f49af
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-server-spn-target-name-validation-level.md b/windows/keep-secure/microsoft-network-server-server-spn-target-name-validation-level.md
index b5d71aae14..6096400f68 100644
--- a/windows/keep-secure/microsoft-network-server-server-spn-target-name-validation-level.md
+++ b/windows/keep-secure/microsoft-network-server-server-spn-target-name-validation-level.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Server SPN target name validation level (Windows 10)
 description: Describes the best practices, location, and values, policy management and security considerations for the Microsoft network server Server SPN target name validation level security policy setting.
 ms.assetid: 18337f78-eb45-42fd-bdbd-f8cd02c3e154
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-passport-and-password-changes.md b/windows/keep-secure/microsoft-passport-and-password-changes.md
index 4325261928..ceebe00f0a 100644
--- a/windows/keep-secure/microsoft-passport-and-password-changes.md
+++ b/windows/keep-secure/microsoft-passport-and-password-changes.md
@@ -2,7 +2,7 @@
 title: Microsoft Passport and password changes (Windows 10)
 description: When you set up Microsoft Passport, the PIN or biometric (Windows Hello) gesture that you use is specific to that device.
 ms.assetid: 83005FE4-8899-47A6-BEA9-C17CCA0B6B55
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
index a9483a0b56..490c5c9e6e 100644
--- a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
+++ b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
@@ -3,7 +3,7 @@ title: Microsoft Passport errors during PIN creation (Windows 10)
 description: When you set up Microsoft Passport in Windows 10, you may get an error during the Create a work PIN step.
 ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
 keywords: PIN, error, create a work PIN
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-passport-guide.md b/windows/keep-secure/microsoft-passport-guide.md
index 70f6296988..b78b6f94f7 100644
--- a/windows/keep-secure/microsoft-passport-guide.md
+++ b/windows/keep-secure/microsoft-passport-guide.md
@@ -3,8 +3,7 @@ title: Microsoft Passport guide (Windows 10)
 description: This guide describes the new Windows Hello and Microsoft Passport technologies that are part of the Windows 10 operating system.
 ms.assetid: 11EA7826-DA6B-4E5C-99FB-142CC6BD9E84
 keywords: security, credential, password, authentication
-ms.prod: W10
-ms.pagetype: security
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/minimum-password-age.md b/windows/keep-secure/minimum-password-age.md
index a975b21ff4..d56c232478 100644
--- a/windows/keep-secure/minimum-password-age.md
+++ b/windows/keep-secure/minimum-password-age.md
@@ -2,7 +2,7 @@
 title: Minimum password age (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Minimum password age security policy setting.
 ms.assetid: 91915cb2-1b3f-4fb7-afa0-d03df95e8161
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/minimum-password-length.md b/windows/keep-secure/minimum-password-length.md
index 79281f850c..39c8f9fa60 100644
--- a/windows/keep-secure/minimum-password-length.md
+++ b/windows/keep-secure/minimum-password-length.md
@@ -2,7 +2,7 @@
 title: Minimum password length (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Minimum password length security policy setting.
 ms.assetid: 3d22eb9a-859a-4b6f-82f5-c270c427e17e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
index fa17f2947f..91db7537e8 100644
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Minimum requirements for Windows Defender Advanced Threat Protection
 description: Minimum network and data storage configuration, endpoint hardware and software requirements, and deployment channel requirements for Windows Defender ATP.
 keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, endpoint, endpoint configuration, deployment channel
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/modify-an-object-label.md b/windows/keep-secure/modify-an-object-label.md
index a984a42a33..fecfb339d8 100644
--- a/windows/keep-secure/modify-an-object-label.md
+++ b/windows/keep-secure/modify-an-object-label.md
@@ -2,7 +2,7 @@
 title: Modify an object label (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Modify an object label security policy setting.
 ms.assetid: 3e5a97dd-d363-43a8-ae80-452e866ebfd5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/modify-firmware-environment-values.md b/windows/keep-secure/modify-firmware-environment-values.md
index 2dcc1d8dfc..e4f6b85eb1 100644
--- a/windows/keep-secure/modify-firmware-environment-values.md
+++ b/windows/keep-secure/modify-firmware-environment-values.md
@@ -2,7 +2,7 @@
 title: Modify firmware environment values (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Modify firmware environment values security policy setting.
 ms.assetid: 80bad5c4-d9eb-4e3a-a5dc-dcb742b83fca
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-application-usage-with-applocker.md b/windows/keep-secure/monitor-application-usage-with-applocker.md
index 14b94f4745..87ead686b6 100644
--- a/windows/keep-secure/monitor-application-usage-with-applocker.md
+++ b/windows/keep-secure/monitor-application-usage-with-applocker.md
@@ -2,7 +2,7 @@
 title: Monitor app usage with AppLocker (Windows 10)
 description: This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
 ms.assetid: 0516da6e-ebe4-45b4-a97b-31daba96d1cf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-central-access-policy-and-rule-definitions.md b/windows/keep-secure/monitor-central-access-policy-and-rule-definitions.md
index 11e4efc2be..6904612d1c 100644
--- a/windows/keep-secure/monitor-central-access-policy-and-rule-definitions.md
+++ b/windows/keep-secure/monitor-central-access-policy-and-rule-definitions.md
@@ -2,7 +2,7 @@
 title: Monitor central access policy and rule definitions (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 553f98a6-7606-4518-a3c5-347a33105130
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-claim-types.md b/windows/keep-secure/monitor-claim-types.md
index 9220126e6c..fcbaaa93b0 100644
--- a/windows/keep-secure/monitor-claim-types.md
+++ b/windows/keep-secure/monitor-claim-types.md
@@ -2,7 +2,7 @@
 title: Monitor claim types (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options.
 ms.assetid: 426084da-4eef-44af-aeec-e7ab4d4e2439
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
index 67ff38e86d..8babe1f172 100644
--- a/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Monitor Windows Defender ATP onboarding
 description: Monitor the onboarding of the Windows Defender ATP service to ensure your endpoints are correctly configured and are sending telemetry reports.
 keywords: monitor onboarding, monitor Windows Defender ATP onboarding, monitor Windows Defender Advanced Threat Protection onboarding
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/monitor-resource-attribute-definitions.md b/windows/keep-secure/monitor-resource-attribute-definitions.md
index 42bd9b783e..75bff821fe 100644
--- a/windows/keep-secure/monitor-resource-attribute-definitions.md
+++ b/windows/keep-secure/monitor-resource-attribute-definitions.md
@@ -2,7 +2,7 @@
 title: Monitor resource attribute definitions (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: aace34b0-123a-4b83-9e09-f269220e79de
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/keep-secure/monitor-the-central-access-policies-associated-with-files-and-folders.md
index db6155e24b..74e926c90b 100644
--- a/windows/keep-secure/monitor-the-central-access-policies-associated-with-files-and-folders.md
+++ b/windows/keep-secure/monitor-the-central-access-policies-associated-with-files-and-folders.md
@@ -2,7 +2,7 @@
 title: Monitor the central access policies associated with files and folders (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to the central access policies that are associated with files and folders when you are using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 2ea8fc23-b3ac-432f-87b0-6a16506e8eed
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/keep-secure/monitor-the-central-access-policies-that-apply-on-a-file-server.md
index aeee1c4b35..4e21c32c36 100644
--- a/windows/keep-secure/monitor-the-central-access-policies-that-apply-on-a-file-server.md
+++ b/windows/keep-secure/monitor-the-central-access-policies-that-apply-on-a-file-server.md
@@ -2,7 +2,7 @@
 title: Monitor the central access policies that apply on a file server (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-the-resource-attributes-on-files-and-folders.md b/windows/keep-secure/monitor-the-resource-attributes-on-files-and-folders.md
index fd2edb8b75..5849cc955c 100644
--- a/windows/keep-secure/monitor-the-resource-attributes-on-files-and-folders.md
+++ b/windows/keep-secure/monitor-the-resource-attributes-on-files-and-folders.md
@@ -2,7 +2,7 @@
 title: Monitor the resource attributes on files and folders (Windows 10)
 description: This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 4944097b-320f-44c7-88ed-bf55946a358b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-the-use-of-removable-storage-devices.md b/windows/keep-secure/monitor-the-use-of-removable-storage-devices.md
index c850719ed9..7665d0dddc 100644
--- a/windows/keep-secure/monitor-the-use-of-removable-storage-devices.md
+++ b/windows/keep-secure/monitor-the-use-of-removable-storage-devices.md
@@ -2,7 +2,7 @@
 title: Monitor the use of removable storage devices (Windows 10)
 description: This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: b0a9e4a5-b7ff-41c6-96ff-0228d4ba5da8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-user-and-device-claims-during-sign-in.md b/windows/keep-secure/monitor-user-and-device-claims-during-sign-in.md
index 8e767cf028..f95697b152 100644
--- a/windows/keep-secure/monitor-user-and-device-claims-during-sign-in.md
+++ b/windows/keep-secure/monitor-user-and-device-claims-during-sign-in.md
@@ -2,7 +2,7 @@
 title: Monitor user and device claims during sign-in (Windows 10)
 description: This topic for the IT professional describes how to monitor user and device claims that are associated with a user’s security token when you are using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 71796ea9-5fe4-4183-8475-805c3c1f319f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-allow-anonymous-sidname-translation.md b/windows/keep-secure/network-access-allow-anonymous-sidname-translation.md
index 6c14b5a06f..206c76f7fc 100644
--- a/windows/keep-secure/network-access-allow-anonymous-sidname-translation.md
+++ b/windows/keep-secure/network-access-allow-anonymous-sidname-translation.md
@@ -2,7 +2,7 @@
 title: Network access Allow anonymous SID/Name translation (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Allow anonymous SID/Name translation security policy setting.
 ms.assetid: 0144477f-22a6-4d06-b70a-9c9c2196e99e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
index 52eb452b76..7de439ad10 100644
--- a/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
+++ b/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
@@ -2,7 +2,7 @@
 title: Network access Do not allow anonymous enumeration of SAM accounts and shares (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Network access Do not allow anonymous enumeration of SAM accounts and shares security policy setting.
 ms.assetid: 3686788d-4cc7-4222-9163-cbc7c3362d73
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md b/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
index 20f6455173..1a8d592782 100644
--- a/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
+++ b/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
@@ -2,7 +2,7 @@
 title: Network access Do not allow anonymous enumeration of SAM accounts (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Network access Do not allow anonymous enumeration of SAM accounts security policy setting.
 ms.assetid: 6ee25b33-ad43-4097-b031-7be680f64c7c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/keep-secure/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
index ec12a8c647..a60b14af97 100644
--- a/windows/keep-secure/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
+++ b/windows/keep-secure/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
@@ -2,7 +2,7 @@
 title: Network access Do not allow storage of passwords and credentials for network authentication (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Do not allow storage of passwords and credentials for network authentication security policy setting.
 ms.assetid: b9b64360-36ea-40fa-b795-2d6558c46563
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/keep-secure/network-access-let-everyone-permissions-apply-to-anonymous-users.md
index eedd57751a..02f1530efb 100644
--- a/windows/keep-secure/network-access-let-everyone-permissions-apply-to-anonymous-users.md
+++ b/windows/keep-secure/network-access-let-everyone-permissions-apply-to-anonymous-users.md
@@ -2,7 +2,7 @@
 title: Network access Let Everyone permissions apply to anonymous users (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Let Everyone permissions apply to anonymous users security policy setting.
 ms.assetid: cdbc5159-9173-497e-b46b-7325f4256353
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/keep-secure/network-access-named-pipes-that-can-be-accessed-anonymously.md
index ab8eff2298..68f545297d 100644
--- a/windows/keep-secure/network-access-named-pipes-that-can-be-accessed-anonymously.md
+++ b/windows/keep-secure/network-access-named-pipes-that-can-be-accessed-anonymously.md
@@ -2,7 +2,7 @@
 title: Network access Named Pipes that can be accessed anonymously (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Named Pipes that can be accessed anonymously security policy setting.
 ms.assetid: 8897d2a4-813e-4d2b-8518-fcee71e1cf2c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-remotely-accessible-registry-paths-and-subpaths.md b/windows/keep-secure/network-access-remotely-accessible-registry-paths-and-subpaths.md
index d7a01b9e6e..3dc22f67e2 100644
--- a/windows/keep-secure/network-access-remotely-accessible-registry-paths-and-subpaths.md
+++ b/windows/keep-secure/network-access-remotely-accessible-registry-paths-and-subpaths.md
@@ -2,7 +2,7 @@
 title: Network access Remotely accessible registry paths and subpaths (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Network access Remotely accessible registry paths and subpaths security policy setting.
 ms.assetid: 3fcbbf70-a002-4f85-8e86-8dabad21928e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-remotely-accessible-registry-paths.md b/windows/keep-secure/network-access-remotely-accessible-registry-paths.md
index 86fd1783e9..88c2340130 100644
--- a/windows/keep-secure/network-access-remotely-accessible-registry-paths.md
+++ b/windows/keep-secure/network-access-remotely-accessible-registry-paths.md
@@ -2,7 +2,7 @@
 title: Network access Remotely accessible registry paths (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Remotely accessible registry paths security policy setting.
 ms.assetid: 977f86ea-864f-4f1b-9756-22220efce0bd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md b/windows/keep-secure/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
index 84be70c08b..75a2e71242 100644
--- a/windows/keep-secure/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
+++ b/windows/keep-secure/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
@@ -2,7 +2,7 @@
 title: Network access Restrict anonymous access to Named Pipes and Shares (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Restrict anonymous access to Named Pipes and Shares security policy setting.
 ms.assetid: e66cd708-7322-4d49-9b57-1bf8ec7a4c10
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-shares-that-can-be-accessed-anonymously.md b/windows/keep-secure/network-access-shares-that-can-be-accessed-anonymously.md
index b4505320e4..4f53f77bdc 100644
--- a/windows/keep-secure/network-access-shares-that-can-be-accessed-anonymously.md
+++ b/windows/keep-secure/network-access-shares-that-can-be-accessed-anonymously.md
@@ -2,7 +2,7 @@
 title: Network access Shares that can be accessed anonymously (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Shares that can be accessed anonymously security policy setting.
 ms.assetid: f3e4b919-8279-4972-b415-5f815e2f0a1a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-sharing-and-security-model-for-local-accounts.md b/windows/keep-secure/network-access-sharing-and-security-model-for-local-accounts.md
index fee079071d..aab32aedb6 100644
--- a/windows/keep-secure/network-access-sharing-and-security-model-for-local-accounts.md
+++ b/windows/keep-secure/network-access-sharing-and-security-model-for-local-accounts.md
@@ -2,7 +2,7 @@
 title: Network access Sharing and security model for local accounts (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Sharing and security model for local accounts security policy setting.
 ms.assetid: 0b3d703c-ea27-488f-8f59-b345af75b994
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-list-manager-policies.md b/windows/keep-secure/network-list-manager-policies.md
index 11de5e4da7..1488ba7052 100644
--- a/windows/keep-secure/network-list-manager-policies.md
+++ b/windows/keep-secure/network-list-manager-policies.md
@@ -2,7 +2,7 @@
 title: Network List Manager policies (Windows 10)
 description: Network List Manager policies are security settings that you can use to configure different aspects of how networks are listed and displayed on one device or on many devices.
 ms.assetid: bd8109d4-b07c-4beb-a9a6-affae2ba2fda
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/keep-secure/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
index 929606cb16..0c3458656e 100644
--- a/windows/keep-secure/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
+++ b/windows/keep-secure/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
@@ -2,7 +2,7 @@
 title: Network security Allow Local System to use computer identity for NTLM (Windows 10)
 description: Describes the location, values, policy management, and security considerations for the Network security Allow Local System to use computer identity for NTLM security policy setting.
 ms.assetid: c46a658d-b7a4-4139-b7ea-b9268c240053
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-allow-localsystem-null-session-fallback.md b/windows/keep-secure/network-security-allow-localsystem-null-session-fallback.md
index 34b487bba3..405f149efa 100644
--- a/windows/keep-secure/network-security-allow-localsystem-null-session-fallback.md
+++ b/windows/keep-secure/network-security-allow-localsystem-null-session-fallback.md
@@ -2,7 +2,7 @@
 title: Network security Allow LocalSystem NULL session fallback (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Network security Allow LocalSystem NULL session fallback security policy setting.
 ms.assetid: 5b72edaa-bec7-4572-b6f0-648fc38f5395
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/keep-secure/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
index a381d1388c..fe460ccefd 100644
--- a/windows/keep-secure/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
+++ b/windows/keep-secure/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
@@ -2,7 +2,7 @@
 title: Network security Allow PKU2U authentication requests to this computer to use online identities (Windows 10)
 description: Describes the best practices, location, and values for the Network Security Allow PKU2U authentication requests to this computer to use online identities security policy setting.
 ms.assetid: e04a854e-d94d-4306-9fb3-56e9bd7bb926
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/keep-secure/network-security-configure-encryption-types-allowed-for-kerberos.md
index 7ca22f98c0..bcbe56a0ef 100644
--- a/windows/keep-secure/network-security-configure-encryption-types-allowed-for-kerberos.md
+++ b/windows/keep-secure/network-security-configure-encryption-types-allowed-for-kerberos.md
@@ -2,7 +2,7 @@
 title: Network security Configure encryption types allowed for Kerberos Win7 only (Windows 10)
 description: Describes the best practices, location, values and security considerations for the Network security Configure encryption types allowed for Kerberos Win7 only security policy setting.
 ms.assetid: 303d32cc-415b-44ba-96c0-133934046ece
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/keep-secure/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
index 95b335005c..11984a8b59 100644
--- a/windows/keep-secure/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
+++ b/windows/keep-secure/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
@@ -2,7 +2,7 @@
 title: Network security Do not store LAN Manager hash value on next password change (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security Do not store LAN Manager hash value on next password change security policy setting.
 ms.assetid: 6452b268-e5ba-4889-9d38-db28f919af51
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-force-logoff-when-logon-hours-expire.md b/windows/keep-secure/network-security-force-logoff-when-logon-hours-expire.md
index f6dd03a829..a302a70695 100644
--- a/windows/keep-secure/network-security-force-logoff-when-logon-hours-expire.md
+++ b/windows/keep-secure/network-security-force-logoff-when-logon-hours-expire.md
@@ -2,7 +2,7 @@
 title: Network security Force logoff when logon hours expire (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security Force logoff when logon hours expire security policy setting.
 ms.assetid: 64d5dde4-58e4-4217-b2c4-73bd554ec926
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-lan-manager-authentication-level.md b/windows/keep-secure/network-security-lan-manager-authentication-level.md
index 5d8a5343aa..3ae2b1240e 100644
--- a/windows/keep-secure/network-security-lan-manager-authentication-level.md
+++ b/windows/keep-secure/network-security-lan-manager-authentication-level.md
@@ -2,7 +2,7 @@
 title: Network security LAN Manager authentication level (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security LAN Manager authentication level security policy setting.
 ms.assetid: bbe1a98c-420a-41e7-9d3c-3a2fe0f1843e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-ldap-client-signing-requirements.md b/windows/keep-secure/network-security-ldap-client-signing-requirements.md
index 5207e6e65f..158b64ed3c 100644
--- a/windows/keep-secure/network-security-ldap-client-signing-requirements.md
+++ b/windows/keep-secure/network-security-ldap-client-signing-requirements.md
@@ -2,7 +2,7 @@
 title: Network security LDAP client signing requirements (Windows 10)
 description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting.
 ms.assetid: 38b35489-eb5b-4035-bc87-df63de50509c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
index ba6527767f..b9a0e71329 100644
--- a/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
+++ b/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
@@ -2,7 +2,7 @@
 title: Network security Minimum session security for NTLM SSP based (including secure RPC) clients (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security Minimum session security for NTLM SSP based (including secure RPC) clients security policy setting.
 ms.assetid: 89903de8-23d0-4e0f-9bef-c00cb7aebf00
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
index 6bd65a6591..752b9c97c1 100644
--- a/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
+++ b/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
@@ -2,7 +2,7 @@
 title: Network security Minimum session security for NTLM SSP based (including secure RPC) servers (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security Minimum session security for NTLM SSP based (including secure RPC) servers security policy setting.
 ms.assetid: c6a60c1b-bc8d-4d02-9481-f847a411b4fc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/keep-secure/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
index ca5c6d20da..74c9b41100 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Add remote server exceptions for NTLM authentication (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network security Restrict NTLM Add remote server exceptions for NTLM authentication security policy setting.
 ms.assetid: 9b017399-0a54-4580-bfae-614c2beda3a1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/keep-secure/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
index 8a29a1cbad..e16e7c0ff3 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Add server exceptions in this domain (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network security Restrict NTLM Add server exceptions in this domain security policy setting.
 ms.assetid: 2f981b68-6aa7-4dd9-b53d-d88551277cc0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/keep-secure/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
index 30716f504d..f5b4bd4032 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Audit incoming NTLM traffic (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Audit incoming NTLM traffic security policy setting.
 ms.assetid: 37e380c2-22e1-44cd-9993-e12815b845cf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/keep-secure/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index 4bda1da37a..c4254e5036 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Audit NTLM authentication in this domain (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Audit NTLM authentication in this domain security policy setting.
 ms.assetid: 33183ef9-53b5-4258-8605-73dc46335e6e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/keep-secure/network-security-restrict-ntlm-incoming-ntlm-traffic.md
index 270051f5d3..fba51b1a73 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-incoming-ntlm-traffic.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-incoming-ntlm-traffic.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Incoming NTLM traffic (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Incoming NTLM traffic security policy setting.
 ms.assetid: c0eff7d3-ed59-4004-908a-2205295fefb8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/keep-secure/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
index 8389b3ad72..407c4b9976 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM NTLM authentication in this domain (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM NTLM authentication in this domain security policy setting.
 ms.assetid: 4c7884e9-cc11-4402-96b6-89c77dc908f8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/keep-secure/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
index 439657d395..896cdbadc1 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Outgoing NTLM traffic to remote servers (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Outgoing NTLM traffic to remote servers security policy setting.
 ms.assetid: 63437a90-764b-4f06-aed8-a4a26cf81bd1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
index baf6178433..eaaa736c69 100644
--- a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Onboard endpoints and set up the Windows Defender ATP user access
 description: Set up user access in Azure Active Directory and use Group Policy, SCCM, or do manual registry changes to onboard endpoints to the service.
 keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/optimize-applocker-performance.md b/windows/keep-secure/optimize-applocker-performance.md
index cdd61ef5e2..ff8f099f2d 100644
--- a/windows/keep-secure/optimize-applocker-performance.md
+++ b/windows/keep-secure/optimize-applocker-performance.md
@@ -2,7 +2,7 @@
 title: Optimize AppLocker performance (Windows 10)
 description: This topic for IT professionals describes how to optimize AppLocker policy enforcement.
 ms.assetid: a20efa20-bc98-40fe-bd81-28ec4905e0f6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/overview-create-edp-policy.md b/windows/keep-secure/overview-create-edp-policy.md
index 24e6c6a647..0ca5b7cbd1 100644
--- a/windows/keep-secure/overview-create-edp-policy.md
+++ b/windows/keep-secure/overview-create-edp-policy.md
@@ -2,9 +2,10 @@
 title: Create an enterprise data protection (EDP) policy (Windows 10)
 description: Microsoft Intune and System Center Configuration Manager (version 1511 or later) helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
 ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/keep-secure/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index db85e986ec..b17006c05a 100644
--- a/windows/keep-secure/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/keep-secure/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Packaged apps and packaged app installer rules in AppLocker (Windows 10)
 description: This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
 ms.assetid: 8fd44d08-a0c2-4c5b-a91f-5cb9989f971d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/passport-event-300.md b/windows/keep-secure/passport-event-300.md
index 1d055b34c7..9a7c694ae0 100644
--- a/windows/keep-secure/passport-event-300.md
+++ b/windows/keep-secure/passport-event-300.md
@@ -2,8 +2,8 @@
 title: Event ID 300 - Passport successfully created (Windows 10)
 description: This event is created when a Microsoft Passport for Enterprise is successfully created and registered with Azure Active Directory (Azure AD).
 ms.assetid: 0DD59E75-1C5F-4CC6-BB0E-71C83884FF04
-keywords: ["ngc"]
-ms.prod: W10
+keywords: ngc
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/password-must-meet-complexity-requirements.md b/windows/keep-secure/password-must-meet-complexity-requirements.md
index c8b513828e..d51142a117 100644
--- a/windows/keep-secure/password-must-meet-complexity-requirements.md
+++ b/windows/keep-secure/password-must-meet-complexity-requirements.md
@@ -2,7 +2,7 @@
 title: Password must meet complexity requirements (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Password must meet complexity requirements security policy setting.
 ms.assetid: 94482ae3-9dda-42df-9782-2f66196e6afe
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/password-policy.md b/windows/keep-secure/password-policy.md
index fd3d56e268..4198fac995 100644
--- a/windows/keep-secure/password-policy.md
+++ b/windows/keep-secure/password-policy.md
@@ -2,7 +2,7 @@
 title: Password Policy (Windows 10)
 description: An overview of password policies for Windows and links to information for each policy setting.
 ms.assetid: aec1220d-a875-4575-9050-f02f9c54a3b6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/perform-volume-maintenance-tasks.md b/windows/keep-secure/perform-volume-maintenance-tasks.md
index 4a7f305290..dae56942a1 100644
--- a/windows/keep-secure/perform-volume-maintenance-tasks.md
+++ b/windows/keep-secure/perform-volume-maintenance-tasks.md
@@ -2,7 +2,7 @@
 title: Perform volume maintenance tasks (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Perform volume maintenance tasks security policy setting.
 ms.assetid: b6990813-3898-43e2-8221-c9c06d893244
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/plan-for-applocker-policy-management.md b/windows/keep-secure/plan-for-applocker-policy-management.md
index 0fa131561e..96d65e5c32 100644
--- a/windows/keep-secure/plan-for-applocker-policy-management.md
+++ b/windows/keep-secure/plan-for-applocker-policy-management.md
@@ -2,7 +2,7 @@
 title: Plan for AppLocker policy management (Windows 10)
 description: This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
 ms.assetid: dccc196f-6ae0-4ae4-853a-a3312b18751b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
index c9a1917ba3..1fa912d181 100644
--- a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
@@ -2,7 +2,7 @@
 title: Planning and deploying advanced security audit policies (Windows 10)
 description: This topic for the IT professional explains the options that security policy planners must consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies.
 ms.assetid: 7428e1db-aba8-407b-a39e-509671e5a442
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
index b5dae385ac..4eaf0224ec 100644
--- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender Advanced Threat Protection portal overview
 description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
 keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines view, preferences setup, client onboarding, advanced attacks
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: DulceMV
 ---
 
diff --git a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
index 74cebb3914..d377aafd3e 100644
--- a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
+++ b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
@@ -3,7 +3,7 @@ title: Prepare people to use Microsoft Passport (Windows 10)
 description: When you set a policy to require Microsoft Passport in the workplace, you will want to prepare people in your organization.
 ms.assetid: 5270B416-CE31-4DD9-862D-6C22A2AE508B
 keywords: identity, PIN, biometric, Hello
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
index 3c5e402383..c30af5a4c1 100644
--- a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -2,7 +2,7 @@
 title: Prepare your organization for BitLocker Planning and policies (Windows 10)
 description: This topic for the IT professional explains how can you plan your BitLocker deployment.
 ms.assetid: 6e3593b5-4e8a-40ac-808a-3fdbc948059d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/profile-single-process.md b/windows/keep-secure/profile-single-process.md
index bcb68afa86..0dce3bdffe 100644
--- a/windows/keep-secure/profile-single-process.md
+++ b/windows/keep-secure/profile-single-process.md
@@ -2,7 +2,7 @@
 title: Profile single process (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Profile single process security policy setting.
 ms.assetid: c0963de4-4f5e-430e-bfcd-dfd68e66a075
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/profile-system-performance.md b/windows/keep-secure/profile-system-performance.md
index 5166f4de6f..d7b5f3b8fc 100644
--- a/windows/keep-secure/profile-system-performance.md
+++ b/windows/keep-secure/profile-system-performance.md
@@ -2,7 +2,7 @@
 title: Profile system performance (Windows 10)
 description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management, and security considerations for the Profile system performance security policy setting.
 ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/protect-bitlocker-from-pre-boot-attacks.md b/windows/keep-secure/protect-bitlocker-from-pre-boot-attacks.md
index 1b1c4370f3..197d906dd6 100644
--- a/windows/keep-secure/protect-bitlocker-from-pre-boot-attacks.md
+++ b/windows/keep-secure/protect-bitlocker-from-pre-boot-attacks.md
@@ -2,7 +2,7 @@
 title: Protect BitLocker from pre-boot attacks (Windows 10)
 description: This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration.
 ms.assetid: 24d19988-fc79-4c45-b392-b39cba4ec86b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/protect-enterprise-data-using-edp.md b/windows/keep-secure/protect-enterprise-data-using-edp.md
index d647af4367..e3da331f91 100644
--- a/windows/keep-secure/protect-enterprise-data-using-edp.md
+++ b/windows/keep-secure/protect-enterprise-data-using-edp.md
@@ -2,10 +2,11 @@
 title: Protect your enterprise data using enterprise data protection (EDP) (Windows 10)
 description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control.
 ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index 2550941ba3..61313be105 100644
--- a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -3,10 +3,10 @@ title: Control the health of Windows 10-based devices (Windows 10)
 description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices.
 ms.assetid: 45DB1C41-C35D-43C9-A274-3AD5F31FE873
 keywords: security, BYOD, malware, device health attestation, mobile
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: security; devices
+ms.pagetype: security, devices
 author: arnaudjumelet
 
 ---
diff --git a/windows/keep-secure/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/keep-secure/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
index fc092b8a95..aaf71600b1 100644
--- a/windows/keep-secure/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/keep-secure/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@@ -2,7 +2,7 @@
 title: Protecting cluster shared volumes and storage area networks with BitLocker (Windows 10)
 description: This topic for IT pros describes how to protect CSVs and SANs with BitLocker.
 ms.assetid: ecd25a10-42c7-4d31-8a7e-ea52c8ebc092
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/recovery-console-allow-automatic-administrative-logon.md b/windows/keep-secure/recovery-console-allow-automatic-administrative-logon.md
index 394b4421db..4ef6ba5277 100644
--- a/windows/keep-secure/recovery-console-allow-automatic-administrative-logon.md
+++ b/windows/keep-secure/recovery-console-allow-automatic-administrative-logon.md
@@ -2,7 +2,7 @@
 title: Recovery console Allow automatic administrative logon (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Recovery console Allow automatic administrative logon security policy setting.
 ms.assetid: be2498fc-48f4-43f3-ad09-74664e45e596
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/keep-secure/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
index 23aad36087..d8945335fa 100644
--- a/windows/keep-secure/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
+++ b/windows/keep-secure/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
@@ -2,7 +2,7 @@
 title: Recovery console Allow floppy copy and access to all drives and folders (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Recovery console Allow floppy copy and access to all drives and folders security policy setting.
 ms.assetid: a5b4ac0c-f33d-42b5-a866-72afa7cbd0bd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/refresh-an-applocker-policy.md b/windows/keep-secure/refresh-an-applocker-policy.md
index fd227910c6..719bfb599b 100644
--- a/windows/keep-secure/refresh-an-applocker-policy.md
+++ b/windows/keep-secure/refresh-an-applocker-policy.md
@@ -2,7 +2,7 @@
 title: Refresh an AppLocker policy (Windows 10)
 description: This topic for IT professionals describes the steps to force an update for an AppLocker policy.
 ms.assetid: 3f24fcbc-3926-46b9-a1a2-dd036edab8a9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/registry-global-object-access-auditing.md b/windows/keep-secure/registry-global-object-access-auditing.md
index 087c5f60fc..b734cec46b 100644
--- a/windows/keep-secure/registry-global-object-access-auditing.md
+++ b/windows/keep-secure/registry-global-object-access-auditing.md
@@ -2,7 +2,7 @@
 title: Registry (Global Object Access Auditing) (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Registry (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the registry of a computer.
 ms.assetid: 953bb1c1-3f76-43be-ba17-4aed2304f578
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/remove-computer-from-docking-station.md b/windows/keep-secure/remove-computer-from-docking-station.md
index 06949c5258..ee3b81a7d3 100644
--- a/windows/keep-secure/remove-computer-from-docking-station.md
+++ b/windows/keep-secure/remove-computer-from-docking-station.md
@@ -2,7 +2,7 @@
 title: Remove computer from docking station (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Remove computer from docking station security policy setting.
 ms.assetid: 229a385a-a862-4973-899a-413b1b5b6c30
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/replace-a-process-level-token.md b/windows/keep-secure/replace-a-process-level-token.md
index 0beaf15c90..5361f2a589 100644
--- a/windows/keep-secure/replace-a-process-level-token.md
+++ b/windows/keep-secure/replace-a-process-level-token.md
@@ -2,7 +2,7 @@
 title: Replace a process level token (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Replace a process level token security policy setting.
 ms.assetid: 5add02db-6339-489e-ba21-ccc3ccbe8745
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/requirements-for-deploying-applocker-policies.md b/windows/keep-secure/requirements-for-deploying-applocker-policies.md
index f1608ee829..e3b6c29aa7 100644
--- a/windows/keep-secure/requirements-for-deploying-applocker-policies.md
+++ b/windows/keep-secure/requirements-for-deploying-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Requirements for deploying AppLocker policies (Windows 10)
 description: This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
 ms.assetid: 3e55bda2-3cd7-42c7-bad3-c7dfbe193d48
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/requirements-to-use-applocker.md b/windows/keep-secure/requirements-to-use-applocker.md
index f9c5f24fae..6389eb2755 100644
--- a/windows/keep-secure/requirements-to-use-applocker.md
+++ b/windows/keep-secure/requirements-to-use-applocker.md
@@ -2,7 +2,7 @@
 title: Requirements to use AppLocker (Windows 10)
 description: This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
 ms.assetid: dc380535-071e-4794-8f9d-e5d1858156f0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/reset-account-lockout-counter-after.md b/windows/keep-secure/reset-account-lockout-counter-after.md
index ebefbb2d0c..d3e6f545ed 100644
--- a/windows/keep-secure/reset-account-lockout-counter-after.md
+++ b/windows/keep-secure/reset-account-lockout-counter-after.md
@@ -2,7 +2,7 @@
 title: Reset account lockout counter after (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Reset account lockout counter after security policy setting.
 ms.assetid: d5ccf6dd-5ba7-44a9-8e0b-c478d8b1442c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/restore-files-and-directories.md b/windows/keep-secure/restore-files-and-directories.md
index b428c37092..e8bb7e6f85 100644
--- a/windows/keep-secure/restore-files-and-directories.md
+++ b/windows/keep-secure/restore-files-and-directories.md
@@ -2,7 +2,7 @@
 title: Restore files and directories (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Restore files and directories security policy setting.
 ms.assetid: c673c0fa-6f49-4edd-8c1f-c5e8513f701d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
index 9eb59d5dc1..9e6debeb0f 100644
--- a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
@@ -4,9 +4,10 @@ description: IT professionals can run a scan using the command line in Windows D
 keywords: scan, command line, mpcmdrun, defender
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/run-the-automatically-generate-rules-wizard.md b/windows/keep-secure/run-the-automatically-generate-rules-wizard.md
index 12a5620d21..565f6331da 100644
--- a/windows/keep-secure/run-the-automatically-generate-rules-wizard.md
+++ b/windows/keep-secure/run-the-automatically-generate-rules-wizard.md
@@ -2,7 +2,7 @@
 title: Run the Automatically Generate Rules wizard (Windows 10)
 description: This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
 ms.assetid: 8cad1e14-d5b2-437c-8f88-70cffd7b3d8e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/script-rules-in-applocker.md b/windows/keep-secure/script-rules-in-applocker.md
index 10efd57b91..6fd0ec9196 100644
--- a/windows/keep-secure/script-rules-in-applocker.md
+++ b/windows/keep-secure/script-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Script rules in AppLocker (Windows 10)
 description: This topic describes the file formats and available default rules for the script rule collection.
 ms.assetid: fee24ca4-935a-4c5e-8a92-8cf1d134d35f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/secpol-advanced-security-audit-policy-settings.md b/windows/keep-secure/secpol-advanced-security-audit-policy-settings.md
index a4f7e13245..e3f6f2ce53 100644
--- a/windows/keep-secure/secpol-advanced-security-audit-policy-settings.md
+++ b/windows/keep-secure/secpol-advanced-security-audit-policy-settings.md
@@ -2,7 +2,7 @@
 title: Advanced security audit policy settings (Windows 10)
 description: Provides information about the advanced security audit policy settings that are available in Windows and the audit events that they generate.
 ms.assetid: 6BF9A642-DBC3-4101-94A3-B2316C553CE3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-auditing-overview.md b/windows/keep-secure/security-auditing-overview.md
index 135ebc41e5..cde9b0865f 100644
--- a/windows/keep-secure/security-auditing-overview.md
+++ b/windows/keep-secure/security-auditing-overview.md
@@ -2,7 +2,7 @@
 title: Security auditing (Windows 10)
 description: Topics in this section are for IT professionals and describes the security auditing features in Windows and how your organization can benefit from using these technologies to enhance the security and manageability of your network.
 ms.assetid: 2d9b8142-49bd-4a33-b246-3f0c2a5f32d4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-considerations-for-applocker.md b/windows/keep-secure/security-considerations-for-applocker.md
index 560f73ba5a..f7c0df0eab 100644
--- a/windows/keep-secure/security-considerations-for-applocker.md
+++ b/windows/keep-secure/security-considerations-for-applocker.md
@@ -2,7 +2,7 @@
 title: Security considerations for AppLocker (Windows 10)
 description: This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.
 ms.assetid: 354a5abb-7b31-4bea-a442-aa9666117625
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-options.md b/windows/keep-secure/security-options.md
index b9ddcb4bf8..2d25a87621 100644
--- a/windows/keep-secure/security-options.md
+++ b/windows/keep-secure/security-options.md
@@ -2,7 +2,7 @@
 title: Security Options (Windows 10)
 description: Provides an introduction to the settings under Security Options of the local security policies and links to information about each setting.
 ms.assetid: 405ea253-8116-4e57-b08e-14a8dcdca92b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-policy-settings-reference.md b/windows/keep-secure/security-policy-settings-reference.md
index 06c6b96d8d..4023dfc66f 100644
--- a/windows/keep-secure/security-policy-settings-reference.md
+++ b/windows/keep-secure/security-policy-settings-reference.md
@@ -2,7 +2,7 @@
 title: Security policy settings reference (Windows 10)
 description: This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations.
 ms.assetid: ef5a4579-15a8-4507-9a43-b7ccddcb0ed1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-policy-settings.md b/windows/keep-secure/security-policy-settings.md
index 1551485d7e..f9ea234685 100644
--- a/windows/keep-secure/security-policy-settings.md
+++ b/windows/keep-secure/security-policy-settings.md
@@ -2,7 +2,7 @@
 title: Security policy settings (Windows 10)
 description: This reference topic describes the common scenarios, architecture, and processes for security settings.
 ms.assetid: e7ac5204-7f6c-4708-a9f6-6af712ca43b9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-technologies.md b/windows/keep-secure/security-technologies.md
index 7d54d652f2..39c9eedbb3 100644
--- a/windows/keep-secure/security-technologies.md
+++ b/windows/keep-secure/security-technologies.md
@@ -2,7 +2,7 @@
 title: Security technologies (Windows 10)
 description: Learn more about the different security technologies that are available in Windows 10 and Windows 10 Mobile.
 ms.assetid: BFE2DE22-B0CE-465B-8CF6-28F64464DF08
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/select-types-of-rules-to-create.md b/windows/keep-secure/select-types-of-rules-to-create.md
index 6e92663943..00ae11caf5 100644
--- a/windows/keep-secure/select-types-of-rules-to-create.md
+++ b/windows/keep-secure/select-types-of-rules-to-create.md
@@ -2,7 +2,7 @@
 title: Select the types of rules to create (Windows 10)
 description: This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
 ms.assetid: 14751169-0ed1-47cc-822c-8c01a7477784
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md
index 1be3c1bfe6..fb5e5d5cbf 100644
--- a/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender ATP service onboarding
 description: Assign users to the Windows Defender ATP service application in Azure Active Directory to grant access to the portal.
 keywords: service onboarding, Windows Defender Advanced Threat Protection service onboarding, manage users,
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
index f976f74857..81d0358abb 100644
--- a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender Advanced Threat Protection settings
 description: Use the menu to configure the time zone, suppression rules, and view license information.
 keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license, suppression rules
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: DulceMV
 ---
 
diff --git a/windows/keep-secure/shut-down-the-system.md b/windows/keep-secure/shut-down-the-system.md
index e07bf9633a..0c4f6b24a7 100644
--- a/windows/keep-secure/shut-down-the-system.md
+++ b/windows/keep-secure/shut-down-the-system.md
@@ -2,7 +2,7 @@
 title: Shut down the system (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Shut down the system security policy setting.
 ms.assetid: c8e8f890-153a-401e-a957-ba6a130304bf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/keep-secure/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
index a480adae03..bdd15d4040 100644
--- a/windows/keep-secure/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
+++ b/windows/keep-secure/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
@@ -2,7 +2,7 @@
 title: Shutdown Allow system to be shut down without having to log on (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Shutdown Allow system to be shut down without having to log on security policy setting.
 ms.assetid: f3964767-5377-4416-8eb3-e14d553a7315
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/shutdown-clear-virtual-memory-pagefile.md b/windows/keep-secure/shutdown-clear-virtual-memory-pagefile.md
index 1e23676be3..83e27c9e00 100644
--- a/windows/keep-secure/shutdown-clear-virtual-memory-pagefile.md
+++ b/windows/keep-secure/shutdown-clear-virtual-memory-pagefile.md
@@ -2,7 +2,7 @@
 title: Shutdown Clear virtual memory pagefile (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Shutdown Clear virtual memory pagefile security policy setting.
 ms.assetid: 31400078-6c56-4891-a6df-6dfb403c4bc9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/store-passwords-using-reversible-encryption.md b/windows/keep-secure/store-passwords-using-reversible-encryption.md
index 386e132579..667eaec2fc 100644
--- a/windows/keep-secure/store-passwords-using-reversible-encryption.md
+++ b/windows/keep-secure/store-passwords-using-reversible-encryption.md
@@ -2,7 +2,7 @@
 title: Store passwords using reversible encryption (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Store passwords using reversible encryption security policy setting.
 ms.assetid: 57f958c2-f1e9-48bf-871b-0a9b3299e238
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
index dddb84f0a2..b6b9fd71e5 100644
--- a/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -2,7 +2,7 @@
 title: Switch PCR banks on TPM 2.0 devices (Windows 10)
 description: A Platform Configuration Register (PCR) is a memory location in the TPM that has some unique properties.
 ms.assetid: 743FCCCB-99A9-4636-8F48-9ECB3A3D10DE
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/synchronize-directory-service-data.md b/windows/keep-secure/synchronize-directory-service-data.md
index 853573d001..b562f8a178 100644
--- a/windows/keep-secure/synchronize-directory-service-data.md
+++ b/windows/keep-secure/synchronize-directory-service-data.md
@@ -2,7 +2,7 @@
 title: Synchronize directory service data (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Synchronize directory service data security policy setting.
 ms.assetid: 97b0aaa4-674f-40f4-8974-b4bfb12c232c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/keep-secure/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
index c72f3b1385..0862dc11d1 100644
--- a/windows/keep-secure/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
+++ b/windows/keep-secure/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
@@ -2,7 +2,7 @@
 title: System cryptography Force strong key protection for user keys stored on the computer (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System cryptography Force strong key protection for user keys stored on the computer security policy setting.
 ms.assetid: 8cbff267-881e-4bf6-920d-b583a5ff7de0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/keep-secure/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index f7137a0c09..a1a1738dad 100644
--- a/windows/keep-secure/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/keep-secure/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -2,7 +2,7 @@
 title: System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing (Windows 10)
 description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting.
 ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/keep-secure/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
index 6f9e3c9d43..1f3af1c21c 100644
--- a/windows/keep-secure/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
+++ b/windows/keep-secure/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
@@ -2,7 +2,7 @@
 title: System objects Require case insensitivity for non-Windows subsystems (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System objects Require case insensitivity for non-Windows subsystems security policy setting.
 ms.assetid: 340d6769-8f33-4067-8470-1458978d1522
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/keep-secure/system-objects-strengthen-default-permissions-of-internal-system-objects.md
index 708cba1b5a..5be5a462b1 100644
--- a/windows/keep-secure/system-objects-strengthen-default-permissions-of-internal-system-objects.md
+++ b/windows/keep-secure/system-objects-strengthen-default-permissions-of-internal-system-objects.md
@@ -2,7 +2,7 @@
 title: System objects Strengthen default permissions of internal system objects (e.g. Symbolic Links) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System objects Strengthen default permissions of internal system objects (e.g. Symbolic Links) security policy setting.
 ms.assetid: 3a592097-9cf5-4fd0-a504-7cbfab050bb6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-settings-optional-subsystems.md b/windows/keep-secure/system-settings-optional-subsystems.md
index 4e096fea50..15ec7c1221 100644
--- a/windows/keep-secure/system-settings-optional-subsystems.md
+++ b/windows/keep-secure/system-settings-optional-subsystems.md
@@ -2,7 +2,7 @@
 title: System settings Optional subsystems (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System settings Optional subsystems security policy setting.
 ms.assetid: 5cb6519a-4f84-4b45-8072-e2aa8a72fb78
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/keep-secure/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
index 85e0a1c7bd..ae25abd015 100644
--- a/windows/keep-secure/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
+++ b/windows/keep-secure/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
@@ -2,7 +2,7 @@
 title: System settings Use certificate rules on Windows executables for Software Restriction Policies (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System settings Use certificate rules on Windows executables for Software Restriction Policies security policy setting.
 ms.assetid: 2380d93b-b553-4e56-a0c0-d1ef740d089c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/take-ownership-of-files-or-other-objects.md b/windows/keep-secure/take-ownership-of-files-or-other-objects.md
index 255f2d4ff3..24ab3257e2 100644
--- a/windows/keep-secure/take-ownership-of-files-or-other-objects.md
+++ b/windows/keep-secure/take-ownership-of-files-or-other-objects.md
@@ -2,7 +2,7 @@
 title: Take ownership of files or other objects (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Take ownership of files or other objects security policy setting.
 ms.assetid: cb8595d1-74cc-4176-bb15-d97663eebb2d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/keep-secure/test-an-applocker-policy-by-using-test-applockerpolicy.md
index aa27d42260..fcc3bf2eac 100644
--- a/windows/keep-secure/test-an-applocker-policy-by-using-test-applockerpolicy.md
+++ b/windows/keep-secure/test-an-applocker-policy-by-using-test-applockerpolicy.md
@@ -2,7 +2,7 @@
 title: Test an AppLocker policy by using Test-AppLockerPolicy (Windows 10)
 description: This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
 ms.assetid: 048bfa38-6825-4a9a-ab20-776cf79f402a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/test-and-update-an-applocker-policy.md b/windows/keep-secure/test-and-update-an-applocker-policy.md
index cf77664f65..99e46e3022 100644
--- a/windows/keep-secure/test-and-update-an-applocker-policy.md
+++ b/windows/keep-secure/test-and-update-an-applocker-policy.md
@@ -2,7 +2,7 @@
 title: Test and update an AppLocker policy (Windows 10)
 description: This topic discusses the steps required to test an AppLocker policy prior to deployment.
 ms.assetid: 7d53cbef-078c-4d20-8b00-e821e33b6ea1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/testing-scenarios-for-edp.md b/windows/keep-secure/testing-scenarios-for-edp.md
index 810bb44663..e2187af349 100644
--- a/windows/keep-secure/testing-scenarios-for-edp.md
+++ b/windows/keep-secure/testing-scenarios-for-edp.md
@@ -2,10 +2,11 @@
 title: Testing scenarios for enterprise data protection (EDP) (Windows 10)
 description: We've come up with a list of suggested testing scenarios that you can use to test enterprise data protection (EDP) in your company.
 ms.assetid: 53db29d2-d99d-4db6-b494-90e2b3962ca2
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/tools-to-use-with-applocker.md b/windows/keep-secure/tools-to-use-with-applocker.md
index d0ffd99ac7..5d2d69ff81 100644
--- a/windows/keep-secure/tools-to-use-with-applocker.md
+++ b/windows/keep-secure/tools-to-use-with-applocker.md
@@ -2,7 +2,7 @@
 title: Tools to use with AppLocker (Windows 10)
 description: This topic for the IT professional describes the tools available to create and administer AppLocker policies.
 ms.assetid: db2b7cb3-7643-4be5-84eb-46ba551e1ad1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/tpm-fundamentals.md b/windows/keep-secure/tpm-fundamentals.md
index c4fb6b2cc3..6969c89924 100644
--- a/windows/keep-secure/tpm-fundamentals.md
+++ b/windows/keep-secure/tpm-fundamentals.md
@@ -2,7 +2,7 @@
 title: TPM fundamentals (Windows 10)
 description: This topic for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks.
 ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/tpm-recommendations.md b/windows/keep-secure/tpm-recommendations.md
index 9decdf047c..81b6385faf 100644
--- a/windows/keep-secure/tpm-recommendations.md
+++ b/windows/keep-secure/tpm-recommendations.md
@@ -2,7 +2,7 @@
 title: TPM recommendations (Windows 10)
 description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows 10.
 ms.assetid: E85F11F5-4E6A-43E7-8205-672F77706561
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 9199881438..7db942d7ba 100644
--- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Troubleshoot Windows Defender ATP onboarding issues
 description: Troubleshoot issues that might arise during the onboarding of endpoints or to the Windows Defender ATP service.
 keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, telemetry and diagnostics
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
index 1d15cf5dd7..8340e9dcc0 100644
--- a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Troubleshoot Windows Defender Advanced Threat Protection
 description: Find solutions and work arounds to known issues such as server errors when trying to access the service.
 keywords: troubleshoot Windows Defender Advanced Threat Protection, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, whitelist, event viewer
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 # Troubleshoot Windows Defender Advanced Threat Protection
diff --git a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
index f9c63208af..e60c0f663c 100644
--- a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
+++ b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
@@ -2,7 +2,7 @@
 title: Troubleshoot Windows Defender in Windows 10 (Windows 10)
 description: IT professionals can review information about event IDs in Windows Defender for Windows 10 and see any relevant action they can take.
 ms.assetid: EE488CC1-E340-4D47-B50B-35BD23CB4D70
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/trusted-platform-module-overview.md b/windows/keep-secure/trusted-platform-module-overview.md
index 03e37a250b..e7b6e784ff 100644
--- a/windows/keep-secure/trusted-platform-module-overview.md
+++ b/windows/keep-secure/trusted-platform-module-overview.md
@@ -2,7 +2,7 @@
 title: Trusted Platform Module Technology Overview (Windows 10)
 description: This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. The topic provides links to other resources about the TPM.
 ms.assetid: face8932-b034-4319-86ac-db1163d46538
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
index 4ded5c4844..ff626bb1de 100644
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@@ -2,7 +2,7 @@
 title: TPM Group Policy settings (Windows 10)
 description: This topic for the IT professional describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
 ms.assetid: 54ff1c1e-a210-4074-a44e-58fee26e4dbd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/types-of-attacks-for-volume-encryption-keys.md b/windows/keep-secure/types-of-attacks-for-volume-encryption-keys.md
index 4f38eca5a6..96a64490d0 100644
--- a/windows/keep-secure/types-of-attacks-for-volume-encryption-keys.md
+++ b/windows/keep-secure/types-of-attacks-for-volume-encryption-keys.md
@@ -2,7 +2,7 @@
 title: Types of attacks for volume encryption keys (Windows 10)
 description: There are many ways Windows helps protect your organization from attacks, including Unified Extensible Firmware Interface (UEFI) secure boot, Trusted Platform Module (TPM), Group Policy, complex passwords, and account lockouts.
 ms.assetid: 405060a9-2009-44fc-9f84-66edad32c6bc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understand-applocker-enforcement-settings.md b/windows/keep-secure/understand-applocker-enforcement-settings.md
index 6ac72fe3f1..a27cfdc9cb 100644
--- a/windows/keep-secure/understand-applocker-enforcement-settings.md
+++ b/windows/keep-secure/understand-applocker-enforcement-settings.md
@@ -2,7 +2,7 @@
 title: Understand AppLocker enforcement settings (Windows 10)
 description: This topic describes the AppLocker enforcement settings for rule collections.
 ms.assetid: 48773007-a343-40bf-8961-b3ff0a450d7e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understand-applocker-policy-design-decisions.md b/windows/keep-secure/understand-applocker-policy-design-decisions.md
index 5687229616..4c7731bcfc 100644
--- a/windows/keep-secure/understand-applocker-policy-design-decisions.md
+++ b/windows/keep-secure/understand-applocker-policy-design-decisions.md
@@ -2,7 +2,7 @@
 title: Understand AppLocker policy design decisions (Windows 10)
 description: This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.
 ms.assetid: 3475def8-949a-4b51-b480-dc88b5c1e6e6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/keep-secure/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
index 066f32d60e..fd1d01d9fb 100644
--- a/windows/keep-secure/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+++ b/windows/keep-secure/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
@@ -2,7 +2,7 @@
 title: Understand AppLocker rules and enforcement setting inheritance in Group Policy (Windows 10)
 description: This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
 ms.assetid: c1c5a3d3-540a-4698-83b5-0dab5d27d871
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understand-the-applocker-policy-deployment-process.md b/windows/keep-secure/understand-the-applocker-policy-deployment-process.md
index 76bbb8d904..a2ec48ffe5 100644
--- a/windows/keep-secure/understand-the-applocker-policy-deployment-process.md
+++ b/windows/keep-secure/understand-the-applocker-policy-deployment-process.md
@@ -2,7 +2,7 @@
 title: Understand the AppLocker policy deployment process (Windows 10)
 description: This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
 ms.assetid: 4cfd95c1-fbd3-41fa-8efc-d23c1ea6fb16
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/keep-secure/understanding-applocker-allow-and-deny-actions-on-rules.md
index b6d8502af0..b383087281 100644
--- a/windows/keep-secure/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/keep-secure/understanding-applocker-allow-and-deny-actions-on-rules.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker allow and deny actions on rules (Windows 10)
 description: This topic explains the differences between allow and deny actions on AppLocker rules.
 ms.assetid: ea0370fa-2086-46b5-a0a4-4a7ead8cbed9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-default-rules.md b/windows/keep-secure/understanding-applocker-default-rules.md
index 76aa56e251..b0aa99f22e 100644
--- a/windows/keep-secure/understanding-applocker-default-rules.md
+++ b/windows/keep-secure/understanding-applocker-default-rules.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker default rules (Windows 10)
 description: This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied.
 ms.assetid: bdb03d71-05b7-41fb-96e3-a289ce1866e1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-rule-behavior.md b/windows/keep-secure/understanding-applocker-rule-behavior.md
index 2e1353c3ed..ac18934b5f 100644
--- a/windows/keep-secure/understanding-applocker-rule-behavior.md
+++ b/windows/keep-secure/understanding-applocker-rule-behavior.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker rule behavior (Windows 10)
 description: This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
 ms.assetid: 3e2738a3-8041-4095-8a84-45c1894c97d0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-rule-collections.md b/windows/keep-secure/understanding-applocker-rule-collections.md
index 9c569f7f53..b8adef234c 100644
--- a/windows/keep-secure/understanding-applocker-rule-collections.md
+++ b/windows/keep-secure/understanding-applocker-rule-collections.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker rule collections (Windows 10)
 description: This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.
 ms.assetid: 03c05466-4fb3-4880-8d3c-0f6f59fc5579
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-rule-condition-types.md b/windows/keep-secure/understanding-applocker-rule-condition-types.md
index d4e6ceaf84..f00afa16e1 100644
--- a/windows/keep-secure/understanding-applocker-rule-condition-types.md
+++ b/windows/keep-secure/understanding-applocker-rule-condition-types.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker rule condition types (Windows 10)
 description: This topic for the IT professional describes the three types of AppLocker rule conditions.
 ms.assetid: c21af67f-60a1-4f7d-952c-a6f769c74729
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-rule-exceptions.md b/windows/keep-secure/understanding-applocker-rule-exceptions.md
index a99cb1f8cb..4cedcfd784 100644
--- a/windows/keep-secure/understanding-applocker-rule-exceptions.md
+++ b/windows/keep-secure/understanding-applocker-rule-exceptions.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker rule exceptions (Windows 10)
 description: This topic describes the result of applying AppLocker rule exceptions to rule collections.
 ms.assetid: e6bb349f-ee60-4c8d-91cd-6442f2d0eb9c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/keep-secure/understanding-the-file-hash-rule-condition-in-applocker.md
index b778f3c76d..89a2b1a770 100644
--- a/windows/keep-secure/understanding-the-file-hash-rule-condition-in-applocker.md
+++ b/windows/keep-secure/understanding-the-file-hash-rule-condition-in-applocker.md
@@ -2,7 +2,7 @@
 title: Understanding the file hash rule condition in AppLocker (Windows 10)
 description: This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it is applied.
 ms.assetid: 4c6d9af4-2b1a-40f4-8758-1a6f9f147756
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-the-path-rule-condition-in-applocker.md b/windows/keep-secure/understanding-the-path-rule-condition-in-applocker.md
index d62cf0c8b6..4d4e950a6c 100644
--- a/windows/keep-secure/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/keep-secure/understanding-the-path-rule-condition-in-applocker.md
@@ -2,7 +2,7 @@
 title: Understanding the path rule condition in AppLocker (Windows 10)
 description: This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied.
 ms.assetid: 3fa54ded-4466-4f72-bea4-2612031cad43
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-the-publisher-rule-condition-in-applocker.md b/windows/keep-secure/understanding-the-publisher-rule-condition-in-applocker.md
index 34ac6444f3..5e0bca2ee0 100644
--- a/windows/keep-secure/understanding-the-publisher-rule-condition-in-applocker.md
+++ b/windows/keep-secure/understanding-the-publisher-rule-condition-in-applocker.md
@@ -2,7 +2,7 @@
 title: Understanding the publisher rule condition in AppLocker (Windows 10)
 description: This topic explains the AppLocker publisher rule condition, what controls are available, and how it is applied.
 ms.assetid: df61ed8f-a97e-4644-9d0a-2169f18c1c4f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/keep-secure/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index e9c7b0645e..90336b381a 100644
--- a/windows/keep-secure/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/keep-secure/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Use a reference device to create and maintain AppLocker policies (Windows 10)
 description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
 ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/keep-secure/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index ef970cd8df..17fe40b6a1 100644
--- a/windows/keep-secure/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/keep-secure/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -2,7 +2,7 @@
 title: Use AppLocker and Software Restriction Policies in the same domain (Windows 10)
 description: This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
 ms.assetid: 2b7e0cec-df62-49d6-a2b7-6b8e30180943
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/use-the-applocker-windows-powershell-cmdlets.md b/windows/keep-secure/use-the-applocker-windows-powershell-cmdlets.md
index cf988054c1..d7cd5120c4 100644
--- a/windows/keep-secure/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/keep-secure/use-the-applocker-windows-powershell-cmdlets.md
@@ -2,7 +2,7 @@
 title: Use the AppLocker Windows PowerShell cmdlets (Windows 10)
 description: This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
 ms.assetid: 374e029c-5c0a-44ab-a57a-2a9dd17dc57d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
index dd0fc24f67..717abdaec8 100644
--- a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Use the Windows Defender Advanced Threat Protection portal
 description: Learn about the features on Windows Defender ATP portal, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
 keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate machines, submit files, deep analysis, high, medium, low, severity, ioc, ioa
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/use-windows-event-forwarding-to-assist-in-instrusion-detection.md b/windows/keep-secure/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
index 060d693df1..846f249f82 100644
--- a/windows/keep-secure/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
+++ b/windows/keep-secure/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
@@ -2,7 +2,7 @@
 title: Use Windows Event Forwarding to help with intrusion detection (Windows 10)
 description: Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected.
 ms.assetid: 733263E5-7FD1-45D2-914A-184B9E3E6A3F
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/keep-secure/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
index a4fbc0126b..7b203c0bcd 100644
--- a/windows/keep-secure/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
+++ b/windows/keep-secure/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
@@ -2,7 +2,7 @@
 title: User Account Control Admin Approval Mode for the Built-in Administrator account (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Admin Approval Mode for the Built-in Administrator account security policy setting.
 ms.assetid: d465fc27-1cd2-498b-9cf6-7ad2276e5998
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/keep-secure/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
index cc8ebe93f3..e80369cae9 100644
--- a/windows/keep-secure/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
+++ b/windows/keep-secure/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
@@ -2,7 +2,7 @@
 title: User Account Control Allow UIAccess applications to prompt for elevation without using the secure desktop (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the User Account Control Allow UIAccess applications to prompt for elevation without using the secure desktop security policy setting.
 ms.assetid: fce20472-3c93-449d-b520-13c4c74a9892
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
index 28718b33ae..97af8126a3 100644
--- a/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
+++ b/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
@@ -2,7 +2,7 @@
 title: User Account Control Behavior of the elevation prompt for administrators in Admin Approval Mode (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Behavior of the elevation prompt for administrators in Admin Approval Mode security policy setting.
 ms.assetid: 46a3c3a2-1d2e-4a6f-b5e6-29f9592f535d
-ms.prod: W10
+ms.prod: ws10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
index e382611db9..7ca4ce4329 100644
--- a/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
+++ b/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
@@ -2,7 +2,7 @@
 title: User Account Control Behavior of the elevation prompt for standard users (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Behavior of the elevation prompt for standard users security policy setting.
 ms.assetid: 1eae7def-8f6c-43b6-9474-23911fdc01ba
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/keep-secure/user-account-control-detect-application-installations-and-prompt-for-elevation.md
index 178aa242b4..0c372cd6ee 100644
--- a/windows/keep-secure/user-account-control-detect-application-installations-and-prompt-for-elevation.md
+++ b/windows/keep-secure/user-account-control-detect-application-installations-and-prompt-for-elevation.md
@@ -2,7 +2,7 @@
 title: User Account Control Detect application installations and prompt for elevation (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Detect application installations and prompt for elevation security policy setting.
 ms.assetid: 3f8cb170-ba77-4c9f-abb3-c3ed1ef264fc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md b/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md
index 8da09ab38e..e2e57dd1bd 100644
--- a/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md
@@ -1,9 +1,11 @@
 ---
 title: User Account Control Group Policy and registry key settings (Windows 10)
 description: Here's a list of UAC  Group Policy and registry key settings that your organization can use to manage UAC.
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
 ---
 
 # User Account Control Group Policy and registry key settings
diff --git a/windows/keep-secure/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/keep-secure/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
index 19768449e0..76edee3e01 100644
--- a/windows/keep-secure/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
+++ b/windows/keep-secure/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
@@ -2,7 +2,7 @@
 title: User Account Control Only elevate executables that are signed and validated (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Only elevate executables that are signed and validated security policy setting.
 ms.assetid: 64950a95-6985-4db6-9905-1db18557352d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/keep-secure/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
index 890ec0f2ff..be21f041f5 100644
--- a/windows/keep-secure/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
+++ b/windows/keep-secure/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
@@ -2,7 +2,7 @@
 title: User Account Control Only elevate UIAccess applications that are installed in secure locations (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Only elevate UIAccess applications that are installed in secure locations security policy setting.
 ms.assetid: 4333409e-a5be-4f2f-8808-618f53abd22c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-overview.md b/windows/keep-secure/user-account-control-overview.md
index ccabf37ce1..32edfe0160 100644
--- a/windows/keep-secure/user-account-control-overview.md
+++ b/windows/keep-secure/user-account-control-overview.md
@@ -2,7 +2,7 @@
 title: User Account Control (Windows 10)
 description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
 ms.assetid: 43ac4926-076f-4df2-84af-471ee7d20c38
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: operate
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/keep-secure/user-account-control-run-all-administrators-in-admin-approval-mode.md
index 63ac1e4a65..61664f5a6e 100644
--- a/windows/keep-secure/user-account-control-run-all-administrators-in-admin-approval-mode.md
+++ b/windows/keep-secure/user-account-control-run-all-administrators-in-admin-approval-mode.md
@@ -2,7 +2,7 @@
 title: User Account Control Run all administrators in Admin Approval Mode (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Run all administrators in Admin Approval Mode security policy setting.
 ms.assetid: b838c561-7bfc-41ef-a7a5-55857259c7bf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-security-policy-settings.md b/windows/keep-secure/user-account-control-security-policy-settings.md
index 569bf9892e..45bf5fb129 100644
--- a/windows/keep-secure/user-account-control-security-policy-settings.md
+++ b/windows/keep-secure/user-account-control-security-policy-settings.md
@@ -2,8 +2,8 @@
 title: User Account Control security policy settings (Windows 10)
 description: You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy.
 ms.assetid: 3D75A9AC-69BB-4EF2-ACB3-1769791E1B98
-ms.prod: W10
-ms.mktglfcycl: operate
+ms.prod: w10
+ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
diff --git a/windows/keep-secure/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/keep-secure/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
index ee510bb52e..85c36101a5 100644
--- a/windows/keep-secure/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
+++ b/windows/keep-secure/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
@@ -2,7 +2,7 @@
 title: User Account Control Switch to the secure desktop when prompting for elevation (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Switch to the secure desktop when prompting for elevation security policy setting.
 ms.assetid: 77a067db-c70d-4b02-9861-027503311b8b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/keep-secure/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
index afc3766b73..8501495c6b 100644
--- a/windows/keep-secure/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
+++ b/windows/keep-secure/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
@@ -2,7 +2,7 @@
 title: User Account Control Virtualize file and registry write failures to per-user locations (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Virtualize file and registry write failures to per-user locations security policy setting.
 ms.assetid: a7b47420-cc41-4b1c-b03e-f67a05221261
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-rights-assignment.md b/windows/keep-secure/user-rights-assignment.md
index 401613dde1..59979d3158 100644
--- a/windows/keep-secure/user-rights-assignment.md
+++ b/windows/keep-secure/user-rights-assignment.md
@@ -2,7 +2,7 @@
 title: User Rights Assignment (Windows 10)
 description: Provides an overview and links to information about the User Rights Assignment security policy settings user rights that are available in Windows.
 ms.assetid: 99340252-60be-4c79-b0a5-56fbe1a9b0c5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/keep-secure/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
index 13d5fc93e5..a26cffe188 100644
--- a/windows/keep-secure/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
+++ b/windows/keep-secure/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
@@ -2,7 +2,7 @@
 title: Using advanced security auditing options to monitor dynamic access control objects (Windows 10)
 description: This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012.
 ms.assetid: 0d2c28ea-bdaf-47fd-bca2-a07dce5fed37
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/using-event-viewer-with-applocker.md b/windows/keep-secure/using-event-viewer-with-applocker.md
index dcee6821bc..1b1b80e64f 100644
--- a/windows/keep-secure/using-event-viewer-with-applocker.md
+++ b/windows/keep-secure/using-event-viewer-with-applocker.md
@@ -2,7 +2,7 @@
 title: Using Event Viewer with AppLocker (Windows 10)
 description: This topic lists AppLocker events and describes how to use Event Viewer with AppLocker.
 ms.assetid: 109abb10-78b1-4c29-a576-e5a17dfeb916
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/using-software-restriction-policies-and-applocker-policies.md b/windows/keep-secure/using-software-restriction-policies-and-applocker-policies.md
index 54b12a4568..8a427064fb 100644
--- a/windows/keep-secure/using-software-restriction-policies-and-applocker-policies.md
+++ b/windows/keep-secure/using-software-restriction-policies-and-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Use Software Restriction Policies and AppLocker policies (Windows 10)
 description: This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment.
 ms.assetid: c3366be7-e632-4add-bd10-9df088f74c6d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/view-the-security-event-log.md b/windows/keep-secure/view-the-security-event-log.md
index 745195b4f3..388d32ddc8 100644
--- a/windows/keep-secure/view-the-security-event-log.md
+++ b/windows/keep-secure/view-the-security-event-log.md
@@ -2,7 +2,7 @@
 title: View the security event log (Windows 10)
 description: The security log records each event as defined by the audit policies you set on each object.
 ms.assetid: 20DD2ACD-241A-45C5-A92F-4BE0D9F198B9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/vpn-profile-options.md b/windows/keep-secure/vpn-profile-options.md
index 6f336cc6e6..77c548ec2a 100644
--- a/windows/keep-secure/vpn-profile-options.md
+++ b/windows/keep-secure/vpn-profile-options.md
@@ -2,10 +2,10 @@
 title: VPN profile options (Windows 10)
 description: Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect.
 ms.assetid: E3F99DF9-863D-4E28-BAED-5C1B1B913523
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.pagetype: networking
+ms.pagetype: security, networking
 author: jdeckerMS
 ---
 
diff --git a/windows/keep-secure/what-is-applocker.md b/windows/keep-secure/what-is-applocker.md
index b4d758df7b..c3b47e88d5 100644
--- a/windows/keep-secure/what-is-applocker.md
+++ b/windows/keep-secure/what-is-applocker.md
@@ -2,7 +2,7 @@
 title: What Is AppLocker (Windows 10)
 description: This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies.
 ms.assetid: 44a8a2bb-0f83-4f95-828e-1f364fb65869
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/keep-secure/which-editions-of-windows-support-advanced-audit-policy-configuration.md
index c60d303826..4428ed173d 100644
--- a/windows/keep-secure/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/keep-secure/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@@ -2,7 +2,7 @@
 title: Which editions of Windows support advanced audit policy configuration (Windows 10)
 description: This reference topic for the IT professional describes which versions of the Windows operating systems support advanced security auditing policies.
 ms.assetid: 87c71cc5-522d-4771-ac78-34a2a0825f31
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/why-a-pin-is-better-than-a-password.md b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
index 5afeb6f914..21d3ce97d3 100644
--- a/windows/keep-secure/why-a-pin-is-better-than-a-password.md
+++ b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
@@ -3,7 +3,7 @@ title: Why a PIN is better than a password (Windows 10)
 description: Microsoft Passport in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password .
 ms.assetid: A6FC0520-01E6-4E90-B53D-6C4C4E780212
 keywords: pin, security, password
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/windows-10-enterprise-security-guides.md b/windows/keep-secure/windows-10-enterprise-security-guides.md
index 510675e4ff..30f130d499 100644
--- a/windows/keep-secure/windows-10-enterprise-security-guides.md
+++ b/windows/keep-secure/windows-10-enterprise-security-guides.md
@@ -2,10 +2,10 @@
 title: Enterprise security guides (Windows 10)
 description: Get proven guidance to help you better secure and protect your enterprise by using technologies such as Credential Guard, Device Guard, Microsoft Passport, and Windows Hello. This section offers technology overviews and step-by-step guides.
 ms.assetid: 57134f84-bd4b-4b1d-b663-4a2d36f5a7f8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.pagetype: security
+ms.pagetype: security, devices
 author: challum
 
 ---
diff --git a/windows/keep-secure/windows-10-mobile-security-guide.md b/windows/keep-secure/windows-10-mobile-security-guide.md
index 1008003440..16389caf95 100644
--- a/windows/keep-secure/windows-10-mobile-security-guide.md
+++ b/windows/keep-secure/windows-10-mobile-security-guide.md
@@ -3,10 +3,10 @@ title: Windows 10 Mobile security guide (Windows 10)
 description: This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
 ms.assetid: D51EF508-699E-4A68-A7CD-91D821A97205
 keywords: data protection, encryption, malware resistance, smartphone, device, Windows Store
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: security; mobile
+ms.pagetype: security, mobile
 author: AMeeus
 ---
 
diff --git a/windows/keep-secure/windows-10-security-guide.md b/windows/keep-secure/windows-10-security-guide.md
index 2c0402513c..bb757267bb 100644
--- a/windows/keep-secure/windows-10-security-guide.md
+++ b/windows/keep-secure/windows-10-security-guide.md
@@ -3,7 +3,7 @@ title: Windows 10 security overview (Windows 10)
 description: This guide provides a detailed description of the most important security improvements in the Windows 10 operating system, with links to more detailed articles about many of its security features.
 ms.assetid: 4561D80B-A914-403C-A17C-3BE6FC95B59B
 keywords: configure, feature, file encryption
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index 9567620fcb..bae239bf1c 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender Advanced Threat Protection - Windows Defender
 description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
 keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, endpoint behavioral sensor, cloud security, analytics, threat intelligence
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/windows-defender-in-windows-10.md b/windows/keep-secure/windows-defender-in-windows-10.md
index 72d8554def..2dc00afede 100644
--- a/windows/keep-secure/windows-defender-in-windows-10.md
+++ b/windows/keep-secure/windows-defender-in-windows-10.md
@@ -2,7 +2,7 @@
 title: Windows Defender in Windows 10 (Windows 10)
 description: This topic provides an overview of Windows Defender, including a list of system requirements and new features.
 ms.assetid: 6A9EB85E-1F3A-40AC-9A47-F44C4A2B55E2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/windows-hello-in-enterprise.md b/windows/keep-secure/windows-hello-in-enterprise.md
index 7b9bed5681..40a4efa80a 100644
--- a/windows/keep-secure/windows-hello-in-enterprise.md
+++ b/windows/keep-secure/windows-hello-in-enterprise.md
@@ -2,10 +2,11 @@
 title: Windows Hello biometrics in the enterprise (Windows 10)
 description: Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition.
 ms.assetid: d3f27d94-2226-4547-86c0-65c84d6df8Bc
-keywords: ["Windows Hello", "enterprise biometrics"]
-ms.prod: W10
+keywords: Windows Hello, enterprise biometrics
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/windows-installer-rules-in-applocker.md b/windows/keep-secure/windows-installer-rules-in-applocker.md
index b12d94b8ef..65a86eddfc 100644
--- a/windows/keep-secure/windows-installer-rules-in-applocker.md
+++ b/windows/keep-secure/windows-installer-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Windows Installer rules in AppLocker (Windows 10)
 description: This topic describes the file formats and available default rules for the Windows Installer rule collection.
 ms.assetid: 3fecde5b-88b3-4040-81fa-a2d36d052ec9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/working-with-applocker-policies.md b/windows/keep-secure/working-with-applocker-policies.md
index 8963fa665b..219638880c 100644
--- a/windows/keep-secure/working-with-applocker-policies.md
+++ b/windows/keep-secure/working-with-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Working with AppLocker policies (Windows 10)
 description: This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.
 ms.assetid: 7062d2e0-9cbb-4cb8-aa8c-b24945c3771d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/working-with-applocker-rules.md b/windows/keep-secure/working-with-applocker-rules.md
index 762d21c78a..9c528133ef 100644
--- a/windows/keep-secure/working-with-applocker-rules.md
+++ b/windows/keep-secure/working-with-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Working with AppLocker rules (Windows 10)
 description: This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies.
 ms.assetid: 3966b35b-f2da-4371-8b5f-aec031db6bc9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security

From d2511fbe4131aa720eb1a953210fc934b35e5626 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Fri, 27 May 2016 15:34:36 -0700
Subject: [PATCH 29/92] updating for Windows 10

---
 ...with-advanced-security-deployment-goals.md |  19 ++-
 ...l-with-advanced-security-design-process.md |  17 +--
 ...all-with-advanced-security-design-guide.md | 139 ++++++------------
 3 files changed, 61 insertions(+), 114 deletions(-)

diff --git a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 8f50949a9a..85363b9abe 100644
--- a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -2,11 +2,19 @@
 title: Identifying Your Windows Firewall with Advanced Security Deployment Goals (Windows 10)
 description: Identifying Your Windows Firewall with Advanced Security Deployment Goals
 ms.assetid: 598cf45e-2e1c-4947-970f-361dfa264bba
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+
 author: brianlic-msft
 ---
 
 # Identifying Your Windows Firewall with Advanced Security Deployment Goals
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 Correctly identifying your Windows Firewall with Advanced Security deployment goals is essential for the success of your Windows Firewall with Advanced Security design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your deployment goals. Prioritize and, if possible, combine your deployment goals so that you can design and deploy Windows Firewall with Advanced Security by using an iterative approach. You can take advantage of the predefined Windows Firewall with Advanced Security deployment goals presented in this guide that are relevant to your scenarios.
 
@@ -52,13 +60,4 @@ The following table lists the three main tasks for articulating, refining, and s
 
  
 
-**Next:**[Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)
-
- 
-
- 
-
-
-
-
-
+**Next:**  [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)
diff --git a/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md
index ccf6d3f7f8..82f6355c8a 100644
--- a/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/keep-secure/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -1,13 +1,15 @@
 ---
 title: Understanding the Windows Firewall with Advanced Security Design Process (Windows 10)
 description: Understanding the Windows Firewall with Advanced Security Design Process
-ms.assetid: ab7db2bf-38c8-48eb-82e0-3d284055e7bb
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Understanding the Windows Firewall with Advanced Security Design Process
 
-
 Designing any deployment starts by performing several important tasks:
 
 -   [Identifying Your Windows Firewall with Advanced Security Design Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
@@ -22,13 +24,4 @@ After you identify your deployment goals and map them to a Windows Firewall with
 
 -   [Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md)
 
-**Next:**[Identifying Your Windows Firewall with Advanced Security Design Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
-
- 
-
- 
-
-
-
-
-
+**Next:**  [Identifying Your Windows Firewall with Advanced Security Design Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md b/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
index e191dcbf2b..acc229bd6a 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
@@ -2,42 +2,48 @@
 title: Windows Firewall with Advanced Security Design Guide (Windows 10)
 description: Windows Firewall with Advanced Security Design Guide
 ms.assetid: 5c631389-f232-4b95-9e48-ec02b8677d51
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Windows Firewall with Advanced Security Design Guide
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Windows Firewall with Advanced Security in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista is a host firewall that helps secure the computer in two ways. First, it can filter the network traffic permitted to enter the computer from the network, and also control what network traffic the computer is allowed to send to the network. Second, Windows Firewall with Advanced Security supports IPsec, which enables you to require authentication from any computer that is attempting to communicate with your computer. When authentication is required, computers that cannot authenticate cannot communicate with your computer. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between computers.
+Windows Firewall with Advanced Security is a host firewall that helps secure the device in two ways. First, it can filter the network traffic permitted to enter the device from the network, and also control what network traffic the device is allowed to send to the network. Second, Windows Firewall with Advanced Security supports IPsec, which enables you to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot authenticate cannot communicate with your device. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between devices.
 
-The interface for Windows Firewall with Advanced Security is much more capable and flexible than the consumer-friendly interface found in the Windows Firewall Control Panel. They both interact with the same underlying services, but provide different levels of control over those services. While the Windows Firewall Control Panel meets the needs for protecting a single computer in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
+The interface for Windows Firewall with Advanced Security is much more capable and flexible than the consumer-friendly interface found in the Windows Firewall Control Panel. They both interact with the same underlying services, but provide different levels of control over those services. While the Windows Firewall Control Panel meets the needs for protecting a single device in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
 
-For more overview information about Windows Firewall with Advanced Security and see [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md).
+For more overview information about Windows Firewall with Advanced Security and see [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md).
 
 ## About this guide
 
-
 This guide provides recommendations to help you to choose or create a design for deploying Windows Firewall with Advanced Security in your enterprise environment. The guide describes some of the common goals for using Windows Firewall with Advanced Security, and then helps you map the goals that apply to your scenario to the designs that are presented in this guide.
 
 This guide is intended for the IT professional who has been assigned the task of deploying firewall and IPsec technologies on an organization's network to help meet the organization's security goals.
 
 Windows Firewall with Advanced Security should be part of a comprehensive security solution that implements a variety of security technologies, such as perimeter firewalls, intrusion detection systems, virtual private networking (VPN), IEEE 802.1X authentication for wireless and wired connections, and IPsec connection security rules.
 
-To successfully use this guide, you need a good understanding of both the capabilities provided by Windows Firewall with Advanced Security, and how to deliver configuration settings to your managed computers by using Group Policy in Active Directory.
+To successfully use this guide, you need a good understanding of both the capabilities provided by Windows Firewall with Advanced Security, and how to deliver configuration settings to your managed devices by using Group Policy in Active Directory.
 
 You can use the deployment goals to form one of these Windows Firewall with Advanced Security designs, or a custom design that combines elements from those presented here:
 
--   **Basic firewall policy design**. Restricts network traffic in and out of your computers to only that which is needed and authorized.
+-   **Basic firewall policy design**. Restricts network traffic in and out of your devices to only that which is needed and authorized.
 
--   **Domain isolation policy design**. Prevents computers that are domain members from receiving unsolicited network traffic from computers that are not domain members. Additional "zones" can be established to support the special requirements of some computers, such as:
+-   **Domain isolation policy design**. Prevents devices that are domain members from receiving unsolicited network traffic from devices that are not domain members. Additional "zones" can be established to support the special requirements of some devices, such as:
 
-    -   A "boundary zone" for computers that must be able to receive requests from non-isolated computers.
+    -   A "boundary zone" for devices that must be able to receive requests from non-isolated devices.
 
-    -   An "encryption zone" for computers that store sensitive data that must be protected during network transmission.
+    -   An "encryption zone" for devices that store sensitive data that must be protected during network transmission.
 
--   **Server isolation policy design**. Restricts access to a server to only a limited group of authorized users and computers. Commonly configured as a zone in a domain isolation design, but can also be configured as a stand-alone design, providing many of the benefits of domain isolation to a small set of computers.
+-   **Server isolation policy design**. Restricts access to a server to only a limited group of authorized users and devices. Commonly configured as a zone in a domain isolation design, but can also be configured as a stand-alone design, providing many of the benefits of domain isolation to a small set of devices.
 
--   **Certificate-based isolation policy design**. This design is a complement to either of the previous two designs, and supports any of their capabilities. It uses cryptographic certificates that are deployed to clients and servers for authentication, instead of the Kerberos V5 authentication used by default in Active Directory. This enables computers that are not part of an Active Directory domain, such as computers running operating systems other than Windows, to participate in your isolation solution.
+-   **Certificate-based isolation policy design**. This design is a complement to either of the previous two designs, and supports any of their capabilities. It uses cryptographic certificates that are deployed to clients and servers for authentication, instead of the Kerberos V5 authentication used by default in Active Directory. This enables devices that are not part of an Active Directory domain, such as devices running operating systems other than Windows, to participate in your isolation solution.
 
 In addition to descriptions and example for each design, you will find guidelines for gathering required data about your environment. You can then use these guidelines to plan and design your Windows Firewall with Advanced Security deployment. After you read this guide, and finish gathering, documenting, and mapping your organization's requirements, you have the information that you need to begin deploying Windows Firewall with Advanced Security using the guidance in the Windows Firewall with Advanced Security Deployment Guide.
 
@@ -47,92 +53,41 @@ You can find the Windows Firewall with Advanced Security Deployment Guide at the
 
 -   (Downloadable Word document)
 
-## Terminology used in this guide
+## In this section
 
+| Topic | Description
+| - | - |
+| [Understanding the Windows Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md) | Learn how to get started with the Windows Firewall with Advanced Security design process. |
+| [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md) | Learn how to identify your Windows Firewall with Advanced Security deployment goals. |
+| [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) | After you finish reviewing the existing Windows Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design. |
+| [Evaluating Windows Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md) | Learn how to use Windows Firewall with Advanced Security to improve the security of the computers connected to the network. |
+| [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) | To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. |
+| [Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md) | After you have gathered the relevant information in the previous sections, and understand the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs. |
+| [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) | You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC). |
+
+## Terminology used in this guide
 
 The following table identifies and defines terms used throughout this guide.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Term</th>
-<th>Definition</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>Active Directory domain</p></td>
-<td><p>A group of computers and users managed by an administrator by using Active Directory Domain Services (AD DS). Computers in a domain share a common directory database and security policies. Multiple domains can co-exist in a &quot;forest,&quot; with trust relationships that establish the forest as the security boundary.</p></td>
-</tr>
-<tr class="even">
-<td><p>Authentication</p></td>
-<td><p>A process that enables the sender of a message to prove its identity to the receiver. For connection security in Windows, authentication is implemented by the IPsec protocol suite.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Boundary zone</p></td>
-<td><p>A subset of the computers in an isolated domain that must be able to receive unsolicited and non-authenticated network traffic from computers that are not members of the isolated domain. Computers in the boundary zone request but do not require authentication. They use IPsec to communicate with other computers in the isolated domain.</p></td>
-</tr>
-<tr class="even">
-<td><p>Connection security rule</p></td>
-<td><p>A rule in Windows Firewall with Advanced Security that contains a set of conditions and an action to be applied to network packets that match the conditions. The action can allow the packet, block the packet, or require the packet to be protected by IPsec. In previous versions of Windows, this was called an <em>IPsec rule</em>.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Certificate-based isolation</p></td>
-<td><p>A way to add computers that cannot use Kerberos V5 authentication to an isolated domain, by using an alternate authentication technique. Every computer in the isolated domain and the computers that cannot use Kerberos V5 are provided with a computer certificate that can be used to authenticate with each other. Certificate-based isolation requires a way to create and distribute an appropriate certificate (if you choose not to purchase one from a commercial certificate provider).</p></td>
-</tr>
-<tr class="even">
-<td><p>Domain isolation</p></td>
-<td><p>A technique for helping protect the computers in an organization by requiring that the computers authenticate each other's identity before exchanging information, and refusing connection requests from computers that cannot authenticate. Domain isolation takes advantage of Active Directory domain membership and the Kerberos V5 authentication protocol available to all members of the domain. Also see &quot;Isolated domain&quot; in this table.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Encryption zone</p></td>
-<td><p>A subset of the computers in an isolated domain that process sensitive data. Computers that are part of the encryption zone have all network traffic encrypted to prevent viewing by non-authorized users. Computers that are part of the encryption zone also typically are subject to the access control restrictions of server isolation.</p></td>
-</tr>
-<tr class="even">
-<td><p>Firewall rule</p></td>
-<td><p>A rule in Windows Firewall with Advanced Security that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.</p>
-<p>By default, the firewall rules in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Internet Protocol security (IPsec)</p></td>
-<td><p>A set of industry-standard, cryptography-based protection services and protocols. IPsec protects all protocols in the TCP/IP protocol suite except Address Resolution Protocol (ARP).</p></td>
-</tr>
-<tr class="even">
-<td><p>IPsec policy</p></td>
-<td><p>A collection of connection security rules that provide the required protection to network traffic entering and leaving the computer. The protection includes authentication of both the sending and receiving computer, integrity protection of the network traffic exchanged between them, and can include encryption.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Isolated domain</p></td>
-<td><p>An Active Directory domain (or an Active Directory forest, or set of domains with two-way trust relationships) that has Group Policy settings applied to help protect its member computers by using IPsec connection security rules. Members of the isolated domain require authentication on all unsolicited inbound connections (with exceptions handled by the other zones).</p>
-<p>In this guide, the term <em>isolated domain</em> refers to the IPsec concept of a group of computers that can share authentication. The term <em>Active Directory domain</em> refers to the group of computers that share a security database by using Active Directory.</p></td>
-</tr>
-<tr class="even">
-<td><p>Server isolation</p></td>
-<td><p>A technique for using group membership to restrict access to a server that is typically already a member of an isolated domain. The additional protection comes from using the authentication credentials of the requesting computer to determine its group membership, and then only allowing access if the computer account (and optionally the user account) is a member of an authorized group.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Solicited network traffic</p></td>
-<td><p>Network traffic that is sent in response to a request. By default, Windows Firewall with Advanced Security allows all solicited network traffic through.</p></td>
-</tr>
-<tr class="even">
-<td><p>Unsolicited network traffic</p></td>
-<td><p>Network traffic that is not a response to an earlier request, and that the receiving computer cannot necessarily anticipate. By default, Windows Firewall with Advanced Security blocks all unsolicited network traffic.</p></td>
-</tr>
-<tr class="odd">
-<td><p>Zone</p></td>
-<td><p>A zone is a logical grouping of computers that share common IPsec policies because of their communications requirements. For example, the boundary zone permits inbound connections from non-trusted computers. The encryption zone requires that all connections be encrypted.</p>
-<p>This is not related to the term zone as used by Domain Name System (DNS).</p></td>
-</tr>
-</tbody>
-</table>
+| Term | Definition |
+| - | - |
+| Active Directory domain | A group of devices and users managed by an administrator by using Active Directory Domain Services (AD DS). Devices in a domain share a common directory database and security policies. Multiple domains can co-exist in a &quot;forest,&quot; with trust relationships that establish the forest as the security boundary. |
+| Authentication | A process that enables the sender of a message to prove its identity to the receiver. For connection security in Windows, authentication is implemented by the IPsec protocol suite.| 
+| Boundary zone | A subset of the devices in an isolated domain that must be able to receive unsolicited and non-authenticated network traffic from devices that are not members of the isolated domain. Devices in the boundary zone request but do not require authentication. They use IPsec to communicate with other devices in the isolated domain.| 
+| Connection security rule | A rule in Windows Firewall with Advanced Security that contains a set of conditions and an action to be applied to network packets that match the conditions. The action can allow the packet, block the packet, or require the packet to be protected by IPsec. In previous versions of Windows, this was called an *IPsec rule*.| 
+| Certificate-based isolation | A way to add devices that cannot use Kerberos V5 authentication to an isolated domain, by using an alternate authentication technique. Every device in the isolated domain and the devices that cannot use Kerberos V5 are provided with a device certificate that can be used to authenticate with each other. Certificate-based isolation requires a way to create and distribute an appropriate certificate (if you choose not to purchase one from a commercial certificate provider).| 
+| Domain isolation | A technique for helping protect the devices in an organization by requiring that the devices authenticate each other's identity before exchanging information, and refusing connection requests from devices that cannot authenticate. Domain isolation takes advantage of Active Directory domain membership and the Kerberos V5 authentication protocol available to all members of the domain. Also see &quot;Isolated domain&quot; in this table.| 
+| Encryption zone | A subset of the devices in an isolated domain that process sensitive data. Devices that are part of the encryption zone have all network traffic encrypted to prevent viewing by non-authorized users. Devices that are part of the encryption zone also typically are subject to the access control restrictions of server isolation.| 
+| Firewall rule | A rule in Windows Firewall with Advanced Security that contains a set of conditions used to determine whether a network packet is allowed to pass through the firewall.<br/>By default, the firewall rules in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista block unsolicited inbound network traffic. Likewise, by default, all outbound network traffic is allowed. The firewall included in previous versions of Windows only filtered inbound network traffic. |
+| Internet Protocol security (IPsec) | A set of industry-standard, cryptography-based protection services and protocols. IPsec protects all protocols in the TCP/IP protocol suite except Address Resolution Protocol (ARP).| 
+| IPsec policy | A collection of connection security rules that provide the required protection to network traffic entering and leaving the device. The protection includes authentication of both the sending and receiving device, integrity protection of the network traffic exchanged between them, and can include encryption.| 
+| Isolated domain | An Active Directory domain (or an Active Directory forest, or set of domains with two-way trust relationships) that has Group Policy settings applied to help protect its member devices by using IPsec connection security rules. Members of the isolated domain require authentication on all unsolicited inbound connections (with exceptions handled by the other zones).<br/>In this guide, the term *isolated domain* refers to the IPsec concept of a group of devices that can share authentication. The term *Active Directory domain* refers to the group of devices that share a security database by using Active Directory.| 
+| Server isolation | A technique for using group membership to restrict access to a server that is typically already a member of an isolated domain. The additional protection comes from using the authentication credentials of the requesting device to determine its group membership, and then only allowing access if the computer account (and optionally the user account) is a member of an authorized group.| 
+| Solicited network traffic | Network traffic that is sent in response to a request. By default, Windows Firewall with Advanced Security allows all solicited network traffic through.| 
+| Unsolicited network traffic | Network traffic that is not a response to an earlier request, and that the receiving device cannot necessarily anticipate. By default, Windows Firewall with Advanced Security blocks all unsolicited network traffic. |
+| Zone | A zone is a logical grouping of devices that share common IPsec policies because of their communications requirements. For example, the boundary zone permits inbound connections from non-trusted devices. The encryption zone requires that all connections be encrypted.<br/>This is not related to the term zone as used by Domain Name System (DNS). |
 
- 
-
-**Next:**[Understanding the Windows Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
+**Next:**  [Understanding the Windows Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
 
  
 

From 85712ce348c0033c290031c1184a55eb9127ac6b Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 31 May 2016 07:34:12 -0700
Subject: [PATCH 30/92] changed IE to Edge

---
 .../keep-secure/change-history-for-keep-windows-10-secure.md  | 3 ++-
 .../installing-digital-certificates-on-windows-10-mobile.md   | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 5f96e1fcb1..9d285fa19d 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -15,10 +15,11 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 
 |New or changed topic | Description |
 |----------------------|-------------|
+| [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) | Changed Internet Explorer to Microsoft Edge |
 | [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. |
 | [Microsoft Passport guide](microsoft-passport-guide.md) | Updated Roadmap section content |
-| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
 |[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md) |Updated info based on changes to the features and functionality.|
+| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
 
 ## April 2016
 
diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 99bab3e2fa..c399f5021b 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -22,7 +22,7 @@ Certificates in Windows 10 Mobile are primarily used for the following purposes
 -   To authenticate a user to a reverse proxy server that is used to enable Microsoft Exchange ActiveSync (EAS) for email.
 -   For installation and licensing of applications (from the Windows Phone Store or a custom company distribution site).
 
-## Install certificates using Internet Explorer
+## Install certificates using Microsoft Edge
 
 A certificate can be posted on a website and made available to users through a device-accessible URL that they can use to download the certificate. When a user accesses the page and taps the certificate, it opens on the device. The user can inspect the certificate, and if they choose to continue, the certificate is installed on the Windows 10 Mobile device.
 
@@ -42,7 +42,7 @@ Windows 10 Mobile supports root, CA, and client certificate to be configured vi
 3.  The trusted CA certificate is installed directly during MDM request.
 4.  The device accepts certificate enrollment request.
 5.  The device generates private/public key pair.
-6.  The device connects to Internet facing point exposed by MDM server.
+6.  The device connects to Internet-facing point exposed by MDM server.
 7.  MDM server creates a certificate that is signed with proper CA certificate and returns it to device.
 
     > **Note:**  The device supports the pending function to allow server side to do additional verification before issuing the cert. In this case, a pending status is sent back to the device. The device will periodically contact the server, based on preconfigured retry count and retry period parameters. Retrying ends when either:

From 85c2327cc893865d28917fe1fe40b8a1391cec34 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 14:45:35 -0700
Subject: [PATCH 31/92] renaming network exhaust doc

---
 windows/manage/TOC.md                                      | 2 +-
 ...re-windows-10-devices-to-stop-data-flow-to-microsoft.md | 7 +------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md
index 621ce3f5ca..9a7fe85b18 100644
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@@ -18,7 +18,7 @@
 #### [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)
 #### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](set-up-a-kiosk-for-windows-10-for-mobile-edition.md)
 ### [Lock down Windows 10 to specific apps](lock-down-windows-10-to-specific-apps.md)
-### [Configure Windows 10 devices to stop data flow to Microsoft](configure-windows-10-devices-to-stop-data-flow-to-microsoft.md)
+### [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 ### [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
 ### [Configure access to Windows Store](stop-employees-from-using-the-windows-store.md)
 ### [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md)
diff --git a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
index af80d923ca..66f10dbf1e 100644
--- a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
+++ b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
@@ -1,11 +1,6 @@
 ---
 title: Configure Windows 10 devices to stop data flow to Microsoft (Windows 10)
-description: If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider.
-ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
-keywords: privacy, stop data flow to Microsoft
-ms.prod: W10
-ms.mktglfcycl: manage
-ms.sitesec: library
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services
 ---
 
 # Configure Windows 10 devices to stop data flow to Microsoft

From 1907f1b642ffdb01e987fca565d84e21d0c6afb4 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 14:46:07 -0700
Subject: [PATCH 32/92] renaming network exhaust doc

---
 ...system-components-to-microsoft-services.md | 1264 +++++++++++++++++
 1 file changed, 1264 insertions(+)
 create mode 100644 windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md

diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
new file mode 100644
index 0000000000..f8496916b0
--- /dev/null
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -0,0 +1,1264 @@
+---
+title: Manage connections from Windows operating system components to Microsoft services (Windows 10)
+description: If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider.
+ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
+keywords: privacy, manage connections to Microsoft
+ms.prod: W10
+ms.mktglfcycl: manage
+ms.sitesec: library
+---
+
+# Manage connections from Windows operating system components to Microsoft services
+
+**Applies to**
+
+-   Windows 10
+
+If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
+
+Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro.
+
+If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
+
+Some of the network connections discussed in this article can be managed in Windows 10 Mobile, Windows 10 Mobile Enterprise, and the July release of Windows 10. However, you must use Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511 to manage them all.
+
+In Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511, you can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft services as described in this article to prevent Windows from sending any data to Microsoft. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
+
+We are always working on improving Windows 10 for our customers. We invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows 10 work better for your organization.
+
+Here's what's covered in this article:
+
+-   [Info management settings](#bkmk-othersettings)
+
+    -   [1. Cortana](#bkmk-cortana)
+
+        -   [1.1 Cortana Group Policies](#bkmk-cortana-gp)
+
+        -   [1.2 Cortana MDM policies](#bkmk-cortana-mdm)
+
+        -   [1.3 Cortana Windows Provisioning](#bkmk-cortana-prov)
+
+    -   [2. Date & Time](#bkmk-datetime)
+
+    -   [3. Device metadata retrieval](#bkmk-devinst)
+
+    -   [4. Font streaming](#font-streaming)
+
+    -   [5. Insider Preview builds](#bkmk-previewbuilds)
+
+    -   [6. Internet Explorer](#bkmk-ie)
+
+        -   [6.1 Internet Explorer Group Policies](#bkmk-ie-gp)
+
+        -   [6.2 ActiveX control blocking](#bkmk-ie-activex)
+
+    -   [7. Live Tiles](#live-tiles)
+    
+    -   [8. Mail synchronization](#bkmk-mailsync)
+
+    -   [9. Microsoft Edge](#bkmk-edge)
+
+        -   [9.1 Microsoft Edge Group Policies](#bkmk-edgegp)
+
+        -   [9.2 Microsoft Edge MDM policies](#bkmk-edge-mdm)
+
+        -   [9.3 Microsoft Edge Windows Provisioning](#bkmk-edge-prov)
+
+    -   [10. Network Connection Status Indicator](#bkmk-ncsi)
+
+    -   [11. Offline maps](#bkmk-offlinemaps)
+
+    -   [12. OneDrive](#bkmk-onedrive)
+
+    -   [13. Preinstalled apps](#bkmk-preinstalledapps)
+
+    -   [14. Settings &gt; Privacy](#bkmk-settingssection)
+
+        -   [14.1 General](#bkmk-priv-general)
+
+        -   [14.2 Location](#bkmk-priv-location)
+
+        -   [14.3 Camera](#bkmk-priv-camera)
+
+        -   [14.4 Microphone](#bkmk-priv-microphone)
+
+        -   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
+
+        -   [14.6 Account info](#bkmk-priv-accounts)
+
+        -   [14.7 Contacts](#bkmk-priv-contacts)
+
+        -   [14.8 Calendar](#bkmk-priv-calendar)
+
+        -   [14.9 Call history](#bkmk-priv-callhistory)
+
+        -   [14.10 Email](#bkmk-priv-email)
+
+        -   [14.11 Messaging](#bkmk-priv-messaging)
+
+        -   [14.12 Radios](#bkmk-priv-radios)
+
+        -   [14.13 Other devices](#bkmk-priv-other-devices)
+
+        -   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
+
+        -   [14.15 Background apps](#bkmk-priv-background)
+
+    -   [15. Software Protection Platform](#bkmk-spp)
+
+    -   [16. Sync your settings](#bkmk-syncsettings)
+
+    -   [17. Teredo](#bkmk-teredo)
+
+    -   [18. Wi-Fi Sense](#bkmk-wifisense)
+
+    -   [19. Windows Defender](#bkmk-defender)
+
+    -   [20. Windows Media Player](#bkmk-wmp)
+
+    -   [21. Windows spotlight](#bkmk-spotlight)
+
+    -   [22. Windows Store](#bkmk-windowsstore)
+
+    -   [23. Windows Update Delivery Optimization](#bkmk-updates)
+
+        -   [23.1 Settings &gt; Update & security](#bkmk-wudo-ui)
+
+        -   [23.2 Delivery Optimization Group Policies](#bkmk-wudo-gp)
+
+        -   [23.3 Delivery Optimization MDM policies](#bkmk-wudo-mdm)
+
+        -   [23.4 Delivery Optimization Windows Provisioning](#bkmk-wudo-prov)
+
+    -   [24. Windows Update](#bkmk-wu)
+
+## What's new in Windows 10, version 1511
+
+
+Here's a list of changes that were made to this article for Windows 10, version 1511:
+
+-   Added the following new sections:
+
+    -   [Mail synchronization](#bkmk-mailsync)
+
+    -   [Offline maps](#bkmk-offlinemaps)
+
+    -   [Windows spotlight](#bkmk-spotlight)
+
+    -   [Windows Store](#bkmk-windowsstore)
+
+-   Added the following Group Policies:
+
+    -   Open a new tab with an empty tab
+
+    -   Configure corporate Home pages
+
+    -   Let Windows apps access location
+
+    -   Let Windows apps access the camera
+
+    -   Let Windows apps access the microphone
+
+    -   Let Windows apps access account information
+
+    -   Let Windows apps access contacts
+
+    -   Let Windows apps access the calendar
+
+    -   Let Windows apps access messaging
+
+    -   Let Windows apps control radios
+
+    -   Let Windows apps access trusted devices
+
+    -   Do not show feedback notifications
+
+    -   Turn off Automatic Download and Update of Map Data
+
+    -   Force a specific default lock screen image
+
+-   Added the AllowLinguisticDataCollection MDM policy.
+
+-   Added steps in the [Cortana](#bkmk-cortana) section on how to disable outbound traffic using Windows Firewall.
+
+-   Changed the Windows Update section to apply system-wide settings, and not just per user.
+
+## <a href="" id="bkmk-othersettings"></a>Info management settings
+
+
+This section lists the components that make network connections to Microsoft services automatically. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
+
+The settings in this section assume you are using Windows 10, version 1511 (currently available in the Current Branch and Current Branch for Business). They will also be included in the next update for the Long Term Servicing Branch.
+
+-   [1. Cortana](#bkmk-cortana)
+
+-   [2. Date & Time](#bkmk-datetime)
+
+-   [3. Device metadata retrieval](#bkmk-devinst)
+
+-   [4. Font streaming](#font-streaming)
+
+-   [5. Insider Preview builds](#bkmk-previewbuilds)
+
+-   [6. Internet Explorer](#bkmk-ie)
+
+-   [7. Live Tiles](#live-tiles)
+
+-   [8. Mail synchronization](#bkmk-mailsync)
+
+-   [9. Microsoft Edge](#bkmk-edge)
+
+-   [10. Network Connection Status Indicator](#bkmk-ncsi)
+
+-   [11. Offline maps](#bkmk-offlinemaps)
+
+-   [12. OneDrive](#bkmk-onedrive)
+
+-   [13. Preinstalled apps](#bkmk-preinstalledapps)
+
+-   [14. Settings &gt; Privacy](#bkmk-settingssection)
+
+-   [15. Software Protection Platform](#bkmk-spp)
+
+-   [16. Sync your settings](#bkmk-syncsettings)
+
+-   [17. Teredo](#bkmk-teredo)
+
+-   [18. Wi-Fi Sense](#bkmk-wifisense)
+
+-   [19. Windows Defender](#bkmk-defender)
+
+-   [20. Windows Media Player](#bkmk-wmp)
+
+-   [21. Windows spotlight](#bkmk-spotlight)
+
+-   [22. Windows Store](#bkmk-windowsstore)
+
+-   [23. Windows Update Delivery Optimization](#bkmk-updates)
+
+-   [24. Windows Update](#bkmk-wu)
+
+
+See the following table for a summary of the management settings. For more info, see its corresponding section.
+
+![Management settings table](images/settings-table.png)
+
+### <a href="" id="bkmk-cortana"></a>1. Cortana
+
+Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730683).
+
+### <a href="" id="bkmk-cortana-gp"></a>1.1 Cortana Group Policies
+
+Find the Cortana Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Search**.
+
+| Policy                                               | Description                                                                           |
+|------------------------------------------------------|---------------------------------------------------------------------------------------|
+| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.                          |
+| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.          |
+| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search. <br /> Default: Disabled|
+| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.                                        |
+| Set what information is shared in Search             | Control what information is shared with Bing in Search.                               |
+
+When you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
+
+1.  Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Firewall with Advanced Security** &gt; **Windows Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
+
+2.  Right-click **Outbound Rules**, and then click **New Rule**. The **New Outbound Rule Wizard** starts.
+
+3.  On the **Rule Type** page, click **Program**, and then click **Next**.
+
+4.  On the **Program** page, click **This program path**, type **%windir%\\systemapps\\Microsoft.Windows.Cortana\_cw5n1h2txyewy\\SearchUI.exe**, and then click **Next**.
+
+5.  On the **Action** page, click **Block the connection**, and then click **Next**.
+
+6.  On the **Profile** page, ensure that the **Domain**, **Private**, and **Public** check boxes are selected, and then click **Next**.
+
+7.  On the **Name** page, type a name for the rule, such as **Cortana firewall configuration**, and then click **Finish.**
+
+8.  Right-click the new rule, click **Properties**, and then click **Protocols and Ports**.
+
+9.  Configure the **Protocols and Ports** page with the following info, and then click **OK**.
+
+    -   For **Protocol type**, choose **TCP**.
+
+    -   For **Local port**, choose **All Ports**.
+
+    -   For **Remote port**, choose **All ports**.
+
+> **Note:**  If your organization tests network traffic, you should not use Fiddler to test Windows Firewall settings. Fiddler is a network proxy and Windows Firewall does not block proxy traffic. You should use a network traffic analyzer, such as WireShark or Message Analyzer.
+
+### <a href="" id="bkmk-cortana-mdm"></a>1.2 Cortana MDM policies
+
+The following Cortana MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+| Policy                                               | Description                                                                                         |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Experience/AllowCortana                              | Choose whether to let Cortana install and run on the device.                                        |
+| Search/AllowSearchToUseLocation                      | Choose whether Cortana and Search can provide location-aware search results. <br /> Default: Allowed|
+
+### <a href="" id="bkmk-cortana-prov"></a>1.3 Cortana Windows Provisioning
+
+To use Windows Imaging and Configuration Designer (ICD) to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies** to find **Experience** &gt; **AllowCortana** and **Search** &gt; **AllowSearchToUseLocation**.
+
+### <a href="" id="bkmk-datetime"></a>2. Date & Time
+
+You can prevent Windows from setting the time automatically.
+
+-   To turn off the feature in the UI: **Settings** &gt; **Time & language** &gt; **Date & time** &gt; **Set time automatically**
+
+    -or-
+
+-   Create a REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters** with a value of **NoSync**.
+
+### <a href="" id="bkmk-devinst"></a>3. Device metadata retrieval
+
+To prevent Windows from retrieving device metadata from the Internet, apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Device Installation** &gt; **Prevent device metadata retrieval from the Internet**.
+
+### <a href="" id="font-streaming"></a>4. Font streaming
+
+Starting with Windows 10, fonts that are included in Windows but that are not stored on the local device can be downloaded on demand.
+
+To turn off font streaming, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1.
+
+> **Note:**  This may change in future versions of Windows.
+
+### <a href="" id="bkmk-previewbuilds"></a>5. Insider Preview builds
+
+To turn off Insider Preview builds if you're running a released version of Windows 10. If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds.
+
+-   Turn off the feature in the UI: **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Stop Insider builds**.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Toggle user control over Insider builds**.
+
+    -or-
+
+-   Apply the System/AllowBuildPreview MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
+
+    -   **0**. Users cannot make their devices available for downloading and installing preview software.
+
+    -   **1**. Users can make their devices available for downloading and installing preview software.
+
+    -   **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
+
+    -or-
+
+-   Create a provisioning package: **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowBuildPreview**, where:
+
+    -   **0**. Users cannot make their devices available for downloading and installing preview software.
+
+    -   **1**. Users can make their devices available for downloading and installing preview software.
+
+    -   **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
+
+### <a href="" id="bkmk-ie"></a>6. Internet Explorer
+
+Use Group Policy to manage settings for Internet Explorer.
+
+### <a href="" id="bkmk-ie-gp"></a>6.1 Internet Explorer Group Policies
+
+Find the Internet Explorer Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Internet Explorer**.
+
+| Policy                                               | Description                                                                                         |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Turn on Suggested Sites| Choose whether an employee can configure Suggested Sites. <br /> Default: Enabled <br /> You can also turn this off in the UI by clearing the **Internet Options** &gt; **Advanced** &gt; **Enable Suggested Sites** check box.|
+| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | Choose whether an employee can configure enhanced suggestions, which are presented to the employee as they type in the address bar. <br /> Default: Enabled|
+| Turn off the auto-complete feature for web addresses | Choose whether auto-complete suggests possible matches when employees are typing web address in the address bar. <br /> Default: Disabled </br> You can also turn this off in the UI by clearing the <strong>Internet Options</strong> &gt; **Advanced** &gt; **Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog** check box.|
+| Disable Periodic Check for Internet Explorer software updates| Choose whether Internet Explorer periodically checks for a new version. <br /> Default: Enabled |
+| Turn off browser geolocation | Choose whether websites can request location data from Internet Explorer. <br /> Default: Disabled|
+
+### <a href="" id="bkmk-ie-activex"></a>6.2 ActiveX control blocking
+
+ActiveX control blocking periodically downloads a new list of out-of-date ActiveX controls that should be blocked. You can turn this off by changing the REG\_DWORD registry setting **HKEY\_CURRENT\_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to 0 (zero).
+
+For more info, see [Out-of-date ActiveX control blocking](http://technet.microsoft.com/library/dn761713.aspx).
+
+### <a href="" id="live-tiles"></a>7. Live Tiles
+
+To turn off Live Tiles:
+
+-   Apply the Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn Off notifications network usage**
+
+### <a href="" id="bkmk-mailsync"></a>8. Mail synchronization
+
+To turn off mail synchronization for Microsoft Accounts that are configured on a device:
+
+-   In **Settings** &gt; **Accounts** &gt; **Your email and accounts**, remove any connected Microsoft Accounts.
+
+    -or-
+
+-   Remove any Microsoft Accounts from the Mail app.
+
+    -or-
+
+-   Apply the Accounts/AllowMicrosoftAccountConnection MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed. This does not apply to Microsoft Accounts that have already been configured on the device.
+
+To turn off the Windows Mail app:
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Mail** &gt; **Turn off Windows Mail application**
+
+### <a href="" id="bkmk-edge"></a>9. Microsoft Edge
+
+Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730682).
+
+### <a href="" id="bkmk-edgegp"></a>9.1 Microsoft Edge Group Policies
+
+Find the Microsoft Edge Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge**.
+
+> **Note:**  The Microsoft Edge Group Policy names were changed in Windows 10, version 1511. The table below reflects those changes.
+
+| Policy                                               | Description                                                                                         |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Turn off autofill                                    | Choose whether employees can use autofill on websites. <br /> Default: Enabled                      |
+| Allow employees to send Do Not Track headers         | Choose whether employees can send Do Not Track headers.<br /> Default: Disabled                     |
+| Turn off password manager                            | Choose whether employees can save passwords locally on their devices. <br /> Default: Enabled       |
+| Turn off address bar search suggestions              | Choose whether the address bar shows search suggestions. <br /> Default: Enabled                    |
+| Turn off the SmartScreen Filter                      | Choose whether SmartScreen is turned on or off.  <br /> Default: Enabled                            |
+| Open a new tab with an empty tab                     | Choose whether a new tab page appears.  <br /> Default: Enabled                                     |
+| Configure corporate Home pages                       | Choose the corporate Home page for domain-joined devices. <br /> Set this to **about:blank**        |
+
+### <a href="" id="bkmk-edge-mdm"></a>9.2 Microsoft Edge MDM policies
+
+The following Microsoft Edge MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+| Policy                                               | Description                                                                                         |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Browser/AllowAutoFill                                | Choose whether employees can use autofill on websites. <br /> Default: Allowed                      |
+| Browser/AllowDoNotTrack                              | Choose whether employees can send Do Not Track headers.<br /> Default: Not allowed                  |
+| Browser/AllowPasswordManager                         | Choose whether employees can save passwords locally on their devices. <br /> Default: Allowed       |
+| Browser/AllowSearchSuggestionsinAddressBar           | Choose whether the address bar shows search suggestions.. <br /> Default: Allowed                   |
+| Browser/AllowSmartScreen                             | Choose whether SmartScreen is turned on or off.  <br /> Default: Allowed                            |
+
+### <a href="" id="bkmk-edge-prov"></a>9.3 Microsoft Edge Windows Provisioning
+
+Use Windows ICD to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies**.
+
+For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](http://technet.microsoft.com/library/mt270204.aspx).
+
+### <a href="" id="bkmk-ncsi"></a>10. Network Connection Status Indicator
+
+Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftncsi.com to determine if the device can communicate with the Internet. For more info about NCIS, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
+
+You can turn off NCSI through Group Policy:
+
+-   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off Windows Network Connectivity Status Indicator active tests**
+
+> **Note**  After you apply this policy, you must restart the device for the policy setting to take effect.
+
+### <a href="" id="bkmk-offlinemaps"></a>11. Offline maps
+
+You can turn off the ability to download and update offline maps.
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Maps** &gt; **Turn off Automatic Download and Update of Map Data**
+
+### <a href="" id="bkmk-onedrive"></a>12. OneDrive
+
+To turn off OneDrive in your organization:
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent the usage of OneDrive for file storage**
+
+### <a href="" id="bkmk-preinstalledapps"></a>13. Preinstalled apps
+
+Some preinstalled apps get content before they are opened to ensure a great experience. You can remove these using the steps in this section.
+
+To remove the News app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage**
+
+To remove the Weather app:
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingWeather"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage**
+
+To remove the Money app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingFinance"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage**
+
+To remove the Sports app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingSports"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage**
+
+To remove the Twitter app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "\*.Twitter"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage \*.Twitter | Remove-AppxPackage**
+
+To remove the XBOX app:
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.XboxApp"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage**
+
+To remove the Sway app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.Office.Sway"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage**
+
+To remove the OneNote app:
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.Office.OneNote"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage**
+
+To remove the Get Office app:
+
+-   Right-click the app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.MicrosoftOfficeHub"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage**
+
+To remove the Get Skype app:
+
+-   Right-click the Sports app in Start, and then click **Uninstall**.
+
+    -or-
+
+-   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.SkypeApp"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
+
+    -and-
+
+    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage**
+
+### <a href="" id="bkmk-settingssection"></a>14. Settings &gt; Privacy
+
+Use Settings &gt; Privacy to configure some settings that may be important to your organization. Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
+
+-   [14.1 General](#bkmk-general)
+
+-   [14.2 Location](#bkmk-priv-location)
+
+-   [14.3 Camera](#bkmk-priv-camera)
+
+-   [14.4 Microphone](#bkmk-priv-microphone)
+
+-   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
+
+-   [14.6 Account info](#bkmk-priv-accounts)
+
+-   [14.7 Contacts](#bkmk-priv-contacts)
+
+-   [14.8 Calendar](#bkmk-priv-calendar)
+
+-   [14.9 Call history](#bkmk-priv-callhistory)
+
+-   [14.10 Email](#bkmk-priv-email)
+
+-   [14.11 Messaging](#bkmk-priv-messaging)
+
+-   [14.12 Radios](#bkmk-priv-radios)
+
+-   [14.13 Other devices](#bkmk-priv-other-devices)
+
+-   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
+
+-   [14.15 Background apps](#bkmk-priv-background)
+
+### <a href="" id="bkmk-general"></a>14.1 General
+
+**General** includes options that don't fall into other areas.
+
+To turn off **Let apps use my advertising ID for experiences across apps (turning this off will reset your ID)**:
+
+> **Note:** When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
+
+    -or-
+
+-   Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo**, with a value of 0 (zero).
+
+To turn off **Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Turn off the SmartScreen Filter**.
+
+    Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **File Explorer** &gt; **Configure Windows SmartScreen**.
+
+    -or-
+
+-   Apply the Browser/AllowSmartScreen MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
+
+    -or-
+
+-   Create a provisioning package, using:
+
+    -   For Internet Explorer: **Runtime settings** &gt; **Policies** &gt; **Browser** &gt; **AllowSmartScreen**
+
+    -   For Microsoft Edge: **Runtime settings** &gt; **Policies** &gt; **MicrosoftEdge** &gt; **AllowSmartScreen**
+
+    -or-
+
+-   Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost\\EnableWebContentEvaluation**, with a value of 0 (zero).
+
+To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
+
+> **Note: **  If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically.
+
+ 
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the TextInput/AllowLinguisticDataCollection MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
+
+    -   **0**. Not allowed
+
+    -   **1**. Allowed (default)
+
+To turn off **Let websites provide locally relevant content by accessing my language list**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Create a new REG\_DWORD registry setting called **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile**, with a value of 1.
+
+### <a href="" id="bkmk-priv-location"></a>14.2 Location
+
+In the **Location** area, you choose whether devices have access to location-specific sensors and which apps have access to the device's location.
+
+To turn off **Location for this device**:
+
+-   Click the **Change** button in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Location and Sensors** &gt; **Turn off location**.
+
+    -or-
+
+-   Apply the System/AllowLocation MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Turned off and the employee can't turn it back on.
+
+    -   **1**. Turned on, but lets the employee choose whether to use it. (default)
+
+    -   **2**. Turned on and the employee can't turn it off.
+
+    **Note**  
+    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
+
+    -or-
+
+-   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowLocation**, where
+
+    -   **No**. Turns off location service.
+
+    -   **Yes**. Turns on location service. (default)
+
+To turn off **Location**:
+
+-   Turn off the feature in the UI.
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access location**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+    -or-
+
+To turn off **Location history**:
+
+-   Erase the history using the **Clear** button in the UI.
+
+To turn off **Choose apps that can use your location**:
+
+-   Turn off each app using the UI.
+
+### <a href="" id="bkmk-priv-camera"></a>14.3 Camera
+
+In the **Camera** area, you can choose which apps can access a device's camera.
+
+To turn off **Let apps use my camera**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the camera**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+    -or-
+
+-   Apply the Camera/AllowCamera MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Apps can't use the camera.
+
+    -   **1**. Apps can use the camera.
+
+    **Note**  
+    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
+    
+   -or-
+
+-   Create a provisioning package with use Windows ICD, using **Runtime settings** &gt; **Policies** &gt; **Camera** &gt; **AllowCamera**, where:
+
+    -   **0**. Apps can't use the camera.
+
+    -   **1**. Apps can use the camera.
+
+To turn off **Choose apps that can use your camera**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-microphone"></a>14.4 Microphone
+
+In the **Microphone** area, you can choose which apps can access a device's microphone.
+
+To turn off **Let apps use my microphone**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the microphone**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose apps that can use your microphone**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-speech"></a>14.5 Speech, inking, & typing
+
+In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
+
+> **Note:**  For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
+
+ 
+
+To turn off the functionality:
+
+-   Click the **Stop getting to know me** button, and then click **Turn off**.
+
+   -or-
+
+-   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Regional and Language Options** &gt; **Handwriting personalization** &gt; **Turn off automatic learning**
+
+   -or-
+
+-   Create a REG\_DWORD registry setting called **AcceptedPrivacyPolicy** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Personalization\\Settings**, with a value of 0 (zero).
+
+   -and-
+
+    Create a REG\_DWORD registry setting called **HarvestContacts** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\InputPersonalization\\TrainedDataStore**, with a value of 0 (zero).
+
+### <a href="" id="bkmk-priv-accounts"></a>14.6 Account info
+
+In the **Account Info** area, you can choose which apps can access your name, picture, and other account info.
+
+To turn off **Let apps access my name, picture, and other account info**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access account information**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose the apps that can access your account info**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-contacts"></a>14.7 Contacts
+
+In the **Contacts** area, you can choose which apps can access an employee's contacts list.
+
+To turn off **Choose apps that can access contacts**:
+
+-   Turn off the feature in the UI for each app.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access contacts**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+### <a href="" id="bkmk-priv-calendar"></a>14.8 Calendar
+
+In the **Calendar** area, you can choose which apps have access to an employee's calendar.
+
+To turn off **Let apps access my calendar**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the calendar**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose apps that can access calendar**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-callhistory"></a>14.9 Call history
+
+In the **Call history** area, you can choose which apps have access to an employee's call history.
+
+To turn off **Let apps access my call history**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access call history**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+### <a href="" id="bkmk-priv-email"></a>14.10 Email
+
+In the **Email** area, you can choose which apps have can access and send email.
+
+To turn off **Let apps access and send email**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access email**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+### <a href="" id="bkmk-priv-messaging"></a>14.11 Messaging
+
+In the **Messaging** area, you can choose which apps can read or send messages.
+
+To turn off **Let apps read or send messages (text or MMS)**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access messaging**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose apps that can read or send messages**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-radios"></a>14.12 Radios
+
+In the **Radios** area, you can choose which apps can turn a device's radio on or off.
+
+To turn off **Let apps control radios**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps control radios**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+To turn off **Choose apps that can control radios**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-priv-other-devices"></a>14.13 Other devices
+
+In the **Other Devices** area, you can choose whether devices that aren't paired to PCs, such as an Xbox One, can share and sync info.
+
+To turn off **Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone**:
+
+-   Turn off the feature in the UI.
+
+To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access trusted devices**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+### <a href="" id="bkmk-priv-feedback"></a>14.14 Feedback & diagnostics
+
+In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft.
+
+To change how frequently **Windows should ask for my feedback**:
+
+**Note**  
+Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
+
+ 
+
+-   To change from **Automatically (Recommended)**, use the drop-down list in the UI.
+
+   -or-
+
+-   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Do not show feedback notifications**
+
+   -or-
+
+-   Create the registry keys (REG\_DWORD type):
+
+    -   HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\PeriodInNanoSeconds
+
+    -   HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\NumberOfSIUFInPeriod
+
+    Based on these settings:
+
+    | Setting       | PeriodInNanoSeconds         | NumberOfSIUFInPeriod        |
+    |---------------|-----------------------------|-----------------------------|
+    | Automatically | Delete the registry setting | Delete the registry setting |
+    | Never         | 0                           | 0                           |
+    | Always        | 100000000                   | Delete the registry setting |
+    | Once a day    | 864000000000                | 1                           |
+    | Once a week   | 6048000000000               | 1                           |
+
+     
+
+To change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**:
+
+-   To change from **Enhanced**, use the drop-down list in the UI. The other levels are **Basic** and **Full**.
+
+    > **Note:**  You can't use the UI to change the telemetry level to **Security**.
+
+     
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection And Preview Builds\\Allow Telemetry**
+
+   -or-
+
+-   Apply the System/AllowTelemetry MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Maps to the **Security** level.
+
+    -   **1**. Maps to the **Basic** level.
+
+    -   **2**. Maps to the **Enhanced** level.
+
+    -   **3**. Maps to the **Full** level.
+
+   -or-
+
+-   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowTelemetry**, where:
+
+    -   **0**. Maps to the **Security** level.
+
+    -   **1**. Maps to the **Basic** level.
+
+    -   **2**. Maps to the **Enhanced** level.
+
+    -   **3**. Maps to the **Full** level.
+
+### <a href="" id="bkmk-priv-background"></a>14.15 Background apps
+
+In the **Background Apps** area, you can choose which apps can run in the background.
+
+To turn off **Let apps run in the background**:
+
+-   Turn off the feature in the UI for each app.
+
+### <a href="" id="bkmk-spp"></a>15. Software Protection Platform
+
+Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by applying the following Group Policy:
+
+**Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Activation**
+
+The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
+
+### <a href="" id="bkmk-syncsettings"></a>16. Sync your settings
+
+You can control if your settings are synchronized:
+
+-   In the UI: **Settings** &gt; **Accounts** &gt; **Sync your settings**
+
+    -or-
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Sync your settings** &gt; **Do not sync**
+
+    -or-
+
+-   Apply the Experience/AllowSyncMySettings MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed.
+
+    -or-
+
+-   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **Experience** &gt; **AllowSyncMySettings**, where
+
+    -   **No**. Settings are not synchronized.
+
+    -   **Yes**. Settings are synchronized. (default)
+
+To turn off Messaging cloud sync:
+
+-   Create a REG\_DWORD registry setting called **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging**, with a value of 0 (zero).
+
+### <a href="" id="bkmk-teredo"></a>17. Teredo
+
+You can disable Teredo by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx).
+
+-   From an elevated command prompt, run **netsh interface teredo set state disabled**
+
+### <a href="" id="bkmk-wifisense"></a>18. Wi-Fi Sense
+
+Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them.
+
+To turn off **Connect to suggested open hotspots** and **Connect to networks shared by my contacts**:
+
+-   Turn off the feature in the UI.
+
+    -or-
+
+-   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Network** &gt; **WLAN Service** &gt; **WLAN Settings** &gt; **Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services**.
+
+    -or-
+
+-   Create a new REG\_DWORD registry setting called **AutoConnectAllowedOEM** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config**, with a value of 0 (zero).
+
+    -or-
+
+-   Change the Windows Provisioning setting, WiFISenseAllowed, to 0 (zero). For more info, see the Windows Provisioning Settings reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620909).
+
+    -or-
+
+-   Use the Unattended settings to set the value of WiFiSenseAllowed to 0 (zero). For more info, see the Unattended Windows Setup reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620910).
+
+When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
+
+### <a href="" id="bkmk-defender"></a>19. Windows Defender
+
+You can opt out of the Microsoft Antimalware Protection Service.
+
+-   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Join Microsoft MAPS**
+
+    -or-
+
+-   Apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+    -or-
+
+-   Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpyNetReporting** to 0 (zero).
+    
+    -and-
+    
+    From an elevated Windows PowerShell prompt, run **set-mppreference -Mapsreporting 0** 
+
+You can stop sending file samples back to Microsoft.
+
+-   Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Send file samples when further analysis is required** to **Always Prompt** or **Never Send**.
+
+    -or-
+
+-   Apply the Defender/SubmitSamplesConsent MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Always prompt.
+
+    -   **1**. (default) Send safe samples automatically.
+
+    -   **2**. Never send.
+
+    -   **3**. Send all samples automatically.
+
+    -or-
+
+-   Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SubmitSamplesConsent** to 0 (zero) to always prompt or 2 to never send.
+
+You can stop downloading definition updates:
+
+-   Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define the order of sources for downloading definition updates** and set it to **FileShares**.
+
+    -and-
+
+-   Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define file shares for downloading definition updates** and set it to nothing.
+
+You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
+
+### <a href="" id="bkmk-wmp"></a>20. Windows Media Player
+
+To remove Windows Media Player:
+
+-   From the **Programs and Features** control panel, click **Turn Windows features on or off**, under **Media Features**, clear the **Windows Media Player** check box, and then click **OK**.
+
+    -or-
+
+-   Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
+
+### <a href="" id="bkmk-spotlight"></a>21. Windows spotlight
+
+Windows spotlight provides different background images and text on the lock screen. You can control it by using the user interface or through Group Policy.
+
+-   Configure the following in **Settings**:
+
+    -   **Personalization** &gt; **Lock screen** &gt; **Background** &gt; **Windows spotlight**, select a different background, and turn off **Show me tips, tricks, and more on the lock screen**.
+
+    -   **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start**.
+
+    -   **System** &gt; **Notifications & actions** &gt; **Show me tips about Windows**.
+
+    -or-
+
+-   Apply the Group Policies:
+
+    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image**.
+        -   Add a location in the **Path to local lock screen image** box.
+
+        -   Set the **Turn off fun facts, tips, tricks, and more on lock screen** check box.
+
+        **Note**  This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Do not display the lock screen**.
+
+         
+
+    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Do not show Windows Tips**.
+
+    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Turn off Microsoft consumer experiences**.
+
+For more info, see [Windows spotlight on the lock screen](../whats-new/windows-spotlight.md).
+
+### <a href="" id="bkmk-windowsstore"></a>22. Windows Store
+
+You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled.
+
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Disable all apps from Windows Store**.
+
+### <a href="" id="bkmk-updates"></a>23. Windows Update Delivery Optimization
+
+Windows Update Delivery Optimization lets you get Windows updates and Windows Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
+
+By default, PCs running Windows 10 Enterprise and Windows 10 Education will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
+
+Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delivery Optimization.
+
+### <a href="" id="bkmk-wudo-ui"></a>23.1 Settings &gt; Update & security
+
+You can set up Delivery Optimization from the **Settings** UI.
+
+-   Go to **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Choose how updates are delivered**.
+
+### <a href="" id="bkmk-wudo-gp"></a>23.2 Delivery Optimization Group Policies
+
+You can find the Delivery Optimization Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Delivery Optimization**.
+
+| Policy                    | Description                                                                                         |
+|---------------------------|-----------------------------------------------------------------------------------------------------|
+| Download Mode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>None</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>Group</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>Internet</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>LAN</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li></ul>|
+| Group ID                  | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
+| Max Cache Age             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
+| Max Cache Size            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
+| Max Upload Bandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
+
+### <a href="" id="bkmk-wudo-mdm"></a>23.3 Delivery Optimization MDM policies
+
+The following Delivery Optimization MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+
+| Policy                    | Description                                                                                         |
+|---------------------------|-----------------------------------------------------------------------------------------------------|
+| DeliveryOptimization/DODownloadMode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>0</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>1</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>2</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>3</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li></ul>|
+| DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
+| DeliveryOptimization/DOMaxCacheAge             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
+| DeliveryOptimization/DOMaxCacheSize            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
+| DeliveryOptimization/DOMaxUploadBandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
+
+
+### <a href="" id="bkmk-wudo-prov"></a>23.4 Delivery Optimization Windows Provisioning
+
+If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
+
+Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windows ADK)](http://go.microsoft.com/fwlink/p/?LinkId=526803), to create a provisioning package for Delivery Optimization.
+
+1.  Open Windows ICD, and then click **New provisioning package**.
+
+2.  In the **Name** box, type a name for the provisioning package, and then click **Next.**
+
+3.  Click the **Common to all Windows editions** option, click **Next**, and then click **Finish**.
+
+4.  Go to **Runtime settings** &gt; **Policies** &gt; **DeliveryOptimization** to configure the policies.
+
+For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730684).
+
+### <a href="" id="bkmk-wu"></a>24. Windows Update
+
+You can turn off Windows Update by setting the following registry entries:
+
+-   Add a REG\_DWORD value called **DoNotConnectToWindowsUpdateInternetLocations** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
+
+    -and-
+
+-   Add a REG\_DWORD value called **DisableWindowsUpdateAccess** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
+
+You can turn off automatic updates by doing one of the following. This is not recommended.
+
+-   Add a REG\_DWORD value called **AutoDownload** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
+
+    -or-
+
+-   Apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+
+    -   **0**. Notify the user before downloading the update.
+
+    -   **1**. Auto install the update and then notify the user to schedule a device restart.
+
+    -   **2** (default). Auto install and restart.
+
+    -   **3**. Auto install and restart at a specified time.
+
+    -   **4**. Auto install and restart without end-user control.
+
+    -   **5**. Turn off automatic updates.
+
+To learn more, see [Device update management](http://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](http://technet.microsoft.com/library/cc720539.aspx).

From 162303d42468cd978dba73a7e9562f77f9105b62 Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Thu, 26 May 2016 14:55:45 -0700
Subject: [PATCH 33/92] fix tagging

change W10 to w10 (lower case) and changed author of CFaw to
greg-lindsay
---
 windows/deploy/activate-forest-by-proxy-vamt.md              | 2 +-
 windows/deploy/activate-forest-vamt.md                       | 2 +-
 ...ctivate-using-active-directory-based-activation-client.md | 4 ++--
 windows/deploy/activate-using-key-management-service-vamt.md | 2 +-
 windows/deploy/activate-windows-10-clients-vamt.md           | 2 +-
 windows/deploy/active-directory-based-activation-overview.md | 4 ++--
 ...-10-operating-system-image-using-configuration-manager.md | 4 ++--
 ...deployment-with-windows-pe-using-configuration-manager.md | 4 ++--
 windows/deploy/add-manage-products-vamt.md                   | 2 +-
 windows/deploy/add-remove-computers-vamt.md                  | 2 +-
 windows/deploy/add-remove-product-key-vamt.md                | 2 +-
 ...information-sent-to-microsoft-during-activation-client.md | 2 +-
 .../deploy/assign-applications-using-roles-in-mdt-2013.md    | 2 +-
 ...ld-a-distributed-environment-for-windows-10-deployment.md | 2 +-
 windows/deploy/change-history-for-deploy-windows-10.md       | 4 ++--
 windows/deploy/configure-client-computers-vamt.md            | 2 +-
 windows/deploy/configure-mdt-2013-for-userexit-scripts.md    | 2 +-
 windows/deploy/configure-mdt-2013-settings.md                | 2 +-
 windows/deploy/configure-mdt-deployment-share-rules.md       | 2 +-
 ...ustom-windows-pe-boot-image-with-configuration-manager.md | 4 ++--
 ...ate-a-task-sequence-with-configuration-manager-and-mdt.md | 5 +++--
 windows/deploy/create-a-windows-10-reference-image.md        | 2 +-
 ...-to-deploy-with-windows-10-using-configuration-manager.md | 4 ++--
 windows/deploy/deploy-a-windows-10-image-using-mdt.md        | 4 ++--
 .../deploy-windows-10-using-pxe-and-configuration-manager.md | 4 ++--
 ...ws-10-with-system-center-2012-r2-configuration-manager.md | 4 ++--
 ...eploy-windows-10-with-the-microsoft-deployment-toolkit.md | 2 +-
 windows/deploy/deploy-windows-to-go.md                       | 5 +++--
 ...n-for-windows-10-deployment-with-configuration-manager.md | 4 ++--
 .../get-started-with-the-microsoft-deployment-toolkit.md     | 2 +-
 .../getting-started-with-the-user-state-migration-tool.md    | 4 ++--
 windows/deploy/import-export-vamt-data.md                    | 2 +-
 windows/deploy/index.md                                      | 4 ++--
 windows/deploy/install-configure-vamt.md                     | 2 +-
 windows/deploy/install-kms-client-key-vamt.md                | 2 +-
 windows/deploy/install-product-key-vamt.md                   | 2 +-
 windows/deploy/install-vamt.md                               | 2 +-
 .../deploy/integrate-configuration-manager-with-mdt-2013.md  | 2 +-
 windows/deploy/introduction-vamt.md                          | 2 +-
 windows/deploy/key-features-in-mdt-2013.md                   | 2 +-
 windows/deploy/kms-activation-vamt.md                        | 2 +-
 windows/deploy/local-reactivation-vamt.md                    | 2 +-
 windows/deploy/manage-activations-vamt.md                    | 2 +-
 windows/deploy/manage-product-keys-vamt.md                   | 2 +-
 windows/deploy/manage-vamt-data.md                           | 2 +-
 windows/deploy/mdt-2013-lite-touch-components.md             | 2 +-
 windows/deploy/migrate-application-settings.md               | 4 ++--
 windows/deploy/migration-store-types-overview.md             | 4 ++--
 windows/deploy/monitor-activation-client.md                  | 4 ++--
 ...nitor-windows-10-deployment-with-configuration-manager.md | 4 ++--
 windows/deploy/offline-migration-reference.md                | 4 ++--
 windows/deploy/online-activation-vamt.md                     | 2 +-
 windows/deploy/plan-for-volume-activation-client.md          | 2 +-
 .../deploy/prepare-for-windows-deployment-with-mdt-2013.md   | 2 +-
 ...-installation-of-windows-10-with-configuration-manager.md | 4 ++--
 windows/deploy/proxy-activation-vamt.md                      | 2 +-
 ...s-7-client-with-windows-10-using-configuration-manager.md | 4 ++--
 .../deploy/refresh-a-windows-7-computer-with-windows-10.md   | 2 +-
 windows/deploy/remove-products-vamt.md                       | 2 +-
 ...s-7-client-with-windows-10-using-configuration-manager.md | 4 ++--
 ...eplace-a-windows-7-computer-with-a-windows-10-computer.md | 2 +-
 windows/deploy/scenario-kms-activation-vamt.md               | 2 +-
 windows/deploy/scenario-online-activation-vamt.md            | 2 +-
 windows/deploy/scenario-proxy-activation-vamt.md             | 2 +-
 windows/deploy/set-up-mdt-2013-for-bitlocker.md              | 2 +-
 windows/deploy/sideload-apps-in-windows-10.md                | 4 ++--
 ...simulate-a-windows-10-deployment-in-a-test-environment.md | 2 +-
 windows/deploy/understanding-migration-xml-files.md          | 4 ++--
 windows/deploy/update-product-status-vamt.md                 | 2 +-
 .../update-windows-10-images-with-provisioning-packages.md   | 4 ++--
 ...-to-windows-10-with-system-center-configuraton-manager.md | 4 ++--
 ...de-to-windows-10-with-the-microsoft-deployment-toolkit.md | 2 +-
 windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md    | 2 +-
 ...dt-database-to-stage-windows-10-deployment-information.md | 2 +-
 .../use-the-volume-activation-management-tool-client.md      | 2 +-
 windows/deploy/use-vamt-in-windows-powershell.md             | 2 +-
 windows/deploy/use-web-services-in-mdt-2013.md               | 2 +-
 windows/deploy/usmt-best-practices.md                        | 4 ++--
 windows/deploy/usmt-choose-migration-store-type.md           | 4 ++--
 windows/deploy/usmt-command-line-syntax.md                   | 4 ++--
 windows/deploy/usmt-common-issues.md                         | 4 ++--
 windows/deploy/usmt-common-migration-scenarios.md            | 4 ++--
 windows/deploy/usmt-configxml-file.md                        | 4 ++--
 windows/deploy/usmt-conflicts-and-precedence.md              | 4 ++--
 windows/deploy/usmt-custom-xml-examples.md                   | 4 ++--
 windows/deploy/usmt-customize-xml-files.md                   | 4 ++--
 windows/deploy/usmt-determine-what-to-migrate.md             | 4 ++--
 windows/deploy/usmt-estimate-migration-store-size.md         | 4 ++--
 windows/deploy/usmt-exclude-files-and-settings.md            | 4 ++--
 .../usmt-extract-files-from-a-compressed-migration-store.md  | 4 ++--
 windows/deploy/usmt-faq.md                                   | 4 ++--
 windows/deploy/usmt-general-conventions.md                   | 4 ++--
 windows/deploy/usmt-hard-link-migration-store.md             | 4 ++--
 windows/deploy/usmt-how-it-works.md                          | 4 ++--
 windows/deploy/usmt-how-to.md                                | 4 ++--
 windows/deploy/usmt-identify-application-settings.md         | 4 ++--
 windows/deploy/usmt-identify-file-types-files-and-folders.md | 4 ++--
 windows/deploy/usmt-identify-operating-system-settings.md    | 4 ++--
 windows/deploy/usmt-identify-users.md                        | 4 ++--
 windows/deploy/usmt-include-files-and-settings.md            | 4 ++--
 windows/deploy/usmt-loadstate-syntax.md                      | 4 ++--
 windows/deploy/usmt-log-files.md                             | 4 ++--
 windows/deploy/usmt-migrate-efs-files-and-certificates.md    | 4 ++--
 windows/deploy/usmt-migrate-user-accounts.md                 | 4 ++--
 windows/deploy/usmt-migration-store-encryption.md            | 4 ++--
 windows/deploy/usmt-overview.md                              | 4 ++--
 windows/deploy/usmt-plan-your-migration.md                   | 4 ++--
 windows/deploy/usmt-recognized-environment-variables.md      | 4 ++--
 windows/deploy/usmt-reference.md                             | 4 ++--
 windows/deploy/usmt-requirements.md                          | 4 ++--
 windows/deploy/usmt-reroute-files-and-settings.md            | 4 ++--
 windows/deploy/usmt-resources.md                             | 4 ++--
 windows/deploy/usmt-return-codes.md                          | 4 ++--
 windows/deploy/usmt-scanstate-syntax.md                      | 4 ++--
 windows/deploy/usmt-technical-reference.md                   | 4 ++--
 windows/deploy/usmt-test-your-migration.md                   | 4 ++--
 windows/deploy/usmt-topics.md                                | 4 ++--
 windows/deploy/usmt-troubleshooting.md                       | 4 ++--
 windows/deploy/usmt-utilities.md                             | 4 ++--
 windows/deploy/usmt-what-does-usmt-migrate.md                | 4 ++--
 windows/deploy/usmt-xml-elements-library.md                  | 4 ++--
 windows/deploy/usmt-xml-reference.md                         | 4 ++--
 windows/deploy/vamt-known-issues.md                          | 2 +-
 windows/deploy/vamt-requirements.md                          | 2 +-
 windows/deploy/vamt-step-by-step.md                          | 2 +-
 .../verify-the-condition-of-a-compressed-migration-store.md  | 4 ++--
 windows/deploy/volume-activation-management-tool.md          | 2 +-
 windows/deploy/volume-activation-windows-10.md               | 2 +-
 windows/deploy/windows-10-deployment-scenarios.md            | 4 ++--
 windows/deploy/windows-10-deployment-tools-reference.md      | 4 ++--
 windows/deploy/windows-10-edition-upgrades.md                | 4 ++--
 windows/deploy/windows-adk-scenarios-for-it-pros.md          | 4 ++--
 windows/deploy/windows-deployment-scenarios-and-tools.md     | 4 ++--
 .../deploy/windows-upgrade-and-migration-considerations.md   | 4 ++--
 windows/deploy/xml-file-requirements.md                      | 4 ++--
 135 files changed, 217 insertions(+), 215 deletions(-)

diff --git a/windows/deploy/activate-forest-by-proxy-vamt.md b/windows/deploy/activate-forest-by-proxy-vamt.md
index f178e14406..1e852d5221 100644
--- a/windows/deploy/activate-forest-by-proxy-vamt.md
+++ b/windows/deploy/activate-forest-by-proxy-vamt.md
@@ -2,7 +2,7 @@
 title: Activate by Proxy an Active Directory Forest (Windows 10)
 description: Activate by Proxy an Active Directory Forest
 ms.assetid: 6475fc87-a6f7-4fa8-b0aa-de19f2dea7e5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/activate-forest-vamt.md b/windows/deploy/activate-forest-vamt.md
index 267e03be9c..082bac639c 100644
--- a/windows/deploy/activate-forest-vamt.md
+++ b/windows/deploy/activate-forest-vamt.md
@@ -2,7 +2,7 @@
 title: Activate an Active Directory Forest Online (Windows 10)
 description: Activate an Active Directory Forest Online
 ms.assetid: 9b5bc193-799b-4aa5-9d3e-0e495f7195d3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/activate-using-active-directory-based-activation-client.md b/windows/deploy/activate-using-active-directory-based-activation-client.md
index 15ae96825a..dbf9a5a617 100644
--- a/windows/deploy/activate-using-active-directory-based-activation-client.md
+++ b/windows/deploy/activate-using-active-directory-based-activation-client.md
@@ -3,11 +3,11 @@ title: Activate using Active Directory-based activation (Windows 10)
 description: Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects.
 ms.assetid: 08cce6b7-7b5b-42cf-b100-66c363a846af
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
-author: CFaw
+author: greg-lindsay
 ---
 
 # Activate using Active Directory-based activation
diff --git a/windows/deploy/activate-using-key-management-service-vamt.md b/windows/deploy/activate-using-key-management-service-vamt.md
index 4c5d735436..9681860156 100644
--- a/windows/deploy/activate-using-key-management-service-vamt.md
+++ b/windows/deploy/activate-using-key-management-service-vamt.md
@@ -3,7 +3,7 @@ title: Activate using Key Management Service (Windows 10)
 ms.assetid: f2417bfe-7d25-4e82-bc07-de316caa8dac
 description: 
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/activate-windows-10-clients-vamt.md b/windows/deploy/activate-windows-10-clients-vamt.md
index 91b743947e..2d77f355dc 100644
--- a/windows/deploy/activate-windows-10-clients-vamt.md
+++ b/windows/deploy/activate-windows-10-clients-vamt.md
@@ -3,7 +3,7 @@ title: Activate clients running Windows 10 (Windows 10)
 description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy.
 ms.assetid: 39446e49-ad7c-48dc-9f18-f85a11ded643
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/active-directory-based-activation-overview.md b/windows/deploy/active-directory-based-activation-overview.md
index 7f47592aa7..9a64d7572a 100644
--- a/windows/deploy/active-directory-based-activation-overview.md
+++ b/windows/deploy/active-directory-based-activation-overview.md
@@ -2,11 +2,11 @@
 title: Active Directory-Based Activation Overview (Windows 10)
 description: Active Directory-Based Activation Overview
 ms.assetid: c1dac3bd-6a86-4c45-83dd-421e63a398c0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
-author: CFaw
+author: greg-lindsay
 ---
 
 # Active Directory-Based Activation Overview
diff --git a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 13a328ea77..5a3eadbc33 100644
--- a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Add a Windows 10 operating system image using Configuration Manager (Windows 10)
 description: Operating system images are typically the production image used for deployment throughout the organization.
 ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b
-keywords: ["image, deploy, distribute"]
-ms.prod: W10
+keywords: image, deploy, distribute
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index 8e72718b82..de701986b4 100644
--- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10)
 description: In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines.
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
-keywords: ["deploy, task sequence"]
-ms.prod: W10
+keywords: deploy, task sequence
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/add-manage-products-vamt.md b/windows/deploy/add-manage-products-vamt.md
index 6bbbfaf218..88d5145472 100644
--- a/windows/deploy/add-manage-products-vamt.md
+++ b/windows/deploy/add-manage-products-vamt.md
@@ -2,7 +2,7 @@
 title: Add and Manage Products (Windows 10)
 description: Add and Manage Products
 ms.assetid: a48fbc23-917d-40f7-985c-e49702c05e51
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/add-remove-computers-vamt.md b/windows/deploy/add-remove-computers-vamt.md
index eae34332f2..2ad22c3d7f 100644
--- a/windows/deploy/add-remove-computers-vamt.md
+++ b/windows/deploy/add-remove-computers-vamt.md
@@ -2,7 +2,7 @@
 title: Add and Remove Computers (Windows 10)
 description: Add and Remove Computers
 ms.assetid: cb6f3a78-ece0-4dc7-b086-cb003d82cd52
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/deploy/add-remove-product-key-vamt.md b/windows/deploy/add-remove-product-key-vamt.md
index 5776806c20..d659ae2507 100644
--- a/windows/deploy/add-remove-product-key-vamt.md
+++ b/windows/deploy/add-remove-product-key-vamt.md
@@ -2,7 +2,7 @@
 title: Add and Remove a Product Key (Windows 10)
 description: Add and Remove a Product Key
 ms.assetid: feac32bb-fb96-4802-81b8-c69220dcfcce
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
index 8a21466ddb..39133a9d8c 100644
--- a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -3,7 +3,7 @@ title: Appendix Information sent to Microsoft during activation (Windows 10)
 ms.assetid: 4bfff495-07d0-4385-86e3-7a077cbd64b8
 description: 
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
index dab995bb1e..1319888616 100644
--- a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
+++ b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
@@ -3,7 +3,7 @@ title: Assign applications using roles in MDT (Windows 10)
 description: This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer.
 ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7
 keywords: settings, database, deploy
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
index 32a354ad0e..f015c71c1f 100644
--- a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
@@ -3,7 +3,7 @@ title: Build a distributed environment for Windows 10 deployment (Windows 10)
 description: In this topic, you will learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
 ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
 keywords: replication, replicate, deploy, configure, remote
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index 3ca65edd17..00404f4def 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -2,10 +2,10 @@
 title: Change history for Deploy Windows 10 (Windows 10)
 description: This topic lists new and updated topics in the Deploy Windows 10 documentation for Windows 10 and Windows 10 Mobile.
 ms.assetid: 19C50373-6B25-4F5C-A6EF-643D36904349
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Change history for Deploy Windows 10
diff --git a/windows/deploy/configure-client-computers-vamt.md b/windows/deploy/configure-client-computers-vamt.md
index b3618bac74..704c8d01f9 100644
--- a/windows/deploy/configure-client-computers-vamt.md
+++ b/windows/deploy/configure-client-computers-vamt.md
@@ -2,7 +2,7 @@
 title: Configure Client Computers (Windows 10)
 description: Configure Client Computers
 ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
index 590f112414..a94bee6b7b 100644
--- a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
+++ b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
@@ -3,7 +3,7 @@ title: Configure MDT for UserExit scripts (Windows 10)
 description: In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
 ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7
 keywords: rules, script
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/configure-mdt-2013-settings.md b/windows/deploy/configure-mdt-2013-settings.md
index af41a8a1bb..ba84efd5c1 100644
--- a/windows/deploy/configure-mdt-2013-settings.md
+++ b/windows/deploy/configure-mdt-2013-settings.md
@@ -3,7 +3,7 @@ title: Configure MDT settings (Windows 10)
 description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) 2013 is its extension capabilities; there is virtually no limitation to what you can do in terms of customization.
 ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
 keywords: customize, customization, deploy, features, tools
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/configure-mdt-deployment-share-rules.md b/windows/deploy/configure-mdt-deployment-share-rules.md
index 908f92144b..5eeadbbfd6 100644
--- a/windows/deploy/configure-mdt-deployment-share-rules.md
+++ b/windows/deploy/configure-mdt-deployment-share-rules.md
@@ -3,7 +3,7 @@ title: Configure MDT deployment share rules (Windows 10)
 description: In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine.
 ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
 keywords: rules, configuration, automate, deploy
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 049c3e93c2..a5cbfb7886 100644
--- a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
 description: In Microsoft System Center 2012 R2 Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
-keywords: ["tool, customize, deploy, boot image"]
-ms.prod: W10
+keywords: tool, customize, deploy, boot image
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 03c856a7dc..0838ebde59 100644
--- a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -2,9 +2,10 @@
 title: Create a task sequence with Configuration Manager and MDT (Windows 10)
 description: In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
 ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
-keywords: ["deploy, upgrade, task sequence, install"]
-ms.prod: W10
+keywords: deploy, upgrade, task sequence, install
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: mdt
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/create-a-windows-10-reference-image.md b/windows/deploy/create-a-windows-10-reference-image.md
index f81f4eac9a..50ec7f2fcf 100644
--- a/windows/deploy/create-a-windows-10-reference-image.md
+++ b/windows/deploy/create-a-windows-10-reference-image.md
@@ -3,7 +3,7 @@ title: Create a Windows 10 reference image (Windows 10)
 description: Creating a reference image is important because that image serves as the foundation for the devices in your organization.
 ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa
 keywords: deploy, deployment, configure, customize, install, installation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index c47ac7bc38..5dbd28f0c8 100644
--- a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Create an application to deploy with Windows 10 using Configuration Manager (Windows 10)
 description: Microsoft System Center 2012 R2 Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
 ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
-keywords: ["deployment, task sequence, custom, customize"]
-ms.prod: W10
+keywords: deployment, task sequence, custom, customize
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/deploy-a-windows-10-image-using-mdt.md b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
index 23176dbd84..7f92cbc0d8 100644
--- a/windows/deploy/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
@@ -2,8 +2,8 @@
 title: Deploy a Windows 10 image using MDT 2013 Update 2 (Windows 10)
 description: This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically.
 ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c
-keywords: [eployment, automate, tools, configure
-ms.prod: W10
+keywords: deployment, automate, tools, configure
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
index 0cdf8e0509..2bc874cf8b 100644
--- a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
 description: In this topic, you will learn how to deploy Windows 10 using Microsoft System Center 2012 R2 Configuration Manager deployment packages and task sequences.
 ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
-keywords: ["deployment, image, UEFI, task sequence"]
-ms.prod: W10
+keywords: deployment, image, UEFI, task sequence
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
index 32ee03ca6c..e3e558c24b 100644
--- a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Deploy Windows 10 with System Center 2012 R2 Configuration Manager (Windows 10)
 description: If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10.
 ms.assetid: eacd7b7b-dde0-423d-97cd-29bde9e8b363
-keywords: ["deployment, custom, boot"]
-ms.prod: W10
+keywords: deployment, custom, boot
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
index 765f29c16d..93028930c5 100644
--- a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -3,7 +3,7 @@ title: Deploy Windows 10 with the Microsoft Deployment Toolkit (Windows 10)
 description: This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically.
 ms.assetid: 837f009c-617e-4b3f-9028-2246067ee0fb
 keywords: deploy, tools, configure, script
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/deploy-windows-to-go.md b/windows/deploy/deploy-windows-to-go.md
index 609ae81687..b4e13c5b8c 100644
--- a/windows/deploy/deploy-windows-to-go.md
+++ b/windows/deploy/deploy-windows-to-go.md
@@ -2,10 +2,11 @@
 title: Deploy Windows To Go in your organization (Windows 10)
 description: This topic helps you to deploy Windows To Go in your organization.
 ms.assetid: cfe550be-ffbd-42d1-ab4d-80efae49b07f
-keywords: ["deployment, USB, device, BitLocker, workspace, security, data"]
-ms.prod: W10
+keywords: deployment, USB, device, BitLocker, workspace, security, data
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: mobility
 author: mtniehaus
 ---
 
diff --git a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 67136031be..2ed9de7378 100644
--- a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Finalize the operating system configuration for Windows 10 deployment with Configuration Manager (Windows 10)
 description: This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence.
 ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
-keywords: ["configure, deploy, upgrade"]
-ms.prod: W10
+keywords: configure, deploy, upgrade
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
index 57d9153cb2..85ad95c548 100644
--- a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
@@ -3,7 +3,7 @@ title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10)
 description: This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 in particular, as part of a Windows operating system deployment.
 ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee
 keywords: deploy, image, feature, install, tools
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/getting-started-with-the-user-state-migration-tool.md b/windows/deploy/getting-started-with-the-user-state-migration-tool.md
index d83c01ec2d..8dae688326 100644
--- a/windows/deploy/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deploy/getting-started-with-the-user-state-migration-tool.md
@@ -2,10 +2,10 @@
 title: Getting Started with the User State Migration Tool (USMT) (Windows 10)
 description: Getting Started with the User State Migration Tool (USMT)
 ms.assetid: 506ff1d2-94b8-4460-8672-56aad963504b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Getting Started with the User State Migration Tool (USMT)
diff --git a/windows/deploy/import-export-vamt-data.md b/windows/deploy/import-export-vamt-data.md
index aff3d6376f..d33f27e139 100644
--- a/windows/deploy/import-export-vamt-data.md
+++ b/windows/deploy/import-export-vamt-data.md
@@ -2,7 +2,7 @@
 title: Import and Export VAMT Data (Windows 10)
 description: Import and Export VAMT Data
 ms.assetid: 09a2c595-1a61-4da6-bd46-4ba8763cfd4f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/index.md b/windows/deploy/index.md
index a3b28ded45..0e5d1a0f8b 100644
--- a/windows/deploy/index.md
+++ b/windows/deploy/index.md
@@ -2,10 +2,10 @@
 title: Deploy Windows 10 (Windows 10)
 description: Learn about deploying Windows 10 for IT professionals.
 ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Deploy Windows 10
diff --git a/windows/deploy/install-configure-vamt.md b/windows/deploy/install-configure-vamt.md
index a660854f6f..49b3f8ec44 100644
--- a/windows/deploy/install-configure-vamt.md
+++ b/windows/deploy/install-configure-vamt.md
@@ -2,7 +2,7 @@
 title: Install and Configure VAMT (Windows 10)
 description: Install and Configure VAMT
 ms.assetid: 5c7ae9b9-0dbc-4277-bc4f-8b3e4ab0bf50
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/install-kms-client-key-vamt.md b/windows/deploy/install-kms-client-key-vamt.md
index f1e5cd2769..9605053d6a 100644
--- a/windows/deploy/install-kms-client-key-vamt.md
+++ b/windows/deploy/install-kms-client-key-vamt.md
@@ -2,7 +2,7 @@
 title: Install a KMS Client Key (Windows 10)
 description: Install a KMS Client Key
 ms.assetid: d234468e-7917-4cf5-b0a8-4968454f7759
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/install-product-key-vamt.md b/windows/deploy/install-product-key-vamt.md
index a3f4a3760e..71817b7b80 100644
--- a/windows/deploy/install-product-key-vamt.md
+++ b/windows/deploy/install-product-key-vamt.md
@@ -2,7 +2,7 @@
 title: Install a Product Key (Windows 10)
 description: Install a Product Key
 ms.assetid: 78812c87-2208-4f8b-9c2c-5a8a18b2d648
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/install-vamt.md b/windows/deploy/install-vamt.md
index 02275fb993..07a9a72b5b 100644
--- a/windows/deploy/install-vamt.md
+++ b/windows/deploy/install-vamt.md
@@ -2,7 +2,7 @@
 title: Install VAMT (Windows 10)
 description: Install VAMT
 ms.assetid: 2eabd3e2-0a68-43a5-8189-2947e46482fc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
index 1ad2dbc2bd..4a30f0f74c 100644
--- a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
+++ b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
@@ -4,7 +4,7 @@ description: This topic will help you understand the benefits of integrating the
 ms.assetid: 3bd1cf92-81e5-48dc-b874-0f5d9472e5a5
 ms.pagetype: mdt
 keywords: deploy, image, customize, task sequence
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/introduction-vamt.md b/windows/deploy/introduction-vamt.md
index ee0060ad4e..3d51c0dd02 100644
--- a/windows/deploy/introduction-vamt.md
+++ b/windows/deploy/introduction-vamt.md
@@ -2,7 +2,7 @@
 title: Introduction to VAMT (Windows 10)
 description: Introduction to VAMT
 ms.assetid: 0439685e-0bae-4967-b0d4-dd84ca6d7fa7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/key-features-in-mdt-2013.md b/windows/deploy/key-features-in-mdt-2013.md
index 7982bb6d03..03f562ac8e 100644
--- a/windows/deploy/key-features-in-mdt-2013.md
+++ b/windows/deploy/key-features-in-mdt-2013.md
@@ -3,7 +3,7 @@ title: Key features in MDT 2013 Update 2 (Windows 10)
 description: The Microsoft Deployment Toolkit (MDT) has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0.
 ms.assetid: 858e384f-e9db-4a93-9a8b-101a503e4868
 keywords: deploy, feature, tools, upgrade, migrate, provisioning
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/kms-activation-vamt.md b/windows/deploy/kms-activation-vamt.md
index 4cd554a80b..beed3fb86f 100644
--- a/windows/deploy/kms-activation-vamt.md
+++ b/windows/deploy/kms-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Perform KMS Activation (Windows 10)
 description: Perform KMS Activation
 ms.assetid: 5a3ae8e6-083e-4153-837e-ab0a225c1d10
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/local-reactivation-vamt.md b/windows/deploy/local-reactivation-vamt.md
index 2cd36eb80b..72b132e799 100644
--- a/windows/deploy/local-reactivation-vamt.md
+++ b/windows/deploy/local-reactivation-vamt.md
@@ -2,7 +2,7 @@
 title: Perform Local Reactivation (Windows 10)
 description: Perform Local Reactivation
 ms.assetid: aacd5ded-da11-4d27-a866-3f57332f5dec
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/manage-activations-vamt.md b/windows/deploy/manage-activations-vamt.md
index 1f15048dea..effac81fd1 100644
--- a/windows/deploy/manage-activations-vamt.md
+++ b/windows/deploy/manage-activations-vamt.md
@@ -2,7 +2,7 @@
 title: Manage Activations (Windows 10)
 description: Manage Activations
 ms.assetid: 53bad9ed-9430-4f64-a8de-80613870862c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/manage-product-keys-vamt.md b/windows/deploy/manage-product-keys-vamt.md
index fffe5de77e..a495718fe7 100644
--- a/windows/deploy/manage-product-keys-vamt.md
+++ b/windows/deploy/manage-product-keys-vamt.md
@@ -2,7 +2,7 @@
 title: Manage Product Keys (Windows 10)
 description: Manage Product Keys
 ms.assetid: 4c6c4216-b4b7-437c-904e-4cb257f913cd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/manage-vamt-data.md b/windows/deploy/manage-vamt-data.md
index adbd4c4ec6..00bbd3982f 100644
--- a/windows/deploy/manage-vamt-data.md
+++ b/windows/deploy/manage-vamt-data.md
@@ -2,7 +2,7 @@
 title: Manage VAMT Data (Windows 10)
 description: Manage VAMT Data
 ms.assetid: 233eefa4-3125-4965-a12d-297a67079dc4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/mdt-2013-lite-touch-components.md b/windows/deploy/mdt-2013-lite-touch-components.md
index 6766bdc104..48f1a250ad 100644
--- a/windows/deploy/mdt-2013-lite-touch-components.md
+++ b/windows/deploy/mdt-2013-lite-touch-components.md
@@ -3,7 +3,7 @@ title: MDT 2013 Update 2 Lite Touch components (Windows 10)
 description: This topic provides an overview of the features in the Microsoft Deployment Toolkit (MDT) 2013 Update 2 that support Lite Touch Installation (LTI) for Windows 10.
 ms.assetid: 7d6fc159-e338-439e-a2e6-1778d0da9089
 keywords: deploy, install, deployment, boot, log, monitor
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/migrate-application-settings.md b/windows/deploy/migrate-application-settings.md
index af79e440f7..6a8ffdc612 100644
--- a/windows/deploy/migrate-application-settings.md
+++ b/windows/deploy/migrate-application-settings.md
@@ -2,10 +2,10 @@
 title: Migrate Application Settings (Windows 10)
 description: Migrate Application Settings
 ms.assetid: 28f70a83-0a3e-4a6b-968a-2b78ccd3cc07
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migrate Application Settings
diff --git a/windows/deploy/migration-store-types-overview.md b/windows/deploy/migration-store-types-overview.md
index cf0c52812e..9ee233402b 100644
--- a/windows/deploy/migration-store-types-overview.md
+++ b/windows/deploy/migration-store-types-overview.md
@@ -2,10 +2,10 @@
 title: Migration Store Types Overview (Windows 10)
 description: Migration Store Types Overview
 ms.assetid: 3b6ce746-76c6-43ff-8cd5-02ed0ae0cf70
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migration Store Types Overview
diff --git a/windows/deploy/monitor-activation-client.md b/windows/deploy/monitor-activation-client.md
index 5a3050cb0b..26c8257cc3 100644
--- a/windows/deploy/monitor-activation-client.md
+++ b/windows/deploy/monitor-activation-client.md
@@ -3,11 +3,11 @@ title: Monitor activation (Windows 10)
 ms.assetid: 264a3e86-c880-4be4-8828-bf4c839dfa26
 description: 
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
-author: CFaw
+author: greg-lindsay
 ---
 
 # Monitor activation
diff --git a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
index 7802d20b05..12aae5a28c 100644
--- a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Monitor the Windows 10 deployment with Configuration Manager (Windows 10)
 description: In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench.
 ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce
-keywords: ["deploy, upgrade"]
-ms.prod: W10
+keywords: deploy, upgrade
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/offline-migration-reference.md b/windows/deploy/offline-migration-reference.md
index 6ad60f1704..f54d3b4c7b 100644
--- a/windows/deploy/offline-migration-reference.md
+++ b/windows/deploy/offline-migration-reference.md
@@ -2,10 +2,10 @@
 title: Offline Migration Reference (Windows 10)
 description: Offline Migration Reference
 ms.assetid: f347547c-d601-4c3e-8f2d-0138edeacfda
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Offline Migration Reference
diff --git a/windows/deploy/online-activation-vamt.md b/windows/deploy/online-activation-vamt.md
index 5f537d3e20..65311aa3e8 100644
--- a/windows/deploy/online-activation-vamt.md
+++ b/windows/deploy/online-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Perform Online Activation (Windows 10)
 description: Perform Online Activation
 ms.assetid: 8381792b-a454-4e66-9b4c-e6e4c9303823
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/plan-for-volume-activation-client.md b/windows/deploy/plan-for-volume-activation-client.md
index 3247677c72..d5ed360f3e 100644
--- a/windows/deploy/plan-for-volume-activation-client.md
+++ b/windows/deploy/plan-for-volume-activation-client.md
@@ -3,7 +3,7 @@ title: Plan for volume activation (Windows 10)
 description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer.
 ms.assetid: f84b005b-c362-4a70-a84e-4287c0d2e4ca
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
index a7b98b2ab3..8f2bbad1b9 100644
--- a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
+++ b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
@@ -3,7 +3,7 @@ title: Prepare for deployment with MDT 2013 Update 2 (Windows 10)
 description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT) 2013 Update 2.
 ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226
 keywords: deploy, system requirements
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index d9735f4ee1..88a8cac968 100644
--- a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10)
 description: This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
 ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
-keywords: ["install, configure, deploy, deployment"]
-ms.prod: W10
+keywords: install, configure, deploy, deployment
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/proxy-activation-vamt.md b/windows/deploy/proxy-activation-vamt.md
index c848bcd8ab..ab273007b8 100644
--- a/windows/deploy/proxy-activation-vamt.md
+++ b/windows/deploy/proxy-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Perform Proxy Activation (Windows 10)
 description: Perform Proxy Activation
 ms.assetid: 35a919ed-f1cc-4d10-9c88-9bd634549dc3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 7d5143cf31..68b0a74563 100644
--- a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
 description: This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2.
 ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
-keywords: ["upgrade, install, installation, computer refresh"]
-ms.prod: W10
+keywords: upgrade, install, installation, computer refresh
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
index 70dadf1711..f6ea4a2125 100644
--- a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
@@ -3,7 +3,7 @@ title: Refresh a Windows 7 computer with Windows 10 (Windows 10)
 description: This topic will show you how to use MDT 2013 Update 2 Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process.
 ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f
 keywords: reinstallation, customize, template, script, restore
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/remove-products-vamt.md b/windows/deploy/remove-products-vamt.md
index 8dca272b68..da875ea27e 100644
--- a/windows/deploy/remove-products-vamt.md
+++ b/windows/deploy/remove-products-vamt.md
@@ -2,7 +2,7 @@
 title: Remove Products (Windows 10)
 description: Remove Products
 ms.assetid: 4d44379e-dda1-4a8f-8ebf-395b6c0dad8e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 44bc003fca..b9f521531f 100644
--- a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -2,8 +2,8 @@
 title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
 description: In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft System Center 2012 R2 Configuration Manager.
 ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
-keywords: ["upgrade, install, installation, replace computer, setup"]
-ms.prod: W10
+keywords: upgrade, install, installation, replace computer, setup
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
index bc78de5970..a862edf501 100644
--- a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -3,7 +3,7 @@ title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
 description: A computer replace scenario for Windows 10 is quite similar to a computer refresh for Windows 10; however, because you are replacing a machine, you cannot store the backup on the old computer.
 ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 keywords: deploy, deployment, replace
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/scenario-kms-activation-vamt.md b/windows/deploy/scenario-kms-activation-vamt.md
index a43796b90b..385af084f9 100644
--- a/windows/deploy/scenario-kms-activation-vamt.md
+++ b/windows/deploy/scenario-kms-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Scenario 3 KMS Client Activation (Windows 10)
 description: Scenario 3 KMS Client Activation
 ms.assetid: 72b04e8f-cd35-490c-91ab-27ea799b05d0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/scenario-online-activation-vamt.md b/windows/deploy/scenario-online-activation-vamt.md
index 69d308ee9c..41dda833ac 100644
--- a/windows/deploy/scenario-online-activation-vamt.md
+++ b/windows/deploy/scenario-online-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Scenario 1 Online Activation (Windows 10)
 description: Scenario 1 Online Activation
 ms.assetid: 94dba40e-383a-41e4-b74b-9e884facdfd3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/scenario-proxy-activation-vamt.md b/windows/deploy/scenario-proxy-activation-vamt.md
index 8666ae35c6..2e475d02b4 100644
--- a/windows/deploy/scenario-proxy-activation-vamt.md
+++ b/windows/deploy/scenario-proxy-activation-vamt.md
@@ -2,7 +2,7 @@
 title: Scenario 2 Proxy Activation (Windows 10)
 description: Scenario 2 Proxy Activation
 ms.assetid: ed5a8a56-d9aa-4895-918f-dd1898cb2c1a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/set-up-mdt-2013-for-bitlocker.md b/windows/deploy/set-up-mdt-2013-for-bitlocker.md
index 5af8715c60..7a76f8cdf7 100644
--- a/windows/deploy/set-up-mdt-2013-for-bitlocker.md
+++ b/windows/deploy/set-up-mdt-2013-for-bitlocker.md
@@ -3,7 +3,7 @@ title: Set up MDT for BitLocker (Windows 10)
 ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38
 description: 
 keywords: disk, encryption, TPM, configure, secure, script
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/sideload-apps-in-windows-10.md b/windows/deploy/sideload-apps-in-windows-10.md
index 63f3fe6fef..9af7d4e4bc 100644
--- a/windows/deploy/sideload-apps-in-windows-10.md
+++ b/windows/deploy/sideload-apps-in-windows-10.md
@@ -2,10 +2,10 @@
 title: Sideload LOB apps in Windows 10 (Windows 10)
 description: Sideload line-of-business apps in Windows 10.
 ms.assetid: C46B27D0-375B-4F7A-800E-21595CF1D53D
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Sideload LOB apps in Windows 10
diff --git a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
index a8391582fa..a6c8789efb 100644
--- a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -3,7 +3,7 @@ title: Simulate a Windows 10 deployment in a test environment (Windows 10)
 description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT.
 ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c
 keywords: deploy, script
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/understanding-migration-xml-files.md b/windows/deploy/understanding-migration-xml-files.md
index 528c77f8d3..c03bc14e24 100644
--- a/windows/deploy/understanding-migration-xml-files.md
+++ b/windows/deploy/understanding-migration-xml-files.md
@@ -2,10 +2,10 @@
 title: Understanding Migration XML Files (Windows 10)
 description: Understanding Migration XML Files
 ms.assetid: d3d1fe89-085c-4da8-9657-fd54b8bfc4b7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Understanding Migration XML Files
diff --git a/windows/deploy/update-product-status-vamt.md b/windows/deploy/update-product-status-vamt.md
index deca904c0c..0e7af45fec 100644
--- a/windows/deploy/update-product-status-vamt.md
+++ b/windows/deploy/update-product-status-vamt.md
@@ -2,7 +2,7 @@
 title: Update Product Status (Windows 10)
 description: Update Product Status
 ms.assetid: 39d4abd4-801a-4e8f-9b8c-425a24a96764
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/update-windows-10-images-with-provisioning-packages.md b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
index 4a553d8b90..e9415d414b 100644
--- a/windows/deploy/update-windows-10-images-with-provisioning-packages.md
+++ b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
@@ -2,8 +2,8 @@
 title: Update Windows 10 images with provisioning packages (Windows 10)
 description: Use a provisioning package to apply settings, profiles, and file assets to a Windows 10 image.
 ms.assetid: 3CA345D2-B60A-4860-A3BF-174713C3D3A6
-keywords: ["provisioning", "bulk deployment", "image"]
-ms.prod: W10
+keywords: provisioning, bulk deployment, image
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
index 030ab711f2..0f66363610 100644
--- a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
+++ b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
@@ -2,8 +2,8 @@
 title: Upgrade to Windows 10 with System Center Configuration Manager (Windows 10)
 description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
-keywords: ["upgrade, update, task sequence, deploy"]
-ms.prod: W10
+keywords: upgrade, update, task sequence, deploy
+ms.prod: w10
 ms.mktglfcycl: deploy
 author: mtniehaus
 ---
diff --git a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 35b90474ab..18dfaf7fdf 100644
--- a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -3,7 +3,7 @@ title: Upgrade to Windows 10 with the Microsoft Deployment Toolkit (Windows 10)
 description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
 ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
 keywords: upgrade, update, task sequence, deploy
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
index 229fb16df0..64e70ced04 100644
--- a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
+++ b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
@@ -3,7 +3,7 @@ title: Use Orchestrator runbooks with MDT (Windows 10)
 description: This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
 ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
 keywords: web services, database
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
diff --git a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index 14749270e7..32208d3e25 100644
--- a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -4,7 +4,7 @@ description: This topic is designed to teach you how to use the MDT database to
 ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46
 ms.pagetype: mdt
 keywords: database, permissions, settings, configure, deploy
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/use-the-volume-activation-management-tool-client.md b/windows/deploy/use-the-volume-activation-management-tool-client.md
index 4303bd18a1..1e4f5c32b2 100644
--- a/windows/deploy/use-the-volume-activation-management-tool-client.md
+++ b/windows/deploy/use-the-volume-activation-management-tool-client.md
@@ -3,7 +3,7 @@ title: Use the Volume Activation Management Tool (Windows 10)
 description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys.
 ms.assetid: b11f0aee-7b60-44d1-be40-c960fc6c4c47
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/use-vamt-in-windows-powershell.md b/windows/deploy/use-vamt-in-windows-powershell.md
index 1247d95759..01de72d0a6 100644
--- a/windows/deploy/use-vamt-in-windows-powershell.md
+++ b/windows/deploy/use-vamt-in-windows-powershell.md
@@ -2,7 +2,7 @@
 title: Use VAMT in Windows PowerShell (Windows 10)
 description: Use VAMT in Windows PowerShell
 ms.assetid: 13e0ceec-d827-4681-a5c3-8704349e3ba9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/use-web-services-in-mdt-2013.md b/windows/deploy/use-web-services-in-mdt-2013.md
index 6fbe628335..1d8755df14 100644
--- a/windows/deploy/use-web-services-in-mdt-2013.md
+++ b/windows/deploy/use-web-services-in-mdt-2013.md
@@ -3,7 +3,7 @@ title: Use web services in MDT (Windows 10)
 description: In this topic, you will learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
 ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
 keywords: deploy, web apps
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: mdt
 ms.sitesec: library
diff --git a/windows/deploy/usmt-best-practices.md b/windows/deploy/usmt-best-practices.md
index b8772fe9f4..8da6b08353 100644
--- a/windows/deploy/usmt-best-practices.md
+++ b/windows/deploy/usmt-best-practices.md
@@ -2,10 +2,10 @@
 title: USMT Best Practices (Windows 10)
 description: USMT Best Practices
 ms.assetid: e3cb1e78-4230-4eae-b179-e6e9160542d2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # USMT Best Practices
diff --git a/windows/deploy/usmt-choose-migration-store-type.md b/windows/deploy/usmt-choose-migration-store-type.md
index 3e3f520ceb..5938b48748 100644
--- a/windows/deploy/usmt-choose-migration-store-type.md
+++ b/windows/deploy/usmt-choose-migration-store-type.md
@@ -2,10 +2,10 @@
 title: Choose a Migration Store Type (Windows 10)
 description: Choose a Migration Store Type
 ms.assetid: 4e163e90-9c57-490b-b849-2ed52ab6765f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Choose a Migration Store Type
diff --git a/windows/deploy/usmt-command-line-syntax.md b/windows/deploy/usmt-command-line-syntax.md
index 8e62c88e30..22cf9c33aa 100644
--- a/windows/deploy/usmt-command-line-syntax.md
+++ b/windows/deploy/usmt-command-line-syntax.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Command-line Syntax (Windows 10)
 description: User State Migration Tool (USMT) Command-line Syntax
 ms.assetid: f9d205c9-e824-46c7-8d8b-d7e4b52fd514
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Command-line Syntax
diff --git a/windows/deploy/usmt-common-issues.md b/windows/deploy/usmt-common-issues.md
index d1865b8873..88980d6d7b 100644
--- a/windows/deploy/usmt-common-issues.md
+++ b/windows/deploy/usmt-common-issues.md
@@ -2,10 +2,10 @@
 title: Common Issues (Windows 10)
 description: Common Issues
 ms.assetid: 5a37e390-8617-4768-9eee-50397fbbb2e1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Common Issues
diff --git a/windows/deploy/usmt-common-migration-scenarios.md b/windows/deploy/usmt-common-migration-scenarios.md
index dd61667933..9262ef9b0f 100644
--- a/windows/deploy/usmt-common-migration-scenarios.md
+++ b/windows/deploy/usmt-common-migration-scenarios.md
@@ -2,10 +2,10 @@
 title: Common Migration Scenarios (Windows 10)
 description: Common Migration Scenarios
 ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Common Migration Scenarios
diff --git a/windows/deploy/usmt-configxml-file.md b/windows/deploy/usmt-configxml-file.md
index dea99cd9e0..4484c03e2d 100644
--- a/windows/deploy/usmt-configxml-file.md
+++ b/windows/deploy/usmt-configxml-file.md
@@ -2,10 +2,10 @@
 title: Config.xml File (Windows 10)
 description: Config.xml File
 ms.assetid: 9dc98e76-5155-4641-bcb3-81915db538e8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Config.xml File
diff --git a/windows/deploy/usmt-conflicts-and-precedence.md b/windows/deploy/usmt-conflicts-and-precedence.md
index 9de02f7dca..3b570d51e5 100644
--- a/windows/deploy/usmt-conflicts-and-precedence.md
+++ b/windows/deploy/usmt-conflicts-and-precedence.md
@@ -2,10 +2,10 @@
 title: Conflicts and Precedence (Windows 10)
 description: Conflicts and Precedence
 ms.assetid: 0e2691a8-ff1e-4424-879b-4d5a2f8a113a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Conflicts and Precedence
diff --git a/windows/deploy/usmt-custom-xml-examples.md b/windows/deploy/usmt-custom-xml-examples.md
index c1fa2bd582..4d60c4903c 100644
--- a/windows/deploy/usmt-custom-xml-examples.md
+++ b/windows/deploy/usmt-custom-xml-examples.md
@@ -2,10 +2,10 @@
 title: Custom XML Examples (Windows 10)
 description: Custom XML Examples
 ms.assetid: 48f441d9-6c66-43ef-91e9-7c78cde6fcc0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Custom XML Examples
diff --git a/windows/deploy/usmt-customize-xml-files.md b/windows/deploy/usmt-customize-xml-files.md
index 94619ce485..30930f05ad 100644
--- a/windows/deploy/usmt-customize-xml-files.md
+++ b/windows/deploy/usmt-customize-xml-files.md
@@ -2,10 +2,10 @@
 title: Customize USMT XML Files (Windows 10)
 description: Customize USMT XML Files
 ms.assetid: d58363c1-fd13-4f65-8b91-9986659dc93e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Customize USMT XML Files
diff --git a/windows/deploy/usmt-determine-what-to-migrate.md b/windows/deploy/usmt-determine-what-to-migrate.md
index 24c81b0742..27ad2ea86d 100644
--- a/windows/deploy/usmt-determine-what-to-migrate.md
+++ b/windows/deploy/usmt-determine-what-to-migrate.md
@@ -2,10 +2,10 @@
 title: Determine What to Migrate (Windows 10)
 description: Determine What to Migrate
 ms.assetid: 01ae1d13-c3eb-4618-b39d-ee5d18d55761
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Determine What to Migrate
diff --git a/windows/deploy/usmt-estimate-migration-store-size.md b/windows/deploy/usmt-estimate-migration-store-size.md
index 1dbd440416..a331a99c09 100644
--- a/windows/deploy/usmt-estimate-migration-store-size.md
+++ b/windows/deploy/usmt-estimate-migration-store-size.md
@@ -2,10 +2,10 @@
 title: Estimate Migration Store Size (Windows 10)
 description: Estimate Migration Store Size
 ms.assetid: cfb9062b-7a2a-467a-a24e-0b31ce830093
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Estimate Migration Store Size
diff --git a/windows/deploy/usmt-exclude-files-and-settings.md b/windows/deploy/usmt-exclude-files-and-settings.md
index 99918b8c5c..e856679334 100644
--- a/windows/deploy/usmt-exclude-files-and-settings.md
+++ b/windows/deploy/usmt-exclude-files-and-settings.md
@@ -2,10 +2,10 @@
 title: Exclude Files and Settings (Windows 10)
 description: Exclude Files and Settings
 ms.assetid: df85baf1-6e29-4995-a4bb-ba3f8f7fed0b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Exclude Files and Settings
diff --git a/windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md
index 8bd8e87680..c679d58b27 100644
--- a/windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md
+++ b/windows/deploy/usmt-extract-files-from-a-compressed-migration-store.md
@@ -2,10 +2,10 @@
 title: Extract Files from a Compressed USMT Migration Store (Windows 10)
 description: Extract Files from a Compressed USMT Migration Store
 ms.assetid: ad9fbd6e-f89e-4444-8538-9b11566b1f33
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Extract Files from a Compressed USMT Migration Store
diff --git a/windows/deploy/usmt-faq.md b/windows/deploy/usmt-faq.md
index e69272bc26..715340a82d 100644
--- a/windows/deploy/usmt-faq.md
+++ b/windows/deploy/usmt-faq.md
@@ -2,10 +2,10 @@
 title: Frequently Asked Questions (Windows 10)
 description: Frequently Asked Questions
 ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Frequently Asked Questions
diff --git a/windows/deploy/usmt-general-conventions.md b/windows/deploy/usmt-general-conventions.md
index ab6c9ad6b3..020557c402 100644
--- a/windows/deploy/usmt-general-conventions.md
+++ b/windows/deploy/usmt-general-conventions.md
@@ -2,10 +2,10 @@
 title: General Conventions (Windows 10)
 description: General Conventions
 ms.assetid: 5761986e-a847-41bd-bf8e-7c1bd01acbc6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # General Conventions
diff --git a/windows/deploy/usmt-hard-link-migration-store.md b/windows/deploy/usmt-hard-link-migration-store.md
index afddeaf45d..e65487a0bd 100644
--- a/windows/deploy/usmt-hard-link-migration-store.md
+++ b/windows/deploy/usmt-hard-link-migration-store.md
@@ -2,10 +2,10 @@
 title: Hard-Link Migration Store (Windows 10)
 description: Hard-Link Migration Store
 ms.assetid: b0598418-4607-4952-bfa3-b6e4aaa2c574
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Hard-Link Migration Store
diff --git a/windows/deploy/usmt-how-it-works.md b/windows/deploy/usmt-how-it-works.md
index 8e6b12231e..0c274924a6 100644
--- a/windows/deploy/usmt-how-it-works.md
+++ b/windows/deploy/usmt-how-it-works.md
@@ -2,10 +2,10 @@
 title: How USMT Works (Windows 10)
 description: How USMT Works
 ms.assetid: 5c8bd669-9e1e-473d-81e6-652f40b24171
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # How USMT Works
diff --git a/windows/deploy/usmt-how-to.md b/windows/deploy/usmt-how-to.md
index 4baa318509..1a22d71262 100644
--- a/windows/deploy/usmt-how-to.md
+++ b/windows/deploy/usmt-how-to.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) How-to topics (Windows 10)
 description: User State Migration Tool (USMT) How-to topics
 ms.assetid: 7b9a2f2a-a43a-4984-9746-a767f9f1c7e3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) How-to topics
diff --git a/windows/deploy/usmt-identify-application-settings.md b/windows/deploy/usmt-identify-application-settings.md
index ca14712f31..5fa216f2b3 100644
--- a/windows/deploy/usmt-identify-application-settings.md
+++ b/windows/deploy/usmt-identify-application-settings.md
@@ -2,10 +2,10 @@
 title: Identify Applications Settings (Windows 10)
 description: Identify Applications Settings
 ms.assetid: eda68031-9b02-4a5b-a893-3786a6505381
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Identify Applications Settings
diff --git a/windows/deploy/usmt-identify-file-types-files-and-folders.md b/windows/deploy/usmt-identify-file-types-files-and-folders.md
index 3ab8ded02b..49766ca745 100644
--- a/windows/deploy/usmt-identify-file-types-files-and-folders.md
+++ b/windows/deploy/usmt-identify-file-types-files-and-folders.md
@@ -2,10 +2,10 @@
 title: Identify File Types, Files, and Folders (Windows 10)
 description: Identify File Types, Files, and Folders
 ms.assetid: 93bb2a33-c126-4f7a-a961-6c89686d54e0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Identify File Types, Files, and Folders
diff --git a/windows/deploy/usmt-identify-operating-system-settings.md b/windows/deploy/usmt-identify-operating-system-settings.md
index 232fabdc33..27fd8c0c25 100644
--- a/windows/deploy/usmt-identify-operating-system-settings.md
+++ b/windows/deploy/usmt-identify-operating-system-settings.md
@@ -2,10 +2,10 @@
 title: Identify Operating System Settings (Windows 10)
 description: Identify Operating System Settings
 ms.assetid: 1704ab18-1765-41fb-a27c-3aa3128fa242
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Identify Operating System Settings
diff --git a/windows/deploy/usmt-identify-users.md b/windows/deploy/usmt-identify-users.md
index 1f23cb942d..6d081727c3 100644
--- a/windows/deploy/usmt-identify-users.md
+++ b/windows/deploy/usmt-identify-users.md
@@ -2,10 +2,10 @@
 title: Identify Users (Windows 10)
 description: Identify Users
 ms.assetid: 957a4fe9-79fd-44a2-8c26-33e50f71f9de
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Identify Users
diff --git a/windows/deploy/usmt-include-files-and-settings.md b/windows/deploy/usmt-include-files-and-settings.md
index 6142749d13..411525684e 100644
--- a/windows/deploy/usmt-include-files-and-settings.md
+++ b/windows/deploy/usmt-include-files-and-settings.md
@@ -2,10 +2,10 @@
 title: Include Files and Settings (Windows 10)
 description: Include Files and Settings
 ms.assetid: 9009c6a5-0612-4478-8742-abe5eb6cbac8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Include Files and Settings
diff --git a/windows/deploy/usmt-loadstate-syntax.md b/windows/deploy/usmt-loadstate-syntax.md
index a82a0b4357..36c3dfb311 100644
--- a/windows/deploy/usmt-loadstate-syntax.md
+++ b/windows/deploy/usmt-loadstate-syntax.md
@@ -2,10 +2,10 @@
 title: LoadState Syntax (Windows 10)
 description: LoadState Syntax
 ms.assetid: 53d2143b-cbe9-4cfc-8506-36e9d429f6d4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # LoadState Syntax
diff --git a/windows/deploy/usmt-log-files.md b/windows/deploy/usmt-log-files.md
index 89fc388cf9..9796591745 100644
--- a/windows/deploy/usmt-log-files.md
+++ b/windows/deploy/usmt-log-files.md
@@ -2,10 +2,10 @@
 title: Log Files (Windows 10)
 description: Log Files
 ms.assetid: 28185ebd-630a-4bbd-94f4-8c48aad05649
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Log Files
diff --git a/windows/deploy/usmt-migrate-efs-files-and-certificates.md b/windows/deploy/usmt-migrate-efs-files-and-certificates.md
index 43a57ddc5d..d4e2db536f 100644
--- a/windows/deploy/usmt-migrate-efs-files-and-certificates.md
+++ b/windows/deploy/usmt-migrate-efs-files-and-certificates.md
@@ -2,10 +2,10 @@
 title: Migrate EFS Files and Certificates (Windows 10)
 description: Migrate EFS Files and Certificates
 ms.assetid: 7f19a753-ec45-4433-b297-cc30f16fdee1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migrate EFS Files and Certificates
diff --git a/windows/deploy/usmt-migrate-user-accounts.md b/windows/deploy/usmt-migrate-user-accounts.md
index 25c9490cbc..6c87c9b043 100644
--- a/windows/deploy/usmt-migrate-user-accounts.md
+++ b/windows/deploy/usmt-migrate-user-accounts.md
@@ -2,10 +2,10 @@
 title: Migrate User Accounts (Windows 10)
 description: Migrate User Accounts
 ms.assetid: a3668361-43c8-4fd2-b26e-9a2deaeaeb09
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migrate User Accounts
diff --git a/windows/deploy/usmt-migration-store-encryption.md b/windows/deploy/usmt-migration-store-encryption.md
index bb6343401f..1e8ea1a8e0 100644
--- a/windows/deploy/usmt-migration-store-encryption.md
+++ b/windows/deploy/usmt-migration-store-encryption.md
@@ -2,10 +2,10 @@
 title: Migration Store Encryption (Windows 10)
 description: Migration Store Encryption
 ms.assetid: b28c2657-b986-4487-bd38-cb81500b831d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Migration Store Encryption
diff --git a/windows/deploy/usmt-overview.md b/windows/deploy/usmt-overview.md
index f3d7f0b860..928044a3cf 100644
--- a/windows/deploy/usmt-overview.md
+++ b/windows/deploy/usmt-overview.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Overview (Windows 10)
 description: User State Migration Tool (USMT) Overview
 ms.assetid: 3b649431-ad09-4b17-895a-3fec7ac0a81f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Overview
diff --git a/windows/deploy/usmt-plan-your-migration.md b/windows/deploy/usmt-plan-your-migration.md
index eaed479359..2b6ce76d7f 100644
--- a/windows/deploy/usmt-plan-your-migration.md
+++ b/windows/deploy/usmt-plan-your-migration.md
@@ -2,10 +2,10 @@
 title: Plan Your Migration (Windows 10)
 description: Plan Your Migration
 ms.assetid: c951f7df-850e-47ad-b31b-87f902955e3e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Plan Your Migration
diff --git a/windows/deploy/usmt-recognized-environment-variables.md b/windows/deploy/usmt-recognized-environment-variables.md
index 8246122fd9..edebf602f1 100644
--- a/windows/deploy/usmt-recognized-environment-variables.md
+++ b/windows/deploy/usmt-recognized-environment-variables.md
@@ -2,10 +2,10 @@
 title: Recognized Environment Variables (Windows 10)
 description: Recognized Environment Variables
 ms.assetid: 2b0ac412-e131-456e-8f0c-c26249b5f3df
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Recognized Environment Variables
diff --git a/windows/deploy/usmt-reference.md b/windows/deploy/usmt-reference.md
index ffe3b71ef8..753146d6b9 100644
--- a/windows/deploy/usmt-reference.md
+++ b/windows/deploy/usmt-reference.md
@@ -2,10 +2,10 @@
 title: User State Migration Toolkit (USMT) Reference (Windows 10)
 description: User State Migration Toolkit (USMT) Reference
 ms.assetid: 2135dbcf-de49-4cea-b2fb-97dd016e1a1a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Toolkit (USMT) Reference
diff --git a/windows/deploy/usmt-requirements.md b/windows/deploy/usmt-requirements.md
index ace2abc84a..c8632b0b4a 100644
--- a/windows/deploy/usmt-requirements.md
+++ b/windows/deploy/usmt-requirements.md
@@ -2,10 +2,10 @@
 title: USMT Requirements (Windows 10)
 description: USMT Requirements
 ms.assetid: 2b0cf3a3-9032-433f-9622-1f9df59d6806
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # USMT Requirements
diff --git a/windows/deploy/usmt-reroute-files-and-settings.md b/windows/deploy/usmt-reroute-files-and-settings.md
index a948ee7c8c..99dd2eb09c 100644
--- a/windows/deploy/usmt-reroute-files-and-settings.md
+++ b/windows/deploy/usmt-reroute-files-and-settings.md
@@ -2,10 +2,10 @@
 title: Reroute Files and Settings (Windows 10)
 description: Reroute Files and Settings
 ms.assetid: 905e6a24-922c-4549-9732-60fa11862a6c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Reroute Files and Settings
diff --git a/windows/deploy/usmt-resources.md b/windows/deploy/usmt-resources.md
index 0cb115c915..cc268ff816 100644
--- a/windows/deploy/usmt-resources.md
+++ b/windows/deploy/usmt-resources.md
@@ -2,10 +2,10 @@
 title: USMT Resources (Windows 10)
 description: USMT Resources
 ms.assetid: a0b266c7-4bcb-49f1-b63c-48c6ace86b43
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # USMT Resources
diff --git a/windows/deploy/usmt-return-codes.md b/windows/deploy/usmt-return-codes.md
index 4354a11ca8..365b49b5c7 100644
--- a/windows/deploy/usmt-return-codes.md
+++ b/windows/deploy/usmt-return-codes.md
@@ -2,10 +2,10 @@
 title: Return Codes (Windows 10)
 description: Return Codes
 ms.assetid: e71bbc6b-d5a6-4e48-ad01-af0012b35f22
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Return Codes
diff --git a/windows/deploy/usmt-scanstate-syntax.md b/windows/deploy/usmt-scanstate-syntax.md
index ff2636ee8c..5083385534 100644
--- a/windows/deploy/usmt-scanstate-syntax.md
+++ b/windows/deploy/usmt-scanstate-syntax.md
@@ -2,10 +2,10 @@
 title: ScanState Syntax (Windows 10)
 description: ScanState Syntax
 ms.assetid: 004c755f-33db-49e4-8a3b-37beec1480ea
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # ScanState Syntax
diff --git a/windows/deploy/usmt-technical-reference.md b/windows/deploy/usmt-technical-reference.md
index 232f27f2fa..5bdf666976 100644
--- a/windows/deploy/usmt-technical-reference.md
+++ b/windows/deploy/usmt-technical-reference.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Technical Reference (Windows 10)
 description: The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
 ms.assetid: f90bf58b-5529-4520-a9f8-b6cb4e4d3add
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Technical Reference
diff --git a/windows/deploy/usmt-test-your-migration.md b/windows/deploy/usmt-test-your-migration.md
index 05e999a34d..e460f17de8 100644
--- a/windows/deploy/usmt-test-your-migration.md
+++ b/windows/deploy/usmt-test-your-migration.md
@@ -2,10 +2,10 @@
 title: Test Your Migration (Windows 10)
 description: Test Your Migration
 ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Test Your Migration
diff --git a/windows/deploy/usmt-topics.md b/windows/deploy/usmt-topics.md
index a58a88b007..4fe5cace86 100644
--- a/windows/deploy/usmt-topics.md
+++ b/windows/deploy/usmt-topics.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Overview Topics (Windows 10)
 description: User State Migration Tool (USMT) Overview Topics
 ms.assetid: 23170271-130b-416f-a7a7-c2f6adc32eee
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Overview Topics
diff --git a/windows/deploy/usmt-troubleshooting.md b/windows/deploy/usmt-troubleshooting.md
index 576f9801c9..33296077f4 100644
--- a/windows/deploy/usmt-troubleshooting.md
+++ b/windows/deploy/usmt-troubleshooting.md
@@ -2,10 +2,10 @@
 title: User State Migration Tool (USMT) Troubleshooting (Windows 10)
 description: User State Migration Tool (USMT) Troubleshooting
 ms.assetid: 770f45bb-2284-463f-a29c-69c04f437533
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Troubleshooting
diff --git a/windows/deploy/usmt-utilities.md b/windows/deploy/usmt-utilities.md
index eb9081b082..08df5661f2 100644
--- a/windows/deploy/usmt-utilities.md
+++ b/windows/deploy/usmt-utilities.md
@@ -2,10 +2,10 @@
 title: UsmtUtils Syntax (Windows 10)
 description: UsmtUtils Syntax
 ms.assetid: cdab7f2d-dd68-4016-b9ed-41ffa743b65c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # UsmtUtils Syntax
diff --git a/windows/deploy/usmt-what-does-usmt-migrate.md b/windows/deploy/usmt-what-does-usmt-migrate.md
index 83b3851c29..89ba8aa60b 100644
--- a/windows/deploy/usmt-what-does-usmt-migrate.md
+++ b/windows/deploy/usmt-what-does-usmt-migrate.md
@@ -2,10 +2,10 @@
 title: What Does USMT Migrate (Windows 10)
 description: What Does USMT Migrate
 ms.assetid: f613987d-0f17-43fe-9717-6465865ceda7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # What Does USMT Migrate?
diff --git a/windows/deploy/usmt-xml-elements-library.md b/windows/deploy/usmt-xml-elements-library.md
index 87ffc8c9c3..f4f412fc2a 100644
--- a/windows/deploy/usmt-xml-elements-library.md
+++ b/windows/deploy/usmt-xml-elements-library.md
@@ -2,10 +2,10 @@
 title: XML Elements Library (Windows 10)
 description: XML Elements Library
 ms.assetid: f5af0f6d-c3bf-4a4c-a0ca-9db7985f954f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # XML Elements Library
diff --git a/windows/deploy/usmt-xml-reference.md b/windows/deploy/usmt-xml-reference.md
index 49d7403f8f..4023b52759 100644
--- a/windows/deploy/usmt-xml-reference.md
+++ b/windows/deploy/usmt-xml-reference.md
@@ -2,10 +2,10 @@
 title: USMT XML Reference (Windows 10)
 description: USMT XML Reference
 ms.assetid: fb946975-0fee-4ec0-b3ef-7c34945ee96f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # USMT XML Reference
diff --git a/windows/deploy/vamt-known-issues.md b/windows/deploy/vamt-known-issues.md
index 1e014a3e46..4aa2185e8f 100644
--- a/windows/deploy/vamt-known-issues.md
+++ b/windows/deploy/vamt-known-issues.md
@@ -2,7 +2,7 @@
 title: VAMT Known Issues (Windows 10)
 description: VAMT Known Issues
 ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/vamt-requirements.md b/windows/deploy/vamt-requirements.md
index 9da49547b0..06a8615669 100644
--- a/windows/deploy/vamt-requirements.md
+++ b/windows/deploy/vamt-requirements.md
@@ -2,7 +2,7 @@
 title: VAMT Requirements (Windows 10)
 description: VAMT Requirements
 ms.assetid: d14d152b-ab8a-43cb-a8fd-2279364007b9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/vamt-step-by-step.md b/windows/deploy/vamt-step-by-step.md
index e886684243..5582bd3417 100644
--- a/windows/deploy/vamt-step-by-step.md
+++ b/windows/deploy/vamt-step-by-step.md
@@ -2,7 +2,7 @@
 title: VAMT Step-by-Step Scenarios (Windows 10)
 description: VAMT Step-by-Step Scenarios
 ms.assetid: 455c542c-4860-4b57-a1f0-7e2d28e11a10
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/verify-the-condition-of-a-compressed-migration-store.md b/windows/deploy/verify-the-condition-of-a-compressed-migration-store.md
index 233beb97f0..ee16be2715 100644
--- a/windows/deploy/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deploy/verify-the-condition-of-a-compressed-migration-store.md
@@ -2,10 +2,10 @@
 title: Verify the Condition of a Compressed Migration Store (Windows 10)
 description: Verify the Condition of a Compressed Migration Store
 ms.assetid: 4a3fda96-5f7d-494a-955f-6b865ec9fcae
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Verify the Condition of a Compressed Migration Store
diff --git a/windows/deploy/volume-activation-management-tool.md b/windows/deploy/volume-activation-management-tool.md
index 04af72f880..887c116352 100644
--- a/windows/deploy/volume-activation-management-tool.md
+++ b/windows/deploy/volume-activation-management-tool.md
@@ -2,7 +2,7 @@
 title: Volume Activation Management Tool (VAMT) Technical Reference (Windows 10)
 description: The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
 ms.assetid: 1df0f795-f41c-473b-850c-e98af1ad2f2a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/volume-activation-windows-10.md b/windows/deploy/volume-activation-windows-10.md
index e57043d4ca..eda56e2651 100644
--- a/windows/deploy/volume-activation-windows-10.md
+++ b/windows/deploy/volume-activation-windows-10.md
@@ -3,7 +3,7 @@ title: Volume Activation for Windows 10 (Windows 10)
 description: This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows.
 ms.assetid: 6e8cffae-7322-4fd3-882a-cde68187aef2
 keywords: vamt, volume activation, activation, windows activation
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
diff --git a/windows/deploy/windows-10-deployment-scenarios.md b/windows/deploy/windows-10-deployment-scenarios.md
index 54221f9de3..e76d648bb0 100644
--- a/windows/deploy/windows-10-deployment-scenarios.md
+++ b/windows/deploy/windows-10-deployment-scenarios.md
@@ -2,8 +2,8 @@
 title: Windows 10 deployment scenarios (Windows 10)
 description: To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider.
 ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5
-keywords: ["upgrade, in-place, configuration, deploy"]
-ms.prod: W10
+keywords: upgrade, in-place, configuration, deploy
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/windows-10-deployment-tools-reference.md b/windows/deploy/windows-10-deployment-tools-reference.md
index e71eedae97..597900fb82 100644
--- a/windows/deploy/windows-10-deployment-tools-reference.md
+++ b/windows/deploy/windows-10-deployment-tools-reference.md
@@ -2,10 +2,10 @@
 title: Windows 10 deployment tools reference (Windows 10)
 description: Learn about the tools available to deploy Windows 10.
 ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Windows 10 deployment tools reference
diff --git a/windows/deploy/windows-10-edition-upgrades.md b/windows/deploy/windows-10-edition-upgrades.md
index 72baf3a243..21981254a9 100644
--- a/windows/deploy/windows-10-edition-upgrades.md
+++ b/windows/deploy/windows-10-edition-upgrades.md
@@ -2,10 +2,10 @@
 title: Windows 10 edition upgrade (Windows 10)
 description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported.
 ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Windows 10 edition upgrade
diff --git a/windows/deploy/windows-adk-scenarios-for-it-pros.md b/windows/deploy/windows-adk-scenarios-for-it-pros.md
index 3fb2944f22..8821ada189 100644
--- a/windows/deploy/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deploy/windows-adk-scenarios-for-it-pros.md
@@ -2,10 +2,10 @@
 title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10)
 description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.
 ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Windows ADK for Windows 10 scenarios for IT Pros
diff --git a/windows/deploy/windows-deployment-scenarios-and-tools.md b/windows/deploy/windows-deployment-scenarios-and-tools.md
index a66deb1389..ba4f22b7c5 100644
--- a/windows/deploy/windows-deployment-scenarios-and-tools.md
+++ b/windows/deploy/windows-deployment-scenarios-and-tools.md
@@ -2,8 +2,8 @@
 title: Windows 10 deployment tools (Windows 10)
 description: To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process.
 ms.assetid: 0d6cee1f-14c4-4b69-b29a-43b0b327b877
-keywords: ["deploy, volume activation, BitLocker, recovery, install, installation, VAMT, MDT, USMT, WDS"]
-ms.prod: W10
+keywords: deploy, volume activation, BitLocker, recovery, install, installation, VAMT, MDT, USMT, WDS
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
diff --git a/windows/deploy/windows-upgrade-and-migration-considerations.md b/windows/deploy/windows-upgrade-and-migration-considerations.md
index 2b5ee05766..7763b0502d 100644
--- a/windows/deploy/windows-upgrade-and-migration-considerations.md
+++ b/windows/deploy/windows-upgrade-and-migration-considerations.md
@@ -2,10 +2,10 @@
 title: Windows Upgrade and Migration Considerations (Windows 10)
 description: Windows Upgrade and Migration Considerations
 ms.assetid: 7f85095c-5922-45e9-b28e-91b1263c7281
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # Windows Upgrade and Migration Considerations
diff --git a/windows/deploy/xml-file-requirements.md b/windows/deploy/xml-file-requirements.md
index 50c5e1b161..100306e84d 100644
--- a/windows/deploy/xml-file-requirements.md
+++ b/windows/deploy/xml-file-requirements.md
@@ -2,10 +2,10 @@
 title: XML File Requirements (Windows 10)
 description: XML File Requirements
 ms.assetid: 4b567b50-c50a-4a4f-8684-151fe3f8275f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: greg-lindsay
 ---
 
 # XML File Requirements

From 85211a040e7e671de764ed8c8ddef65178e05cae Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 26 May 2016 15:28:33 -0700
Subject: [PATCH 34/92] updating link

---
 windows/manage/lock-down-windows-10.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/lock-down-windows-10.md b/windows/manage/lock-down-windows-10.md
index 142d9f3824..61004d8822 100644
--- a/windows/manage/lock-down-windows-10.md
+++ b/windows/manage/lock-down-windows-10.md
@@ -47,7 +47,7 @@ Enterprises often need to manage how people use corporate devices. Windows 10 p
 <td align="left"><p>Use this article to make informed decisions about how you can configure Windows telemetry in your organization.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Configure Windows 10 devices to stop data flow to Microsoft](configure-windows-10-devices-to-stop-data-flow-to-microsoft.md)</p></td>
+<td align="left"><p>[Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)</p></td>
 <td align="left"><p>Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro.</p></td>
 </tr>
 <tr class="odd">

From 14d357adbc221d0901af97f14a42711d4fed3fbc Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Thu, 26 May 2016 17:07:01 -0700
Subject: [PATCH 35/92] tagging update

change W10 to w10 (lower case), add security pagetype to various
---
 .../access-credential-manager-as-a-trusted-caller.md         | 2 +-
 windows/keep-secure/access-this-computer-from-the-network.md | 2 +-
 windows/keep-secure/account-lockout-duration.md              | 2 +-
 windows/keep-secure/account-lockout-policy.md                | 2 +-
 windows/keep-secure/account-lockout-threshold.md             | 2 +-
 windows/keep-secure/account-policies.md                      | 2 +-
 windows/keep-secure/accounts-administrator-account-status.md | 2 +-
 windows/keep-secure/accounts-block-microsoft-accounts.md     | 2 +-
 windows/keep-secure/accounts-guest-account-status.md         | 2 +-
 ...l-account-use-of-blank-passwords-to-console-logon-only.md | 2 +-
 windows/keep-secure/accounts-rename-administrator-account.md | 2 +-
 windows/keep-secure/accounts-rename-guest-account.md         | 2 +-
 windows/keep-secure/act-as-part-of-the-operating-system.md   | 2 +-
 .../ad-ds-schema-extensions-to-support-tpm-backup.md         | 2 +-
 .../add-apps-to-protected-list-using-custom-uri.md           | 5 +++--
 ...rules-for-packaged-apps-to-existing-applocker-rule-set.md | 2 +-
 windows/keep-secure/add-workstations-to-domain.md            | 2 +-
 ...figuration-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/adjust-memory-quotas-for-a-process.md    | 2 +-
 windows/keep-secure/administer-applocker.md                  | 2 +-
 windows/keep-secure/administer-security-policy-settings.md   | 2 +-
 .../keep-secure/advanced-security-audit-policy-settings.md   | 2 +-
 windows/keep-secure/advanced-security-auditing-faq.md        | 2 +-
 windows/keep-secure/advanced-security-auditing.md            | 2 +-
 ...erts-queue-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/allow-log-on-locally.md                  | 2 +-
 .../allow-log-on-through-remote-desktop-services.md          | 2 +-
 windows/keep-secure/applocker-architecture-and-components.md | 2 +-
 windows/keep-secure/applocker-functions.md                   | 2 +-
 windows/keep-secure/applocker-overview.md                    | 2 +-
 windows/keep-secure/applocker-policies-deployment-guide.md   | 2 +-
 windows/keep-secure/applocker-policies-design-guide.md       | 2 +-
 windows/keep-secure/applocker-policy-use-scenarios.md        | 2 +-
 windows/keep-secure/applocker-processes-and-interactions.md  | 2 +-
 windows/keep-secure/applocker-settings.md                    | 2 +-
 windows/keep-secure/applocker-technical-reference.md         | 2 +-
 .../apply-a-basic-audit-policy-on-a-file-or-folder.md        | 2 +-
 windows/keep-secure/audit-account-lockout.md                 | 2 +-
 windows/keep-secure/audit-application-generated.md           | 2 +-
 windows/keep-secure/audit-application-group-management.md    | 2 +-
 windows/keep-secure/audit-audit-policy-change.md             | 2 +-
 .../audit-audit-the-access-of-global-system-objects.md       | 2 +-
 .../audit-audit-the-use-of-backup-and-restore-privilege.md   | 2 +-
 windows/keep-secure/audit-authentication-policy-change.md    | 2 +-
 windows/keep-secure/audit-authorization-policy-change.md     | 2 +-
 windows/keep-secure/audit-central-access-policy-staging.md   | 2 +-
 windows/keep-secure/audit-certification-services.md          | 2 +-
 windows/keep-secure/audit-computer-account-management.md     | 2 +-
 windows/keep-secure/audit-credential-validation.md           | 2 +-
 .../audit-detailed-directory-service-replication.md          | 2 +-
 windows/keep-secure/audit-detailed-file-share.md             | 2 +-
 windows/keep-secure/audit-directory-service-access.md        | 2 +-
 windows/keep-secure/audit-directory-service-changes.md       | 2 +-
 windows/keep-secure/audit-directory-service-replication.md   | 2 +-
 windows/keep-secure/audit-distribution-group-management.md   | 2 +-
 windows/keep-secure/audit-dpapi-activity.md                  | 2 +-
 windows/keep-secure/audit-file-share.md                      | 2 +-
 windows/keep-secure/audit-file-system.md                     | 2 +-
 windows/keep-secure/audit-filtering-platform-connection.md   | 2 +-
 windows/keep-secure/audit-filtering-platform-packet-drop.md  | 2 +-
 .../keep-secure/audit-filtering-platform-policy-change.md    | 2 +-
 ...it-force-audit-policy-subcategory-settings-to-override.md | 2 +-
 windows/keep-secure/audit-group-membership.md                | 2 +-
 windows/keep-secure/audit-handle-manipulation.md             | 2 +-
 windows/keep-secure/audit-ipsec-driver.md                    | 2 +-
 windows/keep-secure/audit-ipsec-extended-mode.md             | 2 +-
 windows/keep-secure/audit-ipsec-main-mode.md                 | 2 +-
 windows/keep-secure/audit-ipsec-quick-mode.md                | 2 +-
 windows/keep-secure/audit-kerberos-authentication-service.md | 2 +-
 .../keep-secure/audit-kerberos-service-ticket-operations.md  | 2 +-
 windows/keep-secure/audit-kernel-object.md                   | 2 +-
 windows/keep-secure/audit-logoff.md                          | 2 +-
 windows/keep-secure/audit-logon.md                           | 2 +-
 windows/keep-secure/audit-mpssvc-rule-level-policy-change.md | 2 +-
 windows/keep-secure/audit-network-policy-server.md           | 2 +-
 windows/keep-secure/audit-non-sensitive-privilege-use.md     | 2 +-
 windows/keep-secure/audit-other-account-logon-events.md      | 2 +-
 windows/keep-secure/audit-other-account-management-events.md | 2 +-
 windows/keep-secure/audit-other-logonlogoff-events.md        | 2 +-
 windows/keep-secure/audit-other-object-access-events.md      | 2 +-
 windows/keep-secure/audit-other-policy-change-events.md      | 2 +-
 windows/keep-secure/audit-other-privilege-use-events.md      | 2 +-
 windows/keep-secure/audit-other-system-events.md             | 2 +-
 windows/keep-secure/audit-pnp-activity.md                    | 2 +-
 windows/keep-secure/audit-policy.md                          | 2 +-
 windows/keep-secure/audit-process-creation.md                | 2 +-
 windows/keep-secure/audit-process-termination.md             | 2 +-
 windows/keep-secure/audit-registry.md                        | 2 +-
 windows/keep-secure/audit-removable-storage.md               | 2 +-
 windows/keep-secure/audit-rpc-events.md                      | 2 +-
 windows/keep-secure/audit-sam.md                             | 2 +-
 windows/keep-secure/audit-security-group-management.md       | 2 +-
 windows/keep-secure/audit-security-state-change.md           | 2 +-
 windows/keep-secure/audit-security-system-extension.md       | 2 +-
 windows/keep-secure/audit-sensitive-privilege-use.md         | 2 +-
 ...wn-system-immediately-if-unable-to-log-security-audits.md | 2 +-
 windows/keep-secure/audit-special-logon.md                   | 2 +-
 windows/keep-secure/audit-system-integrity.md                | 2 +-
 windows/keep-secure/audit-user-account-management.md         | 2 +-
 windows/keep-secure/audit-user-device-claims.md              | 2 +-
 windows/keep-secure/back-up-files-and-directories.md         | 2 +-
 .../keep-secure/backup-tpm-recovery-information-to-ad-ds.md  | 2 +-
 windows/keep-secure/basic-audit-account-logon-events.md      | 2 +-
 windows/keep-secure/basic-audit-account-management.md        | 2 +-
 windows/keep-secure/basic-audit-directory-service-access.md  | 2 +-
 windows/keep-secure/basic-audit-logon-events.md              | 2 +-
 windows/keep-secure/basic-audit-object-access.md             | 2 +-
 windows/keep-secure/basic-audit-policy-change.md             | 2 +-
 windows/keep-secure/basic-audit-privilege-use.md             | 2 +-
 windows/keep-secure/basic-audit-process-tracking.md          | 2 +-
 windows/keep-secure/basic-audit-system-events.md             | 2 +-
 windows/keep-secure/basic-security-audit-policies.md         | 2 +-
 windows/keep-secure/basic-security-audit-policy-settings.md  | 2 +-
 windows/keep-secure/bcd-settings-and-bitlocker.md            | 2 +-
 windows/keep-secure/bitlocker-basic-deployment.md            | 2 +-
 windows/keep-secure/bitlocker-countermeasures.md             | 2 +-
 windows/keep-secure/bitlocker-frequently-asked-questions.md  | 2 +-
 windows/keep-secure/bitlocker-group-policy-settings.md       | 2 +-
 .../keep-secure/bitlocker-how-to-deploy-on-windows-server.md | 2 +-
 .../keep-secure/bitlocker-how-to-enable-network-unlock.md    | 2 +-
 windows/keep-secure/bitlocker-overview.md                    | 2 +-
 windows/keep-secure/bitlocker-recovery-guide-plan.md         | 2 +-
 ...e-bitlocker-drive-encryption-tools-to-manage-bitlocker.md | 2 +-
 .../bitlocker-use-bitlocker-recovery-password-viewer.md      | 2 +-
 windows/keep-secure/block-untrusted-fonts-in-enterprise.md   | 5 +++--
 windows/keep-secure/bypass-traverse-checking.md              | 2 +-
 .../keep-secure/change-history-for-keep-windows-10-secure.md | 3 ++-
 windows/keep-secure/change-the-system-time.md                | 2 +-
 windows/keep-secure/change-the-time-zone.md                  | 2 +-
 windows/keep-secure/change-the-tpm-owner-password.md         | 2 +-
 .../keep-secure/choose-the-right-bitlocker-countermeasure.md | 2 +-
 .../configure-an-applocker-policy-for-audit-only.md          | 2 +-
 .../configure-an-applocker-policy-for-enforce-rules.md       | 2 +-
 ...-endpoints-windows-defender-advanced-threat-protection.md | 3 ++-
 .../configure-exceptions-for-an-applocker-rule.md            | 2 +-
 ...y-internet-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/configure-s-mime.md                      | 2 +-
 .../keep-secure/configure-the-appLocker-reference-device.md  | 2 +-
 .../configure-the-application-identity-service.md            | 2 +-
 .../keep-secure/configure-windows-defender-in-windows-10.md  | 2 +-
 ...te-a-basic-audit-policy-settings-for-an-event-category.md | 2 +-
 windows/keep-secure/create-a-pagefile.md                     | 2 +-
 windows/keep-secure/create-a-rule-for-packaged-apps.md       | 2 +-
 .../create-a-rule-that-uses-a-file-hash-condition.md         | 2 +-
 .../keep-secure/create-a-rule-that-uses-a-path-condition.md  | 2 +-
 .../create-a-rule-that-uses-a-publisher-condition.md         | 2 +-
 windows/keep-secure/create-a-token-object.md                 | 2 +-
 windows/keep-secure/create-applocker-default-rules.md        | 2 +-
 windows/keep-secure/create-edp-policy-using-intune.md        | 3 ++-
 windows/keep-secure/create-edp-policy-using-sccm.md          | 5 +++--
 windows/keep-secure/create-global-objects.md                 | 2 +-
 ...e-list-of-applications-deployed-to-each-business-group.md | 2 +-
 windows/keep-secure/create-permanent-shared-objects.md       | 2 +-
 windows/keep-secure/create-symbolic-links.md                 | 2 +-
 .../keep-secure/create-vpn-and-edp-policy-using-intune.md    | 5 +++--
 .../keep-secure/create-your-applocker-planning-document.md   | 2 +-
 windows/keep-secure/create-your-applocker-policies.md        | 2 +-
 windows/keep-secure/create-your-applocker-rules.md           | 2 +-
 .../creating-a-device-guard-policy-for-signed-apps.md        | 2 +-
 windows/keep-secure/credential-guard.md                      | 2 +-
 .../dashboard-windows-defender-advanced-threat-protection.md | 4 +++-
 ...ge-privacy-windows-defender-advanced-threat-protection.md | 3 ++-
 ...in-security-descriptor-definition-language-sddl-syntax.md | 2 +-
 ...in-security-descriptor-definition-language-sddl-syntax.md | 2 +-
 windows/keep-secure/debug-programs.md                        | 2 +-
 windows/keep-secure/delete-an-applocker-rule.md              | 2 +-
 .../deny-access-to-this-computer-from-the-network.md         | 2 +-
 windows/keep-secure/deny-log-on-as-a-batch-job.md            | 2 +-
 windows/keep-secure/deny-log-on-as-a-service.md              | 2 +-
 windows/keep-secure/deny-log-on-locally.md                   | 2 +-
 .../deny-log-on-through-remote-desktop-services.md           | 2 +-
 ...-applocker-policies-by-using-the-enforce-rules-setting.md | 2 +-
 windows/keep-secure/deploy-edp-policy-using-intune.md        | 5 +++--
 .../deploy-the-applocker-policy-into-production.md           | 2 +-
 .../determine-group-policy-structure-and-rule-enforcement.md | 2 +-
 ...lications-are-digitally-signed-on-a-reference-computer.md | 2 +-
 .../determine-your-application-control-objectives.md         | 2 +-
 .../keep-secure/device-guard-certification-and-compliance.md | 2 +-
 windows/keep-secure/device-guard-deployment-guide.md         | 4 ++--
 .../devices-allow-undock-without-having-to-log-on.md         | 2 +-
 .../devices-allowed-to-format-and-eject-removable-media.md   | 2 +-
 .../devices-prevent-users-from-installing-printer-drivers.md | 2 +-
 ...-restrict-cd-rom-access-to-locally-logged-on-user-only.md | 2 +-
 ...-restrict-floppy-access-to-locally-logged-on-user-only.md | 2 +-
 ...rl-message-when-users-try-to-run-a-blocked-application.md | 2 +-
 windows/keep-secure/dll-rules-in-applocker.md                | 2 +-
 ...-group-policy-structure-and-applocker-rule-enforcement.md | 2 +-
 ...document-your-application-control-management-processes.md | 2 +-
 windows/keep-secure/document-your-application-list.md        | 2 +-
 windows/keep-secure/document-your-applocker-rules.md         | 2 +-
 ...in-controller-allow-server-operators-to-schedule-tasks.md | 2 +-
 .../domain-controller-ldap-server-signing-requirements.md    | 2 +-
 ...ain-controller-refuse-machine-account-password-changes.md | 2 +-
 ...r-digitally-encrypt-or-sign-secure-channel-data-always.md | 2 +-
 ...er-digitally-encrypt-secure-channel-data-when-possible.md | 2 +-
 ...ember-digitally-sign-secure-channel-data-when-possible.md | 2 +-
 ...domain-member-disable-machine-account-password-changes.md | 2 +-
 .../domain-member-maximum-machine-account-password-age.md    | 2 +-
 ...ember-require-strong-windows-2000-or-later-session-key.md | 2 +-
 windows/keep-secure/edit-an-applocker-policy.md              | 2 +-
 windows/keep-secure/edit-applocker-rules.md                  | 2 +-
 ...omputer-and-user-accounts-to-be-trusted-for-delegation.md | 2 +-
 windows/keep-secure/enable-the-dll-rule-collection.md        | 2 +-
 windows/keep-secure/encrypted-hard-drive.md                  | 2 +-
 windows/keep-secure/enforce-applocker-rules.md               | 2 +-
 windows/keep-secure/enforce-password-history.md              | 2 +-
 windows/keep-secure/enforce-user-logon-restrictions.md       | 2 +-
 windows/keep-secure/enlightened-microsoft-apps-and-edp.md    | 5 +++--
 ...rror-codes-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/executable-rules-in-applocker.md         | 2 +-
 windows/keep-secure/export-an-applocker-policy-from-a-gpo.md | 2 +-
 .../keep-secure/export-an-applocker-policy-to-an-xml-file.md | 2 +-
 .../keep-secure/file-system-global-object-access-auditing.md | 2 +-
 windows/keep-secure/force-shutdown-from-a-remote-system.md   | 2 +-
 windows/keep-secure/generate-security-audits.md              | 2 +-
 .../get-started-with-windows-defender-for-windows-10.md      | 2 +-
 .../getting-apps-to-run-on-device-guard-protected-devices.md | 2 +-
 windows/keep-secure/guidance-and-best-practices-edp.md       | 5 +++--
 windows/keep-secure/how-applocker-works-techref.md           | 2 +-
 .../keep-secure/how-to-configure-security-policy-settings.md | 2 +-
 windows/keep-secure/how-user-account-control-works.md        | 2 +-
 .../keep-secure/impersonate-a-client-after-authentication.md | 2 +-
 .../implement-microsoft-passport-in-your-organization.md     | 2 +-
 .../import-an-applocker-policy-from-another-computer.md      | 2 +-
 windows/keep-secure/import-an-applocker-policy-into-a-gpo.md | 2 +-
 windows/keep-secure/increase-a-process-working-set.md        | 2 +-
 windows/keep-secure/increase-scheduling-priority.md          | 2 +-
 windows/keep-secure/index.md                                 | 2 +-
 .../initialize-and-configure-ownership-of-the-tpm.md         | 2 +-
 .../installing-digital-certificates-on-windows-10-mobile.md  | 2 +-
 ...on-display-user-information-when-the-session-is-locked.md | 2 +-
 .../interactive-logon-do-not-display-last-user-name.md       | 2 +-
 .../interactive-logon-do-not-require-ctrl-alt-del.md         | 2 +-
 .../interactive-logon-machine-account-lockout-threshold.md   | 2 +-
 .../interactive-logon-machine-inactivity-limit.md            | 2 +-
 ...tive-logon-message-text-for-users-attempting-to-log-on.md | 2 +-
 ...ive-logon-message-title-for-users-attempting-to-log-on.md | 2 +-
 ...ns-to-cache-in-case-domain-controller-is-not-available.md | 2 +-
 ...logon-prompt-user-to-change-password-before-expiration.md | 2 +-
 ...domain-controller-authentication-to-unlock-workstation.md | 2 +-
 windows/keep-secure/interactive-logon-require-smart-card.md  | 2 +-
 .../interactive-logon-smart-card-removal-behavior.md         | 2 +-
 ...ate-alerts-windows-defender-advanced-threat-protection.md | 3 ++-
 ...ate-domain-windows-defender-advanced-threat-protection.md | 3 ++-
 ...gate-files-windows-defender-advanced-threat-protection.md | 3 ++-
 ...stigate-ip-windows-defender-advanced-threat-protection.md | 3 ++-
 ...e-machines-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/kerberos-policy.md                       | 2 +-
 248 files changed, 278 insertions(+), 256 deletions(-)

diff --git a/windows/keep-secure/access-credential-manager-as-a-trusted-caller.md b/windows/keep-secure/access-credential-manager-as-a-trusted-caller.md
index f6f7140989..ff24a84d8c 100644
--- a/windows/keep-secure/access-credential-manager-as-a-trusted-caller.md
+++ b/windows/keep-secure/access-credential-manager-as-a-trusted-caller.md
@@ -2,7 +2,7 @@
 title: Access Credential Manager as a trusted caller (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Access Credential Manager as a trusted caller security policy setting.
 ms.assetid: a51820d2-ca5b-47dd-8e9b-d7008603db88
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/access-this-computer-from-the-network.md b/windows/keep-secure/access-this-computer-from-the-network.md
index 00a88b6ba8..1cb598fcfd 100644
--- a/windows/keep-secure/access-this-computer-from-the-network.md
+++ b/windows/keep-secure/access-this-computer-from-the-network.md
@@ -2,7 +2,7 @@
 title: Access this computer from the network (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Access this computer from the network security policy setting.
 ms.assetid: f6767bc2-83d1-45f1-847c-54f5362db022
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/account-lockout-duration.md b/windows/keep-secure/account-lockout-duration.md
index 9b8fd5a9f4..1d438057a4 100644
--- a/windows/keep-secure/account-lockout-duration.md
+++ b/windows/keep-secure/account-lockout-duration.md
@@ -2,7 +2,7 @@
 title: Account lockout duration (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Account lockout duration security policy setting.
 ms.assetid: a4167bf4-27c3-4a9b-8ef0-04e3c6ec3aa4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/account-lockout-policy.md b/windows/keep-secure/account-lockout-policy.md
index edf3c1a723..6a13c989d3 100644
--- a/windows/keep-secure/account-lockout-policy.md
+++ b/windows/keep-secure/account-lockout-policy.md
@@ -2,7 +2,7 @@
 title: Account Lockout Policy (Windows 10)
 description: Describes the Account Lockout Policy settings and links to information about each policy setting.
 ms.assetid: eb968c28-17c5-405f-b413-50728cb7b724
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/account-lockout-threshold.md b/windows/keep-secure/account-lockout-threshold.md
index 56fedf53b7..828a524fe0 100644
--- a/windows/keep-secure/account-lockout-threshold.md
+++ b/windows/keep-secure/account-lockout-threshold.md
@@ -2,7 +2,7 @@
 title: Account lockout threshold (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Account lockout threshold security policy setting.
 ms.assetid: 4904bb40-a2bd-4fef-a102-260ba8d74e30
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/account-policies.md b/windows/keep-secure/account-policies.md
index 487d575c7f..ca8fb5a3b4 100644
--- a/windows/keep-secure/account-policies.md
+++ b/windows/keep-secure/account-policies.md
@@ -2,7 +2,7 @@
 title: Account Policies (Windows 10)
 description: An overview of account policies in Windows and provides links to policy descriptions.
 ms.assetid: 711b3797-b87a-4cd9-a2e3-1f8ef18688fb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-administrator-account-status.md b/windows/keep-secure/accounts-administrator-account-status.md
index 6c992c3bcb..5a3cde966e 100644
--- a/windows/keep-secure/accounts-administrator-account-status.md
+++ b/windows/keep-secure/accounts-administrator-account-status.md
@@ -2,7 +2,7 @@
 title: Accounts Administrator account status (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Accounts Administrator account status security policy setting.
 ms.assetid: 71a3bd48-1014-49e0-a936-bfe9433af23e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-block-microsoft-accounts.md b/windows/keep-secure/accounts-block-microsoft-accounts.md
index a482a7a88c..cc479c5bc2 100644
--- a/windows/keep-secure/accounts-block-microsoft-accounts.md
+++ b/windows/keep-secure/accounts-block-microsoft-accounts.md
@@ -2,7 +2,7 @@
 title: Accounts Block Microsoft accounts (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Accounts Block Microsoft accounts security policy setting.
 ms.assetid: 94c76f45-057c-4d80-8d01-033cf28ef2f7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-guest-account-status.md b/windows/keep-secure/accounts-guest-account-status.md
index 2e66ee3ae1..f9054008ac 100644
--- a/windows/keep-secure/accounts-guest-account-status.md
+++ b/windows/keep-secure/accounts-guest-account-status.md
@@ -2,7 +2,7 @@
 title: Accounts Guest account status (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Accounts Guest account status security policy setting.
 ms.assetid: 07e53fc5-b495-4d02-ab42-5b245d10d0ce
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/keep-secure/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
index 9d8ddd27c9..eb700fe6ec 100644
--- a/windows/keep-secure/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
+++ b/windows/keep-secure/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
@@ -2,7 +2,7 @@
 title: Accounts Limit local account use of blank passwords to console logon only (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Accounts Limit local account use of blank passwords to console logon only security policy setting.
 ms.assetid: a1bfb58b-1ae8-4de9-832b-aa889a6e64bd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-rename-administrator-account.md b/windows/keep-secure/accounts-rename-administrator-account.md
index 8873990424..5c79c1d38b 100644
--- a/windows/keep-secure/accounts-rename-administrator-account.md
+++ b/windows/keep-secure/accounts-rename-administrator-account.md
@@ -2,7 +2,7 @@
 title: Accounts Rename administrator account (Windows 10)
 description: This security policy reference topic for the IT professional describes the best practices, location, values, and security considerations for this policy setting.
 ms.assetid: d21308eb-7c60-4e48-8747-62b8109844f9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/accounts-rename-guest-account.md b/windows/keep-secure/accounts-rename-guest-account.md
index f82b907968..aa06c480c3 100644
--- a/windows/keep-secure/accounts-rename-guest-account.md
+++ b/windows/keep-secure/accounts-rename-guest-account.md
@@ -2,7 +2,7 @@
 title: Accounts Rename guest account (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Accounts Rename guest account security policy setting.
 ms.assetid: 9b8052b4-bbb9-4cc1-bfee-ce25390db707
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/act-as-part-of-the-operating-system.md b/windows/keep-secure/act-as-part-of-the-operating-system.md
index 5d4a39d466..a35393e223 100644
--- a/windows/keep-secure/act-as-part-of-the-operating-system.md
+++ b/windows/keep-secure/act-as-part-of-the-operating-system.md
@@ -2,7 +2,7 @@
 title: Act as part of the operating system (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Act as part of the operating system security policy setting.
 ms.assetid: c1b7e084-a9f7-4377-b678-07cc913c8b0c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
index 214bc1763d..8e62ff36b5 100644
--- a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
+++ b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
@@ -2,7 +2,7 @@
 title: AD DS schema extensions to support TPM backup (Windows 10)
 description: This topic provides more details about this change and provides template schema extensions that you can incorporate into your organization.
 ms.assetid: beb7097c-e674-4eab-b8e2-6f67c85d1f3f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
index 3f9700cfb4..eb028e5f03 100644
--- a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
+++ b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
@@ -2,9 +2,10 @@
 title: Add multiple apps to your enterprise data protection (EDP) Protected Apps list (Windows 10)
 description: Add multiple apps to your enterprise data protection (EDP) Protected Apps list at the same time, by using the Microsoft Intune Custom URI functionality and the AppLocker.
 ms.assetid: b50db35d-a2a9-4b78-a95d-a1b066e66880
-keywords: ["EDP", "Enterprise Data Protection", "protected apps", "protected app list"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection, protected apps, protected app list
+ms.prod: w10
 ms.mktglfcycl: explore
+ms.pagetype: security
 ms.sitesec: library
 author: eross-msft
 ---
diff --git a/windows/keep-secure/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/keep-secure/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index c05eb4ebd2..d99dda899b 100644
--- a/windows/keep-secure/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/keep-secure/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -2,7 +2,7 @@
 title: Add rules for packaged apps to existing AppLocker rule-set (Windows 10)
 description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
 ms.assetid: 758c2a9f-c2a3-418c-83bc-fd335a94097f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/add-workstations-to-domain.md b/windows/keep-secure/add-workstations-to-domain.md
index 7cdeb90a8b..fac531b419 100644
--- a/windows/keep-secure/add-workstations-to-domain.md
+++ b/windows/keep-secure/add-workstations-to-domain.md
@@ -2,7 +2,7 @@
 title: Add workstations to domain (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Add workstations to domain security policy setting.
 ms.assetid: b0c21af4-c928-4344-b1f1-58ef162ad0b3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/additional-configuration-windows-defender-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-defender-advanced-threat-protection.md
index 604d4ba268..93d466aa32 100644
--- a/windows/keep-secure/additional-configuration-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/additional-configuration-windows-defender-advanced-threat-protection.md
@@ -3,8 +3,9 @@ title: Additional Windows Defender ATP configuration settings
 description: Use the Group Policy Console to configure settings that enable sample sharing from your endpoints. These settings are used in the deep analysis feature.
 keywords: configuration settings, Windows Defender ATP configuration settings, Windows Defender Advanced Threat Protection configuration settings, group policy Management Editor, computer configuration, policies, administrative templates,
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: security
 ms.sitesec: library
 author: mjcaparas
 ---
diff --git a/windows/keep-secure/adjust-memory-quotas-for-a-process.md b/windows/keep-secure/adjust-memory-quotas-for-a-process.md
index 4568ef9fe0..44fe866134 100644
--- a/windows/keep-secure/adjust-memory-quotas-for-a-process.md
+++ b/windows/keep-secure/adjust-memory-quotas-for-a-process.md
@@ -2,7 +2,7 @@
 title: Adjust memory quotas for a process (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Adjust memory quotas for a process security policy setting.
 ms.assetid: 6754a2c8-6d07-4567-9af3-335fd8dd7626
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/administer-applocker.md b/windows/keep-secure/administer-applocker.md
index 232b69b1ef..0940acac92 100644
--- a/windows/keep-secure/administer-applocker.md
+++ b/windows/keep-secure/administer-applocker.md
@@ -2,7 +2,7 @@
 title: Administer AppLocker (Windows 10)
 description: This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
 ms.assetid: 511a3b6a-175f-4d6d-a6e0-c1780c02e818
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/administer-security-policy-settings.md b/windows/keep-secure/administer-security-policy-settings.md
index 59bc1ce37f..de0baa4b22 100644
--- a/windows/keep-secure/administer-security-policy-settings.md
+++ b/windows/keep-secure/administer-security-policy-settings.md
@@ -2,7 +2,7 @@
 title: Administer security policy settings (Windows 10)
 description: This article discusses different methods to administer security policy settings on a local device or throughout a small- or medium-sized organization.
 ms.assetid: 7617d885-9d28-437a-9371-171197407599
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/advanced-security-audit-policy-settings.md b/windows/keep-secure/advanced-security-audit-policy-settings.md
index 5b5faf0b14..14ecaca52f 100644
--- a/windows/keep-secure/advanced-security-audit-policy-settings.md
+++ b/windows/keep-secure/advanced-security-audit-policy-settings.md
@@ -2,7 +2,7 @@
 title: Advanced security audit policy settings (Windows 10)
 description: This reference for IT professionals provides information about the advanced audit policy settings that are available in Windows and the audit events that they generate.
 ms.assetid: 93b28b92-796f-4036-a53b-8b9e80f9f171
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/advanced-security-auditing-faq.md b/windows/keep-secure/advanced-security-auditing-faq.md
index eef52f8d63..3bfa640035 100644
--- a/windows/keep-secure/advanced-security-auditing-faq.md
+++ b/windows/keep-secure/advanced-security-auditing-faq.md
@@ -2,7 +2,7 @@
 title: Advanced security auditing FAQ (Windows 10)
 description: This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies.
 ms.assetid: 80f8f187-0916-43c2-a7e8-ea712b115a06
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/advanced-security-auditing.md b/windows/keep-secure/advanced-security-auditing.md
index 5ed85a625d..bdec74db1c 100644
--- a/windows/keep-secure/advanced-security-auditing.md
+++ b/windows/keep-secure/advanced-security-auditing.md
@@ -2,7 +2,7 @@
 title: Advanced security audit policies (Windows 10)
 description: Advanced security audit policy settings are found in Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies and appear to overlap with basic security audit policies, but they are recorded and applied differently.
 ms.assetid: 6FE8AC10-F48E-4BBF-979B-43A5DFDC5DFC
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
index ee4ce0a4a9..46dddb36a1 100644
--- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: View and organize the Windows Defender ATP Alerts queue
 description: Learn about how the Windows Defender ATP alerts queue work, and how to sort and filter lists of alerts.
 keywords: alerts, queues, alerts queue, sort, order, filter, manage alerts, new, in progress, resolved, newest, time in queue, severity, time period
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/allow-log-on-locally.md b/windows/keep-secure/allow-log-on-locally.md
index fdfa7ab402..3cbeacb088 100644
--- a/windows/keep-secure/allow-log-on-locally.md
+++ b/windows/keep-secure/allow-log-on-locally.md
@@ -2,7 +2,7 @@
 title: Allow log on locally (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Allow log on locally security policy setting.
 ms.assetid: d9e5e1f3-3bff-4da7-a9a2-4bb3e0c79055
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/allow-log-on-through-remote-desktop-services.md b/windows/keep-secure/allow-log-on-through-remote-desktop-services.md
index cc51c9cbea..d409837c30 100644
--- a/windows/keep-secure/allow-log-on-through-remote-desktop-services.md
+++ b/windows/keep-secure/allow-log-on-through-remote-desktop-services.md
@@ -2,7 +2,7 @@
 title: Allow log on through Remote Desktop Services (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Allow log on through Remote Desktop Services security policy setting.
 ms.assetid: 6267c376-8199-4f2b-ae56-9c5424e76798
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-architecture-and-components.md b/windows/keep-secure/applocker-architecture-and-components.md
index 39e8bbf34c..98760516ec 100644
--- a/windows/keep-secure/applocker-architecture-and-components.md
+++ b/windows/keep-secure/applocker-architecture-and-components.md
@@ -2,7 +2,7 @@
 title: AppLocker architecture and components (Windows 10)
 description: This topic for IT professional describes AppLocker’s basic architecture and its major components.
 ms.assetid: efdd8494-553c-443f-bd5f-c8976535135a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-functions.md b/windows/keep-secure/applocker-functions.md
index d3ab5362dd..eaad056c7a 100644
--- a/windows/keep-secure/applocker-functions.md
+++ b/windows/keep-secure/applocker-functions.md
@@ -2,7 +2,7 @@
 title: AppLocker functions (Windows 10)
 description: This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
 ms.assetid: bf704198-9e74-4731-8c5a-ee0512df34d2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-overview.md b/windows/keep-secure/applocker-overview.md
index 6918af6f1e..954c093d80 100644
--- a/windows/keep-secure/applocker-overview.md
+++ b/windows/keep-secure/applocker-overview.md
@@ -2,7 +2,7 @@
 title: AppLocker (Windows 10)
 description: This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies.
 ms.assetid: 94b57864-2112-43b6-96fb-2863c985dc9a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-policies-deployment-guide.md b/windows/keep-secure/applocker-policies-deployment-guide.md
index f0bce74c2a..2adc3ff79b 100644
--- a/windows/keep-secure/applocker-policies-deployment-guide.md
+++ b/windows/keep-secure/applocker-policies-deployment-guide.md
@@ -2,7 +2,7 @@
 title: AppLocker deployment guide (Windows 10)
 description: This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
 ms.assetid: 38632795-be13-46b0-a7af-487a4340bea1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-policies-design-guide.md b/windows/keep-secure/applocker-policies-design-guide.md
index 7954db3edb..2e331c4fb8 100644
--- a/windows/keep-secure/applocker-policies-design-guide.md
+++ b/windows/keep-secure/applocker-policies-design-guide.md
@@ -2,7 +2,7 @@
 title: AppLocker design guide (Windows 10)
 description: This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
 ms.assetid: 1c8e4a7b-3164-4eb4-9277-11b1d5a09c7b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-policy-use-scenarios.md b/windows/keep-secure/applocker-policy-use-scenarios.md
index ce30809f52..64a8fd4db0 100644
--- a/windows/keep-secure/applocker-policy-use-scenarios.md
+++ b/windows/keep-secure/applocker-policy-use-scenarios.md
@@ -2,7 +2,7 @@
 title: AppLocker policy use scenarios (Windows 10)
 description: This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
 ms.assetid: 33f71578-89f0-4063-ac04-cf4f4ca5c31f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-processes-and-interactions.md b/windows/keep-secure/applocker-processes-and-interactions.md
index 0243055da8..5f07c7d07f 100644
--- a/windows/keep-secure/applocker-processes-and-interactions.md
+++ b/windows/keep-secure/applocker-processes-and-interactions.md
@@ -2,7 +2,7 @@
 title: AppLocker processes and interactions (Windows 10)
 description: This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
 ms.assetid: 0beec616-6040-4be7-8703-b6c919755d8e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-settings.md b/windows/keep-secure/applocker-settings.md
index 77509f8e43..7af2350b9d 100644
--- a/windows/keep-secure/applocker-settings.md
+++ b/windows/keep-secure/applocker-settings.md
@@ -2,7 +2,7 @@
 title: AppLocker settings (Windows 10)
 description: This topic for the IT professional lists the settings used by AppLocker.
 ms.assetid: 9cb4aa19-77c0-4415-9968-bd07dab86839
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/applocker-technical-reference.md b/windows/keep-secure/applocker-technical-reference.md
index 164a159782..1c797a1679 100644
--- a/windows/keep-secure/applocker-technical-reference.md
+++ b/windows/keep-secure/applocker-technical-reference.md
@@ -2,7 +2,7 @@
 title: AppLocker technical reference (Windows 10)
 description: This overview topic for IT professionals provides links to the topics in the technical reference.
 ms.assetid: 2b2678f8-c46b-4e1d-b8c5-037c0be255ab
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/keep-secure/apply-a-basic-audit-policy-on-a-file-or-folder.md
index 5828778660..fd5dcf7155 100644
--- a/windows/keep-secure/apply-a-basic-audit-policy-on-a-file-or-folder.md
+++ b/windows/keep-secure/apply-a-basic-audit-policy-on-a-file-or-folder.md
@@ -2,7 +2,7 @@
 title: Apply a basic audit policy on a file or folder (Windows 10)
 description: You can apply audit policies to individual files and folders on your computer by setting the permission type to record successful access attempts or failed access attempts in the security log.
 ms.assetid: 565E7249-5CD0-4B2E-B2C0-B3A0793A51E2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-account-lockout.md b/windows/keep-secure/audit-account-lockout.md
index 6c7ebbb0e2..be3326efee 100644
--- a/windows/keep-secure/audit-account-lockout.md
+++ b/windows/keep-secure/audit-account-lockout.md
@@ -2,7 +2,7 @@
 title: Audit Account Lockout (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Account Lockout, which enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out.
 ms.assetid: da68624b-a174-482c-9bc5-ddddab38e589
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-application-generated.md b/windows/keep-secure/audit-application-generated.md
index f7c31ca13a..3aa2716aa8 100644
--- a/windows/keep-secure/audit-application-generated.md
+++ b/windows/keep-secure/audit-application-generated.md
@@ -2,7 +2,7 @@
 title: Audit Application Generated (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).
 ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-application-group-management.md b/windows/keep-secure/audit-application-group-management.md
index 3055b72f6d..76cdabda54 100644
--- a/windows/keep-secure/audit-application-group-management.md
+++ b/windows/keep-secure/audit-application-group-management.md
@@ -2,7 +2,7 @@
 title: Audit Application Group Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Application Group Management, which determines whether the operating system generates audit events when application group management tasks are performed.
 ms.assetid: 1bcaa41e-5027-4a86-96b7-f04eaf1c0606
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-audit-policy-change.md b/windows/keep-secure/audit-audit-policy-change.md
index 65b7d6261e..de2aca1b0a 100644
--- a/windows/keep-secure/audit-audit-policy-change.md
+++ b/windows/keep-secure/audit-audit-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit Audit Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy.
 ms.assetid: 7153bf75-6978-4d7e-a821-59a699efb8a9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-audit-the-access-of-global-system-objects.md b/windows/keep-secure/audit-audit-the-access-of-global-system-objects.md
index 767ec7c30a..9fcecc87b1 100644
--- a/windows/keep-secure/audit-audit-the-access-of-global-system-objects.md
+++ b/windows/keep-secure/audit-audit-the-access-of-global-system-objects.md
@@ -2,7 +2,7 @@
 title: Audit Audit the access of global system objects (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Audit Audit the access of global system objects security policy setting.
 ms.assetid: 20d40a79-ce89-45e6-9bb4-148f83958460
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
index 49b518da5a..3bd9ddd1b8 100644
--- a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
+++ b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
@@ -2,7 +2,7 @@
 title: Audit Audit the use of Backup and Restore privilege (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Audit Audit the use of Backup and Restore privilege security policy setting.
 ms.assetid: f656a2bb-e8d6-447b-8902-53df3a7756c5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-authentication-policy-change.md b/windows/keep-secure/audit-authentication-policy-change.md
index e26a96a284..712e480800 100644
--- a/windows/keep-secure/audit-authentication-policy-change.md
+++ b/windows/keep-secure/audit-authentication-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit Authentication Policy Change (Windows 10)
 description: This topic for the IT professional describes this Advanced Security Audit policy setting, Audit Authentication Policy Change, which determines whether the operating system generates audit events when changes are made to authentication policy.
 ms.assetid: aa9cea7a-aadf-47b7-b704-ac253b8e79be
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-authorization-policy-change.md b/windows/keep-secure/audit-authorization-policy-change.md
index 3bff0a5dd9..7e426a2044 100644
--- a/windows/keep-secure/audit-authorization-policy-change.md
+++ b/windows/keep-secure/audit-authorization-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit Authorization Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Authorization Policy Change, which determines whether the operating system generates audit events when specific changes are made to the authorization policy.
 ms.assetid: ca0587a2-a2b3-4300-aa5d-48b4553c3b36
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-central-access-policy-staging.md b/windows/keep-secure/audit-central-access-policy-staging.md
index e53abd2a09..28539eb491 100644
--- a/windows/keep-secure/audit-central-access-policy-staging.md
+++ b/windows/keep-secure/audit-central-access-policy-staging.md
@@ -2,7 +2,7 @@
 title: Audit Central Access Policy Staging (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Central Access Policy Staging, which determines permissions on a Central Access Policy.
 ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-certification-services.md b/windows/keep-secure/audit-certification-services.md
index f23bdde027..f5aa0959d7 100644
--- a/windows/keep-secure/audit-certification-services.md
+++ b/windows/keep-secure/audit-certification-services.md
@@ -2,7 +2,7 @@
 title: Audit Certification Services (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Certification Services, which determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed.
 ms.assetid: cdefc34e-fb1f-4eff-b766-17713c5a1b03
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-computer-account-management.md b/windows/keep-secure/audit-computer-account-management.md
index 5211936625..f336c85c74 100644
--- a/windows/keep-secure/audit-computer-account-management.md
+++ b/windows/keep-secure/audit-computer-account-management.md
@@ -2,7 +2,7 @@
 title: Audit Computer Account Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Computer Account Management, which determines whether the operating system generates audit events when a computer account is created, changed, or deleted.
 ms.assetid: 6c406693-57bf-4411-bb6c-ff83ce548991
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-credential-validation.md b/windows/keep-secure/audit-credential-validation.md
index 7f4232806f..fdacd0aa43 100644
--- a/windows/keep-secure/audit-credential-validation.md
+++ b/windows/keep-secure/audit-credential-validation.md
@@ -2,7 +2,7 @@
 title: Audit Credential Validation (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Credential Validation, which determines whether the operating system generates audit events on credentials that are submitted for a user account logon request.
 ms.assetid: 6654b33a-922e-4a43-8223-ec5086dfc926
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-detailed-directory-service-replication.md b/windows/keep-secure/audit-detailed-directory-service-replication.md
index ae2e46a570..295527e35e 100644
--- a/windows/keep-secure/audit-detailed-directory-service-replication.md
+++ b/windows/keep-secure/audit-detailed-directory-service-replication.md
@@ -3,7 +3,7 @@ title: Audit Detailed Directory Service Replication (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Detailed Directory Service Replication, which determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.
 ms.assetid: 1b89c8f5-bce7-4b20-8701-42585c7ab993
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/audit-detailed-file-share.md b/windows/keep-secure/audit-detailed-file-share.md
index f60e4dd5f2..4d0294c79c 100644
--- a/windows/keep-secure/audit-detailed-file-share.md
+++ b/windows/keep-secure/audit-detailed-file-share.md
@@ -2,7 +2,7 @@
 title: Audit Detailed File Share (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Detailed File Share, which allows you to audit attempts to access files and folders on a shared folder.
 ms.assetid: 60310104-b820-4033-a1cb-022a34f064ae
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-directory-service-access.md b/windows/keep-secure/audit-directory-service-access.md
index 230dce9a69..2c88e66d93 100644
--- a/windows/keep-secure/audit-directory-service-access.md
+++ b/windows/keep-secure/audit-directory-service-access.md
@@ -2,7 +2,7 @@
 title: Audit Directory Service Access (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Access, which determines whether the operating system generates audit events when an Active Directory Domain Services (AD DS) object is accessed.
 ms.assetid: ba2562ba-4282-4588-b87c-a3fcb771c7d0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-directory-service-changes.md b/windows/keep-secure/audit-directory-service-changes.md
index 361827a614..18b22defe5 100644
--- a/windows/keep-secure/audit-directory-service-changes.md
+++ b/windows/keep-secure/audit-directory-service-changes.md
@@ -2,7 +2,7 @@
 title: Audit Directory Service Changes (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Changes, which determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (AD DS).
 ms.assetid: 9f7c0dd4-3977-47dd-a0fb-ec2f17cad05e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-directory-service-replication.md b/windows/keep-secure/audit-directory-service-replication.md
index 9f09abada9..8dde61d22d 100644
--- a/windows/keep-secure/audit-directory-service-replication.md
+++ b/windows/keep-secure/audit-directory-service-replication.md
@@ -2,7 +2,7 @@
 title: Audit Directory Service Replication (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Replication, which determines whether the operating system generates audit events when replication between two domain controllers begins and ends.
 ms.assetid: b95d296c-7993-4e8d-8064-a8bbe284bd56
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-distribution-group-management.md b/windows/keep-secure/audit-distribution-group-management.md
index 1e259424ed..80cfcea450 100644
--- a/windows/keep-secure/audit-distribution-group-management.md
+++ b/windows/keep-secure/audit-distribution-group-management.md
@@ -2,7 +2,7 @@
 title: Audit Distribution Group Management (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Distribution Group Management, which determines whether the operating system generates audit events for specific distribution-group management tasks.
 ms.assetid: d46693a4-5887-4a58-85db-2f6cba224a66
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-dpapi-activity.md b/windows/keep-secure/audit-dpapi-activity.md
index 1e7c77ac71..30db4c39a8 100644
--- a/windows/keep-secure/audit-dpapi-activity.md
+++ b/windows/keep-secure/audit-dpapi-activity.md
@@ -2,7 +2,7 @@
 title: Audit DPAPI Activity (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit DPAPI Activity, which determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface (DPAPI).
 ms.assetid: be4d4c83-c857-4e3d-a84e-8bcc3f2c99cd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-file-share.md b/windows/keep-secure/audit-file-share.md
index 8040bc118a..af74a0b2a8 100644
--- a/windows/keep-secure/audit-file-share.md
+++ b/windows/keep-secure/audit-file-share.md
@@ -2,7 +2,7 @@
 title: Audit File Share (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File Share, which determines whether the operating system generates audit events when a file share is accessed.
 ms.assetid: 9ea985f8-8936-4b79-abdb-35cbb7138f78
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-file-system.md b/windows/keep-secure/audit-file-system.md
index 53faccfac6..1ddb1c3d49 100644
--- a/windows/keep-secure/audit-file-system.md
+++ b/windows/keep-secure/audit-file-system.md
@@ -2,7 +2,7 @@
 title: Audit File System (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File System, which determines whether the operating system generates audit events when users attempt to access file system objects.
 ms.assetid: 6a71f283-b8e5-41ac-b348-0b7ec6ea0b1f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: security
 ms.sitesec: library
diff --git a/windows/keep-secure/audit-filtering-platform-connection.md b/windows/keep-secure/audit-filtering-platform-connection.md
index a23961c6d9..4b8c95c652 100644
--- a/windows/keep-secure/audit-filtering-platform-connection.md
+++ b/windows/keep-secure/audit-filtering-platform-connection.md
@@ -2,7 +2,7 @@
 title: Audit Filtering Platform Connection (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Connection, which determines whether the operating system generates audit events when connections are allowed or blocked by the Windows Filtering Platform.
 ms.assetid: d72936e9-ff01-4d18-b864-a4958815df59
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-filtering-platform-packet-drop.md b/windows/keep-secure/audit-filtering-platform-packet-drop.md
index fda5bc89e7..96935fa8b7 100644
--- a/windows/keep-secure/audit-filtering-platform-packet-drop.md
+++ b/windows/keep-secure/audit-filtering-platform-packet-drop.md
@@ -2,7 +2,7 @@
 title: Audit Filtering Platform Packet Drop (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Packet Drop, which determines whether the operating system generates audit events when packets are dropped by the Windows Filtering Platform.
 ms.assetid: 95457601-68d1-4385-af20-87916ddab906
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-filtering-platform-policy-change.md b/windows/keep-secure/audit-filtering-platform-policy-change.md
index 97f04007ea..10c8a9459b 100644
--- a/windows/keep-secure/audit-filtering-platform-policy-change.md
+++ b/windows/keep-secure/audit-filtering-platform-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit Filtering Platform Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions.
 ms.assetid: 0eaf1c56-672b-4ea9-825a-22dc03eb4041
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-force-audit-policy-subcategory-settings-to-override.md b/windows/keep-secure/audit-force-audit-policy-subcategory-settings-to-override.md
index 2ceff2fa34..50880766f6 100644
--- a/windows/keep-secure/audit-force-audit-policy-subcategory-settings-to-override.md
+++ b/windows/keep-secure/audit-force-audit-policy-subcategory-settings-to-override.md
@@ -2,7 +2,7 @@
 title: Audit Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Audit Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings security policy setting.
 ms.assetid: 8ddc06bc-b6d6-4bac-9051-e0d77035bd4e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-group-membership.md b/windows/keep-secure/audit-group-membership.md
index bfbd5e7887..d738bb1582 100644
--- a/windows/keep-secure/audit-group-membership.md
+++ b/windows/keep-secure/audit-group-membership.md
@@ -2,7 +2,7 @@
 title: Audit Group Membership (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Group Membership, which enables you to audit group memberships when they are enumerated on the client PC.
 ms.assetid: 1CD7B014-FBD9-44B9-9274-CC5715DE58B9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-handle-manipulation.md b/windows/keep-secure/audit-handle-manipulation.md
index da8a48ee26..6b9fb9ab21 100644
--- a/windows/keep-secure/audit-handle-manipulation.md
+++ b/windows/keep-secure/audit-handle-manipulation.md
@@ -2,7 +2,7 @@
 title: Audit Handle Manipulation (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Handle Manipulation, which determines whether the operating system generates audit events when a handle to an object is opened or closed.
 ms.assetid: 1fbb004a-ccdc-4c80-b3da-a4aa7a9f4091
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-ipsec-driver.md b/windows/keep-secure/audit-ipsec-driver.md
index 7394906faa..dbe0ede32c 100644
--- a/windows/keep-secure/audit-ipsec-driver.md
+++ b/windows/keep-secure/audit-ipsec-driver.md
@@ -2,7 +2,7 @@
 title: Audit IPsec Driver (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit IPsec Driver, which determines whether the operating system generates audit events for the activities of the IPsec driver.
 ms.assetid: c8b8c02f-5ad0-4ee5-9123-ea8cdae356a5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-ipsec-extended-mode.md b/windows/keep-secure/audit-ipsec-extended-mode.md
index 89f0857940..5030fc74a2 100644
--- a/windows/keep-secure/audit-ipsec-extended-mode.md
+++ b/windows/keep-secure/audit-ipsec-extended-mode.md
@@ -2,7 +2,7 @@
 title: Audit IPsec Extended Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Extended Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
 ms.assetid: 2b4fee9e-482a-4181-88a8-6a79d8fc8049
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-ipsec-main-mode.md b/windows/keep-secure/audit-ipsec-main-mode.md
index 203307a841..872af92c04 100644
--- a/windows/keep-secure/audit-ipsec-main-mode.md
+++ b/windows/keep-secure/audit-ipsec-main-mode.md
@@ -2,7 +2,7 @@
 title: Audit IPsec Main Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Main Mode, which determines whether the operating system generates events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
 ms.assetid: 06ed26ec-3620-4ef4-a47a-c70df9c8827b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-ipsec-quick-mode.md b/windows/keep-secure/audit-ipsec-quick-mode.md
index 79de06ad17..8a3446cb65 100644
--- a/windows/keep-secure/audit-ipsec-quick-mode.md
+++ b/windows/keep-secure/audit-ipsec-quick-mode.md
@@ -2,7 +2,7 @@
 title: Audit IPsec Quick Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Quick Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
 ms.assetid: 7be67a15-c2ce-496a-9719-e25ac7699114
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-kerberos-authentication-service.md b/windows/keep-secure/audit-kerberos-authentication-service.md
index 85498b7404..f8665de37e 100644
--- a/windows/keep-secure/audit-kerberos-authentication-service.md
+++ b/windows/keep-secure/audit-kerberos-authentication-service.md
@@ -2,7 +2,7 @@
 title: Audit Kerberos Authentication Service (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Authentication Service, which determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.
 ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-kerberos-service-ticket-operations.md b/windows/keep-secure/audit-kerberos-service-ticket-operations.md
index 5f00cf260a..4e3a1976d6 100644
--- a/windows/keep-secure/audit-kerberos-service-ticket-operations.md
+++ b/windows/keep-secure/audit-kerberos-service-ticket-operations.md
@@ -2,7 +2,7 @@
 title: Audit Kerberos Service Ticket Operations (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Service Ticket Operations, which determines whether the operating system generates security audit events for Kerberos service ticket requests.
 ms.assetid: ddc0abef-ac7f-4849-b90d-66700470ccd6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-kernel-object.md b/windows/keep-secure/audit-kernel-object.md
index 783f4c3e18..6600a97c21 100644
--- a/windows/keep-secure/audit-kernel-object.md
+++ b/windows/keep-secure/audit-kernel-object.md
@@ -2,7 +2,7 @@
 title: Audit Kernel Object (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kernel Object, which determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores.
 ms.assetid: 75619d8b-b1eb-445b-afc9-0f9053be97fb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-logoff.md b/windows/keep-secure/audit-logoff.md
index 05aee8928a..56970b2562 100644
--- a/windows/keep-secure/audit-logoff.md
+++ b/windows/keep-secure/audit-logoff.md
@@ -2,7 +2,7 @@
 title: Audit Logoff (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logoff, which determines whether the operating system generates audit events when logon sessions are terminated.
 ms.assetid: 681e51f2-ba06-46f5-af8c-d9c48d515432
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-logon.md b/windows/keep-secure/audit-logon.md
index fb98f6691c..bd363a9eb0 100644
--- a/windows/keep-secure/audit-logon.md
+++ b/windows/keep-secure/audit-logon.md
@@ -2,7 +2,7 @@
 title: Audit Logon (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logon, which determines whether the operating system generates audit events when a user attempts to log on to a computer.
 ms.assetid: ca968d03-7d52-48c4-ba0e-2bcd2937231b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md b/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
index 67760b944f..ab8412a168 100644
--- a/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit MPSSVC Rule-Level Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit MPSSVC Rule-Level Policy Change, which determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe).
 ms.assetid: 263461b3-c61c-4ec3-9dee-851164845019
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-network-policy-server.md b/windows/keep-secure/audit-network-policy-server.md
index 5f060ff57e..f98d7f0579 100644
--- a/windows/keep-secure/audit-network-policy-server.md
+++ b/windows/keep-secure/audit-network-policy-server.md
@@ -2,7 +2,7 @@
 title: Audit Network Policy Server (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock).
 ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-non-sensitive-privilege-use.md b/windows/keep-secure/audit-non-sensitive-privilege-use.md
index e1321ebc6a..45dd5b1a2c 100644
--- a/windows/keep-secure/audit-non-sensitive-privilege-use.md
+++ b/windows/keep-secure/audit-non-sensitive-privilege-use.md
@@ -2,7 +2,7 @@
 title: Audit Non-Sensitive Privilege Use (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
 ms.assetid: 8fd74783-1059-443e-aa86-566d78606627
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-account-logon-events.md b/windows/keep-secure/audit-other-account-logon-events.md
index 57eaa771fa..4511233562 100644
--- a/windows/keep-secure/audit-other-account-logon-events.md
+++ b/windows/keep-secure/audit-other-account-logon-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Account Logon Events (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Other Account Logon Events, which allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
 ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-account-management-events.md b/windows/keep-secure/audit-other-account-management-events.md
index 737c91e478..48fecc4788 100644
--- a/windows/keep-secure/audit-other-account-management-events.md
+++ b/windows/keep-secure/audit-other-account-management-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Account Management Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Account Management Events, which determines whether the operating system generates user account management audit events.
 ms.assetid: 4ce22eeb-a96f-4cf9-a46d-6642961a31d5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-logonlogoff-events.md b/windows/keep-secure/audit-other-logonlogoff-events.md
index 14b371601d..5b9c517af5 100644
--- a/windows/keep-secure/audit-other-logonlogoff-events.md
+++ b/windows/keep-secure/audit-other-logonlogoff-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Logon/Logoff Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Logon/Logoff Events, which determines whether Windows generates audit events for other logon or logoff events.
 ms.assetid: 76d987cd-1917-4907-a739-dd642609a458
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-object-access-events.md b/windows/keep-secure/audit-other-object-access-events.md
index 71b1ee1965..3d453c1927 100644
--- a/windows/keep-secure/audit-other-object-access-events.md
+++ b/windows/keep-secure/audit-other-object-access-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Object Access Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Object Access Events, which determines whether the operating system generates audit events for the management of Task Scheduler jobs or COM+ objects.
 ms.assetid: b9774595-595d-4199-b0c5-8dbc12b6c8b2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-policy-change-events.md b/windows/keep-secure/audit-other-policy-change-events.md
index 7e2c53404a..5ef649bca4 100644
--- a/windows/keep-secure/audit-other-policy-change-events.md
+++ b/windows/keep-secure/audit-other-policy-change-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Policy Change Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Policy Change Events, which determines whether the operating system generates audit events for security policy changes that are not otherwise audited in the Policy Change category.
 ms.assetid: 8618502e-c21c-41cc-8a49-3dc1eb359e60
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-privilege-use-events.md b/windows/keep-secure/audit-other-privilege-use-events.md
index 839251f763..5babb23a8a 100644
--- a/windows/keep-secure/audit-other-privilege-use-events.md
+++ b/windows/keep-secure/audit-other-privilege-use-events.md
@@ -2,7 +2,7 @@
 title: Audit Other Privilege Use Events (Windows 10)
 description: This security policy setting is not used.
 ms.assetid: 5f7f5b25-42a6-499f-8aa2-01ac79a2a63c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-other-system-events.md b/windows/keep-secure/audit-other-system-events.md
index 2b28658209..3bb668bd64 100644
--- a/windows/keep-secure/audit-other-system-events.md
+++ b/windows/keep-secure/audit-other-system-events.md
@@ -2,7 +2,7 @@
 title: Audit Other System Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other System Events, which determines whether the operating system audits various system events.
 ms.assetid: 2401e4cc-d94e-41ec-82a7-e10914295f8b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-pnp-activity.md b/windows/keep-secure/audit-pnp-activity.md
index aef1c0ae47..c80884e78c 100644
--- a/windows/keep-secure/audit-pnp-activity.md
+++ b/windows/keep-secure/audit-pnp-activity.md
@@ -2,7 +2,7 @@
 title: Audit PNP Activity (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit PNP Activity, which determines when plug and play detects an external device.
 ms.assetid: A3D87B3B-EBBE-442A-953B-9EB75A5F600E
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-policy.md b/windows/keep-secure/audit-policy.md
index 87cf555f43..2cd2c8cd95 100644
--- a/windows/keep-secure/audit-policy.md
+++ b/windows/keep-secure/audit-policy.md
@@ -2,7 +2,7 @@
 title: Audit Policy (Windows 10)
 description: Provides information about basic audit policies that are available in Windows and links to information about each setting.
 ms.assetid: 2e8ea400-e555-43e5-89d6-0898cb89da90
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-process-creation.md b/windows/keep-secure/audit-process-creation.md
index dbe4b6bc69..c9c6d41c57 100644
--- a/windows/keep-secure/audit-process-creation.md
+++ b/windows/keep-secure/audit-process-creation.md
@@ -2,7 +2,7 @@
 title: Audit Process Creation (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Creation, which determines whether the operating system generates audit events when a process is created (starts).
 ms.assetid: 67e39fcd-ded6-45e8-b1b6-d411e4e93019
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-process-termination.md b/windows/keep-secure/audit-process-termination.md
index 4208a938c3..9f4fde6d86 100644
--- a/windows/keep-secure/audit-process-termination.md
+++ b/windows/keep-secure/audit-process-termination.md
@@ -2,7 +2,7 @@
 title: Audit Process Termination (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Termination, which determines whether the operating system generates audit events when an attempt is made to end a process.
 ms.assetid: 65d88e53-14aa-48a4-812b-557cebbf9e50
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-registry.md b/windows/keep-secure/audit-registry.md
index 40ea22bf27..2f58eb5560 100644
--- a/windows/keep-secure/audit-registry.md
+++ b/windows/keep-secure/audit-registry.md
@@ -2,7 +2,7 @@
 title: Audit Registry (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Registry, which determines whether the operating system generates audit events when users attempt to access registry objects.
 ms.assetid: 02bcc23b-4823-46ac-b822-67beedf56b32
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-removable-storage.md b/windows/keep-secure/audit-removable-storage.md
index 1892857f3e..cdfc2b415e 100644
--- a/windows/keep-secure/audit-removable-storage.md
+++ b/windows/keep-secure/audit-removable-storage.md
@@ -2,7 +2,7 @@
 title: Audit Removable Storage (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive.
 ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-rpc-events.md b/windows/keep-secure/audit-rpc-events.md
index dfb512694b..8bd9607c04 100644
--- a/windows/keep-secure/audit-rpc-events.md
+++ b/windows/keep-secure/audit-rpc-events.md
@@ -2,7 +2,7 @@
 title: Audit RPC Events (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit RPC Events, which determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made.
 ms.assetid: 868aec2d-93b4-4bc8-a150-941f88838ba6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-sam.md b/windows/keep-secure/audit-sam.md
index c682e87a89..734ac0681a 100644
--- a/windows/keep-secure/audit-sam.md
+++ b/windows/keep-secure/audit-sam.md
@@ -2,7 +2,7 @@
 title: Audit SAM (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager (SAM) objects.
 ms.assetid: 1d00f955-383d-4c95-bbd1-fab4a991a46e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-security-group-management.md b/windows/keep-secure/audit-security-group-management.md
index 65d91ba967..7ff17d66f3 100644
--- a/windows/keep-secure/audit-security-group-management.md
+++ b/windows/keep-secure/audit-security-group-management.md
@@ -2,7 +2,7 @@
 title: Audit Security Group Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed.
 ms.assetid: ac2ee101-557b-4c84-b9fa-4fb23331f1aa
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-security-state-change.md b/windows/keep-secure/audit-security-state-change.md
index efda133f49..e8c184b3e0 100644
--- a/windows/keep-secure/audit-security-state-change.md
+++ b/windows/keep-secure/audit-security-state-change.md
@@ -2,7 +2,7 @@
 title: Audit Security State Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security State Change, which determines whether Windows generates audit events for changes in the security state of a system.
 ms.assetid: decb3218-a67d-4efa-afc0-337c79a89a2d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-security-system-extension.md b/windows/keep-secure/audit-security-system-extension.md
index e605195736..428a0d685c 100644
--- a/windows/keep-secure/audit-security-system-extension.md
+++ b/windows/keep-secure/audit-security-system-extension.md
@@ -2,7 +2,7 @@
 title: Audit Security System Extension (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security System Extension, which determines whether the operating system generates audit events related to security system extensions.
 ms.assetid: 9f3c6bde-42b2-4a0a-b353-ed3106ebc005
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-sensitive-privilege-use.md b/windows/keep-secure/audit-sensitive-privilege-use.md
index 2c7cd5a902..718aa00bd9 100644
--- a/windows/keep-secure/audit-sensitive-privilege-use.md
+++ b/windows/keep-secure/audit-sensitive-privilege-use.md
@@ -2,7 +2,7 @@
 title: Audit Sensitive Privilege Use (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Sensitive Privilege Use, which determines whether the operating system generates audit events when sensitive privileges (user rights) are used.
 ms.assetid: 915abf50-42d2-45f6-9fd1-e7bd201b193d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/keep-secure/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
index 5ce9aeecf7..0cd45cc597 100644
--- a/windows/keep-secure/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
+++ b/windows/keep-secure/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
@@ -2,7 +2,7 @@
 title: Audit Shut down system immediately if unable to log security audits (Windows 10)
 description: Describes the best practices, location, values, management practices, and security considerations for the Audit Shut down system immediately if unable to log security audits security policy setting.
 ms.assetid: 2cd23cd9-0e44-4d0b-a1f1-39fc29303826
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-special-logon.md b/windows/keep-secure/audit-special-logon.md
index 439cf91d3d..f4bad313c7 100644
--- a/windows/keep-secure/audit-special-logon.md
+++ b/windows/keep-secure/audit-special-logon.md
@@ -2,7 +2,7 @@
 title: Audit Special Logon (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Special Logon, which determines whether the operating system generates audit events under special sign on (or log on) circumstances.
 ms.assetid: e1501bac-1d09-4593-8ebb-f311231567d3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-system-integrity.md b/windows/keep-secure/audit-system-integrity.md
index dfc2666ebf..38fd5a5ce5 100644
--- a/windows/keep-secure/audit-system-integrity.md
+++ b/windows/keep-secure/audit-system-integrity.md
@@ -2,7 +2,7 @@
 title: Audit System Integrity (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit System Integrity, which determines whether the operating system audits events that violate the integrity of the security subsystem.
 ms.assetid: 942a9a7f-fa31-4067-88c7-f73978bf2034
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-user-account-management.md b/windows/keep-secure/audit-user-account-management.md
index 1f05f3085b..a763d8ea76 100644
--- a/windows/keep-secure/audit-user-account-management.md
+++ b/windows/keep-secure/audit-user-account-management.md
@@ -2,7 +2,7 @@
 title: Audit User Account Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit User Account Management, which determines whether the operating system generates audit events when specific user account management tasks are performed.
 ms.assetid: f7e72998-3858-4197-a443-19586ecc4bfb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/audit-user-device-claims.md b/windows/keep-secure/audit-user-device-claims.md
index 254bfb2c7d..e5576c4bdf 100644
--- a/windows/keep-secure/audit-user-device-claims.md
+++ b/windows/keep-secure/audit-user-device-claims.md
@@ -2,7 +2,7 @@
 title: Audit User/Device Claims (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit User/Device Claims, which enables you to audit security events that are generated by user and device claims.
 ms.assetid: D3D2BFAF-F2C0-462A-9377-673DB49D5486
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/back-up-files-and-directories.md b/windows/keep-secure/back-up-files-and-directories.md
index 2cddb14842..6f6a7b8805 100644
--- a/windows/keep-secure/back-up-files-and-directories.md
+++ b/windows/keep-secure/back-up-files-and-directories.md
@@ -2,7 +2,7 @@
 title: Back up files and directories (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Back up files and directories security policy setting.
 ms.assetid: 1cd6bdd5-1501-41f4-98b9-acf29ac173ae
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
index 5f46d91a0d..aee1050952 100644
--- a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
@@ -2,7 +2,7 @@
 title: Backup the TPM recovery Information to AD DS (Windows 10)
 description: This topic for the IT professional describes how to back up a computer’s Trusted Platform Module (TPM) information to Active Directory Domain Services (AD DS) so that you can use AD DS to administer the TPM from a remote computer.
 ms.assetid: 62bcec80-96a1-464e-8b3f-d177a7565ac5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-account-logon-events.md b/windows/keep-secure/basic-audit-account-logon-events.md
index 4bfa89fd5b..392a87e381 100644
--- a/windows/keep-secure/basic-audit-account-logon-events.md
+++ b/windows/keep-secure/basic-audit-account-logon-events.md
@@ -2,7 +2,7 @@
 title: Audit account logon events (Windows 10)
 description: Determines whether to audit each instance of a user logging on to or logging off from another device in which this device is used to validate the account.
 ms.assetid: 84B44181-E325-49A1-8398-AECC3CE0A516
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-account-management.md b/windows/keep-secure/basic-audit-account-management.md
index ee0cf33722..364a455ec2 100644
--- a/windows/keep-secure/basic-audit-account-management.md
+++ b/windows/keep-secure/basic-audit-account-management.md
@@ -2,7 +2,7 @@
 title: Audit account management (Windows 10)
 description: Determines whether to audit each event of account management on a device.
 ms.assetid: 369197E1-7E0E-45A4-89EA-16D91EF01689
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-directory-service-access.md b/windows/keep-secure/basic-audit-directory-service-access.md
index 0d48b78b27..b377adcecc 100644
--- a/windows/keep-secure/basic-audit-directory-service-access.md
+++ b/windows/keep-secure/basic-audit-directory-service-access.md
@@ -2,7 +2,7 @@
 title: Audit directory service access (Windows 10)
 description: Determines whether to audit the event of a user accessing an Active Directory object that has its own system access control list (SACL) specified.
 ms.assetid: 52F02EED-3CFE-4307-8D06-CF1E27693D09
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-logon-events.md b/windows/keep-secure/basic-audit-logon-events.md
index d83d80357e..143c150317 100644
--- a/windows/keep-secure/basic-audit-logon-events.md
+++ b/windows/keep-secure/basic-audit-logon-events.md
@@ -2,7 +2,7 @@
 title: Audit logon events (Windows 10)
 description: Determines whether to audit each instance of a user logging on to or logging off from a device.
 ms.assetid: 78B5AFCB-0BBD-4C38-9FE9-6B4571B94A35
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-object-access.md b/windows/keep-secure/basic-audit-object-access.md
index 6ae03e3c93..05d9500660 100644
--- a/windows/keep-secure/basic-audit-object-access.md
+++ b/windows/keep-secure/basic-audit-object-access.md
@@ -2,7 +2,7 @@
 title: Audit object access (Windows 10)
 description: Determines whether to audit the event of a user accessing an object--for example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified.
 ms.assetid: D15B6D67-7886-44C2-9972-3F192D5407EA
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-policy-change.md b/windows/keep-secure/basic-audit-policy-change.md
index 0590d832ee..9aee64c9c8 100644
--- a/windows/keep-secure/basic-audit-policy-change.md
+++ b/windows/keep-secure/basic-audit-policy-change.md
@@ -2,7 +2,7 @@
 title: Audit policy change (Windows 10)
 description: Determines whether to audit every incident of a change to user rights assignment policies, audit policies, or trust policies.
 ms.assetid: 1025A648-6B22-4C85-9F47-FE0897F1FA31
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-privilege-use.md b/windows/keep-secure/basic-audit-privilege-use.md
index 38a2117169..62d38eec12 100644
--- a/windows/keep-secure/basic-audit-privilege-use.md
+++ b/windows/keep-secure/basic-audit-privilege-use.md
@@ -2,7 +2,7 @@
 title: Audit privilege use (Windows 10)
 description: Determines whether to audit each instance of a user exercising a user right.
 ms.assetid: C5C6DAAF-8B58-4DFB-B1CE-F0675AE0E9F8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-process-tracking.md b/windows/keep-secure/basic-audit-process-tracking.md
index 9fd272a03c..acfe7b0fb1 100644
--- a/windows/keep-secure/basic-audit-process-tracking.md
+++ b/windows/keep-secure/basic-audit-process-tracking.md
@@ -2,7 +2,7 @@
 title: Audit process tracking (Windows 10)
 description: Determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access.
 ms.assetid: 91AC5C1E-F4DA-4B16-BEE2-C92D66E4CEEA
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-audit-system-events.md b/windows/keep-secure/basic-audit-system-events.md
index 7724e17654..70674dbb21 100644
--- a/windows/keep-secure/basic-audit-system-events.md
+++ b/windows/keep-secure/basic-audit-system-events.md
@@ -2,7 +2,7 @@
 title: Audit system events (Windows 10)
 description: Determines whether to audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log.
 ms.assetid: BF27588C-2AA7-4365-A4BF-3BB377916447
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-security-audit-policies.md b/windows/keep-secure/basic-security-audit-policies.md
index 0ad34f0790..1de3ff5747 100644
--- a/windows/keep-secure/basic-security-audit-policies.md
+++ b/windows/keep-secure/basic-security-audit-policies.md
@@ -2,7 +2,7 @@
 title: Basic security audit policies (Windows 10)
 description: Before you implement auditing, you must decide on an auditing policy.
 ms.assetid: 3B678568-7AD7-4734-9BB4-53CF5E04E1D3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/basic-security-audit-policy-settings.md b/windows/keep-secure/basic-security-audit-policy-settings.md
index eeade033ce..82989b0eee 100644
--- a/windows/keep-secure/basic-security-audit-policy-settings.md
+++ b/windows/keep-secure/basic-security-audit-policy-settings.md
@@ -2,7 +2,7 @@
 title: Basic security audit policy settings (Windows 10)
 description: Basic security audit policy settings are found under Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Audit Policy.
 ms.assetid: 31C2C453-2CFC-4D9E-BC88-8CE1C1A8F900
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bcd-settings-and-bitlocker.md b/windows/keep-secure/bcd-settings-and-bitlocker.md
index bee0c9e8f3..ccd9afd831 100644
--- a/windows/keep-secure/bcd-settings-and-bitlocker.md
+++ b/windows/keep-secure/bcd-settings-and-bitlocker.md
@@ -2,7 +2,7 @@
 title: BCD settings and BitLocker (Windows 10)
 description: This topic for IT professionals describes the BCD settings that are used by BitLocker.
 ms.assetid: c4ab7ac9-16dc-4c7e-b061-c0b0deb2c4fa
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-basic-deployment.md b/windows/keep-secure/bitlocker-basic-deployment.md
index e63322f296..b83692c713 100644
--- a/windows/keep-secure/bitlocker-basic-deployment.md
+++ b/windows/keep-secure/bitlocker-basic-deployment.md
@@ -2,7 +2,7 @@
 title: BitLocker basic deployment (Windows 10)
 description: This topic for the IT professional explains how BitLocker features can be used to protect your data through drive encryption.
 ms.assetid: 97c646cb-9e53-4236-9678-354af41151c4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-countermeasures.md b/windows/keep-secure/bitlocker-countermeasures.md
index 687bf6047b..7e1f6c7414 100644
--- a/windows/keep-secure/bitlocker-countermeasures.md
+++ b/windows/keep-secure/bitlocker-countermeasures.md
@@ -2,7 +2,7 @@
 title: BitLocker Countermeasures (Windows 10)
 description: Windows uses technologies including TPM, Secure Boot, Trusted Boot, and Early Launch Antimalware (ELAM) to protect against attacks on the BitLocker encryption key.
 ms.assetid: ebdb0637-2597-4da1-bb18-8127964686ea
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-frequently-asked-questions.md b/windows/keep-secure/bitlocker-frequently-asked-questions.md
index 4d179869fb..23dc64932f 100644
--- a/windows/keep-secure/bitlocker-frequently-asked-questions.md
+++ b/windows/keep-secure/bitlocker-frequently-asked-questions.md
@@ -2,7 +2,7 @@
 title: BitLocker frequently asked questions (FAQ) (Windows 10)
 description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker.
 ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-group-policy-settings.md b/windows/keep-secure/bitlocker-group-policy-settings.md
index 77412bda71..8d3864a681 100644
--- a/windows/keep-secure/bitlocker-group-policy-settings.md
+++ b/windows/keep-secure/bitlocker-group-policy-settings.md
@@ -2,7 +2,7 @@
 title: BitLocker Group Policy settings (Windows 10)
 description: This topic for IT professionals describes the function, location, and effect of each Group Policy setting that is used to manage BitLocker Drive Encryption.
 ms.assetid: 4904e336-29fe-4cef-bb6c-3950541864af
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-how-to-deploy-on-windows-server.md b/windows/keep-secure/bitlocker-how-to-deploy-on-windows-server.md
index e7035aa4e8..e57e269aff 100644
--- a/windows/keep-secure/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/keep-secure/bitlocker-how-to-deploy-on-windows-server.md
@@ -2,7 +2,7 @@
 title: BitLocker How to deploy on Windows Server 2012 and later (Windows 10)
 description: This topic for the IT professional explains how to deploy BitLocker and Windows Server 2012 and later.
 ms.assetid: 91c18e9e-6ab4-4607-8c75-d983bbe2542f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
index 37e9e8b02d..16e0aa12b2 100644
--- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
@@ -2,7 +2,7 @@
 title: BitLocker How to enable Network Unlock (Windows 10)
 description: This topic for the IT professional describes how BitLocker Network Unlock works and how to configure it.
 ms.assetid: be45bc28-47db-4931-bfec-3c348151d2e9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-overview.md b/windows/keep-secure/bitlocker-overview.md
index 897f3dd747..58f3047141 100644
--- a/windows/keep-secure/bitlocker-overview.md
+++ b/windows/keep-secure/bitlocker-overview.md
@@ -2,7 +2,7 @@
 title: BitLocker (Windows 10)
 description: This topic provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features.
 ms.assetid: 40526fcc-3e0d-4d75-90e0-c7d0615f33b2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-recovery-guide-plan.md b/windows/keep-secure/bitlocker-recovery-guide-plan.md
index 80df5a2c52..61d362d1a3 100644
--- a/windows/keep-secure/bitlocker-recovery-guide-plan.md
+++ b/windows/keep-secure/bitlocker-recovery-guide-plan.md
@@ -2,7 +2,7 @@
 title: BitLocker recovery guide (Windows 10)
 description: This topic for IT professionals describes how to recover BitLocker keys from AD DS.
 ms.assetid: d0f722e9-1773-40bf-8456-63ee7a95ea14
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/keep-secure/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index a20d25ff66..8d48b8aff4 100644
--- a/windows/keep-secure/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/keep-secure/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -2,7 +2,7 @@
 title: BitLocker Use BitLocker Drive Encryption Tools to manage BitLocker (Windows 10)
 description: This topic for the IT professional describes how to use tools to manage BitLocker.
 ms.assetid: e869db9c-e906-437b-8c70-741dd61b5ea6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/keep-secure/bitlocker-use-bitlocker-recovery-password-viewer.md
index 61521699b2..850c7507b0 100644
--- a/windows/keep-secure/bitlocker-use-bitlocker-recovery-password-viewer.md
+++ b/windows/keep-secure/bitlocker-use-bitlocker-recovery-password-viewer.md
@@ -2,7 +2,7 @@
 title: BitLocker Use BitLocker Recovery Password Viewer (Windows 10)
 description: This topic for the IT professional describes how to use the BitLocker Recovery Password Viewer.
 ms.assetid: 04c93ac5-5dac-415e-b636-de81435753a2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
index 032ef98517..83a3f113a9 100644
--- a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
+++ b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
@@ -2,9 +2,10 @@
 title: Block untrusted fonts in an enterprise (Windows 10)
 description: To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature.
 ms.assetid: a3354c8e-4208-4be6-bc19-56a572c361b4
-keywords: ["font blocking", "untrusted font blocking", "block fonts", "untrusted fonts"]
-ms.prod: W10
+keywords: font blocking, untrusted font blocking, block fonts, untrusted fonts
+ms.prod: w10
 ms.mktglfcycl: deploy
+ms.pagetype: security
 ms.sitesec: library
 author: eross-msft
 ---
diff --git a/windows/keep-secure/bypass-traverse-checking.md b/windows/keep-secure/bypass-traverse-checking.md
index d07fea0ff5..60df8885da 100644
--- a/windows/keep-secure/bypass-traverse-checking.md
+++ b/windows/keep-secure/bypass-traverse-checking.md
@@ -2,7 +2,7 @@
 title: Bypass traverse checking (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Bypass traverse checking security policy setting.
 ms.assetid: 1c828655-68d3-4140-aa0f-caa903a7087e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 5f96e1fcb1..3c7d6abdfe 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -2,9 +2,10 @@
 title: Change history for Keep Windows 10 secure (Windows 10)
 description: This topic lists new and updated topics in the Keep Windows 10 secure documentation for Windows 10 and Windows 10 Mobile.
 ms.assetid: E50EC5E6-71AA-4FF1-8356-574CFDB8079B
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/change-the-system-time.md b/windows/keep-secure/change-the-system-time.md
index 4ac7356093..e6f43e3f88 100644
--- a/windows/keep-secure/change-the-system-time.md
+++ b/windows/keep-secure/change-the-system-time.md
@@ -2,7 +2,7 @@
 title: Change the system time (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Change the system time security policy setting.
 ms.assetid: f2f6637d-acbc-4352-8ca3-ec563f918e65
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/change-the-time-zone.md b/windows/keep-secure/change-the-time-zone.md
index 1b27d5afe9..3eb72473a5 100644
--- a/windows/keep-secure/change-the-time-zone.md
+++ b/windows/keep-secure/change-the-time-zone.md
@@ -2,7 +2,7 @@
 title: Change the time zone (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Change the time zone security policy setting.
 ms.assetid: 3b1afae4-68bb-472f-a43e-49e300d73e50
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/change-the-tpm-owner-password.md b/windows/keep-secure/change-the-tpm-owner-password.md
index 7241d40deb..ba11bc7a8c 100644
--- a/windows/keep-secure/change-the-tpm-owner-password.md
+++ b/windows/keep-secure/change-the-tpm-owner-password.md
@@ -2,7 +2,7 @@
 title: Change the TPM owner password (Windows 10)
 description: This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 ms.assetid: e43dcff3-acb4-4a92-8816-d6b64b7f2f45
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/choose-the-right-bitlocker-countermeasure.md b/windows/keep-secure/choose-the-right-bitlocker-countermeasure.md
index 3e84e8f209..0293f672ae 100644
--- a/windows/keep-secure/choose-the-right-bitlocker-countermeasure.md
+++ b/windows/keep-secure/choose-the-right-bitlocker-countermeasure.md
@@ -2,7 +2,7 @@
 title: Choose the right BitLocker countermeasure (Windows 10)
 description: This section outlines the best countermeasures you can use to protect your organization from bootkits and rootkits, brute force sign-in, Direct Memory Access (DMA) attacks, Hyberfil.sys attacks, and memory remanence attacks.
 ms.assetid: b0b09508-7885-4030-8c61-d91458afdb14
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-an-applocker-policy-for-audit-only.md b/windows/keep-secure/configure-an-applocker-policy-for-audit-only.md
index 58ba26536b..206c0415fe 100644
--- a/windows/keep-secure/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/keep-secure/configure-an-applocker-policy-for-audit-only.md
@@ -2,7 +2,7 @@
 title: Configure an AppLocker policy for audit only (Windows 10)
 description: This topic for IT professionals describes how to set AppLocker policies to Audit only within your IT environment by using AppLocker.
 ms.assetid: 10bc87d5-cc7f-4500-b7b3-9006e50afa50
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-an-applocker-policy-for-enforce-rules.md b/windows/keep-secure/configure-an-applocker-policy-for-enforce-rules.md
index 3d6aa8a2c7..55e87ba39a 100644
--- a/windows/keep-secure/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/keep-secure/configure-an-applocker-policy-for-enforce-rules.md
@@ -2,7 +2,7 @@
 title: Configure an AppLocker policy for enforce rules (Windows 10)
 description: This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
 ms.assetid: 5dbbb290-a5ae-4f88-82b3-21e95972e66c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
index 79f9ff560f..aede6f38ed 100644
--- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Configure Windows Defender ATP endpoints
 description: Use Group Policy or SCCM to deploy the configuration package or do manual registry changes on endpoints so that they are onboarded to the service.
 keywords: configure endpoints, client onboarding, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, sccm, system center configuration manager
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/configure-exceptions-for-an-applocker-rule.md b/windows/keep-secure/configure-exceptions-for-an-applocker-rule.md
index 0d4e3eefd6..be96e323ed 100644
--- a/windows/keep-secure/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/keep-secure/configure-exceptions-for-an-applocker-rule.md
@@ -2,7 +2,7 @@
 title: Add exceptions for an AppLocker rule (Windows 10)
 description: This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
 ms.assetid: d15c9d84-c14b-488d-9f48-bf31ff7ff0c5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index aef3743b8f..e0564e8606 100644
--- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Configure Windows Defender ATP endpoint proxy and Internet connection set
 description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
 keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, web proxy auto detect, wpad, netsh, winhttp, proxy server
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/configure-s-mime.md b/windows/keep-secure/configure-s-mime.md
index 1d5a83822d..7b9906f26d 100644
--- a/windows/keep-secure/configure-s-mime.md
+++ b/windows/keep-secure/configure-s-mime.md
@@ -3,7 +3,7 @@ title: Configure S/MIME for Windows 10 and Windows 10 Mobile (Windows 10)
 description: In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them.
 ms.assetid: 7F9C2A99-42EB-4BCC-BB53-41C04FBBBF05
 keywords: encrypt, digital signature
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-the-appLocker-reference-device.md b/windows/keep-secure/configure-the-appLocker-reference-device.md
index 59e6e81b2d..97d6fd1361 100644
--- a/windows/keep-secure/configure-the-appLocker-reference-device.md
+++ b/windows/keep-secure/configure-the-appLocker-reference-device.md
@@ -2,7 +2,7 @@
 title: Configure the AppLocker reference device (Windows 10)
 description: This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
 ms.assetid: 034bd367-146d-4956-873c-e1e09e6fefee
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/configure-the-application-identity-service.md b/windows/keep-secure/configure-the-application-identity-service.md
index 0714a613da..84a1d64b98 100644
--- a/windows/keep-secure/configure-the-application-identity-service.md
+++ b/windows/keep-secure/configure-the-application-identity-service.md
@@ -3,7 +3,7 @@ title: Configure the Application Identity service (Windows 10)
 description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
 ms.assetid: dc469599-37fd-448b-b23e-5b8e4f17e561
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/configure-windows-defender-in-windows-10.md b/windows/keep-secure/configure-windows-defender-in-windows-10.md
index 72c2a16a9b..b52b5f6c57 100644
--- a/windows/keep-secure/configure-windows-defender-in-windows-10.md
+++ b/windows/keep-secure/configure-windows-defender-in-windows-10.md
@@ -2,7 +2,7 @@
 title: Configure Windows Defender in Windows 10 (Windows 10)
 description: IT professionals can configure definition updates and cloud-based protection in Windows Defender in Windows 10 through Microsoft Active Directory and Windows Server Update Services (WSUS).
 ms.assetid: 22649663-AC7A-40D8-B1F7-5CAD9E49653D
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/keep-secure/create-a-basic-audit-policy-settings-for-an-event-category.md
index cdd372d271..69742a74b0 100644
--- a/windows/keep-secure/create-a-basic-audit-policy-settings-for-an-event-category.md
+++ b/windows/keep-secure/create-a-basic-audit-policy-settings-for-an-event-category.md
@@ -2,7 +2,7 @@
 title: Create a basic audit policy for an event category (Windows 10)
 description: By defining auditing settings for specific event categories, you can create an auditing policy that suits the security needs of your organization.
 ms.assetid: C9F52751-B40D-482E-BE9D-2C61098249D3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-pagefile.md b/windows/keep-secure/create-a-pagefile.md
index c914d790aa..a8c65abbab 100644
--- a/windows/keep-secure/create-a-pagefile.md
+++ b/windows/keep-secure/create-a-pagefile.md
@@ -2,7 +2,7 @@
 title: Create a pagefile (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create a pagefile security policy setting.
 ms.assetid: dc087897-459d-414b-abe0-cd86c8dccdea
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-rule-for-packaged-apps.md b/windows/keep-secure/create-a-rule-for-packaged-apps.md
index 3909260775..f0ed699e79 100644
--- a/windows/keep-secure/create-a-rule-for-packaged-apps.md
+++ b/windows/keep-secure/create-a-rule-for-packaged-apps.md
@@ -2,7 +2,7 @@
 title: Create a rule for packaged apps (Windows 10)
 description: This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
 ms.assetid: e4ffd400-7860-47b3-9118-0e6853c3dfa0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-rule-that-uses-a-file-hash-condition.md b/windows/keep-secure/create-a-rule-that-uses-a-file-hash-condition.md
index 261eea052b..4a1038f165 100644
--- a/windows/keep-secure/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/keep-secure/create-a-rule-that-uses-a-file-hash-condition.md
@@ -2,7 +2,7 @@
 title: Create a rule that uses a file hash condition (Windows 10)
 description: This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
 ms.assetid: eb3b3524-1b3b-4979-ba5a-0a0b1280c5c7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-rule-that-uses-a-path-condition.md b/windows/keep-secure/create-a-rule-that-uses-a-path-condition.md
index 8553577fac..89a34500cd 100644
--- a/windows/keep-secure/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/keep-secure/create-a-rule-that-uses-a-path-condition.md
@@ -2,7 +2,7 @@
 title: Create a rule that uses a path condition (Windows 10)
 description: This topic for IT professionals shows how to create an AppLocker rule with a path condition.
 ms.assetid: 9b2093f5-5976-45fa-90c3-da1e0e845d95
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-rule-that-uses-a-publisher-condition.md b/windows/keep-secure/create-a-rule-that-uses-a-publisher-condition.md
index 11ceca1e52..214dca0f70 100644
--- a/windows/keep-secure/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/keep-secure/create-a-rule-that-uses-a-publisher-condition.md
@@ -2,7 +2,7 @@
 title: Create a rule that uses a publisher condition (Windows 10)
 description: This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
 ms.assetid: 345ad45f-2bc1-4c4c-946f-17804e29f55b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-a-token-object.md b/windows/keep-secure/create-a-token-object.md
index 99055b694f..8decf358bf 100644
--- a/windows/keep-secure/create-a-token-object.md
+++ b/windows/keep-secure/create-a-token-object.md
@@ -2,7 +2,7 @@
 title: Create a token object (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create a token object security policy setting.
 ms.assetid: bfbf52fc-6ba4-442a-9df7-bd277e55729c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-applocker-default-rules.md b/windows/keep-secure/create-applocker-default-rules.md
index eb37fb2112..930d2bc4d7 100644
--- a/windows/keep-secure/create-applocker-default-rules.md
+++ b/windows/keep-secure/create-applocker-default-rules.md
@@ -2,7 +2,7 @@
 title: Create AppLocker default rules (Windows 10)
 description: This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
 ms.assetid: 21e9dc68-a6f4-4ebe-ac28-4c66a7ab6e18
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-edp-policy-using-intune.md b/windows/keep-secure/create-edp-policy-using-intune.md
index e2dab16028..c5d390ea1c 100644
--- a/windows/keep-secure/create-edp-policy-using-intune.md
+++ b/windows/keep-secure/create-edp-policy-using-intune.md
@@ -2,9 +2,10 @@
 title: Create an enterprise data protection (EDP) policy using Microsoft Intune (Windows 10)
 description: Microsoft Intune helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
 ms.assetid: 4b307c99-3016-4d6a-9ae7-3bbebd26e721
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/create-edp-policy-using-sccm.md b/windows/keep-secure/create-edp-policy-using-sccm.md
index 9e4288873e..fa412028a7 100644
--- a/windows/keep-secure/create-edp-policy-using-sccm.md
+++ b/windows/keep-secure/create-edp-policy-using-sccm.md
@@ -2,10 +2,11 @@
 title: Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager (Windows 10)
 description: Configuration Manager (version 1511 or later) helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
 ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529
-keywords: ["EDP", "Enterprise Data Protection", "SCCM", "System Center Configuration Manager", Configuration Manager"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/create-global-objects.md b/windows/keep-secure/create-global-objects.md
index 1f047ee451..c131685bec 100644
--- a/windows/keep-secure/create-global-objects.md
+++ b/windows/keep-secure/create-global-objects.md
@@ -2,7 +2,7 @@
 title: Create global objects (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create global objects security policy setting.
 ms.assetid: 9cb6247b-44fc-4815-86f2-cb59b6f0221e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
index 074fababfc..c623dd725f 100644
--- a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
@@ -2,7 +2,7 @@
 title: Create a list of apps deployed to each business group (Windows 10)
 description: This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.
 ms.assetid: d713aa07-d732-4bdc-8656-ba616d779321
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-permanent-shared-objects.md b/windows/keep-secure/create-permanent-shared-objects.md
index 33ab226516..bcc0896951 100644
--- a/windows/keep-secure/create-permanent-shared-objects.md
+++ b/windows/keep-secure/create-permanent-shared-objects.md
@@ -2,7 +2,7 @@
 title: Create permanent shared objects (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create permanent shared objects security policy setting.
 ms.assetid: 6a58438d-65ca-4c4a-a584-450eed976649
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-symbolic-links.md b/windows/keep-secure/create-symbolic-links.md
index 857a5a7ca9..994d8de789 100644
--- a/windows/keep-secure/create-symbolic-links.md
+++ b/windows/keep-secure/create-symbolic-links.md
@@ -2,7 +2,7 @@
 title: Create symbolic links (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Create symbolic links security policy setting.
 ms.assetid: 882922b9-0ff8-4ee9-8afc-4475515ee3fd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md b/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md
index 16034ac23d..760968b092 100644
--- a/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md
+++ b/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md
@@ -2,10 +2,11 @@
 title: Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune (Windows 10)
 description: After you've created and deployed your enterprise data protection (EDP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your EDP policy.
 ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/create-your-applocker-planning-document.md b/windows/keep-secure/create-your-applocker-planning-document.md
index 263be36d5e..f2b23f5937 100644
--- a/windows/keep-secure/create-your-applocker-planning-document.md
+++ b/windows/keep-secure/create-your-applocker-planning-document.md
@@ -2,7 +2,7 @@
 title: Create your AppLocker planning document (Windows 10)
 description: This planning topic for the IT professional summarizes the information you need to research and include in your AppLocker planning document.
 ms.assetid: 41e49644-baf4-4514-b089-88adae2d624e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-your-applocker-policies.md b/windows/keep-secure/create-your-applocker-policies.md
index b7a23cc02d..e4ecc44cee 100644
--- a/windows/keep-secure/create-your-applocker-policies.md
+++ b/windows/keep-secure/create-your-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Create Your AppLocker policies (Windows 10)
 description: This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
 ms.assetid: d339dee2-4da2-4d4a-b46e-f1dfb7cb4bf0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/create-your-applocker-rules.md b/windows/keep-secure/create-your-applocker-rules.md
index ee0590e89b..8bcb7daf24 100644
--- a/windows/keep-secure/create-your-applocker-rules.md
+++ b/windows/keep-secure/create-your-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Create Your AppLocker rules (Windows 10)
 description: This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
 ms.assetid: b684a3a5-929c-4f70-8742-04088022f232
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md b/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md
index ee2f72275b..a1b2db57b3 100644
--- a/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md
+++ b/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md
@@ -2,7 +2,7 @@
 title: Create a Device Guard code integrity policy based on a reference device (Windows 10)
 description: To implement Device Guard app protection, you will need to create a code integrity policy. Code integrity policies determine what apps are considered trustworthy and are allowed to run on a protected device.
 ms.assetid: 6C94B14E-E2CE-4F6C-8939-4B375406E825
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md
index 870a49c024..1202cb6ae3 100644
--- a/windows/keep-secure/credential-guard.md
+++ b/windows/keep-secure/credential-guard.md
@@ -2,7 +2,7 @@
 title: Protect derived domain credentials with Credential Guard (Windows 10)
 description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
 ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
index aa142cc631..07afd4227c 100644
--- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,11 @@ title: View the Windows Defender Advanced Threat Protection Dashboard
 description: Use the Dashboard to identify machines at risk, keep track of the status of the service, and see statistics and information about machines and alerts.
 keywords: dashboard, alerts, new, in progress, resolved, risk, machines at risk, infections, reporting, statistics, charts, graphs, health, active malware detections, threat category, categories, password stealer, ransomware, exploit, threat, low severity, active malware
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
 ---
 
 # View the Windows Defender Advanced Threat Protection Dashboard
diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
index 1286313495..6db6f55321 100644
--- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender ATP data storage and privacy
 description: Learn about how Windows Defender ATP handles privacy and data that it collects.
 keywords: Windows Defender ATP data storage and privacy, storage, privacy
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 ---
 
 # Windows Defender ATP data storage and privacy
diff --git a/windows/keep-secure/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/keep-secure/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index 6fe17f05af..99fd9c7f66 100644
--- a/windows/keep-secure/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/keep-secure/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -2,7 +2,7 @@
 title: DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax policy setting.
 ms.assetid: 0fe3521a-5252-44df-8a47-8d92cf936e7c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/keep-secure/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index d4c42764a5..6b5d3ee2c2 100644
--- a/windows/keep-secure/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/keep-secure/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -2,7 +2,7 @@
 title: DCOM Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the DCOM Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax security policy setting.
 ms.assetid: 4b95d45f-dd62-4c34-ba32-43954528dabe
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/debug-programs.md b/windows/keep-secure/debug-programs.md
index 4b133fd251..810c6a21b5 100644
--- a/windows/keep-secure/debug-programs.md
+++ b/windows/keep-secure/debug-programs.md
@@ -2,7 +2,7 @@
 title: Debug programs (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Debug programs security policy setting.
 ms.assetid: 594d9f2c-8ffc-444b-9522-75615ec87786
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/delete-an-applocker-rule.md b/windows/keep-secure/delete-an-applocker-rule.md
index ad342ee6cf..3d4888fb73 100644
--- a/windows/keep-secure/delete-an-applocker-rule.md
+++ b/windows/keep-secure/delete-an-applocker-rule.md
@@ -2,7 +2,7 @@
 title: Delete an AppLocker rule (Windows 10)
 description: This topic for IT professionals describes the steps to delete an AppLocker rule.
 ms.assetid: 382b4be3-0df9-4308-89b2-dcf9df351eb5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-access-to-this-computer-from-the-network.md b/windows/keep-secure/deny-access-to-this-computer-from-the-network.md
index df4e48dc46..fbad5a0ca8 100644
--- a/windows/keep-secure/deny-access-to-this-computer-from-the-network.md
+++ b/windows/keep-secure/deny-access-to-this-computer-from-the-network.md
@@ -2,7 +2,7 @@
 title: Deny access to this computer from the network (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny access to this computer from the network security policy setting.
 ms.assetid: 935e9f89-951b-4163-b186-fc325682bb0b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-log-on-as-a-batch-job.md b/windows/keep-secure/deny-log-on-as-a-batch-job.md
index d3abeeb6d5..5edb8ca898 100644
--- a/windows/keep-secure/deny-log-on-as-a-batch-job.md
+++ b/windows/keep-secure/deny-log-on-as-a-batch-job.md
@@ -2,7 +2,7 @@
 title: Deny log on as a batch job (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on as a batch job security policy setting.
 ms.assetid: 0ac36ebd-5e28-4b6a-9b4e-8924c6ecf44b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-log-on-as-a-service.md b/windows/keep-secure/deny-log-on-as-a-service.md
index 8fa66ee734..7acdea2a4c 100644
--- a/windows/keep-secure/deny-log-on-as-a-service.md
+++ b/windows/keep-secure/deny-log-on-as-a-service.md
@@ -2,7 +2,7 @@
 title: Deny log on as a service (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on as a service security policy setting.
 ms.assetid: f1114964-df86-4278-9b11-e35c66949794
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-log-on-locally.md b/windows/keep-secure/deny-log-on-locally.md
index 916d358f89..cd84f05560 100644
--- a/windows/keep-secure/deny-log-on-locally.md
+++ b/windows/keep-secure/deny-log-on-locally.md
@@ -2,7 +2,7 @@
 title: Deny log on locally (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on locally security policy setting.
 ms.assetid: 00150e88-ec9c-43e1-a70d-33bfe10434db
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deny-log-on-through-remote-desktop-services.md b/windows/keep-secure/deny-log-on-through-remote-desktop-services.md
index 6877912bae..8e5065b443 100644
--- a/windows/keep-secure/deny-log-on-through-remote-desktop-services.md
+++ b/windows/keep-secure/deny-log-on-through-remote-desktop-services.md
@@ -2,7 +2,7 @@
 title: Deny log on through Remote Desktop Services (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on through Remote Desktop Services security policy setting.
 ms.assetid: 84bbb807-287c-4acc-a094-cf0ffdcbca67
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index b7056845e4..b5ecdf6702 100644
--- a/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -2,7 +2,7 @@
 title: Deploy AppLocker policies by using the enforce rules setting (Windows 10)
 description: This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
 ms.assetid: fd3a3d25-ff3b-4060-8390-6262a90749ba
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/deploy-edp-policy-using-intune.md b/windows/keep-secure/deploy-edp-policy-using-intune.md
index 6893478523..7b23a44cf2 100644
--- a/windows/keep-secure/deploy-edp-policy-using-intune.md
+++ b/windows/keep-secure/deploy-edp-policy-using-intune.md
@@ -2,10 +2,11 @@
 title: Deploy your enterprise data protection (EDP) policy using Microsoft Intune (Windows 10)
 description: After you’ve created your enterprise data protection (EDP) policy, you'll need to deploy it to your organization's enrolled devices.
 ms.assetid: 9c4a01e7-0b1c-4f15-95d0-0389f0686211
-keywords: ["EDP", "Enterprise Data Protection", "Intune"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection, Intune
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/deploy-the-applocker-policy-into-production.md b/windows/keep-secure/deploy-the-applocker-policy-into-production.md
index 32e3cd0d65..e56061213f 100644
--- a/windows/keep-secure/deploy-the-applocker-policy-into-production.md
+++ b/windows/keep-secure/deploy-the-applocker-policy-into-production.md
@@ -2,7 +2,7 @@
 title: Deploy the AppLocker policy into production (Windows 10)
 description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
 ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/determine-group-policy-structure-and-rule-enforcement.md b/windows/keep-secure/determine-group-policy-structure-and-rule-enforcement.md
index 5733fd532e..1544475c03 100644
--- a/windows/keep-secure/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/keep-secure/determine-group-policy-structure-and-rule-enforcement.md
@@ -2,7 +2,7 @@
 title: Determine the Group Policy structure and rule enforcement (Windows 10)
 description: This overview topic describes the process to follow when you are planning to deploy AppLocker rules.
 ms.assetid: f435fcbe-c7ac-4ef0-9702-729aab64163f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/keep-secure/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
index a02d55ecc7..ccf2483c4d 100644
--- a/windows/keep-secure/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/keep-secure/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@@ -2,7 +2,7 @@
 title: Determine which apps are digitally signed on a reference device (Windows 10)
 description: This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
 ms.assetid: 24609a6b-fdcb-4083-b234-73e23ff8bcb8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/determine-your-application-control-objectives.md b/windows/keep-secure/determine-your-application-control-objectives.md
index 65098f5d72..a74a000710 100644
--- a/windows/keep-secure/determine-your-application-control-objectives.md
+++ b/windows/keep-secure/determine-your-application-control-objectives.md
@@ -2,7 +2,7 @@
 title: Determine your application control objectives (Windows 10)
 description: This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
 ms.assetid: 0e84003e-6095-46fb-8c4e-2065869bb53b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/device-guard-certification-and-compliance.md b/windows/keep-secure/device-guard-certification-and-compliance.md
index 9edecd273d..6ac463047e 100644
--- a/windows/keep-secure/device-guard-certification-and-compliance.md
+++ b/windows/keep-secure/device-guard-certification-and-compliance.md
@@ -3,7 +3,7 @@ title: Device Guard certification and compliance (Windows 10)
 description: Device Guard is a combination of hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications.
 ms.assetid: 94167ECA-AB08-431D-95E5-7A363F42C7E3
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/device-guard-deployment-guide.md b/windows/keep-secure/device-guard-deployment-guide.md
index 3d9a53be0e..f98d7216ea 100644
--- a/windows/keep-secure/device-guard-deployment-guide.md
+++ b/windows/keep-secure/device-guard-deployment-guide.md
@@ -3,9 +3,9 @@ title: Device Guard deployment guide (Windows 10)
 description: Microsoft Device Guard is a feature set that consists of both hardware and software system integrity hardening features that revolutionize the Windows operating system’s security.
 ms.assetid: 4BA52AA9-64D3-41F3-94B2-B87EC2717486
 keywords: virtualization, security, malware
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
-ms.pagetype: devices
+ms.pagetype: security, devices
 author: challum
 ---
 
diff --git a/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md b/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md
index 0d237c5cd4..d8f1d31192 100644
--- a/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md
+++ b/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md
@@ -2,7 +2,7 @@
 title: Devices Allow undock without having to log on (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Allow undock without having to log on security policy setting.
 ms.assetid: 1d403f5d-ad41-4bb4-9f4a-0779c1c14b8c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md b/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md
index 9c9a232738..bffc76a5e9 100644
--- a/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md
+++ b/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md
@@ -2,7 +2,7 @@
 title: Devices Allowed to format and eject removable media (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Allowed to format and eject removable media security policy setting.
 ms.assetid: d1b42425-7244-4ab1-9d46-d68de823459c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md b/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md
index c71b4b04d5..0bf0ba89a9 100644
--- a/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md
+++ b/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md
@@ -2,7 +2,7 @@
 title: Devices Prevent users from installing printer drivers (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Prevent users from installing printer drivers security policy setting.
 ms.assetid: ab70a122-f7f9-47e0-ad8c-541f30a27ec3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md b/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
index e42ea9042c..5e399e075e 100644
--- a/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
+++ b/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
@@ -2,7 +2,7 @@
 title: Devices Restrict CD-ROM access to locally logged-on user only (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Restrict CD-ROM access to locally logged-on user only security policy setting.
 ms.assetid: 8b8f44bb-84ce-4f18-af30-ab89910e234d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/devices-restrict-floppy-access-to-locally-logged-on-user-only.md b/windows/keep-secure/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
index 3246e36da5..1716725907 100644
--- a/windows/keep-secure/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
+++ b/windows/keep-secure/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
@@ -2,7 +2,7 @@
 title: Devices Restrict floppy access to locally logged-on user only (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Restrict floppy access to locally logged-on user only security policy setting.
 ms.assetid: 92997910-da95-4c03-ae6f-832915423898
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/keep-secure/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
index 267ba483ac..85c56528b1 100644
--- a/windows/keep-secure/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/keep-secure/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@@ -3,7 +3,7 @@ title: Display a custom URL message when users try to run a blocked app (Windows
 description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
 ms.assetid: 9a2534a5-d1fa-48a9-93c6-989d4857cf85
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/dll-rules-in-applocker.md b/windows/keep-secure/dll-rules-in-applocker.md
index 4f99109b04..b6e4cd9e93 100644
--- a/windows/keep-secure/dll-rules-in-applocker.md
+++ b/windows/keep-secure/dll-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: DLL rules in AppLocker (Windows 10)
 description: This topic describes the file formats and available default rules for the DLL rule collection.
 ms.assetid: a083fd08-c07e-4534-b0e7-1e15d932ce8f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/keep-secure/document-group-policy-structure-and-applocker-rule-enforcement.md
index f583b63513..72c1c10193 100644
--- a/windows/keep-secure/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/keep-secure/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -2,7 +2,7 @@
 title: Document the Group Policy structure and AppLocker rule enforcement (Windows 10)
 description: This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
 ms.assetid: 389ffa8e-11fc-49ff-b0b1-89553e6fb6e5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: brianlic-msft
diff --git a/windows/keep-secure/document-your-application-control-management-processes.md b/windows/keep-secure/document-your-application-control-management-processes.md
index e0ef522601..6e2a75390d 100644
--- a/windows/keep-secure/document-your-application-control-management-processes.md
+++ b/windows/keep-secure/document-your-application-control-management-processes.md
@@ -2,7 +2,7 @@
 title: Document your application control management processes (Windows 10)
 description: This planning topic describes the AppLocker policy maintenance information to record for your design document.
 ms.assetid: 6397f789-0e36-4933-9f86-f3f6489cf1fb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/document-your-application-list.md b/windows/keep-secure/document-your-application-list.md
index c20e6831ad..735dc55515 100644
--- a/windows/keep-secure/document-your-application-list.md
+++ b/windows/keep-secure/document-your-application-list.md
@@ -2,7 +2,7 @@
 title: Document your app list (Windows 10)
 description: This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
 ms.assetid: b155284b-f75d-4405-aecf-b74221622dc0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/document-your-applocker-rules.md b/windows/keep-secure/document-your-applocker-rules.md
index 5603fcefdc..68d32d07d7 100644
--- a/windows/keep-secure/document-your-applocker-rules.md
+++ b/windows/keep-secure/document-your-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Document your AppLocker rules (Windows 10)
 description: This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded.
 ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/keep-secure/domain-controller-allow-server-operators-to-schedule-tasks.md
index 73dd753654..feafcec116 100644
--- a/windows/keep-secure/domain-controller-allow-server-operators-to-schedule-tasks.md
+++ b/windows/keep-secure/domain-controller-allow-server-operators-to-schedule-tasks.md
@@ -2,7 +2,7 @@
 title: Domain controller Allow server operators to schedule tasks (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain controller Allow server operators to schedule tasks security policy setting.
 ms.assetid: 198b12a4-8a5d-48e8-a752-2073b8a2cb0d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md b/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
index 8f75f7faa7..10001b50e6 100644
--- a/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
+++ b/windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
@@ -2,7 +2,7 @@
 title: Domain controller LDAP server signing requirements (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain controller LDAP server signing requirements security policy setting.
 ms.assetid: fe122179-7571-465b-98d0-b8ce0f224390
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-controller-refuse-machine-account-password-changes.md b/windows/keep-secure/domain-controller-refuse-machine-account-password-changes.md
index 3d0dc98ace..563e0956a9 100644
--- a/windows/keep-secure/domain-controller-refuse-machine-account-password-changes.md
+++ b/windows/keep-secure/domain-controller-refuse-machine-account-password-changes.md
@@ -2,7 +2,7 @@
 title: Domain controller Refuse machine account password changes (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain controller Refuse machine account password changes security policy setting.
 ms.assetid: 5a7fa2e2-e1a8-4833-90f7-aa83e3b456a9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md b/windows/keep-secure/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
index dde52ba0d7..b748e75485 100644
--- a/windows/keep-secure/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
+++ b/windows/keep-secure/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
@@ -2,7 +2,7 @@
 title: Domain member Digitally encrypt or sign secure channel data (always) (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Digitally encrypt or sign secure channel data (always) security policy setting.
 ms.assetid: 4480c7cb-adca-4f29-b4b8-06eb68d272bf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-digitally-encrypt-secure-channel-data-when-possible.md b/windows/keep-secure/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
index 9412bf6ae7..241c83b30b 100644
--- a/windows/keep-secure/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
+++ b/windows/keep-secure/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
@@ -2,7 +2,7 @@
 title: Domain member Digitally encrypt secure channel data (when possible) (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Digitally encrypt secure channel data (when possible) security policy setting.
 ms.assetid: 73e6023e-0af3-4531-8238-82f0f0e4965b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-digitally-sign-secure-channel-data-when-possible.md b/windows/keep-secure/domain-member-digitally-sign-secure-channel-data-when-possible.md
index 6f0cdd5ea0..dfa36d1360 100644
--- a/windows/keep-secure/domain-member-digitally-sign-secure-channel-data-when-possible.md
+++ b/windows/keep-secure/domain-member-digitally-sign-secure-channel-data-when-possible.md
@@ -2,7 +2,7 @@
 title: Domain member Digitally sign secure channel data (when possible) (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Digitally sign secure channel data (when possible) security policy setting.
 ms.assetid: a643e491-4f45-40ea-b12c-4dbe47e54f34
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-disable-machine-account-password-changes.md b/windows/keep-secure/domain-member-disable-machine-account-password-changes.md
index a7e862cea4..e933a14786 100644
--- a/windows/keep-secure/domain-member-disable-machine-account-password-changes.md
+++ b/windows/keep-secure/domain-member-disable-machine-account-password-changes.md
@@ -2,7 +2,7 @@
 title: Domain member Disable machine account password changes (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Disable machine account password changes security policy setting.
 ms.assetid: 1f660300-a07a-4243-a09f-140aa1ab8867
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-maximum-machine-account-password-age.md b/windows/keep-secure/domain-member-maximum-machine-account-password-age.md
index b97cf3f485..841729d203 100644
--- a/windows/keep-secure/domain-member-maximum-machine-account-password-age.md
+++ b/windows/keep-secure/domain-member-maximum-machine-account-password-age.md
@@ -2,7 +2,7 @@
 title: Domain member Maximum machine account password age (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Maximum machine account password age security policy setting.
 ms.assetid: 0ec6f7c1-4d82-4339-94c0-debb2d1ac109
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/domain-member-require-strong-windows-2000-or-later-session-key.md b/windows/keep-secure/domain-member-require-strong-windows-2000-or-later-session-key.md
index 320d44e467..2d179f76d3 100644
--- a/windows/keep-secure/domain-member-require-strong-windows-2000-or-later-session-key.md
+++ b/windows/keep-secure/domain-member-require-strong-windows-2000-or-later-session-key.md
@@ -2,7 +2,7 @@
 title: Domain member Require strong (Windows 2000 or later) session key (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Domain member Require strong (Windows 2000 or later) session key security policy setting.
 ms.assetid: 5ab8993c-5086-4f09-bc88-1b27454526bd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/edit-an-applocker-policy.md b/windows/keep-secure/edit-an-applocker-policy.md
index 2faffd200f..8bd9ebfcea 100644
--- a/windows/keep-secure/edit-an-applocker-policy.md
+++ b/windows/keep-secure/edit-an-applocker-policy.md
@@ -2,7 +2,7 @@
 title: Edit an AppLocker policy (Windows 10)
 description: This topic for IT professionals describes the steps required to modify an AppLocker policy.
 ms.assetid: dbc72d1f-3fe0-46c2-aeeb-96621fce7637
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/edit-applocker-rules.md b/windows/keep-secure/edit-applocker-rules.md
index 2f47922cd0..3fcada9c5e 100644
--- a/windows/keep-secure/edit-applocker-rules.md
+++ b/windows/keep-secure/edit-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Edit AppLocker rules (Windows 10)
 description: This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
 ms.assetid: 80016cda-b915-46a0-83c6-5e6b0b958e32
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/keep-secure/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
index b3dcd0cd1a..6e5addb821 100644
--- a/windows/keep-secure/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
+++ b/windows/keep-secure/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
@@ -2,7 +2,7 @@
 title: Enable computer and user accounts to be trusted for delegation (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Enable computer and user accounts to be trusted for delegation security policy setting.
 ms.assetid: 524062d4-1595-41f3-8ce1-9c85fd21497b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enable-the-dll-rule-collection.md b/windows/keep-secure/enable-the-dll-rule-collection.md
index 1dd233aee5..3a23c140a8 100644
--- a/windows/keep-secure/enable-the-dll-rule-collection.md
+++ b/windows/keep-secure/enable-the-dll-rule-collection.md
@@ -2,7 +2,7 @@
 title: Enable the DLL rule collection (Windows 10)
 description: This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
 ms.assetid: 88ef9561-6eb2-491a-803a-b8cdbfebae27
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/encrypted-hard-drive.md b/windows/keep-secure/encrypted-hard-drive.md
index 884275ee7e..7de2f367e0 100644
--- a/windows/keep-secure/encrypted-hard-drive.md
+++ b/windows/keep-secure/encrypted-hard-drive.md
@@ -2,7 +2,7 @@
 title: Encrypted Hard Drive (Windows 10)
 description: Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enforce-applocker-rules.md b/windows/keep-secure/enforce-applocker-rules.md
index 0f83a7ff57..31ab2aa2b8 100644
--- a/windows/keep-secure/enforce-applocker-rules.md
+++ b/windows/keep-secure/enforce-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Enforce AppLocker rules (Windows 10)
 description: This topic for IT professionals describes how to enforce application control rules by using AppLocker.
 ms.assetid: e1528b7b-77f2-4419-8e27-c9cc3721d96d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enforce-password-history.md b/windows/keep-secure/enforce-password-history.md
index b78ac67236..a52801d820 100644
--- a/windows/keep-secure/enforce-password-history.md
+++ b/windows/keep-secure/enforce-password-history.md
@@ -2,7 +2,7 @@
 title: Enforce password history (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Enforce password history security policy setting.
 ms.assetid: 8b2ab871-3e52-4dd1-9776-68bb1e935442
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enforce-user-logon-restrictions.md b/windows/keep-secure/enforce-user-logon-restrictions.md
index 40eef86d2b..39f83bb850 100644
--- a/windows/keep-secure/enforce-user-logon-restrictions.md
+++ b/windows/keep-secure/enforce-user-logon-restrictions.md
@@ -2,7 +2,7 @@
 title: Enforce user logon restrictions (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Enforce user logon restrictions security policy setting.
 ms.assetid: 5891cb73-f1ec-48b9-b703-39249e48a29f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-edp.md b/windows/keep-secure/enlightened-microsoft-apps-and-edp.md
index c0cd2aac59..bf8d546f56 100644
--- a/windows/keep-secure/enlightened-microsoft-apps-and-edp.md
+++ b/windows/keep-secure/enlightened-microsoft-apps-and-edp.md
@@ -2,10 +2,11 @@
 title: List of enlightened Microsoft apps for use with enterprise data protection (EDP) (Windows 10)
 description: Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your Protected Apps list.
 ms.assetid: 17c85ea3-9b66-4b80-b511-8f277cb4345f
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
index f6244f66e0..6e239a2aea 100644
--- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Review events and errors on endpoints with Event Viewer
 description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service.
 keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Advanced Threat Protection service, cannot start, broken, can't start
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/executable-rules-in-applocker.md b/windows/keep-secure/executable-rules-in-applocker.md
index b74b7fe29a..ebad0e1645 100644
--- a/windows/keep-secure/executable-rules-in-applocker.md
+++ b/windows/keep-secure/executable-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Executable rules in AppLocker (Windows 10)
 description: This topic describes the file formats and available default rules for the executable rule collection.
 ms.assetid: 65e62f90-6caa-48f8-836a-91f8ac9018ee
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/export-an-applocker-policy-from-a-gpo.md b/windows/keep-secure/export-an-applocker-policy-from-a-gpo.md
index 90c10baeee..6476c88d16 100644
--- a/windows/keep-secure/export-an-applocker-policy-from-a-gpo.md
+++ b/windows/keep-secure/export-an-applocker-policy-from-a-gpo.md
@@ -2,7 +2,7 @@
 title: Export an AppLocker policy from a GPO (Windows 10)
 description: This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
 ms.assetid: 7db59719-a8be-418b-bbfd-22cf2176c9c0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/export-an-applocker-policy-to-an-xml-file.md b/windows/keep-secure/export-an-applocker-policy-to-an-xml-file.md
index a5ebd52102..f3f9d22190 100644
--- a/windows/keep-secure/export-an-applocker-policy-to-an-xml-file.md
+++ b/windows/keep-secure/export-an-applocker-policy-to-an-xml-file.md
@@ -2,7 +2,7 @@
 title: Export an AppLocker policy to an XML file (Windows 10)
 description: This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
 ms.assetid: 979bd23f-6815-478b-a6a4-a25239cb1080
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/file-system-global-object-access-auditing.md b/windows/keep-secure/file-system-global-object-access-auditing.md
index 5853de4758..13e7b15ca7 100644
--- a/windows/keep-secure/file-system-global-object-access-auditing.md
+++ b/windows/keep-secure/file-system-global-object-access-auditing.md
@@ -2,7 +2,7 @@
 title: File System (Global Object Access Auditing) (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, File System (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the file system for an entire computer.
 ms.assetid: 4f215d61-0e23-46e4-9e58-08511105d25b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/force-shutdown-from-a-remote-system.md b/windows/keep-secure/force-shutdown-from-a-remote-system.md
index c9f51b7ed0..e635eb56d3 100644
--- a/windows/keep-secure/force-shutdown-from-a-remote-system.md
+++ b/windows/keep-secure/force-shutdown-from-a-remote-system.md
@@ -2,7 +2,7 @@
 title: Force shutdown from a remote system (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Force shutdown from a remote system security policy setting.
 ms.assetid: 63129243-31ea-42a4-a598-c7064f48a3df
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/generate-security-audits.md b/windows/keep-secure/generate-security-audits.md
index 78b578d1e3..437bdc47d0 100644
--- a/windows/keep-secure/generate-security-audits.md
+++ b/windows/keep-secure/generate-security-audits.md
@@ -2,7 +2,7 @@
 title: Generate security audits (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Generate security audits security policy setting.
 ms.assetid: c0e1cd80-840e-4c74-917c-5c2349de885f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md b/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
index f7b4350a6f..9f8709dce5 100644
--- a/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
@@ -2,7 +2,7 @@
 title: Update and manage Windows Defender in Windows 10 (Windows 10)
 description: IT professionals can manage Windows Defender on Windows 10 endpoints in their organization using Microsoft Active Directory or Windows Server Update Services (WSUS), apply updates to endpoints, and manage scans using Group Policy SettingsWindows Management Instrumentation (WMI)PowerShell.
 ms.assetid: 045F5BF2-87D7-4522-97E1-C1D508E063A7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md b/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md
index f9af00d1cd..42e7d1cff1 100644
--- a/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md
+++ b/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md
@@ -3,7 +3,7 @@ title: Get apps to run on Device Guard-protected devices (Windows 10)
 description: Windows 10 introduces several new features and settings that when combined all equal what we're calling, Device Guard.
 ms.assetid: E62B68C3-8B9F-4842-90FC-B4EE9FF8A67E
 keywords: Package Inspector, packageinspector.exe, sign catalog file
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/guidance-and-best-practices-edp.md b/windows/keep-secure/guidance-and-best-practices-edp.md
index cf4d35de03..805ac84dfc 100644
--- a/windows/keep-secure/guidance-and-best-practices-edp.md
+++ b/windows/keep-secure/guidance-and-best-practices-edp.md
@@ -2,10 +2,11 @@
 title: General guidance and best practices for enterprise data protection (EDP) (Windows 10)
 description: This section includes info about the enlightened Microsoft apps, including how to add them to your Protected Apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with enterprise data protection (EDP).
 ms.assetid: aa94e733-53be-49a7-938d-1660deaf52b0
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/how-applocker-works-techref.md b/windows/keep-secure/how-applocker-works-techref.md
index ad2bc595e0..f9bf8450f5 100644
--- a/windows/keep-secure/how-applocker-works-techref.md
+++ b/windows/keep-secure/how-applocker-works-techref.md
@@ -2,7 +2,7 @@
 title: How AppLocker works (Windows 10)
 description: This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.
 ms.assetid: 24bb1d73-0ff5-4af7-8b8a-2fa44d4ddbcd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/how-to-configure-security-policy-settings.md b/windows/keep-secure/how-to-configure-security-policy-settings.md
index 275dfdaccb..6a307acac3 100644
--- a/windows/keep-secure/how-to-configure-security-policy-settings.md
+++ b/windows/keep-secure/how-to-configure-security-policy-settings.md
@@ -3,7 +3,7 @@ title: Configure security policy settings (Windows 10)
 description: Describes steps to configure a security policy setting on the local device, on a domain-joined device, and on a domain controller.
 ms.assetid: 63b0967b-a9fe-4d92-90af-67469ee20320
 
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/how-user-account-control-works.md b/windows/keep-secure/how-user-account-control-works.md
index ca5e6eef25..90bba5477f 100644
--- a/windows/keep-secure/how-user-account-control-works.md
+++ b/windows/keep-secure/how-user-account-control-works.md
@@ -2,7 +2,7 @@
 title: How User Account Control works (Windows 10)
 description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
 ms.assetid: 9f921779-0fd3-4206-b0e4-05a19883ee59
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: operate
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/impersonate-a-client-after-authentication.md b/windows/keep-secure/impersonate-a-client-after-authentication.md
index 6735e29692..9dc1b4f485 100644
--- a/windows/keep-secure/impersonate-a-client-after-authentication.md
+++ b/windows/keep-secure/impersonate-a-client-after-authentication.md
@@ -2,7 +2,7 @@
 title: Impersonate a client after authentication (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Impersonate a client after authentication security policy setting.
 ms.assetid: 4cd241e2-c680-4b43-8ed0-3b391925cec5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
index 95e304939b..1680e13ed9 100644
--- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
+++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
@@ -3,7 +3,7 @@ title: Implement Microsoft Passport in your organization (Windows 10)
 description: You can create a Group Policy or mobile device management (MDM) policy that will implement Microsoft Passport on devices running Windows 10.
 ms.assetid: 47B55221-24BE-482D-BD31-C78B22AC06D8
 keywords: identity, PIN, biometric, Hello
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/import-an-applocker-policy-from-another-computer.md b/windows/keep-secure/import-an-applocker-policy-from-another-computer.md
index 199d82deae..0f0e11976b 100644
--- a/windows/keep-secure/import-an-applocker-policy-from-another-computer.md
+++ b/windows/keep-secure/import-an-applocker-policy-from-another-computer.md
@@ -2,7 +2,7 @@
 title: Import an AppLocker policy from another computer (Windows 10)
 description: This topic for IT professionals describes how to import an AppLocker policy.
 ms.assetid: b48cb2b2-8ef8-4cc0-89bd-309d0b1832f6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/import-an-applocker-policy-into-a-gpo.md b/windows/keep-secure/import-an-applocker-policy-into-a-gpo.md
index a5dfd645ac..c03e2d5282 100644
--- a/windows/keep-secure/import-an-applocker-policy-into-a-gpo.md
+++ b/windows/keep-secure/import-an-applocker-policy-into-a-gpo.md
@@ -2,7 +2,7 @@
 title: Import an AppLocker policy into a GPO (Windows 10)
 description: This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
 ms.assetid: 0629ce44-f5e2-48a8-ba47-06544c73261f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/increase-a-process-working-set.md b/windows/keep-secure/increase-a-process-working-set.md
index da0458fb81..237be32d51 100644
--- a/windows/keep-secure/increase-a-process-working-set.md
+++ b/windows/keep-secure/increase-a-process-working-set.md
@@ -2,7 +2,7 @@
 title: Increase a process working set (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Increase a process working set security policy setting.
 ms.assetid: b742ad96-37f3-4686-b8f7-f2b48367105b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/increase-scheduling-priority.md b/windows/keep-secure/increase-scheduling-priority.md
index a7d5d1646b..727d53c8e1 100644
--- a/windows/keep-secure/increase-scheduling-priority.md
+++ b/windows/keep-secure/increase-scheduling-priority.md
@@ -2,7 +2,7 @@
 title: Increase scheduling priority (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Increase scheduling priority security policy setting.
 ms.assetid: fbec5973-d35e-4797-9626-d0d56061527f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/index.md b/windows/keep-secure/index.md
index 5b1c59fb81..b605acb372 100644
--- a/windows/keep-secure/index.md
+++ b/windows/keep-secure/index.md
@@ -2,7 +2,7 @@
 title: Keep Windows 10 secure (Windows 10)
 description: Learn about keeping Windows 10 and Windows 10 Mobile secure.
 ms.assetid: EA559BA8-734F-41DB-A74A-D8DBF36BE920
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
index 2b407e7511..a1d2220641 100644
--- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
@@ -2,7 +2,7 @@
 title: Initialize and configure ownership of the TPM (Windows 10)
 description: This topic for the IT professional describes how to initialize and set the ownership the Trusted Platform Module (TPM), turn the TPM on and off, and clear TPM keys.
 ms.assetid: 1166efaf-7aa3-4420-9279-435d9c6ac6f8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 99bab3e2fa..33f7e83a76 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -3,7 +3,7 @@ title: Install digital certificates on Windows 10 Mobile (Windows 10)
 description: Digital certificates bind the identity of a user or computer to a pair of keys that can be used to encrypt and sign digital information.
 ms.assetid: FF7B1BE9-41F4-44B0-A442-249B650CEE25
 keywords: S/MIME, PFX, SCEP
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md
index 998c7d3a6d..7c1d049314 100644
--- a/windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md
+++ b/windows/keep-secure/interactive-logon-display-user-information-when-the-session-is-locked.md
@@ -2,7 +2,7 @@
 title: Interactive logon Display user information when the session is locked (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Display user information when the session is locked security policy setting.
 ms.assetid: 9146aa3d-9b2f-47ba-ac03-ff43efb10530
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
index 945989b859..0177def043 100644
--- a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
+++ b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
@@ -2,7 +2,7 @@
 title: Interactive logon Do not display last user name (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Do not display last user name security policy setting.
 ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/keep-secure/interactive-logon-do-not-require-ctrl-alt-del.md
index 34a748af68..f2741165ce 100644
--- a/windows/keep-secure/interactive-logon-do-not-require-ctrl-alt-del.md
+++ b/windows/keep-secure/interactive-logon-do-not-require-ctrl-alt-del.md
@@ -2,7 +2,7 @@
 title: Interactive logon Do not require CTRL+ALT+DEL (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Do not require CTRL+ALT+DEL security policy setting.
 ms.assetid: 04e2c000-2eb2-4d4b-8179-1e2cb4793e18
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-machine-account-lockout-threshold.md b/windows/keep-secure/interactive-logon-machine-account-lockout-threshold.md
index 3e7824eedb..ee2f89dfe2 100644
--- a/windows/keep-secure/interactive-logon-machine-account-lockout-threshold.md
+++ b/windows/keep-secure/interactive-logon-machine-account-lockout-threshold.md
@@ -2,7 +2,7 @@
 title: Interactive logon Machine account lockout threshold (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Machine account lockout threshold security policy setting.
 ms.assetid: ebbd8e22-2611-4ebe-9db9-d49344e631e4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-machine-inactivity-limit.md b/windows/keep-secure/interactive-logon-machine-inactivity-limit.md
index 9fb56662fb..5ecfd51a7e 100644
--- a/windows/keep-secure/interactive-logon-machine-inactivity-limit.md
+++ b/windows/keep-secure/interactive-logon-machine-inactivity-limit.md
@@ -2,7 +2,7 @@
 title: Interactive logon Machine inactivity limit (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Machine inactivity limit security policy setting.
 ms.assetid: 7065b4a9-0d52-41d5-afc4-5aedfc4162b5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/keep-secure/interactive-logon-message-text-for-users-attempting-to-log-on.md
index 2277884c62..6ee93f3d7a 100644
--- a/windows/keep-secure/interactive-logon-message-text-for-users-attempting-to-log-on.md
+++ b/windows/keep-secure/interactive-logon-message-text-for-users-attempting-to-log-on.md
@@ -2,7 +2,7 @@
 title: Interactive logon Message text for users attempting to log on (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Message text for users attempting to log on security policy setting.
 ms.assetid: fcfe8a6d-ca65-4403-b9e6-2fa017a31c2e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-message-title-for-users-attempting-to-log-on.md b/windows/keep-secure/interactive-logon-message-title-for-users-attempting-to-log-on.md
index 7e5719c49b..5fd221ea00 100644
--- a/windows/keep-secure/interactive-logon-message-title-for-users-attempting-to-log-on.md
+++ b/windows/keep-secure/interactive-logon-message-title-for-users-attempting-to-log-on.md
@@ -2,7 +2,7 @@
 title: Interactive logon Message title for users attempting to log on (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Message title for users attempting to log on security policy setting.
 ms.assetid: f2596470-4cc0-4ef1-849c-bef9dc3533c6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/keep-secure/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
index 651f08183b..c57b5db6e3 100644
--- a/windows/keep-secure/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
+++ b/windows/keep-secure/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
@@ -2,7 +2,7 @@
 title: Interactive logon Number of previous logons to cache (in case domain controller is not available) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Number of previous logons to cache (in case domain controller is not available) security policy setting.
 ms.assetid: 660e925e-cc3e-4098-a41e-eb8db8062d8d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md
index 6e08f688d8..3b6173cf5c 100644
--- a/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md
+++ b/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md
@@ -2,7 +2,7 @@
 title: Interactive logon Prompt user to change password before expiration (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Prompt user to change password before expiration security policy setting.
 ms.assetid: 8fe94781-40f7-4fbe-8cfd-5e116e6833e9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md b/windows/keep-secure/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
index 9660b5770a..0faeff4378 100644
--- a/windows/keep-secure/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
+++ b/windows/keep-secure/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
@@ -2,7 +2,7 @@
 title: Interactive logon Require Domain Controller authentication to unlock workstation (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Interactive logon Require Domain Controller authentication to unlock workstation security policy setting.
 ms.assetid: 97618ed3-e946-47db-a212-b5e7a4fc6ffc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-require-smart-card.md b/windows/keep-secure/interactive-logon-require-smart-card.md
index faf1834204..2441b3c3e7 100644
--- a/windows/keep-secure/interactive-logon-require-smart-card.md
+++ b/windows/keep-secure/interactive-logon-require-smart-card.md
@@ -2,7 +2,7 @@
 title: Interactive logon Require smart card (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Require smart card security policy setting.
 ms.assetid: c6a8c040-cbc7-472d-8bc5-579ddf3cbd6c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/interactive-logon-smart-card-removal-behavior.md b/windows/keep-secure/interactive-logon-smart-card-removal-behavior.md
index 29eba6fd2b..a2ba648b93 100644
--- a/windows/keep-secure/interactive-logon-smart-card-removal-behavior.md
+++ b/windows/keep-secure/interactive-logon-smart-card-removal-behavior.md
@@ -2,7 +2,7 @@
 title: Interactive logon Smart card removal behavior (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Interactive logon Smart card removal behavior security policy setting.
 ms.assetid: 61487820-9d49-4979-b15d-c7e735999460
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
index 02e10c15b7..20a073c239 100644
--- a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate Windows Defender Advanced Threat Protection alerts
 description: Use the investigation options to get details on which alerts are affecting your network, what they mean, and how to resolve them.
 keywords: investigate, investigation, machines, machine, endpoints, endpoint, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 ---
 
 # Investigate Windows Defender Advanced Threat Protection alerts
diff --git a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
index f5864ee6f3..fd75059fff 100644
--- a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate Windows Defender Advanced Threat Protection domains
 description: Use the investigation options to see if machines and servers have been communicating with malicious domains.
 keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL 
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 # Investigate a domain associated with a Windows Defender ATP alert
diff --git a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
index 3b0b76a04d..2f82d6927e 100644
--- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate Windows Defender Advanced Threat Protection files
 description: Use the investigation options to get details on files associated with alerts, behaviours, or events.
 keywords: investigate, investigation, file, malicious activity, attack motivation, deep analysis, deep analysis report
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 # Investigate a file associated with a Windows Defender ATP alert
diff --git a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
index 5e516f6425..e1427b0400 100644
--- a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate Windows Defender Advanced Threat Protection IP address
 description: Use the investigation options to examine possible communication between machines and external IP addresses.
 keywords: investigate, investigation, IP address, alert, windows defender atp, external IP
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 # Investigate an IP address associated with a Windows Defender ATP alert
diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
index a248e46dd3..4778e194e5 100644
--- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Investigate machines in the Windows Defender ATP Machines view
 description: Investigate affected machines in your network by reviewing alerts, network connection information, and service health on the Machines view.
 keywords: machines, endpoints, machine, endpoint, alerts queue, alerts, machine name, domain, last seen, internal IP, active alerts, active malware detections, threat category, filter, sort, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, low severity
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/kerberos-policy.md b/windows/keep-secure/kerberos-policy.md
index fa68f49ac1..0cb40c4482 100644
--- a/windows/keep-secure/kerberos-policy.md
+++ b/windows/keep-secure/kerberos-policy.md
@@ -2,7 +2,7 @@
 title: Kerberos Policy (Windows 10)
 description: Describes the Kerberos Policy settings and provides links to policy setting descriptions.
 ms.assetid: 94017dd9-b1a3-4624-af9f-b29161b4bf38
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security

From db30384d73f7cc0700b2901e9b9b45c9aa3e0b1d Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Fri, 27 May 2016 08:41:59 -0700
Subject: [PATCH 36/92] changed from opting out of MAPS to disconnecting from
 MAPS

---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index f8496916b0..d171860de7 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1083,7 +1083,7 @@ When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings scr
 
 ### <a href="" id="bkmk-defender"></a>19. Windows Defender
 
-You can opt out of the Microsoft Antimalware Protection Service.
+You can disconnect from the Microsoft Antimalware Protection Service.
 
 -   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Join Microsoft MAPS**
 

From 0af0033ee2f20594c457faed7546bae26549d5da Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Fri, 27 May 2016 09:31:05 -0700
Subject: [PATCH 37/92] fixing typo

---
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index d171860de7..616f93dc73 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1209,7 +1209,7 @@ The following Delivery Optimization MDM policies are available in the [Policy CS
 | Policy                    | Description                                                                                         |
 |---------------------------|-----------------------------------------------------------------------------------------------------|
 | DeliveryOptimization/DODownloadMode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>0</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>1</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>2</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>3</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li></ul>|
-| DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
+| DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> **Note** This ID must be a GUID.|
 | DeliveryOptimization/DOMaxCacheAge             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
 | DeliveryOptimization/DOMaxCacheSize            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
 | DeliveryOptimization/DOMaxUploadBandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|

From 3a345736a7a39de21f6e073e68c646f83e409528 Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Fri, 27 May 2016 13:46:06 -0700
Subject: [PATCH 38/92] update tagging

change W10 to w10 (lower case); add ms.pagetype; added authors
---
 ...ge-privacy-windows-defender-advanced-threat-protection.md | 1 +
 ...ate-alerts-windows-defender-advanced-threat-protection.md | 1 +
 windows/keep-secure/load-and-unload-device-drivers.md        | 2 +-
 windows/keep-secure/lock-pages-in-memory.md                  | 2 +-
 windows/keep-secure/log-on-as-a-batch-job.md                 | 2 +-
 windows/keep-secure/log-on-as-a-service.md                   | 2 +-
 windows/keep-secure/maintain-applocker-policies.md           | 2 +-
 ...age-alerts-windows-defender-advanced-threat-protection.md | 4 +++-
 windows/keep-secure/manage-auditing-and-security-log.md      | 2 +-
 .../manage-identity-verification-using-microsoft-passport.md | 2 +-
 windows/keep-secure/manage-packaged-apps-with-applocker.md   | 2 +-
 windows/keep-secure/manage-tpm-commands.md                   | 2 +-
 windows/keep-secure/manage-tpm-lockout.md                    | 2 +-
 windows/keep-secure/maximum-lifetime-for-service-ticket.md   | 2 +-
 .../keep-secure/maximum-lifetime-for-user-ticket-renewal.md  | 2 +-
 windows/keep-secure/maximum-lifetime-for-user-ticket.md      | 2 +-
 windows/keep-secure/maximum-password-age.md                  | 2 +-
 .../maximum-tolerance-for-computer-clock-synchronization.md  | 2 +-
 .../merge-applocker-policies-by-using-set-applockerpolicy.md | 2 +-
 windows/keep-secure/merge-applocker-policies-manually.md     | 2 +-
 ...ft-network-client-digitally-sign-communications-always.md | 2 +-
 ...-client-digitally-sign-communications-if-server-agrees.md | 2 +-
 ...t-send-unencrypted-password-to-third-party-smb-servers.md | 2 +-
 ...amount-of-idle-time-required-before-suspending-session.md | 2 +-
 ...rk-server-attempt-s4u2self-to-obtain-claim-information.md | 2 +-
 ...ft-network-server-digitally-sign-communications-always.md | 2 +-
 ...-server-digitally-sign-communications-if-client-agrees.md | 2 +-
 ...work-server-disconnect-clients-when-logon-hours-expire.md | 2 +-
 ...network-server-server-spn-target-name-validation-level.md | 2 +-
 .../keep-secure/microsoft-passport-and-password-changes.md   | 2 +-
 .../microsoft-passport-errors-during-pin-creation.md         | 2 +-
 windows/keep-secure/microsoft-passport-guide.md              | 3 +--
 windows/keep-secure/minimum-password-age.md                  | 2 +-
 windows/keep-secure/minimum-password-length.md               | 2 +-
 ...quirements-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/modify-an-object-label.md                | 2 +-
 windows/keep-secure/modify-firmware-environment-values.md    | 2 +-
 .../keep-secure/monitor-application-usage-with-applocker.md  | 2 +-
 .../monitor-central-access-policy-and-rule-definitions.md    | 2 +-
 windows/keep-secure/monitor-claim-types.md                   | 2 +-
 ...onboarding-windows-defender-advanced-threat-protection.md | 3 ++-
 .../keep-secure/monitor-resource-attribute-definitions.md    | 2 +-
 ...tral-access-policies-associated-with-files-and-folders.md | 2 +-
 ...he-central-access-policies-that-apply-on-a-file-server.md | 2 +-
 .../monitor-the-resource-attributes-on-files-and-folders.md  | 2 +-
 .../monitor-the-use-of-removable-storage-devices.md          | 2 +-
 .../monitor-user-and-device-claims-during-sign-in.md         | 2 +-
 .../network-access-allow-anonymous-sidname-translation.md    | 2 +-
 ...allow-anonymous-enumeration-of-sam-accounts-and-shares.md | 2 +-
 ...ess-do-not-allow-anonymous-enumeration-of-sam-accounts.md | 2 +-
 ...f-passwords-and-credentials-for-network-authentication.md | 2 +-
 ...cess-let-everyone-permissions-apply-to-anonymous-users.md | 2 +-
 ...rk-access-named-pipes-that-can-be-accessed-anonymously.md | 2 +-
 ...access-remotely-accessible-registry-paths-and-subpaths.md | 2 +-
 .../network-access-remotely-accessible-registry-paths.md     | 2 +-
 ...ss-restrict-anonymous-access-to-named-pipes-and-shares.md | 2 +-
 ...network-access-shares-that-can-be-accessed-anonymously.md | 2 +-
 ...k-access-sharing-and-security-model-for-local-accounts.md | 2 +-
 windows/keep-secure/network-list-manager-policies.md         | 2 +-
 ...y-allow-local-system-to-use-computer-identity-for-ntlm.md | 2 +-
 ...twork-security-allow-localsystem-null-session-fallback.md | 2 +-
 ...ion-requests-to-this-computer-to-use-online-identities.md | 2 +-
 ...curity-configure-encryption-types-allowed-for-kerberos.md | 2 +-
 ...t-store-lan-manager-hash-value-on-next-password-change.md | 2 +-
 .../network-security-force-logoff-when-logon-hours-expire.md | 2 +-
 .../network-security-lan-manager-authentication-level.md     | 2 +-
 .../network-security-ldap-client-signing-requirements.md     | 2 +-
 ...curity-for-ntlm-ssp-based-including-secure-rpc-clients.md | 2 +-
 ...curity-for-ntlm-ssp-based-including-secure-rpc-servers.md | 2 +-
 ...m-add-remote-server-exceptions-for-ntlm-authentication.md | 2 +-
 ...ity-restrict-ntlm-add-server-exceptions-in-this-domain.md | 2 +-
 ...ork-security-restrict-ntlm-audit-incoming-ntlm-traffic.md | 2 +-
 ...restrict-ntlm-audit-ntlm-authentication-in-this-domain.md | 2 +-
 .../network-security-restrict-ntlm-incoming-ntlm-traffic.md  | 2 +-
 ...urity-restrict-ntlm-ntlm-authentication-in-this-domain.md | 2 +-
 ...-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md | 2 +-
 ...-configure-windows-defender-advanced-threat-protection.md | 3 ++-
 windows/keep-secure/optimize-applocker-performance.md        | 2 +-
 windows/keep-secure/overview-create-edp-policy.md            | 3 ++-
 ...ged-apps-and-packaged-app-installer-rules-in-applocker.md | 2 +-
 windows/keep-secure/passport-event-300.md                    | 4 ++--
 .../password-must-meet-complexity-requirements.md            | 2 +-
 windows/keep-secure/password-policy.md                       | 2 +-
 windows/keep-secure/perform-volume-maintenance-tasks.md      | 2 +-
 windows/keep-secure/plan-for-applocker-policy-management.md  | 2 +-
 ...lanning-and-deploying-advanced-security-audit-policies.md | 2 +-
 ...l-overview-windows-defender-advanced-threat-protection.md | 3 ++-
 .../keep-secure/prepare-people-to-use-microsoft-passport.md  | 2 +-
 ...-your-organization-for-bitlocker-planning-and-policies.md | 2 +-
 windows/keep-secure/profile-single-process.md                | 2 +-
 windows/keep-secure/profile-system-performance.md            | 2 +-
 .../keep-secure/protect-bitlocker-from-pre-boot-attacks.md   | 2 +-
 windows/keep-secure/protect-enterprise-data-using-edp.md     | 5 +++--
 ...-by-controlling-the-health-of-windows-10-based-devices.md | 4 ++--
 ...hared-volumes-and-storage-area-networks-with-bitlocker.md | 2 +-
 .../recovery-console-allow-automatic-administrative-logon.md | 2 +-
 ...allow-floppy-copy-and-access-to-all-drives-and-folders.md | 2 +-
 windows/keep-secure/refresh-an-applocker-policy.md           | 2 +-
 .../keep-secure/registry-global-object-access-auditing.md    | 2 +-
 windows/keep-secure/remove-computer-from-docking-station.md  | 2 +-
 windows/keep-secure/replace-a-process-level-token.md         | 2 +-
 .../requirements-for-deploying-applocker-policies.md         | 2 +-
 windows/keep-secure/requirements-to-use-applocker.md         | 2 +-
 windows/keep-secure/reset-account-lockout-counter-after.md   | 2 +-
 windows/keep-secure/restore-files-and-directories.md         | 2 +-
 .../run-cmd-scan-windows-defender-for-windows-10.md          | 3 ++-
 .../run-the-automatically-generate-rules-wizard.md           | 2 +-
 windows/keep-secure/script-rules-in-applocker.md             | 2 +-
 .../secpol-advanced-security-audit-policy-settings.md        | 2 +-
 windows/keep-secure/security-auditing-overview.md            | 2 +-
 windows/keep-secure/security-considerations-for-applocker.md | 2 +-
 windows/keep-secure/security-options.md                      | 2 +-
 windows/keep-secure/security-policy-settings-reference.md    | 2 +-
 windows/keep-secure/security-policy-settings.md              | 2 +-
 windows/keep-secure/security-technologies.md                 | 2 +-
 windows/keep-secure/select-types-of-rules-to-create.md       | 2 +-
 ...onboarding-windows-defender-advanced-threat-protection.md | 3 ++-
 .../settings-windows-defender-advanced-threat-protection.md  | 3 ++-
 windows/keep-secure/shut-down-the-system.md                  | 2 +-
 ...-allow-system-to-be-shut-down-without-having-to-log-on.md | 2 +-
 .../keep-secure/shutdown-clear-virtual-memory-pagefile.md    | 2 +-
 .../store-passwords-using-reversible-encryption.md           | 2 +-
 windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md   | 2 +-
 windows/keep-secure/synchronize-directory-service-data.md    | 2 +-
 ...ng-key-protection-for-user-keys-stored-on-the-computer.md | 2 +-
 ...ompliant-algorithms-for-encryption-hashing-and-signing.md | 2 +-
 ...-require-case-insensitivity-for-non-windows-subsystems.md | 2 +-
 ...engthen-default-permissions-of-internal-system-objects.md | 2 +-
 windows/keep-secure/system-settings-optional-subsystems.md   | 2 +-
 ...-windows-executables-for-software-restriction-policies.md | 2 +-
 .../keep-secure/take-ownership-of-files-or-other-objects.md  | 2 +-
 ...test-an-applocker-policy-by-using-test-applockerpolicy.md | 2 +-
 windows/keep-secure/test-and-update-an-applocker-policy.md   | 2 +-
 windows/keep-secure/testing-scenarios-for-edp.md             | 5 +++--
 windows/keep-secure/tools-to-use-with-applocker.md           | 2 +-
 windows/keep-secure/tpm-fundamentals.md                      | 2 +-
 windows/keep-secure/tpm-recommendations.md                   | 2 +-
 ...onboarding-windows-defender-advanced-threat-protection.md | 3 ++-
 ...oubleshoot-windows-defender-advanced-threat-protection.md | 3 ++-
 .../troubleshoot-windows-defender-in-windows-10.md           | 2 +-
 windows/keep-secure/trusted-platform-module-overview.md      | 2 +-
 ...trusted-platform-module-services-group-policy-settings.md | 2 +-
 .../types-of-attacks-for-volume-encryption-keys.md           | 2 +-
 .../keep-secure/understand-applocker-enforcement-settings.md | 2 +-
 .../understand-applocker-policy-design-decisions.md          | 2 +-
 ...es-and-enforcement-setting-inheritance-in-group-policy.md | 2 +-
 .../understand-the-applocker-policy-deployment-process.md    | 2 +-
 ...nderstanding-applocker-allow-and-deny-actions-on-rules.md | 2 +-
 windows/keep-secure/understanding-applocker-default-rules.md | 2 +-
 windows/keep-secure/understanding-applocker-rule-behavior.md | 2 +-
 .../keep-secure/understanding-applocker-rule-collections.md  | 2 +-
 .../understanding-applocker-rule-condition-types.md          | 2 +-
 .../keep-secure/understanding-applocker-rule-exceptions.md   | 2 +-
 ...nderstanding-the-file-hash-rule-condition-in-applocker.md | 2 +-
 .../understanding-the-path-rule-condition-in-applocker.md    | 2 +-
 ...nderstanding-the-publisher-rule-condition-in-applocker.md | 2 +-
 ...nce-computer-to-create-and-maintain-applocker-policies.md | 2 +-
 ...r-and-software-restriction-policies-in-the-same-domain.md | 2 +-
 .../use-the-applocker-windows-powershell-cmdlets.md          | 2 +-
 .../use-windows-defender-advanced-threat-protection.md       | 3 ++-
 ...ows-event-forwarding-to-assist-in-instrusion-detection.md | 2 +-
 ...n-approval-mode-for-the-built-in-administrator-account.md | 2 +-
 ...-prompt-for-elevation-without-using-the-secure-desktop.md | 2 +-
 ...ation-prompt-for-administrators-in-admin-approval-mode.md | 2 +-
 ...ol-behavior-of-the-elevation-prompt-for-standard-users.md | 2 +-
 ...ect-application-installations-and-prompt-for-elevation.md | 2 +-
 ...account-control-group-policy-and-registry-key-settings.md | 4 +++-
 ...only-elevate-executables-that-are-signed-and-validated.md | 2 +-
 ...ss-applications-that-are-installed-in-secure-locations.md | 2 +-
 windows/keep-secure/user-account-control-overview.md         | 2 +-
 ...-control-run-all-administrators-in-admin-approval-mode.md | 2 +-
 .../user-account-control-security-policy-settings.md         | 4 ++--
 ...tch-to-the-secure-desktop-when-prompting-for-elevation.md | 2 +-
 ...file-and-registry-write-failures-to-per-user-locations.md | 2 +-
 windows/keep-secure/user-rights-assignment.md                | 2 +-
 ...ting-options-to-monitor-dynamic-access-control-objects.md | 2 +-
 windows/keep-secure/using-event-viewer-with-applocker.md     | 2 +-
 ...g-software-restriction-policies-and-applocker-policies.md | 2 +-
 windows/keep-secure/view-the-security-event-log.md           | 2 +-
 windows/keep-secure/vpn-profile-options.md                   | 4 ++--
 windows/keep-secure/what-is-applocker.md                     | 2 +-
 ...of-windows-support-advanced-audit-policy-configuration.md | 2 +-
 windows/keep-secure/why-a-pin-is-better-than-a-password.md   | 2 +-
 windows/keep-secure/windows-10-enterprise-security-guides.md | 4 ++--
 windows/keep-secure/windows-10-mobile-security-guide.md      | 4 ++--
 windows/keep-secure/windows-10-security-guide.md             | 2 +-
 .../windows-defender-advanced-threat-protection.md           | 3 ++-
 windows/keep-secure/windows-defender-in-windows-10.md        | 2 +-
 windows/keep-secure/windows-hello-in-enterprise.md           | 5 +++--
 windows/keep-secure/windows-installer-rules-in-applocker.md  | 2 +-
 windows/keep-secure/working-with-applocker-policies.md       | 2 +-
 windows/keep-secure/working-with-applocker-rules.md          | 2 +-
 192 files changed, 220 insertions(+), 200 deletions(-)

diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
index 6db6f55321..a5d2bec8ce 100644
--- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+author: mjcaparas
 ---
 
 # Windows Defender ATP data storage and privacy
diff --git a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
index 20a073c239..d724b1862d 100644
--- a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+author: mjcaparas
 ---
 
 # Investigate Windows Defender Advanced Threat Protection alerts
diff --git a/windows/keep-secure/load-and-unload-device-drivers.md b/windows/keep-secure/load-and-unload-device-drivers.md
index 0ef993463c..a0500dbf3c 100644
--- a/windows/keep-secure/load-and-unload-device-drivers.md
+++ b/windows/keep-secure/load-and-unload-device-drivers.md
@@ -2,7 +2,7 @@
 title: Load and unload device drivers (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Load and unload device drivers security policy setting.
 ms.assetid: 66262532-c610-470c-9792-35ff4389430f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/lock-pages-in-memory.md b/windows/keep-secure/lock-pages-in-memory.md
index c2d3f4a39d..c1da29a511 100644
--- a/windows/keep-secure/lock-pages-in-memory.md
+++ b/windows/keep-secure/lock-pages-in-memory.md
@@ -2,7 +2,7 @@
 title: Lock pages in memory (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Lock pages in memory security policy setting.
 ms.assetid: cc724979-aec0-496d-be4e-7009aef660a3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/log-on-as-a-batch-job.md b/windows/keep-secure/log-on-as-a-batch-job.md
index 6ffcaa330e..e2be507be1 100644
--- a/windows/keep-secure/log-on-as-a-batch-job.md
+++ b/windows/keep-secure/log-on-as-a-batch-job.md
@@ -2,7 +2,7 @@
 title: Log on as a batch job (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Log on as a batch job security policy setting.
 ms.assetid: 4eaddb51-0a18-470e-9d3d-5e7cd7970b41
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/log-on-as-a-service.md b/windows/keep-secure/log-on-as-a-service.md
index 04d7784d74..eff13752ec 100644
--- a/windows/keep-secure/log-on-as-a-service.md
+++ b/windows/keep-secure/log-on-as-a-service.md
@@ -2,7 +2,7 @@
 title: Log on as a service (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Log on as a service security policy setting.
 ms.assetid: acc9a9e0-fd88-4cda-ab54-503120ba1f42
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maintain-applocker-policies.md b/windows/keep-secure/maintain-applocker-policies.md
index bc85d3af36..43bd39884e 100644
--- a/windows/keep-secure/maintain-applocker-policies.md
+++ b/windows/keep-secure/maintain-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Maintain AppLocker policies (Windows 10)
 description: This topic describes how to maintain rules within AppLocker policies.
 ms.assetid: b4fbfdfe-ef3d-49e0-a390-f2dfe74602bc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
index 12cc2527bd..718b2e22ce 100644
--- a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,11 @@ title: Manage Windows Defender Advanced Threat Protection alerts
 description: Change the status of alerts, create suppression rules to hide alerts, submit comments, and review change history for individual alerts with the Manage Alert menu.
 keywords: manage alerts, manage, alerts, status, new, in progress, resolved, resolve alerts, suppress, supression, rules, context, history, comments, changes
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
 ---
 
 # Manage Windows Defender Advanced Threat Protection alerts
diff --git a/windows/keep-secure/manage-auditing-and-security-log.md b/windows/keep-secure/manage-auditing-and-security-log.md
index 48c840cc7b..7a6cfdc0ea 100644
--- a/windows/keep-secure/manage-auditing-and-security-log.md
+++ b/windows/keep-secure/manage-auditing-and-security-log.md
@@ -2,7 +2,7 @@
 title: Manage auditing and security log (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Manage auditing and security log security policy setting.
 ms.assetid: 4b946c0d-f904-43db-b2d5-7f0917575347
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
index 7f4b06da3d..bb891d67c5 100644
--- a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
+++ b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
@@ -3,7 +3,7 @@ title: Manage identity verification using Microsoft Passport (Windows 10)
 description: In Windows 10, Microsoft Passport replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a Windows Hello (biometric) or PIN.
 ms.assetid: 5BF09642-8CF5-4FBC-AC9A-5CA51E19387E
 keywords: identity, PIN, biometric, Hello
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-packaged-apps-with-applocker.md b/windows/keep-secure/manage-packaged-apps-with-applocker.md
index dcad549bfa..e1a7639af3 100644
--- a/windows/keep-secure/manage-packaged-apps-with-applocker.md
+++ b/windows/keep-secure/manage-packaged-apps-with-applocker.md
@@ -2,7 +2,7 @@
 title: Manage packaged apps with AppLocker (Windows 10)
 description: This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.
 ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-tpm-commands.md b/windows/keep-secure/manage-tpm-commands.md
index 1aa0ca5061..0620207ec5 100644
--- a/windows/keep-secure/manage-tpm-commands.md
+++ b/windows/keep-secure/manage-tpm-commands.md
@@ -2,7 +2,7 @@
 title: Manage TPM commands (Windows 10)
 description: This topic for the IT professional describes how to manage which Trusted Platform Module (TPM) commands are available to domain users and to local users.
 ms.assetid: a78e751a-2806-43ae-9c20-2e7ca466b765
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/manage-tpm-lockout.md b/windows/keep-secure/manage-tpm-lockout.md
index 7c75700ed0..61c94cc77e 100644
--- a/windows/keep-secure/manage-tpm-lockout.md
+++ b/windows/keep-secure/manage-tpm-lockout.md
@@ -2,7 +2,7 @@
 title: Manage TPM lockout (Windows 10)
 description: This topic for the IT professional describes how to manage the lockout feature for the Trusted Platform Module (TPM) in Windows.
 ms.assetid: bf27adbe-404c-4691-a644-29ec722a3f7b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-lifetime-for-service-ticket.md b/windows/keep-secure/maximum-lifetime-for-service-ticket.md
index 3a0a6fff86..fd43969eb0 100644
--- a/windows/keep-secure/maximum-lifetime-for-service-ticket.md
+++ b/windows/keep-secure/maximum-lifetime-for-service-ticket.md
@@ -2,7 +2,7 @@
 title: Maximum lifetime for service ticket (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum lifetime for service ticket security policy setting.
 ms.assetid: 484bf05a-3858-47fc-bc02-6599ca860247
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-lifetime-for-user-ticket-renewal.md b/windows/keep-secure/maximum-lifetime-for-user-ticket-renewal.md
index c1f175c55b..f807fae4e2 100644
--- a/windows/keep-secure/maximum-lifetime-for-user-ticket-renewal.md
+++ b/windows/keep-secure/maximum-lifetime-for-user-ticket-renewal.md
@@ -2,7 +2,7 @@
 title: Maximum lifetime for user ticket renewal (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum lifetime for user ticket renewal security policy setting.
 ms.assetid: f88cd819-3dd1-4e38-b560-13fe6881b609
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-lifetime-for-user-ticket.md b/windows/keep-secure/maximum-lifetime-for-user-ticket.md
index e1a9089dd7..e37ae53435 100644
--- a/windows/keep-secure/maximum-lifetime-for-user-ticket.md
+++ b/windows/keep-secure/maximum-lifetime-for-user-ticket.md
@@ -2,7 +2,7 @@
 title: Maximum lifetime for user ticket (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum lifetime for user ticket policy setting.
 ms.assetid: bcb4ff59-334d-4c2f-99af-eca2b64011dc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-password-age.md b/windows/keep-secure/maximum-password-age.md
index 30fb8319a2..488f04f383 100644
--- a/windows/keep-secure/maximum-password-age.md
+++ b/windows/keep-secure/maximum-password-age.md
@@ -2,7 +2,7 @@
 title: Maximum password age (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum password age security policy setting.
 ms.assetid: 2d6e70e7-c8b0-44fb-8113-870c6120871d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/maximum-tolerance-for-computer-clock-synchronization.md b/windows/keep-secure/maximum-tolerance-for-computer-clock-synchronization.md
index f5f976b55a..63ebd1f934 100644
--- a/windows/keep-secure/maximum-tolerance-for-computer-clock-synchronization.md
+++ b/windows/keep-secure/maximum-tolerance-for-computer-clock-synchronization.md
@@ -2,7 +2,7 @@
 title: Maximum tolerance for computer clock synchronization (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Maximum tolerance for computer clock synchronization security policy setting.
 ms.assetid: ba2cf59e-d69d-469e-95e3-8e6a0ba643af
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/keep-secure/merge-applocker-policies-by-using-set-applockerpolicy.md
index 42b8495ede..2e095a1533 100644
--- a/windows/keep-secure/merge-applocker-policies-by-using-set-applockerpolicy.md
+++ b/windows/keep-secure/merge-applocker-policies-by-using-set-applockerpolicy.md
@@ -2,7 +2,7 @@
 title: Merge AppLocker policies by using Set-ApplockerPolicy (Windows 10)
 description: This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
 ms.assetid: f1c7d5c0-463e-4fe2-a410-844a404f18d0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/merge-applocker-policies-manually.md b/windows/keep-secure/merge-applocker-policies-manually.md
index c511afb3cd..2747de84e0 100644
--- a/windows/keep-secure/merge-applocker-policies-manually.md
+++ b/windows/keep-secure/merge-applocker-policies-manually.md
@@ -2,7 +2,7 @@
 title: Merge AppLocker policies manually (Windows 10)
 description: This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
 ms.assetid: 3605f293-e5f2-481d-8efd-775f9f23c30f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-client-digitally-sign-communications-always.md b/windows/keep-secure/microsoft-network-client-digitally-sign-communications-always.md
index 597e001a91..1cb4c83e11 100644
--- a/windows/keep-secure/microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/keep-secure/microsoft-network-client-digitally-sign-communications-always.md
@@ -2,7 +2,7 @@
 title: Microsoft network client Digitally sign communications (always) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network client Digitally sign communications (always) security policy setting.
 ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/keep-secure/microsoft-network-client-digitally-sign-communications-if-server-agrees.md
index 3f25ac2921..4594534751 100644
--- a/windows/keep-secure/microsoft-network-client-digitally-sign-communications-if-server-agrees.md
+++ b/windows/keep-secure/microsoft-network-client-digitally-sign-communications-if-server-agrees.md
@@ -2,7 +2,7 @@
 title: Microsoft network client Digitally sign communications (if server agrees) (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Microsoft network client Digitally sign communications (if server agrees) security policy setting.
 ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/keep-secure/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
index 56635e06cc..901baabc0f 100644
--- a/windows/keep-secure/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
+++ b/windows/keep-secure/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
@@ -2,7 +2,7 @@
 title: Microsoft network client Send unencrypted password to third-party SMB servers (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network client Send unencrypted password to third-party SMB servers security policy setting.
 ms.assetid: 97a76b93-afa7-4dd9-bb52-7c9e289b6017
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/keep-secure/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
index 76e38d84c1..f124f2216c 100644
--- a/windows/keep-secure/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
+++ b/windows/keep-secure/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Amount of idle time required before suspending session (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Microsoft network server Amount of idle time required before suspending session security policy setting.
 ms.assetid: 8227842a-569d-480f-b43c-43450bbaa722
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/keep-secure/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
index ea1b074c71..d979a1d65a 100644
--- a/windows/keep-secure/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
+++ b/windows/keep-secure/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Attempt S4U2Self to obtain claim information (Windows 10)
 description: Describes the best practices, location, values, management, and security considerations for the Microsoft network server Attempt S4U2Self to obtain claim information security policy setting.
 ms.assetid: e4508387-35ed-4a3f-a47c-27f8396adbba
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-digitally-sign-communications-always.md b/windows/keep-secure/microsoft-network-server-digitally-sign-communications-always.md
index 23d423e6d9..e71590b3cf 100644
--- a/windows/keep-secure/microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/keep-secure/microsoft-network-server-digitally-sign-communications-always.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Digitally sign communications (always) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network server Digitally sign communications (always) security policy setting.
 ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/keep-secure/microsoft-network-server-digitally-sign-communications-if-client-agrees.md
index 2f327071cb..6ad33d8c8d 100644
--- a/windows/keep-secure/microsoft-network-server-digitally-sign-communications-if-client-agrees.md
+++ b/windows/keep-secure/microsoft-network-server-digitally-sign-communications-if-client-agrees.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Digitally sign communications (if client agrees) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network server Digitally sign communications (if client agrees) security policy setting.
 ms.assetid: c92b2e3d-1dbf-4337-a145-b17a585f4fc1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/keep-secure/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
index b2737896f1..529004e2f0 100644
--- a/windows/keep-secure/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
+++ b/windows/keep-secure/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Disconnect clients when logon hours expire (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Microsoft network server Disconnect clients when logon hours expire security policy setting.
 ms.assetid: 48b5c424-9ba8-416d-be7d-ccaabb3f49af
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-network-server-server-spn-target-name-validation-level.md b/windows/keep-secure/microsoft-network-server-server-spn-target-name-validation-level.md
index b5d71aae14..6096400f68 100644
--- a/windows/keep-secure/microsoft-network-server-server-spn-target-name-validation-level.md
+++ b/windows/keep-secure/microsoft-network-server-server-spn-target-name-validation-level.md
@@ -2,7 +2,7 @@
 title: Microsoft network server Server SPN target name validation level (Windows 10)
 description: Describes the best practices, location, and values, policy management and security considerations for the Microsoft network server Server SPN target name validation level security policy setting.
 ms.assetid: 18337f78-eb45-42fd-bdbd-f8cd02c3e154
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-passport-and-password-changes.md b/windows/keep-secure/microsoft-passport-and-password-changes.md
index 4325261928..ceebe00f0a 100644
--- a/windows/keep-secure/microsoft-passport-and-password-changes.md
+++ b/windows/keep-secure/microsoft-passport-and-password-changes.md
@@ -2,7 +2,7 @@
 title: Microsoft Passport and password changes (Windows 10)
 description: When you set up Microsoft Passport, the PIN or biometric (Windows Hello) gesture that you use is specific to that device.
 ms.assetid: 83005FE4-8899-47A6-BEA9-C17CCA0B6B55
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
index a9483a0b56..490c5c9e6e 100644
--- a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
+++ b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
@@ -3,7 +3,7 @@ title: Microsoft Passport errors during PIN creation (Windows 10)
 description: When you set up Microsoft Passport in Windows 10, you may get an error during the Create a work PIN step.
 ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
 keywords: PIN, error, create a work PIN
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/microsoft-passport-guide.md b/windows/keep-secure/microsoft-passport-guide.md
index 70f6296988..b78b6f94f7 100644
--- a/windows/keep-secure/microsoft-passport-guide.md
+++ b/windows/keep-secure/microsoft-passport-guide.md
@@ -3,8 +3,7 @@ title: Microsoft Passport guide (Windows 10)
 description: This guide describes the new Windows Hello and Microsoft Passport technologies that are part of the Windows 10 operating system.
 ms.assetid: 11EA7826-DA6B-4E5C-99FB-142CC6BD9E84
 keywords: security, credential, password, authentication
-ms.prod: W10
-ms.pagetype: security
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/minimum-password-age.md b/windows/keep-secure/minimum-password-age.md
index a975b21ff4..d56c232478 100644
--- a/windows/keep-secure/minimum-password-age.md
+++ b/windows/keep-secure/minimum-password-age.md
@@ -2,7 +2,7 @@
 title: Minimum password age (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Minimum password age security policy setting.
 ms.assetid: 91915cb2-1b3f-4fb7-afa0-d03df95e8161
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/minimum-password-length.md b/windows/keep-secure/minimum-password-length.md
index 79281f850c..39c8f9fa60 100644
--- a/windows/keep-secure/minimum-password-length.md
+++ b/windows/keep-secure/minimum-password-length.md
@@ -2,7 +2,7 @@
 title: Minimum password length (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Minimum password length security policy setting.
 ms.assetid: 3d22eb9a-859a-4b6f-82f5-c270c427e17e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
index fa17f2947f..91db7537e8 100644
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Minimum requirements for Windows Defender Advanced Threat Protection
 description: Minimum network and data storage configuration, endpoint hardware and software requirements, and deployment channel requirements for Windows Defender ATP.
 keywords: minimum requirements, Windows Defender Advanced Threat Protection minimum requirements, network and data storage, endpoint, endpoint configuration, deployment channel
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/modify-an-object-label.md b/windows/keep-secure/modify-an-object-label.md
index a984a42a33..fecfb339d8 100644
--- a/windows/keep-secure/modify-an-object-label.md
+++ b/windows/keep-secure/modify-an-object-label.md
@@ -2,7 +2,7 @@
 title: Modify an object label (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Modify an object label security policy setting.
 ms.assetid: 3e5a97dd-d363-43a8-ae80-452e866ebfd5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/modify-firmware-environment-values.md b/windows/keep-secure/modify-firmware-environment-values.md
index 2dcc1d8dfc..e4f6b85eb1 100644
--- a/windows/keep-secure/modify-firmware-environment-values.md
+++ b/windows/keep-secure/modify-firmware-environment-values.md
@@ -2,7 +2,7 @@
 title: Modify firmware environment values (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Modify firmware environment values security policy setting.
 ms.assetid: 80bad5c4-d9eb-4e3a-a5dc-dcb742b83fca
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-application-usage-with-applocker.md b/windows/keep-secure/monitor-application-usage-with-applocker.md
index 14b94f4745..87ead686b6 100644
--- a/windows/keep-secure/monitor-application-usage-with-applocker.md
+++ b/windows/keep-secure/monitor-application-usage-with-applocker.md
@@ -2,7 +2,7 @@
 title: Monitor app usage with AppLocker (Windows 10)
 description: This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
 ms.assetid: 0516da6e-ebe4-45b4-a97b-31daba96d1cf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-central-access-policy-and-rule-definitions.md b/windows/keep-secure/monitor-central-access-policy-and-rule-definitions.md
index 11e4efc2be..6904612d1c 100644
--- a/windows/keep-secure/monitor-central-access-policy-and-rule-definitions.md
+++ b/windows/keep-secure/monitor-central-access-policy-and-rule-definitions.md
@@ -2,7 +2,7 @@
 title: Monitor central access policy and rule definitions (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to central access policy and central access rule definitions when you use advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 553f98a6-7606-4518-a3c5-347a33105130
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-claim-types.md b/windows/keep-secure/monitor-claim-types.md
index 9220126e6c..fcbaaa93b0 100644
--- a/windows/keep-secure/monitor-claim-types.md
+++ b/windows/keep-secure/monitor-claim-types.md
@@ -2,7 +2,7 @@
 title: Monitor claim types (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to claim types that are associated with dynamic access control when you are using advanced security auditing options.
 ms.assetid: 426084da-4eef-44af-aeec-e7ab4d4e2439
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
index 67ff38e86d..8babe1f172 100644
--- a/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/monitor-onboarding-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Monitor Windows Defender ATP onboarding
 description: Monitor the onboarding of the Windows Defender ATP service to ensure your endpoints are correctly configured and are sending telemetry reports.
 keywords: monitor onboarding, monitor Windows Defender ATP onboarding, monitor Windows Defender Advanced Threat Protection onboarding
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/monitor-resource-attribute-definitions.md b/windows/keep-secure/monitor-resource-attribute-definitions.md
index 42bd9b783e..75bff821fe 100644
--- a/windows/keep-secure/monitor-resource-attribute-definitions.md
+++ b/windows/keep-secure/monitor-resource-attribute-definitions.md
@@ -2,7 +2,7 @@
 title: Monitor resource attribute definitions (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to resource attribute definitions when you are using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: aace34b0-123a-4b83-9e09-f269220e79de
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/keep-secure/monitor-the-central-access-policies-associated-with-files-and-folders.md
index db6155e24b..74e926c90b 100644
--- a/windows/keep-secure/monitor-the-central-access-policies-associated-with-files-and-folders.md
+++ b/windows/keep-secure/monitor-the-central-access-policies-associated-with-files-and-folders.md
@@ -2,7 +2,7 @@
 title: Monitor the central access policies associated with files and folders (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to the central access policies that are associated with files and folders when you are using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 2ea8fc23-b3ac-432f-87b0-6a16506e8eed
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/keep-secure/monitor-the-central-access-policies-that-apply-on-a-file-server.md
index aeee1c4b35..4e21c32c36 100644
--- a/windows/keep-secure/monitor-the-central-access-policies-that-apply-on-a-file-server.md
+++ b/windows/keep-secure/monitor-the-central-access-policies-that-apply-on-a-file-server.md
@@ -2,7 +2,7 @@
 title: Monitor the central access policies that apply on a file server (Windows 10)
 description: This topic for the IT professional describes how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-the-resource-attributes-on-files-and-folders.md b/windows/keep-secure/monitor-the-resource-attributes-on-files-and-folders.md
index fd2edb8b75..5849cc955c 100644
--- a/windows/keep-secure/monitor-the-resource-attributes-on-files-and-folders.md
+++ b/windows/keep-secure/monitor-the-resource-attributes-on-files-and-folders.md
@@ -2,7 +2,7 @@
 title: Monitor the resource attributes on files and folders (Windows 10)
 description: This topic for the IT professional describes how to monitor attempts to change settings to the resource attributes on files when you are using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 4944097b-320f-44c7-88ed-bf55946a358b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-the-use-of-removable-storage-devices.md b/windows/keep-secure/monitor-the-use-of-removable-storage-devices.md
index c850719ed9..7665d0dddc 100644
--- a/windows/keep-secure/monitor-the-use-of-removable-storage-devices.md
+++ b/windows/keep-secure/monitor-the-use-of-removable-storage-devices.md
@@ -2,7 +2,7 @@
 title: Monitor the use of removable storage devices (Windows 10)
 description: This topic for the IT professional describes how to monitor attempts to use removable storage devices to access network resources. It describes how to use advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: b0a9e4a5-b7ff-41c6-96ff-0228d4ba5da8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/monitor-user-and-device-claims-during-sign-in.md b/windows/keep-secure/monitor-user-and-device-claims-during-sign-in.md
index 8e767cf028..f95697b152 100644
--- a/windows/keep-secure/monitor-user-and-device-claims-during-sign-in.md
+++ b/windows/keep-secure/monitor-user-and-device-claims-during-sign-in.md
@@ -2,7 +2,7 @@
 title: Monitor user and device claims during sign-in (Windows 10)
 description: This topic for the IT professional describes how to monitor user and device claims that are associated with a user’s security token when you are using advanced security auditing options to monitor dynamic access control objects.
 ms.assetid: 71796ea9-5fe4-4183-8475-805c3c1f319f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-allow-anonymous-sidname-translation.md b/windows/keep-secure/network-access-allow-anonymous-sidname-translation.md
index 6c14b5a06f..206c76f7fc 100644
--- a/windows/keep-secure/network-access-allow-anonymous-sidname-translation.md
+++ b/windows/keep-secure/network-access-allow-anonymous-sidname-translation.md
@@ -2,7 +2,7 @@
 title: Network access Allow anonymous SID/Name translation (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Allow anonymous SID/Name translation security policy setting.
 ms.assetid: 0144477f-22a6-4d06-b70a-9c9c2196e99e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
index 52eb452b76..7de439ad10 100644
--- a/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
+++ b/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
@@ -2,7 +2,7 @@
 title: Network access Do not allow anonymous enumeration of SAM accounts and shares (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Network access Do not allow anonymous enumeration of SAM accounts and shares security policy setting.
 ms.assetid: 3686788d-4cc7-4222-9163-cbc7c3362d73
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md b/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
index 20f6455173..1a8d592782 100644
--- a/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
+++ b/windows/keep-secure/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
@@ -2,7 +2,7 @@
 title: Network access Do not allow anonymous enumeration of SAM accounts (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Network access Do not allow anonymous enumeration of SAM accounts security policy setting.
 ms.assetid: 6ee25b33-ad43-4097-b031-7be680f64c7c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/keep-secure/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
index ec12a8c647..a60b14af97 100644
--- a/windows/keep-secure/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
+++ b/windows/keep-secure/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
@@ -2,7 +2,7 @@
 title: Network access Do not allow storage of passwords and credentials for network authentication (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Do not allow storage of passwords and credentials for network authentication security policy setting.
 ms.assetid: b9b64360-36ea-40fa-b795-2d6558c46563
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/keep-secure/network-access-let-everyone-permissions-apply-to-anonymous-users.md
index eedd57751a..02f1530efb 100644
--- a/windows/keep-secure/network-access-let-everyone-permissions-apply-to-anonymous-users.md
+++ b/windows/keep-secure/network-access-let-everyone-permissions-apply-to-anonymous-users.md
@@ -2,7 +2,7 @@
 title: Network access Let Everyone permissions apply to anonymous users (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Let Everyone permissions apply to anonymous users security policy setting.
 ms.assetid: cdbc5159-9173-497e-b46b-7325f4256353
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/keep-secure/network-access-named-pipes-that-can-be-accessed-anonymously.md
index ab8eff2298..68f545297d 100644
--- a/windows/keep-secure/network-access-named-pipes-that-can-be-accessed-anonymously.md
+++ b/windows/keep-secure/network-access-named-pipes-that-can-be-accessed-anonymously.md
@@ -2,7 +2,7 @@
 title: Network access Named Pipes that can be accessed anonymously (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Named Pipes that can be accessed anonymously security policy setting.
 ms.assetid: 8897d2a4-813e-4d2b-8518-fcee71e1cf2c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-remotely-accessible-registry-paths-and-subpaths.md b/windows/keep-secure/network-access-remotely-accessible-registry-paths-and-subpaths.md
index d7a01b9e6e..3dc22f67e2 100644
--- a/windows/keep-secure/network-access-remotely-accessible-registry-paths-and-subpaths.md
+++ b/windows/keep-secure/network-access-remotely-accessible-registry-paths-and-subpaths.md
@@ -2,7 +2,7 @@
 title: Network access Remotely accessible registry paths and subpaths (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Network access Remotely accessible registry paths and subpaths security policy setting.
 ms.assetid: 3fcbbf70-a002-4f85-8e86-8dabad21928e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-remotely-accessible-registry-paths.md b/windows/keep-secure/network-access-remotely-accessible-registry-paths.md
index 86fd1783e9..88c2340130 100644
--- a/windows/keep-secure/network-access-remotely-accessible-registry-paths.md
+++ b/windows/keep-secure/network-access-remotely-accessible-registry-paths.md
@@ -2,7 +2,7 @@
 title: Network access Remotely accessible registry paths (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Remotely accessible registry paths security policy setting.
 ms.assetid: 977f86ea-864f-4f1b-9756-22220efce0bd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md b/windows/keep-secure/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
index 84be70c08b..75a2e71242 100644
--- a/windows/keep-secure/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
+++ b/windows/keep-secure/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
@@ -2,7 +2,7 @@
 title: Network access Restrict anonymous access to Named Pipes and Shares (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Restrict anonymous access to Named Pipes and Shares security policy setting.
 ms.assetid: e66cd708-7322-4d49-9b57-1bf8ec7a4c10
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-shares-that-can-be-accessed-anonymously.md b/windows/keep-secure/network-access-shares-that-can-be-accessed-anonymously.md
index b4505320e4..4f53f77bdc 100644
--- a/windows/keep-secure/network-access-shares-that-can-be-accessed-anonymously.md
+++ b/windows/keep-secure/network-access-shares-that-can-be-accessed-anonymously.md
@@ -2,7 +2,7 @@
 title: Network access Shares that can be accessed anonymously (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Shares that can be accessed anonymously security policy setting.
 ms.assetid: f3e4b919-8279-4972-b415-5f815e2f0a1a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-access-sharing-and-security-model-for-local-accounts.md b/windows/keep-secure/network-access-sharing-and-security-model-for-local-accounts.md
index fee079071d..aab32aedb6 100644
--- a/windows/keep-secure/network-access-sharing-and-security-model-for-local-accounts.md
+++ b/windows/keep-secure/network-access-sharing-and-security-model-for-local-accounts.md
@@ -2,7 +2,7 @@
 title: Network access Sharing and security model for local accounts (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network access Sharing and security model for local accounts security policy setting.
 ms.assetid: 0b3d703c-ea27-488f-8f59-b345af75b994
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-list-manager-policies.md b/windows/keep-secure/network-list-manager-policies.md
index 11de5e4da7..1488ba7052 100644
--- a/windows/keep-secure/network-list-manager-policies.md
+++ b/windows/keep-secure/network-list-manager-policies.md
@@ -2,7 +2,7 @@
 title: Network List Manager policies (Windows 10)
 description: Network List Manager policies are security settings that you can use to configure different aspects of how networks are listed and displayed on one device or on many devices.
 ms.assetid: bd8109d4-b07c-4beb-a9a6-affae2ba2fda
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/keep-secure/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
index 929606cb16..0c3458656e 100644
--- a/windows/keep-secure/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
+++ b/windows/keep-secure/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
@@ -2,7 +2,7 @@
 title: Network security Allow Local System to use computer identity for NTLM (Windows 10)
 description: Describes the location, values, policy management, and security considerations for the Network security Allow Local System to use computer identity for NTLM security policy setting.
 ms.assetid: c46a658d-b7a4-4139-b7ea-b9268c240053
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-allow-localsystem-null-session-fallback.md b/windows/keep-secure/network-security-allow-localsystem-null-session-fallback.md
index 34b487bba3..405f149efa 100644
--- a/windows/keep-secure/network-security-allow-localsystem-null-session-fallback.md
+++ b/windows/keep-secure/network-security-allow-localsystem-null-session-fallback.md
@@ -2,7 +2,7 @@
 title: Network security Allow LocalSystem NULL session fallback (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Network security Allow LocalSystem NULL session fallback security policy setting.
 ms.assetid: 5b72edaa-bec7-4572-b6f0-648fc38f5395
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/keep-secure/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
index a381d1388c..fe460ccefd 100644
--- a/windows/keep-secure/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
+++ b/windows/keep-secure/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
@@ -2,7 +2,7 @@
 title: Network security Allow PKU2U authentication requests to this computer to use online identities (Windows 10)
 description: Describes the best practices, location, and values for the Network Security Allow PKU2U authentication requests to this computer to use online identities security policy setting.
 ms.assetid: e04a854e-d94d-4306-9fb3-56e9bd7bb926
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/keep-secure/network-security-configure-encryption-types-allowed-for-kerberos.md
index 7ca22f98c0..bcbe56a0ef 100644
--- a/windows/keep-secure/network-security-configure-encryption-types-allowed-for-kerberos.md
+++ b/windows/keep-secure/network-security-configure-encryption-types-allowed-for-kerberos.md
@@ -2,7 +2,7 @@
 title: Network security Configure encryption types allowed for Kerberos Win7 only (Windows 10)
 description: Describes the best practices, location, values and security considerations for the Network security Configure encryption types allowed for Kerberos Win7 only security policy setting.
 ms.assetid: 303d32cc-415b-44ba-96c0-133934046ece
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/keep-secure/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
index 95b335005c..11984a8b59 100644
--- a/windows/keep-secure/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
+++ b/windows/keep-secure/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
@@ -2,7 +2,7 @@
 title: Network security Do not store LAN Manager hash value on next password change (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security Do not store LAN Manager hash value on next password change security policy setting.
 ms.assetid: 6452b268-e5ba-4889-9d38-db28f919af51
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-force-logoff-when-logon-hours-expire.md b/windows/keep-secure/network-security-force-logoff-when-logon-hours-expire.md
index f6dd03a829..a302a70695 100644
--- a/windows/keep-secure/network-security-force-logoff-when-logon-hours-expire.md
+++ b/windows/keep-secure/network-security-force-logoff-when-logon-hours-expire.md
@@ -2,7 +2,7 @@
 title: Network security Force logoff when logon hours expire (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security Force logoff when logon hours expire security policy setting.
 ms.assetid: 64d5dde4-58e4-4217-b2c4-73bd554ec926
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-lan-manager-authentication-level.md b/windows/keep-secure/network-security-lan-manager-authentication-level.md
index 5d8a5343aa..3ae2b1240e 100644
--- a/windows/keep-secure/network-security-lan-manager-authentication-level.md
+++ b/windows/keep-secure/network-security-lan-manager-authentication-level.md
@@ -2,7 +2,7 @@
 title: Network security LAN Manager authentication level (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security LAN Manager authentication level security policy setting.
 ms.assetid: bbe1a98c-420a-41e7-9d3c-3a2fe0f1843e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-ldap-client-signing-requirements.md b/windows/keep-secure/network-security-ldap-client-signing-requirements.md
index 5207e6e65f..158b64ed3c 100644
--- a/windows/keep-secure/network-security-ldap-client-signing-requirements.md
+++ b/windows/keep-secure/network-security-ldap-client-signing-requirements.md
@@ -2,7 +2,7 @@
 title: Network security LDAP client signing requirements (Windows 10)
 description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting.
 ms.assetid: 38b35489-eb5b-4035-bc87-df63de50509c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
index ba6527767f..b9a0e71329 100644
--- a/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
+++ b/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
@@ -2,7 +2,7 @@
 title: Network security Minimum session security for NTLM SSP based (including secure RPC) clients (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security Minimum session security for NTLM SSP based (including secure RPC) clients security policy setting.
 ms.assetid: 89903de8-23d0-4e0f-9bef-c00cb7aebf00
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
index 6bd65a6591..752b9c97c1 100644
--- a/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
+++ b/windows/keep-secure/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
@@ -2,7 +2,7 @@
 title: Network security Minimum session security for NTLM SSP based (including secure RPC) servers (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Network security Minimum session security for NTLM SSP based (including secure RPC) servers security policy setting.
 ms.assetid: c6a60c1b-bc8d-4d02-9481-f847a411b4fc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/keep-secure/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
index ca5c6d20da..74c9b41100 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Add remote server exceptions for NTLM authentication (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network security Restrict NTLM Add remote server exceptions for NTLM authentication security policy setting.
 ms.assetid: 9b017399-0a54-4580-bfae-614c2beda3a1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/keep-secure/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
index 8a29a1cbad..e16e7c0ff3 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Add server exceptions in this domain (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network security Restrict NTLM Add server exceptions in this domain security policy setting.
 ms.assetid: 2f981b68-6aa7-4dd9-b53d-d88551277cc0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/keep-secure/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
index 30716f504d..f5b4bd4032 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Audit incoming NTLM traffic (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Audit incoming NTLM traffic security policy setting.
 ms.assetid: 37e380c2-22e1-44cd-9993-e12815b845cf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/keep-secure/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index 4bda1da37a..c4254e5036 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Audit NTLM authentication in this domain (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Audit NTLM authentication in this domain security policy setting.
 ms.assetid: 33183ef9-53b5-4258-8605-73dc46335e6e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/keep-secure/network-security-restrict-ntlm-incoming-ntlm-traffic.md
index 270051f5d3..fba51b1a73 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-incoming-ntlm-traffic.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-incoming-ntlm-traffic.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Incoming NTLM traffic (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Incoming NTLM traffic security policy setting.
 ms.assetid: c0eff7d3-ed59-4004-908a-2205295fefb8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/keep-secure/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
index 8389b3ad72..407c4b9976 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM NTLM authentication in this domain (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM NTLM authentication in this domain security policy setting.
 ms.assetid: 4c7884e9-cc11-4402-96b6-89c77dc908f8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/keep-secure/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
index 439657d395..896cdbadc1 100644
--- a/windows/keep-secure/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
+++ b/windows/keep-secure/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
@@ -2,7 +2,7 @@
 title: Network security Restrict NTLM Outgoing NTLM traffic to remote servers (Windows 10)
 description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Outgoing NTLM traffic to remote servers security policy setting.
 ms.assetid: 63437a90-764b-4f06-aed8-a4a26cf81bd1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
index baf6178433..eaaa736c69 100644
--- a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Onboard endpoints and set up the Windows Defender ATP user access
 description: Set up user access in Azure Active Directory and use Group Policy, SCCM, or do manual registry changes to onboard endpoints to the service.
 keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/optimize-applocker-performance.md b/windows/keep-secure/optimize-applocker-performance.md
index cdd61ef5e2..ff8f099f2d 100644
--- a/windows/keep-secure/optimize-applocker-performance.md
+++ b/windows/keep-secure/optimize-applocker-performance.md
@@ -2,7 +2,7 @@
 title: Optimize AppLocker performance (Windows 10)
 description: This topic for IT professionals describes how to optimize AppLocker policy enforcement.
 ms.assetid: a20efa20-bc98-40fe-bd81-28ec4905e0f6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/overview-create-edp-policy.md b/windows/keep-secure/overview-create-edp-policy.md
index 24e6c6a647..0ca5b7cbd1 100644
--- a/windows/keep-secure/overview-create-edp-policy.md
+++ b/windows/keep-secure/overview-create-edp-policy.md
@@ -2,9 +2,10 @@
 title: Create an enterprise data protection (EDP) policy (Windows 10)
 description: Microsoft Intune and System Center Configuration Manager (version 1511 or later) helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
 ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/keep-secure/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index db85e986ec..b17006c05a 100644
--- a/windows/keep-secure/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/keep-secure/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Packaged apps and packaged app installer rules in AppLocker (Windows 10)
 description: This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
 ms.assetid: 8fd44d08-a0c2-4c5b-a91f-5cb9989f971d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/passport-event-300.md b/windows/keep-secure/passport-event-300.md
index 1d055b34c7..9a7c694ae0 100644
--- a/windows/keep-secure/passport-event-300.md
+++ b/windows/keep-secure/passport-event-300.md
@@ -2,8 +2,8 @@
 title: Event ID 300 - Passport successfully created (Windows 10)
 description: This event is created when a Microsoft Passport for Enterprise is successfully created and registered with Azure Active Directory (Azure AD).
 ms.assetid: 0DD59E75-1C5F-4CC6-BB0E-71C83884FF04
-keywords: ["ngc"]
-ms.prod: W10
+keywords: ngc
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/password-must-meet-complexity-requirements.md b/windows/keep-secure/password-must-meet-complexity-requirements.md
index c8b513828e..d51142a117 100644
--- a/windows/keep-secure/password-must-meet-complexity-requirements.md
+++ b/windows/keep-secure/password-must-meet-complexity-requirements.md
@@ -2,7 +2,7 @@
 title: Password must meet complexity requirements (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Password must meet complexity requirements security policy setting.
 ms.assetid: 94482ae3-9dda-42df-9782-2f66196e6afe
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/password-policy.md b/windows/keep-secure/password-policy.md
index fd3d56e268..4198fac995 100644
--- a/windows/keep-secure/password-policy.md
+++ b/windows/keep-secure/password-policy.md
@@ -2,7 +2,7 @@
 title: Password Policy (Windows 10)
 description: An overview of password policies for Windows and links to information for each policy setting.
 ms.assetid: aec1220d-a875-4575-9050-f02f9c54a3b6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/perform-volume-maintenance-tasks.md b/windows/keep-secure/perform-volume-maintenance-tasks.md
index 4a7f305290..dae56942a1 100644
--- a/windows/keep-secure/perform-volume-maintenance-tasks.md
+++ b/windows/keep-secure/perform-volume-maintenance-tasks.md
@@ -2,7 +2,7 @@
 title: Perform volume maintenance tasks (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Perform volume maintenance tasks security policy setting.
 ms.assetid: b6990813-3898-43e2-8221-c9c06d893244
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/plan-for-applocker-policy-management.md b/windows/keep-secure/plan-for-applocker-policy-management.md
index 0fa131561e..96d65e5c32 100644
--- a/windows/keep-secure/plan-for-applocker-policy-management.md
+++ b/windows/keep-secure/plan-for-applocker-policy-management.md
@@ -2,7 +2,7 @@
 title: Plan for AppLocker policy management (Windows 10)
 description: This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
 ms.assetid: dccc196f-6ae0-4ae4-853a-a3312b18751b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
index c9a1917ba3..1fa912d181 100644
--- a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
@@ -2,7 +2,7 @@
 title: Planning and deploying advanced security audit policies (Windows 10)
 description: This topic for the IT professional explains the options that security policy planners must consider and the tasks they must complete to deploy an effective security audit policy in a network that includes advanced security audit policies.
 ms.assetid: 7428e1db-aba8-407b-a39e-509671e5a442
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
index b5dae385ac..4eaf0224ec 100644
--- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender Advanced Threat Protection portal overview
 description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
 keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines view, preferences setup, client onboarding, advanced attacks
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: DulceMV
 ---
 
diff --git a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
index 74cebb3914..d377aafd3e 100644
--- a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
+++ b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
@@ -3,7 +3,7 @@ title: Prepare people to use Microsoft Passport (Windows 10)
 description: When you set a policy to require Microsoft Passport in the workplace, you will want to prepare people in your organization.
 ms.assetid: 5270B416-CE31-4DD9-862D-6C22A2AE508B
 keywords: identity, PIN, biometric, Hello
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
index 3c5e402383..c30af5a4c1 100644
--- a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -2,7 +2,7 @@
 title: Prepare your organization for BitLocker Planning and policies (Windows 10)
 description: This topic for the IT professional explains how can you plan your BitLocker deployment.
 ms.assetid: 6e3593b5-4e8a-40ac-808a-3fdbc948059d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/profile-single-process.md b/windows/keep-secure/profile-single-process.md
index bcb68afa86..0dce3bdffe 100644
--- a/windows/keep-secure/profile-single-process.md
+++ b/windows/keep-secure/profile-single-process.md
@@ -2,7 +2,7 @@
 title: Profile single process (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Profile single process security policy setting.
 ms.assetid: c0963de4-4f5e-430e-bfcd-dfd68e66a075
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/profile-system-performance.md b/windows/keep-secure/profile-system-performance.md
index 5166f4de6f..d7b5f3b8fc 100644
--- a/windows/keep-secure/profile-system-performance.md
+++ b/windows/keep-secure/profile-system-performance.md
@@ -2,7 +2,7 @@
 title: Profile system performance (Windows 10)
 description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management, and security considerations for the Profile system performance security policy setting.
 ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/protect-bitlocker-from-pre-boot-attacks.md b/windows/keep-secure/protect-bitlocker-from-pre-boot-attacks.md
index 1b1c4370f3..197d906dd6 100644
--- a/windows/keep-secure/protect-bitlocker-from-pre-boot-attacks.md
+++ b/windows/keep-secure/protect-bitlocker-from-pre-boot-attacks.md
@@ -2,7 +2,7 @@
 title: Protect BitLocker from pre-boot attacks (Windows 10)
 description: This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration.
 ms.assetid: 24d19988-fc79-4c45-b392-b39cba4ec86b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/protect-enterprise-data-using-edp.md b/windows/keep-secure/protect-enterprise-data-using-edp.md
index d647af4367..e3da331f91 100644
--- a/windows/keep-secure/protect-enterprise-data-using-edp.md
+++ b/windows/keep-secure/protect-enterprise-data-using-edp.md
@@ -2,10 +2,11 @@
 title: Protect your enterprise data using enterprise data protection (EDP) (Windows 10)
 description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control.
 ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index 2550941ba3..61313be105 100644
--- a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -3,10 +3,10 @@ title: Control the health of Windows 10-based devices (Windows 10)
 description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices.
 ms.assetid: 45DB1C41-C35D-43C9-A274-3AD5F31FE873
 keywords: security, BYOD, malware, device health attestation, mobile
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: security; devices
+ms.pagetype: security, devices
 author: arnaudjumelet
 
 ---
diff --git a/windows/keep-secure/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/keep-secure/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
index fc092b8a95..aaf71600b1 100644
--- a/windows/keep-secure/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/keep-secure/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@@ -2,7 +2,7 @@
 title: Protecting cluster shared volumes and storage area networks with BitLocker (Windows 10)
 description: This topic for IT pros describes how to protect CSVs and SANs with BitLocker.
 ms.assetid: ecd25a10-42c7-4d31-8a7e-ea52c8ebc092
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/recovery-console-allow-automatic-administrative-logon.md b/windows/keep-secure/recovery-console-allow-automatic-administrative-logon.md
index 394b4421db..4ef6ba5277 100644
--- a/windows/keep-secure/recovery-console-allow-automatic-administrative-logon.md
+++ b/windows/keep-secure/recovery-console-allow-automatic-administrative-logon.md
@@ -2,7 +2,7 @@
 title: Recovery console Allow automatic administrative logon (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Recovery console Allow automatic administrative logon security policy setting.
 ms.assetid: be2498fc-48f4-43f3-ad09-74664e45e596
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/keep-secure/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
index 23aad36087..d8945335fa 100644
--- a/windows/keep-secure/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
+++ b/windows/keep-secure/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
@@ -2,7 +2,7 @@
 title: Recovery console Allow floppy copy and access to all drives and folders (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Recovery console Allow floppy copy and access to all drives and folders security policy setting.
 ms.assetid: a5b4ac0c-f33d-42b5-a866-72afa7cbd0bd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/refresh-an-applocker-policy.md b/windows/keep-secure/refresh-an-applocker-policy.md
index fd227910c6..719bfb599b 100644
--- a/windows/keep-secure/refresh-an-applocker-policy.md
+++ b/windows/keep-secure/refresh-an-applocker-policy.md
@@ -2,7 +2,7 @@
 title: Refresh an AppLocker policy (Windows 10)
 description: This topic for IT professionals describes the steps to force an update for an AppLocker policy.
 ms.assetid: 3f24fcbc-3926-46b9-a1a2-dd036edab8a9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/registry-global-object-access-auditing.md b/windows/keep-secure/registry-global-object-access-auditing.md
index 087c5f60fc..b734cec46b 100644
--- a/windows/keep-secure/registry-global-object-access-auditing.md
+++ b/windows/keep-secure/registry-global-object-access-auditing.md
@@ -2,7 +2,7 @@
 title: Registry (Global Object Access Auditing) (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Registry (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the registry of a computer.
 ms.assetid: 953bb1c1-3f76-43be-ba17-4aed2304f578
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/remove-computer-from-docking-station.md b/windows/keep-secure/remove-computer-from-docking-station.md
index 06949c5258..ee3b81a7d3 100644
--- a/windows/keep-secure/remove-computer-from-docking-station.md
+++ b/windows/keep-secure/remove-computer-from-docking-station.md
@@ -2,7 +2,7 @@
 title: Remove computer from docking station (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Remove computer from docking station security policy setting.
 ms.assetid: 229a385a-a862-4973-899a-413b1b5b6c30
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/replace-a-process-level-token.md b/windows/keep-secure/replace-a-process-level-token.md
index 0beaf15c90..5361f2a589 100644
--- a/windows/keep-secure/replace-a-process-level-token.md
+++ b/windows/keep-secure/replace-a-process-level-token.md
@@ -2,7 +2,7 @@
 title: Replace a process level token (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Replace a process level token security policy setting.
 ms.assetid: 5add02db-6339-489e-ba21-ccc3ccbe8745
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/requirements-for-deploying-applocker-policies.md b/windows/keep-secure/requirements-for-deploying-applocker-policies.md
index f1608ee829..e3b6c29aa7 100644
--- a/windows/keep-secure/requirements-for-deploying-applocker-policies.md
+++ b/windows/keep-secure/requirements-for-deploying-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Requirements for deploying AppLocker policies (Windows 10)
 description: This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
 ms.assetid: 3e55bda2-3cd7-42c7-bad3-c7dfbe193d48
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/requirements-to-use-applocker.md b/windows/keep-secure/requirements-to-use-applocker.md
index f9c5f24fae..6389eb2755 100644
--- a/windows/keep-secure/requirements-to-use-applocker.md
+++ b/windows/keep-secure/requirements-to-use-applocker.md
@@ -2,7 +2,7 @@
 title: Requirements to use AppLocker (Windows 10)
 description: This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
 ms.assetid: dc380535-071e-4794-8f9d-e5d1858156f0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/reset-account-lockout-counter-after.md b/windows/keep-secure/reset-account-lockout-counter-after.md
index ebefbb2d0c..d3e6f545ed 100644
--- a/windows/keep-secure/reset-account-lockout-counter-after.md
+++ b/windows/keep-secure/reset-account-lockout-counter-after.md
@@ -2,7 +2,7 @@
 title: Reset account lockout counter after (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Reset account lockout counter after security policy setting.
 ms.assetid: d5ccf6dd-5ba7-44a9-8e0b-c478d8b1442c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/restore-files-and-directories.md b/windows/keep-secure/restore-files-and-directories.md
index b428c37092..e8bb7e6f85 100644
--- a/windows/keep-secure/restore-files-and-directories.md
+++ b/windows/keep-secure/restore-files-and-directories.md
@@ -2,7 +2,7 @@
 title: Restore files and directories (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Restore files and directories security policy setting.
 ms.assetid: c673c0fa-6f49-4edd-8c1f-c5e8513f701d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
index 9eb59d5dc1..9e6debeb0f 100644
--- a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
@@ -4,9 +4,10 @@ description: IT professionals can run a scan using the command line in Windows D
 keywords: scan, command line, mpcmdrun, defender
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/run-the-automatically-generate-rules-wizard.md b/windows/keep-secure/run-the-automatically-generate-rules-wizard.md
index 12a5620d21..565f6331da 100644
--- a/windows/keep-secure/run-the-automatically-generate-rules-wizard.md
+++ b/windows/keep-secure/run-the-automatically-generate-rules-wizard.md
@@ -2,7 +2,7 @@
 title: Run the Automatically Generate Rules wizard (Windows 10)
 description: This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
 ms.assetid: 8cad1e14-d5b2-437c-8f88-70cffd7b3d8e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/script-rules-in-applocker.md b/windows/keep-secure/script-rules-in-applocker.md
index 10efd57b91..6fd0ec9196 100644
--- a/windows/keep-secure/script-rules-in-applocker.md
+++ b/windows/keep-secure/script-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Script rules in AppLocker (Windows 10)
 description: This topic describes the file formats and available default rules for the script rule collection.
 ms.assetid: fee24ca4-935a-4c5e-8a92-8cf1d134d35f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/secpol-advanced-security-audit-policy-settings.md b/windows/keep-secure/secpol-advanced-security-audit-policy-settings.md
index a4f7e13245..e3f6f2ce53 100644
--- a/windows/keep-secure/secpol-advanced-security-audit-policy-settings.md
+++ b/windows/keep-secure/secpol-advanced-security-audit-policy-settings.md
@@ -2,7 +2,7 @@
 title: Advanced security audit policy settings (Windows 10)
 description: Provides information about the advanced security audit policy settings that are available in Windows and the audit events that they generate.
 ms.assetid: 6BF9A642-DBC3-4101-94A3-B2316C553CE3
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-auditing-overview.md b/windows/keep-secure/security-auditing-overview.md
index 135ebc41e5..cde9b0865f 100644
--- a/windows/keep-secure/security-auditing-overview.md
+++ b/windows/keep-secure/security-auditing-overview.md
@@ -2,7 +2,7 @@
 title: Security auditing (Windows 10)
 description: Topics in this section are for IT professionals and describes the security auditing features in Windows and how your organization can benefit from using these technologies to enhance the security and manageability of your network.
 ms.assetid: 2d9b8142-49bd-4a33-b246-3f0c2a5f32d4
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-considerations-for-applocker.md b/windows/keep-secure/security-considerations-for-applocker.md
index 560f73ba5a..f7c0df0eab 100644
--- a/windows/keep-secure/security-considerations-for-applocker.md
+++ b/windows/keep-secure/security-considerations-for-applocker.md
@@ -2,7 +2,7 @@
 title: Security considerations for AppLocker (Windows 10)
 description: This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.
 ms.assetid: 354a5abb-7b31-4bea-a442-aa9666117625
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-options.md b/windows/keep-secure/security-options.md
index b9ddcb4bf8..2d25a87621 100644
--- a/windows/keep-secure/security-options.md
+++ b/windows/keep-secure/security-options.md
@@ -2,7 +2,7 @@
 title: Security Options (Windows 10)
 description: Provides an introduction to the settings under Security Options of the local security policies and links to information about each setting.
 ms.assetid: 405ea253-8116-4e57-b08e-14a8dcdca92b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-policy-settings-reference.md b/windows/keep-secure/security-policy-settings-reference.md
index 06c6b96d8d..4023dfc66f 100644
--- a/windows/keep-secure/security-policy-settings-reference.md
+++ b/windows/keep-secure/security-policy-settings-reference.md
@@ -2,7 +2,7 @@
 title: Security policy settings reference (Windows 10)
 description: This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations.
 ms.assetid: ef5a4579-15a8-4507-9a43-b7ccddcb0ed1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-policy-settings.md b/windows/keep-secure/security-policy-settings.md
index 1551485d7e..f9ea234685 100644
--- a/windows/keep-secure/security-policy-settings.md
+++ b/windows/keep-secure/security-policy-settings.md
@@ -2,7 +2,7 @@
 title: Security policy settings (Windows 10)
 description: This reference topic describes the common scenarios, architecture, and processes for security settings.
 ms.assetid: e7ac5204-7f6c-4708-a9f6-6af712ca43b9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/security-technologies.md b/windows/keep-secure/security-technologies.md
index 7d54d652f2..39c9eedbb3 100644
--- a/windows/keep-secure/security-technologies.md
+++ b/windows/keep-secure/security-technologies.md
@@ -2,7 +2,7 @@
 title: Security technologies (Windows 10)
 description: Learn more about the different security technologies that are available in Windows 10 and Windows 10 Mobile.
 ms.assetid: BFE2DE22-B0CE-465B-8CF6-28F64464DF08
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/select-types-of-rules-to-create.md b/windows/keep-secure/select-types-of-rules-to-create.md
index 6e92663943..00ae11caf5 100644
--- a/windows/keep-secure/select-types-of-rules-to-create.md
+++ b/windows/keep-secure/select-types-of-rules-to-create.md
@@ -2,7 +2,7 @@
 title: Select the types of rules to create (Windows 10)
 description: This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
 ms.assetid: 14751169-0ed1-47cc-822c-8c01a7477784
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md
index 1be3c1bfe6..fb5e5d5cbf 100644
--- a/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/service-onboarding-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender ATP service onboarding
 description: Assign users to the Windows Defender ATP service application in Azure Active Directory to grant access to the portal.
 keywords: service onboarding, Windows Defender Advanced Threat Protection service onboarding, manage users,
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
index f976f74857..81d0358abb 100644
--- a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender Advanced Threat Protection settings
 description: Use the menu to configure the time zone, suppression rules, and view license information.
 keywords: Windows Defender ATP settings, Windows Defender, cybersecurity threat intelligence, advanced threat protection, time zone, utc, local time, license, suppression rules
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: DulceMV
 ---
 
diff --git a/windows/keep-secure/shut-down-the-system.md b/windows/keep-secure/shut-down-the-system.md
index e07bf9633a..0c4f6b24a7 100644
--- a/windows/keep-secure/shut-down-the-system.md
+++ b/windows/keep-secure/shut-down-the-system.md
@@ -2,7 +2,7 @@
 title: Shut down the system (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Shut down the system security policy setting.
 ms.assetid: c8e8f890-153a-401e-a957-ba6a130304bf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/keep-secure/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
index a480adae03..bdd15d4040 100644
--- a/windows/keep-secure/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
+++ b/windows/keep-secure/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
@@ -2,7 +2,7 @@
 title: Shutdown Allow system to be shut down without having to log on (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Shutdown Allow system to be shut down without having to log on security policy setting.
 ms.assetid: f3964767-5377-4416-8eb3-e14d553a7315
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/shutdown-clear-virtual-memory-pagefile.md b/windows/keep-secure/shutdown-clear-virtual-memory-pagefile.md
index 1e23676be3..83e27c9e00 100644
--- a/windows/keep-secure/shutdown-clear-virtual-memory-pagefile.md
+++ b/windows/keep-secure/shutdown-clear-virtual-memory-pagefile.md
@@ -2,7 +2,7 @@
 title: Shutdown Clear virtual memory pagefile (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the Shutdown Clear virtual memory pagefile security policy setting.
 ms.assetid: 31400078-6c56-4891-a6df-6dfb403c4bc9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/store-passwords-using-reversible-encryption.md b/windows/keep-secure/store-passwords-using-reversible-encryption.md
index 386e132579..667eaec2fc 100644
--- a/windows/keep-secure/store-passwords-using-reversible-encryption.md
+++ b/windows/keep-secure/store-passwords-using-reversible-encryption.md
@@ -2,7 +2,7 @@
 title: Store passwords using reversible encryption (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Store passwords using reversible encryption security policy setting.
 ms.assetid: 57f958c2-f1e9-48bf-871b-0a9b3299e238
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
index dddb84f0a2..b6b9fd71e5 100644
--- a/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -2,7 +2,7 @@
 title: Switch PCR banks on TPM 2.0 devices (Windows 10)
 description: A Platform Configuration Register (PCR) is a memory location in the TPM that has some unique properties.
 ms.assetid: 743FCCCB-99A9-4636-8F48-9ECB3A3D10DE
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/synchronize-directory-service-data.md b/windows/keep-secure/synchronize-directory-service-data.md
index 853573d001..b562f8a178 100644
--- a/windows/keep-secure/synchronize-directory-service-data.md
+++ b/windows/keep-secure/synchronize-directory-service-data.md
@@ -2,7 +2,7 @@
 title: Synchronize directory service data (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Synchronize directory service data security policy setting.
 ms.assetid: 97b0aaa4-674f-40f4-8974-b4bfb12c232c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/keep-secure/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
index c72f3b1385..0862dc11d1 100644
--- a/windows/keep-secure/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
+++ b/windows/keep-secure/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
@@ -2,7 +2,7 @@
 title: System cryptography Force strong key protection for user keys stored on the computer (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System cryptography Force strong key protection for user keys stored on the computer security policy setting.
 ms.assetid: 8cbff267-881e-4bf6-920d-b583a5ff7de0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/keep-secure/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index f7137a0c09..a1a1738dad 100644
--- a/windows/keep-secure/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/keep-secure/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -2,7 +2,7 @@
 title: System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing (Windows 10)
 description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting.
 ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/keep-secure/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
index 6f9e3c9d43..1f3af1c21c 100644
--- a/windows/keep-secure/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
+++ b/windows/keep-secure/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
@@ -2,7 +2,7 @@
 title: System objects Require case insensitivity for non-Windows subsystems (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System objects Require case insensitivity for non-Windows subsystems security policy setting.
 ms.assetid: 340d6769-8f33-4067-8470-1458978d1522
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/keep-secure/system-objects-strengthen-default-permissions-of-internal-system-objects.md
index 708cba1b5a..5be5a462b1 100644
--- a/windows/keep-secure/system-objects-strengthen-default-permissions-of-internal-system-objects.md
+++ b/windows/keep-secure/system-objects-strengthen-default-permissions-of-internal-system-objects.md
@@ -2,7 +2,7 @@
 title: System objects Strengthen default permissions of internal system objects (e.g. Symbolic Links) (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System objects Strengthen default permissions of internal system objects (e.g. Symbolic Links) security policy setting.
 ms.assetid: 3a592097-9cf5-4fd0-a504-7cbfab050bb6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-settings-optional-subsystems.md b/windows/keep-secure/system-settings-optional-subsystems.md
index 4e096fea50..15ec7c1221 100644
--- a/windows/keep-secure/system-settings-optional-subsystems.md
+++ b/windows/keep-secure/system-settings-optional-subsystems.md
@@ -2,7 +2,7 @@
 title: System settings Optional subsystems (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System settings Optional subsystems security policy setting.
 ms.assetid: 5cb6519a-4f84-4b45-8072-e2aa8a72fb78
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/keep-secure/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
index 85e0a1c7bd..ae25abd015 100644
--- a/windows/keep-secure/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
+++ b/windows/keep-secure/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
@@ -2,7 +2,7 @@
 title: System settings Use certificate rules on Windows executables for Software Restriction Policies (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the System settings Use certificate rules on Windows executables for Software Restriction Policies security policy setting.
 ms.assetid: 2380d93b-b553-4e56-a0c0-d1ef740d089c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/take-ownership-of-files-or-other-objects.md b/windows/keep-secure/take-ownership-of-files-or-other-objects.md
index 255f2d4ff3..24ab3257e2 100644
--- a/windows/keep-secure/take-ownership-of-files-or-other-objects.md
+++ b/windows/keep-secure/take-ownership-of-files-or-other-objects.md
@@ -2,7 +2,7 @@
 title: Take ownership of files or other objects (Windows 10)
 description: Describes the best practices, location, values, policy management, and security considerations for the Take ownership of files or other objects security policy setting.
 ms.assetid: cb8595d1-74cc-4176-bb15-d97663eebb2d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/keep-secure/test-an-applocker-policy-by-using-test-applockerpolicy.md
index aa27d42260..fcc3bf2eac 100644
--- a/windows/keep-secure/test-an-applocker-policy-by-using-test-applockerpolicy.md
+++ b/windows/keep-secure/test-an-applocker-policy-by-using-test-applockerpolicy.md
@@ -2,7 +2,7 @@
 title: Test an AppLocker policy by using Test-AppLockerPolicy (Windows 10)
 description: This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
 ms.assetid: 048bfa38-6825-4a9a-ab20-776cf79f402a
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/test-and-update-an-applocker-policy.md b/windows/keep-secure/test-and-update-an-applocker-policy.md
index cf77664f65..99e46e3022 100644
--- a/windows/keep-secure/test-and-update-an-applocker-policy.md
+++ b/windows/keep-secure/test-and-update-an-applocker-policy.md
@@ -2,7 +2,7 @@
 title: Test and update an AppLocker policy (Windows 10)
 description: This topic discusses the steps required to test an AppLocker policy prior to deployment.
 ms.assetid: 7d53cbef-078c-4d20-8b00-e821e33b6ea1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/testing-scenarios-for-edp.md b/windows/keep-secure/testing-scenarios-for-edp.md
index 810bb44663..e2187af349 100644
--- a/windows/keep-secure/testing-scenarios-for-edp.md
+++ b/windows/keep-secure/testing-scenarios-for-edp.md
@@ -2,10 +2,11 @@
 title: Testing scenarios for enterprise data protection (EDP) (Windows 10)
 description: We've come up with a list of suggested testing scenarios that you can use to test enterprise data protection (EDP) in your company.
 ms.assetid: 53db29d2-d99d-4db6-b494-90e2b3962ca2
-keywords: ["EDP", "Enterprise Data Protection"]
-ms.prod: W10
+keywords: EDP, Enterprise Data Protection
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/tools-to-use-with-applocker.md b/windows/keep-secure/tools-to-use-with-applocker.md
index d0ffd99ac7..5d2d69ff81 100644
--- a/windows/keep-secure/tools-to-use-with-applocker.md
+++ b/windows/keep-secure/tools-to-use-with-applocker.md
@@ -2,7 +2,7 @@
 title: Tools to use with AppLocker (Windows 10)
 description: This topic for the IT professional describes the tools available to create and administer AppLocker policies.
 ms.assetid: db2b7cb3-7643-4be5-84eb-46ba551e1ad1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/tpm-fundamentals.md b/windows/keep-secure/tpm-fundamentals.md
index c4fb6b2cc3..6969c89924 100644
--- a/windows/keep-secure/tpm-fundamentals.md
+++ b/windows/keep-secure/tpm-fundamentals.md
@@ -2,7 +2,7 @@
 title: TPM fundamentals (Windows 10)
 description: This topic for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks.
 ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/tpm-recommendations.md b/windows/keep-secure/tpm-recommendations.md
index 9decdf047c..81b6385faf 100644
--- a/windows/keep-secure/tpm-recommendations.md
+++ b/windows/keep-secure/tpm-recommendations.md
@@ -2,7 +2,7 @@
 title: TPM recommendations (Windows 10)
 description: This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows 10.
 ms.assetid: E85F11F5-4E6A-43E7-8205-672F77706561
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index 9199881438..7db942d7ba 100644
--- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Troubleshoot Windows Defender ATP onboarding issues
 description: Troubleshoot issues that might arise during the onboarding of endpoints or to the Windows Defender ATP service.
 keywords: troubleshoot onboarding, onboarding issues, event viewer, data collection and preview builds, telemetry and diagnostics
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: iaanw
 ---
 
diff --git a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
index 1d15cf5dd7..8340e9dcc0 100644
--- a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Troubleshoot Windows Defender Advanced Threat Protection
 description: Find solutions and work arounds to known issues such as server errors when trying to access the service.
 keywords: troubleshoot Windows Defender Advanced Threat Protection, troubleshoot Windows ATP, server error, access denied, invalid credentials, no data, dashboard portal, whitelist, event viewer
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 # Troubleshoot Windows Defender Advanced Threat Protection
diff --git a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
index f9c63208af..e60c0f663c 100644
--- a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
+++ b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
@@ -2,7 +2,7 @@
 title: Troubleshoot Windows Defender in Windows 10 (Windows 10)
 description: IT professionals can review information about event IDs in Windows Defender for Windows 10 and see any relevant action they can take.
 ms.assetid: EE488CC1-E340-4D47-B50B-35BD23CB4D70
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/trusted-platform-module-overview.md b/windows/keep-secure/trusted-platform-module-overview.md
index 03e37a250b..e7b6e784ff 100644
--- a/windows/keep-secure/trusted-platform-module-overview.md
+++ b/windows/keep-secure/trusted-platform-module-overview.md
@@ -2,7 +2,7 @@
 title: Trusted Platform Module Technology Overview (Windows 10)
 description: This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. The topic provides links to other resources about the TPM.
 ms.assetid: face8932-b034-4319-86ac-db1163d46538
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
index 4ded5c4844..ff626bb1de 100644
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@@ -2,7 +2,7 @@
 title: TPM Group Policy settings (Windows 10)
 description: This topic for the IT professional describes the Trusted Platform Module (TPM) Services that can be controlled centrally by using Group Policy settings.
 ms.assetid: 54ff1c1e-a210-4074-a44e-58fee26e4dbd
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/types-of-attacks-for-volume-encryption-keys.md b/windows/keep-secure/types-of-attacks-for-volume-encryption-keys.md
index 4f38eca5a6..96a64490d0 100644
--- a/windows/keep-secure/types-of-attacks-for-volume-encryption-keys.md
+++ b/windows/keep-secure/types-of-attacks-for-volume-encryption-keys.md
@@ -2,7 +2,7 @@
 title: Types of attacks for volume encryption keys (Windows 10)
 description: There are many ways Windows helps protect your organization from attacks, including Unified Extensible Firmware Interface (UEFI) secure boot, Trusted Platform Module (TPM), Group Policy, complex passwords, and account lockouts.
 ms.assetid: 405060a9-2009-44fc-9f84-66edad32c6bc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understand-applocker-enforcement-settings.md b/windows/keep-secure/understand-applocker-enforcement-settings.md
index 6ac72fe3f1..a27cfdc9cb 100644
--- a/windows/keep-secure/understand-applocker-enforcement-settings.md
+++ b/windows/keep-secure/understand-applocker-enforcement-settings.md
@@ -2,7 +2,7 @@
 title: Understand AppLocker enforcement settings (Windows 10)
 description: This topic describes the AppLocker enforcement settings for rule collections.
 ms.assetid: 48773007-a343-40bf-8961-b3ff0a450d7e
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understand-applocker-policy-design-decisions.md b/windows/keep-secure/understand-applocker-policy-design-decisions.md
index 5687229616..4c7731bcfc 100644
--- a/windows/keep-secure/understand-applocker-policy-design-decisions.md
+++ b/windows/keep-secure/understand-applocker-policy-design-decisions.md
@@ -2,7 +2,7 @@
 title: Understand AppLocker policy design decisions (Windows 10)
 description: This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.
 ms.assetid: 3475def8-949a-4b51-b480-dc88b5c1e6e6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/keep-secure/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
index 066f32d60e..fd1d01d9fb 100644
--- a/windows/keep-secure/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+++ b/windows/keep-secure/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
@@ -2,7 +2,7 @@
 title: Understand AppLocker rules and enforcement setting inheritance in Group Policy (Windows 10)
 description: This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
 ms.assetid: c1c5a3d3-540a-4698-83b5-0dab5d27d871
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understand-the-applocker-policy-deployment-process.md b/windows/keep-secure/understand-the-applocker-policy-deployment-process.md
index 76bbb8d904..a2ec48ffe5 100644
--- a/windows/keep-secure/understand-the-applocker-policy-deployment-process.md
+++ b/windows/keep-secure/understand-the-applocker-policy-deployment-process.md
@@ -2,7 +2,7 @@
 title: Understand the AppLocker policy deployment process (Windows 10)
 description: This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
 ms.assetid: 4cfd95c1-fbd3-41fa-8efc-d23c1ea6fb16
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/keep-secure/understanding-applocker-allow-and-deny-actions-on-rules.md
index b6d8502af0..b383087281 100644
--- a/windows/keep-secure/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/keep-secure/understanding-applocker-allow-and-deny-actions-on-rules.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker allow and deny actions on rules (Windows 10)
 description: This topic explains the differences between allow and deny actions on AppLocker rules.
 ms.assetid: ea0370fa-2086-46b5-a0a4-4a7ead8cbed9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-default-rules.md b/windows/keep-secure/understanding-applocker-default-rules.md
index 76aa56e251..b0aa99f22e 100644
--- a/windows/keep-secure/understanding-applocker-default-rules.md
+++ b/windows/keep-secure/understanding-applocker-default-rules.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker default rules (Windows 10)
 description: This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied.
 ms.assetid: bdb03d71-05b7-41fb-96e3-a289ce1866e1
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-rule-behavior.md b/windows/keep-secure/understanding-applocker-rule-behavior.md
index 2e1353c3ed..ac18934b5f 100644
--- a/windows/keep-secure/understanding-applocker-rule-behavior.md
+++ b/windows/keep-secure/understanding-applocker-rule-behavior.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker rule behavior (Windows 10)
 description: This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
 ms.assetid: 3e2738a3-8041-4095-8a84-45c1894c97d0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-rule-collections.md b/windows/keep-secure/understanding-applocker-rule-collections.md
index 9c569f7f53..b8adef234c 100644
--- a/windows/keep-secure/understanding-applocker-rule-collections.md
+++ b/windows/keep-secure/understanding-applocker-rule-collections.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker rule collections (Windows 10)
 description: This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.
 ms.assetid: 03c05466-4fb3-4880-8d3c-0f6f59fc5579
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-rule-condition-types.md b/windows/keep-secure/understanding-applocker-rule-condition-types.md
index d4e6ceaf84..f00afa16e1 100644
--- a/windows/keep-secure/understanding-applocker-rule-condition-types.md
+++ b/windows/keep-secure/understanding-applocker-rule-condition-types.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker rule condition types (Windows 10)
 description: This topic for the IT professional describes the three types of AppLocker rule conditions.
 ms.assetid: c21af67f-60a1-4f7d-952c-a6f769c74729
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-applocker-rule-exceptions.md b/windows/keep-secure/understanding-applocker-rule-exceptions.md
index a99cb1f8cb..4cedcfd784 100644
--- a/windows/keep-secure/understanding-applocker-rule-exceptions.md
+++ b/windows/keep-secure/understanding-applocker-rule-exceptions.md
@@ -2,7 +2,7 @@
 title: Understanding AppLocker rule exceptions (Windows 10)
 description: This topic describes the result of applying AppLocker rule exceptions to rule collections.
 ms.assetid: e6bb349f-ee60-4c8d-91cd-6442f2d0eb9c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/keep-secure/understanding-the-file-hash-rule-condition-in-applocker.md
index b778f3c76d..89a2b1a770 100644
--- a/windows/keep-secure/understanding-the-file-hash-rule-condition-in-applocker.md
+++ b/windows/keep-secure/understanding-the-file-hash-rule-condition-in-applocker.md
@@ -2,7 +2,7 @@
 title: Understanding the file hash rule condition in AppLocker (Windows 10)
 description: This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it is applied.
 ms.assetid: 4c6d9af4-2b1a-40f4-8758-1a6f9f147756
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-the-path-rule-condition-in-applocker.md b/windows/keep-secure/understanding-the-path-rule-condition-in-applocker.md
index d62cf0c8b6..4d4e950a6c 100644
--- a/windows/keep-secure/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/keep-secure/understanding-the-path-rule-condition-in-applocker.md
@@ -2,7 +2,7 @@
 title: Understanding the path rule condition in AppLocker (Windows 10)
 description: This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied.
 ms.assetid: 3fa54ded-4466-4f72-bea4-2612031cad43
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/understanding-the-publisher-rule-condition-in-applocker.md b/windows/keep-secure/understanding-the-publisher-rule-condition-in-applocker.md
index 34ac6444f3..5e0bca2ee0 100644
--- a/windows/keep-secure/understanding-the-publisher-rule-condition-in-applocker.md
+++ b/windows/keep-secure/understanding-the-publisher-rule-condition-in-applocker.md
@@ -2,7 +2,7 @@
 title: Understanding the publisher rule condition in AppLocker (Windows 10)
 description: This topic explains the AppLocker publisher rule condition, what controls are available, and how it is applied.
 ms.assetid: df61ed8f-a97e-4644-9d0a-2169f18c1c4f
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/keep-secure/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index e9c7b0645e..90336b381a 100644
--- a/windows/keep-secure/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/keep-secure/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Use a reference device to create and maintain AppLocker policies (Windows 10)
 description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
 ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/keep-secure/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index ef970cd8df..17fe40b6a1 100644
--- a/windows/keep-secure/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/keep-secure/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -2,7 +2,7 @@
 title: Use AppLocker and Software Restriction Policies in the same domain (Windows 10)
 description: This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
 ms.assetid: 2b7e0cec-df62-49d6-a2b7-6b8e30180943
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/use-the-applocker-windows-powershell-cmdlets.md b/windows/keep-secure/use-the-applocker-windows-powershell-cmdlets.md
index cf988054c1..d7cd5120c4 100644
--- a/windows/keep-secure/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/keep-secure/use-the-applocker-windows-powershell-cmdlets.md
@@ -2,7 +2,7 @@
 title: Use the AppLocker Windows PowerShell cmdlets (Windows 10)
 description: This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
 ms.assetid: 374e029c-5c0a-44ab-a57a-2a9dd17dc57d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
index dd0fc24f67..717abdaec8 100644
--- a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Use the Windows Defender Advanced Threat Protection portal
 description: Learn about the features on Windows Defender ATP portal, including how alerts work, and suggestions on how to investigate possible breaches and attacks.
 keywords: dashboard, alerts queue, manage alerts, investigation, investigate alerts, investigate machines, submit files, deep analysis, high, medium, low, severity, ioc, ioa
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/use-windows-event-forwarding-to-assist-in-instrusion-detection.md b/windows/keep-secure/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
index 060d693df1..846f249f82 100644
--- a/windows/keep-secure/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
+++ b/windows/keep-secure/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
@@ -2,7 +2,7 @@
 title: Use Windows Event Forwarding to help with intrusion detection (Windows 10)
 description: Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected.
 ms.assetid: 733263E5-7FD1-45D2-914A-184B9E3E6A3F
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/keep-secure/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
index a4fbc0126b..7b203c0bcd 100644
--- a/windows/keep-secure/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
+++ b/windows/keep-secure/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
@@ -2,7 +2,7 @@
 title: User Account Control Admin Approval Mode for the Built-in Administrator account (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Admin Approval Mode for the Built-in Administrator account security policy setting.
 ms.assetid: d465fc27-1cd2-498b-9cf6-7ad2276e5998
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/keep-secure/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
index cc8ebe93f3..e80369cae9 100644
--- a/windows/keep-secure/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
+++ b/windows/keep-secure/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
@@ -2,7 +2,7 @@
 title: User Account Control Allow UIAccess applications to prompt for elevation without using the secure desktop (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the User Account Control Allow UIAccess applications to prompt for elevation without using the secure desktop security policy setting.
 ms.assetid: fce20472-3c93-449d-b520-13c4c74a9892
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
index 28718b33ae..97af8126a3 100644
--- a/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
+++ b/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
@@ -2,7 +2,7 @@
 title: User Account Control Behavior of the elevation prompt for administrators in Admin Approval Mode (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Behavior of the elevation prompt for administrators in Admin Approval Mode security policy setting.
 ms.assetid: 46a3c3a2-1d2e-4a6f-b5e6-29f9592f535d
-ms.prod: W10
+ms.prod: ws10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
index e382611db9..7ca4ce4329 100644
--- a/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
+++ b/windows/keep-secure/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
@@ -2,7 +2,7 @@
 title: User Account Control Behavior of the elevation prompt for standard users (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Behavior of the elevation prompt for standard users security policy setting.
 ms.assetid: 1eae7def-8f6c-43b6-9474-23911fdc01ba
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/keep-secure/user-account-control-detect-application-installations-and-prompt-for-elevation.md
index 178aa242b4..0c372cd6ee 100644
--- a/windows/keep-secure/user-account-control-detect-application-installations-and-prompt-for-elevation.md
+++ b/windows/keep-secure/user-account-control-detect-application-installations-and-prompt-for-elevation.md
@@ -2,7 +2,7 @@
 title: User Account Control Detect application installations and prompt for elevation (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Detect application installations and prompt for elevation security policy setting.
 ms.assetid: 3f8cb170-ba77-4c9f-abb3-c3ed1ef264fc
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md b/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md
index 8da09ab38e..e2e57dd1bd 100644
--- a/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md
@@ -1,9 +1,11 @@
 ---
 title: User Account Control Group Policy and registry key settings (Windows 10)
 description: Here's a list of UAC  Group Policy and registry key settings that your organization can use to manage UAC.
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
 ---
 
 # User Account Control Group Policy and registry key settings
diff --git a/windows/keep-secure/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/keep-secure/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
index 19768449e0..76edee3e01 100644
--- a/windows/keep-secure/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
+++ b/windows/keep-secure/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
@@ -2,7 +2,7 @@
 title: User Account Control Only elevate executables that are signed and validated (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Only elevate executables that are signed and validated security policy setting.
 ms.assetid: 64950a95-6985-4db6-9905-1db18557352d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/keep-secure/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
index 890ec0f2ff..be21f041f5 100644
--- a/windows/keep-secure/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
+++ b/windows/keep-secure/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
@@ -2,7 +2,7 @@
 title: User Account Control Only elevate UIAccess applications that are installed in secure locations (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Only elevate UIAccess applications that are installed in secure locations security policy setting.
 ms.assetid: 4333409e-a5be-4f2f-8808-618f53abd22c
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-overview.md b/windows/keep-secure/user-account-control-overview.md
index ccabf37ce1..32edfe0160 100644
--- a/windows/keep-secure/user-account-control-overview.md
+++ b/windows/keep-secure/user-account-control-overview.md
@@ -2,7 +2,7 @@
 title: User Account Control (Windows 10)
 description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
 ms.assetid: 43ac4926-076f-4df2-84af-471ee7d20c38
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: operate
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/keep-secure/user-account-control-run-all-administrators-in-admin-approval-mode.md
index 63ac1e4a65..61664f5a6e 100644
--- a/windows/keep-secure/user-account-control-run-all-administrators-in-admin-approval-mode.md
+++ b/windows/keep-secure/user-account-control-run-all-administrators-in-admin-approval-mode.md
@@ -2,7 +2,7 @@
 title: User Account Control Run all administrators in Admin Approval Mode (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Run all administrators in Admin Approval Mode security policy setting.
 ms.assetid: b838c561-7bfc-41ef-a7a5-55857259c7bf
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-security-policy-settings.md b/windows/keep-secure/user-account-control-security-policy-settings.md
index 569bf9892e..45bf5fb129 100644
--- a/windows/keep-secure/user-account-control-security-policy-settings.md
+++ b/windows/keep-secure/user-account-control-security-policy-settings.md
@@ -2,8 +2,8 @@
 title: User Account Control security policy settings (Windows 10)
 description: You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy.
 ms.assetid: 3D75A9AC-69BB-4EF2-ACB3-1769791E1B98
-ms.prod: W10
-ms.mktglfcycl: operate
+ms.prod: w10
+ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
diff --git a/windows/keep-secure/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/keep-secure/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
index ee510bb52e..85c36101a5 100644
--- a/windows/keep-secure/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
+++ b/windows/keep-secure/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
@@ -2,7 +2,7 @@
 title: User Account Control Switch to the secure desktop when prompting for elevation (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Switch to the secure desktop when prompting for elevation security policy setting.
 ms.assetid: 77a067db-c70d-4b02-9861-027503311b8b
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/keep-secure/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
index afc3766b73..8501495c6b 100644
--- a/windows/keep-secure/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
+++ b/windows/keep-secure/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
@@ -2,7 +2,7 @@
 title: User Account Control Virtualize file and registry write failures to per-user locations (Windows 10)
 description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Virtualize file and registry write failures to per-user locations security policy setting.
 ms.assetid: a7b47420-cc41-4b1c-b03e-f67a05221261
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/user-rights-assignment.md b/windows/keep-secure/user-rights-assignment.md
index 401613dde1..59979d3158 100644
--- a/windows/keep-secure/user-rights-assignment.md
+++ b/windows/keep-secure/user-rights-assignment.md
@@ -2,7 +2,7 @@
 title: User Rights Assignment (Windows 10)
 description: Provides an overview and links to information about the User Rights Assignment security policy settings user rights that are available in Windows.
 ms.assetid: 99340252-60be-4c79-b0a5-56fbe1a9b0c5
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/keep-secure/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
index 13d5fc93e5..a26cffe188 100644
--- a/windows/keep-secure/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
+++ b/windows/keep-secure/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md
@@ -2,7 +2,7 @@
 title: Using advanced security auditing options to monitor dynamic access control objects (Windows 10)
 description: This guide explains the process of setting up advanced security auditing capabilities that are made possible through settings and events that were introduced in Windows 8 and Windows Server 2012.
 ms.assetid: 0d2c28ea-bdaf-47fd-bca2-a07dce5fed37
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/using-event-viewer-with-applocker.md b/windows/keep-secure/using-event-viewer-with-applocker.md
index dcee6821bc..1b1b80e64f 100644
--- a/windows/keep-secure/using-event-viewer-with-applocker.md
+++ b/windows/keep-secure/using-event-viewer-with-applocker.md
@@ -2,7 +2,7 @@
 title: Using Event Viewer with AppLocker (Windows 10)
 description: This topic lists AppLocker events and describes how to use Event Viewer with AppLocker.
 ms.assetid: 109abb10-78b1-4c29-a576-e5a17dfeb916
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/using-software-restriction-policies-and-applocker-policies.md b/windows/keep-secure/using-software-restriction-policies-and-applocker-policies.md
index 54b12a4568..8a427064fb 100644
--- a/windows/keep-secure/using-software-restriction-policies-and-applocker-policies.md
+++ b/windows/keep-secure/using-software-restriction-policies-and-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Use Software Restriction Policies and AppLocker policies (Windows 10)
 description: This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment.
 ms.assetid: c3366be7-e632-4add-bd10-9df088f74c6d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/view-the-security-event-log.md b/windows/keep-secure/view-the-security-event-log.md
index 745195b4f3..388d32ddc8 100644
--- a/windows/keep-secure/view-the-security-event-log.md
+++ b/windows/keep-secure/view-the-security-event-log.md
@@ -2,7 +2,7 @@
 title: View the security event log (Windows 10)
 description: The security log records each event as defined by the audit policies you set on each object.
 ms.assetid: 20DD2ACD-241A-45C5-A92F-4BE0D9F198B9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/vpn-profile-options.md b/windows/keep-secure/vpn-profile-options.md
index 6f336cc6e6..77c548ec2a 100644
--- a/windows/keep-secure/vpn-profile-options.md
+++ b/windows/keep-secure/vpn-profile-options.md
@@ -2,10 +2,10 @@
 title: VPN profile options (Windows 10)
 description: Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect.
 ms.assetid: E3F99DF9-863D-4E28-BAED-5C1B1B913523
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.pagetype: networking
+ms.pagetype: security, networking
 author: jdeckerMS
 ---
 
diff --git a/windows/keep-secure/what-is-applocker.md b/windows/keep-secure/what-is-applocker.md
index b4d758df7b..c3b47e88d5 100644
--- a/windows/keep-secure/what-is-applocker.md
+++ b/windows/keep-secure/what-is-applocker.md
@@ -2,7 +2,7 @@
 title: What Is AppLocker (Windows 10)
 description: This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies.
 ms.assetid: 44a8a2bb-0f83-4f95-828e-1f364fb65869
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/keep-secure/which-editions-of-windows-support-advanced-audit-policy-configuration.md
index c60d303826..4428ed173d 100644
--- a/windows/keep-secure/which-editions-of-windows-support-advanced-audit-policy-configuration.md
+++ b/windows/keep-secure/which-editions-of-windows-support-advanced-audit-policy-configuration.md
@@ -2,7 +2,7 @@
 title: Which editions of Windows support advanced audit policy configuration (Windows 10)
 description: This reference topic for the IT professional describes which versions of the Windows operating systems support advanced security auditing policies.
 ms.assetid: 87c71cc5-522d-4771-ac78-34a2a0825f31
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/why-a-pin-is-better-than-a-password.md b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
index 5afeb6f914..21d3ce97d3 100644
--- a/windows/keep-secure/why-a-pin-is-better-than-a-password.md
+++ b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
@@ -3,7 +3,7 @@ title: Why a PIN is better than a password (Windows 10)
 description: Microsoft Passport in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password .
 ms.assetid: A6FC0520-01E6-4E90-B53D-6C4C4E780212
 keywords: pin, security, password
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/windows-10-enterprise-security-guides.md b/windows/keep-secure/windows-10-enterprise-security-guides.md
index 510675e4ff..30f130d499 100644
--- a/windows/keep-secure/windows-10-enterprise-security-guides.md
+++ b/windows/keep-secure/windows-10-enterprise-security-guides.md
@@ -2,10 +2,10 @@
 title: Enterprise security guides (Windows 10)
 description: Get proven guidance to help you better secure and protect your enterprise by using technologies such as Credential Guard, Device Guard, Microsoft Passport, and Windows Hello. This section offers technology overviews and step-by-step guides.
 ms.assetid: 57134f84-bd4b-4b1d-b663-4a2d36f5a7f8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.pagetype: security
+ms.pagetype: security, devices
 author: challum
 
 ---
diff --git a/windows/keep-secure/windows-10-mobile-security-guide.md b/windows/keep-secure/windows-10-mobile-security-guide.md
index 1008003440..16389caf95 100644
--- a/windows/keep-secure/windows-10-mobile-security-guide.md
+++ b/windows/keep-secure/windows-10-mobile-security-guide.md
@@ -3,10 +3,10 @@ title: Windows 10 Mobile security guide (Windows 10)
 description: This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
 ms.assetid: D51EF508-699E-4A68-A7CD-91D821A97205
 keywords: data protection, encryption, malware resistance, smartphone, device, Windows Store
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: security; mobile
+ms.pagetype: security, mobile
 author: AMeeus
 ---
 
diff --git a/windows/keep-secure/windows-10-security-guide.md b/windows/keep-secure/windows-10-security-guide.md
index 2c0402513c..bb757267bb 100644
--- a/windows/keep-secure/windows-10-security-guide.md
+++ b/windows/keep-secure/windows-10-security-guide.md
@@ -3,7 +3,7 @@ title: Windows 10 security overview (Windows 10)
 description: This guide provides a detailed description of the most important security improvements in the Windows 10 operating system, with links to more detailed articles about many of its security features.
 ms.assetid: 4561D80B-A914-403C-A17C-3BE6FC95B59B
 keywords: configure, feature, file encryption
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index 9567620fcb..bae239bf1c 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -3,9 +3,10 @@ title: Windows Defender Advanced Threat Protection - Windows Defender
 description: Windows Defender Advanced Threat Protection is an enterprise security service that helps detect and respond to possible cybersecurity threats related to advanced persistent threats.
 keywords: introduction to Windows Defender Advanced Threat Protection, introduction to Windows Defender ATP, cybersecurity, advanced persistent threat, enterprise security, endpoint behavioral sensor, cloud security, analytics, threat intelligence
 search.product: eADQiWindows 10XVcnh
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: mjcaparas
 ---
 
diff --git a/windows/keep-secure/windows-defender-in-windows-10.md b/windows/keep-secure/windows-defender-in-windows-10.md
index 72d8554def..2dc00afede 100644
--- a/windows/keep-secure/windows-defender-in-windows-10.md
+++ b/windows/keep-secure/windows-defender-in-windows-10.md
@@ -2,7 +2,7 @@
 title: Windows Defender in Windows 10 (Windows 10)
 description: This topic provides an overview of Windows Defender, including a list of system requirements and new features.
 ms.assetid: 6A9EB85E-1F3A-40AC-9A47-F44C4A2B55E2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/windows-hello-in-enterprise.md b/windows/keep-secure/windows-hello-in-enterprise.md
index 7b9bed5681..40a4efa80a 100644
--- a/windows/keep-secure/windows-hello-in-enterprise.md
+++ b/windows/keep-secure/windows-hello-in-enterprise.md
@@ -2,10 +2,11 @@
 title: Windows Hello biometrics in the enterprise (Windows 10)
 description: Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition.
 ms.assetid: d3f27d94-2226-4547-86c0-65c84d6df8Bc
-keywords: ["Windows Hello", "enterprise biometrics"]
-ms.prod: W10
+keywords: Windows Hello, enterprise biometrics
+ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
+ms.pagetype: security
 author: eross-msft
 ---
 
diff --git a/windows/keep-secure/windows-installer-rules-in-applocker.md b/windows/keep-secure/windows-installer-rules-in-applocker.md
index b12d94b8ef..65a86eddfc 100644
--- a/windows/keep-secure/windows-installer-rules-in-applocker.md
+++ b/windows/keep-secure/windows-installer-rules-in-applocker.md
@@ -2,7 +2,7 @@
 title: Windows Installer rules in AppLocker (Windows 10)
 description: This topic describes the file formats and available default rules for the Windows Installer rule collection.
 ms.assetid: 3fecde5b-88b3-4040-81fa-a2d36d052ec9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/working-with-applocker-policies.md b/windows/keep-secure/working-with-applocker-policies.md
index 8963fa665b..219638880c 100644
--- a/windows/keep-secure/working-with-applocker-policies.md
+++ b/windows/keep-secure/working-with-applocker-policies.md
@@ -2,7 +2,7 @@
 title: Working with AppLocker policies (Windows 10)
 description: This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.
 ms.assetid: 7062d2e0-9cbb-4cb8-aa8c-b24945c3771d
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/keep-secure/working-with-applocker-rules.md b/windows/keep-secure/working-with-applocker-rules.md
index 762d21c78a..9c528133ef 100644
--- a/windows/keep-secure/working-with-applocker-rules.md
+++ b/windows/keep-secure/working-with-applocker-rules.md
@@ -2,7 +2,7 @@
 title: Working with AppLocker rules (Windows 10)
 description: This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies.
 ms.assetid: 3966b35b-f2da-4371-8b5f-aec031db6bc9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security

From dc32c183742565f7544bf2aec63893ce376e89ca Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 31 May 2016 07:34:12 -0700
Subject: [PATCH 39/92] changed IE to Edge

---
 .../keep-secure/change-history-for-keep-windows-10-secure.md  | 3 ++-
 .../installing-digital-certificates-on-windows-10-mobile.md   | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 3c7d6abdfe..53fc6a0ef7 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -16,10 +16,11 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 
 |New or changed topic | Description |
 |----------------------|-------------|
+| [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) | Changed Internet Explorer to Microsoft Edge |
 | [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. |
 | [Microsoft Passport guide](microsoft-passport-guide.md) | Updated Roadmap section content |
-| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
 |[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md) |Updated info based on changes to the features and functionality.|
+| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
 
 ## April 2016
 
diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 33f7e83a76..6bd8e60c5d 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -22,7 +22,7 @@ Certificates in Windows 10 Mobile are primarily used for the following purposes
 -   To authenticate a user to a reverse proxy server that is used to enable Microsoft Exchange ActiveSync (EAS) for email.
 -   For installation and licensing of applications (from the Windows Phone Store or a custom company distribution site).
 
-## Install certificates using Internet Explorer
+## Install certificates using Microsoft Edge
 
 A certificate can be posted on a website and made available to users through a device-accessible URL that they can use to download the certificate. When a user accesses the page and taps the certificate, it opens on the device. The user can inspect the certificate, and if they choose to continue, the certificate is installed on the Windows 10 Mobile device.
 
@@ -42,7 +42,7 @@ Windows 10 Mobile supports root, CA, and client certificate to be configured vi
 3.  The trusted CA certificate is installed directly during MDM request.
 4.  The device accepts certificate enrollment request.
 5.  The device generates private/public key pair.
-6.  The device connects to Internet facing point exposed by MDM server.
+6.  The device connects to Internet-facing point exposed by MDM server.
 7.  MDM server creates a certificate that is signed with proper CA certificate and returns it to device.
 
     > **Note:**  The device supports the pending function to allow server side to do additional verification before issuing the cert. In this case, a pending status is sent back to the device. The device will periodically contact the server, based on preconfigured retry count and retry period parameters. Retrying ends when either:

From ef69c25c81194eb00e39b8b4216ebf6b5605bc78 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 12:07:59 -0700
Subject: [PATCH 40/92] checking in 7707381

---
 ...rade-a-windows-phone-8-1-to-10-with-mdm.md | 112 ++++++++++++++++++
 ...rade-a-windows-phone-8-1-to-10-with-mdm.md | Bin 0 -> 162 bytes
 2 files changed, 112 insertions(+)
 create mode 100644 windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md
 create mode 100644 windows/deploy/~$grade-a-windows-phone-8-1-to-10-with-mdm.md

diff --git a/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md b/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md
new file mode 100644
index 0000000000..bbf295e678
--- /dev/null
+++ b/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md
@@ -0,0 +1,112 @@
+**How to enable a Windows Phone 8.1 upgrade to Windows 10 Mobile in an MDM environment **
+
+Summary
+=======
+
+This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. See the section to determine whether your device is eligible for the update.
+The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must "opt-in" to be offered the upgrade.
+For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in.
+For Enterprises, Microsoft is offering a centralized management solution through Mobile Device Management (MDM) that can push a management policy to each eligible device to perform the opt-in.
+If you use a list of allowed apps (whitelisting) through MDM, see the documentation [here](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056(v=vs.85).aspx#whitelist) to make sure system apps are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are known issues listed in the documentation that could adversely affect the device after you upgrade. See this documentation for rules to avoid.
+Some enterprises may want to control the availability of the Windows 10 Mobile upgrade to their users. With the opt-in model, the enterprise can blacklist the Upgrade Advisor app to prevent their users from upgrading prematurely. For more information about how to blacklist the Upgrade Advisor app, see the  section. Enterprises that have blacklisted the Upgrade Advisor app can use the solution that's described in this article to select the upgrade timing on a per-device basis.
+
+More information
+================
+
+To provide enterprises with a solution that's independent of the Upgrade Advisor, a new registry key in the registry configuration service provider (CSP) is available. A special GUID key value is defined. When Microsoft Update (MU) detects the presence of the registry key value on a device, any available upgrade will be made available to the device.
+
+Prerequisites
+-------------
+
+-   Windows Phone 8.1 device with an available upgrade to Windows 10 Mobile.
+
+-   Device connected to Wi-Fi or cellular network to perform scan for upgrade.
+
+-   Device is already enrolled with a MDM session.
+
+-   Device is able to receive the management policy.
+
+-   MDM is capable of pushing the management policy to devices. (The minimum version for popular MDM providers that support the solution in this article are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.)
+
+**Instructions for the MDM server**
+
+The registry CSP is used to push the GUID value to the following registry key for which the Open Mobile Alliance (OMA) Device Management (DM) client has Read/Write access and for which the Device Update service has Read access.
+
+| \[HKLM\\Software\\Microsoft\\Provisioning\\OMADM\]         
+ "EnterpriseUpgrade"="d369c9b6-2379-466d-9162-afc53361e3c2”  |
+|------------------------------------------------------------|
+
+The complete SyncML command for the solution is as follows.
+**Note**: The SyncML may vary, depending on your MDM solution.
+
+SyncML xmlns="SYNCML:SYNCML1.1"&gt;
+
+&lt;SyncBody&gt;
+
+&lt;Add&gt;
+
+&lt;CmdID&gt;250&lt;/CmdID&gt;
+
+&lt;Item&gt;
+
+&lt;Target&gt;
+
+&lt;LocURI&gt;./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/ EnterpriseUpgrade&lt;/LocURI&gt;
+
+&lt;/Target&gt;
+
+&lt;Meta&gt;
+
+&lt;Format xmlns=”syncml:metinf”&gt;chr&lt;/Format&gt;
+
+&lt;/Meta&gt;
+
+&lt;Data&gt;d369c9b6-2379-466d-9162-afc53361e3c2&lt;/Data&gt;
+
+&lt;/Item&gt;
+
+&lt;/Add&gt;
+
+&lt;Final/&gt;
+
+&lt;/SyncBody&gt;
+
+&lt;/SyncML&gt;
+
+The OMA DM server policy description is provided in the following table:
+
+| OMA-URI   | ./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade |
+|-----------|-------------------------------------------------------------------------------------|
+| Data Type | String                                                                              |
+| Value     | d369c9b6-2379-466d-9162-afc53361e3c2                                                |
+
+After the device consumes the policy, it will be able to receive an available upgrade.
+To disable the policy, either delete the OMADM registry key or set the EnterpriseUpgrade string value to anything other than the GUID.
+
+How to determine whether an upgrade is available for a device
+-------------------------------------------------------------
+
+The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process.
+However, the Windows 10 Mobile Upgrade Advisor app is the best mechanism to determine when an upgrade is available. The app dynamically queries whether the upgrade is released for this device model and associated mobile operator (MO).
+We recommend that enterprises use a pilot device with the Windows 10 Mobile Upgrade Advisor app installed. The pilot device provides the device model and MO used by the enterprise. When you run the app on the pilot device, it will tell you that either an upgrade is available, that the device is eligible for upgrade, or that an upgrade is not available for this device.
+Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 mobile](https://www.microsoft.com/en/mobile/windows10) page.
+
+How to blacklist the Upgrade Advisor app
+----------------------------------------
+
+Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows Phone Upgrade Adviser is listed in the following location:
+
+<http://windowsphone.com/s?appid=fbe47e4f-7769-4103-910e-dca8c43e0b07>
+
+For more information about how to do this, see the [Try it out: restrict Windows Phone 8.1 apps](https://technet.microsoft.com/en-us/windows/dn771706.aspx) topic on TechNet
+
+Applies to 
+===========
+
+-   Windows 10 Mobile Enterprise, released in November 2015
+
+-   Windows 10 Mobile, released in November 2015
+
+-   Windows Phone 8.1
+
+-   Windows Phone 8 for Business
diff --git a/windows/deploy/~$grade-a-windows-phone-8-1-to-10-with-mdm.md b/windows/deploy/~$grade-a-windows-phone-8-1-to-10-with-mdm.md
new file mode 100644
index 0000000000000000000000000000000000000000..29df01d4b1acd246110856092acada5dcdb58c42
GIT binary patch
literal 162
zcmd;aFG@{U@X5?eDNd|pAQtd2xHA+nq%x#4C@}aiWHRJ2q%agSBr?EExY52vkwKH8
o=f&2W{ER?DK^Pe@>NB!}_*dIEDl%v>^n?P<30U+USqYpC0E-_J^8f$<

literal 0
HcmV?d00001


From 04380fad158098617954dca734cf9f78534e73a0 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 12:26:50 -0700
Subject: [PATCH 41/92] checking in 7707381 again

---
 windows/deploy/TOC.md                             |   1 +
 .../upgrade-a-windows-phone-8-1-to-10-with-mdm.md |   2 +-
 .../~$grade-a-windows-phone-8-1-to-10-with-mdm.md | Bin 162 -> 0 bytes
 3 files changed, 2 insertions(+), 1 deletion(-)
 delete mode 100644 windows/deploy/~$grade-a-windows-phone-8-1-to-10-with-mdm.md

diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index af7eb425d9..0ac0d202d8 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -11,6 +11,7 @@
 ### [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
 ### [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
 ### [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
+### [Enable a Windows Phone 8.1 upgrade to Windows 10 Mobile in an MDM environment](upgrade-a-windows-phone-8-1-to-10-with-mdm.md)
 ### [Configure MDT settings](configure-mdt-2013-settings.md)
 #### [Set up MDT for BitLocker](set-up-mdt-2013-for-bitlocker.md)
 #### [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
diff --git a/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md b/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md
index bbf295e678..1833cb22c9 100644
--- a/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md
+++ b/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md
@@ -1,4 +1,4 @@
-**How to enable a Windows Phone 8.1 upgrade to Windows 10 Mobile in an MDM environment **
+**Enable a Windows Phone 8.1 upgrade to Windows 10 Mobile in an MDM environment **
 
 Summary
 =======
diff --git a/windows/deploy/~$grade-a-windows-phone-8-1-to-10-with-mdm.md b/windows/deploy/~$grade-a-windows-phone-8-1-to-10-with-mdm.md
deleted file mode 100644
index 29df01d4b1acd246110856092acada5dcdb58c42..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 162
zcmd;aFG@{U@X5?eDNd|pAQtd2xHA+nq%x#4C@}aiWHRJ2q%agSBr?EExY52vkwKH8
o=f&2W{ER?DK^Pe@>NB!}_*dIEDl%v>^n?P<30U+USqYpC0E-_J^8f$<


From fb0f31b3d89b1ed523fd77b7be5ce36819e8b066 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 13:14:07 -0700
Subject: [PATCH 42/92] formatting fixes

---
 windows/deploy/TOC.md                         |  1 -
 .../deploy/upgrade-windows-phone-8-1-to-10.md | 27 +++++++++++++------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index 0ac0d202d8..f21c7050b3 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -21,7 +21,6 @@
 #### [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt-2013.md)
 #### [Use web services in MDT](use-web-services-in-mdt-2013.md)
 #### [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt-2013.md)
-### [Upgrade Windows Phone 8.1 to Windows 10](upgrade-windows-phone-8-1-to-10.md)
 ## [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
 ### [Integrate Configuration Manager with MDT 2013 Update 2](integrate-configuration-manager-with-mdt-2013.md)
 ### [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index 659792f6e8..0094c456c4 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -1,6 +1,6 @@
 ---
-title: Deploy Windows 10 using PXE (Windows 10)
-description: PXE-initiated operating system deployments in System Center Configuration Manager let client computers request and deploy operating systems over the network. In this operating system deployment scenario, the operating system image and both the x86 and x64 Windows PE boot images are sent to a distribution point that is configured to accept PXE boot requests. 
+title: Upgrade Windows Phone 8.1 to Windows 10 Mobile in an MDM environment (Windows 10)
+description: This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. 
 keywords: upgrade, update, windows, phone, windows 10, mdm, mobile
 ms.prod: W10
 ms.mktglfcycl: deploy
@@ -14,7 +14,7 @@ author: greg-lindsay
 ## Summary
 This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. See the How to determine whether an upgrade is available for a device section to determine whether your device is eligible for the update.
 
-The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must "opt-in" to be offered the upgrade.
+The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must opt-in to be offered the upgrade.
 
 For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in.
 
@@ -30,23 +30,27 @@ To provide enterprises with a solution that's independent of the Upgrade Advisor
 
 ### Prerequisites
 
-•Windows Phone 8.1 device with an available upgrade to Windows 10 Mobile.
-•Device connected to Wi-Fi or cellular network to perform scan for upgrade.
-•Device is already enrolled with a MDM session.
-•Device is able to receive the management policy.
-•MDM is capable of pushing the management policy to devices. (The minimum version for popular MDM providers that support the solution in this article are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.)
+- Windows Phone 8.1 device with an available upgrade to Windows 10 Mobile.
+- Device connected to Wi-Fi or cellular network to perform scan for upgrade.
+- Device is already enrolled with a MDM session.
+- Device is able to receive the management policy.
+- MDM is capable of pushing the management policy to devices. (The minimum version for popular MDM providers that support the solution in this article are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.)
 
 ### Instructions for the MDM server
 
 The registry CSP is used to push the GUID value to the following registry key for which the Open Mobile Alliance (OMA) Device Management (DM) client has Read/Write access and for which the Device Update service has Read access.
 
+```
 [HKLM\Software\Microsoft\Provisioning\OMADM] 
 "EnterpriseUpgrade"="d369c9b6-2379-466d-9162-afc53361e3c2”
+```
+
 
 The complete SyncML command for the solution is as follows.
 
 Note The SyncML may vary, depending on your MDM solution.
 
+```
 SyncML xmlns="SYNCML:SYNCML1.1"> 
   <SyncBody>
     <Add>
@@ -64,12 +68,19 @@ SyncML xmlns="SYNCML:SYNCML1.1">
     <Final/>
   </SyncBody>
 </SyncML>
+```
 
 The OMA DM server policy description is provided in the following table:
 
+```
 OMA-URI  ./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade 
+```
+
 Data Type  String  
+```
 Value  d369c9b6-2379-466d-9162-afc53361e3c2 
+```
+
 After the device consumes the policy, it will be able to receive an available upgrade.
 
 To disable the policy, either delete the OMADM registry key or set the EnterpriseUpgrade string value to anything other than the GUID.

From 2cd38272b96304074967f3f01e81e9b8e3aecb6e Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Tue, 31 May 2016 13:14:56 -0700
Subject: [PATCH 43/92] article updates

Per Brandon's Sharepoint drafts
---
 devices/surface/TOC.md                                    | 2 +-
 .../advanced-uefi-security-features-for-surface.md        | 8 +++++---
 devices/surface/manage-surface-pro-3-firmware-updates.md  | 2 +-
 devices/surface/surface-diagnostic-toolkit.md             | 4 +++-
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md
index f7e3191aa7..77680e7199 100644
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@@ -1,5 +1,5 @@
 # [Surface](index.md)
-## [Advanced UEFI security features for Surface](advanced-uefi-security-features-for-surface.md)
+## [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
 ## [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)
 ## [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
 ## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)
diff --git a/devices/surface/advanced-uefi-security-features-for-surface.md b/devices/surface/advanced-uefi-security-features-for-surface.md
index ca850266d6..a122041eec 100644
--- a/devices/surface/advanced-uefi-security-features-for-surface.md
+++ b/devices/surface/advanced-uefi-security-features-for-surface.md
@@ -1,5 +1,5 @@
 ---
-title: Advanced UEFI security features for Surface (Surface)
+title: Advanced UEFI security features for Surface Pro 3 (Surface)
 description: This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.
 ms.assetid: 90F790C0-E5FC-4482-AD71-60589E3C9C93
 keywords: security, features, configure, hardware, device, custom, script, update
@@ -10,7 +10,7 @@ ms.sitesec: library
 author: miladCA
 ---
 
-# Advanced UEFI security features for Surface
+# Advanced UEFI security features for Surface Pro 3
 
 
 This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.
@@ -20,7 +20,9 @@ To address more granular control over the security of Surface devices, the v3.11
 ## Manually install the UEFI update
 
 
-Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically using Windows Update, see [How to configure and use Automatic Updates in Windows]( http://go.microsoft.com/fwlink/p/?LinkID=618030). Otherwise, you can download the UEFI update from the Microsoft Download Center; see [SurfacePro3\_ 150326.msi (105 MB)](http://go.microsoft.com/fwlink/p/?LinkID=618033) or [SurfacePro3\_ 150326.zip (156 MB)](http://go.microsoft.com/fwlink/p/?LinkID=618035).
+Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows]( http://go.microsoft.com/fwlink/p/?LinkID=618030).
+
+To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/en-us/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download Surface Firmware and Drivers Updates](https://technet.microsoft.com/en-us/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface Firmware and Driver Updates](https://technet.microsoft.com/en-us/itpro/surface/manage-surface-pro-3-firmware-updates).
 
 ## Manually configure additional security settings
 
diff --git a/devices/surface/manage-surface-pro-3-firmware-updates.md b/devices/surface/manage-surface-pro-3-firmware-updates.md
index 8e757fdaca..3bc069e706 100644
--- a/devices/surface/manage-surface-pro-3-firmware-updates.md
+++ b/devices/surface/manage-surface-pro-3-firmware-updates.md
@@ -34,7 +34,7 @@ For details about Group Policy for client configuration of WSUS or Windows Updat
 
 **Windows Installer Package**
 
-The firmware and driver downloads for Surface devices now include MSI installation files for firmware and driver updates. These MSI packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the MSI package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the MSI package, see the [Surface Pro 3 MSI Now Available](http://go.microsoft.com/fwlink/p/?LinkId=618173) blog post.
+The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](http://go.microsoft.com/fwlink/p/?LinkId=618173) blog post.
 
 For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=618175). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](http://go.microsoft.com/fwlink/p/?LinkId=618176). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
 
diff --git a/devices/surface/surface-diagnostic-toolkit.md b/devices/surface/surface-diagnostic-toolkit.md
index 4fa7514559..bcea29785f 100644
--- a/devices/surface/surface-diagnostic-toolkit.md
+++ b/devices/surface/surface-diagnostic-toolkit.md
@@ -125,7 +125,9 @@ If a Surface Type Cover is not detected, the test prompts you to connect the Typ
 
 >**Note:**&nbsp;&nbsp;This test is only applicable to Surface Book and requires that the Surface Book be docked to the keyboard.
 
-This test is essentially the same as the Type Cover test, except the integrated keyboard in the Surface Book base is tested rather than the Type Cover. Move the cursor and use the Windows key to bring up the Start menu to confirm that the touchpad and keyboard are operating successfully. This test will display the status of cursor movement and keyboard input for you to verify. Press **ESC** to complete the test.
+This test is essentially the same as the Type Cover test, except the integrated keyboard in the Surface Book base is tested rather than the Type Cover. During the first stage of this test a diagram of the keyboard is displayed. When you press a key, the corresponding key will be marked on the diagram. The test will proceed when every key in the diagram is marked. In the second stage of this test, you are prompted to make several gestures on the keypad. As you perform each gesture (for example, a three finger tap), the gesture will be marked on the screen. When you have performed all gestures, the test will automatically complete.
+
+>**Note:**&nbsp;&nbsp;The F-keys on the diagram require that you press the Function (FN) key simultaneously to activate them. By default, these keys perform other actions. For the Home and End keys, you must press the same keys as F8 and F9, but without the Function (FN) key pressed.
 
 #### Canvas mode battery test
 

From 5c95b50cd114fb996a6d48d9c6b520a9e045c69a Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 13:27:18 -0700
Subject: [PATCH 44/92] checking in 7707381

---
 windows/deploy/TOC.md                         |   2 +-
 ...rade-a-windows-phone-8-1-to-10-with-mdm.md | 112 ------------------
 2 files changed, 1 insertion(+), 113 deletions(-)
 delete mode 100644 windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md

diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index f21c7050b3..194b7c44f9 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -11,7 +11,7 @@
 ### [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
 ### [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
 ### [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-### [Enable a Windows Phone 8.1 upgrade to Windows 10 Mobile in an MDM environment](upgrade-a-windows-phone-8-1-to-10-with-mdm.md)
+### [Upgrade a Windows Phone 8.1 to Windows 10 Mobile using MDM](upgrade-a-windows-phone-8-1-to-10.md)
 ### [Configure MDT settings](configure-mdt-2013-settings.md)
 #### [Set up MDT for BitLocker](set-up-mdt-2013-for-bitlocker.md)
 #### [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
diff --git a/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md b/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md
deleted file mode 100644
index 1833cb22c9..0000000000
--- a/windows/deploy/upgrade-a-windows-phone-8-1-to-10-with-mdm.md
+++ /dev/null
@@ -1,112 +0,0 @@
-**Enable a Windows Phone 8.1 upgrade to Windows 10 Mobile in an MDM environment **
-
-Summary
-=======
-
-This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. See the section to determine whether your device is eligible for the update.
-The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must "opt-in" to be offered the upgrade.
-For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in.
-For Enterprises, Microsoft is offering a centralized management solution through Mobile Device Management (MDM) that can push a management policy to each eligible device to perform the opt-in.
-If you use a list of allowed apps (whitelisting) through MDM, see the documentation [here](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056(v=vs.85).aspx#whitelist) to make sure system apps are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are known issues listed in the documentation that could adversely affect the device after you upgrade. See this documentation for rules to avoid.
-Some enterprises may want to control the availability of the Windows 10 Mobile upgrade to their users. With the opt-in model, the enterprise can blacklist the Upgrade Advisor app to prevent their users from upgrading prematurely. For more information about how to blacklist the Upgrade Advisor app, see the  section. Enterprises that have blacklisted the Upgrade Advisor app can use the solution that's described in this article to select the upgrade timing on a per-device basis.
-
-More information
-================
-
-To provide enterprises with a solution that's independent of the Upgrade Advisor, a new registry key in the registry configuration service provider (CSP) is available. A special GUID key value is defined. When Microsoft Update (MU) detects the presence of the registry key value on a device, any available upgrade will be made available to the device.
-
-Prerequisites
--------------
-
--   Windows Phone 8.1 device with an available upgrade to Windows 10 Mobile.
-
--   Device connected to Wi-Fi or cellular network to perform scan for upgrade.
-
--   Device is already enrolled with a MDM session.
-
--   Device is able to receive the management policy.
-
--   MDM is capable of pushing the management policy to devices. (The minimum version for popular MDM providers that support the solution in this article are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.)
-
-**Instructions for the MDM server**
-
-The registry CSP is used to push the GUID value to the following registry key for which the Open Mobile Alliance (OMA) Device Management (DM) client has Read/Write access and for which the Device Update service has Read access.
-
-| \[HKLM\\Software\\Microsoft\\Provisioning\\OMADM\]         
- "EnterpriseUpgrade"="d369c9b6-2379-466d-9162-afc53361e3c2”  |
-|------------------------------------------------------------|
-
-The complete SyncML command for the solution is as follows.
-**Note**: The SyncML may vary, depending on your MDM solution.
-
-SyncML xmlns="SYNCML:SYNCML1.1"&gt;
-
-&lt;SyncBody&gt;
-
-&lt;Add&gt;
-
-&lt;CmdID&gt;250&lt;/CmdID&gt;
-
-&lt;Item&gt;
-
-&lt;Target&gt;
-
-&lt;LocURI&gt;./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/ EnterpriseUpgrade&lt;/LocURI&gt;
-
-&lt;/Target&gt;
-
-&lt;Meta&gt;
-
-&lt;Format xmlns=”syncml:metinf”&gt;chr&lt;/Format&gt;
-
-&lt;/Meta&gt;
-
-&lt;Data&gt;d369c9b6-2379-466d-9162-afc53361e3c2&lt;/Data&gt;
-
-&lt;/Item&gt;
-
-&lt;/Add&gt;
-
-&lt;Final/&gt;
-
-&lt;/SyncBody&gt;
-
-&lt;/SyncML&gt;
-
-The OMA DM server policy description is provided in the following table:
-
-| OMA-URI   | ./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade |
-|-----------|-------------------------------------------------------------------------------------|
-| Data Type | String                                                                              |
-| Value     | d369c9b6-2379-466d-9162-afc53361e3c2                                                |
-
-After the device consumes the policy, it will be able to receive an available upgrade.
-To disable the policy, either delete the OMADM registry key or set the EnterpriseUpgrade string value to anything other than the GUID.
-
-How to determine whether an upgrade is available for a device
--------------------------------------------------------------
-
-The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process.
-However, the Windows 10 Mobile Upgrade Advisor app is the best mechanism to determine when an upgrade is available. The app dynamically queries whether the upgrade is released for this device model and associated mobile operator (MO).
-We recommend that enterprises use a pilot device with the Windows 10 Mobile Upgrade Advisor app installed. The pilot device provides the device model and MO used by the enterprise. When you run the app on the pilot device, it will tell you that either an upgrade is available, that the device is eligible for upgrade, or that an upgrade is not available for this device.
-Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 mobile](https://www.microsoft.com/en/mobile/windows10) page.
-
-How to blacklist the Upgrade Advisor app
-----------------------------------------
-
-Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows Phone Upgrade Adviser is listed in the following location:
-
-<http://windowsphone.com/s?appid=fbe47e4f-7769-4103-910e-dca8c43e0b07>
-
-For more information about how to do this, see the [Try it out: restrict Windows Phone 8.1 apps](https://technet.microsoft.com/en-us/windows/dn771706.aspx) topic on TechNet
-
-Applies to 
-===========
-
--   Windows 10 Mobile Enterprise, released in November 2015
-
--   Windows 10 Mobile, released in November 2015
-
--   Windows Phone 8.1
-
--   Windows Phone 8 for Business

From 61d50538ddc63a8f2e055db516db249b5509392d Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Tue, 31 May 2016 13:27:27 -0700
Subject: [PATCH 45/92] fixed typos

---
 ...-windows-telemetry-in-your-organization.md | 25 ++++++++-----------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/windows/manage/configure-windows-telemetry-in-your-organization.md b/windows/manage/configure-windows-telemetry-in-your-organization.md
index 58de9307b7..5cc81e98f4 100644
--- a/windows/manage/configure-windows-telemetry-in-your-organization.md
+++ b/windows/manage/configure-windows-telemetry-in-your-organization.md
@@ -14,8 +14,7 @@ keywords: privacy
 
 Use this article to make informed decisions about how you can configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For the purpose of this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to keep Windows devices secure, and to help Microsoft improve the quality of Windows and Microsoft services.
 
-**Note**  
-This article does not apply to System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager because those components use a different telemetry service than Windows and Windows Server.
+>**Note:**  This article does not apply to System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager because those components use a different telemetry service than Windows and Windows Server.
 
 It describes the types of telemetry we gather and the ways you can manage its telemetry. This article also lists some examples of how telemetry can provide you with valuable insights into your enterprise deployments, and how Microsoft uses the data to quickly identify and address issues affecting its customers.
 
@@ -29,7 +28,7 @@ Microsoft is committed to improving customer experiences in a mobile-first and c
 
 Our goal is to leverage the aggregated data to drive changes in the product and ecosystem to improve our customer experiences. We are also partnering with enterprises to provide added value from the telemetry information shared by their devices. Some examples include identifying outdated patches and downloading the latest antimalware signatures to help keep their devices secure, identifying application compatibility issues prior to upgrades, and gaining insights into driver reliability issues affecting other customers.
 
-For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for youcr organization.
+For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization.
 
 ## How is telemetry data handled by Microsoft?
 
@@ -91,8 +90,7 @@ The levels are cumulative and are illustrated in the following diagram. These le
 
 The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests secure with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and IoT Core editions.
 
-**Note**  
-If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
+> **Note:**  If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
 
 Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is telemetry data about Windows Server features or System Center gathered.
 
@@ -104,8 +102,7 @@ The data gathered at this level includes:
 
 -   **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
 
-    **Note**  
-    You can turn off the MSRT infection report. No MSRT information is included if MSRT is not used. If Windows Update is turned off, MSRT will not be offered to users. For more info, see Microsoft KB article [891716](http://support.microsoft.com/kb/891716).
+    >**Note:**  You can turn off the MSRT infection report. No MSRT information is included if MSRT is not used. If Windows Update is turned off, MSRT will not be offered to users. For more info, see Microsoft KB article [891716](http://support.microsoft.com/kb/891716).
 
      
 
@@ -128,7 +125,7 @@ The Basic level gathers a limited set of data that’s critical for understandin
 
 The data gathered at this level includes:
 
--   **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 Technical Previewinstances in the ecosystem, including:
+-   **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 Technical Preview instances in the ecosystem, including:
 
     -   Device attributes, such as camera resolution and display type
 
@@ -152,7 +149,7 @@ The data gathered at this level includes:
 
 -   **Compatibility data**. Helps provide an understanding about which apps are installed on a device or virtual machine and identifies potential compatibility problems.
 
-    -   **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade.This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage.
+    -   **General app data and app data for Internet Explorer add-ons**. Includes a list of apps that are installed on a native or virtualized instance of the OS and whether these apps function correctly after an upgrade. This app data includes the app name, publisher, version, and basic details about which files have been blocked from usage.
 
     -   **App usage data**. Includes how an app is used, including how long an app is used for, when the app has focus, and when the app is started
 
@@ -168,7 +165,7 @@ The data gathered at this level includes:
 
 ### Enhanced level
 
-The Enhanced level gathers data about how Windows and apps are used and how they perform. This level also includes data from both the **Basic** and **Security** levels. This level helps to improve the user experiencewith the operating system and apps. Data from this level can be abstracted into patterns and trends that can help Microsoft determine future improvements.
+The Enhanced level gathers data about how Windows and apps are used and how they perform. This level also includes data from both the **Basic** and **Security** levels. This level helps to improve the user experience with the operating system and apps. Data from this level can be abstracted into patterns and trends that can help Microsoft determine future improvements.
 
 This is the default level, and the minimum level needed to quickly identify and address Windows, Windows Server, and System Center quality issues.
 
@@ -204,8 +201,7 @@ However, before more data is gathered, Microsoft’s privacy governance team, in
 
 We do not recommend that you turn off telemetry in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center.
 
-**Important**  
-These telemetry levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experience and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. You should work with your app vendors to understand their telemetry policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses telemetry, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx).
+>**Important:**  These telemetry levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experience and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. You should work with your app vendors to understand their telemetry policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses telemetry, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx).
 
 You can turn on or turn off System Center telemetry gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center telemetry is turned on. However, setting the operating system telemetry level to **Basic** will turn off System Center telemetry, even if the System Center telemetry switch is turned on.
 
@@ -213,7 +209,7 @@ The lowest telemetry setting level supported through management policies is **Se
 
 ### Configure the operating system telemetry level
 
-You can configure your operating system telemetry settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your telemetry levels through a management policy overrides any devicelevel settings.
+You can configure your operating system telemetry settings using the management tools you’re already using, such as Group Policy, MDM, or Windows Provisioning. You can also manually change your settings using Registry Editor. Setting your telemetry levels through a management policy overrides any device level settings.
 
 Use the appropriate value in the table below when you configure the management policy.
 
@@ -274,8 +270,7 @@ There are a few more settings that you can turn off that may send telemetry info
 
 -   Turn off **Linguistic Data Collection** in **Settings** &gt; **Privacy**. At telemetry levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
 
-    **Note**  
-    Microsoft do not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
+    >**Note:**  Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
 
      
 

From 3c16f5bca1ac8b90e3b345bb0cf369a6955e6154 Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Tue, 31 May 2016 13:28:04 -0700
Subject: [PATCH 46/92] changed title

---
 ...ce.md => advanced-uefi-security-features-for-surface-pro-3.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename devices/surface/{advanced-uefi-security-features-for-surface.md => advanced-uefi-security-features-for-surface-pro-3.md} (100%)

diff --git a/devices/surface/advanced-uefi-security-features-for-surface.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
similarity index 100%
rename from devices/surface/advanced-uefi-security-features-for-surface.md
rename to devices/surface/advanced-uefi-security-features-for-surface-pro-3.md

From b6494a061c05f6a5a3041fad6bca6ddfd3d12f40 Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Tue, 31 May 2016 13:42:46 -0700
Subject: [PATCH 47/92] fixed title in index

---
 devices/surface/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/surface/index.md b/devices/surface/index.md
index d0bb077b72..447cdeea27 100644
--- a/devices/surface/index.md
+++ b/devices/surface/index.md
@@ -35,7 +35,7 @@ For more information on planning for, deploying, and managing Surface devices in
 </thead>
 <tbody>
 <tr class="odd">
-<td><p>[Advanced UEFI security features for Surface](advanced-uefi-security-features-for-surface.md)</p></td>
+<td><p>[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)</p></td>
 <td><p>Find out how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.</p></td>
 </tr>
 <tr class="even">

From 7258705cce0b1159a41e98d33edd1bc834262174 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 13:48:03 -0700
Subject: [PATCH 48/92] fixing TOC

---
 windows/deploy/TOC.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index 194b7c44f9..86ea7532e1 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -11,7 +11,6 @@
 ### [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)
 ### [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)
 ### [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)
-### [Upgrade a Windows Phone 8.1 to Windows 10 Mobile using MDM](upgrade-a-windows-phone-8-1-to-10.md)
 ### [Configure MDT settings](configure-mdt-2013-settings.md)
 #### [Set up MDT for BitLocker](set-up-mdt-2013-for-bitlocker.md)
 #### [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)

From 84a283998387179ee7f8e170b694006a51362280 Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Tue, 31 May 2016 14:06:23 -0700
Subject: [PATCH 49/92] fixed linking text to match articles

---
 .../advanced-uefi-security-features-for-surface-pro-3.md        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
index a122041eec..c90f8d9b3a 100644
--- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
+++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
@@ -22,7 +22,7 @@ To address more granular control over the security of Surface devices, the v3.11
 
 Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows]( http://go.microsoft.com/fwlink/p/?LinkID=618030).
 
-To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/en-us/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download Surface Firmware and Drivers Updates](https://technet.microsoft.com/en-us/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface Firmware and Driver Updates](https://technet.microsoft.com/en-us/itpro/surface/manage-surface-pro-3-firmware-updates).
+To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/en-us/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/en-us/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/en-us/itpro/surface/manage-surface-pro-3-firmware-updates).
 
 ## Manually configure additional security settings
 

From e7c787afb0fff61daedfddd50930117d6c5a49db Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 14:13:39 -0700
Subject: [PATCH 50/92] changed index.md and updated 7707381

---
 windows/deploy/TOC.md                             |  4 ++--
 windows/deploy/index.md                           |  4 ++--
 windows/deploy/upgrade-windows-phone-8-1-to-10.md | 12 ++++--------
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index 86ea7532e1..d0819639d7 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -1,5 +1,4 @@
 # [Deploy Windows 10](index.md)
-## [Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md)
 ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 ## [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
 ### [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
@@ -38,6 +37,7 @@
 ## [Windows 10 edition upgrade](windows-10-edition-upgrades.md)
 ## [Deploy Windows To Go in your organization](deploy-windows-to-go.md)
 ## [Update Windows 10 images with provisioning packages](update-windows-10-images-with-provisioning-packages.md)
+## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade-windows-phone-8-1-to-10.md)
 ## [Sideload apps in Windows 10](sideload-apps-in-windows-10.md)
 ## [Volume Activation [client]](volume-activation-windows-10.md)
 ### [Plan for volume activation [client]](plan-for-volume-activation-client.md)
@@ -133,4 +133,4 @@
 ###### [Recognized Environment Variables](usmt-recognized-environment-variables.md)
 ###### [XML Elements Library](usmt-xml-elements-library.md)
 ##### [Offline Migration Reference](offline-migration-reference.md)
-
+## [Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md)
diff --git a/windows/deploy/index.md b/windows/deploy/index.md
index 0e5d1a0f8b..defe5b7387 100644
--- a/windows/deploy/index.md
+++ b/windows/deploy/index.md
@@ -15,7 +15,6 @@ Learn about deploying Windows 10 for IT professionals.
 
 |Topic |Description |
 |------|------------|
-|[Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md) |This topic lists new and updated topics in the Deploy Windows 10 documentation for [Windows 10 and Windows 10 Mobile](../index.md). |
 |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
 |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically. |
 |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. |
@@ -24,10 +23,11 @@ Learn about deploying Windows 10 for IT professionals.
 |[Windows 10 edition upgrade](windows-10-edition-upgrades.md) |With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. |
 |[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](../plan/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](../plan/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
 |[Update Windows 10 images with provisioning packages](update-windows-10-images-with-provisioning-packages.md) |Use a provisioning package to apply settings, profiles, and file assets to a Windows 10 image. |
+|[Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade-windows-phone-8-1-to-10.md) |This topic describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. |
 |[Sideload apps in Windows 10](sideload-apps-in-windows-10.md) |Sideload line-of-business apps in Windows 10. |
 |[Volume Activation [client]](volume-activation-windows-10.md) |This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. |
 |[Windows 10 deployment tools reference](windows-10-deployment-tools-reference.md) |Learn about the tools available to deploy Windows 10. |
-
+|[Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md) |This topic lists new and updated topics in the Deploy Windows 10 documentation for [Windows 10 and Windows 10 Mobile](../index.md). |
 ## Related topics
 - [Windows 10 and Windows 10 Mobile](../index.md)
 
diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index 0094c456c4..2a752e928a 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -9,18 +9,14 @@ ms.pagetype: mdt
 author: greg-lindsay
 ---
 
-# How to enable a Windows Phone 8.1 upgrade to Windows 10 Mobile in an MDM environment
+# Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management (MDM)
 
 ## Summary
-This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. See the How to determine whether an upgrade is available for a device section to determine whether your device is eligible for the update.
+This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. To determine if the device is eligible for an upgrade, see How to determine whether an upgrade is available for a device.
 
-The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must opt-in to be offered the upgrade.
+The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through Mobile Device Management (MDM) that can push a management policy to each eligible device to perform the opt-in.
 
-For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in.
-
-For Enterprises, Microsoft is offering a centralized management solution through Mobile Device Management (MDM) that can push a management policy to each eligible device to perform the opt-in.
-
-If you use a list of allowed apps (whitelisting) through MDM, see the documentation here to make sure system apps are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are known issues listed in the documentation that could adversely affect the device after you upgrade. See this documentation for rules to avoid.
+If you use a list of allowed applications (known as whitelisting) through MDM, see the documentation here to make sure system applications are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are known issues listed in the documentation that could adversely affect the device after you upgrade. See this documentation for rules to avoid.
 
 Some enterprises may want to control the availability of the Windows 10 Mobile upgrade to their users. With the opt-in model, the enterprise can blacklist the Upgrade Advisor app to prevent their users from upgrading prematurely. For more information about how to blacklist the Upgrade Advisor app, see the How to blacklist the Upgrade Advisor app section. Enterprises that have blacklisted the Upgrade Advisor app can use the solution that's described in this article to select the upgrade timing on a per-device basis.
 

From 1f76df0bb54d25065cb9661a3414585984db9491 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 14:28:02 -0700
Subject: [PATCH 51/92] added in page link

---
 windows/deploy/upgrade-windows-phone-8-1-to-10.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index 2a752e928a..dd86596b93 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -12,7 +12,7 @@ author: greg-lindsay
 # Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management (MDM)
 
 ## Summary
-This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. To determine if the device is eligible for an upgrade, see How to determine whether an upgrade is available for a device.
+This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. To determine if the device is eligible for an upgrade, see [How to determine whether an upgrade is available for a device](#Howto).
 
 The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through Mobile Device Management (MDM) that can push a management policy to each eligible device to perform the opt-in.
 
@@ -81,7 +81,7 @@ After the device consumes the policy, it will be able to receive an available up
 
 To disable the policy, either delete the OMADM registry key or set the EnterpriseUpgrade string value to anything other than the GUID.
 
-### How to determine whether an upgrade is available for a device
+### How to determine whether an upgrade is available for a device<a name="Howto"></a>
 
 The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process.
 

From a4a7a2464876a4cbda6a62d12376d7de03d5a3c4 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 14:46:32 -0700
Subject: [PATCH 52/92] fixing anchor

---
 windows/deploy/upgrade-windows-phone-8-1-to-10.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index dd86596b93..c0cad00ee1 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -12,7 +12,7 @@ author: greg-lindsay
 # Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management (MDM)
 
 ## Summary
-This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. To determine if the device is eligible for an upgrade, see [How to determine whether an upgrade is available for a device](#Howto).
+This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. To determine if the device is eligible for an upgrade, see [How to determine whether an upgrade is available for a device](#howto).
 
 The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through Mobile Device Management (MDM) that can push a management policy to each eligible device to perform the opt-in.
 
@@ -81,7 +81,7 @@ After the device consumes the policy, it will be able to receive an available up
 
 To disable the policy, either delete the OMADM registry key or set the EnterpriseUpgrade string value to anything other than the GUID.
 
-### How to determine whether an upgrade is available for a device<a name="Howto"></a>
+### How to determine whether an upgrade is available for a device <a id="howto"></a>
 
 The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process.
 

From 0cf233e358c15b8a6014d5790bc9a1a80f60709f Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 31 May 2016 14:54:44 -0700
Subject: [PATCH 53/92] updates for 7746292

---
 .../images/room-control-wiring-diagram.png    | Bin 0 -> 10489 bytes
 ...se-room-control-system-with-surface-hub.md | 271 ++++++------------
 2 files changed, 90 insertions(+), 181 deletions(-)
 create mode 100644 devices/surface-hub/images/room-control-wiring-diagram.png

diff --git a/devices/surface-hub/images/room-control-wiring-diagram.png b/devices/surface-hub/images/room-control-wiring-diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..5a2ecf613edea2a9108d9107e923a03312f400af
GIT binary patch
literal 10489
zcmb7qby!qU_wLXkNH<8w&<FxbmvlIQgrp##pmYih4Ba7JgLFxEBS=ZNAf3`k!!UD?
z-~H~rzklx^^E~Iw>{<Jqwf0`?ec!bsbhMNS@oDivAP}LdiXsFALemGX8*tHqD=Ook
zzknMwSBSDasB(<{4{(ENE2k+30@cJlLRew}_jpb!My?>x<KBNCv;oHwYY>PlR#j0>
z&&%v6n<!d;wgD9;^H=t(ARDo@VhB@4czB*>luCJFr-mk$@c`|al)AU<IY$gkKm4S)
zDk<FJ5&I-E-kMak1TTb~@I9ZJik+o@B-&3yV>=6UJROEb^hLR0)T-y0=kkxv-BqdG
z71t9f&oQKRb4AD1i-W_Cd9&S<j@=p4N>L%>iQm6}Pfjw2Y@IsFnVP<}(w)$sp_JW(
zG&VLyl1I)bN0sn#Ww5=On49B(#0pvU|AwL-Ah@}CR%>l~qm8n^8b4;LkZ`F#VsY6S
zq47<bfyGJR+5P_5WctE<mqKSLKc4Ee4*o#E^QPu4mNjnc+hl#g?K<1>$g&H{32=a<
z?HE12u+4~0A%0P<`Z%gtx?+eYS5)m$BuC-_jBn!c512apG>lmxR7cz&ag)6Mtz1D!
z1+PDbZobfxIs9m;DT<uXl+4c2(Ut^WCgZ#jJj_<5<I`?CmQ~6V5b!o00(MW1EVspK
znc_eiC^<YDp-lVib9h6-Nlz_r*5xmiT+_Xgot@3c#}_Z=xDt(_aTC_7%;=Yd9T_7J
z=Idsnl2nY6{}$8pcl#&U!Y0|CVB^zbUY*mre8S&|MfCmAI?=(J47xU~2%?uq^=o4i
zC*<Jwd5yWa&42j9o3LVHVs4TsZ=SI0=E~uwCBpshz<D+=<7@H7Bg58Sq;$Fcff$gW
zTJhQI1CD0|9`|>s;dd7v-u1}@YzkM7^Gq-WC-WFYl7IOTMYXAGtfNHw2@P9x3wK$M
z+aOQ&tN4Yl<$R?n>2ho9-JK6Nb2%i=v*Zuy4LsHGW9tV01@3Yoc_2!kWC=FY08*a*
z`0?Yoghi2;z^YQu=e6M5I1CT*3#ro+k5?1)o6qB#rghMx`TOZ$*O*0r`>4_D4GVM@
zKKh2zD{sWp=}X3t>DMSa=;PuMp*e_S$~_c6?J*)Q)L&QJPgck6dAF&FNk9lQKQ<zE
zQ#n*mR0xRuYEb0&`Lo2kkU9)_JaYgkC%R;~wayjusVPr)EarodeMcM4+&(d;W^k^)
z*I7fwA~BmvYiKUFo;U7A=VFf3=f?~$M7&Ndd?A}Ga}3Q~xiZP?hrjA-)fiwsmzOtm
zHz5LR8n=s<y*pBu<iT<nILLbpqBPp7i8ccP{x=&#b5vb7O1@^zPH6Bp&y(ZXaw_TU
z44!Cep|?Yc?2y4gWOI^XwQ}4OEGpC=ZKxV^)v~y%a+Oog6ZN%P_Q!Iooqk|JHT-0&
zf!L6CpUV$bkgpK@=Oq^n?YBFbV3qW~{T6(a#y;kWlt21Rpma5+vewpLb+%E%+BAO7
zgDj_AQ($M@Zr5=sPROnIdI*)G+AOi1A$LFvf5OgKy6%SgAB9tG9I$xq*Efw0rBzkq
z_RaxQ?4Uv347F;{6SD;Rzx%QkIei@@X2b?>viWB;(*%2F6jmDSQx8&}Z(%*6T$?To
zP9Gn2H+Y4-4yeJsCCgvL3}Q)Cpp_7YA`z8#DS_{&i-ukhe2~bAun1#<;tJ}YmfAK;
z#%$})jE!mey1d{s?`-erU}z|jpZxra$+?=+>~%mcyzjF<b{aO;nUH?*4skA)75yFq
zdR45$O8f2YF8rjHpR@8OetY_Rk0+zK0UR}!^>I^;)cLcfLwCe%zn~g2W3q$ouJRol
zt=SvTN+j{F;h8+v;OQw1Q*=7t593A^EO^&l`S}=r{hW8>eqoOm((dpN6~C7v2`czi
zuNdoSnL5xgPktZo+&XS7iCr+tPAq;(Mq!%DUkCULzp~u@h%63gyRWKSbjO**RHJ{r
z$z&WwUZ(W6d_JeXv9T5v?~VO+FJ*kjz>_TA5S6}!X%%RePKz}Zhk<!v-j!mstSOsZ
zY(87_FfQ7N!p?sglUHp!{sdpP>!PwD2#2U>g3#$2wKeo5Y1QX|&o{4pamo99XI)pB
z*?DIyJBmRW>!x3<let`D9HCsNScdy>cbPxYF!#jW9nsiJg-x(<z3Z96Z~Ef6afwNC
zYDQ7+nOWeYjkx2;Uib7ZIUMkoVXgI0I0<V(e6InG^VwI0unpb26FdGob?1<&$&)P%
ztye5%wcs}Cv#R}v>-Q-b&jOVEHLVX9YKjtNten7L9gLE#7~SdG12R<E3iLv*VC`{9
zH{*#8wz#hc*qfDF2gA@BHS4n3A7iS2V{nNK8v4SiYw-r}nZ?!NuRQL8q}reo1aH^F
zk)!S&w>^qkCzhQJ)>!d$Z@++(S1+OB8hUr}heaRrq0z(mj%da2+B9K!q}BaEQB5D!
z0Ty)GQsFuSzY8Nx?lwudSiO|0VnOazl8@K~o^1~325Aqj4}*1!ypqk-<)wz+yfZn@
z7Evu=6U@ZY!9?KG3nmxk*4j5!)#69`vr}#9_p$#%w*7@4^+#Z1>6Z5C!-Q?e5J!&C
zFY*x&+F4<Y{)TKg??3xrDC$>CNzQ`;9|m4B?`iW62b6!??rw;ztrFmO?0RTadAGJV
znUCm6Ol(DB*p8)O83oGG-kYmBpz30dpp7k4P=_a%$ojm`QKKy<=PlAauGg;(!fZsu
z#Lns1t|i1Tk$X)9^37Aw8+`MC7!Wo2AjQq!D!hyVWTuS9%kJEPaM=K}%`h~Vqurpv
z1DWt<!|fhLh4Tg1Y_~(v?Z!sYhyH|HihQTa3z^IX<eOSeA6rnP=S^S#<4jS9$!hma
zX&ec(Peos^9}<%v-Jvb`d?)Jie#Z^APN}_M>@^nIV4-4@;tlLJ&PHPzJ|}#(kS1F_
zzsbox`V74oFZt!1Df{p<48>aV?_&WKR<^R#`(bn+b1q71*NokuJ&wjb(jfzAvyK4>
zbM!q0Shy|@-$oYIDHUef3>S6}O+0clAiU3q>9t#8IvUIN=?7jpMMfS8j8;w$?3=a4
z_FlSiJntS|d(+kYs~_zSF;eJP=sT5ccIG;&c~z~AwjdFbuR^JB2aWpJoJK*1J1x3I
zc?}KvRXJ9z7TAJ__&?JU7)-$mb(j&ybvw2JDh<)uXvhT`9efY$8B$;h;DNyfKG^gx
z+y*c6W4>@|`!JSwd|VPeZ!n6Y<ojNH%WB+t)IW2Iw+ty^cq)cLTp;!NY9v!k8!DoC
z+;$?J;8J`2<9#K_ile1SYlG-*6(~Iu4HPJ{8B;CSn<Xk_3xW~SoyXX5k%A=(Jh1EQ
z>zTOC@1{~?pGf%th$Ks!dm<`{e$vk$b-zjlmKOi$e^@h6&HoTs;qngKP0IS$+Ua_)
zug3RM-Qv#kLDol9ylK}nx+m?^m-&Wv$Z-^6{O<B#zQQP<wn~$Hw95aI$H+W(T>73s
ze-_>90!WGKJs2O9)MEFfzbs-~#0<nTe1Sd3Fp+`Ya$U3Z`$7G2<c*$jynCR~67LNo
zl5yDzCwFoDj^k?%kMQJCc}y?PM2W4V)*$Eh)1`vJC*hDlu%~$hE@O`WJj?R%dlDXD
zl79JX)sS-ybiZ31*<|YHCG3s)H^HGwYqjJb$4Hk{C<6_*1m|N%JEb)ln|)oxII$|^
zkxjyDf42u1p}*;AH=@4=Ow$lll1rvM++P>xI6t)omGuqE@!^TEc=IY9RKNR4DI$yC
zW6!xmaC(;|?wm({NZ=GWxh||oj@+TGE)jBiK+@7ndd2JaWucXjvf?ysDL{%e(!aAf
z8MV$mHso#gaK%oOUWKCk><ZSL3N36w&1d~|rWly9j51?5M8t!>#Wey^R05O|IGu;T
zQo~b*DjA05g0NM4n4PfoqV`2Mfx1qeAJ1I*-sx}1O3SB`MVd8iD-owPS+JXcR|QiD
zy$5#l?edBLE<@2V+TA<poR|fgHH?>KH8rpBm$By6f00XI_<EiFpz0OF*rDUq9BDF2
z+&9kXwm4dBfCx5Ejb}@EZeaFfZ7@ToB=1Lr#bTcDVFk$`)`_Na%V1~UCF5Z@w%u)J
z?t^5{XF;@Fd864mAtqYH-!R6WkLoJc3^FewE=g&<yf-2^VIMG3nYVuq0@#!De(#%g
zj~SD-Z1!X)tn_Q3Jo}ECt}dB<DVm6m;z6!90qffYh58nC?V=h(FIkGBT=KtoCZQJC
zNhboM!XS$oCq1qZ-`ABUe+Zg0DR^FoD?PR=;D-+zCcgWb^7S?T6Z{d7KzNplGuNlm
z{ihb)0RSpe>xo-#^OU(+3+nK>{9b(hV~1n5A?t<vhry82#YY<KE$g9lo#)vnDqlr^
zRa+_yVuOIq7yw0{!>M~hLqlU@W1)ymMpN^q(@g>B?IW!QGHdnsSrVR~rV3Q;Zh@T3
zC56}hzZ1<|jWE-}0!_U8A;I7a4{U1&6iqi=|KQ8-3xhf9+rQh0Bcu%uk}dOeW?B-h
z@X*JHXslw6PWxn*VpgPbHLnhrW;e2Och$|qLmsb(J{XpkkH6MOf15YtT9$ixy0W-f
zrqoBkH=&iG?I^g^qavJ_)UZtJZf96%K^vj>^JWa>w<R#~buEY(gpHYxBQ@!~7XO_f
z2wSE^o&=8Q7tD1vwF2La2joq5{$NSSnW6kan50^9q>PI<4pJYrw3RKYSsxeqLnuS!
z;Up4_VRL+RI;8N5csn;RMV65k%Sk7+L*R0GbD@rWiq8KDi;x3>$M3KqbSbs(^zzkz
zl!-dU;as*~^uid6TYRv$V|<bn?9Q2Jb_*qopHYbrK2<UL9*0X2#(NUL^xi`rB+2)>
zj%x|Z%br+www8=XD3f)d^tfA8?}?G$GcJQ0C2lnAh)U}B!-%b|0OHt1!P9m#)$s)e
zJ<mN=_a&Va_hL&!dn`JnhE*^8y~B-P_t+CHa_$;b|5#=QmxRCZU$hP45{)JAF3}3^
z0ue;;de0w5^w)ivTMGpIX^ZFnbVyl|?$OcFcB6{*;zW63hfq<D?A?cFjQ(y+;6AIz
zgfc7x#=?k7M<TBt7QxqbGdb7FipJ?&L&4?+^r{WX>$WMZdV_kQjBP<&<++3~!h2(x
z69Hf?JMDioq77|$T@CnB6p`K^x=MI;d<ydNC|159H+<Lmm>2VK$Fib{z=;?X7)D-!
z&ine2h-`rlOU4iOm~}CQsD-tOY)h+~%jS+X2ANbe;~$~#Zy4N@$C0eD`igbUY-=-1
zwUEXA7bLbNdlM8$n7uPiZb>l_R~e(uk2+Mi6~!bkKc4ty<4B?RpTgAK2=r)YmRQ}V
z{NY~0dIWDK*LPWXHx5@R{Ka>FK@A?^_b8FF<&C>k(Ec<0G!=WD3QTKg(sV^YA-gbg
zny->cT+MsUD%fA#7>WMS_u@Y86HRuw^v{|P@d3JyKTR^4*R}aX5z-5%sW3w5s73Ed
z5Fr%2a5_)$Kfi>(uch!mcOUD!bTQcQ+dKgF<s48VegNgIbwxnZbw|V80L=MjU2OG8
zy<I3M=B069|K$@q4O}KH96JBRsZ&;e-(Pk1bh$pYc9SfQH$t2vr9tgtt9+UcH>zsA
zMAY(*S$Y_9UtdmoS+%C=%AN5iK3VyE(h(Yp9qrY$o?&0<y%{4`@EO~3efP=Y?`Vm@
zv1yRORd4ri3yZ4pLZ<LxG};8nOMt@&nN@XM(QaM&=2C&5v)u8%n*}P={ivh=bg?$0
zxO2y8J8x#vA{K^-{TwgYOZJ<}5Xq!1OF8m~fIpfHm4I1NZ7AyE&$OxIrkK~m<-F15
zMw9@*Ni_&Mih5X`;RU!$M^GpIko|c+>cRX&j?Z7!5ACA%^OecTG}UF?lBeAmO}|~D
z$Pp!%r$LO!)35~+6}euhslq?7Ol@Lb1(n+0=g;m!PTf|{pYys4K8q81wl46SBeLIw
z6<N8z{Q3Us$N{pAN3+4Mo)Ya8z*Gj>=&Z-$;j@cK{?1$4&^vp3zN@qYz1GUuqV*J3
z*`DKCvC)g}LS9yNuFE*BfiC!SllFa`>e(ot=O(oJvKXgW9g%Tr%>+6BsU}1@Lhs+4
zhwFRBKaGE4Xb*`^^-vALDHRPrK3}x2>bO5{14psaA$M~=KMrCKp)Y^^ZG&lUe%{JO
zhogivpB}Ql#+MO3=iRZH_1sls{Ox+KJ^blAeA;S&FZx2rYCSrCYvVr_(aBAJ;a)a~
z7!O6=oNZF40`iC2FG~Q^kAXZo>JwlvZlPgjim^HzVs5ZFPy;4k1RL%z;w|Qm;u=XT
z)V_;SdHgm3BZEQ0BYXtqaD&$W!#yO@QQg4fXptRa%23wFg>$L0T~t)Gw?1GZw3}im
zo@TGSqHH9AhleWC%+!cc5k-JDU4Rv%)??WpO*00<4=)eJ*MFN7<OAO7RM1dNR;YjO
zB+3TqEUaYEjjSSg4V%-F|1RVG*IJh~kx<5okWk#~G*>vl^s_m6LMbo0-sDRf8UOZ~
zZO5svR8jQxiaN}h&yQ+n8hYuT?Th*z+1!{)f2EP~sV8^1(G>mkJA5)hJ{Dld61{0S
zNsx~^v8j!mogQ{xQkg1_A8+tp;{4$Xp$8Cx$4dyV_ecI%M&(#~u!p;Q{8u1kd2cwH
zJ&xmi`S0#R%~8YOUQH1r0cc}_zZ~1*x|<gSaf+9p9mv+}plM&`4Edxy4(!J3V?JP~
zAtiUl;j1ydag|c(Z5YZ9H|OFmTe$s$za>2A_)VGvD!&FnJgV0{gM_$m2Ahqyk`2tx
zJ}o%hEL%i>>bQIjc4MvVLi*4lzn`||khhZTC0#p<iy}VFRhllD_EwD#>-<a9Do3kb
z=J;reU9`HU>b33%uhUd}x<glSqGx`$xE8J{U)a~oHt5mP(OI%$1@WxI?<N#ncSlN(
zR~vdm3z-oe^aX2jCw-?mG2YN0?wl|A4h{}pMZX1a|4c2`NSD`)XI~SOfbnYTNH{DA
zf~if6RzDDpOP`Nu<}0f+zxNRrt8G`YFN?h1D2Z4J3yB^tD&lw`jXjXAF#g-P0xU~I
zOt}<H+5{M%(5*&T_q+EnW52|7RSQluQj#}VV78cR7}TdbmT{9Ei|CFo`s&KV|B=G^
z_$42~`8_RHj<~Zt{@0Y#2rzqyg?a)0iB=7+Ny;!M+!tm%Pn8}{*d;?PkcF<o%sB5^
zJ#y&jhojENyh&D^^x_qaH}IAaL~I>#sypEq`4i%O_ow(3Pl&I>%|nkDvoT~)xhqgL
zmt^RiP@`eX1KoKlg47ysBnA_=HkfAwBm(h7<5w@#hD%HNT*S*uV||ZfN<Ptk{YC9x
zU<gXcC7qf(R2l;Hyy8D#l%6upVnf#D%A|7lKd;{B`~zA2sk+5lgtX#1_z7SDJWWka
zkv`3xg!;WQRfjG5-CwCPGt&7(`OVtBX7vq1P&<Nm0$pYH5vNgG%pNzUbf@9aXH@>D
z6ADC9R|{5<5~CI0bIlPeuva)0Qp5T9cT0SGDaAxcJkNVkgeB8`Rp;FY@C=jZZ|4Dk
zO%$$$5kk?t8cg8GCzx7uWLrT*(%nXHCw&oT0}DI(zX%Bl50!{T5h2fgF7_tADhOpf
z!@Rm?Uh@4BDl@%sYD@cnVSsQ9A@n~e=0BD9|Ngj1hTLwUTB>VaIrp&F?VaD`Mo`c&
z2KF_bWL8>KxVX9sTN}pG2#025yu{I5B_d2WJ=og|7@;Em0ti284H9w2B>K#PX*+Lr
zyy2?&>}!nv_yl!42;6EU@)rT8Y}EuuJp`&=gq{Lv>TV#v;|R(4K`#;wirS;X4$cN-
z#92=*T`R3{So3!xQq|1v)6Fjjt|5$Rw8HUOl!iLRSiN!Dyy%2$J3X_m^Be_~lcyMN
zluAdu(j;CNuWX;M@{Gv^L_6=`T9EjE&zTHi9Hcf3g+Dghj!`GU425f=nGi<u6TV_!
zgS{Z$%dwHkWp`bE=K8BV<K^cVCg#b8K@|+)`*co%F5ya3J2&P{T^uqc!>5Q?ORAEm
z1C4f-nA*<ImfI5W@MSLd*d#6T!>-ab75S1Dd1&pi-Hc|Q9;SZUH&SFIxvbnr1ir1T
zJGoIbVQ44_{DVe@CH)Lx!%Ipd0zXYfr(<~J`t)5e%gZ5kmdughUdK{ChnxRKq{*;0
zY7`p9-nM{<Bh+fW-0Em)@g7MNYA=|dnnF*XclJt-O?@URaou@w_c%##(;Yq)C^oMY
zpv=JKI(sxm$Wm{_=k2Za#%_pL6lG<#BU5$xv`5z7o+omFI8Ds}NmgLTGXJULmS_Sb
zN(%RB>luN<xZCgs#h-ma`4YN?B)IPe@yag}pM0W^Anf?W6yS(ty(N2&c{&QMcoar$
zSn7Q+nu!A0$lVGk#1j^b|H`-d+r_gK-BzrRX;knhhJG&SqYc9}-k)znJEPF^>UPEU
z+i|OSK+8B>87=ZThto>Q4sw{*aWkBkaRcudldcD%2@gGM01v*H+__M3v1x;8hQ5Ez
zQi&Mwz*%AvF06UM@qCe&&q;RDT_sUdoE9?pL=?rB&artuywk-#ZS8CJ3(;hq5k1b6
ziBf{~ry0!i_@1x2EzQjpm1CHCqK+O=gBHXA<h5a=C>A-Z5d=<h`|XL#BgZ0z&nTG}
z)M!j0hY686!q{NN#a)~arnf}#3lpr<1@!T#!C6uww7rzIfbZ@KXyrkq`ZkXM&sk6=
zq1--!VIhyGhM9_T$hW)5(Zk>Bs!mV~x23s^uopDhWQd_k!Dl;Ne^LfecXY16Je1Tt
zOd)ImVwtG3aMB<y(PYe+NrduZzTI(fDR^}hI&XvZJo;OlE2+f^Y9J_|`G1b3R5u}o
z8=Tsl%RG7YmiR~i+X(fIbNm$t<N&K0LEeHPud}MJSx@FD%1bdqjy&^kps;tA!KR7v
zc)Bxkq}<OZv?>(?^x+b}%bVn}e{Pub9|JV`3{1kzf&(lE&Ubs4#<^y+YqdtbG@O|z
zefEDQlkm)55w*S@Z<nV`_kP?XhEi?r<qH06fwUsq>>!i-1uUAYe9@px(1mdrJIUJU
z4pcI)FE@8oU7$lT6Z5OB*+?-#GX~CxlW>*D>i2U-?<gg;=a{&Ti90gZ#`0u2DA^P9
zM1D_p)=r4V#!>Kpy#f;*fr8oauVMxX4IbNvW_n|#Ij-Ll5jK)TxFSzE(r<~HTjahq
zlGXB{N(0}3Qwin@%hiP=n#lg^3jD<+0TkX;g!u{Upoq2fMI{19Lq-^t&E6_I)ws2i
zq4z>g(`8%6Qkcv2O>S<ul3_CW1#bxX7cYtR|MLc#E$6GGQLr;Ly#Hx-0ijKSwV6yx
z>d4vt3lXQBL`_~_a|`Fj@8@A>Tha2WyJd{y65_J6I+xKWk2X+KY0v&|v~(u=cc5il
z)Ky9G|6`VzQIy^*K{GJ(naB74hE0wx6IGgL(GHOZ{L!Sbg#xe!pi*`AJO=PI)ko<H
zcFz^>V!MZcFs7hq_H)s+&my%b`Hb0&g8*tUmi7D#wo@%2ewChLG@No^ssB=utQuDQ
zXX+S^I^P+6G;Zs(H^I!tmZ&@2V<Ca=h{b^JzySyZU@V#H7Zo#}WC5bC&eY+<5K+?c
z@}~*F!+y)$l_8^R3Dyp1zZ@0gdJl?U7dMN?$7ue(LY=ZOgtIMUplrdh2y$W~b`z9e
z;07BGzufTF=lJKOcPuD(8T#6v`tb-ey2JPy(_H#Q6vqw=$7$S;USaqGLLeJxe>@<s
zyHK~|(AbZj#3MZ5g0#LRJjWnx!bEwj+hK#wS||$Xx;v&CpZ97jg=i>F-zD{l8$XEd
z6Ki#c?9|=PH_}9uA@LKY?*8A$T!7>kS$o7Jii)xT$cZ`XZa$sc`sQ@KY1O}toEMyH
z-sNv#>Yhx#zyGOuJ=7feH<h%@;=>y5C`8F0kS$!LmtB7Hopjz;+Oc*Q7R0~(_ZIpO
zHz=U$#!3FgZSy$kxXzLGGv=0DKs4P1`AK_#(`4&xMoIPQ#c%&RzHk?TI%--y{#D1B
zaq$I?P}I9^{_KC>><my5eB@=<PR36v)X8>~`dO3b3CeZ$uOraToXv{4uJWJAl|i1x
zJ$;dGd40UBWj51sJ|>a(wApDLrqbi&{9o6Uwj$?${fhYVtbYGbF`P0vux%G$C&8*+
ze)k^W&o_JdaTWn4t!~IW_1%Nhrjzj#9ahSQ_nYcHlY5mWp3ClOLgfZkDK5-_de-T6
zwvoW9?7{v8XYbV`x|&#x=f63Q>*!-J@mi1e_V$+B#8ReG`?y3=y@NJL=xGnmf|ZDf
zh{|)gdMdvk@^%-}?0Y+{Et4(vS(NjgoCV%zqo+wO&6>Y$pVQ(EuU`#u!h_F<{7*5!
zyVbXhFGbJ0YHAW(?R!HB^YC*!Iv!#rj&o~R+#ma1qzwVoh3JVS*DP8$$fh<x&d={5
zf{fEikL6tu>{EwyD!=J4_f3|tZLA&PcRwG7JnuV@lAG^v5*U(@Z^0Tk|E(6#w1Bpi
zN>6U?5+FoQy9~xN=M7t)%S1cu{G%!2rW{&XTxB4eku*8=cS+~VAFN?X58V(GN!+S8
zpm7zwtz<`JkW*8qGzGOrnxGs$HnVgu!&^*?&1KABF;cJP+RZ^kE&^x$lkI4RQXMc`
z1UFDi1Z&e#78iSySwa$?$K=V3|1{8a7>$5?s=&!&!%wl&>Lf$VHTR{NnP7TZ2=i^w
zUzy+E<~gr!D`2*(9x!6KSr~^nv23ea4^w*rQ{P7wWLWdV{VHlDAIHYo6fW%t>}u9U
z`hO8{Kz7~jmuDFQ9q^J81hs?*@2IaFq^G})sPErfO!K)sSt6k?ucJ;xt$*sxjO@iX
z4N(o(HV@l-YI18MjpxXQ``-4SebZ(q=8uP$C_y^&r<thTari&G&mE<aH&&BAh7BJm
zK9XzbjJ=|7U~xpd<S<lAA?iMOjW>jHYT}14aG$9jfgW3~ea0o;m|jwGkZYfpF!_&z
zxS4Mmw}3WK9e{reM*$GeVvLcAva}XO_0)|^|MbR?)AO$|tby5(1a|P!sQtgCHjC3C
zbJj<eH$1Qdr8XLa9$r0ncVY_YMVq{HUh57_7q*=e$6V-!q(sR6pFgR#Fo-%(^8wq0
zr_48U1eN(RZfBCgu<27aPpX~kQMIKw3(I+q&+t5ll)vwg3lhVxWw5-ele<jE<7B17
zdMFWx(buUjoaCR#$!TquOBI#J6}Hspmy(~5OWp(s4DW6LN~N^T?1B8(zTLlfM2Y4?
zQEeO=YpV-y97AlTq^`q5tT2K|=1rTNdeD&%fQJ8Ycjf-8U^q^IW*h}5!Y=4BPo#|X
zQWh<LH#-xo&V76HAA7d=610FqutmRE|Nct}Zv)6&9mk7`0~c`B!sJ4=B}Q?Ax7BK*
zf9F+0m5`G-17$KJ5dG?Ww3`DVVmHE}L{X1j|4wf}Es5d={pU}hpDBEs*4)Q(pp@Z!
zs!!(L+Z3;`EY4*JBxu(FaRqT{2XI#H>=*3D>c-CjhWe!o$f;QHng2bcprs{Ucli3@
zQHov<{0>HC<|U`svw$G#jm3Tr2pq*TYdt{%rmbv?q+A2be|hiqUPwq-F;x8eHzM>e
zAoYC7445~En(Cc_2b#8P52t@_{D}Hv3y_#R{2xF-Jw%eey=iiJyX=2|lozS`yps?9
z4sHfeBXPS4CLgYwT#}73l%t5~)xi?gmlfpM$-e&sAVx{iWIN;&A&73Jjfhv^4QD?W
zFE1~FhAO^Knet85cDwX?u=H)Y<wFQu)dbD~<fF@nkB%hL>-&8XWGjryJnPba-bW4d
z&4*2$mwc}%zGtH*d(24w1WFYo*$2~p^q}odkSV4b!&0Q6nIB)g{m7F2!0Q7Iq(j<!
zpJ;DW@frry4`7Gf#?gPl4{DZ9&fUUMsweXSV-g=vQ~7=Pd4JL+P$myl0mbd9LUo|E
zyF(E5Id<Q#g0PkWJZvm2I-ZGI*Zz5Sr|6$?OH}ZksZtvj{o~je|H;PP78#D$V3677
z>A-z2(g|(`C>VoSoZ30OWw?OBK8wjbr7UYeY|V>&c{BYt9<Q@)?sQ<W#rH2$UTJBB
zlK+Wmlo~G_la5@^TTENc1YY?q;v_+-SzF-810;V2AqLemAcMw@r&*qN*=c3Jn4R{9
zYXGZWVTF4et4(~~>Z8!6QAkJq$$O`sfkhw2<ey=WYbar2R#B&TFj4ISaroZT{$T8t
zY^WTZ-{Wwh2g|YZ*5;K`{tZILZEpgK9Dw@T-?=$-z-}hv{DZ9z=9{XLeyaAlTapR-
zE!MN}R~m*(Yg}!onp5hFNZ%g{uMRlelb+RFZF}kYf4dR!-uoKX?4Yh5Rg(A07paWa
z_GoJ>HxQ%HM2ownlD7^xouKuM9zC4<@wV3+trR~P^x?o<GJtzy$tZacrFM+^h%^Wo
z8yf?}N{!}!B|fiKFAhKmvl0R(UI*Wr6e-gG?#OTqH!ppnbDh@Qq47#b=H$qrD)GpQ
zG_$!68k5LYj8CSE$Jcwql-`w+e&NuR=LHG`$F_Kq7>aK>&HZ4`axqYB#Y;giW!MGK
z(SSBO3nq~aqPpbm+w)b3WU)3JKn`8exATD1W}D-U9rhVw2^OXUGSX9P+?W19&SLbx
z`D(Xm1&rnfR8HU9?bNE4os7yLwB6P<sq5da*UO%DcB+wW$E{Jjx0v?`7Jkas>RU(E
z#Pi+plZ6_qACVO15Bml<1k{4u99I3&>G5x?Uu8nrX=!OY@0U+HfkPskT3PWmTIiW5
zN_CH#TgMt}s{ilHhz!)vRDmuO@*aHNv<fh9UUa+qxktRW@{oB2);Gq+S&UD&TAl`?
z&6WR66S6W%$rN+!-$;6eg|X=A<|cb3ou7EMPZl+SeWd)Tv|f+OwaDGWBQHGu46UcT
z;vEIlE&LR15Lb#oq>p3A%?H2>ejn9vzTkh87cMwt*8lP?4S_SrPl$&*4n?P14eNhf
z?R(w@G=IbJetwUxjYvm<VzyW+cSt?~#}LrS(6J%adPMUY7=s@a)6r&)xk&6437_g}
z*^)%vxoN)D;+)|&!S^=|Ce)?UeZ=!Uy6}mTmOOwH-Ky~i`Pt{SIB)bYM3W0_Ykv$v
zJuvpD!PFUj=Zy9<LK}-`cr-z=?#`lusE8fO#ZVRpag1v6GGe-l<tDV?vlLjN50lx7
ztew-Su^q7;o2a!gMfwQ9Okp;|mK+nzV*GCCOu4x1J3+^MCZbMQTs#wLbgUZk?n)RH
z415JyIYX~Ukc=2%UxmcbY*u02kj_70LVri0H#3?X^C~pCk(FsEy^K9KG=e9ud%7)1
z_D#DxEvR@Yy0hK~({d!1Q!)!*mt%^qq}yn5=H8BXgm_}NLT2g%p&&GDyMSYxW{8$>
zGhs#+lhl7addSuqsJ)iCz;AJAANr#spD3-Vl_HFgcCF%Q_?N{Xu`4G?aAKzj|7RH^
z?r(Yv(*^52>=lTT;50P@ERROIZtnN6)rVIRPRi+887L6a-C5Qz2@%Fl)uXnKCOb4^
zk;$ANDH>p}J!>76fzn4~Ed(1&6I1jl*oGFiLDK(_Yb|oTDLY?%Ta!fbZ$Z9p@x4W1
Zl(cHF`1lEK0>>3Ws!CdlmGTy_{{^c?kVF6g

literal 0
HcmV?d00001

diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md
index 70f4344966..b467970fef 100644
--- a/devices/surface-hub/use-room-control-system-with-surface-hub.md
+++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md
@@ -13,14 +13,9 @@ Room control systems can be used with your Microsoft Surface Hub.
 
 Using a room control system with your Surface Hub involves connecting room control hardware to the Surface Hub, usually through the RJ11 serial port on the bottom of the Surface Hub.
 
-## Debugging
+## Terminal settings
 
-
-You can use the info in this section for debugging scenarios. You shouldn't need it for a typical installation.
-
-### Terminal settings
-
-To connect to a room control system control panel, you don't need to connect to the Surface Hub, or to configure any terminal settings. For debugging purposes, if you want to connect a PC or laptop to your Surface Hub and send commands from the Surface Hub, you can use a terminal emulator program like Tera Term or PuTTY. These are the terminal settings you'll need:
+To connect to a room control system control panel, you don't need to configure any terminal settings on the Surface Hub. If you want to connect a PC or laptop to your Surface Hub and send serial commands from the Surface Hub, you can use a terminal emulator program like Tera Term or PuTTY. 
 
 <table>
 <colgroup>
@@ -54,20 +49,24 @@ To connect to a room control system control panel, you don't need to connect to
 <td align="left"><p>Flow control</p></td>
 <td align="left"><p>none</p></td>
 </tr>
+<tr class="odd">
+<td align="left"><p>Line feed</p></td>
+<td align="left"><p>every carriage return</p></td>
+</tr>
 </tbody>
 </table>
 
  
 
-### Wiring diagram
+## Wiring diagram
 
-You can use a standard RJ-11 (6P6C) connector to connect the Surface Hub serial port to a room control system. This is the recommended method.
+You can use a standard RJ-11 (6P6C) connector to connect the Surface Hub serial port to a room control system. This is the recommended method. You can also use an RJ-11 4-conductor cable, but we do not recommend this method.
 
-You can also use an RJ-11 4-conductor cable, but we do not recommend this method. You'll need to convert pin numbers to make sure it's wired correctly. The following diagram shows how to convert the pin numbers.
+This diagram shows the correct pinout usedfor an RJ-11 (6P6C) to DB9 cable.
 
-![image showing the wiring diagram. ](images/roomcontrolwiring.png)
+![image showing the wiring diagram. ](images/room-control-wiring-diagram.png)
 
-### Command sets
+## Command sets
 
 Room control systems use common meeting-room scenarios for commands. Commands originate from the room control system, and are communicated over a serial connection to a Surface Hub. Commands are ASCII based, and the Surface Hub will acknowledge when state changes occur.
 
@@ -106,7 +105,7 @@ The following command modifiers are available. Commands terminate with a new lin
 
  
 
-### Power
+## Power
 
 Surface Hub can be in one of these power states.
 
@@ -157,9 +156,76 @@ Surface Hub can be in one of these power states.
 </tbody>
 </table>
 
- 
+In Replacement PC mode, the power states are only Ready and Off and only change the display. The management port can't be used to power on the replacement PC. 
 
-### Brightness
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">State</th>
+<th align="left">Energy Star state</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>0</p></td>
+<td align="left"><p>S5</p></td>
+<td align="left"><p>Off</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>5</p></td>
+<td align="left"><p>50</p></td>
+<td align="left"><p>Ready</p></td>
+</tr>
+</tbody>
+</table>
+
+For a control device, anything other than 5 / Ready should be considered off. 
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Command</th>
+<th align="left">State change</th>
+<th align="left">Response</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>PowerOn</p></td>
+<td align="left"><p>Device turns on (display + PC).</p></td>
+<td align="left"><p>Power=0</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>PowerOn</p></td>
+<td align="left"><p>PC service notifies SMC that the PC is ready.</p></td>
+<td align="left"><p>Power=5</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>PowerOff</p></td>
+<td align="left"><p>Device transitions to ambient state (PC on, display dim).</p></td>
+<td align="left"><p>Power=0</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Power?</p></td>
+<td align="left"><p>SMC reports the last-known power state.</p></td>
+<td align="left"><p>Power=<#></p></td>
+</tr>
+</tbody>
+</table>
+
+
+## Brightness
 
 The current brightness level is a range from 0 to 100.
 
@@ -191,18 +257,10 @@ Changes to brightness levels can be sent by a room control system, or other syst
 <p>PC service notifies SMC of new brightness level.</p></td>
 <td align="left"><p>Brightness = 50</p></td>
 </tr>
-<tr class="odd">
-<td align="left"><p>Brightness?</p></td>
-<td align="left"><p>SMC sends a message over the control channel to request brightness.</p>
-<p>PC service notifies SMC of new brightness level.</p></td>
-<td align="left"><p>Brightness = 50</p></td>
-</tr>
 </tbody>
-</table>
+</table> 
 
- 
-
-### Volume
+## Volume
 
 The current volume level is a range from 0 to 100.
 
@@ -234,47 +292,14 @@ Changes to volume levels can be sent by a room control system, or other system.
 <p>PC service notifies SMC of new volume level.</p></td>
 <td align="left"><p>Volume = 50</p></td>
 </tr>
-<tr class="odd">
-<td align="left"><p>Volume?</p></td>
-<td align="left"><p>SMC sends a message over the control channel to request volume.</p>
-<p>PC service notifies SMC of new volume level.</p></td>
-<td align="left"><p>Volume = 50</p></td>
-</tr>
 </tbody>
 </table>
 
  
 
-### Mute for audio and microphone
+## Mute for audio
 
-Audio and microphone can be muted.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">State</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>0</p></td>
-<td align="left"><p>Source is not muted.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>1</p></td>
-<td align="left"><p>Source is muted.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-Changes to microphone or audio can be sent by a room control system, or other system.
+Audio can be muted.
 
 <table>
 <colgroup>
@@ -294,32 +319,14 @@ Changes to microphone or audio can be sent by a room control system, or other sy
 <td align="left"><p>AudioMute+</p></td>
 <td align="left"><p>SMC sends the audio mute command.</p>
 <p>PC service notifies SMC that audio is muted.</p></td>
-<td align="left"><p>AudioMute=&lt;#&gt;</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>MicMute+</p></td>
-<td align="left"><p>SMC sends the microphone mute command.</p>
-<p>PC service notifies SMC that microphone is muted.</p></td>
-<td align="left"><p>MicMute=&lt;#&gt;</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>AudioMute?</p></td>
-<td align="left"><p>SMC queries PC service for the current audio state.</p>
-<p>PC service notifies SMC that audio is muted.</p></td>
-<td align="left"><p>AudioMute=&lt;#&gt;</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>MicMute?</p></td>
-<td align="left"><p>SMC queries PC service for the current microphone state.</p>
-<p>PC service notifies SMC that the microphone is muted.</p></td>
-<td align="left"><p>MicMute=&lt;#&gt;</p></td>
+<td align="left"><p>none</p></td>
 </tr>
 </tbody>
 </table>
 
  
 
-### Video source
+## Video source
 
 Several display sources can be used.
 
@@ -351,10 +358,6 @@ Several display sources can be used.
 <td align="left"><p>3</p></td>
 <td align="left"><p>VGA</p></td>
 </tr>
-<tr class="odd">
-<td align="left"><p>4</p></td>
-<td align="left"><p>Wireless</p></td>
-</tr>
 </tbody>
 </table>
 
@@ -377,7 +380,7 @@ Changes to display source can be sent by a room control system, or other system.
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Source=&lt;#&gt;</p></td>
+<td align="left"><p>Source=#</p></td>
 <td align="left"><p>SMC changes to the desired source.</p>
 <p>PC service notifies SMC that the display source has switched.</p></td>
 <td align="left"><p>Source=&lt;#&gt;</p></td>
@@ -389,7 +392,7 @@ Changes to display source can be sent by a room control system, or other system.
 <td align="left"><p>Source=&lt;#&gt;</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>Source+</p></td>
+<td align="left"><p>Source-</p></td>
 <td align="left"><p>SMC cycles to the previous active input source.</p>
 <p>PC service notifies SMC of the current input source.</p></td>
 <td align="left"><p>Source=&lt;#&gt;</p></td>
@@ -403,101 +406,7 @@ Changes to display source can be sent by a room control system, or other system.
 </tbody>
 </table>
 
- 
-
-### Starting apps
-
-Surface Hub keyboard supports starting apps with special keys. Room control systems can invoke those keys through the management port. There is no expected response for these commands.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">State</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>0</p></td>
-<td align="left"><p>Start large-screen experience (LSX)</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>1</p></td>
-<td align="left"><p>Start LSX custom app 1</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>2</p></td>
-<td align="left"><p>Start LSX custom app 2</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>3</p></td>
-<td align="left"><p>Start LSX custom app 3</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-Changes to display source can be sent by a room control system, or other system.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Command</th>
-<th align="left">State change</th>
-<th align="left">Response</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>AppKey=&lt;#&gt;</p></td>
-<td align="left"><p>Send a command to</p>
-<p>PC service notifies SMC that the display source has switched.</p></td>
-<td align="left"><p>Source=&lt;#&gt;</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### I'm done
-
-People will be able to start the I'm done feature on a Surface Hub from a room control system. I'm done removes any work that was displayed on the Surface Hub before ending the meeting. No information or files are saved on Surface Hub.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Command</th>
-<th align="left">State change</th>
-<th align="left">Response</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>I'm done</p></td>
-<td align="left"><p>Start I'm done activity on Surface Hub.</p></td>
-<td align="left"><p>none</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-### Errors
+## Errors
 
 Errors are returned following the format in this table.
 

From b812ae8e3e395e807947afb10e24aece16092aca Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Tue, 31 May 2016 15:02:49 -0700
Subject: [PATCH 54/92] typos

---
 .../manage/configure-windows-telemetry-in-your-organization.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/configure-windows-telemetry-in-your-organization.md b/windows/manage/configure-windows-telemetry-in-your-organization.md
index 5cc81e98f4..0c28495bbb 100644
--- a/windows/manage/configure-windows-telemetry-in-your-organization.md
+++ b/windows/manage/configure-windows-telemetry-in-your-organization.md
@@ -279,7 +279,7 @@ There are a few more settings that you can turn off that may send telemetry info
 
 ### Drive higher application and driver quality in the ecosystem
 
-Telemetry plays an important role in quickly identifying and fixing critical reliability and security issues in our customers’ deployments and configurations. Insights into the telemetry data we gather helps us to quickly identify crashes or hangs associated with a certain application or driver on a given configuration, like a particular storage type (for example, SCSI) or a memory size. For System Center, job usages and statuses can also help us enhance the job workload and the communication between System Center and its managed products. Microsoft’s ability to get this data from customers and drive improvements into the ecosystem helps raise the bar for the quality of System Center, Windows Server applications, Windows apps, and drivers. Real-time data about Windows installations reduces downtime and the cost associated with troubleshooting unreliable drivers or unstable applications
+Telemetry plays an important role in quickly identifying and fixing critical reliability and security issues in our customers’ deployments and configurations. Insights into the telemetry data we gather helps us to quickly identify crashes or hangs associated with a certain application or driver on a given configuration, like a particular storage type (for example, SCSI) or a memory size. For System Center, job usages and statuses can also help us enhance the job workload and the communication between System Center and its managed products. Microsoft’s ability to get this data from customers and drive improvements into the ecosystem helps raise the bar for the quality of System Center, Windows Server applications, Windows apps, and drivers. Real-time data about Windows installations reduces downtime and the cost associated with troubleshooting unreliable drivers or unstable applications.
 
 ### Reduce your total cost of ownership and downtime
 

From 757fe6defde63707078085147923177f7a71ae02 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 31 May 2016 15:09:53 -0700
Subject: [PATCH 55/92] fixing image issue

---
 devices/surface-hub/use-room-control-system-with-surface-hub.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md
index b467970fef..1158773d5f 100644
--- a/devices/surface-hub/use-room-control-system-with-surface-hub.md
+++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md
@@ -64,7 +64,7 @@ You can use a standard RJ-11 (6P6C) connector to connect the Surface Hub serial
 
 This diagram shows the correct pinout usedfor an RJ-11 (6P6C) to DB9 cable.
 
-![image showing the wiring diagram. ](images/room-control-wiring-diagram.png)
+![image showing the wiring diagram.](images/room-control-wiring-diagram.png)
 
 ## Command sets
 

From f51ead17f4b5c350ce85408800a7b85461bcebbb Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 15:42:52 -0700
Subject: [PATCH 56/92] some edits

---
 .../deploy/upgrade-windows-phone-8-1-to-10.md | 36 ++++++++++---------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index c0cad00ee1..526351a3e1 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -2,7 +2,7 @@
 title: Upgrade Windows Phone 8.1 to Windows 10 Mobile in an MDM environment (Windows 10)
 description: This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. 
 keywords: upgrade, update, windows, phone, windows 10, mdm, mobile
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
@@ -11,14 +11,18 @@ author: greg-lindsay
 
 # Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management (MDM)
 
+**Applies to**
+
+-   Windows 10 Mobile
+
 ## Summary
-This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using MDM. To determine if the device is eligible for an upgrade, see [How to determine whether an upgrade is available for a device](#howto).
+This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using Mobile Device Management (MDM). To determine if the device is eligible for an upgrade, see the [How to determine whether an upgrade is available for a device](#howto-upgrade-available) topic in this article.
 
-The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through Mobile Device Management (MDM) that can push a management policy to each eligible device to perform the opt-in.
+The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through MDM that can push a management policy to each eligible device to perform the opt-in.
 
-If you use a list of allowed applications (known as whitelisting) through MDM, see the documentation here to make sure system applications are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are known issues listed in the documentation that could adversely affect the device after you upgrade. See this documentation for rules to avoid.
+If you use a list of allowed applications (app whitelisting) with MDM, verify that system applications are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are [known issues](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056.aspx#whitelist) with app whitelisting that could adversely affect the device after you upgrade.
 
-Some enterprises may want to control the availability of the Windows 10 Mobile upgrade to their users. With the opt-in model, the enterprise can blacklist the Upgrade Advisor app to prevent their users from upgrading prematurely. For more information about how to blacklist the Upgrade Advisor app, see the How to blacklist the Upgrade Advisor app section. Enterprises that have blacklisted the Upgrade Advisor app can use the solution that's described in this article to select the upgrade timing on a per-device basis.
+Some enterprises might want to control the availability of the Windows 10 Mobile upgrade to their users. With the opt-in model, the enterprise can blacklist the Upgrade Advisor app to prevent their users from upgrading prematurely. For more information about how to blacklist the Upgrade Advisor app, see the [How to blacklist the Upgrade Advisor app](#howto-blacklist) section in this article. Enterprises that have blacklisted the Upgrade Advisor app can use the solution described in this article to select the upgrade timing on a per-device basis.
 
 ## More information
 
@@ -28,9 +32,9 @@ To provide enterprises with a solution that's independent of the Upgrade Advisor
 
 - Windows Phone 8.1 device with an available upgrade to Windows 10 Mobile.
 - Device connected to Wi-Fi or cellular network to perform scan for upgrade.
-- Device is already enrolled with a MDM session.
+- Device is already enrolled with an MDM session.
 - Device is able to receive the management policy.
-- MDM is capable of pushing the management policy to devices. (The minimum version for popular MDM providers that support the solution in this article are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.)
+- MDM is capable of pushing the management policy to devices. Minimum version numbers for some popular MDM providers that support this solution are: InTune: 5.0.5565, AirWatch: 8.2, Mobile Iron: 9.0.
 
 ### Instructions for the MDM server
 
@@ -44,7 +48,7 @@ The registry CSP is used to push the GUID value to the following registry key fo
 
 The complete SyncML command for the solution is as follows.
 
-Note The SyncML may vary, depending on your MDM solution.
+Note: The SyncML may vary, depending on your MDM solution.
 
 ```
 SyncML xmlns="SYNCML:SYNCML1.1"> 
@@ -79,25 +83,23 @@ Value  d369c9b6-2379-466d-9162-afc53361e3c2
 
 After the device consumes the policy, it will be able to receive an available upgrade.
 
-To disable the policy, either delete the OMADM registry key or set the EnterpriseUpgrade string value to anything other than the GUID.
+To disable the policy, delete the OMADM registry key or set the EnterpriseUpgrade string value to anything other than the GUID.
 
-### How to determine whether an upgrade is available for a device <a id="howto"></a>
+### How to determine whether an upgrade is available for a device <a id="howto-upgrade-available"></a>
 
-The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process.
-
-However, the Windows 10 Mobile Upgrade Advisor app is the best mechanism to determine when an upgrade is available. The app dynamically queries whether the upgrade is released for this device model and associated mobile operator (MO).
+The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterprise customers who want to automate the upgrade process. However, the Windows 10 Mobile Upgrade Advisor app is the best mechanism to determine when an upgrade is available. The app dynamically queries whether the upgrade is released for this device model and associated mobile operator (MO).
 
 We recommend that enterprises use a pilot device with the Windows 10 Mobile Upgrade Advisor app installed. The pilot device provides the device model and MO used by the enterprise. When you run the app on the pilot device, it will tell you that either an upgrade is available, that the device is eligible for upgrade, or that an upgrade is not available for this device.
 
-Note The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the Windows 10 mobile page.
+Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 mobile](https://www.microsoft.com/en/mobile/windows10) page.
 
-### How to blacklist the Upgrade Advisor app
+### How to blacklist the Upgrade Advisor app <a id="howto-blacklist"></a>
 
-Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows Phone Upgrade Adviser is listed in the following location:
+Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows Phone Upgrade Adviser (fbe47e4f-7769-4103-910e-dca8c43e0b07) is displayed in the following URL:
 
 http://windowsphone.com/s?appid=fbe47e4f-7769-4103-910e-dca8c43e0b07
 
-For more information about how to do this, see the Try it out: restrict Windows Phone 8.1 apps topic on TechNet.
+For more information about how to do this, see [Try it out: restrict Windows Phone 8.1 apps](https://technet.microsoft.com/en-us/windows/dn771706.aspx).
 
 ## Related topics
 

From 1e3e04982a25eb0674540b82b66c84938fe9af4f Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 15:55:37 -0700
Subject: [PATCH 57/92] fixed table

---
 windows/deploy/upgrade-windows-phone-8-1-to-10.md | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index 526351a3e1..06736b9eaa 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -46,9 +46,7 @@ The registry CSP is used to push the GUID value to the following registry key fo
 ```
 
 
-The complete SyncML command for the solution is as follows.
-
-Note: The SyncML may vary, depending on your MDM solution.
+The complete SyncML command for the solution is as follows. Note: The SyncML may vary, depending on your MDM solution.
 
 ```
 SyncML xmlns="SYNCML:SYNCML1.1"> 
@@ -72,14 +70,11 @@ SyncML xmlns="SYNCML:SYNCML1.1">
 
 The OMA DM server policy description is provided in the following table:
 
-```
-OMA-URI  ./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade 
-```
 
-Data Type  String  
-```
-Value  d369c9b6-2379-466d-9162-afc53361e3c2 
-```
+| OMA-URI  ./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade |
+| Data Type  String |
+| Value  d369c9b6-2379-466d-9162-afc53361e3c2 |
+
 
 After the device consumes the policy, it will be able to receive an available upgrade.
 

From 9f32206a1a0e97ee7636fae925002e5fc0003c36 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 16:14:27 -0700
Subject: [PATCH 58/92] table again

---
 windows/deploy/upgrade-windows-phone-8-1-to-10.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index 06736b9eaa..fcd5564915 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -70,10 +70,11 @@ SyncML xmlns="SYNCML:SYNCML1.1">
 
 The OMA DM server policy description is provided in the following table:
 
-
-| OMA-URI  ./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade |
-| Data Type  String |
-| Value  d369c9b6-2379-466d-9162-afc53361e3c2 |
+|Item |Setting |
+|------|------------|
+| OMA-URI  |./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade |
+| Data Type  |String |
+| Value  |d369c9b6-2379-466d-9162-afc53361e3c2 |
 
 
 After the device consumes the policy, it will be able to receive an available upgrade.

From 3a831739a0439566f7d3a4f3e010c81d7d299983 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Tue, 31 May 2016 16:51:54 -0700
Subject: [PATCH 59/92] again

---
 windows/deploy/upgrade-windows-phone-8-1-to-10.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index fcd5564915..4a59de5fa9 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -79,7 +79,7 @@ The OMA DM server policy description is provided in the following table:
 
 After the device consumes the policy, it will be able to receive an available upgrade.
 
-To disable the policy, delete the OMADM registry key or set the EnterpriseUpgrade string value to anything other than the GUID.
+To disable the policy, delete the **OMADM** registry key or set the **EnterpriseUpgrade** string value to anything other than the GUID.
 
 ### How to determine whether an upgrade is available for a device <a id="howto-upgrade-available"></a>
 

From e37cd8e0eabdf4dc2ee140e0a1ed896ef31b6bd2 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Wed, 1 Jun 2016 09:33:19 -0700
Subject: [PATCH 60/92] tweak link text

---
 education/windows/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/education/windows/index.md b/education/windows/index.md
index 26974a5cdc..55697f65f9 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -25,4 +25,4 @@ author: jdeckerMS
 ## Related topics
 
 - [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)
-- [Try it out: virtual labs for Windows 10 Education](https://technet.microsoft.com/en-us/windows/dn610356)
+- [Try it out: virtual labs and how-to videos for Windows 10 Education](https://technet.microsoft.com/en-us/windows/dn610356)

From e14cf5684a37c610d4b2080604fffdda104a6bdd Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Wed, 1 Jun 2016 09:35:18 -0700
Subject: [PATCH 61/92] updates from tech review

---
 .../use-room-control-system-with-surface-hub.md      | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md
index 1158773d5f..e3971aa2c6 100644
--- a/devices/surface-hub/use-room-control-system-with-surface-hub.md
+++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md
@@ -185,7 +185,7 @@ In Replacement PC mode, the power states are only Ready and Off and only change
 </tbody>
 </table>
 
-For a control device, anything other than 5 / Ready should be considered off. 
+For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and reponses. 
 
 <table>
 <colgroup>
@@ -203,14 +203,10 @@ For a control device, anything other than 5 / Ready should be considered off.
 <tbody>
 <tr class="odd">
 <td align="left"><p>PowerOn</p></td>
-<td align="left"><p>Device turns on (display + PC).</p></td>
-<td align="left"><p>Power=0</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>PowerOn</p></td>
-<td align="left"><p>PC service notifies SMC that the PC is ready.</p></td>
-<td align="left"><p>Power=5</p></td>
+<td align="left"><p>Device turns on (display + PC).</p><p>PC service notifies SMC that the PC is ready.</p></td>
+<td align="left"><p>Power=0</p><p>Power=5</p></td>
 </tr>
+
 <tr class="even">
 <td align="left"><p>PowerOff</p></td>
 <td align="left"><p>Device transitions to ambient state (PC on, display dim).</p></td>

From a60787240326ce3167979755b65de681db40bb07 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Wed, 1 Jun 2016 11:02:07 -0700
Subject: [PATCH 62/92] editing change history

---
 .../manage/change-history-for-manage-and-update-windows-10.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md
index df398cfd27..3035b4bb6c 100644
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@@ -17,7 +17,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
 | New or changed topic | Description |
 | ---|---|
 | [Group Policies that apply only to Windows 10 Enterprise and Education Editions](group-policies-for-enterprise-and-education-editions.md) | New |
-| [Configure Windows 10 devices to stop data flow to Microsoft](configure-windows-10-devices-to-stop-data-flow-to-microsoft.md) | Added section on how to turn off Live Tiles |
+| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added section on how to turn off Live Tiles |
 | [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) | New telemetry content |
 | [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) |Removed info about sharing wi-fi network access with contacts, since it's been deprecated. |
 | [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Corrected script for setting a custom shell using Shell Launcher |

From e0e1891fdde9bb3324d29d8f14b0739402ccfb37 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Wed, 1 Jun 2016 12:51:18 -0700
Subject: [PATCH 63/92] space error

---
 devices/surface-hub/use-room-control-system-with-surface-hub.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md
index e3971aa2c6..447edd18aa 100644
--- a/devices/surface-hub/use-room-control-system-with-surface-hub.md
+++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md
@@ -62,7 +62,7 @@ To connect to a room control system control panel, you don't need to configure a
 
 You can use a standard RJ-11 (6P6C) connector to connect the Surface Hub serial port to a room control system. This is the recommended method. You can also use an RJ-11 4-conductor cable, but we do not recommend this method.
 
-This diagram shows the correct pinout usedfor an RJ-11 (6P6C) to DB9 cable.
+This diagram shows the correct pinout used for an RJ-11 (6P6C) to DB9 cable.
 
 ![image showing the wiring diagram.](images/room-control-wiring-diagram.png)
 

From 0d7d697908da8a424fccd21a958def0662b41342 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Wed, 1 Jun 2016 13:56:33 -0700
Subject: [PATCH 64/92] minor edits

---
 windows/deploy/upgrade-windows-phone-8-1-to-10.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index 4a59de5fa9..c2e678923a 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -55,7 +55,7 @@ SyncML xmlns="SYNCML:SYNCML1.1">
       <CmdID>250</CmdID>
       <Item>
         <Target>
-          <LocURI>./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/ EnterpriseUpgrade</LocURI>
+          <LocURI>./Vendor/MSFT/Registry/HKLM/SOFTWARE/Microsoft/Provisioning/OMADM/EnterpriseUpgrade</LocURI>
         </Target>
         <Meta>
           <Format xmlns=”syncml:metinf”>chr</Format>
@@ -91,7 +91,7 @@ Note: The availability of Windows 10 Mobile as an update for existing Windows Ph
 
 ### How to blacklist the Upgrade Advisor app <a id="howto-blacklist"></a>
 
-Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows Phone Upgrade Adviser (fbe47e4f-7769-4103-910e-dca8c43e0b07) is displayed in the following URL:
+Some enterprises may want to block their users from installing the Windows 10 Mobile Upgrade Advisor app. With Windows Phone 8.1, you can allow or deny individual apps by adding specific app publishers or the app globally unique identifier (GUID) from the Window Phone Store to an allow or deny XML list. The GUID for a particular application can be found in the URL for the app in the phone store. For example, the GUID to the Windows 10 Mobile Upgrade Adviser (fbe47e4f-7769-4103-910e-dca8c43e0b07) is displayed in the following URL:
 
 http://windowsphone.com/s?appid=fbe47e4f-7769-4103-910e-dca8c43e0b07
 

From 60ad78e71f336e6071e309ffd2a511c1a1c25edc Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Wed, 1 Jun 2016 15:37:35 -0700
Subject: [PATCH 65/92] checking new topic

---
 ...nfigure-a-pxe-server-to-load-windows-pe.md | 177 ++++++++++++++++++
 1 file changed, 177 insertions(+)
 create mode 100644 windows/deploy/configure-a-pxe-server-to-load-windows-pe.md

diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
new file mode 100644
index 0000000000..e174209ece
--- /dev/null
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -0,0 +1,177 @@
+---
+title: Walkthrough: Configure a PXE server to load Windows PE
+description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network. 
+keywords: windows pe, windows 10, upgrade, deploy, image
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deployment
+author: greg-lindsay
+---
+
+# Walkthrough: Configure a PXE server to load Windows PE
+
+**Applies to**
+
+-   Windows 10
+
+This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
+
+## Prerequisites
+
+- Deployment computer: A computer with the Windows Assessment and Deployment Kit (Windows ADK) installed (<https://www.microsoft.com/en-us/download/details.aspx?id=39982>).
+- DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests.
+- PXE server: A server running the TFTP server service.
+- File server: A server hosting a network file share.
+
+All four of the roles specified above can be hosted on the same computer if desired, but this is not required.
+
+## Step 1: Copy Windows PE source files to the PXE server
+
+### To copy source files to your PXE server:
+
+1. On the deployment computer, click **Start**, and type **deployment**.
+2. Right-click **Deployment and Imaging Tools Environment** and then click **Run as administrator**. The Deployment and Imaging Tools Environment shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools.
+3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. 
+
+```
+copype.cmd <arch> <destination>
+```
+
+The value of &lt;arch&gt; can be **x86**, **amd64**, or **arm** and &lt;destination&gt; is a path to a local directory. If the directory does not already exist, it will be created. For example:
+
+```
+copype.cmd amd64 C:\\winpe\_amd64
+```
+
+The script creates the destination directory structure and copies all the necessary files for that architecture. For example:
+
+C:\\winpe\_amd64
+C:\\winpe\_amd64\\fwfiles
+C:\\winpe\_amd64\\media
+C:\\winpe\_amd64\\mount
+
+4. Mount the base Windows PE image (winpe.wim) to the \\mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. To mount the image file, run the following command. Replace the directory names with the directory name that you used in the previous step.
+
+```
+Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
+```
+
+5.Map a network share to the root TFTP directory on the PXE/TFTP server and create a \\Boot folder. Consult your TFTP server documentation to determine the root TFTP server directory, enable sharing this directory, and verify it can be accessed on the network. In the following example, the PXE server name is PXE-1 and the TFTP root directory is shared using a network path of \\PXE-1\TFTPRoot. See the following example:
+
+```
+net use y: \\PXE-1\TFTPRoot
+y:
+md boot
+```
+
+6. Copy the PXE boot files from the mounted directory to the \\Boot folder. For example,
+
+```
+copy c:\winpe_amd64\mount\windows\boot\pxe\*.* y:\boot
+```
+
+7.  Copy the boot.sdi file to the PXE/TFTP server.
+
+```
+copy C:\winpe_amd64\media\boot\boot.sdi y:\boot
+```
+
+8.  Copy the bootable Windows PE image (boot.wim) to the \\Boot folder.
+
+```
+copy C:\winpe_amd64\media\sources\boot.wim y:\boot
+```
+
+## Step 2: Configure boot settings and copy the BCD file
+
+### To configure boot settings:
+
+1.  Create a BCD store using bcdedit.exe. For example:
+
+```
+bcdedit /createstore c:\BCD
+```
+
+2.  Configure RAMDISK settings. See the following example:
+
+```
+bcdedit /store c:\BCD /create {ramdiskoptions} /d "Ramdisk options"
+bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdidevice partition=C:
+bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdipath \winpe_amd64\media\boot\boot.sdi
+```
+
+3.  Create a new boot application entry for the Windows PE image. See the following example:
+
+```
+bcdedit /store c:\BCD /set {GUID1} device ramdisk=[c:]\winpe_amd64\media\sources\boot.wim,{ramdiskoptions} 
+bcdedit /store c:\BCD /set {GUID1} path \windows\system32\winload.exe 
+bcdedit /store c:\BCD /set {GUID1} osdevice ramdisk=[c:]\winpe_amd64\media\sources\boot.wim,{ramdiskoptions} 
+bcdedit /store c:\BCD /set {GUID1} systemroot \windows
+bcdedit /store c:\BCD /set {GUID1} detecthal Yes
+bcdedit /store c:\BCD /set {GUID1} winpe Yes
+```
+
+4.  Configure BOOTMGR settings. See the following example:
+
+```
+bcdedit /store c:\BCD /set {bootmgr} timeout 30 
+bcdedit /store c:\BCD -displayorder {GUID1} -addlast
+```
+
+5.  Copy the BCD file to your TFTP server. For example,
+
+```
+copy c:\BCD \\PXE-1\TFTPRoot\Boot
+```
+
+Your PXE/TFTP server is now configured.
+
+Note: You can view the BCD settings that have been configured using the command “bcdedit /store &lt;BCD file location&gt; /enum all. See the following example:
+
+```
+C:\>bcdedit /store C:\BCD /enum all
+Windows Boot Manager
+--------------------
+identifier              {bootmgr}
+description             boot manager
+displayorder            {a4f89c62-2142-11e6-80b6-00155da04110}
+timeout                 30
+
+Windows Boot Loader
+-------------------
+identifier              {a4f89c62-2142-11e6-80b6-00155da04110}
+device                  ramdisk=[boot]\boot\boot.wim,{ramdiskoptions}
+description             winpe boot image
+osdevice                ramdisk=[boot]\boot\boot.wim,{ramdiskoptions}
+systemroot              \Windows
+detecthal               Yes
+winpe                   Yes
+
+Setup Ramdisk Options
+---------------------
+identifier              {ramdiskoptions}
+description             ramdisk options
+ramdisksdidevice        boot
+ramdisksdipath          \boot\boot.sdi
+```
+
+#### The deployment process
+
+The following summarizes the PXE client boot process.
+
+1.  A client is directed by DHCP options 066 and 067 to download boot\\wdsnbp.com from the TFTP server.
+2.  Wdsnbp.com validates the DHCP/PXE response packet and then the client downloads boot\\pxeboot.com.
+3.  Pxeboot.com requires the client to press the F12 key to initiate a PXE boot.
+4.  The client downloads boot\\bootmgr.exe and the boot\\BCD file from the TFTP server. Note: The BCD store must reside in the \\boot directory on the TFTP server and must be named BCD.
+5.  Bootmgr.exe reads the BCD operating system entries and downloads boot\\boot.sdi and the Windows PE image (boot\\boot.wim). Optional files that can also be downloaded include true type fonts (boot\\Fonts\\wgl4\_boot.ttf) and the hibernation state file (\\hiberfil.sys) if these files are present.
+6.  Bootmgr.exe starts Windows PE by calling winload.exe within the Windows PE image.
+7.  Windows PE loads, a command prompt opens and wpeinit.exe is run to initialize Windows PE.
+8.  The Windows PE client provides access to tools like imagex, diskpart, and bcdboot using the Windows PE command prompt. Using these tools together with a Windows 10 image file, the destination computer can be formatted properly to load a full Windows 10 operating system.
+
+See Also 
+---------
+
+#### Concepts
+
+[Windows PE Walkthroughs](https://technet.microsoft.com/en-us/library/cc748899.aspx)
\ No newline at end of file

From 707e682be8307696804ce89d2a5f57e4b27c96a9 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Wed, 1 Jun 2016 16:29:39 -0700
Subject: [PATCH 66/92] added to TOC

---
 windows/deploy/TOC.md                         |   1 +
 ...nfigure-a-pxe-server-to-load-windows-pe.md | 140 +++++++++---------
 2 files changed, 71 insertions(+), 70 deletions(-)

diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index d0819639d7..cc0388e935 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -34,6 +34,7 @@
 ### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
 ## [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 ## [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md)
+## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
 ## [Windows 10 edition upgrade](windows-10-edition-upgrades.md)
 ## [Deploy Windows To Go in your organization](deploy-windows-to-go.md)
 ## [Update Windows 10 images with provisioning packages](update-windows-10-images-with-provisioning-packages.md)
diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index e174209ece..0d9b9332db 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -1,5 +1,5 @@
 ---
-title: Walkthrough: Configure a PXE server to load Windows PE
+title: Walkthrough: Configure a PXE server to load Windows PE (Windows 10)
 description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network. 
 keywords: windows pe, windows 10, upgrade, deploy, image
 ms.prod: w10
@@ -19,115 +19,115 @@ This topic describes how to configure a PXE server to load Windows PE so that
 
 ## Prerequisites
 
-- Deployment computer: A computer with the Windows Assessment and Deployment Kit (Windows ADK) installed (<https://www.microsoft.com/en-us/download/details.aspx?id=39982>).
-- DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests.
-- PXE server: A server running the TFTP server service.
-- File server: A server hosting a network file share.
+- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](https://www.microsoft.com/en-us/download/details.aspx?id=39982) (Windows ADK) installed.
+- A DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests is required.
+- A PXE server: A server running the TFTP service that can host Windows PE boot files that the client will download.
+- A file server: A server hosting a network file share.
 
-All four of the roles specified above can be hosted on the same computer if desired, but this is not required.
+All four of the roles specified above can be hosted on the same computer or each can be on a separate computer.
 
-## Step 1: Copy Windows PE source files to the PXE server
+## Step 1: Copy Windows PE source files from the deployment computer to the PXE server
 
-### To copy source files to your PXE server:
+### To copy source files to the PXE server:
 
 1. On the deployment computer, click **Start**, and type **deployment**.
 2. Right-click **Deployment and Imaging Tools Environment** and then click **Run as administrator**. The Deployment and Imaging Tools Environment shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools.
 3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. 
 
-```
-copype.cmd <arch> <destination>
-```
+    ```
+    copype.cmd <arch> <destination>
+    ```
 
-The value of &lt;arch&gt; can be **x86**, **amd64**, or **arm** and &lt;destination&gt; is a path to a local directory. If the directory does not already exist, it will be created. For example:
+    The value of **&lt;arch&gt;** can be **x86**, **amd64**, or **arm** and **&lt;destination&gt;** is a path to a local directory. If the directory does not already exist, it will be created. For example, the following command copies **amd64** architecture files to the **C:\winpe_amd64** directory:
 
-```
-copype.cmd amd64 C:\\winpe\_amd64
-```
+    ```
+    copype.cmd amd64 C:\winpe_amd64
+    ```
 
-The script creates the destination directory structure and copies all the necessary files for that architecture. For example:
+    The script creates the destination directory structure and copies all the necessary files for that architecture. In the previous example, the following directories are created:
 
-C:\\winpe\_amd64
-C:\\winpe\_amd64\\fwfiles
-C:\\winpe\_amd64\\media
-C:\\winpe\_amd64\\mount
+    C:\\winpe\_amd64
+    C:\\winpe\_amd64\\fwfiles
+    C:\\winpe\_amd64\\media
+    C:\\winpe\_amd64\\mount
 
-4. Mount the base Windows PE image (winpe.wim) to the \\mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. To mount the image file, run the following command. Replace the directory names with the directory name that you used in the previous step.
+4. Mount the base Windows PE image (winpe.wim) to the \mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. See the following example.
 
-```
-Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
-```
+    ```
+    Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
+    ```
 
-5.Map a network share to the root TFTP directory on the PXE/TFTP server and create a \\Boot folder. Consult your TFTP server documentation to determine the root TFTP server directory, enable sharing this directory, and verify it can be accessed on the network. In the following example, the PXE server name is PXE-1 and the TFTP root directory is shared using a network path of \\PXE-1\TFTPRoot. See the following example:
+5. Map a network share to the root TFTP directory on the PXE/TFTP server and create a \Boot folder. Consult your TFTP server documentation to determine the root TFTP server directory, then enable sharing for this directory, and verify it can be accessed on the network. In the following example, the PXE server name is PXE-1 and the TFTP root directory is shared using a network path of \\PXE-1\TFTPRoot:
 
-```
-net use y: \\PXE-1\TFTPRoot
-y:
-md boot
-```
+    ```
+    net use y: \\PXE-1\TFTPRoot
+    y:
+    md boot
+    ```
 
-6. Copy the PXE boot files from the mounted directory to the \\Boot folder. For example,
+6. Copy the PXE boot files from the mounted directory to the \Boot folder. For example:
 
-```
-copy c:\winpe_amd64\mount\windows\boot\pxe\*.* y:\boot
-```
+    ```
+    copy c:\winpe_amd64\mount\windows\boot\pxe\*.* y:\boot
+    ```
 
 7.  Copy the boot.sdi file to the PXE/TFTP server.
 
-```
-copy C:\winpe_amd64\media\boot\boot.sdi y:\boot
-```
+    ```
+    copy C:\winpe_amd64\media\boot\boot.sdi y:\boot
+    ```
 
-8.  Copy the bootable Windows PE image (boot.wim) to the \\Boot folder.
+8.  Copy the bootable Windows PE image (boot.wim) to the \Boot folder.
 
-```
-copy C:\winpe_amd64\media\sources\boot.wim y:\boot
-```
+    ```
+    copy C:\winpe_amd64\media\sources\boot.wim y:\boot
+    ```
 
 ## Step 2: Configure boot settings and copy the BCD file
 
 ### To configure boot settings:
 
-1.  Create a BCD store using bcdedit.exe. For example:
+1.  Create a BCD store using bcdedit.exe:
 
-```
-bcdedit /createstore c:\BCD
-```
+    ```
+    bcdedit /createstore c:\BCD
+    ```
 
-2.  Configure RAMDISK settings. See the following example:
+2.  Configure RAMDISK settings:
 
-```
-bcdedit /store c:\BCD /create {ramdiskoptions} /d "Ramdisk options"
-bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdidevice partition=C:
-bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdipath \winpe_amd64\media\boot\boot.sdi
-```
+    ```
+    bcdedit /store c:\BCD /create {ramdiskoptions} /d "Ramdisk options"
+    bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdidevice partition=C:
+    bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdipath \winpe_amd64\media\boot\boot.sdi
+    ```
 
-3.  Create a new boot application entry for the Windows PE image. See the following example:
+3.  Create a new boot application entry for the Windows PE image:
 
-```
-bcdedit /store c:\BCD /set {GUID1} device ramdisk=[c:]\winpe_amd64\media\sources\boot.wim,{ramdiskoptions} 
-bcdedit /store c:\BCD /set {GUID1} path \windows\system32\winload.exe 
-bcdedit /store c:\BCD /set {GUID1} osdevice ramdisk=[c:]\winpe_amd64\media\sources\boot.wim,{ramdiskoptions} 
-bcdedit /store c:\BCD /set {GUID1} systemroot \windows
-bcdedit /store c:\BCD /set {GUID1} detecthal Yes
-bcdedit /store c:\BCD /set {GUID1} winpe Yes
-```
+    ```
+    bcdedit /store c:\BCD /set {GUID1} device ramdisk=[c:]\winpe_amd64\media\sources\boot.wim,{ramdiskoptions} 
+    bcdedit /store c:\BCD /set {GUID1} path \windows\system32\winload.exe 
+    bcdedit /store c:\BCD /set {GUID1} osdevice ramdisk=[c:]\winpe_amd64\media\sources\boot.wim,{ramdiskoptions} 
+    bcdedit /store c:\BCD /set {GUID1} systemroot \windows
+    bcdedit /store c:\BCD /set {GUID1} detecthal Yes
+    bcdedit /store c:\BCD /set {GUID1} winpe Yes
+    ```
 
-4.  Configure BOOTMGR settings. See the following example:
+4.  Configure BOOTMGR settings:
 
-```
-bcdedit /store c:\BCD /set {bootmgr} timeout 30 
-bcdedit /store c:\BCD -displayorder {GUID1} -addlast
-```
+    ```
+    bcdedit /store c:\BCD /set {bootmgr} timeout 30 
+    bcdedit /store c:\BCD -displayorder {GUID1} -addlast
+    ```
 
-5.  Copy the BCD file to your TFTP server. For example,
+5.  Copy the BCD file to your TFTP server:
 
-```
-copy c:\BCD \\PXE-1\TFTPRoot\Boot
-```
+    ```
+    copy c:\BCD \\PXE-1\TFTPRoot\Boot
+    ```
 
 Your PXE/TFTP server is now configured.
 
-Note: You can view the BCD settings that have been configured using the command “bcdedit /store &lt;BCD file location&gt; /enum all. See the following example:
+Note: You can view the BCD settings that have been configured using the command **“bcdedit /store &lt;BCD file location&gt; /enum all**:
 
 ```
 C:\>bcdedit /store C:\BCD /enum all

From 5ae8ba3d2574a546d6558d1fa4082864af594ca9 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Wed, 1 Jun 2016 16:45:14 -0700
Subject: [PATCH 67/92] updating for Windows 10

---
 windows/keep-secure/TOC.md                    |   4 +-
 .../basic-firewall-policy-design.md           |  54 +++--
 ...e-based-isolation-policy-design-example.md |  42 ++--
 ...rtificate-based-isolation-policy-design.md |  30 ++-
 ...irewall-with-advanced-security-strategy.md |  45 ++---
 .../domain-isolation-policy-design-example.md |  43 ++--
 .../domain-isolation-policy-design.md         |  53 +++--
 ...-with-advanced-security-design-examples.md |  17 +-
 .../firewall-policy-design-example.md         |  72 ++++---
 ...-about-your-active-directory-deployment.md |  30 ++-
 ...hering-information-about-your-computers.md |  58 ------
 ...out-your-current-network-infrastructure.md |  45 ++---
 .../gathering-other-relevant-information.md   |  52 ++---
 .../gathering-the-information-you-need.md     |  20 +-
 ...with-advanced-security-deployment-goals.md |   3 -
 ...-firewall-with-advanced-security-design.md |  77 ++-----
 ...computers-from-unwanted-network-traffic.md |  44 ----
 ...n-accessing-sensitive-network-resources.md |  32 ++-
 ...ss-to-only-specified-users-or-computers.md |  46 -----
 ...strict-access-to-only-trusted-computers.md |  59 ------
 ...s-by-using-ikev2-in-windows-server-2012.md | 189 ------------------
 .../server-isolation-policy-design-example.md |  62 +++---
 .../server-isolation-policy-design.md         |  37 ++--
 23 files changed, 287 insertions(+), 827 deletions(-)
 delete mode 100644 windows/keep-secure/gathering-information-about-your-computers.md
 delete mode 100644 windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
 delete mode 100644 windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
 delete mode 100644 windows/keep-secure/restrict-access-to-only-trusted-computers.md
 delete mode 100644 windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md

diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 03655002f2..89aee60958 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -436,8 +436,8 @@
 #### [Windows Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md)
 ##### [Understanding the Windows Firewall with Advanced Security Design Process](understanding-the-windows-firewall-with-advanced-security-design-process.md)
 ##### [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
-###### [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)
-###### [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)
+###### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
+###### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
 ###### [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)
 ###### [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)
 ##### [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
diff --git a/windows/keep-secure/basic-firewall-policy-design.md b/windows/keep-secure/basic-firewall-policy-design.md
index d5020e47c8..3863b0cf74 100644
--- a/windows/keep-secure/basic-firewall-policy-design.md
+++ b/windows/keep-secure/basic-firewall-policy-design.md
@@ -2,57 +2,58 @@
 title: Basic Firewall Policy Design (Windows 10)
 description: Basic Firewall Policy Design
 ms.assetid: 6f7af99e-6850-4522-b7f5-db98e6941418
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Basic Firewall Policy Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Many organizations have a network perimeter firewall that is designed to prevent the entry of malicious traffic in to the organization's network, but do not have a host-based firewall enabled on each computer in the organization.
+Many organizations have a network perimeter firewall that is designed to prevent the entry of malicious traffic in to the organization's network, but do not have a host-based firewall enabled on each device in the organization.
 
-The Basic Firewall Policy Design helps you to protect the computers in your organization from unwanted network traffic that gets through the perimeter defenses, or that originates from inside your network. In this design, you deploy firewall rules to each computer in your organization to allow traffic that is required by the programs that are used. Traffic that does not match the rules is dropped.
+The Basic Firewall Policy Design helps you to protect the devices in your organization from unwanted network traffic that gets through the perimeter defenses, or that originates from inside your network. In this design, you deploy firewall rules to each device in your organization to allow traffic that is required by the programs that are used. Traffic that does not match the rules is dropped.
 
-Traffic can be blocked or permitted based on the characteristics of each network packet: its source or destination IP address, its source or destination port numbers, the program on the computer that receives the inbound packet, and so on. This design can also be deployed together with one or more of the other designs that add IPsec protection to the network traffic permitted.
+Traffic can be blocked or permitted based on the characteristics of each network packet: its source or destination IP address, its source or destination port numbers, the program on the device that receives the inbound packet, and so on. This design can also be deployed together with one or more of the other designs that add IPsec protection to the network traffic permitted.
 
 Many network administrators do not want to tackle the difficult task of determining all the appropriate rules for every program that is used by the organization, and then maintaining that list over time. In fact, most programs do not require specific firewall rules. The default behavior of Windows and most contemporary applications makes this task easy:
 
--   On client computers, the default firewall behavior already supports typical client programs. Programs designed for Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista create any required rules for you as part of the installation process. You only have to create a rule if the client program must be able to receive unsolicited inbound network traffic from another computer.
+-   On client devices, the default firewall behavior already supports typical client programs. Programs create any required rules for you as part of the installation process. You only have to create a rule if the client program must be able to receive unsolicited inbound network traffic from another device.
 
 -   When you install a server program that must accept unsolicited inbound network traffic, the installation program likely creates or enables the appropriate rules on the server for you.
 
-    For example, when you install a server role in Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008, the appropriate firewall rules are created and enabled automatically.
+    For example, when you install a server role, the appropriate firewall rules are created and enabled automatically.
 
--   For other standard network behavior, the predefined rules that are built into Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista can easily be configured in a GPO and deployed to the computers in your organization.
+-   For other standard network behavior, the predefined rules that are built into Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista can easily be configured in a GPO and deployed to the devices in your organization.
 
     For example, by using the predefined groups for Core Networking and File and Printer Sharing you can easily configure GPOs with rules for those frequently used networking protocols.
 
-With few exceptions, the firewall can be enabled on all configurations of Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista. Therefore, we recommended that you enable the firewall on every computer in your organization. This includes servers in your perimeter network, on mobile and remote clients that connect to the network, and on all servers and clients in your internal network.
+With few exceptions, the firewall can be enabled on all configurations. Therefore, we recommended that you enable the firewall on every device in your organization. This includes servers in your perimeter network, on mobile and remote clients that connect to the network, and on all servers and clients in your internal network.
 
-**Caution**  
-**Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft**.
+>**Caution:**  Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft.
 
-By default, in new installations, Windows Firewall is turned on in Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista.
+By default, in new installations, Windows Firewall is turned on in Windows Server 2012, Windows 8, and later.
 
-If you turn off the Windows Firewall with Advanced Security service you lose other benefits provided by the service, such as the ability to use IPsec connection security rules, Windows Service Hardening, and network protection from forms of attacks that use network fingerprinting. For more information about Windows Service Hardening, see <http://go.microsoft.com/fwlink/?linkid=104976>.
+If you turn off the Windows Firewall with Advanced Security service you lose other benefits provided by the service, such as the ability to use IPsec connection security rules, Windows Service Hardening, and network protection from forms of attacks that use network fingerprinting.
 
-Third-party firewall software that is compatible with Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista can programmatically disable only the parts of Windows Firewall with Advanced Security that might need to be disabled for compatibility. This is the recommended approach for third-party firewalls to coexist with the Windows Firewall; third-party party firewalls that comply with this recommendation have the certified logo from Microsoft.
-
- 
+Compatible third-party firewall software can programmatically disable only the parts of Windows Firewall with Advanced Security that might need to be disabled for compatibility. This is the recommended approach for third-party firewalls to coexist with the Windows Firewall; third-party party firewalls that comply with this recommendation have the certified logo from Microsoft. 
 
 An organization typically uses this design as a first step toward a more comprehensive Windows Firewall with Advanced Security design that adds server isolation and domain isolation.
 
-After implementing this design, your administrative team will have centralized management of the firewall rules applied to all computers that are running Windows in your organization.
+After implementing this design, you will have centralized management of the firewall rules applied to all devices that are running Windows in your organization.
 
-**Important**  
-If you also intend to deploy the [Domain Isolation Policy Design](domain-isolation-policy-design.md), or the [Server Isolation Policy Design](server-isolation-policy-design.md), we recommend that you do the design work for all three designs together, and then deploy in layers that correspond with each design.
+>**Important:**  If you also intend to deploy the [Domain Isolation Policy Design](domain-isolation-policy-design.md), or the [Server Isolation Policy Design](server-isolation-policy-design.md), we recommend that you do the design work for all three designs together, and then deploy in layers that correspond with each design.
 
- 
-
-The basic firewall design can be applied to computers that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the firewall settings and rules.
+The basic firewall design can be applied to devices that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the firewall settings and rules.
 
 For more information about this design:
 
--   This design coincides with the deployment goal to [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md).
+-   This design coincides with the deployment goal to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md).
 
 -   To learn more about this design, see [Firewall Policy Design Example](firewall-policy-design-example.md).
 
@@ -60,15 +61,6 @@ For more information about this design:
 
 -   To help you make the decisions required in this design, see [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md).
 
--   For a list of detailed tasks that you can use to deploy your basic firewall policy design, see "Checklist: Implementing a Basic Firewall Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=98308) at http://go.microsoft.com/fwlink/?linkid=98308.
+-   For a list of detailed tasks that you can use to deploy your basic firewall policy design, see [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md).
 
 **Next: **[Domain Isolation Policy Design](domain-isolation-policy-design.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/certificate-based-isolation-policy-design-example.md b/windows/keep-secure/certificate-based-isolation-policy-design-example.md
index 2a59f16587..8b5e59db2e 100644
--- a/windows/keep-secure/certificate-based-isolation-policy-design-example.md
+++ b/windows/keep-secure/certificate-based-isolation-policy-design-example.md
@@ -2,55 +2,51 @@
 title: Certificate-based Isolation Policy Design Example (Windows 10)
 description: Certificate-based Isolation Policy Design Example
 ms.assetid: 509b513e-dd49-4234-99f9-636fd2f749e3
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Certificate-based Isolation Policy Design Example
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This design example continues to use the fictitious company Woodgrove Bank, as described in the sections [Firewall Policy Design Example](firewall-policy-design-example.md), [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md), and [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
 
-One of the servers that must be included in the domain isolation environment is a computer running UNIX that supplies other information to the WGBank dashboard program running on the client computers. This computer sends updated information to the WGBank front-end servers as it becomes available, so it is considered unsolicited inbound traffic to the computers that receive this information.
+One of the servers that must be included in the domain isolation environment is a device running UNIX that supplies other information to the WGBank dashboard program running on the client devices. This device sends updated information to the WGBank front-end servers as it becomes available, so it is considered unsolicited inbound traffic to the devices that receive this information.
 
 ## Design requirements
 
+One possible solution to this is to include an authentication exemption rule in the GPO applied to the WGBank front-end servers. This rule would instruct the front-end servers to accept traffic from the non-Windows device even though it cannot authenticate.
 
-One possible solution to this is to include an authentication exemption rule in the GPO applied to the WGBank front-end servers. This rule would instruct the front-end servers to accept traffic from the non-Windows computer even though it cannot authenticate.
+A more secure solution, and the one selected by Woodgrove Bank, is to include the non-Windows device in the domain isolation design. Because it cannot join an Active Directory domain, Woodgrove Bank chose to use certificate-based authentication. Certificates are cryptographically-protected documents, encrypted in such a way that their origin can be positively confirmed.
 
-A more secure solution, and the one selected by Woodgrove Bank, is to include the non-Windows computer in the domain isolation design. Because it cannot join an Active Directory domain, Woodgrove Bank chose to use certificate-based authentication. Certificates are cryptographically-protected documents, encrypted in such a way that their origin can be positively confirmed.
-
-In this case, Woodgrove Bank used Microsoft Certificate Services, included with Windows Server 2008, to create the appropriate certificate. They might also have acquired and installed a certificate from a third-party commercial certification authority. They then used Group Policy to deploy the certificate to the front-end servers. The GPOs applied to the front-end servers also include updated connection security rules that permit certificate-based authentication in addition to Kerberos V5 authentication. They then manually installed the certificate on the UNIX server.
+In this case, Woodgrove Bank used Active Directory Certificate Services to create the appropriate certificate. They might also have acquired and installed a certificate from a third-party commercial certification authority. They then used Group Policy to deploy the certificate to the front-end servers. The GPOs applied to the front-end servers also include updated connection security rules that permit certificate-based authentication in addition to Kerberos V5 authentication. They then manually installed the certificate on the UNIX server.
 
 The UNIX server is configured with firewall and IPsec connection security rules using the tools that are provided by the operating system vendor. Those rules specify that authentication is performed by using the certificate.
 
-The creation of the IPsec connection security rules for a non-Windows computer is beyond the scope of this document, but support for a certificate that can be used to authenticate such a non-Windows computer by using the standard IPsec protocols is the subject of this design.
+The creation of the IPsec connection security rules for a non-Windows device is beyond the scope of this document, but support for a certificate that can be used to authenticate such a non-Windows device by using the standard IPsec protocols is the subject of this design.
 
-The non-Windows computer can be effectively made a member of the boundary zone or the encryption zone based on the IPsec rules applied to the computer. The only constraint is that the main mode and quick mode encryption algorithms supported by the UNIX computer must also be supported by the Windows-based computers with which it communicates.
+The non-Windows device can be effectively made a member of the boundary zone or the encryption zone based on the IPsec rules applied to the device. The only constraint is that the main mode and quick mode encryption algorithms supported by the UNIX device must also be supported by the Windows-based devices with which it communicates.
 
 **Other traffic notes:**
 
--   None of the capabilities of the other designs discussed in this guide are compromised by the use of certificate authentication by a non-Windows computer.
+-   None of the capabilities of the other designs discussed in this guide are compromised by the use of certificate authentication by a non-Windows device.
 
 ## Design details
 
+Woodgrove Bank uses Active Directory groups and GPOs to deploy the domain isolation settings and rules to the devices in their organization.
 
-Woodgrove Bank uses Active Directory groups and GPOs to deploy the domain isolation settings and rules to the computers in their organization.
+The inclusion of one or more non-Windows devices to the network requires only a simple addition to the GPOs for devices that must communicate with the non-Windows device. The addition is allowing certificate-based authentication in addition to the Active Directory–supported Kerberos V5 authentication. This does not require including new rules, just adding certificate-based authentication as an option to the existing rules.
 
-The inclusion of one or more non-Windows computers to the network requires only a simple addition to the GPOs for computers that must communicate with the non-Windows computer. The addition is allowing certificate-based authentication in addition to the Active Directory–supported Kerberos V5 authentication. This does not require including new rules, just adding certificate-based authentication as an option to the existing rules.
+When multiple authentication methods are available, two negotiating devices agree on the first one in their lists that match. Because the majority of the devices in Woodgrove Bank's network run Windows, Kerberos V5 is listed as the first authentication method in the rules. Certificate-based authentication is added as an alternate authentication type.
 
-When multiple authentication methods are available, two negotiating computers agree on the first one in their lists that match. Because the majority of the computers in Woodgrove Bank's network run Windows, Kerberos V5 is listed as the first authentication method in the rules. Certificate-based authentication is added as an alternate authentication type.
+By using the Active Directory Users and Computers snap-in, Woodgrove Bank created a group named NAG\_COMPUTER\_WGBUNIX. They then added the device accounts to this group for Windows devices that need to communicate with the non-Windows devices. If all the devices in the isolated domain need to be able to access the non-Windows devices, then the **Domain Computers** group can be added to the group as a member.
 
-By using the Active Directory Users and Computers snap-in, Woodgrove Bank created a group named NAG\_COMPUTER\_WGBUNIX. They then added the computer accounts to this group for Windows computers that need to communicate with the non-Windows computers. If all the computers in the isolated domain need to be able to access the non-Windows computers, then the **Domain Computers** group can be added to the group as a member.
-
-Woodgrove Bank then created a GPO that contains the certificate, and then attached security group filters to the GPO that allow read and apply permissions to only members of the NAG\_COMPUTER\_WGBUNIX group. The GPO places the certificate in the **Local Computer / Personal / Certificates** certificate store. The certificate used must chain back to a certificate that is in the **Trusted Root Certification Authorities** store on the local computer.
+Woodgrove Bank then created a GPO that contains the certificate, and then attached security group filters to the GPO that allow read and apply permissions to only members of the NAG\_COMPUTER\_WGBUNIX group. The GPO places the certificate in the **Local Computer / Personal / Certificates** certificate store. The certificate used must chain back to a certificate that is in the **Trusted Root Certification Authorities** store on the local device.
 
 **Next: **[Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/certificate-based-isolation-policy-design.md b/windows/keep-secure/certificate-based-isolation-policy-design.md
index 3c24ba8f07..8d0483f776 100644
--- a/windows/keep-secure/certificate-based-isolation-policy-design.md
+++ b/windows/keep-secure/certificate-based-isolation-policy-design.md
@@ -2,25 +2,32 @@
 title: Certificate-based Isolation Policy Design (Windows 10)
 description: Certificate-based Isolation Policy Design
 ms.assetid: 63e01a60-9daa-4701-9472-096c85e0f862
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Certificate-based Isolation Policy Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 In the certificate-based isolation policy design, you provide the same types of protections to your network traffic as described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Server Isolation Policy Design](server-isolation-policy-design.md) sections. The only difference is the method used to share identification credentials during the authentication of your network traffic.
 
-Domain isolation and server isolation help provide security for the computers on the network that run Windows and that can be joined to an Active Directory domain. However, in most corporate environments there are typically some computers that must run another operating system, such as Linux or UNIX. These computers cannot join an Active Directory domain, without a third-party package being installed. Also, some computers that do run Windows cannot join a domain for a variety of reasons. To rely on Kerberos V5 as the authentication protocol, the computer needs to be joined to the Active Directory and (for non-windows computers) support Kerberos as an authentication protocol.
+Domain isolation and server isolation help provide security for the devices on the network that run Windows and that can be joined to an Active Directory domain. However, in most corporate environments there are typically some devices that must run another operating system. These devices cannot join an Active Directory domain, without a third-party package being installed. Also, some devices that do run Windows cannot join a domain for a variety of reasons. To rely on Kerberos V5 as the authentication protocol, the device needs to be joined to the Active Directory and (for non-Windows devices) support Kerberos as an authentication protocol.
 
-To authenticate with non-domain member computers, IPsec supports using standards-based cryptographic certificates. Because this authentication method is also supported by many third-party operating systems, it can be used as a way to extend your isolated domain to computers that do not run the Windows operating system.
+To authenticate with non-domain member devices, IPsec supports using standards-based cryptographic certificates. Because this authentication method is also supported by many third-party operating systems, it can be used as a way to extend your isolated domain to devices that do not run Windows.
 
-The same principles of the domain and server isolation designs apply to this design. Only computers that can authenticate (in this case, by providing a specified certificate) can communicate with the computers in your isolated domain.
+The same principles of the domain and server isolation designs apply to this design. Only devices that can authenticate (in this case, by providing a specified certificate) can communicate with the devices in your isolated domain.
 
-For computers that run Windows and that are part of an Active Directory domain, you can use Group Policy to deploy the certificates required to communicate with the computers that are trusted but are not part of the Active Directory domain. For other computers, you will have to either manually configure them with the required certificates, or use a third-party program to distribute the certificates in a secure manner.
+For Windows devices that are part of an Active Directory domain, you can use Group Policy to deploy the certificates required to communicate with the devices that are trusted but are not part of the Active Directory domain. For other devices, you will have to either manually configure them with the required certificates, or use a third-party program to distribute the certificates in a secure manner.
 
-For more information about this design:
+For more info about this design:
 
--   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 -   To learn more about this design, see [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md).
 
@@ -28,15 +35,6 @@ For more information about this design:
 
 -   To help you make the decisions required in this design, see [Planning Certificate-based Authentication](planning-certificate-based-authentication.md).
 
--   For a list of tasks that you can use to deploy your certificate-based policy design, see "Checklist: Implementing a Certificate-based Isolation Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=98308) at http://go.microsoft.com/fwlink/?linkid=98308.
+-   For a list of tasks that you can use to deploy your certificate-based policy design, see [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md).
 
 **Next: **[Evaluating Windows Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
index 6e3d38e38b..144252b206 100644
--- a/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
+++ b/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -2,17 +2,24 @@
 title: Designing a Windows Firewall with Advanced Security Strategy (Windows 10)
 description: Designing a Windows Firewall with Advanced Security Strategy
 ms.assetid: 6d98b184-33d6-43a5-9418-4f24905cfd71
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Designing a Windows Firewall with Advanced Security Strategy
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. You must have a good understanding of what tasks the computers on the network perform, and how they use the network to accomplish those tasks. You must understand the network traffic generated by the programs running on the computers.
+To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. You must have a good understanding of what tasks the devices on the network perform, and how they use the network to accomplish those tasks. You must understand the network traffic generated by the programs running on the devices.
 
 -   [Gathering the Information You Need](gathering-the-information-you-need.md)
 
--   [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-computers.md)
+-   [Determining the Trusted State of Your Devices](determining-the-trusted-state-of-your-devices.md)
 
 The information that you gather will help you answer the following questions. The answers will help you understand your security requirements and select the design that best matches those requirements. The information will also help you when it comes time to deploy your design, by helping you to build a deployment strategy that is cost effective and resource efficient. It will help you project and justify the expected costs associated with implementing the design.
 
@@ -20,41 +27,21 @@ The information that you gather will help you answer the following questions. Th
 
 -   What traffic must always be blocked? Does your organization have policies that prohibit the use of specific programs? If so, what are the characteristics of the network traffic generated and consumed by the prohibited programs?
 
--   What traffic on the network cannot be protected by IPsec because the computers or devices sending or receiving the traffic do not support IPsec?
+-   What traffic on the network cannot be protected by IPsec because the devices or devices sending or receiving the traffic do not support IPsec?
 
 -   For each type of network traffic, does the default configuration of the firewall (block all unsolicited inbound network traffic, allow all outbound traffic) allow or block the traffic as required?
 
--   Do you have an Active Directory domain (or forest of trusted domains) to which all your computers are joined? If you do not, then you cannot use Group Policy for easy mass deployment of your firewall and connection security rules. You also cannot easily take advantage of Kerberos V5 authentication that all domain clients can use.
+-   Do you have an Active Directory domain (or forest of trusted domains) to which all your devices are joined? If you do not, then you cannot use Group Policy for easy mass deployment of your firewall and connection security rules. You also cannot easily take advantage of Kerberos V5 authentication that all domain clients can use.
 
--   Which computers must be able to accept unsolicited inbound connections from computers that are not part of the domain?
+-   Which devices must be able to accept unsolicited inbound connections from devices that are not part of the domain?
 
--   Which computers contain data that must be encrypted when exchanged with another computer?
+-   Which devices contain data that must be encrypted when exchanged with another computer?
 
--   Which computers contain sensitive data to which access must be restricted to specifically authorized users and computers?
+-   Which devices contain sensitive data to which access must be restricted to specifically authorized users and devices?
 
--   Does your organization have specific network troubleshooting devices or computers (such as protocol analyzers) that must be granted unlimited access to the computers on the network, essentially bypassing the firewall?
-
-## If you already have firewall or IPsec rules deployed
+-   Does your organization have specific network troubleshooting devices or devices (such as protocol analyzers) that must be granted unlimited access to the devices on the network, essentially bypassing the firewall?
 
 
-Windows Firewall with Advanced Security in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 has many new capabilities that are not available in earlier versions of Windows.
-
-If you already have a domain and/or server isolation deployment in your organization then you can continue to use your existing GPOs and apply them to computers running Windows 8 and Windows Server 2012.
-
-**Note**  
-Computers running Windows XP and Windows Server 2003 will not be able to participate in this domain and/or server isolation deployment plan.
-
- 
-
-This guide describes how to plan your groups and GPOs for an environment with a mix of operating systems, starting with Windows Vista and Windows Server 2008. Windows XP and Windows Server 2003 are not discussed in this guide. Details can be found in the section [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) later in this guide.
+This guide describes how to plan your groups and GPOs for an environment with a mix of operating systems. Details can be found in the section [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) later in this guide.
 
 **Next: **[Gathering the Information You Need](gathering-the-information-you-need.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/domain-isolation-policy-design-example.md b/windows/keep-secure/domain-isolation-policy-design-example.md
index 3e58a40369..2bfcf9cbc8 100644
--- a/windows/keep-secure/domain-isolation-policy-design-example.md
+++ b/windows/keep-secure/domain-isolation-policy-design-example.md
@@ -2,30 +2,36 @@
 title: Domain Isolation Policy Design Example (Windows 10)
 description: Domain Isolation Policy Design Example
 ms.assetid: 704dcf58-286f-41aa-80af-c81720aa7fc5
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Domain Isolation Policy Design Example
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This design example continues to use the fictitious company Woodgrove Bank, and builds on the example described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section. See that example for an explanation of the basic corporate network infrastructure at Woodgrove Bank with diagrams.
 
 ## Design Requirements
 
-
-In addition to the basic protection provided by the firewall rules in the previous design example, the administrators of the network want to implement domain isolation to provide another layer of security to their networked computers. They want to create firewall and connection security rules that use authentication to reduce the risk of communicating with untrusted and potentially hostile computers.
+In addition to the basic protection provided by the firewall rules in the previous design example, you might want to implement domain isolation to provide another layer of security to their networked devices. You can create firewall and connection security rules that use authentication to reduce the risk of communicating with untrusted and potentially hostile devices.
 
 The following illustration shows the traffic protection needed for this design example.
 
 ![domain isolation policy design](images/wfas-design2example1.gif)
 
-1.  All computers on the Woodgrove Bank corporate network that are Active Directory domain members must authenticate inbound network traffic as coming from another computer that is a member of the domain. Unless otherwise specified in this section, Woodgrove Bank's computers reject all unsolicited inbound network traffic that is not authenticated. If the basic firewall design is also implemented, even authenticated inbound network traffic is dropped unless it matches an inbound firewall rule.
+1.  All devices on the Woodgrove Bank corporate network that are Active Directory domain members must authenticate inbound network traffic as coming from another computer that is a member of the domain. Unless otherwise specified in this section, Woodgrove Bank's devices reject all unsolicited inbound network traffic that is not authenticated. If the basic firewall design is also implemented, even authenticated inbound network traffic is dropped unless it matches an inbound firewall rule.
 
-2.  The servers hosting the WGPartner programs must be able to receive unsolicited inbound traffic from computers owned by its partners, which are not members of Woodgrove Bank's domain.
+2.  The servers hosting the WGPartner programs must be able to receive unsolicited inbound traffic from devices owned by its partners, which are not members of Woodgrove Bank's domain.
 
-3.  Client computers can initiate non-authenticated outbound communications with computers that are not members of the domain, such as browsing external Web sites. Unsolicited inbound traffic from non-domain members is blocked.
+3.  Client devices can initiate non-authenticated outbound communications with devices that are not members of the domain, such as browsing external Web sites. Unsolicited inbound traffic from non-domain members is blocked.
 
-4.  Computers in the encryption zone require that all network traffic inbound and outbound must be encrypted, in addition to the authentication already required by the isolated domain.
+4.  Devices in the encryption zone require that all network traffic inbound and outbound must be encrypted, in addition to the authentication already required by the isolated domain.
 
 **Other traffic notes:**
 
@@ -33,33 +39,20 @@ The following illustration shows the traffic protection needed for this design e
 
 ## Design Details
 
-
-Woodgrove Bank uses Active Directory groups and GPOs to deploy the domain isolation settings and rules to the computers on its network.
+Woodgrove Bank uses Active Directory groups and GPOs to deploy the domain isolation settings and rules to the devices on its network.
 
 Setting up groups as described here ensures that you do not have to know what operating system a computer is running before assigning it to a group. As in the firewall policy design, a combination of WMI filters and security group filters are used to ensure that members of the group receive the GPO appropriate for the version of Windows running on that computer. For some groups, you might have four or even five GPOs.
 
-The following groups were created by using the Active Directory Users and Computers MMC snap-in, all computers that run Windows were added to the correct groups, and then the appropriate GPO are applied to the group. To include a computer in the isolated domain or any one of its subordinate zones, simply add the computer's account in the appropriate group.
+The following groups were created by using the Active Directory Users and Computers MMC snap-in, all devices that run Windows were added to the correct groups, and then the appropriate GPO are applied to the group. To include a device in the isolated domain or any one of its subordinate zones, simply add the device's account in the appropriate group.
 
--   **CG\_DOMISO\_ISOLATEDDOMAIN**. The members of this group participate in the isolated domain. After an initial pilot period, followed by a slowly increasing group membership, the membership of this group was eventually replaced with the entry **Domain Computers** to ensure that all computers in the domain participate by default. The WMI filters ensure that the GPO does not apply to domain controllers. GPOs with connection security rules to enforce domain isolation behavior are linked to the domain container and applied to the computers in this group. Filters ensure that each computer receives the correct GPO for its operating system type. The rules in the domain isolation GPO require Kerberos v5 authentication for inbound network connections, and request (but not require) it for all outbound connections.
+-   **CG\_DOMISO\_ISOLATEDDOMAIN**. The members of this group participate in the isolated domain. After an initial pilot period, followed by a slowly increasing group membership, the membership of this group was eventually replaced with the entry **Domain Computers** to ensure that all devices in the domain participate by default. The WMI filters ensure that the GPO does not apply to domain controllers. GPOs with connection security rules to enforce domain isolation behavior are linked to the domain container and applied to the devices in this group. Filters ensure that each computer receives the correct GPO for its operating system type. The rules in the domain isolation GPO require Kerberos v5 authentication for inbound network connections, and request (but not require) it for all outbound connections.
 
 -   **CG\_DOMISO\_NO\_IPSEC**. This group is denied read or apply permissions on any of the domain isolation GPOs. Any computer that cannot participate in domain isolation, such as a DHCP server running UNIX, is added to this group.
 
--   **CG\_DOMISO\_BOUNDARY**. This group contains the computer accounts for all the computers that are part of the boundary group able to receive unsolicited inbound traffic from untrusted computers. Members of the group receive a GPO that configures connection security rules to request (but not require) both inbound and outbound authentication.
+-   **CG\_DOMISO\_BOUNDARY**. This group contains the computer accounts for all the devices that are part of the boundary group able to receive unsolicited inbound traffic from untrusted devices. Members of the group receive a GPO that configures connection security rules to request (but not require) both inbound and outbound authentication.
 
--   **CG\_DOMISO\_ENCRYPTION**. This group contains the computer accounts for all the computers that require all inbound and outbound traffic to be both authenticated and encrypted. Members of the group receive a GPO that configures connection security and firewall rules to require both authentication and encryption on all inbound and outbound traffic.
+-   **CG\_DOMISO\_ENCRYPTION**. This group contains the computer accounts for all the devices that require all inbound and outbound traffic to be both authenticated and encrypted. Members of the group receive a GPO that configures connection security and firewall rules to require both authentication and encryption on all inbound and outbound traffic.
 
-**Note**  
-If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. However, computers that are running older versions of Windows can only support a single IPsec policy being active at a time. The policies for each GPO must be complete (and to a great extent redundant with each other), because you cannot layer them as you can in the newer versions of Windows. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any computers that are incorrectly assigned to more than one group.
-
- 
+>**Note:**  If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. However, devices that are running older versions of Windows can only support a single IPsec policy being active at a time. The policies for each GPO must be complete (and to a great extent redundant with each other), because you cannot layer them as you can in the newer versions of Windows. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any devices that are incorrectly assigned to more than one group.
 
 **Next: **[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/domain-isolation-policy-design.md b/windows/keep-secure/domain-isolation-policy-design.md
index 4300787f6c..da2564242b 100644
--- a/windows/keep-secure/domain-isolation-policy-design.md
+++ b/windows/keep-secure/domain-isolation-policy-design.md
@@ -2,19 +2,26 @@
 title: Domain Isolation Policy Design (Windows 10)
 description: Domain Isolation Policy Design
 ms.assetid: 7475084e-f231-473a-9357-5e1d39861d66
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Domain Isolation Policy Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-In the domain isolation policy design, you configure the computers on your network to accept only connections coming from computers that are authenticated as members of the same isolated domain.
+In the domain isolation policy design, you configure the devices on your network to accept only connections coming from devices that are authenticated as members of the same isolated domain.
 
-This design typically begins with a network configured as described in the [Basic Firewall Policy Design](basic-firewall-policy-design.md) section. For this design, you then add connection security and IPsec rules to configure computers in the isolated domain to accept only network traffic from other computers that can authenticate as a member of the isolated domain. After implementing the new rules, your computers reject unsolicited network traffic from computers that are not members of the isolated domain.
+This design typically begins with a network configured as described in the [Basic Firewall Policy Design](basic-firewall-policy-design.md) section. For this design, you then add connection security and IPsec rules to configure devices in the isolated domain to accept only network traffic from other devices that can authenticate as a member of the isolated domain. After implementing the new rules, your devices reject unsolicited network traffic from devices that are not members of the isolated domain.
 
 The isolated domain might not be a single Active Directory domain. It can consist of all the domains in a forest, or domains in separate forests that have two-way trust relationships configured between them.
 
-By using connection security rules based on IPsec, you provide a logical barrier between computers even if they are connected to the same physical network segment.
+By using connection security rules based on IPsec, you provide a logical barrier between devices even if they are connected to the same physical network segment.
 
 The design is shown in the following illustration, with the arrows that show the permitted communication paths.
 
@@ -22,48 +29,36 @@ The design is shown in the following illustration, with the arrows that show the
 
 Characteristics of this design, as shown in the diagram, include the following:
 
--   Isolated domain (area A) - Computers in the isolated domain receive unsolicited inbound traffic only from other members of the isolated domain or from computers referenced in authentication exemption rules. Computers in the isolated domain can send traffic to any computer. This includes unauthenticated traffic to computers that are not in the isolated domain. Computers that cannot join an Active Directory domain, but that can use certificates for authentication, can be part of the isolated domain. For more information, see the [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md).
+-   Isolated domain (area A) - Devices in the isolated domain receive unsolicited inbound traffic only from other members of the isolated domain or from devices referenced in authentication exemption rules. Devices in the isolated domain can send traffic to any device. This includes unauthenticated traffic to devices that are not in the isolated domain. Devices that cannot join an Active Directory domain, but that can use certificates for authentication, can be part of the isolated domain. For more info, see the [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md).
 
--   Boundary zone (area B) - Computers in the boundary zone are part of the isolated domain but are allowed to accept inbound connections from untrusted computers, such as clients on the Internet.
+-   Boundary zone (area B) - Devices in the boundary zone are part of the isolated domain but are allowed to accept inbound connections from untrusted devices, such as clients on the Internet.
 
-    Computers in the boundary zone request but do not require authentication to communicate. When a member of the isolated domain communicates with a boundary zone member the traffic is authenticated. When a computer that is not part of the isolated domain communicates with a boundary zone member the traffic is not authenticated.
+    Devices in the boundary zone request but do not require authentication to communicate. When a member of the isolated domain communicates with a boundary zone member the traffic is authenticated. When a device that is not part of the isolated domain communicates with a boundary zone member the traffic is not authenticated.
 
-    Because boundary zone computers are exposed to network traffic from untrusted and potentially hostile computers, they must be carefully managed and secured. Put only the computers that must be accessed by external computers in this zone. Use firewall rules to ensure that network traffic is accepted only for services that you want exposed to non-domain member computers.
+    Because boundary zone devices are exposed to network traffic from untrusted and potentially hostile devices, they must be carefully managed and secured. Put only the devices that must be accessed by external devices in this zone. Use firewall rules to ensure that network traffic is accepted only for services that you want exposed to non-domain member devices.
 
--   Trusted non-domain members (area C) - Computers on the network that are not domain members or that cannot use IPsec authentication are allowed to communicate by configuring authentication exemption rules. These rules enable computers in the isolated domain to accept inbound connections from these trusted non-domain member computers.
+-   Trusted non-domain members (area C) - Devices on the network that are not domain members or that cannot use IPsec authentication are allowed to communicate by configuring authentication exemption rules. These rules enable devices in the isolated domain to accept inbound connections from these trusted non-domain member devices.
 
--   Untrusted non-domain members (area D) - Computers that are not managed by your organization and have an unknown security configuration must have access only to those computers required for your organization to correctly conduct its business. Domain isolation exists to put a logical barrier between these untrusted computers and your organization's computers.
+-   Untrusted non-domain members (area D) - Devices that are not managed by your organization and have an unknown security configuration must have access only to those devices required for your organization to correctly conduct its business. Domain isolation exists to put a logical barrier between these untrusted Devices and your organization's devices.
 
-After implementing this design, your administrative team will have centralized management of the firewall and connection security rules applied to the computers that are running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista in your organization.
+After implementing this design, your administrative team will have centralized management of the firewall and connection security rules applied to the devices in your organization.
 
-**Important**  
-This design builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
+>**Important:**  This design builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md), and in turn serves as the foundation for the [Server Isolation Policy Design](server-isolation-policy-design.md). If you plan to deploy all three, we recommend that you do the design work for all three together, and then deploy in the sequence presented.
 
- 
+This design can be applied to Devices that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
 
-This design can be applied to computers that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
+In order to expand the isolated domain to include Devices that cannot be part of an Active Directory domain, see the [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md).
 
-In order to expand the isolated domain to include computers that cannot be part of an Active Directory domain, see the [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md).
+For more info about this design:
 
-For more information about this design:
-
--   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), and optionally [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 -   To learn more about this design, see the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md).
 
--   Before completing the design, gather the information described in [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md).
+-   Before completing the design, gather the info described in [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md).
 
 -   To help you make the decisions required in this design, see [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) and [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md).
 
--   For a list of tasks that you can use to deploy your domain isolation policy design, see "Checklist: Implementing a Domain Isolation Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=xxxxx) at http://go.microsoft.com/fwlink/?linkid=xxxxx.
+-   For a list of tasks that you can use to deploy your domain isolation policy design, see [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md).
 
 **Next:** [Server Isolation Policy Design](server-isolation-policy-design.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
index 139c0affde..35a8444e6e 100644
--- a/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
+++ b/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
@@ -2,13 +2,20 @@
 title: Evaluating Windows Firewall with Advanced Security Design Examples (Windows 10)
 description: Evaluating Windows Firewall with Advanced Security Design Examples
 ms.assetid: a591389b-18fa-4a39-ba07-b6fb61961cbd
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Evaluating Windows Firewall with Advanced Security Design Examples
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-The following Windows Firewall with Advanced Security design examples illustrate how you can use Windows Firewall with Advanced Security to improve the security of the computers connected to the network. You can use these topics to evaluate how the firewall and connection security rules work across all Windows Firewall with Advanced Security designs and to determine which design or combination of designs best suits the goals of your organization.
+The following Windows Firewall with Advanced Security design examples illustrate how you can use Windows Firewall with Advanced Security to improve the security of the devices connected to the network. You can use these topics to evaluate how the firewall and connection security rules work across all Windows Firewall with Advanced Security designs and to determine which design or combination of designs best suits the goals of your organization.
 
 -   [Firewall Policy Design Example](firewall-policy-design-example.md)
 
@@ -18,11 +25,3 @@ The following Windows Firewall with Advanced Security design examples illustrate
 
 -   [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)
 
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/firewall-policy-design-example.md b/windows/keep-secure/firewall-policy-design-example.md
index 07adcdb285..41310314aa 100644
--- a/windows/keep-secure/firewall-policy-design-example.md
+++ b/windows/keep-secure/firewall-policy-design-example.md
@@ -2,23 +2,29 @@
 title: Firewall Policy Design Example (Windows 10)
 description: Firewall Policy Design Example
 ms.assetid: 0dc3bcfe-7a4d-4a15-93a9-64b13bd775a7
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Firewall Policy Design Example
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 In this example, the fictitious company Woodgrove Bank is a financial services institution.
 
-Woodgrove Bank has an Active Directory domain that provides Group Policy-based management for all their Windows-based computers. The Active Directory domain controllers also host Domain Name System (DNS) for host name resolution. Separate computers host Windows Internet Name Service (WINS) for network basic input/output system (NetBIOS) name resolution. A set of computers that are running UNIX provide the Dynamic Host Configuration Protocol (DHCP) services for automatic IP addressing.
+Woodgrove Bank has an Active Directory domain that provides Group Policy-based management for all their Windows devices. The Active Directory domain controllers also host Domain Name System (DNS) for host name resolution. Separate devices host Windows Internet Name Service (WINS) for network basic input/output system (NetBIOS) name resolution. A set of devices that are running UNIX provide the Dynamic Host Configuration Protocol (DHCP) services for automatic IP addressing.
 
-Woodgrove Bank is in the process of migrating their computers from Windows Vista and Windows Server 2008 to Windows 8 and Windows Server 2012. A significant number of the computers at Woodgrove Bank continue to run Windows Vista and Windows Server 2008. Interoperability between the previous and newer operating systems must be maintained. Wherever possible, security features applied to the newer operating systems must also be applied to the previous operating systems.
+Woodgrove Bank is in the process of migrating their devices from Windows Vista and Windows Server 2008 to Windows 10 and Windows Server 2016 Technical Preview. A significant number of the devices at Woodgrove Bank continue to run Windows Vista and Windows Server 2008. Interoperability between the previous and newer operating systems must be maintained. Wherever possible, security features applied to the newer operating systems must also be applied to the previous operating systems.
 
-A key line-of-business program called WGBank consists of a client program running on most of the desktop computers in the organization. This program accesses several front-end server computers that run the server-side part of WGBank. These front-end servers only do the processing — they do not store the data. The data is stored in several back-end database computers that are running Microsoft SQL Server.
+A key line-of-business program called WGBank consists of a client program running on most of the desktop devices in the organization. This program accesses several front-end server devices that run the server-side part of WGBank. These front-end servers only do the processing — they do not store the data. The data is stored in several back-end database devices that are running Microsoft SQL Server.
 
 ## Design requirements
 
-
 The network administrators want to implement Windows Firewall with Advanced Security throughout their organization to provide an additional security layer to their overall security strategy. They want to create firewall rules that allow their business programs to operate, while blocking network traffic that is not wanted.
 
 The following illustration shows the traffic protection needs for this design example.
@@ -27,38 +33,38 @@ The following illustration shows the traffic protection needs for this design ex
 
 1.  The network infrastructure servers that are running services, such as Active Directory, DNS, DHCP, or WINS, can receive unsolicited inbound requests from network clients. The network clients can receive the responses from the infrastructure servers.
 
-2.  The WGBank front-end servers can receive unsolicited inbound traffic from the client computers and the WGBank partner servers. The WGBank client computers and partner servers can receive the response.
+2.  The WGBank front-end servers can receive unsolicited inbound traffic from the client devices and the WGBank partner servers. The WGBank client devices and partner servers can receive the response.
 
-3.  The WGBank front-end servers can send updated information to the client computers to support real-time display. The clients do not poll for this unsolicited traffic, but must be able to receive it.
+3.  The WGBank front-end servers can send updated information to the client devices to support real-time display. The clients do not poll for this unsolicited traffic, but must be able to receive it.
 
 4.  The WGBank back-end servers can receive SQL query requests from the WGBank front-end servers. The WGBank front-end servers can receive the corresponding responses.
 
-5.  There is no direct communications between the client computers and the WGBank back-end computers.
+5.  There is no direct communications between the client devices and the WGBank back-end devices.
 
-6.  There is no unsolicited traffic from the WGBank back-end computers to the WGBank front-end servers.
+6.  There is no unsolicited traffic from the WGBank back-end devices to the WGBank front-end servers.
 
 7.  Company policy prohibits the use of peer-to-peer file transfer software. A recent review by the IT staff found that although the perimeter firewall does prevent most of the programs in this category from working, two programs are being used by staff members that do not require an outside server. Firewall rules must block the network traffic created by these programs.
 
-8.  The WGBank partner servers can receive inbound requests from partner computers through the Internet.
+8.  The WGBank partner servers can receive inbound requests from partner devices through the Internet.
 
 Other traffic notes:
 
--   Computers are not to receive any unsolicited traffic from any computer other than specifically allowed above.
+-   Devices are not to receive any unsolicited traffic from any computer other than specifically allowed above.
 
--   Other outbound network traffic from the client computers not specifically identified in this example is permitted.
+-   Other outbound network traffic from the client devices not specifically identified in this example is permitted.
 
 ## Design details
 
 
-Woodgrove Bank uses Active Directory groups and Group Policy Objects to deploy the firewall settings and rules to the computers on their network. They know that they must deploy policies to the following collections of computers:
+Woodgrove Bank uses Active Directory groups and Group Policy Objects to deploy the firewall settings and rules to the devices on their network. They know that they must deploy policies to the following collections of devices:
 
--   Client computers that run Windows 8, Windows 7, or Windows Vista
+-   Client devices that run Windows 10, Windows 8, or Windows 7
 
--   WGBank front-end servers that run Windows Server 2012 or Windows Server 2008 R2 (there are none in place yet, but their solution must support adding them)
+-   WGBank front-end servers that run Windows Server 2016 Technical Preview, Windows Server 2012 R2, Windows Server 2012 or Windows Server 2008 R2 (there are none in place yet, but their solution must support adding them)
 
 -   WGBank partner servers that run Windows Server 2008
 
--   WGBank back-end SQL Server computers that run Windows Server 2008 (there are none in place yet, but their solution must support adding them)
+-   WGBank back-end SQL Server devices that run Windows Server 2008 (there are none in place yet, but their solution must support adding them)
 
 -   Infrastructure servers that run Windows Server 2008
 
@@ -66,43 +72,35 @@ Woodgrove Bank uses Active Directory groups and Group Policy Objects to deploy t
 
 -   DHCP servers that run the UNIX operating system
 
-After evaluating these sets of computers, and comparing them to the Active Directory organizational unit (OU) structure, Woodgrove Bank network administrators determined that there was not a good one-to-one match between the OUs and the sets. Therefore the firewall GPOs will not be linked directly to OUs that hold the relevant computers. Instead, the GPOs are linked to the domain container in Active Directory, and then WMI and group filters are attached to the GPO to ensure that it is applied to the correct computers.
+After evaluating these sets of devices, and comparing them to the Active Directory organizational unit (OU) structure, Woodgrove Bank network administrators determined that there was not a good one-to-one match between the OUs and the sets. Therefore the firewall GPOs will not be linked directly to OUs that hold the relevant devices. Instead, the GPOs are linked to the domain container in Active Directory, and then WMI and group filters are attached to the GPO to ensure that it is applied to the correct devices.
 
 Setting up groups as described here ensures that you do not have to know what operating system a computer is running before assigning it to a group. A combination of WMI filters and security group filters are used to ensure that members of the group receive the GPO appropriate for the version of Windows running on that computer. For some groups, you might have four or even five GPOs.
 
-The following groups were created by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, and all computers that run Windows were added to the correct groups:
+The following groups were created by using the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in, and all devices that run Windows were added to the correct groups:
 
--   **CG\_FIREWALL\_ALLCOMPUTERS**. Add the predefined and system managed **Domain computers** group as a member of this group. All members of the FIREWALL\_ALLCOMPUTERS group receive an operating system-specific GPO with the common firewall rules applied to all computers.
+-   **CG\_FIREWALL\_ALLCOMPUTERS**. Add the predefined and system managed **Domain computers** group as a member of this group. All members of the FIREWALL\_ALLCOMPUTERS group receive an operating system-specific GPO with the common firewall rules applied to all devices.
 
-    The two computer types (client and server) are distinguished by using a WMI filters to ensure that only the policy intended for computers that are running a client version of Windows can be applied to that computer. A similar WMI filter on the server GPO ensures that only computers that are running server versions of Windows can apply that GPO. Each of the GPOs also have security group filters to prevent members of the group FIREWALL\_NO\_DEFAULT from receiving either of these two GPOs.
+    The two device types (client and server) are distinguished by using a WMI filters to ensure that only the policy intended for devices that are running a client version of Windows can be applied to that computer. A similar WMI filter on the server GPO ensures that only devices that are running server versions of Windows can apply that GPO. Each of the GPOs also have security group filters to prevent members of the group FIREWALL\_NO\_DEFAULT from receiving either of these two GPOs.
 
-    -   Client computers receive a GPO that configures Windows Firewall with Advanced Security to enforce the default Windows Firewall behavior (allow outbound, block unsolicited inbound). The client default GPO also includes the built-in firewall rule groups Core Networking and File and Printer Sharing. The Core Networking group is enabled for all profiles, whereas the File and Printer Sharing group is enabled for only the Domain and Private profiles. The GPO also includes inbound firewall rules to allow the WGBank front-end server dashboard update traffic, and rules to prevent company-prohibited programs from sending or receiving network traffic, both inbound and outbound.
+    -   Client devices receive a GPO that configures Windows Firewall with Advanced Security to enforce the default Windows Firewall behavior (allow outbound, block unsolicited inbound). The client default GPO also includes the built-in firewall rule groups Core Networking and File and Printer Sharing. The Core Networking group is enabled for all profiles, whereas the File and Printer Sharing group is enabled for only the Domain and Private profiles. The GPO also includes inbound firewall rules to allow the WGBank front-end server dashboard update traffic, and rules to prevent company-prohibited programs from sending or receiving network traffic, both inbound and outbound.
 
-    -   Server computers receive a GPO that includes similar firewall configuration to the client computer GPO. The primary difference is that the rules are enabled for all profiles (not just domain and private). Also, the rules for WGBank dashboard update are not included, because it is not needed on server computers.
+    -   Server devices receive a GPO that includes similar firewall configuration to the client computer GPO. The primary difference is that the rules are enabled for all profiles (not just domain and private). Also, the rules for WGBank dashboard update are not included, because it is not needed on server devices.
 
-    All rules are scoped to allow network traffic only from computers on Woodgrove Bank's corporate network.
+    All rules are scoped to allow network traffic only from devices on Woodgrove Bank's corporate network.
 
--   **CG\_FIREWALL\_NO\_DEFAULT**. Members of this group do not receive the default firewall GPO. Computers are added to this group if there is a business requirement for it to be exempted from the default firewall behavior. The use of a group to represent the exceptions instead of the group members directly makes it easier to support the dynamic nature of the client computer population. A new computer joined to the domain is automatically given the appropriate default firewall GPO, unless it is a member of this group.
+-   **CG\_FIREWALL\_NO\_DEFAULT**. Members of this group do not receive the default firewall GPO. Devices are added to this group if there is a business requirement for it to be exempted from the default firewall behavior. The use of a group to represent the exceptions instead of the group members directly makes it easier to support the dynamic nature of the client computer population. A new computer joined to the domain is automatically given the appropriate default firewall GPO, unless it is a member of this group.
 
--   **CG\_FIREWALL\_WGB\_FE**. This group contains the computer accounts for all the WGBank front-end server computers. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with inbound firewall rules to allow unsolicited WGBank client traffic. Computers in this group also receive the default firewall GPO.
+-   **CG\_FIREWALL\_WGB\_FE**. This group contains the computer accounts for all the WGBank front-end server devices. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with inbound firewall rules to allow unsolicited WGBank client traffic. Devices in this group also receive the default firewall GPO.
 
--   **CG\_FIREWALL\_WGB\_SQL**. This group contains the computer accounts for all the WGBank back-end computers that run SQL Server. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with inbound firewall rules to allow the SQL Server program to receive unsolicited queries only from the WGBank front-end servers. Computers in this group also receive the default firewall GPO.
+-   **CG\_FIREWALL\_WGB\_SQL**. This group contains the computer accounts for all the WGBank back-end devices that run SQL Server. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with inbound firewall rules to allow the SQL Server program to receive unsolicited queries only from the WGBank front-end servers. Devices in this group also receive the default firewall GPO.
 
--   **CG\_FIREWALL\_BOUNDARY\_WGBANKFE**. This group contains the computer accounts for the servers that host Web services that can be accessed from the Internet. Members of this group receive a GPO that adds an inbound firewall rule to allow inbound HTTP and HTTPS network traffic from any address, including the Internet. Computers in this group also receive the default firewall GPO.
+-   **CG\_FIREWALL\_BOUNDARY\_WGBANKFE**. This group contains the computer accounts for the servers that host Web services that can be accessed from the Internet. Members of this group receive a GPO that adds an inbound firewall rule to allow inbound HTTP and HTTPS network traffic from any address, including the Internet. Devices in this group also receive the default firewall GPO.
 
--   **CG\_FIREWALL\_WINS**. This group contains the computer accounts for all the WINS server computers. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with an inbound firewall rule to allow unsolicited inbound requests from WINS clients. Computers in this group also receive the default firewall GPO.
+-   **CG\_FIREWALL\_WINS**. This group contains the computer accounts for all the WINS server devices. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with an inbound firewall rule to allow unsolicited inbound requests from WINS clients. Devices in this group also receive the default firewall GPO.
 
--   **CG\_FIREWALL\_ADDC**. This group contains all the computer accounts for the Active Directory domain controller server computers. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with inbound firewall rules to allow unsolicited Active Directory client and server-to-server traffic. Computers in this group also receive the default firewall GPO.
+-   **CG\_FIREWALL\_ADDC**. This group contains all the computer accounts for the Active Directory domain controller server devices. Members of this group receive a GPO that configures Windows Firewall with Advanced Security with inbound firewall rules to allow unsolicited Active Directory client and server-to-server traffic. Devices in this group also receive the default firewall GPO.
 
-In your own design, create a group for each computer role in your organization that requires different or additional firewall rules. For example, file servers and print servers require additional rules to allow the incoming network traffic for those functions. If a function is ordinarily performed on most computers on the network, you might consider adding computers performing those roles to the common default firewall GPO set, unless there is a security reason not to include it there.
+In your own design, create a group for each computer role in your organization that requires different or additional firewall rules. For example, file servers and print servers require additional rules to allow the incoming network traffic for those functions. If a function is ordinarily performed on most devices on the network, you might consider adding devices performing those roles to the common default firewall GPO set, unless there is a security reason not to include it there.
 
 **Next: **[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)
 
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md b/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
index de3c494963..33727fc9f4 100644
--- a/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
@@ -2,33 +2,31 @@
 title: Gathering Information about Your Active Directory Deployment (Windows 10)
 description: Gathering Information about Your Active Directory Deployment
 ms.assetid: b591b85b-12ac-4329-a47e-bc1b03e66eb0
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Gathering Information about Your Active Directory Deployment
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Active Directory is another important item about which you must gather information. You must understand the forest structure. This includes domain layout, organizational unit (OU) architecture, and site topology. This information makes it possible to know where computers are currently placed, their configuration, and the impact of changes to Active Directory that result from implementing Windows Firewall with Advanced Security. Review the following list for information needed:
+Active Directory is another important item about which you must gather information. You must understand the forest structure. This includes domain layout, organizational unit (OU) architecture, and site topology. This information makes it possible to know where devices are currently placed, their configuration, and the impact of changes to Active Directory that result from implementing Windows Firewall with Advanced Security. Review the following list for information needed:
 
--   **Names and number of forests**. The forest (not the domain) is the security boundary in an Active Directory implementation. You must understand the current Active Directory architecture to determine the most effective strategy for deploying your firewall and connection security rules using Group Policy. It also enables you to understand which computers can be isolated and how best to accomplish the required degree of isolation.
+-   **Names and number of forests**. The forest (not the domain) is the security boundary in an Active Directory implementation. You must understand the current Active Directory architecture to determine the most effective strategy for deploying your firewall and connection security rules using Group Policy. It also enables you to understand which devices can be isolated and how best to accomplish the required degree of isolation.
 
--   **Names and number of domains**. Authentication in server and domain isolation uses the IKE negotiation process with the Kerberos V5 protocol. This protocol assumes that computers are domain members.
+-   **Names and number of domains**. Authentication in server and domain isolation uses the IKE negotiation process with the Kerberos V5 protocol. This protocol assumes that devices are domain members.
 
--   **Number and types of trusts**. Trusts affect the logical boundaries of domain isolation and define whether IKE negotiation can occur between computers in different Active Directory domains.
+-   **Number and types of trusts**. Trusts affect the logical boundaries of domain isolation and define whether IKE negotiation can occur between devices in different Active Directory domains.
 
 -   **Names and number of sites**. Site architecture is usually aligned with the network topology. Understanding how sites are defined in Active Directory will help provide insight into replication and other details. Site architecture can provide a better understanding of the current Active Directory deployment.
 
--   **OU structure**. OUs are logical constructs and can therefore be molded to fit many different requirements and goals. The OU structure is an ideal place to examine how Group Policy is currently used and how the OUs are laid out. You do not have to redesign an already implemented OU structure in order to effectively deploy firewall and connection security policy, but an understanding of the structure helps you know what WMI or group filtering is required to apply each GPO to the correct computers.
-
--   **Existing IPsec policy**. Because this project culminates in the implementation of IPsec policy, you must understand how the network currently uses IPsec (if at all). Windows Firewall with Advanced Security connection security rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are not compatible with earlier versions of Windows. If you already have IPsec policies deployed to computers running Windows XP and Windows Server 2003 in your organization, you must ensure that the new IPsec policies you deploy enable computers using either the old or new IPsec policies to communicate with each other.
-
-**Next: **[Gathering Information about Your Computers](gathering-information-about-your-computers.md)
-
- 
-
- 
-
-
-
+-   **OU structure**. OUs are logical constructs and can therefore be molded to fit many different requirements and goals. The OU structure is an ideal place to examine how Group Policy is currently used and how the OUs are laid out. You do not have to redesign an already implemented OU structure in order to effectively deploy firewall and connection security policy, but an understanding of the structure helps you know what WMI or group filtering is required to apply each GPO to the correct devices.
 
+-   **Existing IPsec policy**. Because this project culminates in the implementation of IPsec policy, you must understand how the network currently uses IPsec (if at all). Windows Firewall with Advanced Security connection security rules for versions of Windows prior to Windows Vista and Windows Server 2008 are not compatible with earlier versions of Windows. If you already have IPsec policies deployed to devices running Windows XP and Windows Server 2003 in your organization, you must ensure that the new IPsec policies you deploy enable devices using either the old or new IPsec policies to communicate with each other.
 
+**Next: **[Gathering Information about Your Devices](gathering-information-about-your-devices.md)
diff --git a/windows/keep-secure/gathering-information-about-your-computers.md b/windows/keep-secure/gathering-information-about-your-computers.md
deleted file mode 100644
index e0eb0f0b44..0000000000
--- a/windows/keep-secure/gathering-information-about-your-computers.md
+++ /dev/null
@@ -1,58 +0,0 @@
----
-title: Gathering Information about Your Computers (Windows 10)
-description: Gathering Information about Your Computers
-ms.assetid: 7f7cd3b9-de8e-4fbf-89c6-3d1a47bc2beb
-author: brianlic-msft
----
-
-# Gathering Information about Your Computers
-
-
-One of the most valuable benefits of conducting an asset discovery project is the large amount of data that is obtained about the client and server computers on the network. When you start designing and planning your isolation zones, you must make decisions that require accurate information about the state of all hosts to ensure that they can use IPsec as planned.
-
-Capture the following information from each computer:
-
--   **Computer name**. This name is the computer's NetBIOS or DNS name that identifies the computer on the network. Because a computer can have more than one media access control (MAC) or IP address, the computer's name is one of the criteria that can be used to determine uniqueness on the network. Because computer names can be duplicated under some circumstances, the uniqueness should not be considered absolute.
-
--   **IP address for each network adapter**. The IP address is the address that is used with the subnet mask to identify a host on the network. An IP address is not an effective way to identify an asset because it is often subject to change.
-
--   **Operating system, service pack, and hotfix versions**. The operating system version is a key factor in determining the ability of a host to communicate by using IPsec. It is also important to track the current state of service packs and updates that might be installed, because these are often used to determine that minimum security standards have been met.
-
--   **Domain membership**. This information is used to determine whether a computer can obtain IPsec policy from Active Directory or whether it must use a local IPsec policy.
-
--   **Physical location**. This information is just the location of the device in your organization. It can be used to determine whether a device can participate in a specific isolation group based on its location or the location of the devices that it communicates with regularly.
-
--   **Hardware type or role**. Some tools that perform host discovery can provide this information by querying the hardware information and running applications to determine its type, such as server, workstation, or portable computer. You can use this information to determine the appropriate IPsec policy to assign, whether a specific computer can participate in isolation, and in which isolation group to include the computer.
-
-After collecting all this information and consolidating it into a database, perform regular discovery efforts periodically to keep the information current. You need the most complete and up-to-date picture of the managed hosts on their networks to create a design that matches your organization's requirements.
-
-You can use various methods to gather data from the hosts on the network. These methods range from high-end, fully automated systems to completely manual data collection. Generally, the use of automated methods to gather data is preferred over manual methods for reasons of speed and accuracy.
-
-## Automated Discovery
-
-
-Using an automated auditing network management system such as Microsoft System Center Configuration Manager (formerly known as Systems Management Server) provides valuable information about the current state of the IT infrastructure.
-
-For more information about how System Center Configuration Manager 2007 can help perform automated information gathering, see <http://go.microsoft.com/fwlink/?linkid=110412>.
-
-## Manual Discovery
-
-
-The biggest difference between manual discovery methods and automated methods is time.
-
-You can use the Windows Script Host (WSH), VBScript, and Windows Management Instrumentation (WMI) to create a script file that can collect the system configuration information. VBScript and WMI are built-in to Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. Starting with Windows Server 2008, Windows PowerShell is included with the operating system. For more information, see “Scripting with Windows PowerShell” (<http://go.microsoft.com/fwlink/?linkid=110413>).
-
-Whether you use an automatic, manual, or hybrid option to gather the information, one of the biggest issues that can cause problems to the design is capturing the changes between the original inventory scan and the point at which the implementation is ready to start. After the first scan has been completed, make support staff aware that all additional changes must be recorded and the updates noted in the inventory.
-
-This inventory will be critical for planning and implementing your Windows Firewall with Advanced Security design.
-
-**Next: **[Gathering Other Relevant Information](gathering-other-relevant-information.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md b/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
index ba38d968e5..65555cc782 100644
--- a/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
+++ b/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
@@ -2,11 +2,18 @@
 title: Gathering Information about Your Current Network Infrastructure (Windows 10)
 description: Gathering Information about Your Current Network Infrastructure
 ms.assetid: f98d2b17-e71d-4ffc-b076-118b4d4782f9
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Gathering Information about Your Current Network Infrastructure
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 Perhaps the most important aspect of planning for Windows Firewall with Advanced Security deployment is the network architecture, because IPsec is layered on the Internet Protocol itself. An incomplete or inaccurate understanding of the network can prevent any Windows Firewall with Advanced Security solution from being successful. Understanding subnet layout, IP addressing schemes, and traffic patterns are part of this effort, but accurately documenting the following components are important to completing the planning phase of this project:
 
@@ -14,7 +21,7 @@ Perhaps the most important aspect of planning for Windows Firewall with Advanced
 
 -   Network address translation (NAT). NAT is a means of separating network segments by using a device that maps all of the IP addresses on one side of the device to a single IP address accessible on the other side.
 
--   Network infrastructure devices. This includes the routers, switches, hubs, and other network equipment that makes communications between the computers on the network possible.
+-   Network infrastructure devices. This includes the routers, switches, hubs, and other network equipment that makes communications between the devices on the network possible.
 
 -   **Current network traffic model.** This includes the quantity and the characteristics of the network traffic flowing through your network.
 
@@ -35,7 +42,7 @@ If your organization does not have its current network architecture documented a
 
 -   Undertake a discovery project, either through manual processes or with network analysis tools that can provide the information you need to document the current network topology.
 
-Although the required information can be presented in many different ways, a series of schematic diagrams is often the most effective method of illustrating and understanding the current network configuration. When creating network diagrams, do not include too much information. If necessary, use multiple diagrams that show different layers of detail. Use a top-level diagram that illustrates the major sites that make up your organization's network, and then break out each site into a more detailed diagram that captures a deeper level of detail. Continue until you reach the individual IP subnet level, and so have the means to identify the network location of every computer in your organization.
+Although the required information can be presented in many different ways, a series of schematic diagrams is often the most effective method of illustrating and understanding the current network configuration. When creating network diagrams, do not include too much information. If necessary, use multiple diagrams that show different layers of detail. Use a top-level diagram that illustrates the major sites that make up your organization's network, and then break out each site into a more detailed diagram that captures a deeper level of detail. Continue until you reach the individual IP subnet level, and so have the means to identify the network location of every device in your organization.
 
 During this process, you might discover some network applications and services that are not compatible with IPsec. For example, IPsec breaks network-based prioritization and port/protocol-based traffic management. If traffic management or prioritization must be based on ports or protocol, the host itself must be able to perform any traffic management or prioritization.
 
@@ -53,23 +60,14 @@ Other examples of incompatibility include:
 
 -   Network monitoring tools might be unable to parse ESP packets that are not encrypted (ESP-Null).
 
-    **Note**  
-    Network Monitor added an ESP parser starting in version 2.1 to aid troubleshooting of unencrypted IPsec packets. The latest version of Network Monitor is available as a free download from Microsoft (<http://go.microsoft.com/fwlink/?linkid=94770>).
-
+    >**Note:**  Microsoft Message Analyzer can help in troubleshooting of unencrypted IPsec packets. The latest version of Message Analyzer is available on the [Microsoft Download Center](http://www.microsoft.com/download/details.aspx?id=44226).
      
-
 ## Network address translation (NAT)
 
-
 IPsec NAT traversal (NAT-T) enables IPsec peers that are behind NATs to detect the presence of NATs, negotiate IPsec security associations (SAs), and send ESP-protected data even though the addresses in the IPsec-protected IPv4 packets change. IPsec NAT-T does not support the use of AH across NAT devices.
 
-IPsec NAT-T is supported by Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, Windows Server 2008 R2,
-
-For detailed information about how IPsec NAT-T works, see "IPsec NAT Traversal Overview" in the August 2002 Cable Guy article at <http://go.microsoft.com/fwlink/?LinkId=45080>.
-
 ## Network infrastructure devices
 
-
 The devices that make up the network infrastructure (routers, switches, load balancers, and firewalls) must be able communicate using IPsec after the solution is implemented. For this reason, you have to examine the following characteristics of these network devices to ensure that they can handle the technical and physical requirements of the design:
 
 -   **Make/model**. You can use this information to determine the features that the device supports. In addition, check the BIOS version or software running on the device to ensure that IPsec is supported.
@@ -86,10 +84,7 @@ The devices that make up the network infrastructure (routers, switches, load bal
 
 -   **The maximum transmission unit (MTU) size on device interface(s)**. The MTU defines the largest datagram that can be transmitted on a particular interface without being divided into smaller pieces for transmission (a process also known as *fragmentation*). In IPsec communications, the MTU is necessary to anticipate when fragmentation occurs. Packet fragmentation must be tracked for Internet Security Association and Key Management Protocol (ISAKMP) by the router. IPsec configures the MTU size on the session to the minimum-discovered MTU size along the communication path being used, and then set the Don't Fragment bit (DF bit) to 1.
 
-    **Note**  
-    If Path MTU (PMTU) discovery is enabled and functioning correctly, you do not have to gather the MTU size on device interfaces. Although sources, such as the Windows Server 2003 Hardening Guide, recommend disabling PMTU discovery, it must be enabled for IPsec to function correctly.
-
-     
+    >**Note:**  If Path MTU (PMTU) discovery is enabled and functioning correctly, you do not have to gather the MTU size on device interfaces. Although sources, such as the Windows Server 2003 Hardening Guide, recommend disabling PMTU discovery, it must be enabled for IPsec to function correctly.
 
 -   **Intrusion detection system (IDS) in use**. Your IDS must have an IPsec-compatible parser to detect ESP packets. If the IDS does not have such a parser, it cannot determine if data in those packets is encrypted.
 
@@ -97,32 +92,22 @@ After you obtain this information, you can quickly determine whether you must up
 
 ## Current network traffic model
 
-
 After gathering the addressing and network infrastructure information, the next step is to examine the communications flow. For example, if a department such as Human Resources (HR) spans several buildings, and you want to use server isolation with encryption to help protect information in that department, you must know how those buildings are connected to determine the level of "trust" to place in the connection. A highly secured building that is connected by an unprotected cable to another building that is not secured can be compromised by an eavesdropping or information replay attack. If such an attack is considered a threat, IPsec can help by providing strong mutual authentication and traffic encryption for trusted hosts. IPsec allows you to more securely communicate across untrusted links such as the Internet.
 
-When you examine traffic flow, look closely at how all managed and unmanaged devices interact. This includes non-Windows-based computers running Linux, UNIX, and Macintosh. Ask yourself such questions as:
+When you examine traffic flow, look closely at how all managed and unmanaged devices interact. This includes non-Windows-based devices running Linux, UNIX, and Macintosh. Ask yourself such questions as:
 
 -   Do specific communications occur at the port and protocol level, or are there many sessions between the same hosts across many protocols?
 
 -   How do servers and clients communicate with each other?
 
--   Are there security devices or projects currently implemented or planned that could affect an isolation deployment? For example, if you use Windows Firewall on your computers to "lock down" specific ports, such as UDP 500, IKE negotiations fail.
+-   Are there security devices or projects currently implemented or planned that could affect an isolation deployment? For example, if you use Windows Firewall on your devices to "lock down" specific ports, such as UDP 500, IKE negotiations fail.
 
 Some of the more common applications and protocols are as follows:
 
 -   **NetBIOS over TCP/IP (NetBT) and server message block (SMB)**. On a LAN, it is common to have ports 137, 138, and 139 enabled for NetBT and port 445 enabled for SMB. These ports provide NetBIOS name resolution services and other features. Unfortunately, they also allow the creation of *null sessions*. A null session is a session that is established on a host that does not use the security context of a known user or entity. Frequently, these sessions are anonymous.
 
--   **Remote procedure call (RPC)**. RPC operates by listening on a port known as the *endpoint mapper*, TCP port 135. The response to a query on this port is an instruction to begin communication on another port in the ephemeral range (ports numbered over 1024). In a network that is segmented by firewalls, RPC communication presents a configuration challenge because it means opening the RPC listener port and all ports greater than 1024. Opening so many ports increases the attack surface of the whole network and reduces the effectiveness of the firewalls. Computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 reduce this risk by introducing stateful inspection of RPC traffic. Because many applications depend on RPC for basic functionality, any firewall and connection security policy must take RPC requirements into account.
+-   **Remote procedure call (RPC)**. RPC operates by listening on a port known as the *endpoint mapper*, TCP port 135. The response to a query on this port is an instruction to begin communication on another port in the ephemeral range (ports numbered over 1024). In a network that is segmented by firewalls, RPC communication presents a configuration challenge because it means opening the RPC listener port and all ports greater than 1024. Opening so many ports increases the attack surface of the whole network and reduces the effectiveness of the firewalls. Because many applications depend on RPC for basic functionality, any firewall and connection security policy must take RPC requirements into account.
 
--   **Other traffic**. Windows Firewall with Advanced Security can help secure transmissions between computers by providing authentication of the packets in addition to encrypting the data that they contain. The important thing to do is to identify what must be protected, and the threats that must be mitigated. Examine and model other traffic or traffic types that must be secured.
+-   **Other traffic**. Windows Firewall with Advanced Security can help secure transmissions between devices by providing authentication of the packets in addition to encrypting the data that they contain. The important thing to do is to identify what must be protected, and the threats that must be mitigated. Examine and model other traffic or traffic types that must be secured.
 
 **Next: **[Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/gathering-other-relevant-information.md b/windows/keep-secure/gathering-other-relevant-information.md
index b224e74fa6..ca8d396fcb 100644
--- a/windows/keep-secure/gathering-other-relevant-information.md
+++ b/windows/keep-secure/gathering-other-relevant-information.md
@@ -2,20 +2,26 @@
 title: Gathering Other Relevant Information (Windows 10)
 description: Gathering Other Relevant Information
 ms.assetid: 87ccca07-4346-496b-876d-cdde57d0ce17
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Gathering Other Relevant Information
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This topic discusses several other things that you should examine to see whether they will cause any complications in your ability to deploy Windows Firewall with Advanced Security policies in your organization.
 
 ## Capacity considerations
 
+Because IPsec uses mathematically intensive cryptographic techniques, it can consume significant overhead on a device. Areas to watch:
 
-Because IPsec uses mathematically intensive cryptographic techniques, it can consume significant overhead on a computer. Areas to watch:
-
--   **Encryption.** You might use 256-bit Advanced Encryption Standard (AES-256) and 384-bit Secure Hash Algorithm (SHA-384) to check integrity in situations that require the strongest available encryption and key exchange protection. If you have NICs that support IPsec Task Offload, you can reduce the effect that encryption has on network throughput. For more information, see [IPsec Task Offload](http://technet.microsoft.com/network/dd277647.aspx) at http://technet.microsoft.com/network/dd277647.aspx
+-   **Encryption.** You might use 256-bit Advanced Encryption Standard (AES-256) and 384-bit Secure Hash Algorithm (SHA-384) to check integrity in situations that require the strongest available encryption and key exchange protection. If you have NICs that support IPsec Task Offload, you can reduce the effect that encryption has on network throughput. For more information, see [IPsec Task Offload](http://technet.microsoft.com/network/dd277647.aspx).
 
 -   **Security association (SA) negotiation.** You can use a shorter lifetime for the main mode SA, such as three hours, but then you might need to make tradeoffs. Because each main mode SA occupies approximately 5  KB of RAM, situations in which a server brokers tens of thousands of concurrent connections can lead to overutilization.
 
@@ -25,26 +31,19 @@ Because IPsec uses mathematically intensive cryptographic techniques, it can con
 
 -   **Other factors.** These include CPU usage on network infrastructure servers, increased overhead on servers and workstations running IPsec (especially servers, because they usually contain more main mode SAs than clients), and increased network latency because of IPsec negotiation.
 
-    **Note**  
-    When Microsoft deployed its own domain isolation solution, it found a one to three percent increase in usage on the network as a direct result of IPsec.
-
-     
+    >**Note:**  When Microsoft deployed its own domain isolation solution, it found a one to three percent increase in usage on the network as a direct result of IPsec.
 
 ## Group Policy deployment groups and WMI filters
 
-
-You do not have to rearrange the organization unit (OU) hierarchy of your Active Directory domains to effectively deploy Windows Firewall with Advanced Security GPOs. Instead, you can link your GPOs at the domain level (or another high level container), and then use security group filtering or WMI filtering to ensure that only the appropriate computers or users can apply the GPO settings. Because the firewall and connection security rules have evolved significantly from Windows 2000 Server to Windows XP and Windows Server 2003, and now with Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, we recommend that you use WMI filtering to dynamically ensure that GPOs apply only to computers that are running the correct operating system. It is not necessary to use this technique if your network consists of computers running Windows Vista or later.
+You do not have to rearrange the organization unit (OU) hierarchy of your Active Directory domains to effectively deploy Windows Firewall with Advanced Security GPOs. Instead, you can link your GPOs at the domain level (or another high level container), and then use security group filtering or WMI filtering to ensure that only the appropriate devices or users can apply the GPO settings. We recommend that you use WMI filtering to dynamically ensure that GPOs apply only to devices that are running the correct operating system. It is not necessary to use this technique if your network consists of devices.
 
 ## Different Active Directory trust environments
 
-
 When you design a domain isolation policy, consider any logical boundaries that might affect IPsec-secured communications. For example, the trust relationships between your domains and forests are critical in determining an appropriate IKE authentication method.
 
 Kerberos V5 authentication is recommended for use in a two-way (mutual) domain and forest trust environment. You can use Kerberos V5 for IKE authentication across domains that have two-way trusts established, if the domains are in the same forest or different forests. If the two domains are in different forests, you must configure two external trusts, one for each direction, between the domains. The external trusts must use the fully qualified domain name (FQDN) of the domains, and IPsec policy must allow an IKE initiator in one domain to communicate with any domain controller in the forest domain hierarchy, so that the initiator can obtain a Kerberos V5 ticket from a domain controller in the responder’s domain. If firewalls separate the domains then you must configure the firewall to allow Kerberos V5 traffic over UDP destination port 88, TCP destination port 88, and UDP destination port 389.
 
-For more information, see "Active Directory in Networks Segmented by Firewalls" at <http://go.microsoft.com/fwlink/?LinkId=45087>.
-
-If the use of Kerberos V5 authentication is not possible because two-way trusts across forests cannot be established as in some large enterprise environments, you can use a public key infrastructure (PKI) and digital certificates to establish IPsec-trusted communication. For an example of how Microsoft deployed their PKI, see "Deploying PKI Inside Microsoft" at <http://go.microsoft.com/fwlink/?LinkId=45088>.
+If the use of Kerberos V5 authentication is not possible because two-way trusts across forests cannot be established as in some large enterprise environments, you can use a public key infrastructure (PKI) and digital certificates to establish IPsec-trusted communication.
 
 ## Creating firewall rules to permit IKE, AH, and ESP traffic
 
@@ -53,39 +52,26 @@ In some cases, IPsec-secured traffic might have to pass through a router, perime
 
 In the case of a filtering router or a firewall, you must configure these devices to allow IPsec traffic to be forwarded. Configure the firewall to allow IPsec traffic on UDP source and destination port 500 (IKE), UDP source and destination port 4500 (IPsec NAT-T), and IP Protocol 50 (ESP). You might also have to configure the firewall to allow IPsec traffic on IP protocol 51 (AH) to allow troubleshooting by IPsec administrators and to allow the IPsec traffic to be inspected.
 
-For more information, see "How to Enable IPsec Traffic Through a Firewall" at <http://go.microsoft.com/fwlink/?LinkId=45085>.
+For more info, see [How to Enable IPsec Traffic Through a Firewall](http://go.microsoft.com/fwlink/?LinkId=45085).
 
 ## Network load balancing and server clusters
 
-
-There are challenges implementing connection security for network traffic going to and from network load balancing (NLB) clusters and server clusters. NLB enables multiple servers to be clustered together to provide high availability for a service by providing automatic failover to other nodes in the cluster. Because IPsec matches a security association to a specific computer, it prevents different computers from handling the same client connection. If a different node in the cluster responds to an IPsec connection that was originally established by another node, the traffic will be dropped by the client computer as untrusted.
+There are challenges implementing connection security for network traffic going to and from network load balancing (NLB) clusters and server clusters. NLB enables multiple servers to be clustered together to provide high availability for a service by providing automatic failover to other nodes in the cluster. Because IPsec matches a security association to a specific device, it prevents different devices from handling the same client connection. If a different node in the cluster responds to an IPsec connection that was originally established by another node, the traffic will be dropped by the client device as untrusted.
 
 This means that NLB in "no affinity" mode is not supported by IPsec at all. If you must use "no affinity" mode in the cluster then consider including the servers that make up the cluster in your IPsec exemption group, and allowing clients to communicate with the servers without IPsec.
 
-**IPsec improvements for clusters running Windows Server 2008**
-
-Starting with Windows Server 2008 and Windows Vista, IPsec is much more tightly integrated into TCP/IP than in earlier versions of Windows. When a TCP connection is dropped because of a cluster node failover, IPsec on a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 detects the TCP connection failure and removes the IPsec SAs for that connection. When the new TCP connection is established to another node, IPsec can negotiate new SAs immediately without having to wait for the obsolete SAs to time out.
+When a TCP connection is dropped because of a cluster node failover, IPsec detects the TCP connection failure and removes the IPsec SAs for that connection. When the new TCP connection is established to another node, IPsec can negotiate new SAs immediately without having to wait for the obsolete SAs to time out.
 
 ## Network inspection technologies
 
-
 Within a TCP/IP packet, IPsec without encryption changes the offsets for the destination ports and protocols. These changes can adversely affect applications that are running on network devices such as routers that monitor and manage traffic on the network. While some network applications have been updated to support IPsec, some are not yet compatible. Check with the vendor of your device to see whether the changes in the protocol and port fields caused by IPsec are compatible with the device.
 
-Any device designed to view network traffic, such as hardware protocol analyzers or Microsoft Network Monitor, cannot parse ESP-encrypted traffic. Only the destination computer, with which the originating computer negotiated the connection, can decrypt the traffic.
+Any device designed to view network traffic, such as hardware protocol analyzers or Microsoft Network Monitor, cannot parse ESP-encrypted traffic. Only the destination device, with which the originating device negotiated the connection, can decrypt the traffic.
 
 In general, IPsec defeats network-based prioritization and port- or protocol-based traffic management. For encrypted packets, there is no workaround; the host itself must handle any traffic management functions. For unencrypted, authenticated-only packets, the devices and applications must be aware of how IPsec changes packets to be able to do anything with them other than route them to the correct host. If you cannot upgrade monitoring or management devices to support IPsec, it is important that you record this information and figure it into your domain or server isolation design.
 
-Network Monitor includes parsers for the ISAKMP (IKE), AH, and ESP protocols. Network Monitor parsers for ESP can parse inside the ESP packet only if ESP null-encryption is being used. Network Monitor cannot parse the encrypted parts of IPsec ESP traffic when encryption is performed in software. However, if encryption is performed by an IPsec hardware offload network adapter, the ESP packets can be decrypted when Network Monitor captures them on either the source or the destination and, therefore, they can be parsed. To diagnose ESP software-encrypted communication, you must disable ESP encryption and use ESP-null encryption by changing the IPsec policy or connection security rule on both computers.
-
-Network Monitor is available as a free download from Microsoft at <http://go.microsoft.com/fwlink/?linkid=94770>.
-
-**Next: **[Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-computers.md)
-
- 
-
- 
-
-
-
+Network Monitor includes parsers for the ISAKMP (IKE), AH, and ESP protocols. Network Monitor parsers for ESP can parse inside the ESP packet only if ESP null-encryption is being used. Network Monitor cannot parse the encrypted parts of IPsec ESP traffic when encryption is performed in software. However, if encryption is performed by an IPsec hardware offload network adapter, the ESP packets can be decrypted when Network Monitor captures them on either the source or the destination and, therefore, they can be parsed. To diagnose ESP software-encrypted communication, you must disable ESP encryption and use ESP-null encryption by changing the IPsec policy or connection security rule on both devices.
 
+Message Analyzer is available on the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=44226).
 
+**Next: **[Determining the Trusted State of Your Devices](determining-the-trusted-state-of-your-devices.md)
diff --git a/windows/keep-secure/gathering-the-information-you-need.md b/windows/keep-secure/gathering-the-information-you-need.md
index c4bcf27cfe..3e8a62b0cc 100644
--- a/windows/keep-secure/gathering-the-information-you-need.md
+++ b/windows/keep-secure/gathering-the-information-you-need.md
@@ -2,13 +2,20 @@
 title: Gathering the Information You Need (Windows 10)
 description: Gathering the Information You Need
 ms.assetid: 545fef02-5725-4b1e-b67a-a32d94c27d15
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Gathering the Information You Need
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Before starting the planning process for a Windows Firewall with Advanced Security deployment, you must collect and analyze up-to-date information about the network, the directory services, and the computers that are already deployed in the organization. This information enables you to create a design that accounts for all possible elements of the existing infrastructure. If the gathered information is not accurate, problems can occur when devices and computers that were not considered during the planning phase are encountered during implementation.
+Before starting the planning process for a Windows Firewall with Advanced Security deployment, you must collect and analyze up-to-date information about the network, the directory services, and the devices that are already deployed in the organization. This information enables you to create a design that accounts for all possible elements of the existing infrastructure. If the gathered information is not accurate, problems can occur when devices and devices that were not considered during the planning phase are encountered during implementation.
 
 Review each of the following topics for guidance about the kinds of information that you must gather:
 
@@ -16,15 +23,6 @@ Review each of the following topics for guidance about the kinds of information
 
 -   [Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md)
 
--   [Gathering Information about Your Computers](gathering-information-about-your-computers.md)
+-   [Gathering Information about Your Devices](gathering-information-about-your-devices.md)
 
 -   [Gathering Other Relevant Information](gathering-other-relevant-information.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 85363b9abe..17ef2d4aa4 100644
--- a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -6,7 +6,6 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-
 author: brianlic-msft
 ---
 
@@ -58,6 +57,4 @@ The following table lists the three main tasks for articulating, refining, and s
 </tbody>
 </table>
 
- 
-
 **Next:**  [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)
diff --git a/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 6972acc8cd..012969637d 100644
--- a/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -2,81 +2,32 @@
 title: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design (Windows 10)
 description: Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
 ms.assetid: 7e68c59e-ba40-49c4-8e47-5de5d6b5eb22
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 After you finish reviewing the existing Windows Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
 
-**Important**  
-The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
-
- 
+>**Important:**  The first three designs presented in this guide build on each other to progress from simpler to more complex. Therefore during deployment, consider implementing them in the order presented. Each deployed design also provides a stable position from which to evaluate your progress, and to make sure that your goals are being met before you continue to the next design.
 
 Use the following table to determine which Windows Firewall with Advanced Security design maps to the appropriate combination of Windows Firewall with Advanced Security deployment goals for your organization. This table refers only to the Windows Firewall with Advanced Security designs as described in this guide. However, you can create a hybrid or custom Windows Firewall with Advanced Security design by using any combination of the Windows Firewall with Advanced Security deployment goals to meet the needs of your organization.
 
-<table>
-<colgroup>
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Deployment Goals</th>
-<th>[Basic Firewall Policy Design](basic-firewall-policy-design.md)</th>
-<th>[Domain Isolation Policy Design](domain-isolation-policy-design.md)</th>
-<th>[Server Isolation Policy Design](server-isolation-policy-design.md)</th>
-<th>[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>[Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
-</tr>
-<tr class="even">
-<td><p>[Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)</p></td>
-<td><p>-</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
-</tr>
-<tr class="odd">
-<td><p>[Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)</p></td>
-<td><p>-</p></td>
-<td><p>-</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
-</tr>
-<tr class="even">
-<td><p>[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)</p></td>
-<td><p>-</p></td>
-<td><p>Optional</p></td>
-<td><p>Optional</p></td>
-<td><p>Optional</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+| Deployment Goals | Basic Firewall Policy Design | Domain Isolation Policy Design | Server Isolation Policy Design | Certificate-based Isolation Policy Design |
+| - |- | - | - | - |
+| [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)| Yes| Yes| Yes| Yes| 
+| [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md) | -| Yes| Yes| Yes| 
+| [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)| -| -| Yes| Yes| 
+| [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)| -| Optional| Optional| Optional| 
 
 To examine details for a specific design, click the design title at the top of the column in the preceding table.
 
 **Next: **[Basic Firewall Policy Design](basic-firewall-policy-design.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md b/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
deleted file mode 100644
index 5230ec4e6d..0000000000
--- a/windows/keep-secure/protect-computers-from-unwanted-network-traffic.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Protect Computers from Unwanted Network Traffic (Windows 10)
-description: Protect Computers from Unwanted Network Traffic
-ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc
-author: brianlic-msft
----
-
-# Protect Computers from Unwanted Network Traffic
-
-
-Although network perimeter firewalls provide important protection to network resources from external threats, there are network threats that a perimeter firewall cannot protect against. Some attacks might successfully penetrate the perimeter firewall, and at that point what can stop it? Other attacks might originate from inside the network, such as a computer virus that is brought in on portable media and run on a trusted computer. Portable computers are often taken outside the network and connected directly to the Internet, without adequate protection between the computer and security threats.
-
-Reports of targeted attacks against organizations, governments, and individuals have become more widespread in recent years. For a general overview of these threats, also known as advanced persistent threats (APT), see the [Microsoft Security Intelligence Report](http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_Key_Findings_Summary_English.pdf) at http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft\_Security\_Intelligence\_Report\_Volume\_12\_Key\_Findings\_Summary\_English.pdf.
-
-Running a host-based firewall on every computer that your organization manages is an important layer in a "defense-in-depth" security strategy. A host-based firewall can help protect against attacks that originate from inside the network and also provide additional protection against attacks from outside the network that manage to penetrate the perimeter firewall. It also travels with a portable computer to provide protection when it is away from the organization's network.
-
-A host-based firewall helps secure a computer by dropping all network traffic that does not match the administrator-designed rule set for permitted network traffic. This design, which corresponds to [Basic Firewall Policy Design](basic-firewall-policy-design.md), provides the following benefits:
-
--   Network traffic that is a reply to a request from the local computer is permitted into the computer from the network.
-
--   Network traffic that is unsolicited, but that matches a rule for allowed network traffic, is permitted into the computer from the network.
-
-    For example, Woodgrove Bank wants a computer that is running SQL Server to be able to receive the SQL queries sent to it by client computers. The firewall policy deployed to the computer that is running SQL Server includes firewall rules that specifically allow inbound network traffic for the SQL Server program.
-
--   Outbound network traffic that is not specifically blocked is allowed on the network.
-
-    For example, Woodgrove Bank has a corporate policy that prohibits the use of certain peer-to-peer file sharing programs. The firewall policy deployed to the computers on the network includes firewall rules that block both inbound and outbound network traffic for the prohibited programs. All other outbound traffic is permitted.
-
-The following component is recommended for this deployment goal:
-
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more Group Policy objects (GPOs) that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
-
-Other means of deploying a firewall policy are available, such as creating scripts that use the **netsh** command-line tool, and then running those scripts on each computer in the organization. This guide uses Active Directory as a recommended means of deployment because of its ability to scale to very large organizations.
-
-**Next: **[Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
index ca133f5f86..4a19f0dbf8 100644
--- a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
@@ -2,15 +2,22 @@
 title: Require Encryption When Accessing Sensitive Network Resources (Windows 10)
 description: Require Encryption When Accessing Sensitive Network Resources
 ms.assetid: da980d30-a68b-4e2a-ba63-94726355ce6f
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Require Encryption When Accessing Sensitive Network Resources
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-The use of authentication in the previously described goal ([Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)) enables a computer in the isolated domain to block traffic from untrusted computers. However, it does not prevent an untrusted computer from eavesdropping on the network traffic shared between two trusted computers, because by default network packets are not encrypted.
+The use of authentication in the previously described goal ([Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)) enables a device in the isolated domain to block traffic from untrusted devices. However, it does not prevent an untrusted device from eavesdropping on the network traffic shared between two trusted devices, because by default network packets are not encrypted.
 
-For computers that share sensitive information over the network, Windows Firewall with Advanced Security allows you to require that all such network traffic be encrypted. Using encryption can help you comply with regulatory and legislative requirements such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations. By creating connection security rules that apply to computers that host and exchange sensitive data, you can help protect the confidentiality of that data by encrypting it.
+For devices that share sensitive information over the network, Windows Firewall with Advanced Security allows you to require that all such network traffic be encrypted. Using encryption can help you comply with regulatory and legislative requirements such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations. By creating connection security rules that apply to devices that host and exchange sensitive data, you can help protect the confidentiality of that data by encrypting it.
 
 The following illustration shows an encryption zone in an isolated domain. The rules that implement both the isolated domain and the different zones are deployed by using Group Policy and Active Directory.
 
@@ -18,25 +25,16 @@ The following illustration shows an encryption zone in an isolated domain. The r
 
 This goal provides the following benefits:
 
--   Computers in the encryption zone require authentication to communicate with other computers. This works no differently from the domain isolation goal and design. For more information, see [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md).
+-   Devices in the encryption zone require authentication to communicate with other devices. This works no differently from the domain isolation goal and design. For more info, see [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md).
 
--   Computers in the encryption zone require that all inbound and outbound network traffic be encrypted.
+-   Devices in the encryption zone require that all inbound and outbound network traffic be encrypted.
 
-    For example, Woodgrove Bank processes sensitive customer data on a computer that must be protected from eavesdropping by computers on the network. Connection security rules specify that all traffic must be encrypted by a sufficiently complex encryption algorithm to help protect the data.
+    For example, Woodgrove Bank processes sensitive customer data on a device that must be protected from eavesdropping by devices on the network. Connection security rules specify that all traffic must be encrypted by a sufficiently complex encryption algorithm to help protect the data.
 
--   Computers in the encryption zone are often good candidates for server isolation, where access is limited to only computer accounts and user accounts that are members of an authorized access group. In many organizations, the encryption zone and the server isolation zone are one and the same. For more information, see [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md).
+-   Devices in the encryption zone are often good candidates for server isolation, where access is limited to only computer accounts and user accounts that are members of an authorized access group. In many organizations, the encryption zone and the server isolation zone are one and the same. For more info, see [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md).
 
 The following components are required for this deployment goal:
 
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
-
-**Next: **[Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)
-
- 
-
- 
-
-
-
-
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. For more info about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
 
+**Next: **[Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)
diff --git a/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md b/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
deleted file mode 100644
index 5ec1556728..0000000000
--- a/windows/keep-secure/restrict-access-to-only-specified-users-or-computers.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Restrict Access to Only Specified Users or Computers (Windows 10)
-description: Restrict Access to Only Specified Users or Computers
-ms.assetid: a6106a07-f9e5-430f-8dbd-06d3bf7406df
-author: brianlic-msft
----
-
-# Restrict Access to Only Specified Users or Computers
-
-
-Domain isolation (as described in the previous goal [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)) prevents computers that are members of the isolated domain from accepting network traffic from untrusted computers. However, some computers on the network might host sensitive data that must be additionally restricted to only those users and computers that have a business requirement to access the data.
-
-Windows Firewall with Advanced Security enables you to restrict access to computers and users that are members of domain groups authorized to access that computer. These groups are called *network access groups (NAGs)*. When a computer authenticates to a server, the server checks the group membership of the computer account and the user account, and grants access only if membership in the NAG is confirmed. Adding this check creates a virtual "secure zone" within the domain isolation zone. You can have multiple computers in a single secure zone, and it is likely that you will create a separate zone for each set of servers that have specific security access needs. Computers that are part of this server isolation zone are often also part of the encryption zone (see [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)).
-
-Restricting access to only users and computers that have a business requirement can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
-
-Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, and Windows Vista enable you to restrict access by specifying either computer or user credentials.
-
-The following illustration shows an isolated server, and examples of computers that can and cannot communicate with it. Computers that are outside the Woodgrove corporate network, or computers that are in the isolated domain but are not members of the required NAG, cannot communicate with the isolated server.
-
-![isolated domain with network access groups](images/wfas-domainnag.gif)
-
-This goal, which corresponds to [Server Isolation Policy Design](server-isolation-policy-design.md), provides the following features:
-
--   Isolated servers accept unsolicited inbound network traffic only from computers or users that are members of the NAG.
-
--   Isolated servers can be implemented as part of an isolated domain, and treated as another zone. Members of the zone group receive a GPO with rules that require authentication, and that specify that only network traffic authenticated as coming from a member of the NAG is allowed.
-
--   Server isolation can also be configured independently of an isolated domain. To do so, configure only the computers that must communicate with the isolated server with connection security rules to implement authentication and check NAG membership.
-
--   A server isolation zone can be simultaneously configured as an encryption zone. To do this, configure the GPO with rules that force encryption in addition to requiring authentication and restricting access to NAG members. For more information, see [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
-
-The following components are required for this deployment goal:
-
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
-
-**Next: **[Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/restrict-access-to-only-trusted-computers.md b/windows/keep-secure/restrict-access-to-only-trusted-computers.md
deleted file mode 100644
index 89288e3473..0000000000
--- a/windows/keep-secure/restrict-access-to-only-trusted-computers.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Restrict Access to Only Trusted Computers (Windows 10)
-description: Restrict Access to Only Trusted Computers
-ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
-author: brianlic-msft
----
-
-# Restrict Access to Only Trusted Computers
-
-
-Your organizational network likely has a connection to the Internet. You also likely have partners, vendors, or contractors who attach computers that are not owned by your organization to your network. Because you do not manage those computers, you cannot trust them to be free of malicious software, maintained with the latest security updates, or in any way in compliance with your organization's security policies. These untrustworthy computers both on and outside of your physical network must not be permitted to access your organization's computers except where it is truly required.
-
-To mitigate this risk, you must be able to isolate the computers you trust, and restrict their ability to receive unsolicited network traffic from untrusted computers. By using connection security and firewall rules available in Windows Firewall with Advanced Security, you can logically isolate the computers that you trust by requiring that all unsolicited inbound network traffic be authenticated. Authentication ensures that each computer or user can positively identify itself by using credentials that are trusted by the other computer. Connection security rules can be configured to use IPsec with the Kerberos V5 protocol available in Active Directory, or certificates issued by a trusted certification authority as the authentication method.
-
-**Note**  
-Because the primary authentication method recommended for computers that are running Windows is to use the Kerberos V5 protocol with membership in an Active Directory domain, this guide refers to this logical separation of computers as *domain isolation*, even when certificates are used to extend the protection to computers that are not part of an Active Directory domain.
-
- 
-
-The protection provided by domain isolation can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
-
-The following illustration shows an isolated domain, with one of the zones that are optionally part of the design. The rules that implement both the isolated domain and the different zones are deployed by using Group Policy and Active Directory.
-
-![domain isolation](images/wfas-domainiso.gif)
-
-These goals, which correspond to [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md), provide the following benefits:
-
--   Computers in the isolated domain accept unsolicited inbound network traffic only when it can be authenticated as coming from another computer in the isolated domain. Exemption rules can be defined to allow inbound traffic from trusted computers that for some reason cannot perform IPsec authentication.
-
-    For example, Woodgrove Bank wants all of its computers to block all unsolicited inbound network traffic from any computer that it does not manage. The connection security rules deployed to domain member computers require authentication as a domain member or by using a certificate before an unsolicited inbound network packet is accepted.
-
--   Computers in the isolated domain can still send outbound network traffic to untrusted computers and receive the responses to the outbound requests.
-
-    For example, Woodgrove Bank wants its users at client computers to be able to access Web sites on the Internet. The default Windows Firewall with Advanced Security settings for outbound network traffic allow this. No additional rules are required.
-
-These goals also support optional zones that can be created to add customized protection to meet the needs of subsets of an organization's computers:
-
--   Computers in the "boundary zone" are configured to use connection security rules that request but do not require authentication. This enables them to receive unsolicited inbound network traffic from untrusted computers, and also to receive traffic from the other members of the isolated domain.
-
-    For example, Woodgrove Bank has a server that must be accessed by its partners' computers through the Internet. The rules applied to computers in the boundary zone use authentication when the client computer can support it, but do not block the connection if the client computer cannot authenticate.
-
--   Computers in the "encryption zone" require that all network traffic in and out must be encrypted to secure potentially sensitive material when it is sent over the network.
-
-    For example, Woodgrove Bank wants the computers running SQL Server to only transmit data that is encrypted to help protect the sensitive data stored on those computers.
-
-The following components are required for this deployment goal:
-
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
-
-**Next: **[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
deleted file mode 100644
index fa9c66bfb4..0000000000
--- a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2-in-windows-server-2012.md
+++ /dev/null
@@ -1,189 +0,0 @@
----
-title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows 10)
-description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
----
-
-# Securing End-to-End IPsec connections by using IKEv2
-
-**Applies to**
--   Windows 10
--   Windows Server 2016 Technical Preview
-
-IKEv2 offers the following:
-
--   Supports IPsec end-to-end transport mode connections
-
--   Provides interoperability for Windows with other operating systems that use IKEv2 for end-to-end security
-
--   Supports Suite B (RFC 4869) requirements
-
--   Coexists with existing policies that deploy AuthIP/IKEv1
-
--   Uses the Windows PowerShell interface exclusively for configuration. You cannot configure IKEv2 through the user interface.
-
--   Uses certificates for the authentication mechanism
-
-You can use IKEv2 as a virtual private network (VPN) tunneling protocol that supports automatic VPN reconnection. IKEv2 allows the security association to remain unchanged despite changes in the underlying connection.
-
-**In this document**
-
--   [Prerequisites](#prerequisites)
-
--   [Devices joined to a domain](#devices-joined-to-a-domain)
-
--   [Device not joined to a domain](#devices-not-joined-to-a-domain)
-
--   [Troubleshooting](#troubleshooting)
-
->**Note:**  This topic includes sample Windows PowerShell cmdlets. For more info, see [How to Run a Windows PowerShell Cmdlet](http://go.microsoft.com/fwlink/p/?linkid=230693).
-
-## Prerequisites
-
-These procedures assume that you already have a public key infrastructure (PKI) in place for device authentication.
-
-## Devices joined to a domain
-
-The following Windows PowerShell script establishes a connection security rule that uses IKEv2 for communication between two computers (CLIENT1 and SERVER1) that are joined to the corp.contoso.com domain as shown in Figure 1.
-
-![the contoso corporate network](images/corpnet.gif)
-
-**Figure 1** The Contoso corporate network
-
-This script does the following:
-
--   Creates a security group called **IPsec client and servers** and adds CLIENT1 and SERVER1 as members.
-
--   Creates a Group Policy Object (GPO) called **IPsecRequireInRequestOut** and links it to the corp.contoso.com domain.
-
--   Sets the permissions to the GPO so that they apply only to the computers in **IPsec client and servers** and not to **Authenticated Users**.
-
--   Indicates the certificate to use for authentication.
-
-    >**Important:**  The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
-
--   Creates the IKEv2 connection security rule called **My IKEv2 Rule**.
-
-![powershell logo](images/powershelllogosmall.gif)**Windows PowerShell commands**
-
-Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints.
-
-``` syntax
-# Create a Security Group for the computers that will get the policy
-$pathname = (Get-ADDomain).distinguishedname
-New-ADGroup -name "IPsec client and servers" -SamAccountName "IPsec client and servers" `
--GroupCategory security -GroupScope Global -path $pathname
-
-# Add test computers to the Security Group
-$computer = Get-ADComputer -LDAPFilter "(name=client1)"
-Add-ADGroupMember -Identity "IPsec client and servers" -Members $computer
-$computer = Get-ADComputer -LDAPFilter "(name=server1)"
-Add-ADGroupMember -Identity "IPsec client and servers" -Members $computer
-
-# Create and link the GPO to the domain 
-$gpo = New-gpo IPsecRequireInRequestOut
-$gpo | new-gplink -target "dc=corp,dc=contoso,dc=com" -LinkEnabled Yes
-
-# Set permissions to security group for the GPO
-$gpo | Set-GPPermissions -TargetName "IPsec client and servers" -TargetType Group -PermissionLevel GpoApply -Replace
-$gpo | Set-GPPermissions -TargetName "Authenticated Users" -TargetType Group -PermissionLevel None -Replace
-
-#Set up the certificate for authentication
-$gponame = "corp.contoso.com\IPsecRequireInRequestOut" 
-$certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA"
-$myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop –PolicyStore GPO:$gponame
-
-#Create the IKEv2 Connection Security rule
-New-NetIPsecRule  -DisplayName "My IKEv2 Rule" -RemoteAddress any -Phase1AuthSet $myauth.InstanceID `
--InboundSecurity Require -OutboundSecurity Request -KeyModule IKEv2 -PolicyStore GPO:$gponame
-```
-
-## Devices not joined to a domain
-
-Use a Windows PowerShell script similar to the following to create a local IPsec policy on the devices that you want to include in the secure connection.
-
->**Important:**  The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
-
-![powershell logo](images/powershelllogosmall.gif)**Windows PowerShell commands**
-
-Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints.
-
-``` syntax
-#Set up the certificate
-$certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA"
-$myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop
-
-#Create the IKEv2 Connection Security rule
-New-NetIPsecRule  -DisplayName "My IKEv2 Rule" -RemoteAddress any -Phase1AuthSet $myauth.InstanceID `
--InboundSecurity Require -OutboundSecurity Request -KeyModule IKEv2
-```
-
-Make sure that you install the required certificates on the participating computers.
-
->**Note:**  
--   For local devices, you can import the certificates manually if you have administrator access to the computer. For more info, see [Import or export certificates and private keys](http://windows.microsoft.com/windows-vista/Import-or-export-certificates-and-private-keys).
--   You need a root certificate and a computer certificate on all devices that participate in the secure connection. Save the computer certificate in the **Personal/Certificates** folder.
--   For remote devices, you can create a secure website to facilitate access to the script and certificates.
-
-## Troubleshooting
-
-Follow these procedures to verify and troubleshoot your IKEv2 IPsec connections:
-
-**Use the Windows Firewall with Advanced Security snap-in to verify that a connection security rule is enabled.**
-
-1.  Open the Windows Firewall with Advanced Security console.
-
-2.  In the left pane of the Windows Firewall with Advanced Security snap-in, click **Connection Security Rules**, and then verify that there is an enabled connection security rule.
-
-3.  Expand **Monitoring**, and then click **Connection Security Rules** to verify that your IKEv2 rule is active for your currently active profile.
-
-**Use Windows PowerShell cmdlets to display the security associations.**
-
-1.  Open a Windows PowerShell command prompt.
-
-2.  Type **get-NetIPsecQuickModeSA** to display the Quick Mode security associations.
-
-3.  Type **get-NetIPsecMainModeSA** to display the Main Mode security associations.
-
-**Use netsh to capture IPsec events.**
-
-1.  Open an elevated command prompt.
-
-2.  At the command prompt, type **netsh wfp capture start**.
-
-3.  Reproduce the error event so that it can be captured.
-
-4.  At the command prompt, type **netsh wfp capture stop**.
-
-    A wfpdiag.cab file is created in the current folder.
-
-5.  Open the cab file, and then extract the wfpdiag.xml file.
-
-6.  Open the wfpdiag.xml file with your an XML viewer program or Notepad, and then examine the contents. There will be a lot of data in this file. One way to narrow down where to start looking is to search the last “errorFrequencyTable” at the end of the file. There might be many instances of this table, so make sure that you look at the last table in the file. For example, if you have a certificate problem, you might see the following entry in the last table at the end of the file:
-
-    ``` syntax
-    <item>
-      <error>ERROR_IPSEC_IKE_NO_CERT</error>
-      <frequency>32</frequency>
-    </item>
-    ```
-    In this example, there are 32 instances of the **ERROR\_IPSEC\_IKE\_NO\_CERT** error. So now you can search for **ERROR\_IPSEC\_IKE\_NO\_CERT** to get more details regarding this error.
-
-You might not find the exact answer for the issue, but you can find good hints. For example, you might find that there seems to be an issue with the certificates, so you can look at your certificates and the related cmdlets for possible issues.
-
-## See also
-
--   [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/server-isolation-policy-design-example.md b/windows/keep-secure/server-isolation-policy-design-example.md
index d6c1c4c7af..4d38ed4c99 100644
--- a/windows/keep-secure/server-isolation-policy-design-example.md
+++ b/windows/keep-secure/server-isolation-policy-design-example.md
@@ -2,43 +2,48 @@
 title: Server Isolation Policy Design Example (Windows 10)
 description: Server Isolation Policy Design Example
 ms.assetid: 337e5f6b-1ec5-4b83-bee5-d0aea1fa5fc6
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Server Isolation Policy Design Example
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This design example continues to use the fictitious company Woodgrove Bank, as described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section and the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) section.
 
-In addition to the protections provided by the firewall and domain isolation, Woodgrove Bank wants to provide additional protection to the computers that are running Microsoft SQL Server for the WGBank program. They contain personal data, including each customer's financial history. Government and industry rules and regulations specify that access to this information must be restricted to only those users who have a legitimate business need. This includes a requirement to prevent interception of and access to the information when it is in transit over the network.
+In addition to the protections provided by the firewall and domain isolation, Woodgrove Bank wants to provide additional protection to the devices that are running Microsoft SQL Server for the WGBank program. They contain personal data, including each customer's financial history. Government and industry rules and regulations specify that access to this information must be restricted to only those users who have a legitimate business need. This includes a requirement to prevent interception of and access to the information when it is in transit over the network.
 
-The information presented by the WGBank front-end servers to the client computers, and the information presented by the WGPartner servers to the remote partner computers, are not considered sensitive for the purposes of the government regulations, because they are processed to remove sensitive elements before transmitting the data to the client computers.
+The information presented by the WGBank front-end servers to the client devices, and the information presented by the WGPartner servers to the remote partner devices, are not considered sensitive for the purposes of the government regulations, because they are processed to remove sensitive elements before transmitting the data to the client devices.
 
-In this guide, the examples show server isolation layered on top of a domain isolation design. If you have an isolated domain, the client computers are already equipped with GPOs that require authentication. You only have to add settings to the isolated server(s) to require authentication on inbound connections, and to check for membership in the NAG. The connection attempt succeeds only if NAG membership is confirmed.
+In this guide, the examples show server isolation layered on top of a domain isolation design. If you have an isolated domain, the client devices are already equipped with GPOs that require authentication. You only have to add settings to the isolated server(s) to require authentication on inbound connections, and to check for membership in the NAG. The connection attempt succeeds only if NAG membership is confirmed.
 
 ## Server isolation without domain isolation
 
-
-Server isolation can also be deployed by itself, to only the computers that must participate. The GPO on the server is no different from the one discussed in the previous paragraph for a server in an existing isolated domain. The difference is that you must also deploy a GPO with supporting connection security rules to the clients that must be able to communicate with the isolated server. Because those computers must be members of the NAG, that group can also be used in a security group filter on the client GPO. That GPO must contain rules that support the authentication requirements of the isolated server.
+Server isolation can also be deployed by itself, to only the devices that must participate. The GPO on the server is no different from the one discussed in the previous paragraph for a server in an existing isolated domain. The difference is that you must also deploy a GPO with supporting connection security rules to the clients that must be able to communicate with the isolated server. Because those devices must be members of the NAG, that group can also be used in a security group filter on the client GPO. That GPO must contain rules that support the authentication requirements of the isolated server.
 
 In short, instead of applying the client GPO to all clients in the domain, you apply the GPO to only the members of the NAG.
 
-If you do not have an Active Directory domain then you can manually apply the connection security rules to the client computers, or you can use a netsh command-line script (or Windows PowerShell in Windows 8 and Windows Server 2012) to help automate the configuration of the rules on larger numbers of computers. If you do not have an Active Directory domain, you cannot use the Kerberos V5 protocol, but instead must provide the clients and the isolated servers with certificates that are referenced in the connection security rules.
+If you do not have an Active Directory domain, you can manually apply the connection security rules, use a netsh command-line script, or use a Windows PowerShell script to help automate the configuration of the rules on larger numbers of devices. If you do not have an Active Directory domain, you cannot use the Kerberos V5 protocol, but instead must provide the clients and the isolated servers with certificates that are referenced in the connection security rules.
 
 ## Design requirements
 
-
-In addition to the protection provided by the firewall rules and domain isolation described in the previous design examples, the network administrators want to implement server isolation to help protect the sensitive data stored on the computers that run SQL Server.
+In addition to the protection provided by the firewall rules and domain isolation described in the previous design examples, the network administrators want to implement server isolation to help protect the sensitive data stored on the devices that run SQL Server.
 
 The following illustration shows the traffic protection needs for this design example.
 
 ![isolated server example](images/wfas-design3example1.gif)
 
-1.  Access to the SQL Server computers must be restricted to only those computer or user accounts that have a business requirement to access the data. This includes the service accounts that are used by the WGBank front-end servers, and administrators of the SQL Server computers. In addition, access is only granted when it is sent from an authorized computer. Authorization is determined by membership in a network access group (NAG).
+1.  Access to the SQL Server devices must be restricted to only those computer or user accounts that have a business requirement to access the data. This includes the service accounts that are used by the WGBank front-end servers, and administrators of the SQL Server devices. In addition, access is only granted when it is sent from an authorized computer. Authorization is determined by membership in a network access group (NAG).
 
-2.  All network traffic to and from the SQL Server computers must be encrypted.
+2.  All network traffic to and from the SQL Server devices must be encrypted.
 
-3.  Client computers or users whose accounts are not members of the NAG cannot access the isolated servers.
+3.  Client devices or users whose accounts are not members of the NAG cannot access the isolated servers.
 
 **Other traffic notes:**
 
@@ -48,40 +53,25 @@ The following illustration shows the traffic protection needs for this design ex
 
 ## Design details
 
+Woodgrove Bank uses Active Directory groups and GPOs to deploy the server isolation settings and rules to the devices on its network.
 
-Woodgrove Bank uses Active Directory groups and GPOs to deploy the server isolation settings and rules to the computers on its network.
+As in the previously described policy design examples, GPOs to implement the domain isolation environment are linked to the domain container in Active Directory, and then WMI filters and security group filters are attached to GPOs to ensure that the correct GPO is applied to each computer. The following groups were created by using the Active Directory Users and Computers snap-in, and all devices that run Windows were added to the correct groups.
 
-As in the previously described policy design examples, GPOs to implement the domain isolation environment are linked to the domain container in Active Directory, and then WMI filters and security group filters are attached to GPOs to ensure that the correct GPO is applied to each computer. The following groups were created by using the Active Directory Users and Computers snap-in, and all computers that run Windows were added to the correct groups.
+-   **CG\_SRVISO\_WGBANK\_SQL**. This group contains the computer accounts for the devices that run SQL Server. Members of this group receive a GPO with firewall and connections security rules that require that only users who are members of the group CG\_NAG\_SQL\_USERS can access the server, and only when they are using a computer that is a member of the group CG\_NAG\_SQL\_COMPUTERS.
 
--   **CG\_SRVISO\_WGBANK\_SQL**. This group contains the computer accounts for the computers that run SQL Server. Members of this group receive a GPO with firewall and connections security rules that require that only users who are members of the group CG\_NAG\_SQL\_USERS can access the server, and only when they are using a computer that is a member of the group CG\_NAG\_SQL\_COMPUTERS.
-
-**Note**  
-If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. However, computers that are running older versions of Windows can only support a single IPsec policy being active at a time. The policies for each GPO must be complete (and to a great extent redundant with each other), because you cannot layer them as you can in the newer versions of Windows. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any computers that are incorrectly assigned to more than one group.
+>**Note:**  You can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. However, devices that are running older versions of Windows can only support a single IPsec policy being active at a time. The policies for each GPO must be complete (and to a great extent redundant with each other), because you cannot layer them as you can in the newer versions of Windows. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any devices that are incorrectly assigned to more than one group.
 
  
+Network access groups (NAGs) are not used to determine which GPOs are applied to a computer. Instead, these groups determine which users and devices can access the services on the isolated server.
 
-Network access groups (NAGs) are not used to determine which GPOs are applied to a computer. Instead, these groups determine which users and computers can access the services on the isolated server.
+-   **CG\_NAG\_SQL\_COMPUTERS**. This network access group contains the computer accounts that are able to access the devices running SQL Server hosting the WGBank data. Members of this group include the WGBank front-end servers, and some client devices from which SQL Server administrators are permitted to work on the servers.
 
--   **CG\_NAG\_SQL\_COMPUTERS**. This network access group contains the computer accounts that are able to access the computers running SQL Server hosting the WGBank data. Members of this group include the WGBank front-end servers, and some client computers from which SQL Server administrators are permitted to work on the servers.
+-   **CG\_NAG\_SQL\_USERS**. This network access group contains the user accounts of users who are permitted to access the SQL Server devices that host the WGBank data. Members of this group include the service account that the WGBank front-end program uses to run on its devices, and the user accounts for the SQL Server administration team members.
 
--   **CG\_NAG\_SQL\_USERS**. This network access group contains the user accounts of users who are permitted to access the SQL Server computers that host the WGBank data. Members of this group include the service account that the WGBank front-end program uses to run on its computers, and the user accounts for the SQL Server administration team members.
+>**Note:**  You can use a single group for both user and computer accounts. Woodgrove Bank chose to keep them separate for clarity.
 
-**Note**  
-You can use a single group for both user and computer accounts. Woodgrove Bank chose to keep them separate for clarity.
+If Woodgrove Bank wants to implement server isolation without domain isolation, the CG\_NAG\_SQL\_COMPUTERS group can also be attached as a security group filter on the GPOs that apply connection security rules to the client devices. By doing this, all the devices that are authorized to access the isolated server also have the required connection security rules.
 
- 
-
-If Woodgrove Bank wants to implement server isolation without domain isolation, the CG\_NAG\_SQL\_COMPUTERS group can also be attached as a security group filter on the GPOs that apply connection security rules to the client computers. By doing this, all the computers that are authorized to access the isolated server also have the required connection security rules.
-
-You do not have to include the encryption-capable rules on all computers. Instead, you can create GPOs that are applied only to members of the NAG, in addition to the standard domain isolation GPO, that contain connection security rules to support encryption.
+You do not have to include the encryption-capable rules on all devices. Instead, you can create GPOs that are applied only to members of the NAG, in addition to the standard domain isolation GPO, that contain connection security rules to support encryption.
 
 **Next: **[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/server-isolation-policy-design.md b/windows/keep-secure/server-isolation-policy-design.md
index c8671321c0..a2397773da 100644
--- a/windows/keep-secure/server-isolation-policy-design.md
+++ b/windows/keep-secure/server-isolation-policy-design.md
@@ -2,17 +2,24 @@
 title: Server Isolation Policy Design (Windows 10)
 description: Server Isolation Policy Design
 ms.assetid: f93f65cd-b863-461e-ab5d-a620fd962c9a
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Server Isolation Policy Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-In the server isolation policy design, you assign servers to a zone that allows access only to users and computers that authenticate as members of an approved network access group (NAG).
+In the server isolation policy design, you assign servers to a zone that allows access only to users and devices that authenticate as members of an approved network access group (NAG).
 
 This design typically begins with a network configured as described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) section. For this design, you then create zones for servers that have additional security requirements. The zones can limit access to the server to only members of authorized groups, and can optionally require the encryption of all traffic in or out of these servers. This can be done on a per server basis, or for a group of servers that share common security requirements.
 
-You can implement a server isolation design without using domain isolation. To do this, you use the same principles as domain isolation, but instead of applying them to an Active Directory domain, you apply them only to the computers that must be able to access the isolated servers. The GPO contains connection security and firewall rules that require authentication when communicating with the isolated servers. In this case, the NAGs that determine which users and computers can access the isolated server are also used to determine which computers receive the GPO.
+You can implement a server isolation design without using domain isolation. To do this, you use the same principles as domain isolation, but instead of applying them to an Active Directory domain, you apply them only to the devices that must be able to access the isolated servers. The GPO contains connection security and firewall rules that require authentication when communicating with the isolated servers. In this case, the NAGs that determine which users and devices can access the isolated server are also used to determine which devices receive the GPO.
 
 The design is shown in the following illustration, with arrows that show the permitted communication paths.
 
@@ -20,24 +27,21 @@ The design is shown in the following illustration, with arrows that show the per
 
 Characteristics of this design include the following:
 
--   Isolated domain (area A) - The same isolated domain described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) section. If the isolated domain includes a boundary zone, then computers in the boundary zone behave just like other members of the isolated domain in the way that they interact with computers in server isolation zones.
+-   Isolated domain (area A) - The same isolated domain described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) section. If the isolated domain includes a boundary zone, then devices in the boundary zone behave just like other members of the isolated domain in the way that they interact with devices in server isolation zones.
 
--   Isolated servers (area B) - Computers in the server isolation zones restrict access to computers, and optionally users, that authenticate as a member of a network access group (NAG) authorized to gain access.
+-   Isolated servers (area B) - Devices in the server isolation zones restrict access to devices, and optionally users, that authenticate as a member of a network access group (NAG) authorized to gain access.
 
 -   Encryption zone (area C) - If the data being exchanged is sufficiently sensitive, the connection security rules for the zone can also require that the network traffic be encrypted. Encryption zones are most often implemented as rules that are part of a server isolation zone, instead of as a separate zone. The diagram illustrates the concept as a subset for conceptual purposes only.
 
 To add support for server isolation, you must ensure that the authentication methods are compatible with the requirements of the isolated server. For example, if you want to authorize user accounts that are members of a NAG in addition to authorizing computer accounts, you must enable both user and computer authentication in your connection security rules.
 
-**Important**  
-This design builds on the [Domain Isolation Policy Design](domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
+>**Important:**  This design builds on the [Domain Isolation Policy Design](domain-isolation-policy-design.md), which in turn builds on the [Basic Firewall Policy Design](basic-firewall-policy-design.md). If you plan to deploy all three designs, do the design work for all three together, and then deploy in the sequence presented.
 
- 
+This design can be applied to devices that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
 
-This design can be applied to computers that are part of an Active Directory forest. Active Directory is required to provide the centralized management and deployment of Group Policy objects that contain the connection security rules.
+For more info about this design:
 
-For more information about this design:
-
--   This design coincides with the deployment goals to [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md), [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md), and [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+-   This design coincides with the deployment goals to [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md), [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md), [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md), and [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
 
 -   To learn more about this design, see [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
 
@@ -45,15 +49,6 @@ For more information about this design:
 
 -   To help you make the decisions required in this design, see [Planning Server Isolation Zones](planning-server-isolation-zones.md) and [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md).
 
--   For a list of tasks that you can use to deploy your server isolation policy design, see "Checklist: Implementing a Standalone Server Isolation Policy Design" in the [Windows Firewall with Advanced Security Deployment Guide](http://go.microsoft.com/fwlink/?linkid=xxxxx) at http://go.microsoft.com/fwlink/?linkid=xxxx.
+-   For a list of tasks that you can use to deploy your server isolation policy design, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md).
 
 **Next: **[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)
-
- 
-
- 
-
-
-
-
-

From e1c9e1dc652f2d2acb8f9deb652707da6996a777 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Wed, 1 Jun 2016 16:45:43 -0700
Subject: [PATCH 68/92] updating for Windows 10

---
 ...athering-information-about-your-devices.md |  54 +++++
 ...t-devices-from-unwanted-network-traffic.md |  42 ++++
 ...cess-to-only-specified-users-or-devices.md |  44 ++++
 ...restrict-access-to-only-trusted-devices.md |  54 +++++
 ...to-end-ipsec-connections-by-using-ikev2.md | 189 ++++++++++++++++++
 5 files changed, 383 insertions(+)
 create mode 100644 windows/keep-secure/gathering-information-about-your-devices.md
 create mode 100644 windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
 create mode 100644 windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md
 create mode 100644 windows/keep-secure/restrict-access-to-only-trusted-devices.md
 create mode 100644 windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md

diff --git a/windows/keep-secure/gathering-information-about-your-devices.md b/windows/keep-secure/gathering-information-about-your-devices.md
new file mode 100644
index 0000000000..1f3b73fa21
--- /dev/null
+++ b/windows/keep-secure/gathering-information-about-your-devices.md
@@ -0,0 +1,54 @@
+---
+title: Gathering Information about Your Devices (Windows 10)
+description: Gathering Information about Your Devices
+ms.assetid: 7f7cd3b9-de8e-4fbf-89c6-3d1a47bc2beb
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Gathering Information about Your Devices
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+One of the most valuable benefits of conducting an asset discovery project is the large amount of data that is obtained about the client and server devices on the network. When you start designing and planning your isolation zones, you must make decisions that require accurate information about the state of all hosts to ensure that they can use IPsec as planned.
+
+Capture the following information from each device:
+
+-   **Computer name**. This name is the device's NetBIOS or DNS name that identifies the device on the network. Because a device can have more than one media access control (MAC) or IP address, the device's name is one of the criteria that can be used to determine uniqueness on the network. Because device names can be duplicated under some circumstances, the uniqueness should not be considered absolute.
+
+-   **IP address for each network adapter**. The IP address is the address that is used with the subnet mask to identify a host on the network. An IP address is not an effective way to identify an asset because it is often subject to change.
+
+-   **Operating system, service pack, and hotfix versions**. The operating system version is a key factor in determining the ability of a host to communicate by using IPsec. It is also important to track the current state of service packs and updates that might be installed, because these are often used to determine that minimum security standards have been met.
+
+-   **Domain membership**. This information is used to determine whether a device can obtain IPsec policy from Active Directory or whether it must use a local IPsec policy.
+
+-   **Physical location**. This information is just the location of the device in your organization. It can be used to determine whether a device can participate in a specific isolation group based on its location or the location of the devices that it communicates with regularly.
+
+-   **Hardware type or role**. Some tools that perform host discovery can provide this information by querying the hardware information and running applications to determine its type, such as server, workstation, or portable device. You can use this information to determine the appropriate IPsec policy to assign, whether a specific device can participate in isolation, and in which isolation group to include the device.
+
+After collecting all this information and consolidating it into a database, perform regular discovery efforts periodically to keep the information current. You need the most complete and up-to-date picture of the managed hosts on their networks to create a design that matches your organization's requirements.
+
+You can use various methods to gather data from the hosts on the network. These methods range from high-end, fully automated systems to completely manual data collection. Generally, the use of automated methods to gather data is preferred over manual methods for reasons of speed and accuracy.
+
+## Automated Discovery
+
+Using an automated auditing network management system provides valuable information about the current state of the IT infrastructure.
+
+
+## Manual Discovery
+
+
+The biggest difference between manual discovery methods and automated methods is time.
+
+You can use Windows PowerShell to create a script file that can collect the system configuration information. For more information, see [Windows PowerShell Scripting](http://go.microsoft.com/fwlink/?linkid=110413).
+
+Whether you use an automatic, manual, or hybrid option to gather the information, one of the biggest issues that can cause problems to the design is capturing the changes between the original inventory scan and the point at which the implementation is ready to start. After the first scan has been completed, make support staff aware that all additional changes must be recorded and the updates noted in the inventory.
+
+This inventory will be critical for planning and implementing your Windows Firewall with Advanced Security design.
+
+**Next: **[Gathering Other Relevant Information](gathering-other-relevant-information.md)
diff --git a/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md b/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
new file mode 100644
index 0000000000..5191757d81
--- /dev/null
+++ b/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
@@ -0,0 +1,42 @@
+---
+title: Protect Devices from Unwanted Network Traffic (Windows 10)
+description: Protect Devices from Unwanted Network Traffic
+ms.assetid: 307d2b38-e8c4-4358-ae16-f2143af965dc
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Protect Devices from Unwanted Network Traffic
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+Although network perimeter firewalls provide important protection to network resources from external threats, there are network threats that a perimeter firewall cannot protect against. Some attacks might successfully penetrate the perimeter firewall, and at that point what can stop it? Other attacks might originate from inside the network, such as malware that is brought in on portable media and run on a trusted device. Portable device are often taken outside the network and connected directly to the Internet, without adequate protection between the device and security threats.
+
+Reports of targeted attacks against organizations, governments, and individuals have become more widespread in recent years. For a general overview of these threats, also known as advanced persistent threats (APT), see the [Microsoft Security Intelligence Report](http://www.microsoft.com/security/sir/default.aspx).
+
+Running a host-based firewall on every device that your organization manages is an important layer in a "defense-in-depth" security strategy. A host-based firewall can help protect against attacks that originate from inside the network and also provide additional protection against attacks from outside the network that manage to penetrate the perimeter firewall. It also travels with a portable device to provide protection when it is away from the organization's network.
+
+A host-based firewall helps secure a device by dropping all network traffic that does not match the administrator-designed rule set for permitted network traffic. This design, which corresponds to [Basic Firewall Policy Design](basic-firewall-policy-design.md), provides the following benefits:
+
+-   Network traffic that is a reply to a request from the local device is permitted into the device from the network.
+
+-   Network traffic that is unsolicited, but that matches a rule for allowed network traffic, is permitted into the device from the network.
+
+    For example, Woodgrove Bank wants a device that is running SQL Server to be able to receive the SQL queries sent to it by client devices. The firewall policy deployed to the device that is running SQL Server includes firewall rules that specifically allow inbound network traffic for the SQL Server program.
+
+-   Outbound network traffic that is not specifically blocked is allowed on the network.
+
+    For example, Woodgrove Bank has a corporate policy that prohibits the use of certain peer-to-peer file sharing programs. The firewall policy deployed to the computers on the network includes firewall rules that block both inbound and outbound network traffic for the prohibited programs. All other outbound traffic is permitted.
+
+The following component is recommended for this deployment goal:
+
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more Group Policy objects (GPOs) that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
+
+Other means of deploying a firewall policy are available, such as creating scripts that use the netsh command-line tool, and then running those scripts on each computer in the organization. This guide uses Active Directory as a recommended means of deployment because of its ability to scale to very large organizations.
+
+**Next: **[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
diff --git a/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md b/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md
new file mode 100644
index 0000000000..0197fbcba0
--- /dev/null
+++ b/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md
@@ -0,0 +1,44 @@
+---
+title: Restrict Access to Only Specified Users or Devices (Windows 10)
+description: Restrict Access to Only Specified Users or Devices
+ms.assetid: a6106a07-f9e5-430f-8dbd-06d3bf7406df
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Restrict Access to Only Specified Users or Computers
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+Domain isolation (as described in the previous goal [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) prevents devices that are members of the isolated domain from accepting network traffic from untrusted devices. However, some devices on the network might host sensitive data that must be additionally restricted to only those users and computers that have a business requirement to access the data.
+
+Windows Firewall with Advanced Security enables you to restrict access to devices and users that are members of domain groups authorized to access that device. These groups are called *network access groups (NAGs)*. When a device authenticates to a server, the server checks the group membership of the computer account and the user account, and grants access only if membership in the NAG is confirmed. Adding this check creates a virtual "secure zone" within the domain isolation zone. You can have multiple devices in a single secure zone, and it is likely that you will create a separate zone for each set of servers that have specific security access needs. Devices that are part of this server isolation zone are often also part of the encryption zone (see [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)).
+
+Restricting access to only users and devices that have a business requirement can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
+
+You can restrict access by specifying either computer or user credentials.
+
+The following illustration shows an isolated server, and examples of devices that can and cannot communicate with it. Devices that are outside the Woodgrove corporate network, or computers that are in the isolated domain but are not members of the required NAG, cannot communicate with the isolated server.
+
+![isolated domain with network access groups](images/wfas-domainnag.gif)
+
+This goal, which corresponds to [Server Isolation Policy Design](server-isolation-policy-design.md), provides the following features:
+
+-   Isolated servers accept unsolicited inbound network traffic only from devices or users that are members of the NAG.
+
+-   Isolated servers can be implemented as part of an isolated domain, and treated as another zone. Members of the zone group receive a GPO with rules that require authentication, and that specify that only network traffic authenticated as coming from a member of the NAG is allowed.
+
+-   Server isolation can also be configured independently of an isolated domain. To do so, configure only the devices that must communicate with the isolated server with connection security rules to implement authentication and check NAG membership.
+
+-   A server isolation zone can be simultaneously configured as an encryption zone. To do this, configure the GPO with rules that force encryption in addition to requiring authentication and restricting access to NAG members. For more information, see [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md).
+
+The following components are required for this deployment goal:
+
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. For more info about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
+
+**Next: **[Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
diff --git a/windows/keep-secure/restrict-access-to-only-trusted-devices.md b/windows/keep-secure/restrict-access-to-only-trusted-devices.md
new file mode 100644
index 0000000000..be3854af23
--- /dev/null
+++ b/windows/keep-secure/restrict-access-to-only-trusted-devices.md
@@ -0,0 +1,54 @@
+---
+title: Restrict Access to Only Trusted Devices (Windows 10)
+description: Restrict Access to Only Trusted Devices
+ms.assetid: bc1f49a4-7d54-4857-8af9-b7c79f47273b
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Restrict Access to Only Trusted Devices
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+Your organizational network likely has a connection to the Internet. You also likely have partners, vendors, or contractors who attach devices that are not owned by your organization to your network. Because you do not manage those devices, you cannot trust them to be free of malicious software, maintained with the latest security updates, or in any way in compliance with your organization's security policies. These untrustworthy devices both on and outside of your physical network must not be permitted to access your organization's devices except where it is truly required.
+
+To mitigate this risk, you must be able to isolate the devices you trust, and restrict their ability to receive unsolicited network traffic from untrusted devices. By using connection security and firewall rules available in Windows Firewall with Advanced Security, you can logically isolate the devices that you trust by requiring that all unsolicited inbound network traffic be authenticated. Authentication ensures that each device or user can positively identify itself by using credentials that are trusted by the other device. Connection security rules can be configured to use IPsec with the Kerberos V5 protocol available in Active Directory, or certificates issued by a trusted certification authority as the authentication method.
+
+>**Note:**  Because the primary authentication method recommended for devices that are running Windows is to use the Kerberos V5 protocol with membership in an Active Directory domain, this guide refers to this logical separation of computers as *domain isolation*, even when certificates are used to extend the protection to devices that are not part of an Active Directory domain.
+
+The protection provided by domain isolation can help you comply with regulatory and legislative requirements, such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations.
+
+The following illustration shows an isolated domain, with one of the zones that are optionally part of the design. The rules that implement both the isolated domain and the different zones are deployed by using Group Policy and Active Directory.
+
+![domain isolation](images/wfas-domainiso.gif)
+
+These goals, which correspond to [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md), provide the following benefits:
+
+-   Devices in the isolated domain accept unsolicited inbound network traffic only when it can be authenticated as coming from another device in the isolated domain. Exemption rules can be defined to allow inbound traffic from trusted computers that for some reason cannot perform IPsec authentication.
+
+    For example, Woodgrove Bank wants all of its devices to block all unsolicited inbound network traffic from any device that it does not manage. The connection security rules deployed to domain member devices require authentication as a domain member or by using a certificate before an unsolicited inbound network packet is accepted.
+
+-   Devices in the isolated domain can still send outbound network traffic to untrusted devices and receive the responses to the outbound requests.
+
+    For example, Woodgrove Bank wants its users at client devices to be able to access Web sites on the Internet. The default Windows Firewall with Advanced Security settings for outbound network traffic allow this. No additional rules are required.
+
+These goals also support optional zones that can be created to add customized protection to meet the needs of subsets of an organization's devices:
+
+-   Devices in the "boundary zone" are configured to use connection security rules that request but do not require authentication. This enables them to receive unsolicited inbound network traffic from untrusted devices, and also to receive traffic from the other members of the isolated domain.
+
+    For example, Woodgrove Bank has a server that must be accessed by its partners' devices through the Internet. The rules applied to devices in the boundary zone use authentication when the client device can support it, but do not block the connection if the client device cannot authenticate.
+
+-   Devices in the "encryption zone" require that all network traffic in and out must be encrypted to secure potentially sensitive material when it is sent over the network.
+
+    For example, Woodgrove Bank wants the devices running SQL Server to only transmit data that is encrypted to help protect the sensitive data stored on those devices.
+
+The following components are required for this deployment goal:
+
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. For more info about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
+
+**Next: **[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)
diff --git a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md
new file mode 100644
index 0000000000..fa9c66bfb4
--- /dev/null
+++ b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md
@@ -0,0 +1,189 @@
+---
+title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012 (Windows 10)
+description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Securing End-to-End IPsec connections by using IKEv2
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+IKEv2 offers the following:
+
+-   Supports IPsec end-to-end transport mode connections
+
+-   Provides interoperability for Windows with other operating systems that use IKEv2 for end-to-end security
+
+-   Supports Suite B (RFC 4869) requirements
+
+-   Coexists with existing policies that deploy AuthIP/IKEv1
+
+-   Uses the Windows PowerShell interface exclusively for configuration. You cannot configure IKEv2 through the user interface.
+
+-   Uses certificates for the authentication mechanism
+
+You can use IKEv2 as a virtual private network (VPN) tunneling protocol that supports automatic VPN reconnection. IKEv2 allows the security association to remain unchanged despite changes in the underlying connection.
+
+**In this document**
+
+-   [Prerequisites](#prerequisites)
+
+-   [Devices joined to a domain](#devices-joined-to-a-domain)
+
+-   [Device not joined to a domain](#devices-not-joined-to-a-domain)
+
+-   [Troubleshooting](#troubleshooting)
+
+>**Note:**  This topic includes sample Windows PowerShell cmdlets. For more info, see [How to Run a Windows PowerShell Cmdlet](http://go.microsoft.com/fwlink/p/?linkid=230693).
+
+## Prerequisites
+
+These procedures assume that you already have a public key infrastructure (PKI) in place for device authentication.
+
+## Devices joined to a domain
+
+The following Windows PowerShell script establishes a connection security rule that uses IKEv2 for communication between two computers (CLIENT1 and SERVER1) that are joined to the corp.contoso.com domain as shown in Figure 1.
+
+![the contoso corporate network](images/corpnet.gif)
+
+**Figure 1** The Contoso corporate network
+
+This script does the following:
+
+-   Creates a security group called **IPsec client and servers** and adds CLIENT1 and SERVER1 as members.
+
+-   Creates a Group Policy Object (GPO) called **IPsecRequireInRequestOut** and links it to the corp.contoso.com domain.
+
+-   Sets the permissions to the GPO so that they apply only to the computers in **IPsec client and servers** and not to **Authenticated Users**.
+
+-   Indicates the certificate to use for authentication.
+
+    >**Important:**  The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
+
+-   Creates the IKEv2 connection security rule called **My IKEv2 Rule**.
+
+![powershell logo](images/powershelllogosmall.gif)**Windows PowerShell commands**
+
+Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints.
+
+``` syntax
+# Create a Security Group for the computers that will get the policy
+$pathname = (Get-ADDomain).distinguishedname
+New-ADGroup -name "IPsec client and servers" -SamAccountName "IPsec client and servers" `
+-GroupCategory security -GroupScope Global -path $pathname
+
+# Add test computers to the Security Group
+$computer = Get-ADComputer -LDAPFilter "(name=client1)"
+Add-ADGroupMember -Identity "IPsec client and servers" -Members $computer
+$computer = Get-ADComputer -LDAPFilter "(name=server1)"
+Add-ADGroupMember -Identity "IPsec client and servers" -Members $computer
+
+# Create and link the GPO to the domain 
+$gpo = New-gpo IPsecRequireInRequestOut
+$gpo | new-gplink -target "dc=corp,dc=contoso,dc=com" -LinkEnabled Yes
+
+# Set permissions to security group for the GPO
+$gpo | Set-GPPermissions -TargetName "IPsec client and servers" -TargetType Group -PermissionLevel GpoApply -Replace
+$gpo | Set-GPPermissions -TargetName "Authenticated Users" -TargetType Group -PermissionLevel None -Replace
+
+#Set up the certificate for authentication
+$gponame = "corp.contoso.com\IPsecRequireInRequestOut" 
+$certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA"
+$myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop –PolicyStore GPO:$gponame
+
+#Create the IKEv2 Connection Security rule
+New-NetIPsecRule  -DisplayName "My IKEv2 Rule" -RemoteAddress any -Phase1AuthSet $myauth.InstanceID `
+-InboundSecurity Require -OutboundSecurity Request -KeyModule IKEv2 -PolicyStore GPO:$gponame
+```
+
+## Devices not joined to a domain
+
+Use a Windows PowerShell script similar to the following to create a local IPsec policy on the devices that you want to include in the secure connection.
+
+>**Important:**  The certificate parameters that you specify for the certificate are case sensitive, so make sure that you type them exactly as specified in the certificate, and place the parameters in the exact order that you see in the following example. Failure to do so will result in connection errors.
+
+![powershell logo](images/powershelllogosmall.gif)**Windows PowerShell commands**
+
+Type each cmdlet on a single line, even though they may appear to wrap across several lines because of formatting constraints.
+
+``` syntax
+#Set up the certificate
+$certprop = New-NetIPsecAuthProposal -machine -cert -Authority "DC=com, DC=contoso, DC=corp, CN=corp-APP1-CA"
+$myauth = New-NetIPsecPhase1AuthSet -DisplayName "IKEv2TestPhase1AuthSet" -proposal $certprop
+
+#Create the IKEv2 Connection Security rule
+New-NetIPsecRule  -DisplayName "My IKEv2 Rule" -RemoteAddress any -Phase1AuthSet $myauth.InstanceID `
+-InboundSecurity Require -OutboundSecurity Request -KeyModule IKEv2
+```
+
+Make sure that you install the required certificates on the participating computers.
+
+>**Note:**  
+-   For local devices, you can import the certificates manually if you have administrator access to the computer. For more info, see [Import or export certificates and private keys](http://windows.microsoft.com/windows-vista/Import-or-export-certificates-and-private-keys).
+-   You need a root certificate and a computer certificate on all devices that participate in the secure connection. Save the computer certificate in the **Personal/Certificates** folder.
+-   For remote devices, you can create a secure website to facilitate access to the script and certificates.
+
+## Troubleshooting
+
+Follow these procedures to verify and troubleshoot your IKEv2 IPsec connections:
+
+**Use the Windows Firewall with Advanced Security snap-in to verify that a connection security rule is enabled.**
+
+1.  Open the Windows Firewall with Advanced Security console.
+
+2.  In the left pane of the Windows Firewall with Advanced Security snap-in, click **Connection Security Rules**, and then verify that there is an enabled connection security rule.
+
+3.  Expand **Monitoring**, and then click **Connection Security Rules** to verify that your IKEv2 rule is active for your currently active profile.
+
+**Use Windows PowerShell cmdlets to display the security associations.**
+
+1.  Open a Windows PowerShell command prompt.
+
+2.  Type **get-NetIPsecQuickModeSA** to display the Quick Mode security associations.
+
+3.  Type **get-NetIPsecMainModeSA** to display the Main Mode security associations.
+
+**Use netsh to capture IPsec events.**
+
+1.  Open an elevated command prompt.
+
+2.  At the command prompt, type **netsh wfp capture start**.
+
+3.  Reproduce the error event so that it can be captured.
+
+4.  At the command prompt, type **netsh wfp capture stop**.
+
+    A wfpdiag.cab file is created in the current folder.
+
+5.  Open the cab file, and then extract the wfpdiag.xml file.
+
+6.  Open the wfpdiag.xml file with your an XML viewer program or Notepad, and then examine the contents. There will be a lot of data in this file. One way to narrow down where to start looking is to search the last “errorFrequencyTable” at the end of the file. There might be many instances of this table, so make sure that you look at the last table in the file. For example, if you have a certificate problem, you might see the following entry in the last table at the end of the file:
+
+    ``` syntax
+    <item>
+      <error>ERROR_IPSEC_IKE_NO_CERT</error>
+      <frequency>32</frequency>
+    </item>
+    ```
+    In this example, there are 32 instances of the **ERROR\_IPSEC\_IKE\_NO\_CERT** error. So now you can search for **ERROR\_IPSEC\_IKE\_NO\_CERT** to get more details regarding this error.
+
+You might not find the exact answer for the issue, but you can find good hints. For example, you might find that there seems to be an issue with the certificates, so you can look at your certificates and the related cmdlets for possible issues.
+
+## See also
+
+-   [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
+
+ 
+
+ 
+
+
+
+
+

From 002c324c72820439ed945e405db99dbec5990c21 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Wed, 1 Jun 2016 17:00:00 -0700
Subject: [PATCH 69/92] several edits

---
 .../change-history-for-deploy-windows-10.md   | 10 +++++++
 ...nfigure-a-pxe-server-to-load-windows-pe.md | 30 +++++++++----------
 .../deploy/upgrade-windows-phone-8-1-to-10.md |  2 +-
 3 files changed, 25 insertions(+), 17 deletions(-)

diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index 00404f4def..ef6b329f37 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -11,6 +11,16 @@ author: greg-lindsay
 # Change history for Deploy Windows 10
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## June 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) | New |
+
+## May 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade-windows-phone-8-1-to-10.md) | New |
+
 ## December 2015
 | New or changed topic | Description |
 |----------------------|-------------|
diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index 0d9b9332db..3c8d7acd2a 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -1,21 +1,23 @@
 ---
-title: Walkthrough: Configure a PXE server to load Windows PE (Windows 10)
+title: Configure a PXE server to load Windows PE (Windows 10)
 description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network. 
-keywords: windows pe, windows 10, upgrade, deploy, image
+keywords: upgrade, update, windows, windows 10, pxe, WinPE, image, wim
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.pagetype: deployment
+ms.pagetype: deploy
 author: greg-lindsay
 ---
 
-# Walkthrough: Configure a PXE server to load Windows PE
+# Configure a PXE server to load Windows PE
 
 **Applies to**
 
 -   Windows 10
 
-This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
+## Summary
+
+This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
 
 ## Prerequisites
 
@@ -26,19 +28,19 @@ This topic describes how to configure a PXE server to load Windows PE so that
 
 All four of the roles specified above can be hosted on the same computer or each can be on a separate computer.
 
-## Step 1: Copy Windows PE source files from the deployment computer to the PXE server
-
-### To copy source files to the PXE server:
+## Step 1: Copy Windows PE source files
 
 1. On the deployment computer, click **Start**, and type **deployment**.
+
 2. Right-click **Deployment and Imaging Tools Environment** and then click **Run as administrator**. The Deployment and Imaging Tools Environment shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools.
-3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. 
+
+3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. The value of **&lt;architecture&gt;** can be **x86**, **amd64**, or **arm** and **&lt;destination&gt;** is a path to a local directory. If the directory does not already exist, it will be created.
 
     ```
-    copype.cmd <arch> <destination>
+    copype.cmd <architecture> <destination>
     ```
 
-    The value of **&lt;arch&gt;** can be **x86**, **amd64**, or **arm** and **&lt;destination&gt;** is a path to a local directory. If the directory does not already exist, it will be created. For example, the following command copies **amd64** architecture files to the **C:\winpe_amd64** directory:
+    For example, the following command copies **amd64** architecture files to the **C:\winpe_amd64** directory:
 
     ```
     copype.cmd amd64 C:\winpe_amd64
@@ -85,8 +87,6 @@ All four of the roles specified above can be hosted on the same computer or each
 
 ## Step 2: Configure boot settings and copy the BCD file
 
-### To configure boot settings:
-
 1.  Create a BCD store using bcdedit.exe:
 
     ```
@@ -125,9 +125,7 @@ All four of the roles specified above can be hosted on the same computer or each
     copy c:\BCD \\PXE-1\TFTPRoot\Boot
     ```
 
-Your PXE/TFTP server is now configured.
-
-Note: You can view the BCD settings that have been configured using the command **“bcdedit /store &lt;BCD file location&gt; /enum all**:
+Your PXE/TFTP server is now configured. You can view the BCD settings that have been configured using the command “bcdedit /store &lt;BCD file location&gt; /enum all. See the following example:
 
 ```
 C:\>bcdedit /store C:\BCD /enum all
diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index c2e678923a..f79c20d4ba 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mdt
-author: greg-lindsay
+author: Jamiejdt
 ---
 
 # Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management (MDM)

From 0638414cca87e1f45f62e9b6fe1fa1c8482cecd0 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Wed, 1 Jun 2016 17:18:18 -0700
Subject: [PATCH 70/92] minor fixes

---
 ...configure-a-pxe-server-to-load-windows-pe.md | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index 3c8d7acd2a..164be99f99 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -47,18 +47,18 @@ All four of the roles specified above can be hosted on the same computer or each
     ```
 
     The script creates the destination directory structure and copies all the necessary files for that architecture. In the previous example, the following directories are created:
-
+    
+    ```
     C:\\winpe\_amd64
     C:\\winpe\_amd64\\fwfiles
     C:\\winpe\_amd64\\media
     C:\\winpe\_amd64\\mount
-
+    ```
 4. Mount the base Windows PE image (winpe.wim) to the \mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. See the following example.
 
     ```
     Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
     ```
-
 5. Map a network share to the root TFTP directory on the PXE/TFTP server and create a \Boot folder. Consult your TFTP server documentation to determine the root TFTP server directory, then enable sharing for this directory, and verify it can be accessed on the network. In the following example, the PXE server name is PXE-1 and the TFTP root directory is shared using a network path of \\PXE-1\TFTPRoot:
 
     ```
@@ -66,19 +66,16 @@ All four of the roles specified above can be hosted on the same computer or each
     y:
     md boot
     ```
-
 6. Copy the PXE boot files from the mounted directory to the \Boot folder. For example:
 
     ```
     copy c:\winpe_amd64\mount\windows\boot\pxe\*.* y:\boot
     ```
-
 7.  Copy the boot.sdi file to the PXE/TFTP server.
 
     ```
     copy C:\winpe_amd64\media\boot\boot.sdi y:\boot
     ```
-
 8.  Copy the bootable Windows PE image (boot.wim) to the \Boot folder.
 
     ```
@@ -92,7 +89,6 @@ All four of the roles specified above can be hosted on the same computer or each
     ```
     bcdedit /createstore c:\BCD
     ```
-
 2.  Configure RAMDISK settings:
 
     ```
@@ -100,7 +96,6 @@ All four of the roles specified above can be hosted on the same computer or each
     bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdidevice partition=C:
     bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdipath \winpe_amd64\media\boot\boot.sdi
     ```
-
 3.  Create a new boot application entry for the Windows PE image:
 
     ```
@@ -111,21 +106,19 @@ All four of the roles specified above can be hosted on the same computer or each
     bcdedit /store c:\BCD /set {GUID1} detecthal Yes
     bcdedit /store c:\BCD /set {GUID1} winpe Yes
     ```
-
 4.  Configure BOOTMGR settings:
 
     ```
     bcdedit /store c:\BCD /set {bootmgr} timeout 30 
     bcdedit /store c:\BCD -displayorder {GUID1} -addlast
     ```
-
 5.  Copy the BCD file to your TFTP server:
 
     ```
     copy c:\BCD \\PXE-1\TFTPRoot\Boot
     ```
 
-Your PXE/TFTP server is now configured. You can view the BCD settings that have been configured using the command “bcdedit /store &lt;BCD file location&gt; /enum all. See the following example:
+Your PXE/TFTP server is now configured. You can view the BCD settings that have been configured using the command “bcdedit /store &lt;BCD file location&gt; /enum all. The GUID displayed below is an example and your GUID will be different:
 
 ```
 C:\>bcdedit /store C:\BCD /enum all
@@ -154,7 +147,7 @@ ramdisksdidevice        boot
 ramdisksdipath          \boot\boot.sdi
 ```
 
-#### The deployment process
+## PXE boot summary
 
 The following summarizes the PXE client boot process.
 

From 51dee484e90e00c638048cfa9a3bc90e91359a15 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 2 Jun 2016 10:45:57 -0700
Subject: [PATCH 71/92] added to index.md

---
 windows/deploy/index.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/deploy/index.md b/windows/deploy/index.md
index defe5b7387..4e09532aaf 100644
--- a/windows/deploy/index.md
+++ b/windows/deploy/index.md
@@ -20,6 +20,7 @@ Learn about deploying Windows 10 for IT professionals.
 |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. |
 |[Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) |The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Deployment Toolkit (MDT) 2013 Update 2 task sequence to completely automate the process. |
 |[Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) |The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process. |
+|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
 |[Windows 10 edition upgrade](windows-10-edition-upgrades.md) |With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. |
 |[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](../plan/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](../plan/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
 |[Update Windows 10 images with provisioning packages](update-windows-10-images-with-provisioning-packages.md) |Use a provisioning package to apply settings, profiles, and file assets to a Windows 10 image. |

From 41aa33c7c29f153c338e6d18f3a161015d403315 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 2 Jun 2016 10:56:42 -0700
Subject: [PATCH 72/92] corrected typo

---
 .../configure-a-pxe-server-to-load-windows-pe.md     | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index 164be99f99..a304a10c23 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -49,10 +49,10 @@ All four of the roles specified above can be hosted on the same computer or each
     The script creates the destination directory structure and copies all the necessary files for that architecture. In the previous example, the following directories are created:
     
     ```
-    C:\\winpe\_amd64
-    C:\\winpe\_amd64\\fwfiles
-    C:\\winpe\_amd64\\media
-    C:\\winpe\_amd64\\mount
+    C:\winpe\_amd64
+    C:\winpe\_amd64\fwfiles
+    C:\winpe\_amd64\media
+    C:\winpe\_amd64\mount
     ```
 4. Mount the base Windows PE image (winpe.wim) to the \mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. See the following example.
 
@@ -118,7 +118,7 @@ All four of the roles specified above can be hosted on the same computer or each
     copy c:\BCD \\PXE-1\TFTPRoot\Boot
     ```
 
-Your PXE/TFTP server is now configured. You can view the BCD settings that have been configured using the command “bcdedit /store &lt;BCD file location&gt; /enum all. The GUID displayed below is an example and your GUID will be different:
+Your PXE/TFTP server is now configured. You can view the BCD settings that have been configured using the command bcdedit /store &lt;BCD file location&gt; /enum all. See the following example. Note: Your GUID will be different than the one shown below.
 
 ```
 C:\>bcdedit /store C:\BCD /enum all
@@ -147,7 +147,7 @@ ramdisksdidevice        boot
 ramdisksdipath          \boot\boot.sdi
 ```
 
-## PXE boot summary
+## PXE boot process summary
 
 The following summarizes the PXE client boot process.
 

From 8863c8459e010a6b73e4d623e950bb9313751f36 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 2 Jun 2016 11:44:45 -0700
Subject: [PATCH 73/92] updating topics for Windows 10 6/2/2016

---
 windows/keep-secure/TOC.md                    |   6 +-
 .../additional-resources-wfasdesign.md        |  67 -------
 .../additional-resourceswfas-deploy.md        |  64 ------
 ...e-files-for-settings-used-in-this-guide.md |  23 +--
 windows/keep-secure/boundary-zone-gpos.md     |  27 ++-
 windows/keep-secure/boundary-zone.md          |  37 ++--
 ...ist-configuring-basic-firewall-settings.md |  59 ++----
 ...uring-rules-for-an-isolated-server-zone.md | 130 +++----------
 ...rs-in-a-standalone-isolated-server-zone.md | 134 +++----------
 ...configuring-rules-for-the-boundary-zone.md |  73 ++-----
 ...nfiguring-rules-for-the-encryption-zone.md |  76 ++------
 ...nfiguring-rules-for-the-isolated-domain.md | 112 ++---------
 ...checklist-creating-group-policy-objects.md |  98 +++-------
 ...ecklist-creating-inbound-firewall-rules.md |  60 ++----
 ...cklist-creating-outbound-firewall-rules.md |  52 ++---
 ...ts-of-a-standalone-isolated-server-zone.md | 109 ++---------
 ...ementing-a-basic-firewall-policy-design.md | 103 ++--------
 ...rtificate-based-isolation-policy-design.md |  78 ++------
 ...enting-a-domain-isolation-policy-design.md |  92 ++-------
 ...andalone-server-isolation-policy-design.md |  84 ++------
 ...ing-the-trusted-state-of-your-computers.md | 184 ------------------
 ...ining-the-trusted-state-of-your-devices.md | 139 +++++++++++++
 windows/keep-secure/documenting-the-zones.md  |  84 ++------
 windows/keep-secure/encryption-zone-gpos.md   |  22 +--
 windows/keep-secure/encryption-zone.md        |  37 ++--
 windows/keep-secure/exemption-list.md         |  34 ++--
 windows/keep-secure/firewall-gpos.md          |  18 +-
 ...ndary-ws2008.md => gpo-domiso-boundary.md} |  29 ++-
 ...ion-ws2008.md => gpo-domiso-encryption.md} |   0
 windows/keep-secure/gpo-domiso-firewall.md    |  27 +--
 .../gpo-domiso-isolateddomain-clients.md      | 160 +++------------
 .../gpo-domiso-isolateddomain-servers.md      |  26 ++-
 ...with-advanced-security-deployment-goals.md |   8 +-
 ...wall-with-advanced-security-design-plan.md |  26 ++-
 windows/keep-secure/isolated-domain-gpos.md   |  18 +-
 windows/keep-secure/isolated-domain.md        |  40 ++--
 ...-firewall-with-advanced-security-design.md |   6 +-
 ...anning-certificate-based-authentication.md |  44 ++---
 .../planning-domain-isolation-zones.md        |  20 +-
 .../keep-secure/planning-gpo-deployment.md    | 108 +++++-----
 ...icy-deployment-for-your-isolation-zones.md |  20 +-
 ...planning-isolation-groups-for-the-zones.md |  74 ++-----
 .../planning-network-access-groups.md         |  65 ++-----
 .../planning-server-isolation-zones.md        |  54 ++---
 ...ng-settings-for-a-basic-firewall-policy.md |  34 ++--
 windows/keep-secure/planning-the-gpos.md      |  37 ++--
 ...windows-firewall-with-advanced-security.md |  27 ++-
 ...-firewall-with-advanced-security-design.md |  49 +++--
 ...n-accessing-sensitive-network-resources.md |   2 +-
 windows/keep-secure/server-isolation-gpos.md  |  29 ++-
 ...with-advanced-security-deployment-guide.md |  46 ++---
 51 files changed, 835 insertions(+), 2116 deletions(-)
 delete mode 100644 windows/keep-secure/additional-resources-wfasdesign.md
 delete mode 100644 windows/keep-secure/additional-resourceswfas-deploy.md
 delete mode 100644 windows/keep-secure/determining-the-trusted-state-of-your-computers.md
 create mode 100644 windows/keep-secure/determining-the-trusted-state-of-your-devices.md
 rename windows/keep-secure/{gpo-domiso-boundary-ws2008.md => gpo-domiso-boundary.md} (60%)
 rename windows/keep-secure/{gpo-domiso-encryption-ws2008.md => gpo-domiso-encryption.md} (100%)

diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 89aee60958..e035651dd8 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -439,7 +439,7 @@
 ###### [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
 ###### [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)
 ###### [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)
-###### [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)
+###### [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-devices.md)
 ##### [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
 ###### [Basic Firewall Policy Design](basic-firewall-policy-design.md)
 ###### [Domain Isolation Policy Design](domain-isolation-policy-design.md)
@@ -454,9 +454,9 @@
 ###### [Gathering the Information You Need](gathering-the-information-you-need.md)
 ####### [Gathering Information about Your Current Network Infrastructure](gathering-information-about-your-current-network-infrastructure.md)
 ####### [Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md)
-####### [Gathering Information about Your Computers](gathering-information-about-your-computers.md)
+####### [Gathering Information about Your Computers](gathering-information-about-your-devices.md)
 ####### [Gathering Other Relevant Information](gathering-other-relevant-information.md)
-###### [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-computers.md)
+###### [Determining the Trusted State of Your Computers](determining-the-trusted-state-of-your-devices.md)
 ##### [Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md)
 ###### [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
 ###### [Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
diff --git a/windows/keep-secure/additional-resources-wfasdesign.md b/windows/keep-secure/additional-resources-wfasdesign.md
deleted file mode 100644
index 1e524c920a..0000000000
--- a/windows/keep-secure/additional-resources-wfasdesign.md
+++ /dev/null
@@ -1,67 +0,0 @@
----
-title: Additional Resources (Windows 10)
-description: Additional Resources
-ms.assetid: 74897052-508d-49b9-911c-5902a1fb0d26
-author: brianlic-msft
----
-
-# Additional Resources
-
-
-For more information about the technologies discussed in this guide, see topics referenced in the following sections.
-
-## Windows Firewall with Advanced Security
-
-
--   [Windows Firewall with Advanced Security Overview](http://technet.microsoft.com/library/hh831365) (http://technet.microsoft.com/library/hh831365)
-
-    This TechNet page contains links to a variety of documents available for Windows Firewall with Advanced Security.
-
-## IPsec
-
-
--   [IPsec](http://technet.microsoft.com/network/bb531150.aspx) (http://technet.microsoft.com/network/bb531150.aspx)
-
-    This TechNet page contains links to a variety of documents currently available for Internet Protocol security (IPsec) for Windows available as connection security rules.
-
-## Server and Domain Isolation
-
-
--   [Server and Domain Isolation](http://technet.microsoft.com/network/bb545651.aspx) (http://technet.microsoft.com/network/bb545651.aspx)
-
-    This TechNet page contains links to documentation about the most common uses for IPsec: server isolation and domain isolation.
-
-## Group Policy
-
-
-Group Policy is a key method for implementing firewall and server and domain isolation designs.
-
-For more information about Group Policy and related technologies, see:
-
--   **Group Policy**[Group Policy Overview](http://technet.microsoft.com/library/hh831791) (http://technet.microsoft.com/library/hh831791)
-
-    This page contains links to the documents currently available for Group Policy.
-
--   [WMI Filtering Using GPMC](http://technet.microsoft.com/library/6237b9b2-4a21-425e-8976-2065d28b3147) (http://technet.microsoft.com/library/6237b9b2-4a21-425e-8976-2065d28b3147)
-
--   [HOWTO: Leverage Group Policies with WMI Filters](http://support.microsoft.com/kb/555253) (http://support.microsoft.com/kb/555253)
-
-    This article describes how to create a WMI filter to set the scope of a GPO based on computer attributes, such as operating system.
-
-## Active Directory Domain Services
-
-
-Organizations can use AD DS to manage users and resources, such as computers, printers, or applications, on a network. Server isolation and domain isolation also require AD DS to use the Kerberos V5 protocol for IPsec authentication.
-
-For more information about AD DS and related technologies, see:
-
--   [Active Directory Domain Services Overview](http://technet.microsoft.com/library/hh831484) (http://technet.microsoft.com/library/hh831484)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/additional-resourceswfas-deploy.md b/windows/keep-secure/additional-resourceswfas-deploy.md
deleted file mode 100644
index 3a4efaa457..0000000000
--- a/windows/keep-secure/additional-resourceswfas-deploy.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Additional Resources (Windows 10)
-description: Additional Resources
-ms.assetid: 09bdec5d-8a3f-448c-bc48-d4cb41f9c6e8
-author: brianlic-msft
----
-
-# Additional Resources
-
-
-For more information about the technologies discussed in this guide, see topics referenced in the following sections.
-
-## Windows Firewall with Advanced Security
-
-
--   [Windows Firewall with Advanced Security Overview](http://technet.microsoft.com/library/hh831365.aspx) (http://technet.microsoft.com/library/hh831365.aspx)
-
-    This TechNet page contains links to a variety of documents available for Windows Firewall with Advanced Security in Windows Server 2012.
-
--   [Troubleshooting Windows Firewall with Advanced Security in Windows Server 2012](http://social.technet.microsoft.com/wiki/contents/articles/13894.troubleshooting-windows-firewall-with-advanced-security-in-windows-server-2012.aspx#z6d72b831d4c24158874a04e9e9d37c43)
-
-    This wiki article describes how Windows Firewall with Advanced Security works, what the common troubleshooting situations are, and which tools you can use for troubleshooting. The community is encouraged to add their troubleshooting and experiences to this article.
-
-## IPsec
-
-
--   [IPsec](http://www.microsoft.com/ipsec) (http://www.microsoft.com/ipsec)
-
-    This TechNet page contains links to a variety of documents currently available for Internet Protocol security (IPsec) in Windows.
-
-## Group Policy
-
-
-Group Policy is a key method for implementing firewall and server and domain isolation designs.
-
-For more information about Group Policy and related technologies, see:
-
--   [Group Policy Overview](http://technet.microsoft.com/library/hh831791.aspx) (http://technet.microsoft.com/library/hh831791.aspx)
-
-    This page contains links to the documents currently available for Group Policy.
-
--   [WMI Filtering Using GPMC](http://go.microsoft.com/fwlink/?linkid=93188) (http://go.microsoft.com/fwlink/?linkid=93188)
-
--   [HOWTO: Leverage Group Policies with WMI Filters](http://go.microsoft.com/fwlink/?linkid=93760) (http://go.microsoft.com/fwlink/?linkid=93760)
-
-    This article describes how to create a WMI filter to set the scope of a GPO based on computer attributes, such as operating system.
-
-## Active Directory Domain Services
-
-
-In Windows 8 and Windows Server 2012, organizations can use AD DS to manage users and resources, such as computers, printers, or applications, on a network. Server isolation and domain isolation also require AD DS to use the Kerberos V5 protocol for IPsec authentication.
-
-For more information about AD DS and related technologies, see:
-
--   [Active Directory Domain Services Overview](http://technet.microsoft.com/library/hh831484.aspx) (http://technet.microsoft.com/library/hh831484.aspx)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index 078ccc621c..f72093bb1e 100644
--- a/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -2,13 +2,20 @@
 title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows 10)
 description: Appendix A Sample GPO Template Files for Settings Used in this Guide
 ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Appendix A: Sample GPO Template Files for Settings Used in this Guide
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC). Creating registry setting preferences as described here was first implemented in Windows Server 2008 and Windows Vista with Service Pack 1 (SP1).
+You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC).
 
 To manually create the file, build the settings under **Computer Configuration**, **Preferences**, **Windows Settings**, **Registry**. After you have created the settings, drag the container to the desktop. An .xml file is created there.
 
@@ -16,10 +23,7 @@ To import an .xml file to GPMC, drag it and drop it on the **Registry** node und
 
 The following sample file uses item-level targeting to ensure that the registry keys are applied only on the versions of Windows to which they apply.
 
-**Note**  
-The file shown here is for sample use only. It should be customized to meet the requirements of your organization’s deployment. To customize this file, import it into a test GPO, modify the settings, and then drag the Server and Domain Isolation Settings node to your desktop. The new file will contain all of your customization.
-
- 
+>**Note:**  The file shown here is for sample use only. It should be customized to meet the requirements of your organization’s deployment. To customize this file, import it into a test GPO, modify the settings, and then drag the Server and Domain Isolation Settings node to your desktop. The new file will contain all of your customization.
 
 ``` syntax
 <?xml version="1.0" encoding="utf-8"?>
@@ -87,12 +91,3 @@ The file shown here is for sample use only. It should be customized to meet the
 
 </Collection>
 ```
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/boundary-zone-gpos.md b/windows/keep-secure/boundary-zone-gpos.md
index e8e136ef00..a9a8a4d8a0 100644
--- a/windows/keep-secure/boundary-zone-gpos.md
+++ b/windows/keep-secure/boundary-zone-gpos.md
@@ -2,32 +2,27 @@
 title: Boundary Zone GPOs (Windows 10)
 description: Boundary Zone GPOs
 ms.assetid: 1ae66088-02c3-47e4-b7e8-74d0b8f8646e
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Boundary Zone GPOs
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-All the computers in the boundary zone are added to the group CG\_DOMISO\_Boundary. You must create multiple GPOs to align with this group, one for each operating system that you have in your boundary zone. This group is granted Read and Apply permissions in Group Policy on the GPOs described in this section.
+All the devices in the boundary zone are added to the group CG\_DOMISO\_Boundary. You must create multiple GPOs to align with this group, one for each operating system that you have in your boundary zone. This group is granted Read and Apply permissions in Group Policy on the GPOs described in this section.
 
-**Note**  
-If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any computers that are incorrectly assigned to more than one group.
-
- 
+>**Note:**  If you are designing GPOs for at least Windows Vista or Windows Server 2008, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any devices that are incorrectly assigned to more than one group.
 
 This means that you create a GPO for a boundary group for a specific operating system by copying and pasting the corresponding GPO for the isolated domain, and then modifying the new copy to provide the behavior required in the boundary zone.
 
-The boundary zone GPOs discussed in this guide are only for server versions of Windows because client computers are not expected to participate in the boundary zone. If the need for one occurs, either create a new GPO for that version of Windows, or expand the WMI filter attached to one of the existing boundary zone GPOs to make it apply to the client version of Windows.
+The boundary zone GPOs discussed in this guide are only for server versions of Windows because client devices are not expected to participate in the boundary zone. If the need for one occurs, either create a new GPO for that version of Windows, or expand the WMI filter attached to one of the existing boundary zone GPOs to make it apply to the client version of Windows.
 
-In the Woodgrove Bank example, only the GPO settings for a Web service on Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 are discussed.
+In the Woodgrove Bank example, only the GPO settings for a Web service on at least Windows Server 2008 are discussed.
 
 -   [GPO\_DOMISO\_Boundary\_WS2008](gpo-domiso-boundary-ws2008.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/boundary-zone.md b/windows/keep-secure/boundary-zone.md
index e6e1d51bec..b44e15fdc1 100644
--- a/windows/keep-secure/boundary-zone.md
+++ b/windows/keep-secure/boundary-zone.md
@@ -2,32 +2,39 @@
 title: Boundary Zone (Windows 10)
 description: Boundary Zone
 ms.assetid: ed98b680-fd24-44bd-a7dd-26c522e45a20
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Boundary Zone
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-In most organizations, some computers must be able to receive network traffic from computers that are not part of the isolated domain, and therefore cannot authenticate. To accept communications from untrusted computers, create a boundary zone within your isolated domain.
+In most organizations, some devices must be able to receive network traffic from devices that are not part of the isolated domain, and therefore cannot authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain.
 
-Computers in the boundary zone are trusted computers that can accept communication requests both from other isolated domain member computers and from untrusted computers. Boundary zone computers try to authenticate any incoming request by using IPsec, initiating an IKE negotiation with the originating computer.
+Devices in the boundary zone are trusted devices that can accept communication requests both from other isolated domain member devices and from untrusted devices. Boundary zone devices try to authenticate any incoming request by using IPsec, initiating an IKE negotiation with the originating device.
 
 The GPOs you build for the boundary zone include IPsec or connection security rules that request authentication for both inbound and outbound network connections, but do not require it.
 
-Because these boundary zone computers can receive unsolicited inbound communications from untrusted computers that use plaintext, they must be carefully managed and secured in other ways. Mitigating this additional risk is an important part of deciding whether to add a computer to the boundary zone. For example, completing a formal business justification process before adding each computer to the boundary zone can help ensure that the additional risk is minimized. The following illustration shows a sample process that can help make such a decision.
+Because these boundary zone devices can receive unsolicited inbound communications from untrusted devices that use plaintext, they must be carefully managed and secured in other ways. Mitigating this additional risk is an important part of deciding whether to add a device to the boundary zone. For example, completing a formal business justification process before adding each device to the boundary zone can help ensure that the additional risk is minimized. The following illustration shows a sample process that can help make such a decision.
 
 ![design flowchart](images/wfas-designflowchart1.gif)
 
-The goal of this process is to determine whether the risk of adding a computer to a boundary zone can be mitigated to a level that makes it acceptable to the organization. Ultimately, if the risk cannot be mitigated, membership must be denied.
+The goal of this process is to determine whether the risk of adding a device to a boundary zone can be mitigated to a level that makes it acceptable to the organization. Ultimately, if the risk cannot be mitigated, membership must be denied.
 
 You must create a group in Active Directory to contain the members of the boundary zones. The settings and rules for the boundary zone are typically very similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. The primary difference is that the authentication connection security rule must be set to request authentication for both inbound and outbound traffic, instead of requiring inbound authentication and requesting outbound authentication as used by the isolated domain.
 
 Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
-## GPO settings for boundary zone servers running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+## GPO settings for boundary zone servers running at least Windows Server 2008
 
 
-The boundary zone GPO for computers running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2 should include the following:
+The boundary zone GPO for devices running at least Windows Server 2008 should include the following:
 
 -   IPsec default settings that specify the following options:
 
@@ -39,11 +46,11 @@ The boundary zone GPO for computers running Windows Server 2012, Windows Server
 
         If any NAT devices are present on your networks, use ESP encapsulation. If isolated domain members must communicate with hosts in the encryption zone, ensure that you include algorithms that are compatible with the requirements of the encryption mode policies.
 
-    4.  Authentication methods. Include at least computer-based Kerberos V5 authentication. If you want to use user-based access to isolated servers then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members cannot use Kerberos V5, you must include certificate-based authentication as an optional authentication method.
+    4.  Authentication methods. Include at least device-based Kerberos V5 authentication. If you want to use user-based access to isolated servers then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members cannot use Kerberos V5, you must include certificate-based authentication as an optional authentication method.
 
 -   The following connection security rules:
 
-    -   A connection security rule that exempts all computers on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, if applicable in your environment.
+    -   A connection security rule that exempts all devices on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, if applicable in your environment.
 
     -   A connection security rule, from **Any IP address** to **Any IP address**, that requests inbound and outbound authentication.
 
@@ -51,18 +58,6 @@ The boundary zone GPO for computers running Windows Server 2012, Windows Server
 
     -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
 
-    **Note**  
-    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
-
-     
+    >**Note:**  For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
 
 **Next: **[Encryption Zone](encryption-zone.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/checklist-configuring-basic-firewall-settings.md b/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
index 93ba95bbff..979ef0e243 100644
--- a/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
+++ b/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
@@ -2,58 +2,25 @@
 title: Checklist Configuring Basic Firewall Settings (Windows 10)
 description: Checklist Configuring Basic Firewall Settings
 ms.assetid: 0d10cdae-da3d-4a33-b8a4-6b6656b6d1f9
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Configuring Basic Firewall Settings
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This checklist includes tasks for configuring a GPO with firewall defaults and settings that are separate from the rules.
 
-## <a href="" id="bkmk-section1"></a>
-
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring firewall defaults and settings**
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Turn the firewall on and set the default inbound and outbound behavior.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the firewall to not display notifications to the user when a program is blocked, and to ignore locally defined firewall and connection security rules.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the firewall to record a log file.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
-
+**Checklist: Configuring firewall defaults and settings**
 
+| Task | Reference |
+| - | - |
+| Turn the firewall on and set the default inbound and outbound behavior.| [Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)| 
+| Configure the firewall to not display notifications to the user when a program is blocked, and to ignore locally defined firewall and connection security rules. | [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md) |
+| Configure the firewall to record a log file. | [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)| 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
index 3fe907d8cd..a3cd9303ca 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -2,124 +2,42 @@
 title: Checklist Configuring Rules for an Isolated Server Zone (Windows 10)
 description: Checklist Configuring Rules for an Isolated Server Zone
 ms.assetid: 67c50a91-e71e-4f1e-a534-dad2582e311c
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Configuring Rules for an Isolated Server Zone
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs for servers in an isolated server zone that are part of an isolated domain. For information about creating a standalone isolated server zone that is not part of an isolated domain, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md).
 
-In addition to requiring authentication and optionally encryption, servers in an isolated server zone can be accessed only by users or computers who are authenticated members of a network access group (NAG). Computers that are running Windows 2000, Windows XP, or Windows Server 2003 can restrict access in IPsec only to computers that are members of the NAG, because IPsec and IKE in those versions of Windows do not support user-based authentication. If you include user accounts in the NAG, then the restrictions can still apply; they are just enforced at the application layer, rather than the IP layer.
+In addition to requiring authentication and optionally encryption, servers in an isolated server zone can be accessed only by users or devices who are authenticated members of a network access group (NAG). If you include user accounts in the NAG, then the restrictions can still apply; they are just enforced at the application layer, rather than the IP layer.
 
-Computers that are running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 can identify both computers and users in the NAG because IPsec in these versions of Windows supports AuthIP in addition to IKE. AuthIP adds support for user-based authentication. For more information, see “AuthIP in Windows Vista” (<http://go.microsoft.com/fwlink/?linkid=69843>).
+Devices that are running at least Windows Vista and Windows Server 2008 can identify both devices and users in the NAG because IPsec in these versions of Windows supports AuthIP in addition to IKE. AuthIP adds support for user-based authentication.
 
 The GPOs for an isolated server or group of servers are similar to those for the isolated domain itself or the encryption zone, if you require encryption to your isolated servers. This checklist refers you to procedures for creating rules as well as restrictions that allow only members of the NAG to connect to the server.
 
-## <a href="" id="bkmk-section1"></a>
+**Checklist: Configuring rules for isolated servers**
 
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring rules for isolated servers for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2**
-
-**Note**  
-The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other operating system. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.
-
- 
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a GPO for the computers that need to have access restricted to the same set of client computers. If there are multiple servers and they run different versions of the Windows operating system, then start by creating the GPO for one version of Windows. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.</p>
-<p>Copy the GPO from the isolated domain or from the encryption zone to serve as a starting point. Where your copy already contains elements listed in the following checklist, review the relevant procedures and compare them to your copied GPO’s element to make sure it is constructed in a way that meets the needs of the server isolation zone.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the security group filters and WMI filters on the GPO so that only members of the isolated server zone’s membership group that are running the specified version of Windows can read and apply it.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the data protection (quick mode) algorithm combinations to be used. If you require encryption for the isolated server zone, then make sure that you choose only algorithm combinations that include encryption.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the authentication methods to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that requests authentication for all network traffic.</p>
-<div class="alert">
-<strong>Important</strong>  
-<p>Just as in an isolated domain, do not set the rules to require authentication for inbound traffic until you have completed testing. That way, if the rules do not work as expected, communications are not affected by a failure to authenticate.</p>
-</div>
-<div>
- 
-</div></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the NAG to contain the computer or user accounts that are allowed to access the servers in the isolated server zone.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a firewall rule that permits inbound network traffic only if authenticated as a member of the NAG.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Add your test server to the membership group for the isolated server zone. Be sure to add at least one server for each operating system supported by a GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+| Task | Reference |
+| - | - |
+| Create a GPO for the devices that need to have access restricted to the same set of client devices. If there are multiple servers and they run different versions of the Windows operating system, then start by creating the GPO for one version of Windows. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.<br/>Copy the GPO from the isolated domain or from the encryption zone to serve as a starting point. Where your copy already contains elements listed in the following checklist, review the relevant procedures and compare them to your copied GPO’s element to make sure it is constructed in a way that meets the needs of the server isolation zone. |[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
+| Configure the security group filters and WMI filters on the GPO so that only members of the isolated server zone’s membership group that are running the specified version of Windows can read and apply it.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
+| Configure IPsec to exempt all ICMP network traffic from IPsec protection. | [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)| 
+| Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)| 
+| Configure the data protection (quick mode) algorithm combinations to be used. If you require encryption for the isolated server zone, then make sure that you choose only algorithm combinations that include encryption. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)| 
+| Configure the authentication methods to be used. | [Configure Authentication Methods](configure-authentication-methods.md)| 
+| Create a rule that exempts all network traffic to and from devices on the exemption list from IPsec. | [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)| 
+| Create a rule that requests authentication for all network traffic.<br/>**Important:**  Just as in an isolated domain, do not set the rules to require authentication for inbound traffic until you have completed testing. That way, if the rules do not work as expected, communications are not affected by a failure to authenticate.| [Create an Authentication Request Rule](create-an-authentication-request-rule.md)| 
+| Create the NAG to contain the device or user accounts that are allowed to access the servers in the isolated server zone. | [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)| 
+| Create a firewall rule that permits inbound network traffic only if authenticated as a member of the NAG. | [Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)| 
+| Link the GPO to the domain level of the Active Directory organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
+| Add your test server to the membership group for the isolated server zone. Be sure to add at least one server for each operating system supported by a GPO in the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md) |
 
 Do not change the rules for any of your zones to require authentication until all of the zones have been set up and are operating correctly.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
index 6d2a88909f..f954a6f45e 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -2,125 +2,39 @@
 title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows 10)
 description: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone
 ms.assetid: ccc09d06-ef75-43b0-9c77-db06f2940955
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that is not part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or computers that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client computers that connect to them. For the GPOs for the client computers, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md).
+This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that is not part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or devices that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client devices that connect to them. For the GPOs for the client devices, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md).
 
 The GPOs for isolated servers are similar to those for an isolated domain. This checklist refers you to those procedures for the creation of some of the rules. The other procedures in this checklist are for creating the restrictions that allow only members of the server access group to connect to the server.
 
-## <a href="" id="bkmk-section1"></a>
-
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring rules for isolated servers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
-
-**Note**  
-The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then create a copy of the GPO for the other operating system. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.
+**Checklist: Configuring rules for isolated servers**
 
+| Task | Reference |
+| - | - |
+| Create a GPO for the devices that need to have access restricted to the same set of client devices. If there are multiple servers running different versions of the Windows operating system, start by creating the GPO for one version of Windows. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md) <br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
+| If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the devices for which this GPO is intended. | [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
+| Configure IPsec to exempt all ICMP network traffic from IPsec protection. | [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)| 
+| Create a rule that exempts all network traffic to and from devices on the exemption list from IPsec. | [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md) |
+| Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)| 
+| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)| 
+| Configure the authentication methods to be used. This procedure sets the default settings for the device. If you want to set authentication on a per-rule basis, this procedure is optional.| [Configure Authentication Methods](configure-authentication-methods.md) |
+| Create a rule that requests authentication for all inbound network traffic. <br/><br/>**Important:**  Just as in an isolated domain, do not set the rules to require authentication until your testing is complete. That way, if the rules do not work as expected, communications are not affected by a failure to authenticate.| [Create an Authentication Request Rule](create-an-authentication-request-rule.md)| 
+| If your design requires encryption in addition to authentication for access to the isolated servers, then modify the rule to require it. | [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)| 
+| Create the NAG to contain the device or user accounts that are allowed to access the isolated servers. If you have multiple groups of isolated servers that are accessed by different client devices, then create a NAG for each set of servers.| [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md) |
+| Create a firewall rule that allows inbound network traffic only if it is authenticated from a user or device that is a member of the zone’s NAG.| [Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)| 
+| Link the GPO to the domain level of the Active Directory organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
+| Add your test server to the membership group for the isolated server zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| 
  
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a GPO for the computers that need to have access restricted to the same set of client computers. If there are multiple servers running different versions of the Windows operating system, start by creating the GPO for one version of Windows. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)</p>
-<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the computers for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the data protection (quick mode) algorithm combinations to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the authentication methods to be used. This procedure sets the default settings for the computer. If you want to set authentication on a per-rule basis, this procedure is optional.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that requests authentication for all inbound network traffic.</p>
-<div class="alert">
-<strong>Important</strong>  
-<p>Just as in an isolated domain, do not set the rules to require authentication until your testing is complete. That way, if the rules do not work as expected, communications are not affected by a failure to authenticate.</p>
-</div>
-<div>
- 
-</div></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>If your design requires encryption in addition to authentication for access to the isolated servers, then modify the rule to require it.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the NAG to contain the computer or user accounts that are allowed to access the isolated servers. If you have multiple groups of isolated servers that are accessed by different client computers, then create a NAG for each set of servers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a firewall rule that allows inbound network traffic only if it is authenticated from a user or computer that is a member of the zone’s NAG.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Add your test server to the membership group for the isolated server zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
 Do not change the rules for any of your zones to require authentication until all zones have been set up and thoroughly tested.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
index bd93a5e321..899be3e221 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
@@ -2,72 +2,31 @@
 title: Checklist Configuring Rules for the Boundary Zone (Windows 10)
 description: Checklist Configuring Rules for the Boundary Zone
 ms.assetid: 25fe0197-de5a-4b4c-bc44-c6f0620ea94b
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Configuring Rules for the Boundary Zone
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.
 
 Rules for the boundary zone are typically the same as those for the isolated domain, with the exception that the final rule is left to only request, not require, authentication.
 
-## <a href="" id="bkmk-section1"></a>
-
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring boundary zone rules for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
-
-A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 can simply be copied and then customized. This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md). After you create a copy for the boundary zone, make sure that you do not change the rule from request authentication to require authentication when you create the other GPOs.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Make a copy of the domain isolation GPO for this version of Windows to serve as a starting point for the GPO for the boundary zone. Unlike the GPO for the main isolated domain zone, this copy is not changed after deployment to require authentication.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the boundary zone and version of Windows for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Add your test computers to the membership group for the boundary zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Verify that the connection security configuration is protecting network traffic with authentication when it can, and that unauthenticated traffic is accepted.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
+**Checklist: Configuring boundary zone rules**
 
+This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md). After you create a copy for the boundary zone, make sure that you do not change the rule from request authentication to require authentication when you create the other GPOs.
 
+| Task | Reference |
+| - | - |
+| Make a copy of the domain isolation GPO for this version of Windows to serve as a starting point for the GPO for the boundary zone. Unlike the GPO for the main isolated domain zone, this copy is not changed after deployment to require authentication.| [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md) |
+| If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the boundary zone and version of Windows for which this GPO is intended.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
+| Link the GPO to the domain level of the Active Directory organizational unit hierarchy.| [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
+| Add your test computers to the membership group for the boundary zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)| 
+| Verify that the connection security configuration is protecting network traffic with authentication when it can, and that unauthenticated traffic is accepted. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
index c90e28f60a..f0d1aab7e7 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
@@ -2,74 +2,32 @@
 title: Checklist Configuring Rules for the Encryption Zone (Windows 10)
 description: Checklist Configuring Rules for the Encryption Zone
 ms.assetid: 87b1787b-0c70-47a4-ae52-700bff505ea4
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Configuring Rules for the Encryption Zone
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.
 
 Rules for the encryption zone are typically the same as those for the isolated domain, with the exception that the main rule requires encryption in addition to authentication.
 
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring encryption zone rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
-
-A GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 can simply be copied and then customized. This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md). You can then copy those GPOs for use with the encryption zone. After you create the copies, modify the main rule to require encryption in addition to the authentication required by the rest of the isolated domain.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Make a copy of the domain isolation GPOs to serve as a starting point for the GPOs for the encryption zone.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Modify the group memberships and WMI filters so that they are correct for the encryption zone and the version of Windows for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Add the encryption requirements for the zone.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Add your test computers to the membership group for the encryption zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Verify that the connection security rules are protecting network traffic.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
+**Checklist: Configuring encryption zone rules**
 
+This checklist assumes that you have already created the GPO for the isolated domain as described in [Checklist: Implementing a Domain Isolation Policy Design](checklist-implementing-a-domain-isolation-policy-design.md). You can then copy those GPOs for use with the encryption zone. After you create the copies, modify the main rule to require encryption in addition to the authentication required by the rest of the isolated domain.
 
+| Task | Reference |
+| - | - |
+| Make a copy of the domain isolation GPOs to serve as a starting point for the GPOs for the encryption zone.| [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
+| Modify the group memberships and WMI filters so that they are correct for the encryption zone and the version of Windows for which this GPO is intended. | [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
+| Add the encryption requirements for the zone. | [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)| 
+| Link the GPO to the domain level of the Active Directory organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
+| Add your test computers to the membership group for the encryption zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)| 
+| Verify that the connection security rules are protecting network traffic.| [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
index 84b4f69a88..bec1da29f6 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
@@ -2,106 +2,36 @@
 title: Checklist Configuring Rules for the Isolated Domain (Windows 10)
 description: Checklist Configuring Rules for the Isolated Domain
 ms.assetid: bfd2d29e-4011-40ec-a52e-a67d4af9748e
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Configuring Rules for the Isolated Domain
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.
 
-## <a href="" id="bkmk-section1"></a>
-
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring isolated domain rules for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
-
-**Note**  
-The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other operating system. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.
-
- 
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a GPO for the computers in the isolated domain running one of the operating systems. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)</p>
-<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>If you are working on a GPO that was copied from another GPO, modify the group memberships and WMI filters so that they are correct for the isolated domain zone and the version of Windows for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the data protection (quick mode) algorithm combinations to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the authentication methods to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the rule that requests authentication for all inbound network traffic.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Link the GPO to the domain level of the AD DS organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Verify that the connection security rules are protecting network traffic to and from the test computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)</p></td>
-</tr>
-</tbody>
-</table>
+**Checklist: Configuring isolated domain rules**
 
+| Task | Reference |
+| - | - |
+| Create a GPO for the computers in the isolated domain running one of the operating systems. After you have finished the tasks in this checklist and configured the GPO for that version of Windows, you can create a copy of it.| [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)<br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
+| If you are working on a GPO that was copied from another GPO, modify the group memberships and WMI filters so that they are correct for the isolated domain zone and the version of Windows for which this GPO is intended. | [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
+| Configure IPsec to exempt all ICMP network traffic from IPsec protection. | [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)| 
+| Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec. | [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)| 
+| Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)| 
+| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings)| 
+| Configure the authentication methods to be used. | [Configure Authentication Methods](configure-authentication-methods.md)| 
+| Create the rule that requests authentication for all inbound network traffic. | [Create an Authentication Request Rule](create-an-authentication-request-rule.md)| 
+| Link the GPO to the domain level of the AD DS organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
+| Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)| 
+| Verify that the connection security rules are protecting network traffic to and from the test computers. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
  
 
 Do not change the rules for any of your zones to require authentication until all of the zones have been set up and are operating correctly.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/checklist-creating-group-policy-objects.md b/windows/keep-secure/checklist-creating-group-policy-objects.md
index 698ddd1336..b846638c4e 100644
--- a/windows/keep-secure/checklist-creating-group-policy-objects.md
+++ b/windows/keep-secure/checklist-creating-group-policy-objects.md
@@ -2,96 +2,42 @@
 title: Checklist Creating Group Policy Objects (Windows 10)
 description: Checklist Creating Group Policy Objects
 ms.assetid: e99bd6a4-34a7-47b5-9791-ae819977a559
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Creating Group Policy Objects
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-To deploy firewall or IPsec settings or firewall or connection security rules, we recommend that you use Group Policy in AD DS. This section describes a tested, efficient method that requires some up-front work, but serves an administrator well in the long run by making GPO assignments as easy as dropping a computer into a membership group.
+To deploy firewall or IPsec settings or firewall or connection security rules, we recommend that you use Group Policy in AD DS. This section describes a tested, efficient method that requires some up-front work, but serves an administrator well in the long run by making GPO assignments as easy as dropping a device into a membership group.
 
 The checklists for firewall, domain isolation, and server isolation include a link to this checklist.
 
 ## About membership groups
 
-
-For most GPO deployment tasks, you must determine which computers must receive and apply which GPOs. Because different versions of Windows can support different settings and rules to achieve similar behavior, you might need multiple GPOs: one for each operating system that has settings different from the others to achieve the same result. For example, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 use rules and settings that are incompatible with Windows 2000, Windows XP, and Windows Server 2003. Therefore, if your network included those older operating systems you would need to create a GPO for each set of operating systems that can share common settings. To deploy typical domain isolation settings and rules, you might have five different GPOs for the versions of Windows discussed in this guide. By following the procedures in this guide, you only need one membership group to manage all five GPOs. The membership group is identified in the security group filter for all five GPOs. To apply the settings to a computer, you make that computer's account a member of the membership group. WMI filters are used to ensure that the correct GPO is applied.
+For most GPO deployment tasks, you must determine which devices must receive and apply which GPOs. Because different versions of Windows can support different settings and rules to achieve similar behavior, you might need multiple GPOs: one for each operating system that has settings different from the others to achieve the same result. For example, Windows 10, Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 use rules and settings that are incompatible with Windows 2000, Windows XP, and Windows Server 2003. Therefore, if your network included those older operating systems you would need to create a GPO for each set of operating systems that can share common settings. To deploy typical domain isolation settings and rules, you might have five different GPOs for the versions of Windows discussed in this guide. By following the procedures in this guide, you only need one membership group to manage all five GPOs. The membership group is identified in the security group filter for all five GPOs. To apply the settings to a device, you make that device's account a member of the membership group. WMI filters are used to ensure that the correct GPO is applied.
 
 ## About exclusion groups
 
+A Windows Firewall with Advanced Security design must often take into account domain-joined devices on the network that cannot or must not apply the rules and settings in the GPOs. Because these devices are typically fewer in number than the devices that must apply the GPO, it is easier to use the Domain Members group in the GPO membership group, and then place these exception devices into an exclusion group that is denied Apply Group Policy permissions on the GPO. Because deny permissions take precedence over allow permissions, a device that is a member of both the membership group and the exception group is prevented from applying the GPO. Devices typically found in a GPO exclusion group for domain isolation include the domain controllers, DHCP servers, and DNS servers.
 
-A Windows Firewall with Advanced Security design must often take into account domain-joined computers on the network that cannot or must not apply the rules and settings in the GPOs. Because these computers are typically fewer in number than the computers that must apply the GPO, it is easier to use the Domain Members group in the GPO membership group, and then place these exception computers into an exclusion group that is denied Apply Group Policy permissions on the GPO. Because deny permissions take precedence over allow permissions, a computer that is a member of both the membership group and the exception group is prevented from applying the GPO. Computers typically found in a GPO exclusion group for domain isolation include the domain controllers, DHCP servers, and DNS servers.
-
-You can also use a membership group for one zone as an exclusion group for another zone. For example, computers in the boundary and encryption zones are technically in the main domain isolation zone, but must apply only the GPO for their assigned role. To do this, the GPOs for the main isolation zone deny Apply Group Policy permissions to members of the boundary and encryption zones.
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Creating Group Policy objects**
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Review important concepts and examples for deploying GPOs in a way that best meets the needs of your organization.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the membership group in AD DS that will be used to contain computer accounts that must receive the GPO.</p>
-<p>If some computers in the membership group are running an operating system that does not support WMI filters, such as Windows 2000, create an exclusion group to contain the computer accounts for the computers that cannot be blocked by using a WMI filter.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a GPO for each version of Windows that has different implementation requirements.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create a Group Policy Object](create-a-group-policy-object.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create security group filters to limit the GPO to only computers that are members of the membership group and to exclude computers that are members of the exclusion group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create WMI filters to limit each GPO to only the computers that match the criteria in the filter.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>If you are working on a GPO that was copied from another, modify the group memberships and WMI filters so that they are correct for the new zone or version of Windows for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Before adding any rules or configuring the GPO, add a few test computers to the membership group, and make sure that the correct GPO is received and applied to each member of the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
+You can also use a membership group for one zone as an exclusion group for another zone. For example, devices in the boundary and encryption zones are technically in the main domain isolation zone, but must apply only the GPO for their assigned role. To do this, the GPOs for the main isolation zone deny Apply Group Policy permissions to members of the boundary and encryption zones.
 
+**Checklist: Creating Group Policy objects**
 
+| Task | Reference |
+| - | - |
+| Review important concepts and examples for deploying GPOs in a way that best meets the needs of your organization.| [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)| 
+| Create the membership group in AD DS that will be used to contain device accounts that must receive the GPO.<br/>If some devices in the membership group are running an operating system that does not support WMI filters, such as Windows 2000, create an exclusion group to contain the device accounts for the devices that cannot be blocked by using a WMI filter.| [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)|
+| Create a GPO for each version of Windows that has different implementation requirements.| [Create a Group Policy Object](create-a-group-policy-object.md) |
+| Create security group filters to limit the GPO to only devices that are members of the membership group and to exclude devices that are members of the exclusion group.|[Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md) |
+| Create WMI filters to limit each GPO to only the devices that match the criteria in the filter.| [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md) |
+| If you are working on a GPO that was copied from another, modify the group memberships and WMI filters so that they are correct for the new zone or version of Windows for which this GPO is intended.|[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
+| Link the GPO to the domain level of the Active Directory organizational unit hierarchy.| [Link the GPO to the Domain](link-the-gpo-to-the-domain.md) |
+| Before adding any rules or configuring the GPO, add a few test devices to the membership group, and make sure that the correct GPO is received and applied to each member of the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md) |
diff --git a/windows/keep-secure/checklist-creating-inbound-firewall-rules.md b/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
index c62910188e..16681cba2a 100644
--- a/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
+++ b/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
@@ -2,60 +2,30 @@
 title: Checklist Creating Inbound Firewall Rules (Windows 10)
 description: Checklist Creating Inbound Firewall Rules
 ms.assetid: 0520e14e-5c82-48da-8fbf-87cef36ce02f
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Creating Inbound Firewall Rules
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This checklist includes tasks for creating firewall rules in your GPOs.
 
-## <a href="" id="bkmk-section1"></a>
+**Checklist: Creating inbound firewall rules**
 
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Creating inbound firewall rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that allows a program to listen for and accept inbound network traffic on any ports it requires.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that allows inbound network traffic on a specified port number.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that allows inbound ICMP network traffic.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create rules that allow inbound RPC network traffic.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Enable a predefined rule or a group of predefined rules. Some predefined rules for basic network services are included as part of the installation of Windows; others can be created when you install a new application or network service.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
-</tr>
-</tbody>
-</table>
+| Task | Reference |
+| - | - |
+| Create a rule that allows a program to listen for and accept inbound network traffic on any ports it requires. | [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)| 
+| Create a rule that allows inbound network traffic on a specified port number. | [Create an Inbound Port Rule](create-an-inbound-port-rule.md)| 
+| Create a rule that allows inbound ICMP network traffic. | [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)| 
+| Create rules that allow inbound RPC network traffic. | [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)| 
+| Enable a predefined rule or a group of predefined rules. Some predefined rules for basic network services are included as part of the installation of Windows; others can be created when you install a new application or network service. | [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)| 
 
  
 
diff --git a/windows/keep-secure/checklist-creating-outbound-firewall-rules.md b/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
index 0e6115009a..22b8d892c8 100644
--- a/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
+++ b/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
@@ -2,52 +2,30 @@
 title: Checklist Creating Outbound Firewall Rules (Windows 10)
 description: Checklist Creating Outbound Firewall Rules
 ms.assetid: 611bb98f-4e97-411f-82bf-7a844a4130de
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Creating Outbound Firewall Rules
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-This checklist includes tasks for creating outbound firewall rules in your GPOs. Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 support the use of outbound rules.
+This checklist includes tasks for creating outbound firewall rules in your GPOs.
 
-**Important**  
-By default, in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, outbound filtering is disabled. Because all outbound network traffic is permitted, outbound rules are typically used to block traffic that is not wanted on the network. However, it is a best practice for an administrator to create outbound allow rules for those applications that are approved for use on the organization’s network. If you do this, then you have the option to set the default outbound behavior to block, preventing any network traffic that is not specifically authorized by the rules you create.
+>**Important:**  By default, outbound filtering is disabled. Because all outbound network traffic is permitted, outbound rules are typically used to block traffic that is not wanted on the network. However, it is a best practice for an administrator to create outbound allow rules for those applications that are approved for use on the organization’s network. If you do this, then you have the option to set the default outbound behavior to block, preventing any network traffic that is not specifically authorized by the rules you create.
 
- 
+**Checklist: Creating outbound firewall rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
 
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Creating outbound firewall rules for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that allows a program to send any outbound network traffic on any port it requires.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that allows outbound network traffic on a specified port number.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Enable a predefined rule or a group of predefined rules. Some predefined rules for basic network services are included as part of the installation of Windows; others can be created when you install a new application or network service.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)</p></td>
-</tr>
-</tbody>
-</table>
+| Task | Reference |
+| - | - |
+| Create a rule that allows a program to send any outbound network traffic on any port it requires. | [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)| 
+| Create a rule that allows outbound network traffic on a specified port number. | [Create an Outbound Port Rule](create-an-outbound-port-rule.md)| 
+| Enable a predefined rule or a group of predefined rules. Some predefined rules for basic network services are included as part of the installation of Windows; others can be created when you install a new application or network service. | [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)| 
 
  
 
diff --git a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index 843f11e525..c7701cd4f8 100644
--- a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -2,99 +2,32 @@
 title: Checklist Creating Rules for Clients of a Standalone Isolated Server Zone (Windows 10)
 description: Checklist Creating Rules for Clients of a Standalone Isolated Server Zone
 ms.assetid: 6a5e6478-add3-47e3-8221-972549e013f6
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-This checklist includes tasks for configuring connection security rules and IPsec settings in the GPOs for client computers that must connect to servers in an isolated server zone.
-
-## <a href="" id="bkmk-section1"></a>
-
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**Checklist: Configuring isolated server zone client rules for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
-
-**Note**  
-The GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 are usually similar. If this is true for your design, create one GPO, configure it by using the tasks in this checklist, and then create a copy of the GPO. For example, create and configure the GPO for Windows 8, create a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the required changes (if any) to the copy.
-
- 
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a GPO for the client computers that must connect to servers in the isolated server zone, and that are running one of the versions of Windows. After you have finished the tasks in this checklist, you can make a copy of it.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)</p>
-<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>To determine which computers receive the GPO, assign the NAG for the isolated servers to the security group filter for the GPO. Make sure that each GPO has the WMI filter for the correct version of Windows.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure IPsec to exempt all ICMP network traffic from IPsec protection.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the key exchange (main mode) security methods and algorithms to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the data protection (quick mode) algorithm combinations to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the authentication methods to be used.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create a rule that requests authentication for network traffic. Because fallback-to-clear behavior in Windows Vista and Windows Server 2008 has no delay when communicating with computers that cannot use IPsec, you can use the same any-to-any rule used in an isolated domain.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Add your test computers to the NAG for the isolated server zone. Be sure to add at least one for each operating system supported by a different GPO in the group.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
+This checklist includes tasks for configuring connection security rules and IPsec settings in the GPOs for client devices that must connect to servers in an isolated server zone.
 
+**Checklist: Configuring isolated server zone client rules**
 
+| Task | Reference |
+| - | - |
+| Create a GPO for the client devices that must connect to servers in the isolated server zone, and that are running one of the versions of Windows. After you have finished the tasks in this checklist, you can make a copy of it.| [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md) <br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
+| To determine which devices receive the GPO, assign the NAG for the isolated servers to the security group filter for the GPO. Make sure that each GPO has the WMI filter for the correct version of Windows.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
+| Configure IPsec to exempt all ICMP network traffic from IPsec protection. | [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)| 
+| Create a rule that exempts all network traffic to and from devices on the exemption list from IPsec. | [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)| 
+| Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange--main-mode--settings.md)| 
+| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection--quick-mode--settings.md)| 
+| Configure the authentication methods to be used. | [Configure Authentication Methods](configure-authentication-methods.md)| 
+| Create a rule that requests authentication for network traffic. Because fallback-to-clear behavior in Windows Vista and Windows Server 2008 has no delay when communicating with devices that cannot use IPsec, you can use the same any-to-any rule used in an isolated domain.| [Create an Authentication Request Rule](create-an-authentication-request-rule.md)| 
+| Link the GPO to the domain level of the Active Directory organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
+| Add your test devices to the NAG for the isolated server zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| 
diff --git a/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md b/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
index 1c3c8530e2..f72a945895 100644
--- a/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
@@ -2,96 +2,35 @@
 title: Checklist Implementing a Basic Firewall Policy Design (Windows 10)
 description: Checklist Implementing a Basic Firewall Policy Design
 ms.assetid: 6caf0c1e-ac72-4f9d-a986-978b77fbbaa3
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Implementing a Basic Firewall Policy Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This parent checklist includes cross-reference links to important concepts about the basic firewall policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
-**Note**  
-Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
-
-The procedures in this section use the Group Policy MMC snap-in interfaces to configure the GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](http://technet.microsoft.com/library/hh831755.aspx) at http://technet.microsoft.com/library/hh831755.aspx.
-
- 
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif) **Checklist: Implementing a basic firewall policy design**
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Review important concepts and examples for the basic firewall policy design to determine if this design meets the needs of your organization.</p></td>
-<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Basic Firewall Policy Design](basic-firewall-policy-design.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Firewall Policy Design Example](firewall-policy-design-example.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the membership group and a GPO for each set of computers that require different firewall rules. Where GPOs will be similar, such as for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 8, make a copy of it for Windows Server 2012, and then follow the steps in this checklist to make the few required changes to the copy.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)</p>
-<p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>If you are working on a GPO that was copied from another, modify the group membership and WMI filters so that they are correct for the computers for which this GPO is intended.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the GPO with firewall default settings appropriate for your design.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create one or more inbound firewall rules to allow unsolicited inbound network traffic.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create one or more outbound firewall rules to block unwanted outbound network traffic.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Link the GPO to the domain level of the Active Directory organizational unit hierarchy.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Add test computers to the membership group, and then confirm that the computers receive the firewall rules from the GPOs as expected.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy the completed firewall policy settings to your computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
+>**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
 
+The procedures in this section use the Group Policy MMC snap-in interfaces to configure the GPOs, but you can also use Windows PowerShell. For more info, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md).
 
+ **Checklist: Implementing a basic firewall policy design**
 
+| Task | Reference |
+| - | - |
+| Review important concepts and examples for the basic firewall policy design to determine if this design meets the needs of your organization. | [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Basic Firewall Policy Design](basic-firewall-policy-design.md)<br/>[Firewall Policy Design Example](firewall-policy-design-example.md)<br/>[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)| 
+| Create the membership group and a GPO for each set of devices that require different firewall rules. Where GPOs will be similar, such as for Windows 10 and Windows Server 2016 Technical Preview, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 10, make a copy of it for Windows Server 2016 Technical Preview, and then follow the steps in this checklist to make the few required changes to the copy. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)<br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
+| If you are working on a GPO that was copied from another, modify the group membership and WMI filters so that they are correct for the devices for which this GPO is intended.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)| 
+| Configure the GPO with firewall default settings appropriate for your design.| [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)| 
+| Create one or more inbound firewall rules to allow unsolicited inbound network traffic.| [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)| 
+| Create one or more outbound firewall rules to block unwanted outbound network traffic. | [Checklist: Creating Outbound Firewall Rules](checklist-creating-outbound-firewall-rules.md)| 
+| Link the GPO to the domain level of the Active Directory organizational unit hierarchy.| [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
+| Add test devices to the membership group, and then confirm that the devices receive the firewall rules from the GPOs as expected.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)|
+| According to the testing and roll-out schedule in your design plan, add device accounts to the membership group to deploy the completed firewall policy settings to your devices. | [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)| 
diff --git a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 67dfdd611b..23e5c64172 100644
--- a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -2,75 +2,29 @@
 title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows 10)
 description: Checklist Implementing a Certificate-based Isolation Policy Design
 ms.assetid: 1e34b5ea-2e77-4598-a765-550418d33894
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Implementing a Certificate-based Isolation Policy Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.
 
-**Note**  
-Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist
-
-The procedures in this section use the Group Policy MMC snap-in interfaces to configure the GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](http://technet.microsoft.com/library/hh831755.aspx) at http://technet.microsoft.com/library/hh831755.aspx.
-
- 
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif) **Checklist: Implementing certificate-based authentication**
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.</p></td>
-<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Certificate-based Authentication](planning-certificate-based-authentication.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Install Active Directory Certificate Services](install-active-directory-certificate-services.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure the certificate template for workstation authentication certificates.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Configure Group Policy to automatically deploy certificates based on your template to workstation computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>On a test computer, refresh Group Policy and confirm that the certificate is installed.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
+>**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist
 
+**Checklist: Implementing certificate-based authentication**
 
+| Task | Reference |
+| - | - |
+| Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)<br/>[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)<br/>[Planning Certificate-based Authentication](planning-certificate-based-authentication.md) |
+| Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.| [Install Active Directory Certificate Services](install-active-directory-certificate-services.md) |
+| Configure the certificate template for workstation authentication certificates.| [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)| 
+| Configure Group Policy to automatically deploy certificates based on your template to workstation devices. | [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)| 
+| On a test device, refresh Group Policy and confirm that the certificate is installed. | [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)| 
diff --git a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
index 1bb54f22dd..f89ac11201 100644
--- a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
@@ -2,87 +2,33 @@
 title: Checklist Implementing a Domain Isolation Policy Design (Windows 10)
 description: Checklist Implementing a Domain Isolation Policy Design
 ms.assetid: 76586eb3-c13c-4d71-812f-76bff200fc20
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Implementing a Domain Isolation Policy Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
-**Note**  
-Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
-
-The procedures in this section use the Group Policy MMC snap-ins to configure the GPOs, but you can also use Windows PowerShell to configure GPOs. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](http://technet.microsoft.com/library/hh831755.aspx) at http://technet.microsoft.com/library/hh831755.aspx.
-
-For more information about the security algorithms and authentication methods available in each version of Windows, see [IPsec Algorithms and Methods Supported in Windows](http://technet.microsoft.com/library/dd125380.aspx) at http://technet.microsoft.com/library/dd125380.aspx.
-
- 
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif) **Checklist: Implementing a domain isolation policy design**
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Review important concepts and examples for the domain isolation policy design, determine your Windows Firewall with Advanced Security deployment goals, and customize this design to meet the needs of your organization.</p></td>
-<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Domain Isolation Policy Design](domain-isolation-policy-design.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Domain Isolation Zones](planning-domain-isolation-zones.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the GPOs and connection security rules for the isolated domain.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the GPOs and connection security rules for the boundary zone.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the GPOs and connection security rules for the encryption zone.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the GPOs and connection security rules for the isolated server zone.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy rules and settings to your computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>After you confirm that network traffic is authenticated by IPsec, you can change authentication rules for the isolated domain and encryption zone from request to require mode.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
+>**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
 
+The procedures in this section use the Group Policy MMC snap-ins to configure the GPOs, but you can also use Windows PowerShell to configure GPOs. For more info, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md).
 
+**Checklist: Implementing a domain isolation policy design**
 
+| Task | Reference |
+| - | - |
+| Review important concepts and examples for the domain isolation policy design, determine your Windows Firewall with Advanced Security deployment goals, and customize this design to meet the needs of your organization.| [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Domain Isolation Policy Design](domain-isolation-policy-design.md)<br/>[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md)<br/>[Planning Domain Isolation Zones](planning-domain-isolation-zones.md) |
+| Create the GPOs and connection security rules for the isolated domain.| [Checklist: Configuring Rules for the Isolated Domain](checklist-configuring-rules-for-the-isolated-domain.md)| 
+| Create the GPOs and connection security rules for the boundary zone.| [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)| 
+| Create the GPOs and connection security rules for the encryption zone.| [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)| 
+| Create the GPOs and connection security rules for the isolated server zone.| [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)| 
+| According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy rules and settings to your computers.| [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)| 
+| After you confirm that network traffic is authenticated by IPsec, you can change authentication rules for the isolated domain and encryption zone from request to require mode.| [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)| 
diff --git a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
index be94daaa5c..ba750e4d59 100644
--- a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -2,82 +2,32 @@
 title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows 10)
 description: Checklist Implementing a Standalone Server Isolation Policy Design
 ms.assetid: 50a997d8-f079-408c-8ac6-ecd02078ade3
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Checklist: Implementing a Standalone Server Isolation Policy Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This checklist contains procedures for creating a server isolation policy design that is not part of an isolated domain. For the steps required to create an isolated server zone within an isolated domain, see [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md).
 
 This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
-**Note**  
-Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
-
-The procedures in this section use the Group Policy MMC snap-in interfaces to configure the GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](http://technet.microsoft.com/library/hh831755.aspx) at http://technet.microsoft.com/library/hh831755.aspx.
-
- 
-
-![checklist](images/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif) **Checklist: Implementing a standalone server isolation policy design**
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th></th>
-<th>Task</th>
-<th>Reference</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Review important concepts and examples for the server isolation policy design to determine if this design meets your deployment goals and the needs of your organization.</p></td>
-<td><p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Server Isolation Policy Design](server-isolation-policy-design.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)</p>
-<p><img src="images/faa393df-4856-4431-9eda-4f4e5be72a90.gif" alt="Conceptual topic" />[Planning Server Isolation Zones](planning-server-isolation-zones.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the GPOs and connection security rules for isolated servers.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Create the GPOs and connection security rules for the client computers that must connect to the isolated servers.</p></td>
-<td><p><img src="images/bc6cea1a-1c6c-4124-8c8f-1df5adfe8c88.gif" alt="Checklist topic" />[Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>Verify that the connection security rules are protecting network traffic on your test computers.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)</p></td>
-</tr>
-<tr class="odd">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>After you confirm that network traffic is authenticated by IPsec as expected, you can change authentication rules for the isolated server zone to require authentication instead of requesting it.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)</p></td>
-</tr>
-<tr class="even">
-<td><p><img src="images/wfas-icon-checkbox.gif" alt="_" /></p></td>
-<td><p>According to the testing and roll-out schedule in your design plan, add computer accounts for the client computers to the membership group so that you can deploy the settings.</p></td>
-<td><p><img src="images/15dd35b6-6cc6-421f-93f8-7109920e7144.gif" alt="Procedure topic" />[Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
+>**Note:**  Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
 
+**Checklist: Implementing a standalone server isolation policy design**
 
+| Task | Reference |
+| - | - |
+| Review important concepts and examples for the server isolation policy design to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Server Isolation Policy Design](server-isolation-policy-design.md)<br/>[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)<br/>[Planning Server Isolation Zones](planning-server-isolation-zones.md) |
+| Create the GPOs and connection security rules for isolated servers.| [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)| 
+| Create the GPOs and connection security rules for the client computers that must connect to the isolated servers. | [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)| 
+| Verify that the connection security rules are protecting network traffic on your test computers. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
+| After you confirm that network traffic is authenticated by IPsec as expected, you can change authentication rules for the isolated server zone to require authentication instead of requesting it. | [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)| 
+| According to the testing and roll-out schedule in your design plan, add computer accounts for the client computers to the membership group so that you can deploy the settings. | [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md) |
diff --git a/windows/keep-secure/determining-the-trusted-state-of-your-computers.md b/windows/keep-secure/determining-the-trusted-state-of-your-computers.md
deleted file mode 100644
index 4e2b3f8fd2..0000000000
--- a/windows/keep-secure/determining-the-trusted-state-of-your-computers.md
+++ /dev/null
@@ -1,184 +0,0 @@
----
-title: Determining the Trusted State of Your Computers (Windows 10)
-description: Determining the Trusted State of Your Computers
-ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2
-author: brianlic-msft
----
-
-# Determining the Trusted State of Your Computers
-
-
-After obtaining information about the computers that are currently part of the IT infrastructure, you must determine at what point a computer is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this can lead to problems with the security of the trusted environment, because the overall security cannot exceed the level of security set by the least secure client that achieves trusted status.
-
-**Note**  
-In this context, the term *trust* has nothing to do with an Active Directory trust relationship between domains. The trusted state of your computers just indicates the level of risk that you believe the computer brings to the network. Trusted computers bring little risk whereas untrusted computers can potentially bring great risk.
-
- 
-
-## Trust states
-
-
-To understand this concept, consider the four basic states that apply to computers in a typical IT infrastructure. These states are (in order of risk, lowest risk first):
-
--   Trusted
-
--   Trustworthy
-
--   Known, untrusted
-
--   Unknown, untrusted
-
-The remainder of this section defines these states and how to determine which computers in your organization belong in each state.
-
-### <a href="" id="bkmk-1"></a>Trusted state
-
-Classifying a computer as trusted means that the computer's security risks are managed, but it does not imply that it is perfectly secure or invulnerable. The responsibility for this managed state falls to the IT and security administrators, in addition to the users who are responsible for the configuration of the computer. A trusted computer that is poorly managed will likely become a point of weakness for the network.
-
-When a computer is considered trusted, other trusted computers can reasonably assume that the computer will not initiate a malicious act. For example, trusted computers can expect that other trusted computers will not run a virus that attacks them, because all trusted computers are required to use mechanisms (such as antivirus software) to mitigate the threat of viruses.
-
-Spend some time defining the goals and technology requirements that your organization considers appropriate as the minimum configuration for a computer to obtain trusted status.
-
-A possible list of technology requirements might include the following:
-
--   **Operating system.** A trusted client computer should run Windows 8, Windows 7, or Windows Vista. A trusted server should run Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008.
-
--   **Domain membership.** A trusted computer will belong to a managed Active Directory domain, which means that the IT department has security management rights and can configure member computers by using Group Policy.
-
--   **Management client.** All trusted computers must run a specific network management client to allow for centralized management and control of security policies, configurations, and software. Microsoft System Center Configuration Manager is one such management system with an appropriate client. For more information, see [System Center Configuration Manager](http://technet.microsoft.com/systemcenter/bb507744.aspx) at http://technet.microsoft.com/systemcenter/bb507744.aspx.
-
--   **Antivirus software.** All trusted computers will run antivirus software that is configured to check for and automatically update the latest virus signature files daily. Microsoft ForeFront Endpoint Protection is one such antivirus software program. For more information, see [ForeFront Endpoint Protection](http://technet.microsoft.com/forefront/ee822838.aspx) at http://technet.microsoft.com/forefront/ee822838.aspx.
-
--   **File system.** All trusted computers will be configured to use the NTFS file system.
-
--   **BIOS settings.** All trusted portable computers will be configured to use a BIOS-level password that is under the management of the IT support team.
-
--   **Password requirements.** Trusted clients must use strong passwords.
-
-It is important to understand that the trusted state is not constant; it is a transient state that is subject to changing security standards and compliance with those standards. New threats and new defenses emerge constantly. For this reason, the organization's management systems must continually check the trusted computers to ensure ongoing compliance. Additionally, the management systems must be able to issue updates or configuration changes if they are required to help maintain the trusted status.
-
-A computer that continues to meet all these security requirements can be considered trusted. However it is possible that most computers that were identified in the discovery process discussed earlier do not meet these requirements. Therefore, you must identify which computers can be trusted and which ones cannot. To help with this process, you use the intermediate *trustworthy* state. The remainder of this section discusses the different states and their implications.
-
-### <a href="" id="bkmk-2"></a>Trustworthy state
-
-It is useful to identify as soon as possible those computers in your current infrastructure that can achieve a trusted state. A *trustworthy state* can be assigned to indicate that the current computer can physically achieve the trusted state with required software and configuration changes.
-
-For each computer that is assigned a trustworthy status, make an accompanying configuration note that states what is required to enable the computer to achieve trusted status. This information is especially important to both the project design team (to estimate the costs of adding the computer to the solution) and the support staff (to enable them to apply the required configuration).
-
-Generally, trustworthy computers fall into one of the following two groups:
-
--   **Configuration required.** The current hardware, operating system, and software enable the computer to achieve a trustworthy state. However, additional configuration changes are required. For example, if the organization requires a secure file system before a computer can be considered trusted, a computer that uses a FAT32-formatted hard disk does not meet this requirement.
-
--   **Upgrade required.** These computers require upgrades before they can be considered trusted. The following list provides some examples of the type of upgrade these computers might require:
-
-    -   **Operating system upgrade required.** If the computer's current operating system cannot support the security needs of the organization, an upgrade would be required before the computer could achieve a trusted state.
-
-    -   **Software required.** A computer that is missing a required security application, such as an antivirus scanner or a management client, cannot be considered trusted until these applications are installed and active.
-
-    -   **Hardware upgrade required.** In some cases, a computer might require a specific hardware upgrade before it can achieve trusted status. This type of computer usually needs an operating system upgrade or additional software that forces the required hardware upgrade. For example, security software might require additional hard disk space on the computer.
-
-    -   **Computer replacement required.** This category is reserved for computers that cannot support the security requirements of the solution because their hardware cannot support the minimum acceptable configuration. For example, a computer that cannot run a secure operating system because it has an old processor (such as a 100-megahertz \[MHz\] x86-based computer).
-
-Use these groups to assign costs for implementing the solution on the computers that require upgrades.
-
-### <a href="" id="bkmk-3"></a>Known, untrusted state
-
-During the process of categorizing an organization's computers, you will identify some computers that cannot achieve trusted status for specific well-understood and well-defined reasons. These reasons might include the following types:
-
--   **Financial.** The funding is not available to upgrade the hardware or software for this computer.
-
--   **Political.** The computer must remain in an untrusted state because of a political or business situation that does not enable it to comply with the stated minimum security requirements of the organization. It is highly recommended that you contact the business owner or independent software vendor (ISV) for the computer to discuss the added value of server and domain isolation.
-
--   **Functional.** The computer must run a nonsecure operating system or must operate in a nonsecure manner to perform its role. For example, the computer might be required to run an older operating system because a specific line of business application will only work on that operating system.
-
-There can be multiple functional reasons for a computer to remain in the known untrusted state. The following list includes several examples of functional reasons that can lead to a classification of this state:
-
--   **Computers that run unsupported versions of Windows.** This includes Windows XP, Windows Millennium Edition, Windows 98, Windows 95, or Windows NT. Computers that run these versions of the Windows operating system cannot be classified as trustworthy because these operating systems do not support the required security infrastructure. For example, although Windows NT does support a basic security infrastructure, it does not support “deny” ACLs on local resources, any way to ensure the confidentiality and integrity of network communications, smart cards for strong authentication, or centralized management of computer configurations (although limited central management of user configurations is supported).
-
--   **Stand-alone computers.** Computers running any version of Windows that are configured as stand-alone computers or as members of a workgroup usually cannot achieve a trustworthy state. Although these computers fully support the minimum required basic security infrastructure, the required security management capabilities are unlikely to be available when the computer is not a part of a trusted domain.
-
--   **Computers in an untrusted domain.** A computer that is a member of a domain that is not trusted by an organization's IT department cannot be classified as trusted. An untrusted domain is a domain that cannot provide the required security capabilities to its members. Although the operating systems of computers that are members of this untrusted domain might fully support the minimum required basic security infrastructure, the required security management capabilities cannot be fully guaranteed when computers are not in a trusted domain.
-
-### <a href="" id="bkmk-4"></a>Unknown, untrusted state
-
-The unknown, untrusted state should be considered the default state for all computers. Because computers in this state have a configuration that is unknown, you can assign no trust to them. All planning for computers in this state must assume that the computer is an unacceptable risk to the organization. Designers of the solution should strive to minimize the impact that the computers in this state can have on their organizations.
-
-## Capturing upgrade costs for current computers
-
-
-The final step in this part of the process is to record the approximate cost of upgrading the computers to a point that they can participate in the server and domain isolation design. You must make several key decisions during the design phase of the project that require answers to the following questions:
-
--   Does the computer meet the minimum hardware requirements necessary for isolation?
-
--   Does the computer meet the minimum software requirements necessary for isolation?
-
--   What configuration changes must be made to integrate this computer into the isolation solution?
-
--   What is the projected cost or impact of making the proposed changes to enable the computer to achieve a trusted state?
-
-By answering these questions, you can quickly determine the level of effort and approximate cost of bringing a particular computer or group of computers into the scope of the project. It is important to remember that the state of a computer is transitive, and that by performing the listed remedial actions you can change the state of a computer from untrusted to trusted. After you decide whether to place a computer in a trusted state, you are ready to begin planning and designing the isolation groups, which the next section [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) discusses.
-
-The following table is an example of a data sheet that you could use to help capture the current state of a computer and what would be required for the computer to achieve a trusted state.
-
-<table style="width:100%;">
-<colgroup>
-<col width="16%" />
-<col width="16%" />
-<col width="16%" />
-<col width="16%" />
-<col width="16%" />
-<col width="16%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th><strong>Computer name</strong></th>
-<th><strong>Hardware reqs met</strong></th>
-<th><strong>Software reqs met</strong></th>
-<th><strong>Configuration required</strong></th>
-<th><strong>Details</strong></th>
-<th><strong>Projected cost</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>CLIENT001</p></td>
-<td><p>No</p></td>
-<td><p>No</p></td>
-<td><p>Upgrade hardware and software.</p></td>
-<td><p>Current operating system is Windows XP. Old hardware is not compatible with Windows 8.</p></td>
-<td><p>$??</p></td>
-</tr>
-<tr class="even">
-<td><p>SERVER001</p></td>
-<td><p>Yes</p></td>
-<td><p>No</p></td>
-<td><p>Join trusted domain and upgrade from Windows Server 2003 to Windows Server 2012.</p></td>
-<td><p>No antivirus software present.</p></td>
-<td><p>$??</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-In the previous table, the computer CLIENT001 is currently "known, untrusted" because its hardware must be upgraded. However, it could be considered trustworthy if the required upgrades are possible. However, if many computers require the same upgrades, the overall cost of the solution would be much higher.
-
-The computer SERVER001 is "trustworthy" because it meets the hardware requirements but its operating system must be upgraded. It also requires antivirus software. The projected cost is the amount of effort that is required to upgrade the operating system and install antivirus software, along with their purchase costs.
-
-With the other information that you have gathered in this section, this information will be the foundation of the efforts performed later in the [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) section.
-
-The costs identified in this section only capture the projected cost of the computer upgrades. Many additional design, support, test, and training costs should be accounted for in the overall project plan.
-
-For more information about how to configure firewalls to support IPsec, see "Configuring Firewalls" at <http://go.microsoft.com/fwlink/?linkid=69783>.
-
-For more information about WMI, see "Windows Management Instrumentation" at <http://go.microsoft.com/fwlink/?linkid=110483>.
-
-**Next: **[Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/determining-the-trusted-state-of-your-devices.md b/windows/keep-secure/determining-the-trusted-state-of-your-devices.md
new file mode 100644
index 0000000000..8bbd75608d
--- /dev/null
+++ b/windows/keep-secure/determining-the-trusted-state-of-your-devices.md
@@ -0,0 +1,139 @@
+---
+title: Determining the Trusted State of Your Devices (Windows 10)
+description: Determining the Trusted State of Your Devices
+ms.assetid: 3e77f0d0-43aa-47dd-8518-41ccdab2f2b2
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Determining the Trusted State of Your Devices
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+After obtaining information about the devices that are currently part of the IT infrastructure, you must determine at what point a device is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this can lead to problems with the security of the trusted environment, because the overall security cannot exceed the level of security set by the least secure client that achieves trusted status.
+
+>**Note:**  In this context, the term *trust* has nothing to do with an Active Directory trust relationship between domains. The trusted state of your devices just indicates the level of risk that you believe the device brings to the network. Trusted devices bring little risk whereas untrusted devices can potentially bring great risk.
+
+## Trust states
+
+
+To understand this concept, consider the four basic states that apply to devices in a typical IT infrastructure. These states are (in order of risk, lowest risk first):
+
+-   Trusted
+
+-   Trustworthy
+
+-   Known, untrusted
+
+-   Unknown, untrusted
+
+The remainder of this section defines these states and how to determine which devices in your organization belong in each state.
+
+### Trusted state
+
+Classifying a device as trusted means that the device's security risks are managed, but it does not imply that it is perfectly secure or invulnerable. The responsibility for this managed state falls to the IT and security administrators, in addition to the users who are responsible for the configuration of the device. A trusted device that is poorly managed will likely become a point of weakness for the network.
+
+When a device is considered trusted, other trusted devices can reasonably assume that the device will not initiate a malicious act. For example, trusted devices can expect that other trusted devices will not run a virus that attacks them, because all trusted devices are required to use mechanisms (such as antivirus software) to mitigate the threat of viruses.
+
+Spend some time defining the goals and technology requirements that your organization considers appropriate as the minimum configuration for a device to obtain trusted status.
+
+A possible list of technology requirements might include the following:
+
+-   **Operating system.** A trusted client device should run at least Windows Vista. A trusted server should run at least Windows Server 2008.
+
+-   **Domain membership.** A trusted device will belong to a managed Active Directory domain, which means that the IT department has security management rights and can configure member devices by using Group Policy.
+
+-   **Management client.** All trusted devices must run a specific network management client to allow for centralized management and control of security policies, configurations, and software. Configuration Manager is one such management system with an appropriate client.
+
+-   **Antivirus software.** All trusted devices will run antivirus software that is configured to check for and automatically update the latest virus signature files daily.
+
+-   **File system.** All trusted devices will be configured to use the NTFS file system.
+
+-   **BIOS settings.** All trusted portable devices will be configured to use a BIOS-level password that is under the management of the IT support team.
+
+-   **Password requirements.** Trusted clients must use strong passwords.
+
+It is important to understand that the trusted state is not constant; it is a transient state that is subject to changing security standards and compliance with those standards. New threats and new defenses emerge constantly. For this reason, the organization's management systems must continually check the trusted devices to ensure ongoing compliance. Additionally, the management systems must be able to issue updates or configuration changes if they are required to help maintain the trusted status.
+
+A device that continues to meet all these security requirements can be considered trusted. However it is possible that most devices that were identified in the discovery process discussed earlier do not meet these requirements. Therefore, you must identify which devices can be trusted and which ones cannot. To help with this process, you use the intermediate *trustworthy* state. The remainder of this section discusses the different states and their implications.
+
+### Trustworthy state
+
+It is useful to identify as soon as possible those devices in your current infrastructure that can achieve a trusted state. A *trustworthy state* can be assigned to indicate that the current device can physically achieve the trusted state with required software and configuration changes.
+
+For each device that is assigned a trustworthy status, make an accompanying configuration note that states what is required to enable the device to achieve trusted status. This information is especially important to both the project design team (to estimate the costs of adding the device to the solution) and the support staff (to enable them to apply the required configuration).
+
+Generally, trustworthy devices fall into one of the following two groups:
+
+-   **Configuration required.** The current hardware, operating system, and software enable the device to achieve a trustworthy state. However, additional configuration changes are required. For example, if the organization requires a secure file system before a device can be considered trusted, a device that uses a FAT32-formatted hard disk does not meet this requirement.
+
+-   **Upgrade required.** These devices require upgrades before they can be considered trusted. The following list provides some examples of the type of upgrade these devices might require:
+
+    -   **Operating system upgrade required.** If the device's current operating system cannot support the security needs of the organization, an upgrade would be required before the device could achieve a trusted state.
+
+    -   **Software required.** A device that is missing a required security application, such as an antivirus scanner or a management client, cannot be considered trusted until these applications are installed and active.
+
+    -   **Hardware upgrade required.** In some cases, a device might require a specific hardware upgrade before it can achieve trusted status. This type of device usually needs an operating system upgrade or additional software that forces the required hardware upgrade. For example, security software might require additional hard disk space on the device.
+
+    -   **Device replacement required.** This category is reserved for devices that cannot support the security requirements of the solution because their hardware cannot support the minimum acceptable configuration. For example, a device that cannot run a secure operating system because it has an old processor (such as a 100-megahertz \[MHz\] x86-based device).
+
+Use these groups to assign costs for implementing the solution on the devices that require upgrades.
+
+### Known, untrusted state
+
+During the process of categorizing an organization's devices, you will identify some devices that cannot achieve trusted status for specific well-understood and well-defined reasons. These reasons might include the following types:
+
+-   **Financial.** The funding is not available to upgrade the hardware or software for this device.
+
+-   **Political.** The device must remain in an untrusted state because of a political or business situation that does not enable it to comply with the stated minimum security requirements of the organization. It is highly recommended that you contact the business owner or independent software vendor (ISV) for the device to discuss the added value of server and domain isolation.
+
+-   **Functional.** The device must run a nonsecure operating system or must operate in a nonsecure manner to perform its role. For example, the device might be required to run an older operating system because a specific line of business application will only work on that operating system.
+
+There can be multiple functional reasons for a device to remain in the known untrusted state. The following list includes several examples of functional reasons that can lead to a classification of this state:
+
+-   **Devices that run unsupported versions of Windows.** This includes Windows XP, Windows Millennium Edition, Windows 98, Windows 95, or Windows NT. Devices that run these versions of the Windows operating system cannot be classified as trustworthy because these operating systems do not support the required security infrastructure. For example, although Windows NT does support a basic security infrastructure, it does not support “deny” ACLs on local resources, any way to ensure the confidentiality and integrity of network communications, smart cards for strong authentication, or centralized management of device configurations (although limited central management of user configurations is supported).
+
+-   **Stand-alone devices.** Devices running any version of Windows that are configured as stand-alone devices or as members of a workgroup usually cannot achieve a trustworthy state. Although these devices fully support the minimum required basic security infrastructure, the required security management capabilities are unlikely to be available when the device is not a part of a trusted domain.
+
+-   **Devices in an untrusted domain.** A device that is a member of a domain that is not trusted by an organization's IT department cannot be classified as trusted. An untrusted domain is a domain that cannot provide the required security capabilities to its members. Although the operating systems of devices that are members of this untrusted domain might fully support the minimum required basic security infrastructure, the required security management capabilities cannot be fully guaranteed when devices are not in a trusted domain.
+
+### Unknown, untrusted state
+
+The unknown, untrusted state should be considered the default state for all devices. Because devices in this state have a configuration that is unknown, you can assign no trust to them. All planning for devices in this state must assume that the device is an unacceptable risk to the organization. Designers of the solution should strive to minimize the impact that the devices in this state can have on their organizations.
+
+## Capturing upgrade costs for current devices
+
+
+The final step in this part of the process is to record the approximate cost of upgrading the devices to a point that they can participate in the server and domain isolation design. You must make several key decisions during the design phase of the project that require answers to the following questions:
+
+-   Does the device meet the minimum hardware requirements necessary for isolation?
+
+-   Does the device meet the minimum software requirements necessary for isolation?
+
+-   What configuration changes must be made to integrate this device into the isolation solution?
+
+-   What is the projected cost or impact of making the proposed changes to enable the device to achieve a trusted state?
+
+By answering these questions, you can quickly determine the level of effort and approximate cost of bringing a particular device or group of devices into the scope of the project. It is important to remember that the state of a device is transitive, and that by performing the listed remedial actions you can change the state of a device from untrusted to trusted. After you decide whether to place a device in a trusted state, you are ready to begin planning and designing the isolation groups, which the next section [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) discusses.
+
+The following table is an example of a data sheet that you could use to help capture the current state of a device and what would be required for the device to achieve a trusted state.
+
+| Device name | Hardware reqs met | Software reqs met | Configuration required | Details | Projected cost |
+| - | - | - | - | - | - |
+| CLIENT001 | No| No| Upgrade hardware and software.| Current operating system is Windows XP. Old hardware is not compatible with newer versions of Windows.| $??| 
+| SERVER001 | Yes| No| Join trusted domain and upgrade from Windows Server 2003 to Windows Server 2012.| No antivirus software present.| $??| 
+
+In the previous table, the device CLIENT001 is currently "known, untrusted" because its hardware must be upgraded. However, it could be considered trustworthy if the required upgrades are possible. However, if many devices require the same upgrades, the overall cost of the solution would be much higher.
+
+The device SERVER001 is "trustworthy" because it meets the hardware requirements but its operating system must be upgraded. It also requires antivirus software. The projected cost is the amount of effort that is required to upgrade the operating system and install antivirus software, along with their purchase costs.
+
+With the other information that you have gathered in this section, this information will be the foundation of the efforts performed later in the [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) section.
+
+The costs identified in this section only capture the projected cost of the device upgrades. Many additional design, support, test, and training costs should be accounted for in the overall project plan.
+
+**Next: **[Planning Your Windows Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md)
diff --git a/windows/keep-secure/documenting-the-zones.md b/windows/keep-secure/documenting-the-zones.md
index d15b2fd6c4..88e67e80c4 100644
--- a/windows/keep-secure/documenting-the-zones.md
+++ b/windows/keep-secure/documenting-the-zones.md
@@ -2,84 +2,26 @@
 title: Documenting the Zones (Windows 10)
 description: Documenting the Zones
 ms.assetid: ebd7a650-4d36-42d4-aac0-428617f5a32d
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Documenting the Zones
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Firewall with Advanced Security Strategy section. A sample is shown here:
 
-<table style="width:100%;">
-<colgroup>
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Host name</th>
-<th>Hardware reqs met</th>
-<th>Software reqs met</th>
-<th>Configuration required</th>
-<th>Details</th>
-<th>Projected cost</th>
-<th>Group</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>CLIENT001</p></td>
-<td><p>No</p></td>
-<td><p>No</p></td>
-<td><p>Upgrade hardware and software.</p></td>
-<td><p>Current operating system is Windows XP. Old hardware not compatible with Windows 8.</p></td>
-<td><p>$??</p></td>
-<td><p>Isolated domain</p></td>
-</tr>
-<tr class="even">
-<td><p>SERVER002</p></td>
-<td><p>Yes</p></td>
-<td><p>No</p></td>
-<td><p>Join trusted domain, upgrade from Windows Server 2008 to Windows Server 2012</p></td>
-<td><p>No antivirus software present.</p></td>
-<td><p>$??</p></td>
-<td><p>Encryption</p></td>
-</tr>
-<tr class="odd">
-<td><p>SENSITIVE001</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
-<td><p>Not required.</p></td>
-<td><p>Running Windows Server 2012. Ready for inclusion.</p></td>
-<td><p>$0</p></td>
-<td><p>Isolated server (in zone by itself)</p></td>
-</tr>
-<tr class="even">
-<td><p>PRINTSVR1</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
-<td><p>Not required.</p></td>
-<td><p>Running Windows Server 2008 R2. Ready for inclusion.</p></td>
-<td><p>$0</p></td>
-<td><p>Boundary</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+| Host name | Hardware reqs met | Software reqs met | Configuration required | Details | Projected cost | Group |
+| - | - | - | - | - | - |
+| CLIENT001 | No| No| Upgrade hardware and software.| Current operating system is Windows XP. Old hardware not compatible with newer versions of Windows.| $??| Isolated domain| 
+| SERVER002 | Yes| No| Join trusted domain, upgrade from Windows Server 2008 to at least Windows Server 2012| No antivirus software present.| $??| Encryption| 
+| SENSITIVE001 | Yes| Yes| Not required.| Running Windows Server 2012. Ready for inclusion.| $0| Isolated server (in zone by itself)| 
+| PRINTSVR1 | Yes| Yes| Not required.| Running Windows Server 2008 R2. Ready for inclusion.| $0| Boundary| 
 
 **Next: **[Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/encryption-zone-gpos.md b/windows/keep-secure/encryption-zone-gpos.md
index a02f4037c8..dcb49121a4 100644
--- a/windows/keep-secure/encryption-zone-gpos.md
+++ b/windows/keep-secure/encryption-zone-gpos.md
@@ -2,23 +2,21 @@
 title: Encryption Zone GPOs (Windows 10)
 description: Encryption Zone GPOs
 ms.assetid: eeb973dd-83a5-4381-9af9-65c43c98c29b
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Encryption Zone GPOs
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Handle encryption zones in a similar manner to the boundary zones. A computer is added to an encryption zone by adding the computer account to the encryption zone group. Woodgrove Bank has a single service that must be protected, and the computers that are running that service are added to the group CG\_DOMISO\_Encryption. This group is granted Read and Apply Group Policy permissions in on the GPO described in this section.
-
-The GPO is only for server versions of Windows. Client computers are not expected to participate in the encryption zone. If the need for one occurs, either create a new GPO for that version of Windows, or expand the WMI filter attached to one of the existing encryption zone GPOs to make it apply to the client version of Windows.
-
--   [GPO\_DOMISO\_Encryption\_WS2008](gpo-domiso-encryption-ws2008.md)
-
- 
-
- 
-
-
-
+Handle encryption zones in a similar manner to the boundary zones. A device is added to an encryption zone by adding the device account to the encryption zone group. Woodgrove Bank has a single service that must be protected, and the devices that are running that service are added to the group CG\_DOMISO\_Encryption. This group is granted Read and Apply Group Policy permissions in on the GPO described in this section.
 
+The GPO is only for server versions of Windows. Client devices are not expected to participate in the encryption zone. If the need for one occurs, either create a new GPO for that version of Windows, or expand the WMI filter attached to one of the existing encryption zone GPOs to make it apply to the client version of Windows.
 
+-   [GPO\_DOMISO\_Encryption](gpo-domiso-encryption.md)
diff --git a/windows/keep-secure/encryption-zone.md b/windows/keep-secure/encryption-zone.md
index 54a7dfeb35..f6fd2aacd4 100644
--- a/windows/keep-secure/encryption-zone.md
+++ b/windows/keep-secure/encryption-zone.md
@@ -2,24 +2,31 @@
 title: Encryption Zone (Windows 10)
 description: Encryption Zone
 ms.assetid: 55a025ce-357f-4d1b-b2ae-6ee32c9abe13
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Encryption Zone
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Some servers in the organization host data that is very sensitive, including medical, financial, or other personally identifying data. Government or industry regulations might require that this sensitive information must be encrypted when it is transferred between computers.
+Some servers in the organization host data that is very sensitive, including medical, financial, or other personally identifying data. Government or industry regulations might require that this sensitive information must be encrypted when it is transferred between devices.
 
-To support the additional security requirements of these servers, we recommend that you create an encryption zone to contain the computers and that requires that the sensitive inbound and outbound network traffic be encrypted.
+To support the additional security requirements of these servers, we recommend that you create an encryption zone to contain the devices and that requires that the sensitive inbound and outbound network traffic be encrypted.
 
 You must create a group in Active Directory to contain members of the encryption zone. The settings and rules for the encryption zone are typically similar to those for the isolated domain, and you can save time and effort by copying those GPOs to serve as a starting point. You then modify the security methods list to include only algorithm combinations that include encryption protocols.
 
 Creation of the group and how to link it to the GPOs that apply the rules to members of the group are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
-## GPO settings for encryption zone servers running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+## GPO settings for encryption zone servers running at least Windows Server 2008
 
 
-The GPO for computers that are running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008 should include the following:
+The GPO for devices that are running at least Windows Server 2008 should include the following:
 
 -   IPsec default settings that specify the following options:
 
@@ -31,16 +38,16 @@ The GPO for computers that are running Windows Server 2012, Windows Server 2008
 
         If any NAT devices are present on your networks, use ESP encapsulation..
 
-    4.  Authentication methods. Include at least computer-based Kerberos V5 authentication. If you want to use user-based access to isolated servers then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members cannot use Kerberos V5 authentication, then you must include certificate-based authentication as an optional authentication method.
+    4.  Authentication methods. Include at least device-based Kerberos V5 authentication. If you want to use user-based access to isolated servers then you must also include user-based Kerberos V5 authentication as an optional authentication method. Likewise, if any of your domain isolation members cannot use Kerberos V5 authentication, then you must include certificate-based authentication as an optional authentication method.
 
 -   The following connection security rules:
 
-    -   A connection security rule that exempts all computers on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, if applicable in your environment.
+    -   A connection security rule that exempts all devices on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, if applicable in your environment.
 
     -   A connection security rule, from any IP address to any, that requires inbound and requests outbound authentication using the default authentication specified earlier in this policy.
 
         **Important**  
-        Be sure to begin operations by using request in and request out behavior until you are sure that all the computers in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the GPO to require in, request out.
+        Be sure to begin operations by using request in and request out behavior until you are sure that all the devices in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the GPO to require in, request out.
 
          
 
@@ -48,20 +55,8 @@ The GPO for computers that are running Windows Server 2012, Windows Server 2008
 
     -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
 
-    **Note**  
-    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
+    >**Note:**  For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
 
-     
-
--   If domain member computers must communicate with computers in the encryption zone, ensure that you include in the isolated domain GPOs quick mode combinations that are compatible with the requirements of the encryption zone GPOs.
+-   If domain member devices must communicate with devices in the encryption zone, ensure that you include in the isolated domain GPOs quick mode combinations that are compatible with the requirements of the encryption zone GPOs.
 
 **Next: **[Planning Server Isolation Zones](planning-server-isolation-zones.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/exemption-list.md b/windows/keep-secure/exemption-list.md
index 0a1aea9187..3ebf7a465b 100644
--- a/windows/keep-secure/exemption-list.md
+++ b/windows/keep-secure/exemption-list.md
@@ -2,29 +2,36 @@
 title: Exemption List (Windows 10)
 description: Exemption List
 ms.assetid: a05e65b4-b48d-44b1-a7f1-3a8ea9c19ed8
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Exemption List
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-When you implement a server and domain isolation security model in your organization, you are likely to find some additional challenges. Key infrastructure servers such as DNS servers and DHCP servers typically must be available to all computers on the internal network, yet secured from network attacks. However, if they must remain available to all computers on the network, not just to isolated domain members, then these servers cannot require IPsec for inbound access, nor can they use IPsec transport mode for outbound traffic.
+When you implement a server and domain isolation security model in your organization, you are likely to find some additional challenges. Key infrastructure servers such as DNS servers and DHCP servers typically must be available to all devicess on the internal network, yet secured from network attacks. However, if they must remain available to all devicess on the network, not just to isolated domain members, then these servers cannot require IPsec for inbound access, nor can they use IPsec transport mode for outbound traffic.
 
-In addition to the infrastructure servers mentioned earlier, there might also be other servers on the network that trusted computers cannot use IPsec to access, which would be added to the exemption list.
+In addition to the infrastructure servers mentioned earlier, there might also be other servers on the network that trusted devices cannot use IPsec to access, which would be added to the exemption list.
 
-Generally, the following conditions are reasons to consider adding a computer to the exemption list:
+Generally, the following conditions are reasons to consider adding a device to the exemption list:
 
--   If the computer must be accessed by trusted computers but it does not have a compatible IPsec implementation.
+-   If the device must be accessed by trusted devices but it does not have a compatible IPsec implementation.
 
--   If the computer must provide services to both trusted and untrusted computers, but does not meet the criteria for membership in the boundary zone.
+-   If the device must provide services to both trusted and untrusted devices, but does not meet the criteria for membership in the boundary zone.
 
--   If the computer must be accessed by trusted computers from different isolated domains that do not have an Active Directory trust relationship established with each other.
+-   If the device must be accessed by trusted devices from different isolated domains that do not have an Active Directory trust relationship established with each other.
 
--   If the computer is a domain controller running version of Windows earlier than Windows Server 2008, or if any of its clients are running a version of Windows earlier than Windows Vista.
+-   If the device is a domain controller running version of Windows earlier than Windows Server 2008, or if any of its clients are running a version of Windows earlier than Windows Vista.
 
--   If the computer must support trusted and untrusted computers, but cannot use IPsec to help secure communications to trusted computers.
+-   If the device must support trusted and untrusted devices, but cannot use IPsec to help secure communications to trusted devices.
 
-For large organizations, the list of exemptions might grow very large if all the exemptions are implemented by one connection security rule for the whole domain or for all trusted forests. If you can require all computers in your isolated domain to run at least Windows Vista or Windows Server 2008, you can greatly reduce the size of this list. A large exemption list has several unwanted effects on every computer that receives the GPO, including the following:
+For large organizations, the list of exemptions might grow very large if all the exemptions are implemented by one connection security rule for the whole domain or for all trusted forests. If you can require all devices in your isolated domain to run at least Windows Vista or Windows Server 2008, you can greatly reduce the size of this list. A large exemption list has several unwanted effects on every device that receives the GPO, including the following:
 
 -   Reduces the overall effectiveness of isolation.
 
@@ -43,12 +50,3 @@ To keep the number of exemptions as small as possible, you have several options:
 As with defining the boundary zone, create a formal process to approve hosts being added to the exemption list. For a model of processing requests for exemptions, see the decision flowchart in the [Boundary Zone](boundary-zone.md) section.
 
 **Next: **[Isolated Domain](isolated-domain.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/firewall-gpos.md b/windows/keep-secure/firewall-gpos.md
index 95375afd70..b264a38993 100644
--- a/windows/keep-secure/firewall-gpos.md
+++ b/windows/keep-secure/firewall-gpos.md
@@ -2,23 +2,21 @@
 title: Firewall GPOs (Windows 10)
 description: Firewall GPOs
 ms.assetid: 720645fb-a01f-491e-8d05-c9c6d5e28033
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Firewall GPOs
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-All the computers on Woodgrove Bank's network that run Windows are part of the isolated domain, except domain controllers. To configure firewall rules, the GPO described in this section is linked to the domain container in the Active Directory OU hierarchy, and then filtered by using security group filters and WMI filters.
+All the devices on Woodgrove Bank's network that run Windows are part of the isolated domain, except domain controllers. To configure firewall rules, the GPO described in this section is linked to the domain container in the Active Directory OU hierarchy, and then filtered by using security group filters and WMI filters.
 
 The GPO created for the example Woodgrove Bank scenario include the following:
 
 -   [GPO\_DOMISO\_Firewall](gpo-domiso-firewall.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/gpo-domiso-boundary-ws2008.md b/windows/keep-secure/gpo-domiso-boundary.md
similarity index 60%
rename from windows/keep-secure/gpo-domiso-boundary-ws2008.md
rename to windows/keep-secure/gpo-domiso-boundary.md
index feafd79586..22db5273b8 100644
--- a/windows/keep-secure/gpo-domiso-boundary-ws2008.md
+++ b/windows/keep-secure/gpo-domiso-boundary.md
@@ -1,26 +1,32 @@
 ---
-title: GPO\_DOMISO\_Boundary\_WS2008 (Windows 10)
-description: GPO\_DOMISO\_Boundary\_WS2008
+title: GPO\_DOMISO\_Boundary (Windows 10)
+description: GPO\_DOMISO\_Boundary
 ms.assetid: ead3a510-c329-4c2a-9ad2-46a3b4975cfd
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# GPO\_DOMISO\_Boundary\_WS2008
+# GPO\_DOMISO\_Boundary
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. Woodgrove Bank began by copying and pasting the GPO for the Windows Server 2008 version of the isolated domain GPO, and then renamed the copy to reflect its new purpose.
 
-This GPO supports the ability for computers that are not part of the isolated domain to access specific servers that must be available to those untrusted computers. It is intended to only apply to server computers that are running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008.
+This GPO supports the ability for devices that are not part of the isolated domain to access specific servers that must be available to those untrusted devices. It is intended to only apply to server devices that are running at least Windows Server 2008.
 
 ## IPsec settings
 
-
 The copied GPO includes and continues to use the IPsec settings that configure key exchange, main mode, and quick mode algorithms for the isolated domain when authentication can be used.
 
 ## Connection security rules
 
 
-Rename the **Isolated Domain Rule** to **Boundary Zone Rule**. Change the authentication mode to **Request inbound and request outbound**. In this mode, the computer uses authentication when it can, such as during communication with a member of the isolated domain. It also supports the "fall back to clear" ability of request mode when an untrusted computer that is not part of the isolated domain connects.
+Rename the **Isolated Domain Rule** to **Boundary Zone Rule**. Change the authentication mode to **Request inbound and request outbound**. In this mode, the device uses authentication when it can, such as during communication with a member of the isolated domain. It also supports the "fall back to clear" ability of request mode when an untrusted device that is not part of the isolated domain connects.
 
 ## Registry settings
 
@@ -30,17 +36,8 @@ The boundary zone uses the same registry settings as the isolated domain to opti
 ## Firewall rules
 
 
-Copy the firewall rules for the boundary zone from the GPO that contains the firewall rules for the isolated domain. Customize this copy, removing rules for services not needed on servers in this zone, and adding inbound rules to allow the network traffic for the services that are to be accessed by other computers. For example, Woodgrove Bank added a firewall rule to allow inbound network traffic to TCP port 80 for Web client requests.
+Copy the firewall rules for the boundary zone from the GPO that contains the firewall rules for the isolated domain. Customize this copy, removing rules for services not needed on servers in this zone, and adding inbound rules to allow the network traffic for the services that are to be accessed by other devices. For example, Woodgrove Bank added a firewall rule to allow inbound network traffic to TCP port 80 for Web client requests.
 
 Make sure that the GPO that contains firewall rules for the isolated domain does not also apply to the boundary zone to prevent overlapping, and possibly conflicting rules.
 
 **Next: **[Encryption Zone GPOs](encryption-zone-gpos.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/gpo-domiso-encryption-ws2008.md b/windows/keep-secure/gpo-domiso-encryption.md
similarity index 100%
rename from windows/keep-secure/gpo-domiso-encryption-ws2008.md
rename to windows/keep-secure/gpo-domiso-encryption.md
diff --git a/windows/keep-secure/gpo-domiso-firewall.md b/windows/keep-secure/gpo-domiso-firewall.md
index 5ffd27f985..226c9deac1 100644
--- a/windows/keep-secure/gpo-domiso-firewall.md
+++ b/windows/keep-secure/gpo-domiso-firewall.md
@@ -2,33 +2,35 @@
 title: GPO\_DOMISO\_Firewall (Windows 10)
 description: GPO\_DOMISO\_Firewall
 ms.assetid: 318467d2-5698-4c5d-8000-7f56f5314c42
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # GPO\_DOMISO\_Firewall
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to computers that are running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2.
+This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to devices that are running at least Windows 7 or Windows Server 2008.
 
 ## Firewall settings
 
-
 This GPO provides the following settings:
 
 -   Unless otherwise stated, the firewall rules and settings described here are applied to all profiles.
 
 -   The firewall is enabled, with inbound, unsolicited connections blocked and outbound connections allowed.
 
--   Under the domain profile, the settings **Display notifications to the user**, **Apply local firewall rules**, and **Apply local connection security rules** are all set to **No**. These settings are applied only to the domain profile because the computers can only receive an exception rule for a required program from a GPO if they are connected to the domain. Under the public and private profiles, those settings are all set to **Yes**.
+-   Under the domain profile, the settings **Display notifications to the user**, **Apply local firewall rules**, and **Apply local connection security rules** are all set to **No**. These settings are applied only to the domain profile because the devices can only receive an exception rule for a required program from a GPO if they are connected to the domain. Under the public and private profiles, those settings are all set to **Yes**.
 
-    **Note**  
-    Enforcing these settings requires that you define any firewall exceptions for programs, because the user cannot manually permit a new program. You must deploy the exception rules by adding them to this GPO. We recommend that you do not enable these settings until you have tested all your applications and have tested the resulting rules in a test lab and then on pilot computers.
-
-     
+    >**Note:**  Enforcing these settings requires that you define any firewall exceptions for programs, because the user cannot manually permit a new program. You must deploy the exception rules by adding them to this GPO. We recommend that you do not enable these settings until you have tested all your applications and have tested the resulting rules in a test lab and then on pilot devices.
 
 ## Firewall rules
 
-
 This GPO provides the following rules:
 
 -   Built-in firewall rule groups are configured to support typically required network operation. The following rule groups are set to **Allow the connection**:
@@ -60,12 +62,3 @@ This GPO provides the following rules:
 -   A firewall exception rule to allow required network traffic for the WGBank dashboard program. This inbound rule allows network traffic for the program Dashboard.exe in the %ProgramFiles%\\WGBank folder. The rule is also filtered to only allow traffic on port 1551. This rule is applied only to the domain profile.
 
 **Next: **[Isolated Domain GPOs](isolated-domain-gpos.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/gpo-domiso-isolateddomain-clients.md b/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
index 0b881a5231..0f2faadb9e 100644
--- a/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
+++ b/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
@@ -2,150 +2,64 @@
 title: GPO\_DOMISO\_IsolatedDomain\_Clients (Windows 10)
 description: GPO\_DOMISO\_IsolatedDomain\_Clients
 ms.assetid: 73cd9e25-f2f1-4ef6-b0d1-d36209518cd9
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # GPO\_DOMISO\_IsolatedDomain\_Clients
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to client computers that are running Windows 8, Windows 7, or Windows Vista.
+This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to client devices that are running Windows 8, Windows 7, or Windows Vista.
 
-Because client computers can sometimes be portable, the settings and rules for this GPO are applied to only the domain profile.
+Because client devices can sometimes be portable, the settings and rules for this GPO are applied to only the domain profile.
 
 ## General settings
 
-
 This GPO provides the following settings:
 
 -   No firewall settings are included in this GPO. Woodgrove Bank created separate GPOs for firewall settings (see the [Firewall GPOs](firewall-gpos.md) section) in order to share them with all clients in all isolation zones with minimum redundancy.
 
 -   The ICMP protocol is exempted from authentication requirements to support easier network troubleshooting.
 
--   Diffie-Hellman Group 2 is specified as the key exchange algorithm. This is the strongest algorithm available that is supported by all the operating systems that are being used at Woodgrove Bank. After Woodgrove Bank has completed the upgrade to versions of Windows that support stronger algorithms, such as Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2, they can remove the weaker key exchange algorithms, and use only the stronger ones.
+-   Diffie-Hellman Group 2 is specified as the key exchange algorithm. This is the strongest algorithm available that is supported by all the operating systems that are being used at Woodgrove Bank. After Woodgrove Bank has completed the upgrade to versions of Windows that support stronger algorithms, they can remove the weaker key exchange algorithms, and use only the stronger ones.
 
 -   The registry settings shown in the following table. For more information, see the description of the registry settings in [Isolated Domain](isolated-domain.md).
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th>Setting</th>
-    <th>Value</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td><p>Enable PMTU Discovery</p></td>
-    <td><p>1</p></td>
-    </tr>
-    <tr class="even">
-    <td><p>IPsec Exemptions</p></td>
-    <td><p>3</p></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
+| Setting | Value |
+| - | - |
+| Enable PMTU Discovery | 1 |
+| IPsec Exemptions | 3 |
 
 -   The main mode security method combinations in the order shown in the following table.
 
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th>Integrity</th>
-    <th>Encryption</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td><p>Secure Hash Algorithm (SHA-1)</p></td>
-    <td><p>Advanced Encryption Standard (AES-128)</p></td>
-    </tr>
-    <tr class="even">
-    <td><p>SHA-1</p></td>
-    <td><p>3DES</p></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
-
+| Integrity | Encryption |
+| - | - |
+| Secure Hash Algorithm (SHA-1) | Advanced Encryption Standard (AES-128) | 
+| SHA-1 | 3DES |
+    
 -   The following quick mode security data integrity algorithms combinations in the order shown in the following table.
 
-    <table>
-    <colgroup>
-    <col width="33%" />
-    <col width="33%" />
-    <col width="33%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th>Protocol</th>
-    <th>Integrity</th>
-    <th>Key Lifetime (minutes/KB)</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td><p>ESP</p></td>
-    <td><p>SHA-1</p></td>
-    <td><p>60/100,000</p></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
+| Protocol | Integrity | Key Lifetime (minutes/KB) |
+| - | - | - |
+| ESP | SHA-1 | 60/100,000 |
 
 -   The quick mode security data integrity and encryption algorithm combinations in the order shown in the following table.
 
-    <table>
-    <colgroup>
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th>Protocol</th>
-    <th>Integrity</th>
-    <th>Encryption</th>
-    <th>Key Lifetime (minutes/KB)</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td><p>ESP</p></td>
-    <td><p>SHA-1</p></td>
-    <td><p>AES-128</p></td>
-    <td><p>60/100,000</p></td>
-    </tr>
-    <tr class="even">
-    <td><p>ESP</p></td>
-    <td><p>SHA-1</p></td>
-    <td><p>3DES</p></td>
-    <td><p>60/100,000</p></td>
-    </tr>
-    </tbody>
-    </table>
+| Protocol | Integrity | Encryption | Key Lifetime (minutes/KB) |
+| - | - | - | - |
+| ESP | SHA-1 | AES-128 | 60/100,000| 
+| ESP | SHA-1 | 3DES | 60/100,000| 
 
-     
-
-**Note**  
-Do not use the MD5 and DES algorithms in your GPOs. They are included only for compatibility with previous versions of Windows.
-
- 
+>**Note:**  Do not use the MD5 and DES algorithms in your GPOs. They are included only for compatibility with previous versions of Windows.
 
 ## Connection Security Rules
 
-
 This GPO provides the following rules:
 
 -   A connection security rule named **Isolated Domain Rule** with the following settings:
@@ -154,28 +68,16 @@ This GPO provides the following rules:
 
     -   **Require inbound and request outbound** authentication requirements.
 
-        **Important**  
-        On this, and all other GPOs that require authentication, Woodgrove Bank first chose to only request authentication. After confirming that the computers were successfully communicating by using IPsec, they switched the GPOs to require authentication.
+        >**Important:**  On this, and all other GPOs that require authentication, Woodgrove Bank first chose to only request authentication. After confirming that the devices were successfully communicating by using IPsec, they switched the GPOs to require authentication.
 
-         
-
-    -   For **First authentication methods**, select **Computer Kerberos v5** as the primary method. Add certificate-based authentication from **DC=com,DC=woodgrovebank,CN=CorporateCertServer** for computers that cannot run Windows or cannot join the domain, but must still participate in the isolated domain.
+    -   For **First authentication methods**, select **Computer Kerberos v5** as the primary method. Add certificate-based authentication from **DC=com,DC=woodgrovebank,CN=CorporateCertServer** for devices that cannot run Windows or cannot join the domain, but must still participate in the isolated domain.
 
     -   For **Second authentication**, select **User Kerberos v5**, and then select the **Second authentication is optional** check box.
 
--   A connection security rule to exempt computers that are in the exemption list from the requirement to authenticate:
+-   A connection security rule to exempt devices that are in the exemption list from the requirement to authenticate:
 
-    -   The IP addresses of all computers on the exemption list must be added individually under **Endpoint 2**.
+    -   The IP addresses of all devices on the exemption list must be added individually under **Endpoint 2**.
 
     -   Authentication mode is set to **Do not authenticate**.
 
 **Next: **[GPO\_DOMISO\_IsolatedDomain\_Servers](gpo-domiso-isolateddomain-servers.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/gpo-domiso-isolateddomain-servers.md b/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
index 20491ecac5..fb984adf5f 100644
--- a/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
+++ b/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
@@ -2,30 +2,26 @@
 title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows 10)
 description: GPO\_DOMISO\_IsolatedDomain\_Servers
 ms.assetid: 33aed8f3-fdc3-4f96-985c-e9d2720015d3
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # GPO\_DOMISO\_IsolatedDomain\_Servers
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to server computers that are running Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2.
+This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to server devices that are running at least Windows Server 2008.
 
-Because so many of the settings and rules for this GPO are common to those in the GPO for Windows 8, Windows 7 and Windows Vista, you can save time by exporting the Windows Firewall with Advanced Security piece of the GPO for Windows 8, Windows 7 and Windows Vista, and importing it to the GPO for Windows Server 2012, Windows Server 2008 and Windows Server 2008 R2. After the import, change only the items specified here:
+Because so many of the settings and rules for this GPO are common to those in the GPO for at least Windows Vista, you can save time by exporting the Windows Firewall with Advanced Security piece of the GPO for at least Windows Vista, and importing it to the GPO for at least Windows Server 2008. After the import, change only the items specified here:
 
--   This GPO applies all its settings to all profiles: Domain, Private, and Public. Because a server is not expected to be mobile and changing networks, configuring the GPO in this way prevents a network failure or the addition of a new network adapter from unintentionally switching the computer to the Public profile with a different set of rules (in the case of a server running Windows Server 2008).
+-   This GPO applies all its settings to all profiles: Domain, Private, and Public. Because a server is not expected to be mobile and changing networks, configuring the GPO in this way prevents a network failure or the addition of a new network adapter from unintentionally switching the device to the Public profile with a different set of rules (in the case of a server running Windows Server 2008).
 
-    **Important**  
-    Windows Vista and Windows Server 2008 support only one network location profile at a time. The profile for the least secure network type is applied to the computer. If you attach a network adapter to a computer that is not physically connected to a network, the public network location type is associated with the network adapter and applied to the computer.
-
-     
+    >**Important:**  Windows Vista and Windows Server 2008 support only one network location profile at a time. The profile for the least secure network type is applied to the device. If you attach a network adapter to a device that is not physically connected to a network, the public network location type is associated with the network adapter and applied to the device.
 
 **Next: **[Boundary Zone GPOs](boundary-zone-gpos.md)
 
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index 17ef2d4aa4..b1adf33fd9 100644
--- a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -35,10 +35,10 @@ The following table lists the three main tasks for articulating, refining, and s
 <td><p>Evaluate predefined Windows Firewall with Advanced Security deployment goals that are provided in this section of the guide, and combine one or more goals to reach your organizational objectives.</p></td>
 <td><p>Predefined deployment goals:</p>
 <ul>
-<li><p>[Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)</p></li>
-<li><p>[Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)</p></li>
+<li><p>[Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)</p></li>
+<li><p>[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)</p></li>
 <li><p>[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)</p></li>
-<li><p>[Restrict Access to Sensitive Resources to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)</p></li>
+<li><p>[Restrict Access to Sensitive Resources to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
@@ -57,4 +57,4 @@ The following table lists the three main tasks for articulating, refining, and s
 </tbody>
 </table>
 
-**Next:**  [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)
+**Next:**  [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)
diff --git a/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index acd8702deb..25f0fba560 100644
--- a/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -2,23 +2,30 @@
 title: Implementing Your Windows Firewall with Advanced Security Design Plan (Windows 10)
 description: Implementing Your Windows Firewall with Advanced Security Design Plan
 ms.assetid: 15f609d5-5e4e-4a71-9eff-493a2e3e40f9
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Implementing Your Windows Firewall with Advanced Security Design Plan
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 The following are important factors in the implementation of your Windows Firewall with Advanced Security design plan:
 
--   **Group Policy**. The Windows Firewall with Advanced Security designs make extensive use of Group Policy deployed by Active Directory Domain Services (AD DS). A sound Group Policy infrastructure is required to successfully deploy the firewall and IPsec settings and rules to the computers on your network. [Group Policy Analysis and Troubleshooting Overview](http://technet.microsoft.com/library/jj134223.aspx) (http://technet.microsoft.com/library/jj134223.aspx) can help you review and change, if necessary, your Group Policy infrastructure.
+-   **Group Policy**. The Windows Firewall with Advanced Security designs make extensive use of Group Policy deployed by Active Directory Domain Services (AD DS). A sound Group Policy infrastructure is required to successfully deploy the firewall and IPsec settings and rules to the devices on your network.
 
--   **Perimeter firewall**. Most organizations use a perimeter firewall to help protect the computers on the network from potentially malicious network traffic from outside of the organization's network boundaries. If you plan a deployment that includes a boundary zone to enable external computers to connect to computers in that zone, then you must allow that traffic through the perimeter firewall to the computers in the boundary zone.
+-   **Perimeter firewall**. Most organizations use a perimeter firewall to help protect the devices on the network from potentially malicious network traffic from outside of the organization's network boundaries. If you plan a deployment that includes a boundary zone to enable external devices to connect to devices in that zone, then you must allow that traffic through the perimeter firewall to the devices in the boundary zone.
 
--   **Computers running operating systems other than Windows**. If your network includes computers that are not running the Windows operating system, then you must make sure that required communication with those computers is not blocked by the restrictions put in place by your design. You must do one of the following:
+-   **Devices running operating systems other than Windows**. If your network includes devices that are not running the Windows operating system, then you must make sure that required communication with those devices is not blocked by the restrictions put in place by your design. You must do one of the following:
 
-    -   Include those computers in the isolated domain or zone by adding certificate-based authentication to your design. Many other operating systems can participate in an isolated domain or isolated server scenario, as long as certificate-based authentication is used.
+    -   Include those devices in the isolated domain or zone by adding certificate-based authentication to your design. Many other operating systems can participate in an isolated domain or isolated server scenario, as long as certificate-based authentication is used.
 
-    -   Include the computer in the authentication exemption list included in your design. You can choose this option if for any reason the computer cannot participate in the isolated domain design.
+    -   Include the device in the authentication exemption list included in your design. You can choose this option if for any reason the device cannot participate in the isolated domain design.
 
 ## How to implement your Windows Firewall with Advanced Security design using this guide
 
@@ -38,12 +45,3 @@ Use the following parent checklists in this section of the guide to become famil
 -   [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 
 The procedures in these checklists use the Group Policy MMC snap-in interfaces to configure firewall and connection security rules in GPOs, but you can also use Windows PowerShell. For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md). This guide recommends using GPOs in a specific way to deploy the rules and settings for your design. For information about deploying your GPOs, see [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) and the checklist [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md).
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/isolated-domain-gpos.md b/windows/keep-secure/isolated-domain-gpos.md
index 022c062ce6..b7f6c3b921 100644
--- a/windows/keep-secure/isolated-domain-gpos.md
+++ b/windows/keep-secure/isolated-domain-gpos.md
@@ -2,13 +2,20 @@
 title: Isolated Domain GPOs (Windows 10)
 description: Isolated Domain GPOs
 ms.assetid: e254ce4a-18c6-4868-8179-4078d9de215f
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Isolated Domain GPOs
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-All of the computers in the isolated domain are added to the group CG\_DOMISO\_IsolatedDomain. You must create multiple GPOs to align with this group, one for each Windows operating system that must have different rules or settings to implement the basic isolated domain functionality that you have in your isolated domain. This group is granted Read and Apply Group Policy permissions on all the GPOs described in this section.
+All of the devices in the isolated domain are added to the group CG\_DOMISO\_IsolatedDomain. You must create multiple GPOs to align with this group, one for each Windows operating system that must have different rules or settings to implement the basic isolated domain functionality that you have in your isolated domain. This group is granted Read and Apply Group Policy permissions on all the GPOs described in this section.
 
 Each GPO has a security group filter that prevents the GPO from applying to members of the group GP\_DOMISO\_No\_IPsec. A WMI filter is attached to each GPO to ensure that the GPO is applied to only the specified version of Windows. For more information, see the [Planning GPO Deployment](planning-gpo-deployment.md) section.
 
@@ -17,12 +24,3 @@ The GPOs created for the Woodgrove Bank isolated domain include the following:
 -   [GPO\_DOMISO\_IsolatedDomain\_Clients](gpo-domiso-isolateddomain-clients.md)
 
 -   [GPO\_DOMISO\_IsolatedDomain\_Servers](gpo-domiso-isolateddomain-servers.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/isolated-domain.md b/windows/keep-secure/isolated-domain.md
index 9e52a463a4..3d23484bf9 100644
--- a/windows/keep-secure/isolated-domain.md
+++ b/windows/keep-secure/isolated-domain.md
@@ -2,26 +2,33 @@
 title: Isolated Domain (Windows 10)
 description: Isolated Domain
 ms.assetid: d6fa8d67-0078-49f6-9bcc-db1f24816c5e
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Isolated Domain
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-The isolated domain is the primary zone for trusted computers. The computers in this zone use connection security and firewall rules to control the communications that can be sent between computers in the zone.
+The isolated domain is the primary zone for trusted devices. The devices in this zone use connection security and firewall rules to control the communications that can be sent between devices in the zone.
 
-The term *domain* in this context means a boundary of communications trust instead of an Active Directory domain. In this solution the two constructs are very similar because Active Directory domain authentication (Kerberos V5) is required for accepting inbound connections from trusted computers. However, many Active Directory domains (or forests) can be linked with trust relationships to provide a single, logical, isolated domain. In addition, computers that authenticate by using certificates can also be included in an isolated domain without joining the Active Directory domain.
+The term *domain* in this context means a boundary of communications trust instead of an Active Directory domain. In this solution the two constructs are very similar because Active Directory domain authentication (Kerberos V5) is required for accepting inbound connections from trusted devices. However, many Active Directory domains (or forests) can be linked with trust relationships to provide a single, logical, isolated domain. In addition, devices that authenticate by using certificates can also be included in an isolated domain without joining the Active Directory domain.
 
-For most implementations, an isolated domain will contain the largest number of computers. Other isolation zones can be created for the solution if their communication requirements differ from those of the isolated domain. Examples of these differences are what result in the boundary and encryption zones described in this guide. Conceptually, the isolated domain is just the largest isolation zone, and a superset to the other zones.
+For most implementations, an isolated domain will contain the largest number of devices. Other isolation zones can be created for the solution if their communication requirements differ from those of the isolated domain. Examples of these differences are what result in the boundary and encryption zones described in this guide. Conceptually, the isolated domain is just the largest isolation zone, and a superset to the other zones.
 
 You must create a group in Active Directory to contain members of the isolated domain. You then apply one of several GPOs that contain connection security and firewall rules to the group so that authentication on all inbound network connections is enforced. Creation of the group and how to link the GPOs that apply the rules to its members are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
 The GPOs for the isolated domain should contain the following connection security rules and settings.
 
-## GPO settings for isolated domain members running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008
+## GPO settings for isolated domain members running at least Windows Vista and Windows Server 2008
 
 
-GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 should include the following:
+GPOs for devices running at least Windows Vista and Windows Server 2008 should include the following:
 
 -   IPsec default settings that specify the following options:
 
@@ -33,35 +40,20 @@ GPOs for computers running Windows 8, Windows 7, Windows Vista, Windows Server
 
         If any NAT devices are present on your networks, use ESP encapsulation. If isolated domain members must communicate with hosts in the encryption zone, ensure that you include algorithms that are compatible with the requirements of the encryption mode policies.
 
-    4.  Authentication methods. Include at least computer-based Kerberos V5 authentication. If you want to use user-based access to isolated servers, then also include user-based Kerberos V5 as an optional authentication method. Likewise, if any of your isolated domain members cannot use Kerberos V5 authentication, then include certificate-based authentication as an optional authentication method.
+    4.  Authentication methods. Include at least device-based Kerberos V5 authentication. If you want to use user-based access to isolated servers, then also include user-based Kerberos V5 as an optional authentication method. Likewise, if any of your isolated domain members cannot use Kerberos V5 authentication, then include certificate-based authentication as an optional authentication method.
 
 -   The following connection security rules:
 
-    -   A connection security rule that exempts all computers on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, where possible, instead of discrete addresses, if applicable in your environment.
+    -   A connection security rule that exempts all devices on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, where possible, instead of discrete addresses, if applicable in your environment.
 
     -   A connection security rule, from any IP address to any, that requires inbound and requests outbound authentication by using Kerberos V5 authentication.
 
-        **Important**  
-        Be sure to begin operations by using request in and request out behavior until you are sure that all the computers in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the policy to require in, request out.
-
-         
+        >**Important:**  Be sure to begin operations by using request in and request out behavior until you are sure that all the devices in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the policy to require in, request out. 
 
 -   A registry policy that includes the following values:
 
     -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
 
-    **Note**  
-    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
-
-     
+    >**Note:**  For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
 
 **Next: **[Boundary Zone](boundary-zone.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 012969637d..3187e17371 100644
--- a/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -23,9 +23,9 @@ Use the following table to determine which Windows Firewall with Advanced Securi
 
 | Deployment Goals | Basic Firewall Policy Design | Domain Isolation Policy Design | Server Isolation Policy Design | Certificate-based Isolation Policy Design |
 | - |- | - | - | - |
-| [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md)| Yes| Yes| Yes| Yes| 
-| [Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md) | -| Yes| Yes| Yes| 
-| [Restrict Access to Only Specified Users or Computers](restrict-access-to-only-specified-users-or-computers.md)| -| -| Yes| Yes| 
+| [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md)| Yes| Yes| Yes| Yes| 
+| [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md) | -| Yes| Yes| Yes| 
+| [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)| -| -| Yes| Yes| 
 | [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)| -| Optional| Optional| Optional| 
 
 To examine details for a specific design, click the design title at the top of the column in the preceding table.
diff --git a/windows/keep-secure/planning-certificate-based-authentication.md b/windows/keep-secure/planning-certificate-based-authentication.md
index 5882c9fec7..69e599b812 100644
--- a/windows/keep-secure/planning-certificate-based-authentication.md
+++ b/windows/keep-secure/planning-certificate-based-authentication.md
@@ -2,57 +2,53 @@
 title: Planning Certificate-based Authentication (Windows 10)
 description: Planning Certificate-based Authentication
 ms.assetid: a55344e6-d0df-4ad5-a6f5-67ccb6397dec
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning Certificate-based Authentication
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Sometimes a computer cannot join an Active Directory domain, and therefore cannot use Kerberos V5 authentication with domain credentials. However, the computer can still participate in the isolated domain by using certificate-based authentication.
+Sometimes a device cannot join an Active Directory domain, and therefore cannot use Kerberos V5 authentication with domain credentials. However, the device can still participate in the isolated domain by using certificate-based authentication.
 
-The non-domain member server, and the clients that must be able to communicate with it, must be configured to use cryptographic certificates based on the X.509 standard. These certificates can be used as an alternate set of credentials. During IKE negotiation, each computer sends a copy of its certificate to the other computer. Each computer examines the received certificate, and then validates its authenticity. To be considered authentic, the received certificate must be validated by a certification authority certificate in the recipient's Trusted Root Certification Authorities store on the local computer.
+The non-domain member server, and the clients that must be able to communicate with it, must be configured to use cryptographic certificates based on the X.509 standard. These certificates can be used as an alternate set of credentials. During IKE negotiation, each device sends a copy of its certificate to the other device. Each device examines the received certificate, and then validates its authenticity. To be considered authentic, the received certificate must be validated by a certification authority certificate in the recipient's Trusted Root Certification Authorities store on the local device.
 
-Certificates can be acquired from commercial firms, or by an internal certificate server set up as part of the organization's public key infrastructure (PKI). Microsoft provides a complete PKI and certification authority solution with Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008 Active Directory Certificate Services (AD CS). For more information about creating and maintaining a PKI in your organization, see [Active Directory Certificate Services Overview](http://technet.microsoft.com/library/hh831740.aspx) at http://technet.microsoft.com/library/hh831740.aspx.
+Certificates can be acquired from commercial firms, or by an internal certificate server set up as part of the organization's public key infrastructure (PKI). Microsoft provides a complete PKI and certification authority solution with Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008 Active Directory Certificate Services (AD CS).
 
 ## Deploying certificates
 
-
 No matter how you acquire your certificates, you must deploy them to clients and servers that require them in order to communicate.
 
 ### Using Active Directory Certificate Services
 
-If you use AD CS to create your own user and computer certificates in-house, then the servers designated as certification authorities (CAs) create the certificates based on administrator-designed templates. AD CS then uses Group Policy to deploy the certificates to domain member computers. Computer certificates are deployed when a domain member computer starts. User certificates are deployed when a user logs on.
+If you use AD CS to create your own user and device certificates in-house, then the servers designated as certification authorities (CAs) create the certificates based on administrator-designed templates. AD CS then uses Group Policy to deploy the certificates to domain member devices. Device certificates are deployed when a domain member device starts. User certificates are deployed when a user logs on.
 
-If you want non-domain member computers to be part of a server isolation zone that requires access by only authorized users, make sure to include certificate mapping to associate the certificates with specific user accounts. When certificate mapping is enabled, the certificate issued to each computer or user includes enough identification information to enable IPsec to match the certificate to both user and computer accounts.
+If you want non-domain member devices to be part of a server isolation zone that requires access by only authorized users, make sure to include certificate mapping to associate the certificates with specific user accounts. When certificate mapping is enabled, the certificate issued to each device or user includes enough identification information to enable IPsec to match the certificate to both user and device accounts.
 
-AD CS automatically ensures that certificates issued by the CAs are trusted by the client computers by putting the CA certificates in the correct store on each domain member computer.
+AD CS automatically ensures that certificates issued by the CAs are trusted by the client devices by putting the CA certificates in the correct store on each domain member device.
 
-### Using a commercially purchased certificate for computers running Windows
+### Using a commercially purchased certificate for devices running Windows
 
-You can import the certificates manually onto each computer if the number of computers is relatively small. For a deployment to more than a handful of computers, use Group Policy.
+You can import the certificates manually onto each device if the number of devices is relatively small. For a deployment to more than a handful of devices, use Group Policy.
 
-You must first download the vendor's root CA certificate, and then import it to a GPO that deploys it to the Local Computer\\Trusted Root Certification Authorities store on each computer that applies the GPO.
+You must first download the vendor's root CA certificate, and then import it to a GPO that deploys it to the Local Computer\\Trusted Root Certification Authorities store on each device that applies the GPO.
 
-You must also import the purchased certificate into a GPO that deploys it to the Local Computer\\Personal store on each computer that applies the GPO.
+You must also import the purchased certificate into a GPO that deploys it to the Local Computer\\Personal store on each device that applies the GPO.
 
-### Using a commercially purchased certificate for computers running a non-Windows operating system
+### Using a commercially purchased certificate for devices running a non-Windows operating system
 
 If you are installing the certificates on an operating system other than Windows, see the documentation for that operating system.
 
 ## Configuring IPsec to use the certificates
 
+When the clients and servers have the certificates available, you can configure the IPsec and connection security rules to include those certificates as a valid authentication method. The authentication method requires the subject name of the certificate, for example: **DC=com,DC=woodgrovebank,CN=CorporateCertServer**. Optionally, select **Enable certificate to account mapping** to support using these credentials for restricting access to users or devices that are members of authorized groups in a server isolation solution.
 
-When the clients and servers have the certificates available, you can configure the IPsec and connection security rules to include those certificates as a valid authentication method. The authentication method requires the subject name of the certificate, for example: **DC=com,DC=woodgrovebank,CN=CorporateCertServer**. Optionally, select **Enable certificate to account mapping** to support using these credentials for restricting access to users or computers that are members of authorized groups in a server isolation solution.
-
-Starting in Windows Server 2012, the Administrator can configure certificate selection criteria so the desired certificate is selected and/or validated. Enhanced Key Usage (EKU) criteria can be configured, as well as name restrictions and certificate thumbprints. This is configured using the **Advanced** button when choosing certificates for the authentication method in the user interface, or through Windows PowerShell.
+Starting in Windows Server 2012,you can configure certificate selection criteria so the desired certificate is selected and/or validated. Enhanced Key Usage (EKU) criteria can be configured, as well as name restrictions and certificate thumbprints. This is configured using the **Advanced** button when choosing certificates for the authentication method in the user interface, or through Windows PowerShell.
 
 **Next: **[Documenting the Zones](documenting-the-zones.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/planning-domain-isolation-zones.md b/windows/keep-secure/planning-domain-isolation-zones.md
index 79003e56ed..208265eefb 100644
--- a/windows/keep-secure/planning-domain-isolation-zones.md
+++ b/windows/keep-secure/planning-domain-isolation-zones.md
@@ -2,15 +2,22 @@
 title: Planning Domain Isolation Zones (Windows 10)
 description: Planning Domain Isolation Zones
 ms.assetid: 70bc7c52-91f0-4a0d-a64a-69d3ea1c6d05
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning Domain Isolation Zones
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-After you have the required information about your network, Active Directory, and client and server computers, you can use that information to make decisions about the isolation zones you want to use in your environment.
+After you have the required information about your network, Active Directory, and client and server devices, you can use that information to make decisions about the isolation zones you want to use in your environment.
 
-The bulk of the work in planning server and domain isolation is determining which computers to assign to each isolation zone. Correctly choosing the zone for each computer is important to providing the correct level of security without compromising performance or the ability a computer to send or receive required network traffic.
+The bulk of the work in planning server and domain isolation is determining which devices to assign to each isolation zone. Correctly choosing the zone for each device is important to providing the correct level of security without compromising performance or the ability for a device to send or receive required network traffic.
 
 The zones described in this guide include the following:
 
@@ -21,12 +28,3 @@ The zones described in this guide include the following:
 -   [Boundary Zone](boundary-zone.md)
 
 -   [Encryption Zone](encryption-zone.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/planning-gpo-deployment.md b/windows/keep-secure/planning-gpo-deployment.md
index 9346df25bc..050a5550f7 100644
--- a/windows/keep-secure/planning-gpo-deployment.md
+++ b/windows/keep-secure/planning-gpo-deployment.md
@@ -2,133 +2,115 @@
 title: Planning GPO Deployment (Windows 10)
 description: Planning GPO Deployment
 ms.assetid: b38adfb1-1371-4227-a887-e6d118809de1
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning GPO Deployment
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-You can control which GPOs are applied to computers in Active Directory in a combination of three ways:
+You can control which GPOs are applied to devices in Active Directory in a combination of three ways:
 
--   **Active Directory organizational unit hierarchy**. This involves linking the GPO to a specific OU in the Active Directory OU hierarchy. All computers in the OU and its subordinate containers receive and apply the GPO.
+-   **Active Directory organizational unit hierarchy**. This involves linking the GPO to a specific OU in the Active Directory OU hierarchy. All devices in the OU and its subordinate containers receive and apply the GPO.
 
-    Controlling GPO application through linking to OUs is typically used when you can organize the OU hierarchy according to your domain isolation zone requirements. GPOs can apply settings to computers based on their location within Active Directory. If a computer is moved from one OU to another, the policy linked to the second OU will eventually take effect when Group Policy detects the change during polling.
+    Controlling GPO application through linking to OUs is typically used when you can organize the OU hierarchy according to your domain isolation zone requirements. GPOs can apply settings to devices based on their location within Active Directory. If a device is moved from one OU to another, the policy linked to the second OU will eventually take effect when Group Policy detects the change during polling.
 
--   **Security group filtering**. This involves linking the GPOs to the domain level (or other parent OU) in the OU hierarchy, and then selecting which computers receive the GPO by using permissions that only allow correct group members to apply the GPO.
+-   **Security group filtering**. This involves linking the GPOs to the domain level (or other parent OU) in the OU hierarchy, and then selecting which devices receive the GPO by using permissions that only allow correct group members to apply the GPO.
 
-    The security group filters are attached to the GPOs themselves. A group is added to the security group filter of the GPO in Active Directory, and then assigned Read and Apply Group Policy permissions. Other groups can be explicitly denied Read and Apply Group Policy permissions. Only those computers whose group membership are granted Read and Apply Group Policy permissions without any explicit deny permissions can apply the GPO.
+    The security group filters are attached to the GPOs themselves. A group is added to the security group filter of the GPO in Active Directory, and then assigned Read and Apply Group Policy permissions. Other groups can be explicitly denied Read and Apply Group Policy permissions. Only those devices whose group membership are granted Read and Apply Group Policy permissions without any explicit deny permissions can apply the GPO.
 
--   **WMI filtering**. A WMI filter is a query that is run dynamically when the GPO is evaluated. If a computer is a member of the result set when the WMI filter query runs, the GPO is applied to the computer.
+-   **WMI filtering**. A WMI filter is a query that is run dynamically when the GPO is evaluated. If a device is a member of the result set when the WMI filter query runs, the GPO is applied to the device.
 
-    A WMI filter consists of one or more conditions that are evaluated against the local computer. You can check almost any characteristic of the computer, its operating system, and its installed programs. If all of the specified conditions are true for the computer, the GPO is applied; otherwise the GPO is ignored.
+    A WMI filter consists of one or more conditions that are evaluated against the local device. You can check almost any characteristic of the device, its operating system, and its installed programs. If all of the specified conditions are true for the device, the GPO is applied; otherwise the GPO is ignored.
 
 This guide uses a combination of security group filtering and WMI filtering to provide the most flexible options. If you follow this guidance, even though there might be five different GPOs linked to a specific group because of operating system version differences, only the correct GPO is applied.
 
 ## General considerations
 
-
--   Deploy your GPOs before you add any computer accounts to the groups that receive the GPOs. That way you can add your computers to the groups in a controlled manner. Be sure to add only a few test computers at first. Before adding many group members, examine the results on the test computers and verify that the configured firewall and connection security rules have the effect that you want. See the following sections for some suggestions on what to test before you continue.
+-   Deploy your GPOs before you add any device accounts to the groups that receive the GPOs. That way you can add your devices to the groups in a controlled manner. Be sure to add only a few test devices at first. Before adding many group members, examine the results on the test devices and verify that the configured firewall and connection security rules have the effect that you want. See the following sections for some suggestions on what to test before you continue.
 
 ## Test your deployed groups and GPOs
 
+After you have deployed your GPOs and added some test devices to the groups, confirm the following before you continue with more group members:
 
-After you have deployed your GPOs and added some test computers to the groups, confirm the following before you continue with more group members:
+-   Examine the GPOs that are both assigned to and filtered from the device. Run the **gpresult** tool at a command prompt.
 
--   Examine the GPOs that are both assigned to and filtered from the computer. Run the **gpresult** tool at a command prompt.
-
--   Examine the rules deployed to the computer. Open the Windows Firewall with Advanced Security MMC snap-in, expand the **Monitoring** node, and then expand the **Firewall** and **Connection Security** nodes.
+-   Examine the rules deployed to the device. Open the Windows Firewall with Advanced Security MMC snap-in, expand the **Monitoring** node, and then expand the **Firewall** and **Connection Security** nodes.
 
 -   Verify that communications are authenticated. Open the Windows Firewall with Advanced Security MMC snap-in, expand the **Monitoring** node, expand the **Security Associations** node, and then click **Main Mode**.
 
--   Verify that communications are encrypted when the computers require it. Open the Windows Firewall with Advanced Security MMC snap-in, expand the **Monitoring** node, expand the **Security Associations** node, and then select **Quick Mode**. Encrypted connections display a value other than **None** in the **ESP Confidentiality** column.
+-   Verify that communications are encrypted when the devices require it. Open the Windows Firewall with Advanced Security MMC snap-in, expand the **Monitoring** node, expand the **Security Associations** node, and then select **Quick Mode**. Encrypted connections display a value other than **None** in the **ESP Confidentiality** column.
 
 -   Verify that your programs are unaffected. Run them and confirm that they still work as expected.
 
-After you have confirmed that the GPOs have been correctly applied, and that the computers are now communicating by using IPsec network traffic in request mode, you can begin to add more computers to the group accounts, in manageable numbers at a time. Continue to monitor and confirm the correct application of the GPOs to the computers.
+After you have confirmed that the GPOs have been correctly applied, and that the devices are now communicating by using IPsec network traffic in request mode, you can begin to add more devices to the group accounts, in manageable numbers at a time. Continue to monitor and confirm the correct application of the GPOs to the devices.
 
 ## Do not enable require mode until deployment is complete
 
+If you deploy a GPO that requires authentication to a device before the other devices have a GPO deployed, communication between them might not be possible. Wait until you have all the zones and their GPOs deployed in request mode and confirm (as described in the previous section) that the devices are successfully communicating by using IPsec.
 
-If you deploy a GPO that requires authentication to a computer before the other computers have a GPO deployed, communication between them might not be possible. Wait until you have all the zones and their GPOs deployed in request mode and confirm (as described in the previous section) that the computers are successfully communicating by using IPsec.
+If there are problems with GPO deployment, or errors in configuration of one or more of the IPsec GPOs, devices can continue to operate, because request mode enables any device to fall back to clear communications.
 
-If there are problems with GPO deployment, or errors in configuration of one or more of the IPsec GPOs, computers can continue to operate, because request mode enables any computer to fall back to clear communications.
-
-Only after you have added all of the computers to their zones, and you have confirmed that communications are working as expected, you can start changing the request mode rules to require mode rules where it is required in the zones. We recommend that you enable require mode in the zones one zone at a time, pausing to confirm that they are functioning properly before you continue. Turn the required mode setting on for the server isolation zones first, then the encryption zone, and then the isolated domain.
+Only after you have added all of the devices to their zones, and you have confirmed that communications are working as expected, you can start changing the request mode rules to require mode rules where it is required in the zones. We recommend that you enable require mode in the zones one zone at a time, pausing to confirm that they are functioning properly before you continue. Turn the required mode setting on for the server isolation zones first, then the encryption zone, and then the isolated domain.
 
 Do not change the boundary zone GPO, because it must stay in request mode for both inbound and outbound connections.
 
-If you create other zones that require either inbound or outbound require mode, make the setting change in a manner that applies the setting in stages from the smaller groups of computers to the larger groups.
+If you create other zones that require either inbound or outbound require mode, make the setting change in a manner that applies the setting in stages from the smaller groups of devices to the larger groups.
 
 ## Example Woodgrove Bank deployment plans
 
+Woodgrove Bank links all its GPOs to the domain level container in the Active Directory OU hierarchy. It then uses the following WMI filters and security group filters to control the application of the GPOs to the correct subset of devices. All of the GPOs have the User Configuration section disabled to improve performance.
 
-Woodgrove Bank links all its GPOs to the domain level container in the Active Directory OU hierarchy. It then uses the following WMI filters and security group filters to control the application of the GPOs to the correct subset of computers. All of the GPOs have the User Configuration section disabled to improve performance.
+### GPO\_DOMISO\_Firewall
 
-### <a href="" id="gpo-domiso-firewall-2008-win7-vista"></a>GPO\_DOMISO\_Firewall\_2008\_Win7-Vista
-
--   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+-   **WMI filter**. The WMI filter allows this GPO to apply only to devices that match the following WMI query:
 
     `select * from Win32_OperatingSystem where Version like "6.%" and ProductType <> "2"`
 
-    **Note**  
-    This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are computers running versions of Windows earlier than Windows Vista and Windows Server 2008.
+    >**Note:**  This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are devices running versions of Windows earlier than Windows Vista and Windows Server 2008.
+    
+-   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to devices that are members of the group CG\_DOMISO\_IsolatedDomain. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the CG\_DOMISO\_NO\_IPSEC.
 
-     
+### GPO\_DOMISO\_IsolatedDomain\_Clients
 
--   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to computers that are members of the group CG\_DOMISO\_IsolatedDomain. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the CG\_DOMISO\_NO\_IPSEC.
-
-### <a href="" id="gpo-domiso-isolateddomain-clients-win7vista"></a>GPO\_DOMISO\_IsolatedDomain\_Clients\_Win7Vista
-
--   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+-   **WMI filter**. The WMI filter allows this GPO to apply only to devices that match the following WMI query:
 
     `select * from Win32_OperatingSystem where Version like "6.%" and ProductType = "1"`
 
--   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to computers that are members of the group CG\_DOMISO\_IsolatedDomain. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the group CG\_DOMISO\_NO\_IPSEC.
+-   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to devices that are members of the group CG\_DOMISO\_IsolatedDomain. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the group CG\_DOMISO\_NO\_IPSEC.
 
-### <a href="" id="gpo-domiso-isolateddomain-servers-ws2008"></a>GPO\_DOMISO\_IsolatedDomain\_Servers\_WS2008
+### GPO\_DOMISO\_IsolatedDomain\_Servers
 
--   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+-   **WMI filter**. The WMI filter allows this GPO to apply only to devices that match the following WMI query:
 
     `select * from Win32_OperatingSystem where Version like "6.%" and ProductType = "3"`
 
-    **Note**  
-    This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are computers that are running versions of Windows earlier than Windows Vista and Windows Server 2008.
+    >**Note:**  This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are devices that are running versions of Windows earlier than Windows Vista and Windows Server 2008.
 
-     
+-   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to devices that are members of the group CG\_DOMISO\_IsolatedDomain. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the group CG\_DOMISO\_NO\_IPSEC.
 
--   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to computers that are members of the group CG\_DOMISO\_IsolatedDomain. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the group CG\_DOMISO\_NO\_IPSEC.
+### GPO\_DOMISO\_Boundary
 
-### <a href="" id="gpo-domiso-boundary-ws2008"></a>GPO\_DOMISO\_Boundary\_WS2008
-
--   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+-   **WMI filter**. The WMI filter allows this GPO to apply only to devices that match the following WMI query:
 
     `select * from Win32_OperatingSystem where Version like "6.%" and ProductType = "3"`
 
-    **Note**  
-    This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are computers that are running versions of Windows earlier than Windows Vista and Windows Server 2008.
+    >**Note:**  This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are devices that are running versions of Windows earlier than Windows Vista and Windows Server 2008.
 
-     
+-   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to devices that are members of the group CG\_DOMISO\_Boundary. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the group CG\_DOMISO\_NO\_IPSEC.
 
--   **Security filter**. This GPO grants Read and Apply Group Policy permissions only to computers that are members of the group CG\_DOMISO\_Boundary. The GPO also explicitly denies Read and Apply Group Policy permissions to members of the group CG\_DOMISO\_NO\_IPSEC.
+### GPO\_DOMISO\_Encryption
 
-### <a href="" id="gpo-domiso-encryption-ws2008"></a>GPO\_DOMISO\_Encryption\_WS2008
-
--   **WMI filter**. The WMI filter allows this GPO to apply only to computers that match the following WMI query:
+-   **WMI filter**. The WMI filter allows this GPO to apply only to devices that match the following WMI query:
 
     `select * from Win32_OperatingSystem where Version like "6.%" and ProductType = "3"`
 
-    **Note**  
-    This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are computers that are running versions of Windows earlier than Windows Vista and Windows Server 2008.
-
-     
-
--   **Security filter**. This GPO grants Read and Apply permissions in Group Policy only to computers that are members of the group CG\_DOMISO\_Encryption. The GPO also explicitly denies Read and Apply permissions in Group Policy to members of the group CG\_DOMISO\_NO\_IPSEC.
-
- 
-
- 
-
-
-
-
+    >**Note:**  This excludes domain controllers (which report a ProductType value of 2). Do not include domain controllers in the isolated domain if there are devices that are running versions of Windows earlier than Windows Vista and Windows Server 2008.
 
+-   **Security filter**. This GPO grants Read and Apply permissions in Group Policy only to devices that are members of the group CG\_DOMISO\_Encryption. The GPO also explicitly denies Read and Apply permissions in Group Policy to members of the group CG\_DOMISO\_NO\_IPSEC.
diff --git a/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
index 83dd7f12ae..fff34a12c7 100644
--- a/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -2,15 +2,22 @@
 title: Planning Group Policy Deployment for Your Isolation Zones (Windows 10)
 description: Planning Group Policy Deployment for Your Isolation Zones
 ms.assetid: ea7c0acd-af28-4347-9d4a-4801b470557c
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning Group Policy Deployment for Your Isolation Zones
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-After you have decided on the best logical design of your isolation environment for the network and computer security requirements, you can start the implementation plan.
+After you have decided on the best logical design of your isolation environment for the network and device security requirements, you can start the implementation plan.
 
-You have a list of isolation zones with the security requirements of each. For implementation, you must plan the groups that will hold the computer accounts in each zone, the network access groups that will be used to determine who can access an isolated server, and the GPOs with the connection security and firewall rules to apply to corresponding groups. Finally you must determine how you will ensure that the policies will only apply to the correct computers within each group.
+You have a list of isolation zones with the security requirements of each. For implementation, you must plan the groups that will hold the device accounts in each zone, the network access groups that will be used to determine who can access an isolated server, and the GPOs with the connection security and firewall rules to apply to corresponding groups. Finally you must determine how you will ensure that the policies will only apply to the correct devices within each group.
 
 -   [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
 
@@ -19,12 +26,3 @@ You have a list of isolation zones with the security requirements of each. For i
 -   [Planning the GPOs](planning-the-gpos.md)
 
 -   [Planning GPO Deployment](planning-gpo-deployment.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/planning-isolation-groups-for-the-zones.md b/windows/keep-secure/planning-isolation-groups-for-the-zones.md
index 209c9c78e2..b4f667a50b 100644
--- a/windows/keep-secure/planning-isolation-groups-for-the-zones.md
+++ b/windows/keep-secure/planning-isolation-groups-for-the-zones.md
@@ -2,78 +2,38 @@
 title: Planning Isolation Groups for the Zones (Windows 10)
 description: Planning Isolation Groups for the Zones
 ms.assetid: be4b662d-c1ce-441e-b462-b140469a5695
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning Isolation Groups for the Zones
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Isolation groups in Active Directory are how you implement the various domain and server isolation zones. A computer is assigned to a zone by adding its computer account to the group which represents that zone.
+Isolation groups in Active Directory are how you implement the various domain and server isolation zones. A device is assigned to a zone by adding its device account to the group which represents that zone.
 
-**Caution**  
-Do not add computers to your groups yet. If a computer is in a group when the GPO is activated then that GPO is applied to the computer. If the GPO is one that requires authentication, and the other computers have not yet received their GPOs, the computer that uses the new GPO might not be able to communicate with the others.
-
- 
+>**Caution:**  Do not add devices to your groups yet. If a device is in a group when the GPO is activated then that GPO is applied to the device. If the GPO is one that requires authentication, and the other devices have not yet received their GPOs, the device that uses the new GPO might not be able to communicate with the others.
 
 Universal groups are the best option to use for GPO assignment because they apply to the whole forest and reduce the number of groups that must be managed. However, if universal groups are unavailable, you can use domain global groups instead.
 
 The following table lists typical groups that can be used to manage the domain isolation zones discussed in the Woodgrove Bank example in this guide:
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Group name</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>CG_DOMISO_No_IPsec</p></td>
-<td><p>A universal group of computer accounts that do not participate in the IPsec environment. Typically consists of infrastructure computer accounts that will also be included in exemption lists.</p>
-<p>This group is used in security group filters to ensure that GPOs with IPsec rules are not applied to group members.</p></td>
-</tr>
-<tr class="even">
-<td><p>CG_DOMISO_IsolatedDomain</p></td>
-<td><p>A universal group of computer accounts that contains the members of the isolated domain.</p>
-<p>During the early days of testing, this group might contain only a very small number of computers. During production, it might contain the built-in <strong>Domain Computers</strong> group to ensure that every computer in the domain participates.</p>
-<p>Members of this group receive the domain isolation GPO that requires authentication for inbound connections.</p></td>
-</tr>
-<tr class="odd">
-<td><p>CG_DOMISO_Boundary</p></td>
-<td><p>A universal group of computer accounts that contains the members of the boundary zone.</p>
-<p>Members of this group receive a GPO that specifies that authentication is requested, but not required.</p></td>
-</tr>
-<tr class="even">
-<td><p>CG_DOMISO_Encryption</p></td>
-<td><p>A universal group of computer accounts that contains the members of the encryption zone.</p>
-<p>Members of this group receive a GPO that specifies that both authentication and encryption are required for all inbound connections.</p></td>
-</tr>
-<tr class="odd">
-<td><p>CG_SRVISO_<em>ServerRole</em></p></td>
-<td><p>A universal group of computer accounts that contains the members of the server isolation group.</p>
-<p>Members of this group receive the server isolation GPO that requires membership in a network access group in order to connect.</p>
-<p>There will be one group for each set of servers that have different user and computer restriction requirements.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
+| Group name | Description |
+| - | - |
+| CG_DOMISO_No_IPsec | A universal group of device accounts that do not participate in the IPsec environment. Typically consists of infrastructure device accounts that will also be included in exemption lists.<br/>This group is used in security group filters to ensure that GPOs with IPsec rules are not applied to group members.|
+| CG_DOMISO_IsolatedDomain | A universal group of device accounts that contains the members of the isolated domain.<br/>During the early days of testing, this group might contain only a very small number of devices. During production, it might contain the built-in **Domain Computers** group to ensure that every device in the domain participates.<br/>Members of this group receive the domain isolation GPO that requires authentication for inbound connections.| 
+| CG_DOMISO_Boundary | A universal group of device accounts that contains the members of the boundary zone.<br/><p>Members of this group receive a GPO that specifies that authentication is requested, but not required.| 
+| CG_DOMISO_Encryption | A universal group of device accounts that contains the members of the encryption zone.<br/>Members of this group receive a GPO that specifies that both authentication and encryption are required for all inbound connections. 
+| CG_SRVISO_*ServerRole* | A universal group of device accounts that contains the members of the server isolation group.<br/>Members of this group receive the server isolation GPO that requires membership in a network access group in order to connect.<br/>There will be one group for each set of servers that have different user and device restriction requirements. |
 
 Multiple GPOs might be delivered to each group. Which one actually becomes applied depends on the security group filters assigned to the GPOs in addition to the results of any WMI filtering assigned to the GPOs. Details of the GPO layout are discussed in the section [Planning the GPOs](planning-the-gpos.md).
 
-If multiple GPOs are assigned to a group, and similar rules are applied, the rule that most specifically matches the network traffic is the one that is used by the computer. For example, if one IPsec rule says to request authentication for all IP traffic, and a second rule from a different GPO says to require authentication for IP traffic to and from a specific IP address, then the second rule takes precedence because it is more specific.
+If multiple GPOs are assigned to a group, and similar rules are applied, the rule that most specifically matches the network traffic is the one that is used by the device. For example, if one IPsec rule says to request authentication for all IP traffic, and a second rule from a different GPO says to require authentication for IP traffic to and from a specific IP address, then the second rule takes precedence because it is more specific.
 
 **Next: **[Planning Network Access Groups](planning-network-access-groups.md)
 
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/planning-network-access-groups.md b/windows/keep-secure/planning-network-access-groups.md
index e96e8d26f2..4d9b002e7c 100644
--- a/windows/keep-secure/planning-network-access-groups.md
+++ b/windows/keep-secure/planning-network-access-groups.md
@@ -2,67 +2,32 @@
 title: Planning Network Access Groups (Windows 10)
 description: Planning Network Access Groups
 ms.assetid: 56ea1717-1731-4a5d-b277-5a73eb86feb0
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning Network Access Groups
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-A network access group (NAG) is used to identify users and computers that have permission to access an isolated server. The server is configured with firewall rules that allow only network connections that are authenticated as originating from a computer, and optionally a user, whose accounts are members of its NAG. A member of the isolated domain can belong to as many NAGs as required.
+A network access group (NAG) is used to identify users and devices that have permission to access an isolated server. The server is configured with firewall rules that allow only network connections that are authenticated as originating from a device, and optionally a user, whose accounts are members of its NAG. A member of the isolated domain can belong to as many NAGs as required.
 
-Minimize the number of NAGs to limit the complexity of the solution. You need one NAG for each server isolation group to restrict the computers or users that are granted access. You can optionally split the NAG into two different groups: one for authorized computers and one for authorized users.
+Minimize the number of NAGs to limit the complexity of the solution. You need one NAG for each server isolation group to restrict the devices or users that are granted access. You can optionally split the NAG into two different groups: one for authorized devices and one for authorized users.
 
 The NAGs that you create and populate become active by referencing them in the **Users and Computers** tab of the firewall rules in the GPO assigned to the isolated servers. The GPO must also contain connection security rules that require authentication to supply the credentials checked for NAG membership.
 
-For the Woodgrove Bank scenario, access to the computers running SQL Server that support the WGBank application are restricted to the WGBank front-end servers and to approved administrative users logged on to specific authorized administrative computers. They are also only accessed by the approved admin users and the service account that is used to the run the WGBank front end service.
+For the Woodgrove Bank scenario, access to the devices running SQL Server that support the WGBank application are restricted to the WGBank front-end servers and to approved administrative users logged on to specific authorized administrative devices. They are also only accessed by the approved admin users and the service account that is used to the run the WGBank front end service.
 
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>NAG Name</th>
-<th>NAG Member Users, Computers, or Groups</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td><p>CG_NAG_<em>ServerRole</em>_Users</p></td>
-<td><p>Svr1AdminA</p>
-<p>Svr1AdminB</p>
-<p>Group_AppUsers</p>
-<p>AppSvcAccount</p></td>
-<td><p>This group is for all users who are authorized to make inbound IPsec connections to the isolated servers in this zone.</p></td>
-</tr>
-<tr class="even">
-<td><p>CG_NAG_<em>ServerRole</em>_Computers</p></td>
-<td><p>Desktop1</p>
-<p>Desktop2</p>
-<p>AdminDT1</p>
-<p>AppAdminDT1</p></td>
-<td><p>This group contains all computers that are authorized to make inbound IPsec connections to the isolated servers in this zone.</p></td>
-</tr>
-</tbody>
-</table>
+| NAG Name | NAG Member Users, Computers, or Groups | Description |
+| - | - | - |
+| CG_NAG_*ServerRole*_Users| Svr1AdminA<br/>Svr1AdminB<br/>Group_AppUsers<br/>AppSvcAccount| This group is for all users who are authorized to make inbound IPsec connections to the isolated servers in this zone.|
+| CG_NAG_*ServerRole*_Computers| Desktop1<br/>Desktop2<br/>AdminDT1<br/>AppAdminDT1| This group contains all devices that are authorized to make inbound IPsec connections to the isolated servers in this zone.| 
 
- 
-
-**Note**  
-Membership in a NAG does not control the level of IPsec traffic protection. The IKE negotiation is only aware of whether the computer or user passed or failed the Kerberos V5 authentication process. The connection security rules in the applied GPO control the security methods that are used for protecting traffic and are independent of the identity being authenticated by Kerberos V5.
-
- 
+>**Note:**  Membership in a NAG does not control the level of IPsec traffic protection. The IKE negotiation is only aware of whether the device or user passed or failed the Kerberos V5 authentication process. The connection security rules in the applied GPO control the security methods that are used for protecting traffic and are independent of the identity being authenticated by Kerberos V5.
 
 **Next: **[Planning the GPOs](planning-the-gpos.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/planning-server-isolation-zones.md b/windows/keep-secure/planning-server-isolation-zones.md
index dc95031002..12688b93c9 100644
--- a/windows/keep-secure/planning-server-isolation-zones.md
+++ b/windows/keep-secure/planning-server-isolation-zones.md
@@ -2,45 +2,46 @@
 title: Planning Server Isolation Zones (Windows 10)
 description: Planning Server Isolation Zones
 ms.assetid: 5f63c929-589e-4b64-82ea-515d62765b7b
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning Server Isolation Zones
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Sometimes a server hosts data that is sensitive. If your servers host data that must not be compromised, you have several options to help protect that data. One was already addressed: adding the server to the encryption zone. Membership in that zone prevents the server from being accessed by any computers that are outside the isolated domain, and encrypts all network connections to server.
+Sometimes a server hosts data that is sensitive. If your servers host data that must not be compromised, you have several options to help protect that data. One was already addressed: adding the server to the encryption zone. Membership in that zone prevents the server from being accessed by any devices that are outside the isolated domain, and encrypts all network connections to server.
 
-The second option is to additionally restrict access to the server, not just to members of the isolated domain, but to only those users or computers who have business reasons to access the resources on the server. You can specify only approved users, or you can additionally specify that the approved users can only access the server from approved computers.
+The second option is to additionally restrict access to the server, not just to members of the isolated domain, but to only those users or devices who have business reasons to access the resources on the server. You can specify only approved users, or you can additionally specify that the approved users can only access the server from approved devices.
 
-To grant access, you add the approved user and computer accounts to network access groups (NAGs) that are referenced in a firewall rule on this server. When the user sends a request to the server, the standard domain isolation rules are invoked. This causes IKE to use Kerberos V5 to exchange credentials with the server. The additional firewall rule on the server causes Windows to check the provided computer and user accounts for group membership in the NAGs. If either the user or computer is not a member of a required NAG then the network connection is refused.
+To grant access, you add the approved user and device accounts to network access groups (NAGs) that are referenced in a firewall rule on this server. When the user sends a request to the server, the standard domain isolation rules are invoked. This causes IKE to use Kerberos V5 to exchange credentials with the server. The additional firewall rule on the server causes Windows to check the provided device and user accounts for group membership in the NAGs. If either the user or device is not a member of a required NAG then the network connection is refused.
 
 ## Isolated domains and isolated servers
 
+If you are using an isolated domain, the client devices already have the IPsec rules to enable them to authenticate traffic when the server requires it. If you add an isolated server, it must have a GPO applied to its group with the appropriate connection security and firewall rules. The rules enforce authentication and restrict access to only connections that are authenticated as coming from an authorized device or user.
 
-If you are using an isolated domain, the client computers already have the IPsec rules to enable them to authenticate traffic when the server requires it. If you add an isolated server, it must have a GPO applied to its group with the appropriate connection security and firewall rules. The rules enforce authentication and restrict access to only connections that are authenticated as coming from an authorized computer or user.
-
-If you are not using an isolated domain, but still want to isolate a server that uses IPsec, you must configure the client computers that you want to access the server to use the appropriate IPsec rules. If the client computers are members of an Active Directory domain, you can still use Group Policy to configure the clients. Instead of applying the GPO to the whole domain, you apply the GPO to only members of the NAG.
+If you are not using an isolated domain, but still want to isolate a server that uses IPsec, you must configure the client devices that you want to access the server to use the appropriate IPsec rules. If the client devices are members of an Active Directory domain, you can still use Group Policy to configure the clients. Instead of applying the GPO to the whole domain, you apply the GPO to only members of the NAG.
 
 ## Creating multiple isolated server zones
 
-
 Each set of servers that must be accessed by different sets of users should be set up in its own isolated server zone. After one set of GPOs for one isolated server zone has been successfully created and verified, you can copy the GPOs to a new set. You must change the GPO names to reflect the new zone, the name and membership of the isolated server zone group to which the GPOs are applied, and the names and membership of the NAG groups that determine which clients can access the servers in the isolated server zone.
 
 ## Creating the GPOs
 
-
 Creation of the groups and how to link them to the GPOs that apply the rules to members of the groups are discussed in the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
 An isolated server is often a member of the encryption zone. Therefore, copying that GPO set serves as a good starting point. You then modify the rules to additionally restrict access to only NAG members.
 
-### GPO settings for isolated servers running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008
+### GPO settings for isolated servers running at least Windows Server 2008
 
-GPOs for computers running Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008 should include the following:
+GPOs for devices running at least Windows Server 2008 should include the following:
 
-**Note**  
-The connection security rules described here are identical to the ones for the encryption zone. If you do not want to encrypt access and also restrict access to NAG members, you can use connection security rules identical to the main isolated domain. You must still add the firewall rule described at the end of this list to change it into an isolated server zone.
-
- 
+>**Note:**  The connection security rules described here are identical to the ones for the encryption zone. If you do not want to encrypt access and also restrict access to NAG members, you can use connection security rules identical to the main isolated domain. You must still add the firewall rule described at the end of this list to change it into an isolated server zone.
 
 -   IPsec default settings that specify the following options:
 
@@ -52,37 +53,22 @@ The connection security rules described here are identical to the ones for the e
 
         If any NAT devices are present on your networks, do not use AH because it cannot traverse NAT devices. If isolated servers must communicate with hosts in the encryption zone, include an algorithm that is compatible with the requirements of the encryption zone GPOs.
 
-    4.  Authentication methods. Include at least computer-based Kerberos V5 authentication for compatibility with the rest of the isolated domain. If you want to restrict access to specific user accounts, also include user-based Kerberos V5 authentication as an optional authentication method. Do not make the user-based authentication method mandatory, or else computers that cannot use AuthIP instead of IKE, including Windows XP and Windows Server 2003, cannot communicate. Likewise, if any of your domain isolation members cannot use Kerberos V5, include certificate-based authentication as an optional authentication method.
+    4.  Authentication methods. Include at least device-based Kerberos V5 authentication for compatibility with the rest of the isolated domain. If you want to restrict access to specific user accounts, also include user-based Kerberos V5 authentication as an optional authentication method. Do not make the user-based authentication method mandatory, or else devices that cannot use AuthIP instead of IKE, including Windows XP and Windows Server 2003, cannot communicate. Likewise, if any of your domain isolation members cannot use Kerberos V5, include certificate-based authentication as an optional authentication method.
 
 -   The following connection security and firewall rules:
 
-    -   A connection security rule that exempts all computers on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, if applicable in your environment.
+    -   A connection security rule that exempts all devices on the exemption list from authentication. Be sure to include all your Active Directory domain controllers on this list. Enter subnet addresses, if applicable in your environment.
 
     -   A connection security rule, from **Any IP address** to **Any IP address**, that requires inbound and requests outbound authentication by using Kerberos V5 authentication.
 
-        **Important**  
-        Be sure to begin operations by using request in and request out behavior until you are sure that all the computers in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the GPO to require in, request out.
+        >**Important:**  Be sure to begin operations by using request in and request out behavior until you are sure that all the devices in your IPsec environment are communicating successfully by using IPsec. After confirming that IPsec is operating as expected, you can change the GPO to require in, request out.
 
-         
-
-    -   A firewall rule that specifies **Allow only secure connections**, **Require encryption**, and on the **Users and Computers** tab includes references to both computer and user network access groups.
+    -   A firewall rule that specifies **Allow only secure connections**, **Require encryption**, and on the **Users and Computers** tab includes references to both device and user network access groups.
 
 -   A registry policy that includes the following values:
 
     -   Enable PMTU discovery. Enabling this setting allows TCP/IP to dynamically determine the largest packet size supported across a connection. The value is found at HKLM\\System\\CurrentControlSet\\Services\\TCPIP\\Parameters\\EnablePMTUDiscovery (dword). The sample GPO preferences XML file in [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md) sets the value to **1**.
 
-    **Note**  
-    For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
-
-     
+    >**Note:**  For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md).
 
 **Next: **[Planning Certificate-based Authentication](planning-certificate-based-authentication.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md b/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
index 4609526945..4fcbd977dc 100644
--- a/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
@@ -2,22 +2,26 @@
 title: Planning Settings for a Basic Firewall Policy (Windows 10)
 description: Planning Settings for a Basic Firewall Policy
 ms.assetid: 4c90df5a-3cbc-4b85-924b-537c2422d735
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning Settings for a Basic Firewall Policy
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-After you have identified your requirements, and have the information about the network layout and computers available, you can begin to design the GPO settings and rules that will enable you to enforce your requirements on the computers.
+After you have identified your requirements, and have the information about the network layout and devices available, you can begin to design the GPO settings and rules that will enable you to enforce your requirements on the devices.
 
 The following is a list of the firewall settings that you might consider for inclusion in a basic firewall design, together with recommendations to serve as a starting point for your analysis:
 
--   **Profile selection**. The firewall rules can be configured for any of the network location profiles that you see in the Network and Sharing Center: **Domain**, **Public**, and **Private** (on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2). Most settings are enforced in the Domain profile, without an option for the user to change them. However, you might want to leave the profile settings configurable by the user on computers that can be taken from the organization's physical network and joined to a public or home network. If you lock down the public and private profiles, you might prevent a user from accessing a required network program or service. Because they are not on the organization's network, you cannot fix a connectivity problem by deploying rule changes in a GPO. For each section that follows, consider each profile and apply the rules to those profiles that make sense for your organization.
+-   **Profile selection**. The firewall rules can be configured for any of the network location profiles that you see in the Network and Sharing Center: **Domain**, **Public**, and **Private**. Most settings are enforced in the Domain profile, without an option for the user to change them. However, you might want to leave the profile settings configurable by the user on devices that can be taken from the organization's physical network and joined to a public or home network. If you lock down the public and private profiles, you might prevent a user from accessing a required network program or service. Because they are not on the organization's network, you cannot fix a connectivity problem by deploying rule changes in a GPO. For each section that follows, consider each profile and apply the rules to those profiles that make sense for your organization.
 
-    **Important**  
-    We recommend that on server computers that you set all rules for all profiles to prevent any unexpected profile switch from disrupting network connectivity. You might consider a similar practice for your desktop computers, and only support different profiles on portable computers.
-
-     
+    >**Important:**  We recommend that on server devices that you set all rules for all profiles to prevent any unexpected profile switch from disrupting network connectivity. You might consider a similar practice for your desktop devices, and only support different profiles on portable devices.
 
 -   **Firewall state: On**. We recommend that you prevent the user from turning it off.
 
@@ -35,24 +39,12 @@ The following is a list of the firewall settings that you might consider for inc
 
 -   **Logging**. We recommend that you enable logging to a file on the local hard disk. Be sure to limit the size, such as 4096 KB, to avoid causing performance problems by filling the user's hard disk. Be sure to specify a folder to which the Windows Firewall service account has write permissions.
 
--   **Inbound rules**. Create inbound rules for programs that must be able to receive unsolicited inbound network packets from another computer on the network. Make the rules as specific as possible to reduce the risk of malicious programs exploiting the rules. For example, specify both program and port numbers. Specifying a program ensures that the rule is only active when the program is actually running, and specifying the port number ensures that the program cannot receive unexpected traffic on a different port.
+-   **Inbound rules**. Create inbound rules for programs that must be able to receive unsolicited inbound network packets from another device on the network. Make the rules as specific as possible to reduce the risk of malicious programs exploiting the rules. For example, specify both program and port numbers. Specifying a program ensures that the rule is only active when the program is actually running, and specifying the port number ensures that the program cannot receive unexpected traffic on a different port.
 
-    Inbound rules are common on servers, because they host services to which client computers connect. When you install programs and services on a server, the installation program typically creates and enables the rules for you. Examine the rules to ensure that they do not open up more ports than are required.
+    Inbound rules are common on servers, because they host services to which client devices connect. When you install programs and services on a server, the installation program typically creates and enables the rules for you. Examine the rules to ensure that they do not open up more ports than are required.
 
-    **Important**  
-    If you create inbound rules that permit RPC network traffic by using the **RPC Endpoint Mapper** and **Dynamic RPC** rule options, then all inbound RPC network traffic is permitted because the firewall cannot filter network traffic based on the UUID of the destination application.
-
-     
+    >**Important:**  If you create inbound rules that permit RPC network traffic by using the **RPC Endpoint Mapper** and **Dynamic RPC** rule options, then all inbound RPC network traffic is permitted because the firewall cannot filter network traffic based on the UUID of the destination application.
 
 -   **Outbound rules**. Only create outbound rules to block network traffic that must be prevented in all cases. If your organization prohibits the use of certain network programs, you can support that policy by blocking the known network traffic used by the program. Be sure to test the restrictions before you deploy them to avoid interfering with traffic for needed and authorized programs.
 
 **Next: **[Planning Domain Isolation Zones](planning-domain-isolation-zones.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/planning-the-gpos.md b/windows/keep-secure/planning-the-gpos.md
index e2809e0d05..b22f0497cd 100644
--- a/windows/keep-secure/planning-the-gpos.md
+++ b/windows/keep-secure/planning-the-gpos.md
@@ -2,45 +2,45 @@
 title: Planning the GPOs (Windows 10)
 description: Planning the GPOs
 ms.assetid: 11949ca3-a11c-4a16-b297-0862432eb5b4
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning the GPOs
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-When you plan the GPOs for your different isolation zones, you must complete the layout of the required zones and their mappings to the groups that link the computers to the zones.
+When you plan the GPOs for your different isolation zones, you must complete the layout of the required zones and their mappings to the groups that link the devices to the zones.
 
 ## General considerations
 
-
 A few things to consider as you plan the GPOs:
 
--   Do not allow a computer to be a member of more than one isolation zone. A computer in more than one zone receives multiple and possibly contradictory GPOs. This can result in unexpected, and difficult to troubleshoot behavior.
+-   Do not allow a device to be a member of more than one isolation zone. A device in more than one zone receives multiple and possibly contradictory GPOs. This can result in unexpected, and difficult to troubleshoot behavior.
 
     The examples in this guide show GPOs that are designed to prevent the requirement to belong to multiple zones.
 
--   Ensure that the IPsec algorithms you specify in your GPOs are compatible across all the versions of Windows. The same principle applies to the data integrity and encryption algorithms. We recommend that you include the more advanced algorithms when you have the option of selecting several in an ordered list. The computers will negotiate down from the top of their lists, selecting one that is configured on both computers. So a computer that is running Windows Vista that is connected to a server that is running Windows Server 2012 can communicate by using a much more secure algorithm.
+-   Ensure that the IPsec algorithms you specify in your GPOs are compatible across all the versions of Windows. The same principle applies to the data integrity and encryption algorithms. We recommend that you include the more advanced algorithms when you have the option of selecting several in an ordered list. The devices will negotiate down from the top of their lists, selecting one that is configured on both devices.
 
 -   The primary difference in your domain isolation GPOs is whether the rules request or require authentication.
 
-    **Caution**  
-    It is **critical** that you begin with all your GPOs set to request authentication instead of requiring it. Since the GPOs are delivered to the computers over time, applying a require policy to one computer breaks its ability to communicate with another computer that has not yet received its policy. Using request mode at the beginning enables computers to continue communicating by using plaintext connections if required. After you confirm that your computers are using IPsec where expected, you can schedule a conversion of the rules in the GPOs from requesting to requiring authentication, as required by each zone.
+    >**Caution:**  It is **critical** that you begin with all your GPOs set to request authentication instead of requiring it. Since the GPOs are delivered to the devices over time, applying a require policy to one device breaks its ability to communicate with another device that has not yet received its policy. Using request mode at the beginning enables devices to continue communicating by using plaintext connections if required. After you confirm that your devices are using IPsec where expected, you can schedule a conversion of the rules in the GPOs from requesting to requiring authentication, as required by each zone.
 
-     
+-   Windows Firewall with Advanced Security in Windows Vista and Windows Server 2008 only support one network location profile at a time. If you add a second network adapter that is connected to a different network, or not connected at all, you could unintentionally change the profile that is currently active on the device. If your GPO specifies different firewall and connection security rules based on the current network location profile, the behavior of how the device handles network traffic will change accordingly. We recommend for stationary devices, such as desktops and servers, that you assign any rule for the device to all profiles. Apply GPOs that change rules per network location to devices that must move between networks, such as your portable devices. Consider creating a separate domain isolation GPO for your servers that uses the same settings as the GPO for the clients, except that the server GPO specifies the same rules for all network location profiles.
 
--   Windows Firewall with Advanced Security in Windows Vista and Windows Server 2008 only support one network location profile at a time. If you add a second network adapter that is connected to a different network, or not connected at all, you could unintentionally change the profile that is currently active on the computer. If your GPO specifies different firewall and connection security rules based on the current network location profile, the behavior of how the computer handles network traffic will change accordingly. We recommend for stationary computers, such as desktops and servers, that you assign any rule for the computer to all profiles. Apply GPOs that change rules per network location to computers that must move between networks, such as your portable computers. Consider creating a separate domain isolation GPO for your servers that uses the same settings as the GPO for the clients, except that the server GPO specifies the same rules for all network location profiles. For more information, see Network Location Types at <http://go.microsoft.com/fwlink/?linkid=110826>.
-
-    **Note**  
-    Computers running Windows 8, Windows 7, Windows Server 2012, and Windows Server 2008 R2 support different network location types, and therefore profiles, for each network adapter at the same time. Each network adapter is assigned the network location appropriate for the network to which it is connected. Windows Firewall then enforces only those rules that apply to that network type’s profile. So certain types of traffic are blocked when coming from a network adapter connected to a public network, but those same types might be permitted when coming from a private or domain network.
-
-     
+    >**Note:**  Devices running Windows 7, Windows Server 2008 R2, and later support different network location types, and therefore profiles, for each network adapter at the same time. Each network adapter is assigned the network location appropriate for the network to which it is connected. Windows Firewall then enforces only those rules that apply to that network type’s profile. So certain types of traffic are blocked when coming from a network adapter connected to a public network, but those same types might be permitted when coming from a private or domain network.
 
 After considering these issues, document each GPO that you require, and the details about the connection security and firewall rules that it needs.
 
 ## Woodgrove Bank example GPOs
 
 
-The Woodgrove Bank example uses the following set of GPOs to support its domain isolation requirements. This section only discusses the rules and settings for server and domain isolation. GPO settings that affect which computers receive the GPO, such as security group filtering and WMI filtering, are discussed in the [Planning GPO Deployment](planning-gpo-deployment.md) section.
+The Woodgrove Bank example uses the following set of GPOs to support its domain isolation requirements. This section only discusses the rules and settings for server and domain isolation. GPO settings that affect which devices receive the GPO, such as security group filtering and WMI filtering, are discussed in the [Planning GPO Deployment](planning-gpo-deployment.md) section.
 
 In this section you can find information about the following:
 
@@ -53,12 +53,3 @@ In this section you can find information about the following:
 -   [Encryption Zone GPOs](encryption-zone-gpos.md)
 
 -   [Server Isolation GPOs](server-isolation-gpos.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
index e044483cf2..1801d2a86a 100644
--- a/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -2,20 +2,26 @@
 title: Planning to Deploy Windows Firewall with Advanced Security (Windows 10)
 description: Planning to Deploy Windows Firewall with Advanced Security
 ms.assetid: 891a30c9-dbf5-4a88-a279-00662b9da48e
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning to Deploy Windows Firewall with Advanced Security
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 After you collect information about your environment and decide on a design by following the guidance in the [Windows Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md), you can begin to plan the deployment of your design. With the completed design and the information in this topic, you can determine which tasks to perform to deploy Windows Firewall with Advanced Security in your organization.
 
 ## Reviewing your Windows Firewall with Advanced Security Design
 
-
 If the design team that created the Windows Firewall with Advanced Security design for your organization is different from the deployment team that will implement it, make sure that the deployment team reviews the final design with the design team. Review the following points:
 
--   The design team's strategy for determining how WMI and security group filters attached to the GPOs will determine which computers apply to which GPO. The deployment team can refer to the following topics in the Windows Firewall with Advanced Security Design Guide:
+-   The design team's strategy for determining how WMI and security group filters attached to the GPOs will determine which devices apply to which GPO. The deployment team can refer to the following topics in the Windows Firewall with Advanced Security Design Guide:
 
     -   [Planning Isolation Groups for the Zones](planning-isolation-groups-for-the-zones.md)
 
@@ -23,13 +29,13 @@ If the design team that created the Windows Firewall with Advanced Security desi
 
     -   [Planning GPO Deployment](planning-gpo-deployment.md)
 
--   The communication to be allowed between members of each of the zones in the isolated domain and computers that are not part of the isolated domain or members of the isolated domain's exemption list.
+-   The communication to be allowed between members of each of the zones in the isolated domain and devices that are not part of the isolated domain or members of the isolated domain's exemption list.
 
 -   The recommendation that domain controllers are exempted from IPsec authentication requirements. If they are not exempt and authentication fails, then domain clients might not be able to receive Group Policy updates to the IPsec connection security rules from the domain controllers.
 
--   The rationale for configuring all IPsec authentication rules to request, not require, authentication until the successful negotiation of IPsec has been confirmed. If the rules are set to require authentication before confirming that authentication is working correctly, then communications between computers might fail. If the rules are set to request authentication only, then an IPsec authentication failure results in fall-back-to-clear behavior, so communications can continue while the authentication failures are investigated.
+-   The rationale for configuring all IPsec authentication rules to request, not require, authentication until the successful negotiation of IPsec has been confirmed. If the rules are set to require authentication before confirming that authentication is working correctly, then communications between devices might fail. If the rules are set to request authentication only, then an IPsec authentication failure results in fall-back-to-clear behavior, so communications can continue while the authentication failures are investigated.
 
--   The requirement that all computers that must communicate with each other share a common set of:
+-   The requirement that all devices that must communicate with each other share a common set of:
 
     -   Authentication methods
 
@@ -37,15 +43,6 @@ If the design team that created the Windows Firewall with Advanced Security desi
 
     -   Quick mode data integrity algorithms
 
-    If at least one set of each does not match between two computers, then the computers cannot successfully communicate.
+    If at least one set of each does not match between two devices, then the devices cannot successfully communicate.
 
 After the design and deployment teams agree on these issues, they can proceed with the deployment of the Windows Firewall with Advanced Security design. For more information, see [Implementing Your Windows Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md).
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md b/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
index 4c5d9ec780..c800eca94d 100644
--- a/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
@@ -2,43 +2,47 @@
 title: Planning Your Windows Firewall with Advanced Security Design (Windows 10)
 description: Planning Your Windows Firewall with Advanced Security Design
 ms.assetid: f3ac3d49-ef4c-4f3c-a16c-e107284e169f
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Planning Your Windows Firewall with Advanced Security Design
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 After you have gathered the relevant information in the previous sections, and understand the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs.
 
 ## Basic firewall design
 
-
-We recommend that you deploy at least the basic firewall design. As discussed in the [Protect Computers from Unwanted Network Traffic](protect-computers-from-unwanted-network-traffic.md) section, host-based firewalls are an important element in a defense-in-depth strategy and complement most other security measures you put in place in your organization.
+We recommend that you deploy at least the basic firewall design. As discussed in the [Protect Devices from Unwanted Network Traffic](protect-devices-from-unwanted-network-traffic.md) section, host-based firewalls are an important element in a defense-in-depth strategy and complement most other security measures you put in place in your organization.
 
 When you are ready to examine the options for firewall policy settings, see the [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md) section.
 
 ## Algorithm and method support and selection
 
-
-To create a domain isolation or server isolation design, you must understand the algorithms available in each version of Windows, as well as their relative strengths. To review the algorithms and methods supported in versions of the Windows operating system, see IPsec Algorithms and Methods Supported in Windows (<http://go.microsoft.com/fwlink/?linkid=129230>).
+To create a domain isolation or server isolation design, you must understand the algorithms available in each version of Windows, as well as their relative strengths.
 
 ## IPsec performance considerations
 
+Although IPsec is critically important in securing network traffic going to and from your devices, there are costs associated with its use. The mathematically intensive cryptographic algorithms require a significant amount of computing power, which can prevent your device from making use of all of the available bandwidth. For example, an IPsec-enabled device using the AES encryption protocols on a 10 gigabits per second (Gbps) network link might see a throughput of 4.5 Gbps. This is due to the demands placed on the CPU to perform the cryptographic functions required by the IPsec integrity and encryption algorithms.
 
-Although IPsec is critically important in securing network traffic going to and from your computers, there are costs associated with its use. The mathematically intensive cryptographic algorithms require a significant amount of computing power, which can prevent your computer from making use of all of the available bandwidth. For example, an IPsec-enabled computer using the AES encryption protocols on a 10 gigabits per second (Gbps) network link might see a throughput of 4.5 Gbps. This is due to the demands placed on the CPU to perform the cryptographic functions required by the IPsec integrity and encryption algorithms.
-
-IPsec task offload is a Windows technology that supports network adapters equipped with dedicated cryptographic processors to perform the computationally intensive work required by IPsec. This frees up a computer’s CPU and can dramatically increase network throughput. For the same network link as above, the throughput with IPsec task offload enabled improves to about 9.2 Gbps. For more information, see Improving Network Performance by Using IPsec Task Offload (<http://go.microsoft.com/fwlink/?linkid=129229>).
+IPsec task offload is a Windows technology that supports network adapters equipped with dedicated cryptographic processors to perform the computationally intensive work required by IPsec. This frees up a device’s CPU and can dramatically increase network throughput. For the same network link as above, the throughput with IPsec task offload enabled improves to about 9.2 Gbps.
 
 ## Domain isolation design
 
 
 Include this design in your plans:
 
--   If you have an Active Directory domain of which most of the computers are members.
+-   If you have an Active Directory domain of which most of the devices are members.
 
--   If you want to prevent the computers in your organization from accepting any unsolicited network traffic from computers that are not part of the domain.
+-   If you want to prevent the devices in your organization from accepting any unsolicited network traffic from devices that are not part of the domain.
 
-If you plan on including the basic firewall design as part of your deployment, we recommend that you deploy the firewall policies first to confirm that they work properly. Also plan to enable your connection security rules in request mode at first, instead of the more restrictive require mode, until you are sure that the computers are all correctly protecting network traffic with IPsec. If something is wrong, request mode still allows communications to continue while you are troubleshooting.
+If you plan on including the basic firewall design as part of your deployment, we recommend that you deploy the firewall policies first to confirm that they work properly. Also plan to enable your connection security rules in request mode at first, instead of the more restrictive require mode, until you are sure that the devices are all correctly protecting network traffic with IPsec. If something is wrong, request mode still allows communications to continue while you are troubleshooting.
 
 When you are ready to examine the options for creating an isolated domain, see the [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) section.
 
@@ -47,9 +51,9 @@ When you are ready to examine the options for creating an isolated domain, see t
 
 Include this design in your plans:
 
--   If you have an isolated domain and you want to additionally restrict access to specific servers to only authorized users and computers.
+-   If you have an isolated domain and you want to additionally restrict access to specific servers to only authorized users and devices.
 
--   You are not deploying an isolated domain, but want to take advantage of similar benefits for a few specific servers. You can restrict access to the isolated servers to only authorized users and computers.
+-   You are not deploying an isolated domain, but want to take advantage of similar benefits for a few specific servers. You can restrict access to the isolated servers to only authorized users and devices.
 
 If you plan to include domain isolation in your deployment, we recommend that you complete that layer and confirm its correct operation before you implement the additional server isolation elements.
 
@@ -60,37 +64,28 @@ When you are ready to examine the options for isolating servers, see the [Planni
 
 Include this design in your plans:
 
--   If you want to implement some of the elements of domain or server isolation on computers that are not joined to an Active Directory domain, or do not want to use domain membership as an authentication mechanism.
+-   If you want to implement some of the elements of domain or server isolation on devices that are not joined to an Active Directory domain, or do not want to use domain membership as an authentication mechanism.
 
--   You have an isolated domain and want to include a server that is not a member of the Active Directory domain because the computer is not running Windows, or for any other reason.
+-   You have an isolated domain and want to include a server that is not a member of the Active Directory domain because the device is not running Windows, or for any other reason.
 
--   You must enable external computers that are not managed by your organization to access information on one of your servers, and want to do this in a secure way.
+-   You must enable external devices that are not managed by your organization to access information on one of your servers, and want to do this in a secure way.
 
-If you plan to include domain or server isolation in your deployment, we recommend that you complete those elements and confirm their correct operation before you add certificate-based authentication to the computers that require it.
+If you plan to include domain or server isolation in your deployment, we recommend that you complete those elements and confirm their correct operation before you add certificate-based authentication to the devices that require it.
 
 When you are ready to examine the options for using certificate-based authentication, see the [Planning Certificate-based Authentication](planning-certificate-based-authentication.md) section.
 
 ## Documenting your design
 
 
-After you finish selecting the designs that you will use, you must assign each of your computers to the appropriate isolation zone and document the assignment for use by the deployment team.
+After you finish selecting the designs that you will use, you must assign each of your devices to the appropriate isolation zone and document the assignment for use by the deployment team.
 
 -   [Documenting the Zones](documenting-the-zones.md)
 
 ## Designing groups and GPOs
 
 
-After you have selected a design and assigned your computers to zones, you can begin laying out the isolation groups for each zone, the network access groups for isolated server access, and the GPOs that you will use to apply the settings and rules to your computers.
+After you have selected a design and assigned your devices to zones, you can begin laying out the isolation groups for each zone, the network access groups for isolated server access, and the GPOs that you will use to apply the settings and rules to your devices.
 
 When you are ready to examine the options for the groups, filters, and GPOs, see the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section.
 
 **Next: **[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
index 4a19f0dbf8..0a0d740794 100644
--- a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
@@ -15,7 +15,7 @@ author: brianlic-msft
 -   Windows 10
 -   Windows Server 2016 Technical Preview
 
-The use of authentication in the previously described goal ([Restrict Access to Only Trusted Computers](restrict-access-to-only-trusted-computers.md)) enables a device in the isolated domain to block traffic from untrusted devices. However, it does not prevent an untrusted device from eavesdropping on the network traffic shared between two trusted devices, because by default network packets are not encrypted.
+The use of authentication in the previously described goal ([Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) enables a device in the isolated domain to block traffic from untrusted devices. However, it does not prevent an untrusted device from eavesdropping on the network traffic shared between two trusted devices, because by default network packets are not encrypted.
 
 For devices that share sensitive information over the network, Windows Firewall with Advanced Security allows you to require that all such network traffic be encrypted. Using encryption can help you comply with regulatory and legislative requirements such as those found in the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other government and industry regulations. By creating connection security rules that apply to devices that host and exchange sensitive data, you can help protect the confidentiality of that data by encrypting it.
 
diff --git a/windows/keep-secure/server-isolation-gpos.md b/windows/keep-secure/server-isolation-gpos.md
index acfe57e0bb..149730d1a5 100644
--- a/windows/keep-secure/server-isolation-gpos.md
+++ b/windows/keep-secure/server-isolation-gpos.md
@@ -2,35 +2,30 @@
 title: Server Isolation GPOs (Windows 10)
 description: Server Isolation GPOs
 ms.assetid: c97b1f2f-51d8-4596-b38a-8a3f6f706be4
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Server Isolation GPOs
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-Each set of computers that have different users or computers accessing them require a separate server isolation zone. Each zone requires one GPO for each version of Windows running on computers in the zone. The Woodgrove Bank example has an isolation zone for their computers that run SQL Server. The server isolation zone is logically considered part of the encryption zone. Therefore, server isolation zone GPOs must also include rules for encrypting all isolated server traffic. Woodgrove Bank copied the encryption zone GPOs to serve as a starting point, and renamed them to reflect their new purpose.
+Each set of devices that have different users or devices accessing them require a separate server isolation zone. Each zone requires one GPO for each version of Windows running on devices in the zone. The Woodgrove Bank example has an isolation zone for their devices that run SQL Server. The server isolation zone is logically considered part of the encryption zone. Therefore, server isolation zone GPOs must also include rules for encrypting all isolated server traffic. Woodgrove Bank copied the encryption zone GPOs to serve as a starting point, and renamed them to reflect their new purpose.
 
-All of the computer accounts for computers in the SQL Server server isolation zone are added to the group CG\_SRVISO\_WGBANK\_SQL. This group is granted Read and Apply Group Policy permissions in on the GPOs described in this section. The GPOs are only for server versions of Windows. Client computers are not expected to be members of the server isolation zone, although they can access the servers in the zone by being a member of a network access group (NAG) for the zone.
+All of the device accounts for devices in the SQL Server server isolation zone are added to the group CG\_SRVISO\_WGBANK\_SQL. This group is granted Read and Apply Group Policy permissions in on the GPOs described in this section. The GPOs are only for server versions of Windows. Client devices are not expected to be members of the server isolation zone, although they can access the servers in the zone by being a member of a network access group (NAG) for the zone.
 
-## <a href="" id="gpo-srviso-ws2008"></a>GPO\_SRVISO\_WS2008
+## GPO\_SRVISO
 
 
-This GPO is identical to the GPO\_DOMISO\_Encryption\_WS2008 GPO with the following changes:
+This GPO is identical to the GPO\_DOMISO\_Encryption GPO with the following changes:
 
 -   The firewall rule that enforces encryption is modified to include the NAGs on the **Users and Computers** tab of the rule. The NAGs granted permission include CG\_NAG\_SQL\_Users and CG\_NAG\_SQL\_Computers.
 
-    **Important**  
-    Earlier versions of Windows support only computer-based authentication. If you specify that user authentication is mandatory, only users on computers that are running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008 can connect.
-
-     
+    >**Important:**  Earlier versions of Windows support only device-based authentication. If you specify that user authentication is mandatory, only users on devices that are running at least Windows Vista or Windows Server 2008 can connect.
 
 **Next: **[Planning GPO Deployment](planning-gpo-deployment.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md b/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
index 915d050d9a..5dabaedf02 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
@@ -2,19 +2,25 @@
 title: Windows Firewall with Advanced Security Deployment Guide (Windows 10)
 description: Windows Firewall with Advanced Security Deployment Guide
 ms.assetid: 56b51b97-1c38-481e-bbda-540f1216ad56
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Windows Firewall with Advanced Security Deployment Guide
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-You can use the Windows Firewall with Advanced Security MMC snap-in in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 to help protect the computers and the data that they share across a network.
+You can use the Windows Firewall with Advanced Security MMC snap-in with devices running at least Windows Vista or Windows Server 2008 to help protect the devices and the data that they share across a network.
 
-You can use Windows Firewall to control access to the computer from the network. You can create rules that allow or block network traffic in either direction based on your business requirements. You can also create IPsec connection security rules to help protect your data as it travels across the network from computer to computer.
+You can use Windows Firewall to control access to the device from the network. You can create rules that allow or block network traffic in either direction based on your business requirements. You can also create IPsec connection security rules to help protect your data as it travels across the network from device to device.
 
 ## About this guide
 
-
 This guide is intended for use by system administrators and system engineers. It provides detailed guidance for deploying a Windows Firewall with Advanced Security design that you or an infrastructure specialist or system architect in your organization has selected.
 
 Begin by reviewing the information in [Planning to Deploy Windows Firewall with Advanced Security](planning-to-deploy-windows-firewall-with-advanced-security.md).
@@ -33,44 +39,24 @@ After you select your design and gather the required information about the zones
 
 Use the checklists in [Implementing Your Windows Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md) to determine how best to use the instructions in this guide to deploy your particular design.
 
-**Caution**  
-We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the computers in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
-
-In a large enterprise environment with hundreds or thousands of GPOs, using this technique with too many GPOs can result in user or computer accounts that are members of an excessive number of groups; this can result in network connectivity problems if network protocol limits are exceeded. For more information about the problems associated with excessive group membership, see the following articles in the Microsoft Knowledge Base:
-
--   Article 327825, “New resolution for problems with Kerberos authentication when users belong to many groups” (<http://go.microsoft.com/fwlink/?linkid=128367>)
-
--   Article 263693 “Group Policy may not be applied to users belonging to many groups” (<http://go.microsoft.com/fwlink/?linkid=128368>)
-
--   Article 328889 “Users who are members of more than 1,015 groups may fail logon authentication” (<http://go.microsoft.com/fwlink/?linkid=128369>)
+>**Caution:**  We recommend that you use the techniques documented in this guide only for GPOs that must be deployed to the majority of the devices in your organization, and only when the OU hierarchy in your Active Directory domain does not match the deployment needs of these GPOs. These characteristics are typical of GPOs for server and domain isolation scenarios, but are not typical of most other GPOs. When the OU hierarchy supports it, deploy a GPO by linking it to the lowest level OU that contains all of the accounts to which the GPO applies.
 
+In a large enterprise environment with hundreds or thousands of GPOs, using this technique with too many GPOs can result in user or device accounts that are members of an excessive number of groups; this can result in network connectivity problems if network protocol limits are exceeded. 
  
-
 ## What this guide does not provide
 
-
 This guide does not provide:
 
 -   Guidance for creating firewall rules for specific network applications. For this information, see [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md) in the Windows Firewall with Advanced Security Design Guide.
 
--   Guidance for setting up Active Directory Domain Services (AD DS) to support Group Policy. For more information, see Active Directory Domain Services (<http://go.microsoft.com/fwlink/?linkid=102573>) and Group Policy (<http://go.microsoft.com/fwlink/?linkid=93542>).
+-   Guidance for setting up Active Directory Domain Services (AD DS) to support Group Policy.
 
--   Guidance for setting up certification authorities (CAs) to create certificates for certificate-based authentication. For this information, see Active Directory Certificate Services (<http://go.microsoft.com/fwlink/?linkid=110820>).
+-   Guidance for setting up certification authorities (CAs) to create certificates for certificate-based authentication.
 
 ## Overview of Windows Firewall with Advanced Security
 
+Windows Firewall with Advanced Security in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the device by allowing you to create rules that determine which network traffic is permitted to enter the device from the network and which network traffic the device is allowed to send to the network. Windows Firewall with Advanced Security also supports Internet Protocol security (IPsec), which you can use to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot be authenticated as a trusted device cannot communicate with your device. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
 
-Windows Firewall with Advanced Security in Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 is a stateful host firewall that helps secure the computer by allowing you to create rules that determine which network traffic is permitted to enter the computer from the network and which network traffic the computer is allowed to send to the network. Windows Firewall with Advanced Security also supports Internet Protocol security (IPsec), which you can use to require authentication from any computer that is attempting to communicate with your computer. When authentication is required, computers that cannot be authenticated as a trusted computer cannot communicate with your computer. You can also use IPsec to require that certain network traffic is encrypted to prevent it from being read by network packet analyzers that could be attached to the network by a malicious user.
-
-The Windows Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Firewall Control Panel program can protect a single computer in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
-
-For more information about Windows Firewall with Advanced Security, see [Windows Firewall with Advanced Security Overview](http://technet.microsoft.com/library/hh831365.aspx) at http://technet.microsoft.com/library/hh831365.aspx.
-
- 
-
- 
-
-
-
-
+The Windows Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Firewall Control Panel program can protect a single device in a home environment, it does not provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
 
+For more information about Windows Firewall with Advanced Security, see [Windows Firewall with Advanced Security Overview](windows-firewall-with-advanced-security.md).

From ec65ca848bf7efadab2e50f96d2b50f4064313cc Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 2 Jun 2016 14:37:45 -0700
Subject: [PATCH 74/92] updating for Windows 10

---
 windows/keep-secure/TOC.md                    | 37 ++++----
 ...ters-to-the-membership-group-for-a-zone.md | 84 -----------------
 ...ices-to-the-membership-group-for-a-zone.md | 83 ++++++++++++++++
 ...ters-to-the-membership-group-for-a-zone.md | 79 ----------------
 ...ices-to-the-membership-group-for-a-zone.md | 77 +++++++++++++++
 ...ssign-security-group-filters-to-the-gpo.md | 44 +++------
 ...ange-rules-from-request-to-require-mode.md | 42 +++------
 ...md => configure-authentication-methods.md} | 45 ++++-----
 ...re-data-protection-quick-mode-settings.md} | 24 ++---
 ...y-to-autoenroll-and-deploy-certificates.md | 20 ++--
 ...figure-key-exchange-main-mode-settings.md} | 51 ++++------
 ...figure-the-rules-to-require-encryption.md} | 32 +++----
 .../configure-the-windows-firewall-log.md     | 29 +++---
 ...on-authentication-certificate-template.md} | 27 +++---
 ...notifications-when-a-program-is-blocked.md | 32 ++-----
 ...hat-certificates-are-deployed-correctly.md | 46 ++++-----
 .../copy-a-gpo-to-create-a-new-gpo.md         | 26 +++--
 ...ate-a-group-account-in-active-directory.md | 25 ++---
 .../create-a-group-policy-object.md           | 27 ++----
 ...-an-authentication-exemption-list-rule.md} | 44 ++++-----
 ...-server-2008-and-windows-server-2008-r2.md | 94 -------------------
 .../create-an-authentication-request-rule.md  | 84 +++++++++++++++++
 ...8-r2.md => create-an-inbound-icmp-rule.md} | 35 +++----
 ...s-server-2008-or-windows-server-2008-r2.md | 75 ---------------
 .../create-an-inbound-port-rule.md            | 62 ++++++++++++
 ...ate-an-inbound-program-or-service-rule.md} | 47 +++-------
 ...-r2.md => create-an-outbound-port-rule.md} | 38 +++-----
 ...te-an-outbound-program-or-service-rule.md} | 40 +++-----
 ...=> create-inbound-rules-to-support-rpc.md} | 55 ++++-------
 .../create-wmi-filters-for-the-gpo.md         | 51 ++++------
 ...s-server-2008-or-windows-server-2008-r2.md | 47 ----------
 .../enable-predefined-inbound-rules.md        | 36 +++++++
 ...md => enable-predefined-outbound-rules.md} | 31 +++---
 ...-server-2008-and-windows-server-2008-r2.md | 39 --------
 .../exempt-icmp-from-authentication.md        | 30 ++++++
 ...l-active-directory-certificate-services.md | 77 ---------------
 .../keep-secure/link-the-gpo-to-the-domain.md | 26 +++--
 ...-a-different-zone-or-version-of-windows.md | 51 ++++------
 ...agement-console-to-ip-security-policies.md | 20 ++--
 ...windows-firewall-with-advanced-security.md | 22 ++---
 ...-management-console-to-windows-firewall.md | 22 ++---
 ...windows-firewall-with-advanced-security.md | 35 +++----
 .../procedures-used-in-this-guide.md          | 94 +++++++++----------
 ...erver-access-to-members-of-a-group-only.md | 36 +++----
 ...rt-a-command-prompt-as-an-administrator.md | 34 -------
 ...firewall-and-configure-default-behavior.md | 19 ++--
 ...y-that-network-traffic-is-authenticated.md | 48 ++++------
 47 files changed, 843 insertions(+), 1279 deletions(-)
 delete mode 100644 windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md
 create mode 100644 windows/keep-secure/add-production-devices-to-the-membership-group-for-a-zone.md
 delete mode 100644 windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md
 create mode 100644 windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md
 rename windows/keep-secure/{configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md => configure-authentication-methods.md} (70%)
 rename windows/keep-secure/{configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md => configure-data-protection-quick-mode-settings.md} (88%)
 rename windows/keep-secure/{configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md => configure-key-exchange-main-mode-settings.md} (57%)
 rename windows/keep-secure/{configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md => configure-the-rules-to-require-encryption.md} (56%)
 rename windows/keep-secure/{configure-the-workstation-authentication-certificate-templatewfas-dep.md => configure-the-workstation-authentication-certificate-template.md} (74%)
 rename windows/keep-secure/{create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md => create-an-authentication-exemption-list-rule.md} (50%)
 delete mode 100644 windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-an-authentication-request-rule.md
 rename windows/keep-secure/{create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md => create-an-inbound-icmp-rule.md} (59%)
 delete mode 100644 windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/create-an-inbound-port-rule.md
 rename windows/keep-secure/{create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md => create-an-inbound-program-or-service-rule.md} (57%)
 rename windows/keep-secure/{create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md => create-an-outbound-port-rule.md} (58%)
 rename windows/keep-secure/{create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md => create-an-outbound-program-or-service-rule.md} (60%)
 rename windows/keep-secure/{create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md => create-inbound-rules-to-support-rpc.md} (51%)
 delete mode 100644 windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/enable-predefined-inbound-rules.md
 rename windows/keep-secure/{enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md => enable-predefined-outbound-rules.md} (60%)
 delete mode 100644 windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
 create mode 100644 windows/keep-secure/exempt-icmp-from-authentication.md
 delete mode 100644 windows/keep-secure/install-active-directory-certificate-services.md
 delete mode 100644 windows/keep-secure/start-a-command-prompt-as-an-administrator.md

diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index e035651dd8..ac7b4a1617 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -477,13 +477,12 @@
 ######### [GPO_DOMISO_IsolatedDomain_Clients](gpo-domiso-isolateddomain-clients.md)
 ######### [GPO_DOMISO_IsolatedDomain_Servers](gpo-domiso-isolateddomain-servers.md)
 ######## [Boundary Zone GPOs](boundary-zone-gpos.md)
-######### [GPO_DOMISO_Boundary_WS2008](gpo-domiso-boundary-ws2008.md)
+######### [GPO_DOMISO_Boundary](gpo-domiso-boundary.md)
 ######## [Encryption Zone GPOs](encryption-zone-gpos.md)
-######### [GPO_DOMISO_Encryption_WS2008](gpo-domiso-encryption-ws2008.md)
+######### [GPO_DOMISO_Encryption](gpo-domiso-encryption.md)
 ######## [Server Isolation GPOs](server-isolation-gpos.md)
 ####### [Planning GPO Deployment](planning-gpo-deployment.md)
 ##### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
-##### [Additional Resources](additional-resources-wfasdesign.md)
 #### [Windows Firewall with Advanced Security Deployment Guide](windows-firewall-with-advanced-security-deployment-guide.md)
 ##### [Planning to Deploy Windows Firewall with Advanced Security](planning-to-deploy-windows-firewall-with-advanced-security.md)
 ##### [Implementing Your Windows Firewall with Advanced Security Design Plan](implementing-your-windows-firewall-with-advanced-security-design-plan.md)
@@ -506,11 +505,11 @@
 ###### [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)
 ###### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
 ###### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
-###### [Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
-###### [Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Configure Authentication Methods](configure-authentication-methods.md)
+###### [Configure Data Protection (Quick Mode) Settings](configure-data-protection--quick-mode--settings.md)
 ###### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
-###### [Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
-###### [Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange--main-mode--settings.md)
+###### [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
 ###### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
 ###### [Configure the Workstation Authentication Certificate Template[wfas_dep]](configure-the-workstation-authentication-certificate-templatewfas-dep.md)
 ###### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
@@ -518,18 +517,18 @@
 ###### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
 ###### [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
 ###### [Create a Group Policy Object](create-a-group-policy-object.md)
-###### [Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
-###### [Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
-###### [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
-###### [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
-###### [Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
-###### [Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
-###### [Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
-###### [Create Inbound Rules to Support RPC on Windows 8, Windows 7,  Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+###### [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)
+###### [Create an Authentication Request Rule](create-an-authentication-request-rule.md)
+###### [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
+###### [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
+###### [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)
+###### [Create an Outbound Port Rule](create-an-outbound-port-rule.md)
+###### [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
+###### [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
 ###### [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
-###### [Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
-###### [Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
-###### [Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+###### [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
+###### [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
+###### [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
 ###### [Install Active Directory Certificate Services](install-active-directory-certificate-services.md)
 ###### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
 ###### [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
@@ -538,10 +537,8 @@
 ###### [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
 ###### [Open Windows Firewall with Advanced Security](open-windows-firewall-with-advanced-security.md)
 ###### [Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)
-###### [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md)
 ###### [Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)
 ###### [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
-##### [Additional Resources[wfas_deploy]](additional-resourceswfas-deploy.md)
 ## [Enterprise security guides](windows-10-enterprise-security-guides.md)
 ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
 ### [Device Guard deployment guide](device-guard-deployment-guide.md)
diff --git a/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md
deleted file mode 100644
index cacc2910f5..0000000000
--- a/windows/keep-secure/add-production-computers-to-the-membership-group-for-a-zone.md
+++ /dev/null
@@ -1,84 +0,0 @@
----
-title: Add Production Computers to the Membership Group for a Zone (Windows 10)
-description: Add Production Computers to the Membership Group for a Zone
-ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
-author: brianlic-msft
----
-
-# Add Production Computers to the Membership Group for a Zone
-
-
-After you test the GPOs for your design on a small set of computers, you can deploy them to the production computers.
-
-**Caution**  
-For GPOs that contain connection security rules that prevent unauthenticated connections, be sure to set the rules to request, not require, authentication during testing. After you deploy the GPO and confirm that all of your computers are successfully communicating by using authenticated IPsec, then you can modify the GPO to require authentication. Do not change the boundary zone GPO to require mode.
-
- 
-
-The method discussed in this guide uses the **Domain Computers** built-in group. The advantage of this method is that all new computers that are joined to the domain automatically receive the isolated domain GPO. To do this successfully, you must make sure that the WMI filters and security group filters exclude computers that must not receive the GPOs. Use computer groups that deny both read and apply Group Policy permissions to the GPOs, such as a group used in the CG\_DOMISO\_NOIPSEC example design. Computers that are members of some zones must also be excluded from applying the GPOs for the main isolated domain. For more information, see the "Prevent members of a group from applying a GPO" section in [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md).
-
-Without such a group (or groups), you must either add computers individually or use the groups containing computer accounts that are available to you.
-
-**Administrative credentials**
-
-To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the membership of the group for the GPO.
-
-In this topic:
-
--   [Add the group Domain Computers to the GPO membership group](#bkmk-toadddomaincomputerstothegpomembershipgroup)
-
--   [Refresh Group Policy on the computers in the membership group](#bkmk-torefreshgrouppolicyonacomputer)
-
--   [Check which GPOs apply to a computer](#bkmk-toseewhatgposareappliedtoacomputer)
-
-## <a href="" id="bkmk-toadddomaincomputerstothegpomembershipgroup"></a>
-
-
-**To add domain computers to the GPO membership group**
-
-1.  On a computer that has the Active Directory management tools installed, click the **Start** charm, then click the **Active Directory Users and Computers** tile.
-
-2.  In the navigation pane, expand **Active Directory Users and Computers**, expand *YourDomainName*, and then the container in which you created the membership group.
-
-3.  In the details pane, double-click the GPO membership group to which you want to add computers.
-
-4.  Select the **Members** tab, and then click **Add**.
-
-5.  Type **Domain Computers** in the text box, and then click **OK**.
-
-6.  Click **OK** to close the group properties dialog box.
-
-After a computer is a member of the group, you can force a Group Policy refresh on the computer.
-
-## <a href="" id="bkmk-torefreshgrouppolicyonacomputer"></a>
-
-
-**To refresh Group Policy on a computer**
-
--   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
-
-    ``` syntax
-    gpupdate /target:computer /force
-    ```
-
-After Group Policy is refreshed, you can see which GPOs are currently applied to the computer.
-
-## <a href="" id="bkmk-toseewhatgposareappliedtoacomputer"></a>
-
-
-**To see which GPOs are applied to a computer**
-
--   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
-
-    ``` syntax
-    gpresult /r /scope:computer
-    ```
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-production-devices-to-the-membership-group-for-a-zone.md
new file mode 100644
index 0000000000..fc07133c99
--- /dev/null
+++ b/windows/keep-secure/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -0,0 +1,83 @@
+---
+title: Add Production Devices to the Membership Group for a Zone (Windows 10)
+description: Add Production Devices to the Membership Group for a Zone
+ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Add Production Devices to the Membership Group for a Zone
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+
+After you test the GPOs for your design on a small set of devices, you can deploy them to the production devices.
+
+**Caution**  
+For GPOs that contain connection security rules that prevent unauthenticated connections, be sure to set the rules to request, not require, authentication during testing. After you deploy the GPO and confirm that all of your devices are successfully communicating by using authenticated IPsec, then you can modify the GPO to require authentication. Do not change the boundary zone GPO to require mode.
+
+ 
+
+The method discussed in this guide uses the **Domain Computers** built-in group. The advantage of this method is that all new devices that are joined to the domain automatically receive the isolated domain GPO. To do this successfully, you must make sure that the WMI filters and security group filters exclude devices that must not receive the GPOs. Use device groups that deny both read and apply Group Policy permissions to the GPOs, such as a group used in the CG\_DOMISO\_NOIPSEC example design. Devices that are members of some zones must also be excluded from applying the GPOs for the main isolated domain. For more information, see the "Prevent members of a group from applying a GPO" section in [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md).
+
+Without such a group (or groups), you must either add devices individually or use the groups containing device accounts that are available to you.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the membership of the group for the GPO.
+
+In this topic:
+
+-   [Add the group Domain Devices to the GPO membership group](#to-add-domain-devices-to-the-gpo-membership-group)
+
+-   [Refresh Group Policy on the devices in the membership group](#to-refresh-group-policy-on-a-device)
+
+-   [Check which GPOs apply to a device](#to-see-what-gpos-are-applied-to-a-device)
+
+## To add domain devices to the GPO membership group
+
+1.  Open Active Directory Users and Computers.
+
+2.  In the navigation pane, expand **Active Directory Users and Computers**, expand *YourDomainName*, and then the container in which you created the membership group.
+
+3.  In the details pane, double-click the GPO membership group to which you want to add computers.
+
+4.  Select the **Members** tab, and then click **Add**.
+
+5.  Type **Domain Computers** in the text box, and then click **OK**.
+
+6.  Click **OK** to close the group properties dialog box.
+
+After a computer is a member of the group, you can force a Group Policy refresh on the computer.
+
+## To refresh Group Policy on a device
+
+From an elevated command prompt, type the following:
+
+``` syntax
+gpupdate /target:computer /force
+```
+
+After Group Policy is refreshed, you can see which GPOs are currently applied to the computer.
+
+## To see which GPOs are applied to a device
+
+From an elevated command prompt, type the following:
+
+``` syntax
+gpresult /r /scope:computer
+```
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md
deleted file mode 100644
index c14ecf58eb..0000000000
--- a/windows/keep-secure/add-test-computers-to-the-membership-group-for-a-zone.md
+++ /dev/null
@@ -1,79 +0,0 @@
----
-title: Add Test Computers to the Membership Group for a Zone (Windows 10)
-description: Add Test Computers to the Membership Group for a Zone
-ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
-author: brianlic-msft
----
-
-# Add Test Computers to the Membership Group for a Zone
-
-
-Before you deploy your rules to large numbers of computers, you must thoroughly test the rules to make sure that communications are working as expected. A misplaced WMI filter or an incorrectly typed IP address in a filter list can easily block communications between computers. Although we recommend that you set your rules to request mode until testing and deployment is complete, we also recommend that you initially deploy the rules to a small number of computers only to be sure that the correct GPOs are being processed by each computer.
-
-Add at least one computer of each supported operating system type to each membership group. Make sure every GPO for a specific version of Windows and membership group has a computer among the test group. After Group Policy has been refreshed on each test computer, check the output of the **gpresult** command to confirm that each computer is receiving only the GPOs it is supposed to receive.
-
-**Administrative credentials**
-
-To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the membership of the group for the GPO.
-
-In this topic:
-
--   [Add the test computers to the GPO membership groups](#bkmk-toadddomaincomputerstothegpomembershipgroup)
-
--   [Refresh Group Policy on the computers in each membership group](#bkmk-torefreshgrouppolicyonacomputer)
-
--   [Check which GPOs apply to a computer](#bkmk-toseewhatgposareappliedtoacomputer)
-
-## <a href="" id="bkmk-toadddomaincomputerstothegpomembershipgroup"></a>
-
-
-**To add test computers to the GPO membership groups**
-
-1.  On a computer that has the Active Directory management tools installed, click the **Start** charm, then click the **Active Directory Users and Computers** tile.
-
-2.  In the navigation pane, expand **Active Directory Users and Computers**, expand *YourDomainName*, and then expand the container that holds your membership group account.
-
-3.  In the details pane, double-click the GPO membership group to which you want to add computers.
-
-4.  Select the **Members** tab, and then click **Add**.
-
-5.  Type the name of the computer in the text box, and then click **OK**.
-
-6.  Repeat steps 5 and 6 for each additional computer account or group that you want to add.
-
-7.  Click **OK** to close the group properties dialog box.
-
-After a computer is a member of the group, you can force a Group Policy refresh on the computer.
-
-## <a href="" id="bkmk-torefreshgrouppolicyonacomputer"></a>
-
-
-**To refresh Group Policy on a computer**
-
--   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
-
-    ``` syntax
-    gpupdate /target:computer /force
-    ```
-
-After Group Policy is refreshed, you can see which GPOs are currently applied to the computer.
-
-## <a href="" id="bkmk-toseewhatgposareappliedtoacomputer"></a>
-
-
-**To see which GPOs are applied to a computer**
-
--   For a computer that is running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
-
-    ``` syntax
-    gpresult /r /scope:computer
-    ```
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md
new file mode 100644
index 0000000000..f5f2edf9d6
--- /dev/null
+++ b/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -0,0 +1,77 @@
+---
+title: Add Test Devices to the Membership Group for a Zone (Windows 10)
+description: Add Test Devices to the Membership Group for a Zone
+ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Add Test Devices to the Membership Group for a Zone
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+Before you deploy your rules to large numbers of devices, you must thoroughly test the rules to make sure that communications are working as expected. A misplaced WMI filter or an incorrectly typed IP address in a filter list can easily block communications between devices. Although we recommend that you set your rules to request mode until testing and deployment is complete, we also recommend that you initially deploy the rules to a small number of devices only to be sure that the correct GPOs are being processed by each device.
+
+Add at least one device of each supported operating system type to each membership group. Make sure every GPO for a specific version of Windows and membership group has a device among the test group. After Group Policy has been refreshed on each test device, check the output of the **gpresult** command to confirm that each device is receiving only the GPOs it is supposed to receive.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the membership of the group for the GPO.
+
+In this topic:
+
+-   [Add the test devices to the GPO membership groups](#to-add-domain-devices-to-the-gpo-membership-group)
+
+-   [Refresh Group Policy on the devices in each membership group](#to-refresh-group-policy-on-a-device)
+
+-   [Check which GPOs apply to a device](#to-see-what-gpos-are-applied-to-a-device)
+
+## To add test devices to the GPO membership groups
+
+1.  Open Active Directory Users and Computers.
+
+2.  In the navigation pane, expand **Active Directory Users and Computers**, expand *YourDomainName*, and then expand the container that holds your membership group account.
+
+3.  In the details pane, double-click the GPO membership group to which you want to add devices.
+
+4.  Select the **Members** tab, and then click **Add**.
+
+5.  Type the name of the device in the text box, and then click **OK**.
+
+6.  Repeat steps 5 and 6 for each additional device account or group that you want to add.
+
+7.  Click **OK** to close the group properties dialog box.
+
+After a device is a member of the group, you can force a Group Policy refresh on the device.
+
+## To refresh Group Policy on a device
+
+From a elevated command prompt, run the following:
+
+``` syntax
+gpupdate /target:device /force
+```
+
+After Group Policy is refreshed, you can see which GPOs are currently applied to the device.
+
+## To see which GPOs are applied to a device
+
+From an elevated command prompt, run the following:
+
+``` syntax
+gpresult /r /scope:computer
+```
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/keep-secure/assign-security-group-filters-to-the-gpo.md b/windows/keep-secure/assign-security-group-filters-to-the-gpo.md
index 642d680da8..f6dcdfddf4 100644
--- a/windows/keep-secure/assign-security-group-filters-to-the-gpo.md
+++ b/windows/keep-secure/assign-security-group-filters-to-the-gpo.md
@@ -2,16 +2,22 @@
 title: Assign Security Group Filters to the GPO (Windows 10)
 description: Assign Security Group Filters to the GPO
 ms.assetid: bcbe3299-8d87-4ec1-9e86-8e4a680fd7c8
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Assign Security Group Filters to the GPO
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 To make sure that your GPO is applied to the correct computers, use the Group Policy Management MMC snap-in to assign security group filters to the GPO.
 
-**Important**  
-This deployment guide uses the method of adding the Domain Computers group to the membership group for the main isolated domain after testing is complete and you are ready to go live in production. To make this method work, you must prevent any computer that is a member of either the boundary or encryption zone from applying the GPO for the main isolated domain. For example, on the GPOs for the main isolated domain, deny Read and Apply Group Policy permissions to the membership groups for the boundary and encryption zones.
+>**Important:**  This deployment guide uses the method of adding the Domain Computers group to the membership group for the main isolated domain after testing is complete and you are ready to go live in production. To make this method work, you must prevent any computer that is a member of either the boundary or encryption zone from applying the GPO for the main isolated domain. For example, on the GPOs for the main isolated domain, deny Read and Apply Group Policy permissions to the membership groups for the boundary and encryption zones.
 
  
 
@@ -21,40 +27,31 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 In this topic:
 
--   [Allow members of a group to apply a GPO](#bkmk-toallowamembersofagrouptoapplyagpo)
+-   [Allow members of a group to apply a GPO](#to-allow-members-of-a-group-to-apply-a-gpo)
 
--   [Prevent members of a group from applying a GPO](#bkmk-topreventmembersofgroupfromapplyingagpo)
-
-## <a href="" id="bkmk-toallowamembersofagrouptoapplyagpo"></a>
+-   [Prevent members of a group from applying a GPO](#to-prevent-members-of-a-group-from-applying-a-gpo)
 
+## To allow members of a group to apply a GPO
 
 Use the following procedure to add a group to the security filter on the GPO that allows group members to apply the GPO.
 
-**To allow members of a group to apply a GPO**
-
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, find and then click the GPO that you want to modify.
 
 3.  In the details pane, under **Security Filtering**, click **Authenticated Users**, and then click **Remove**.
 
-    **Note**  
-    You must remove the default permission granted to all authenticated users and computers to restrict the GPO to only the groups you specify.
-
-     
+    >**Note:**  You must remove the default permission granted to all authenticated users and computers to restrict the GPO to only the groups you specify.
 
 4.  Click **Add**.
 
 5.  In the **Select User, Computer, or Group** dialog box, type the name of the group whose members are to apply the GPO, and then click **OK**. If you do not know the name, you can click **Advanced** to browse the list of groups available in the domain.
 
-## <a href="" id="bkmk-topreventmembersofgroupfromapplyingagpo"></a>
-
+## To prevent members of a group from applying a GPO 
 
 Use the following procedure to add a group to the security filter on the GPO that prevents group members from applying the GPO. This is typically used to prevent members of the boundary and encryption zones from applying the GPOs for the isolated domain.
 
-**To prevent members of group from applying a GPO**
-
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, find and then click the GPO that you want to modify.
 
@@ -71,14 +68,3 @@ Use the following procedure to add a group to the security filter on the GPO tha
 8.  Click **OK**, and then in the **Windows Security** dialog box, click **Yes**.
 
 9.  The group appears in the list with **Custom** permissions.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/change-rules-from-request-to-require-mode.md b/windows/keep-secure/change-rules-from-request-to-require-mode.md
index 36c2306bb2..156957d053 100644
--- a/windows/keep-secure/change-rules-from-request-to-require-mode.md
+++ b/windows/keep-secure/change-rules-from-request-to-require-mode.md
@@ -2,13 +2,20 @@
 title: Change Rules from Request to Require Mode (Windows 10)
 description: Change Rules from Request to Require Mode
 ms.assetid: ad969eda-c681-48cb-a2c4-0b6cae5f4cff
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Change Rules from Request to Require Mode
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-After you confirm that network traffic is being correctly protected by using IPsec, you can change the rules for the domain isolation and encryption zones to require, instead of request, authentication. Do not change the rules for the boundary zone; they must stay in request mode so that computers in the boundary zone can continue to accept connections from computers that are not part of the isolated domain.
+After you confirm that network traffic is being correctly protected by using IPsec, you can change the rules for the domain isolation and encryption zones to require, instead of request, authentication. Do not change the rules for the boundary zone; they must stay in request mode so that devices in the boundary zone can continue to accept connections from devices that are not part of the isolated domain.
 
 **Administrative credentials**
 
@@ -16,16 +23,11 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 In this topic:
 
--   [Convert a rule in a GPO for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](#bkmk-section1)
+-   [Convert a rule from request to require mode](#to-convert-a-rule-from-request-to-require-mode)
 
--   [Convert a rule for an earlier version of Windows](#bkmk-section2)
+-   [Apply the modified GPOs to the client devices](#to-apply-the-modified-gpos-to-the-client-devices)
 
--   [Refresh policy on the client computers to receive the modified GPOs](#bkmk-section3)
-
-## <a href="" id="bkmk-section1"></a>
-
-
-**To convert a rule from request to require mode for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+## To convert a rule from request to require mode
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -37,32 +39,18 @@ In this topic:
 
 5.  In the **Requirements** section, change **Authenticated mode** to **Require inbound and request outbound**, and then click **OK**.
 
-## <a href="" id="bkmk-section3"></a>
+## To apply the modified GPOs to the client devices
 
-
-**To apply the modified GPOs to the client computers**
-
-1.  The next time each computer refreshes its Group Policy, it will receive the updated GPO and apply the modified rule. To force an immediate refresh, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md) and run the following command:
+1.  The next time each device refreshes its Group Policy, it will receive the updated GPO and apply the modified rule. To force an immediate refresh, run the following command from an elevated command prompt:
 
     ``` syntax
     gpupdate /force
     ```
 
-2.  To verify that the modified GPO is correctly applied to the client computers, you can run one of the following commands:
-
-    On computers that are running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, run the following command:
+2.  To verify that the modified GPO is correctly applied to the client devices, you can run the following command:
 
     ``` syntax
     gpresult /r /scope computer
     ```
 
-3.  Examine the command output for the list of GPOs that are applied to the computer, and make sure that the list contains the GPOs you expect to see on that computer.
-
- 
-
- 
-
-
-
-
-
+3.  Examine the command output for the list of GPOs that are applied to the device, and make sure that the list contains the GPOs you expect to see on that device.
diff --git a/windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-authentication-methods.md
similarity index 70%
rename from windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
rename to windows/keep-secure/configure-authentication-methods.md
index 6569e0cab2..c637681093 100644
--- a/windows/keep-secure/configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/configure-authentication-methods.md
@@ -1,19 +1,24 @@
 ---
-title: Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
-description: Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+title: Configure Authentication Methods (Windows 10)
+description: Configure Authentication Methods
 ms.assetid: 5fcdc523-617f-4233-9213-15fe19f4cd02
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+
 author: brianlic-msft
 ---
 
-# Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+# Configure Authentication Methods
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This procedure shows you how to configure the authentication methods that can be used by computers in an isolated domain or standalone isolated server zone.
 
-**Note**  
-If you follow the steps in the procedure in this topic, you alter the system-wide default settings. Any connection security rule can use these settings by specifying **Default** on the **Authentication** tab.
-
- 
+>**Note:**  If you follow the steps in the procedure in this topic, you alter the system-wide default settings. Any connection security rule can use these settings by specifying **Default** on the **Authentication** tab.
 
 **Administrative credentials**
 
@@ -31,11 +36,11 @@ To complete these procedures, you must be a member of the Domain Administrators
 
     1.  **Default**. Selecting this option tells the computer to use the authentication method currently defined by the local administrator in Windows Firewall with Advanced Security or by Group Policy as the default.
 
-    2.  **Computer and User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of both the computer and the currently logged-on user by using their domain credentials. This authentication method works only with other computers that can use Authenticated IP (AuthIP), including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+    2.  **Computer and User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of both the computer and the currently logged-on user by using their domain credentials.
 
     3.  **Computer (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works with other computers that can use IKE v1, including earlier versions of Windows.
 
-    4.  **User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+    4.  **User (using Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials.
 
     5.  **Computer certificate from this certification authority**. Selecting this option and entering the identification of a certification authority (CA) tells the computer to use and require authentication by using a certificate that is issued by the selected CA. If you also select **Accept only health certificates**, then only certificates that include the system health authentication enhanced key usage (EKU) typically provided in a Network Access Protection (NAP) infrastructure can be used for this rule.
 
@@ -45,7 +50,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
         -   **Computer (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works with other computers that can use IKE v1, including earlier versions of Windows.
 
-        -   **Computer (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+        -   **Computer (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works only with other computers that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1.
 
         -   **Computer certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require authentication by using a certificate that is issued by that CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used.
 
@@ -55,9 +60,9 @@ To complete these procedures, you must be a member of the Domain Administrators
 
         The second authentication method can be one of the following:
 
-        -   **User (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+        -   **User (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other computers that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1.
 
-        -   **User (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials, and uses the NTLMv2 protocol instead of Kerberos V5. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
+        -   **User (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials, and uses the NTLMv2 protocol instead of Kerberos V5. This authentication method works only with other computers that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1.
 
         -   **User health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require user-based authentication by using a certificate that is issued by the specified CA. If you also select **Enable certificate to account mapping**, then the certificate can be associated with a user in Active Directory for purposes of granting or denying access to specified users or user groups.
 
@@ -65,20 +70,6 @@ To complete these procedures, you must be a member of the Domain Administrators
 
         If you select **Second authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails.
 
-        **Important**  
-        Make sure that you do not select the check boxes to make both first and second authentication optional. Doing so allows plaintext connections whenever authentication fails.
-
-         
+        >**Important:**  Make sure that you do not select the check boxes to make both first and second authentication optional. Doing so allows plaintext connections whenever authentication fails.
 
 5.  Click **OK** on each dialog box to save your changes and return to the Group Policy Management Editor.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-data-protection-quick-mode-settings.md
similarity index 88%
rename from windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
rename to windows/keep-secure/configure-data-protection-quick-mode-settings.md
index 41a78a8639..1b0e5489ab 100644
--- a/windows/keep-secure/configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/configure-data-protection-quick-mode-settings.md
@@ -1,12 +1,19 @@
 ---
-title: Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
-description: Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+title: Configure Data Protection (Quick Mode) Settings (Windows 10)
+description: Configure Data Protection (Quick Mode) Settings
 ms.assetid: fdcb1b36-e267-4be7-b842-5df9a067c9e0
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+# Configure Data Protection (Quick Mode) Settings
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This procedure shows you how to configure the data protection (quick mode) settings for connection security rules in an isolated domain or a standalone isolated server zone.
 
@@ -53,14 +60,3 @@ To complete these procedures, you must be a member of the Domain Administrators
     6.  In **Key lifetime (in minutes)**, type the number of minutes. When the specified number of minutes has elapsed, any IPsec operations between the two computers that negotiated this key will require a new key. Be careful to balance performance with security requirements. Although a shorter key lifetime results in better security, it also reduces performance because of the more frequent rekeying. We recommend that you use the default value unless your risk analysis indicates the need for a different value.
 
 8.  Click **OK** three times to save your settings.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md
index dca884a135..a3687db1b5 100644
--- a/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md
+++ b/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -2,11 +2,18 @@
 title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows 10)
 description: Configure Group Policy to Autoenroll and Deploy Certificates
 ms.assetid: faeb62b5-2cc3-42f7-bee5-53ba45d05c09
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Configure Group Policy to Autoenroll and Deploy Certificates
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 You can use this procedure to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. Follow this procedure for each GPO that contains IPsec connection security rules that require this certificate.
 
@@ -16,7 +23,7 @@ To complete these procedures, you must be a member of both the Domain Admins gro
 
 **To configure Group Policy to autoenroll certificates**
 
-1.  On a computer that has the Group Policy Management feature installed, click **Start**, click **Administrative Tools**, and then click **Group Policy Management**.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**.
 
@@ -29,14 +36,3 @@ To complete these procedures, you must be a member of both the Domain Admins gro
 6.  Select both **Renew expired certificates, update pending certificates, and remove revoked certificates** and **Update certificates that use certificate templates**.
 
 7.  Click **OK** to save your changes. Computers apply the GPO and download the certificate the next time Group Policy is refreshed.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-key-exchange-main-mode-settings.md
similarity index 57%
rename from windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
rename to windows/keep-secure/configure-key-exchange-main-mode-settings.md
index dfb5e88e6c..097d29b877 100644
--- a/windows/keep-secure/configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/configure-key-exchange-main-mode-settings.md
@@ -1,12 +1,19 @@
 ---
-title: Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
-description: Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+title: Configure Key Exchange (Main Mode) Settings (Windows 10)
+description: Configure Key Exchange (Main Mode) Settings
 ms.assetid: 5c593b6b-2cd9-43de-9b4e-95943fe82f52
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+# Configure Key Exchange (Main Mode) Settings
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 This procedure shows you how to configure the main mode key exchange settings used to secure the IPsec authentication traffic.
 
@@ -24,56 +31,32 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 4.  In the **Key exchange (Main Mode)** section, click **Advanced**, and then click **Customize**.
 
-5.  Select the security methods to be used to help protect the main mode negotiations between the two computers. If the security methods displayed in the list are not what you want, then do the following:
+5.  Select the security methods to be used to help protect the main mode negotiations between the two devices. If the security methods displayed in the list are not what you want, then do the following:
 
     **Important**  
-    In Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, you can specify only one key exchange algorithm. This means that if you want to communicate by using IPsec with another computer running Windows 8 or Windows Server 2012, then you must select the same key exchange algorithm on both computers.
+    In Windows Vista, Windows Server 2008, or later, you can specify only one key exchange algorithm. This means that if you want to communicate by using IPsec with another device running Windows 8 or Windows Server 2012, then you must select the same key exchange algorithm on both devices.
 
-    Also, if you create a connection security rule that specifies an option that requires AuthIP instead of IKE, then only the one combination of the top integrity and encryption security method are used in the negotiation. Make sure that all of your computers that run Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 have the same methods at the top of the list and the same key exchange algorithm selected.
-
-     
+    Also, if you create a connection security rule that specifies an option that requires AuthIP instead of IKE, then only the one combination of the top integrity and encryption security method are used in the negotiation. Make sure that all of your devices that are running at least Windows Vista and Windows Server 2008 have the same methods at the top of the list and the same key exchange algorithm selected.
 
     **Note**  
     When AuthIP is used, no Diffie-Hellman key exchange protocol is used. Instead, when Kerberos V5 authentication is requested, the Kerberos V5 service ticket secret is used in place of a Diffie-Hellman value. When either certificate authentication or NTLM authentication is requested, a transport level security (TLS) session is established, and its secret is used in place of the Diffie-Hellman value. This happens no matter which Diffie-Hellman key exchange protocol you select.
 
-     
-
     1.  Remove any of the security methods that you do not want by selecting the method and then clicking **Remove**.
 
     2.  Add any required security method combinations by clicking **Add**, selecting the appropriate encryption algorithm and integrity algorithm from the lists, and then clicking **OK**.
 
-        **Caution**  
-        We recommend that you do not include MD5 or DES in any combination. They are included for backward compatibility only.
-
-         
+        >**Caution:**  We recommend that you do not include MD5 or DES in any combination. They are included for backward compatibility only.
 
     3.  After the list contains only the combinations you want, use the up and down arrows to the right of the list to arrange them in the order of preference. The combination that appears first in the list is tried first, and so on.
 
 6.  From the list on the right, select the key exchange algorithm that you want to use.
 
-    **Caution**  
-    We recommend that you do not use Diffie-Hellman Group 1. It is included for backward compatibility only.
+    >**Caution:**  We recommend that you do not use Diffie-Hellman Group 1. It is included for backward compatibility only. 
 
-     
+7.  In **Key lifetime (in minutes)**, type the number of minutes. When the specified number of minutes has elapsed, any IPsec operation between the two devices requires a new key.
 
-7.  In **Key lifetime (in minutes)**, type the number of minutes. When the specified number of minutes has elapsed, any IPsec operation between the two computers requires a new key.
-
-    **Note**  
-    You need to balance performance with security requirements. Although a shorter key lifetime results in better security, it also reduces performance.
-
-     
+    >**Note:**  You need to balance performance with security requirements. Although a shorter key lifetime results in better security, it also reduces performance.
 
 8.  In **Key lifetime (in sessions)**, type the number of sessions. After the specified number of quick mode sessions have been created within the security association protected by this key, IPsec requires a new key.
 
 9.  Click **OK** three times to save your settings.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/configure-the-rules-to-require-encryption.md
similarity index 56%
rename from windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
rename to windows/keep-secure/configure-the-rules-to-require-encryption.md
index 2ffedaee22..cdc97d2167 100644
--- a/windows/keep-secure/configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/configure-the-rules-to-require-encryption.md
@@ -1,12 +1,15 @@
 ---
-title: Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
-description: Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+title: Configure the Rules to Require Encryption (Windows 10)
+description: Configure the Rules to Require Encryption
 ms.assetid: 07b7760f-3225-4b4b-b418-51787b0972a0
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
-
+# Configure the Rules to Require Encryption
 
 If you are creating a zone that requires encryption, you must configure the rules to add the encryption algorithms and delete the algorithm combinations that do not use encryption.
 
@@ -34,28 +37,17 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 9.  Click **Require encryption for all connection security rules that use these settings**.
 
-    This disables the data integrity rules section. Make sure the **Data integrity and encryption** list contains all of the combinations that your client computers will use to connect to members of the encryption zone. The client computers receive their rules through the GPO for the zone to which they reside. You must make sure that those rules contain at least one of the data integrity and encryption algorithms that are configured in this rule, or the client computers in that zone will not be able to connect to computers in this zone.
+    This disables the data integrity rules section. Make sure the **Data integrity and encryption** list contains all of the combinations that your client devices will use to connect to members of the encryption zone. The client devices receive their rules through the GPO for the zone to which they reside. You must make sure that those rules contain at least one of the data integrity and encryption algorithms that are configured in this rule, or the client devices in that zone will not be able to connect to devices in this zone.
 
-10. If you need to add an algorithm combination, click **Add**, and then select the combination of encryption and integrity algorithms. The options are described in [Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md).
+10. If you need to add an algorithm combination, click **Add**, and then select the combination of encryption and integrity algorithms. The options are described in [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md).
 
     **Note**  
-    Not all of the algorithms available in Windows 8 or Windows Server 2012 can be selected in the Windows Firewall with Advanced Security user interface. To select them, you can use Windows PowerShell.
+    Not all of the algorithms available in Windows 8 or Windows Server 2012 and later can be selected in the Windows Firewall with Advanced Security user interface. To select them, you can use Windows PowerShell.
 
     Quick mode settings can also be configured on a per-rule basis, but not by using the Windows Firewall with Advanced Security user interface. Instead, you can create or modify the rules by using Windows PowerShell.
 
-    For more information, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
+    For more info, see [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
 
-     
-
-11. During negotiation, algorithm combinations are proposed in the order shown in the list. Make sure that the more secure combinations are at the top of the list so that the negotiating computers select the most secure combination that they can jointly support.
+11. During negotiation, algorithm combinations are proposed in the order shown in the list. Make sure that the more secure combinations are at the top of the list so that the negotiating devices select the most secure combination that they can jointly support.
 
 12. Click **OK** three times to save your changes.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/configure-the-windows-firewall-log.md b/windows/keep-secure/configure-the-windows-firewall-log.md
index cb025368ae..0784a64b85 100644
--- a/windows/keep-secure/configure-the-windows-firewall-log.md
+++ b/windows/keep-secure/configure-the-windows-firewall-log.md
@@ -2,11 +2,19 @@
 title: Configure the Windows Firewall Log (Windows 10)
 description: Configure the Windows Firewall Log
 ms.assetid: f037113d-506b-44d3-b9c0-0b79d03e7d18
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+
 author: brianlic-msft
 ---
 
 # Configure the Windows Firewall Log
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 To configure Windows Firewall to log dropped packets or successful connections, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in.
 
@@ -16,12 +24,9 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 In this topic:
 
-[To configure Windows Firewall logging for Windows Vista or Windows Server 2008](#bkmk-toenablewindowsfirewallandconfigurethedefaultbehavior)
+- [To configure the Windows Firewall log](#to-configure-the-windows-firewall-log)
 
-## <a href="" id="bkmk-1"></a>
-
-
-**To configure Windows Firewall logging for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+## To configure the Windows Firewall log
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -35,10 +40,7 @@ In this topic:
 
     3.  The default path for the log is **%windir%\\system32\\logfiles\\firewall\\pfirewall.log**. If you want to change this, clear the **Not configured** check box and type the path to the new location, or click **Browse** to select a file location.
 
-        **Important**  
-        The location you specify must have permissions assigned that permit the Windows Firewall service to write to the log file.
-
-         
+        >**Important:**  The location you specify must have permissions assigned that permit the Windows Firewall service to write to the log file.
 
     4.  The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a size. The file will not grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
 
@@ -49,12 +51,3 @@ In this topic:
         -   To create a log entry when Windows Firewall allows an inbound connection, change **Log successful connections** to **Yes**.
 
     6.  Click **OK** twice.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/configure-the-workstation-authentication-certificate-templatewfas-dep.md b/windows/keep-secure/configure-the-workstation-authentication-certificate-template.md
similarity index 74%
rename from windows/keep-secure/configure-the-workstation-authentication-certificate-templatewfas-dep.md
rename to windows/keep-secure/configure-the-workstation-authentication-certificate-template.md
index ebe06760bb..89b5eb68e9 100644
--- a/windows/keep-secure/configure-the-workstation-authentication-certificate-templatewfas-dep.md
+++ b/windows/keep-secure/configure-the-workstation-authentication-certificate-template.md
@@ -2,21 +2,28 @@
 title: Configure the Workstation Authentication Certificate Template (Windows 10)
 description: Configure the Workstation Authentication Certificate Template
 ms.assetid: c3ac9960-6efc-47c1-bd69-d9d4bf84f7a6
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Configure the Workstation Authentication Certificate Template
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-This procedure describes how to configure a certificate template that Active Directory Certification Services (AD CS) uses as the starting point for computer certificates that are automatically enrolled and deployed to workstations in the domain. It shows how to create a copy of a template, and then configure the template according to your design requirements.
+This procedure describes how to configure a certificate template that Active Directory Certification Services (AD CS) uses as the starting point for device certificates that are automatically enrolled and deployed to workstations in the domain. It shows how to create a copy of a template, and then configure the template according to your design requirements.
 
 **Administrative credentials**
 
+## To configure the workstation authentication certificate template and autoenrollment
 To complete these procedures, you must be a member of both the Domain Admins group in the root domain of your forest, and a member of the Enterprise Admins group.
 
-**To configure the workstation authentication certificate template and autoenrollment**
 
-1.  On the computer where AD CS is installed, click the **Start** charm, and then click **Certification Authority**.
+1.  On the device where AD CS is installed, open the Certification Authority console.
 
 2.  In the navigation pane, right-click **Certificate Templates**, and then click **Manage**.
 
@@ -32,22 +39,10 @@ To complete these procedures, you must be a member of both the Domain Admins gro
 
 8.  Click the **Security** tab. In **Group or user names**, click **Domain Computers**, under **Allow**, select **Enroll** and **Autoenroll**, and then click **OK**.
 
-    **Note**  
-    If you want do not want to deploy the certificate to every computer in the domain, then specify a different group or groups that contain the computer accounts that you want to receive the certificate.
-
-     
+    >**Note:**  If you want do not want to deploy the certificate to every device in the domain, then specify a different group or groups that contain the device accounts that you want to receive the certificate.
 
 9.  Close the Certificate Templates Console.
 
 10. In the Certification Authority MMC snap-in, in the left pane, right-click **Certificate Templates**, click **New**, and then click **Certificate Template to Issue**.
 
 11. In the **Enable Certificate Templates** dialog box, click the name of the certificate template you just configured, and then click **OK**.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
index b494eb1f78..b4990058e6 100644
--- a/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+++ b/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -2,33 +2,30 @@
 title: Configure Windows Firewall to Suppress Notifications When a Program Is Blocked (Windows 10)
 description: Configure Windows Firewall to Suppress Notifications When a Program Is Blocked
 ms.assetid: b7665d1d-f4d2-4b5a-befc-8b6bd940f69b
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Configure Windows Firewall to Suppress Notifications When a Program Is Blocked
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-To configure Windows Firewall to suppress the display of a notification when it blocks a program that tries to listen for network traffic and to prohibit locally defined rules, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in.
+To configure Windows Firewall to suppress the display of a notification when it blocks a program that tries to listen for network traffic and to prohibit locally defined rules, use the Windows Firewall with Advanced Security node in the Group Policy Management console.
 
-**Caution**  
-If you choose to disable alerts and prohibit locally defined rules, then you must create firewall rules that allow your users’ programs to send and receive the required network traffic. If a firewall rule is missing, then the user does not receive any kind of warning, the network traffic is silently blocked, and the program might fail.
+>**Caution:**  If you choose to disable alerts and prohibit locally defined rules, then you must create firewall rules that allow your users’ programs to send and receive the required network traffic. If a firewall rule is missing, then the user does not receive any kind of warning, the network traffic is silently blocked, and the program might fail.
 
 We recommend that you do not enable these settings until you have created and tested the required rules.
 
- 
-
 **Administrative credentials**
 
 To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
 
-In this topic:
-
-[To configure Windows Firewall to suppress the display of a notification for a blocked program and to ignore locally defined rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](#bkmk-1)
-
-## <a href="" id="bkmk-1"></a>
-
-
-**To configure Windows Firewall to suppress the display of a notification for a blocked program and to ignore locally defined rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2**
+## To configure Windows Firewall to suppress the display of a notification for a blocked program and to ignore locally defined rules
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -47,12 +44,3 @@ In this topic:
     5.  Although a connection security rule is not a firewall setting, you can also use this tab to prohibit locally defined connection security rules if you are planning to deploy IPsec rules as part of a server or domain isolation environment. Under **Rule merging**, change **Apply local connection security rules** to **No**.
 
     6.  Click **OK** twice.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md b/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
index efb2cee353..0423277e45 100644
--- a/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
@@ -2,15 +2,22 @@
 title: Confirm That Certificates Are Deployed Correctly (Windows 10)
 description: Confirm That Certificates Are Deployed Correctly
 ms.assetid: de0c8dfe-16b0-4d3b-8e8f-9282f6a65eee
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: securit
 author: brianlic-msft
 ---
 
 # Confirm That Certificates Are Deployed Correctly
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-After configuring your certificates and autoenrollment in Group Policy, you can confirm that the policy is being applied as expected, and that the certificates are being properly installed on the workstation computers.
+After configuring your certificates and autoenrollment in Group Policy, you can confirm that the policy is being applied as expected, and that the certificates are being properly installed on the workstation devices.
 
-In these procedures, you refresh Group Policy on a client computer, and then confirm that the certificate is deployed correctly.
+In these procedures, you refresh Group Policy on a client device, and then confirm that the certificate is deployed correctly.
 
 **Administrative credentials**
 
@@ -18,39 +25,24 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 In this topic:
 
--   [Refresh Group Policy on a computer](#bkmk-torefreshgrouppolicyonacomputer)
+-   [Refresh Group Policy on a device](#to-refresh-group-policy-on-a-device)
 
--   [Verify that a certificate is installed](#bkmk-toverifythatacertificateisinstalled)
+-   [Verify that a certificate is installed](#to-verify-that-a-certificate-is-installed)
 
-## <a href="" id="bkmk-torefreshgrouppolicyonacomputer"></a>
+## To refresh Group Policy on a device
 
+ From an elevated command prompt, run the following command:
 
-**To refresh Group Policy on a computer**
+``` syntax
+gpupdate /target:computer /force
+```
 
--   On a computer running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2, [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md), and then type the following command:
+After Group Policy is refreshed, you can see which GPOs are currently applied to the device.
 
-    ``` syntax
-    gpupdate /target:computer /force
-    ```
+## To verify that a certificate is installed
 
-After Group Policy is refreshed, you can see which GPOs are currently applied to the computer.
-
-## <a href="" id="bkmk-toverifythatacertificateisinstalled"></a>
-
-
-**To verify that a certificate is installed**
-
-1.  Click the **Start** charm, type **certmgr.msc**, and then press ENTER.
+1.  Open the Cerificates console.
 
 2.  In the navigation pane, expand **Trusted Root Certification Authorities**, and then click **Certificates**.
 
     The CA that you created appears in the list.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md b/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md
index 59ce12e2c1..694250fe3b 100644
--- a/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md
+++ b/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md
@@ -2,13 +2,20 @@
 title: Copy a GPO to Create a New GPO (Windows 10)
 description: Copy a GPO to Create a New GPO
 ms.assetid: 7f6a23e5-4b3f-40d6-bf6d-7895558b1406
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Copy a GPO to Create a New GPO
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-To create the GPO for the boundary zone computers, make a copy of the main domain isolation GPO, and then change the settings to request, instead of require, authentication. To make a copy of a GPO, use the Active Directory Users and Computers MMC snap-in.
+To create the GPO for the boundary zone devices, make a copy of the main domain isolation GPO, and then change the settings to request, instead of require, authentication. To make a copy of a GPO, use the Active Directory Users and devices MMC snap-in.
 
 **Administrative credentials**
 
@@ -16,7 +23,7 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 **To make a copy of a GPO**
 
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, expand **Forest:***YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **Group Policy Objects**.
 
@@ -32,7 +39,7 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 8.  Type the new name, and then press ENTER.
 
-9.  You must change the security filters to apply the policy to the correct group of computers. To do this, click the **Scope** tab, and in the **Security Filtering** section, select the group that grants permissions to all members of the isolated domain, for example **CG\_DOMISO\_IsolatedDomain**, and then click **Remove**.
+9.  You must change the security filters to apply the policy to the correct group of devices. To do this, click the **Scope** tab, and in the **Security Filtering** section, select the group that grants permissions to all members of the isolated domain, for example **CG\_DOMISO\_IsolatedDomain**, and then click **Remove**.
 
 10. In the confirmation dialog box, click **OK**.
 
@@ -40,15 +47,4 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 12. Type the name of the group that contains members of the boundary zone, for example **CG\_DOMISO\_Boundary**, and then click **OK**.
 
-13. If required, change the WMI filter to one appropriate for the new GPO. For example, if the original GPO is for client computers running Windows 8, and the new boundary zone GPO is for computers running Windows Server 2012, then select a WMI filter that allows only those computers to read and apply the GPO.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
+13. If required, change the WMI filter to one appropriate for the new GPO. For example, if the original GPO is for client devices running Windows 10, and the new boundary zone GPO is for devices running Windows Server 2016 Technical Preview, then select a WMI filter that allows only those devices to read and apply the GPO.
diff --git a/windows/keep-secure/create-a-group-account-in-active-directory.md b/windows/keep-secure/create-a-group-account-in-active-directory.md
index d58c911d10..6aeb64d983 100644
--- a/windows/keep-secure/create-a-group-account-in-active-directory.md
+++ b/windows/keep-secure/create-a-group-account-in-active-directory.md
@@ -2,13 +2,20 @@
 title: Create a Group Account in Active Directory (Windows 10)
 description: Create a Group Account in Active Directory
 ms.assetid: c3700413-e02d-4d56-96b8-7991f97ae432
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Create a Group Account in Active Directory
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-To create a security group to contain the computer accounts for the computers that are to receive a set of Group Policy settings, use the Active Directory Users and Computers MMC snap-in.
+To create a security group to contain the computer accounts for the computers that are to receive a set of Group Policy settings, use the Active Directory Users and Computers console.
 
 **Administrative credentials**
 
@@ -16,7 +23,7 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 **To add a new membership group in Active Directory**
 
-1.  On a computer that has Active Directory management tools installed, click the **Start** charm, and then click the **Active Directory Users and Computers** tile.
+1.  Open the Active Directory Users and Computers console.
 
 2.  In the navigation pane, select the container in which you want to store your group. This is typically the **Users** container under the domain.
 
@@ -24,10 +31,7 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 4.  In the **Group name** text box, type the name for your new group.
 
-    **Note**  
-    Be sure to use a name that clearly indicates its purpose. Check to see if your organization has a naming convention for groups.
-
-     
+    >**Note:**  Be sure to use a name that clearly indicates its purpose. Check to see if your organization has a naming convention for groups.
 
 5.  In the **Description** text box, enter a description of the purpose of this group.
 
@@ -36,12 +40,3 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 7.  In the **Group type** section, click **Security**.
 
 8.  Click **OK** to save your group.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-a-group-policy-object.md b/windows/keep-secure/create-a-group-policy-object.md
index c6c8df196b..42a0e5ae62 100644
--- a/windows/keep-secure/create-a-group-policy-object.md
+++ b/windows/keep-secure/create-a-group-policy-object.md
@@ -2,11 +2,18 @@
 title: Create a Group Policy Object (Windows 10)
 description: Create a Group Policy Object
 ms.assetid: 72a50dd7-5033-4d97-a5eb-0aff8a35cced
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Create a Group Policy Object
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 To create a new GPO, use the Active Directory Users and Computers MMC snap-in.
 
@@ -14,9 +21,9 @@ To create a new GPO, use the Active Directory Users and Computers MMC snap-in.
 
 To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to create new GPOs.
 
-**To create a new GPO**
+To create a new GPO
 
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, expand **Forest:***YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **Group Policy Objects**.
 
@@ -24,10 +31,7 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 4.  In the **Name** text box, type the name for your new GPO.
 
-    **Note**  
-    Be sure to use a name that clearly indicates the purpose of the GPO. Check to see if your organization has a naming convention for GPOs.
-
-     
+    >**Note:**  Be sure to use a name that clearly indicates the purpose of the GPO. Check to see if your organization has a naming convention for GPOs.
 
 5.  Leave **Source Starter GPO** set to **(none)**, and then click **OK**.
 
@@ -38,14 +42,3 @@ To complete this procedure, you must be a member of the Domain Administrators gr
     2.  In the details pane, click the **Details** tab.
 
     3.  Change the **GPO Status** to **User configuration settings disabled**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/create-an-authentication-exemption-list-rule.md
similarity index 50%
rename from windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
rename to windows/keep-secure/create-an-authentication-exemption-list-rule.md
index 2f1df0c3a9..b0a4ec1118 100644
--- a/windows/keep-secure/create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-authentication-exemption-list-rule.md
@@ -1,17 +1,24 @@
 ---
-title: Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
-description: Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+title: Create an Authentication Exemption List Rule (Windows 10)
+description: Create an Authentication Exemption List Rule
 ms.assetid: 8f6493f3-8527-462a-82c0-fd91a6cb5dd8
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
+# Create an Authentication Exemption List Rule
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-In almost any isolated server or isolated domain scenario, there are some computers or devices that cannot communicate by using IPsec. This procedure shows you how to create rules that exempt those computers from the authentication requirements of your isolation policies.
+In almost any isolated server or isolated domain scenario, there are some devices or devices that cannot communicate by using IPsec. This procedure shows you how to create rules that exempt those devices from the authentication requirements of your isolation policies.
 
 **Important**  
-Adding computers to the exemption list for a zone reduces security because it permits computers in the zone to send network traffic that is unprotected by IPsec to the computers on the list. As discussed in the Windows Firewall with Advanced Security Design Guide, you must add only managed and trusted computers to the exemption list.
+Adding devices to the exemption list for a zone reduces security because it permits devices in the zone to send network traffic that is unprotected by IPsec to the devices on the list. As discussed in the Windows Firewall with Advanced Security Design Guide, you must add only managed and trusted devices to the exemption list.
 
  
 
@@ -37,16 +44,13 @@ To complete these procedures, you must be a member of the Domain Administrators
 
     -   To add an entire subnet by address, click **This IP address or subnet**, and then type the IP address of the subnet, followed by a forward slash (/) and the number of bits in the corresponding subnet mask. For example, **10.50.0.0/16** represents the class B subnet that begins with address 10.50.0.1, and ends with address **10.50.255.254**. Click **OK** when you are finished.
 
-    -   To add the local computer’s subnet, click **Predefined set of computers**, select **Local subnet** from the list, and then click **OK**.
-
-        **Note**  
-        If you select the local subnet from the list rather than typing the subnet address in manually, the computer automatically adjusts the active local subnet to match the computer’s current IP address.
-
-         
+    -   To add the local device’s subnet, click **Predefined set of computers**, select **Local subnet** from the list, and then click **OK**.
 
+        >**Note:**  If you select the local subnet from the list rather than typing the subnet address in manually, the device automatically adjusts the active local subnet to match the device’s current IP address.
+        
     -   To add a discrete range of addresses that do not correspond to a subnet, click **This IP address range**, type the beginning and ending IP addresses in the **From** and **To** text boxes, and then click **OK**.
 
-    -   To exempt all of the remote hosts that the local computer uses for a specified network service, click **Predefined set of computers**, select the network service from the list, and then click **OK**.
+    -   To exempt all of the remote hosts that the local device uses for a specified network service, click **Predefined set of computers**, select the network service from the list, and then click **OK**.
 
 7.  Repeat steps 5 and 6 for each exemption that you need to create.
 
@@ -54,20 +58,6 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 9.  On the **Profile** page, check the profile for each network location type to which this set of exemptions applies, and then click **Next**.
 
-    **Caution**  
-    If all of the exemptions are on the organization’s network and that network is managed by an Active Directory domain, then consider restricting the rule to the Domain profile only. Selecting the wrong profile can reduce the protection for your computer because any computer with an IP address that matches an exemption rule will not be required to authenticate.
-
-     
+    >**Caution:**  If all of the exemptions are on the organization’s network and that network is managed by an Active Directory domain, then consider restricting the rule to the Domain profile only. Selecting the wrong profile can reduce the protection for your computer because any computer with an IP address that matches an exemption rule will not be required to authenticate.
 
 10. On the **Name** page, type the name of the exemption rule, type a description, and then click **Finish**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
deleted file mode 100644
index f2168bbc7d..0000000000
--- a/windows/keep-secure/create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ /dev/null
@@ -1,94 +0,0 @@
----
-title: Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
-description: Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
-ms.assetid: 1296e048-039f-4d1a-aaf2-8472ad05e359
-author: brianlic-msft
----
-
-# Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
-
-
-After you have configured IPsec algorithms and authentication methods, you can create the rule that requires the computers on the network to use those protocols and methods before they can communicate.
-
-**Administrative credentials**
-
-To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
-
-**To create the authentication request rule**
-
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
-
-2.  In the navigation pane, right-click **Connection Security Rules**, and then click **New Rule**.
-
-3.  On the **Rule Type** page, select **Isolation**, and then click **Next**.
-
-4.  On the **Requirements** page, select **Request authentication for inbound and outbound connections**.
-
-    **Caution**  
-    Do not configure the rule to require inbound authentication until you have confirmed that all of your computers are receiving the correct GPOs, and are successfully negotiating IPsec and authenticating with each other. Allowing the computers to communicate even when authentication fails prevents any errors in the GPOs or their distribution from breaking communications on your network.
-
-     
-
-5.  On the **Authentication Method** page, select the authentication option you want to use on your network. To select multiple methods that are tried in order until one succeeds, click **Advanced**, click **Customize**, and then click **Add** to add methods to the list. Second authentication methods require Authenticated IP (AuthIP), which is supported only on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2.
-
-    1.  **Default**. Selecting this option tells the computer to request authentication by using the method currently defined as the default on the computer. This default might have been configured when the operating system was installed or it might have been configured by Group Policy. Selecting this option is appropriate when you have configured system-wide settings by using the [Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md) procedure.
-
-    2.  **Computer and User (Kerberos V5)**. Selecting this option tells the computer to request authentication of both the computer and the currently logged-on user by using their domain credentials. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
-
-    3.  **Computer (Kerberos V5)**. Selecting this option tells the computer to request authentication of the computer by using its domain credentials. This option works with other computers than can use IKE v1, including earlier versions of Windows.
-
-    4.  **Advanced**. Click **Customize** to specify a custom combination of authentication methods required for your scenario. You can specify both a **First authentication method** and a **Second authentication method**.
-
-        The **First authentication method** can be one of the following:
-
-        -   **Computer (Kerberos V5)**. Selecting this option tells the computer to request authentication of the computer by using its domain credentials. This option works with other computers than can use IKE v1, including earlier versions of Windows.
-
-        -   **Computer (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the computer by using its domain credentials. This option works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
-
-        -   **Computer certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to request authentication by using a certificate that is issued by the specified CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used for this rule.
-
-        -   **Preshared key (not recommended)**. Selecting this method and entering a pre-shared key tells the computer to authenticate by exchanging the pre-shared keys. If the keys match, then the authentication succeeds. This method is not recommended, and is included for backward compatibility and testing purposes only.
-
-        If you select **First authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails.
-
-        The **Second authentication method** can be one of the following:
-
-        -   **User (Kerberos V5)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using Kerberos V5 is not supported by IKE v1.
-
-        -   **User (NTLMv2)**. Selecting this option tells the computer to use and require authentication of the currently logged-on user by using his or her domain credentials, and uses the NTLMv2 protocol instead of Kerberos V5. This authentication method works only with other computers that can use AuthIP, including Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. User-based authentication using NTLMv2 is not supported by IKE v1.
-
-        -   **User health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to request user-based authentication by using a certificate that is issued by the specified CA. If you also select **Enable certificate to account mapping**, then the certificate can be associated with a user in Active Directory for purposes of granting or denying access to certain users or user groups.
-
-        -   **Computer health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the computer to use and require authentication by using a certificate that is issued by the specified CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used for this rule.
-
-        If you check **Second authentication is optional**, the connection can succeed even if the authentication attempt specified in this column fails.
-
-        **Important**  
-        Make sure that you do not select the boxes to make both first and second authentication optional. Doing so allows plaintext connections whenever authentication fails.
-
-         
-
-6.  After you have configured the authentication methods, click **OK** on each dialog box to save your changes and close it, until you return to the **Authentication Method** page in the wizard. Click **Next**.
-
-7.  On the **Profile** page, select the check boxes for the network location type profiles to which this rule applies.
-
-    -   On portable computers, consider clearing the **Private** and **Public** boxes to enable the computer to communicate without authentication when it is away from the domain network.
-
-    -   On computers that do not move from network to network, consider selecting all of the profiles. Doing so prevents an unexpected switch in the network location type from disabling the rule.
-
-    Click **Next**.
-
-8.  On the **Name** page, type a name for the connection security rule and a description, and then click **Finish**.
-
-    The new rule appears in the list of connection security rules.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-an-authentication-request-rule.md b/windows/keep-secure/create-an-authentication-request-rule.md
new file mode 100644
index 0000000000..1c947f68f9
--- /dev/null
+++ b/windows/keep-secure/create-an-authentication-request-rule.md
@@ -0,0 +1,84 @@
+---
+title: Create an Authentication Request Rule (Windows 10)
+description: Create an Authentication Request Rule
+ms.assetid: 1296e048-039f-4d1a-aaf2-8472ad05e359
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Create an Authentication Request Rule
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+After you have configured IPsec algorithms and authentication methods, you can create the rule that requires the devices on the network to use those protocols and methods before they can communicate.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+To create the authentication request rule
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, right-click **Connection Security Rules**, and then click **New Rule**.
+
+3.  On the **Rule Type** page, select **Isolation**, and then click **Next**.
+
+4.  On the **Requirements** page, select **Request authentication for inbound and outbound connections**.
+
+    >**Caution:**  Do not configure the rule to require inbound authentication until you have confirmed that all of your devices are receiving the correct GPOs, and are successfully negotiating IPsec and authenticating with each other. Allowing the devices to communicate even when authentication fails prevents any errors in the GPOs or their distribution from breaking communications on your network.
+
+5.  On the **Authentication Method** page, select the authentication option you want to use on your network. To select multiple methods that are tried in order until one succeeds, click **Advanced**, click **Customize**, and then click **Add** to add methods to the list. Second authentication methods require Authenticated IP (AuthIP).
+
+    1.  **Default**. Selecting this option tells the device to request authentication by using the method currently defined as the default on the device. This default might have been configured when the operating system was installed or it might have been configured by Group Policy. Selecting this option is appropriate when you have configured system-wide settings by using the [Configure Authentication Methods](configure-authentication-methods.md) procedure.
+
+    2.  **Computer and User (Kerberos V5)**. Selecting this option tells the device to request authentication of both the device and the currently logged-on user by using their domain credentials. This authentication method works only with other devices that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+    3.  **Computer (Kerberos V5)**. Selecting this option tells the device to request authentication of the device by using its domain credentials. This option works with other devices than can use IKE v1, including earlier versions of Windows.
+
+    4.  **Advanced**. Click **Customize** to specify a custom combination of authentication methods required for your scenario. You can specify both a **First authentication method** and a **Second authentication method**.
+
+        The **First authentication method** can be one of the following:
+
+        -   **Computer (Kerberos V5)**. Selecting this option tells the device to request authentication of the device by using its domain credentials. This option works with other devices than can use IKE v1, including earlier versions of Windows.
+
+        -   **Computer (NTLMv2)**. Selecting this option tells the device to use and require authentication of the device by using its domain credentials. This option works only with other devices that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+        -   **Computer certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the device to request authentication by using a certificate that is issued by the specified CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used for this rule.
+
+        -   **Preshared key (not recommended)**. Selecting this method and entering a pre-shared key tells the device to authenticate by exchanging the pre-shared keys. If the keys match, then the authentication succeeds. This method is not recommended, and is included for backward compatibility and testing purposes only.
+
+        If you select **First authentication is optional**, then the connection can succeed even if the authentication attempt specified in this column fails.
+
+        The **Second authentication method** can be one of the following:
+
+        -   **User (Kerberos V5)**. Selecting this option tells the device to use and require authentication of the currently logged-on user by using his or her domain credentials. This authentication method works only with other devices that can use AuthIP. User-based authentication using Kerberos V5 is not supported by IKE v1.
+
+        -   **User (NTLMv2)**. Selecting this option tells the device to use and require authentication of the currently logged-on user by using his or her domain credentials, and uses the NTLMv2 protocol instead of Kerberos V5. This authentication method works only with other devices that can use AuthIP. User-based authentication using NTLMv2 is not supported by IKE v1.
+
+        -   **User health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the device to request user-based authentication by using a certificate that is issued by the specified CA. If you also select **Enable certificate to account mapping**, then the certificate can be associated with a user in Active Directory for purposes of granting or denying access to certain users or user groups.
+
+        -   **Computer health certificate from this certification authority (CA)**. Selecting this option and entering the identification of a CA tells the device to use and require authentication by using a certificate that is issued by the specified CA. If you also select **Accept only health certificates**, then only certificates issued by a NAP server can be used for this rule.
+
+        If you check **Second authentication is optional**, the connection can succeed even if the authentication attempt specified in this column fails.
+
+        >**Important:**  Make sure that you do not select the boxes to make both first and second authentication optional. Doing so allows plaintext connections whenever authentication fails.
+
+6.  After you have configured the authentication methods, click **OK** on each dialog box to save your changes and close it, until you return to the **Authentication Method** page in the wizard. Click **Next**.
+
+7.  On the **Profile** page, select the check boxes for the network location type profiles to which this rule applies.
+
+    -   On portable devices, consider clearing the **Private** and **Public** boxes to enable the device to communicate without authentication when it is away from the domain network.
+
+    -   On devices that do not move from network to network, consider selecting all of the profiles. Doing so prevents an unexpected switch in the network location type from disabling the rule.
+
+    Click **Next**.
+
+8.  On the **Name** page, type a name for the connection security rule and a description, and then click **Finish**.
+
+    The new rule appears in the list of connection security rules.
diff --git a/windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-inbound-icmp-rule.md
similarity index 59%
rename from windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
rename to windows/keep-secure/create-an-inbound-icmp-rule.md
index edbbf0d6e5..f76bba3007 100644
--- a/windows/keep-secure/create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-inbound-icmp-rule.md
@@ -1,12 +1,19 @@
 ---
-title: Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
-description: Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+title: Create an Inbound ICMP Rule (Windows 10)
+description: Create an Inbound ICMP Rule
 ms.assetid: 267b940a-79d9-4322-b53b-81901e357344
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+# Create an Inbound ICMP Rule
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 To allow inbound Internet Control Message Protocol (ICMP) network traffic, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows ICMP requests and responses to be sent and received by computers on the network.
 
@@ -16,11 +23,11 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 This topic describes how to create a port rule that allows inbound ICMP network traffic. For other inbound port rule types, see:
 
--   [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
 
--   [Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
 
-**To create an inbound ICMP rule**
+To create an inbound ICMP rule
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -52,20 +59,4 @@ This topic describes how to create a port rule that allows inbound ICMP network
 
 12. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
 
-    **Note**  
-    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
-
-     
-
 13. On the **Name** page, type a name and description for your rule, and then click **Finish**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
deleted file mode 100644
index 49f4b7d7ba..0000000000
--- a/windows/keep-secure/create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ /dev/null
@@ -1,75 +0,0 @@
----
-title: Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
-description: Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
-ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f
-author: brianlic-msft
----
-
-# Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
-
-
-To allow inbound network traffic on only a specified TCP or UDP port number, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port.
-
-**Administrative credentials**
-
-To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
-
-This topic describes how to create a standard port rule for a specified protocol or TCP or UDP port number. For other inbound port rule types, see:
-
--   [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
-
--   [Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
-
-**To create an inbound port rule**
-
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
-
-2.  In the navigation pane, click **Inbound Rules**.
-
-3.  Click **Action**, and then click **New rule**.
-
-4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**.
-
-    **Note**  
-    Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
-
-     
-
-5.  On the **Program** page, click **All programs**, and then click **Next**.
-
-    **Note**  
-    This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The specified program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. If you choose to do this, follow the steps in the [Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md) procedure in addition to the steps in this procedure to create a single rule that filters network traffic using both program and port criteria.
-
-     
-
-6.  On the **Protocol and Ports** page, select the protocol type that you want to allow. To restrict the rule to a specified port number, you must select either **TCP** or **UDP**. Because this is an incoming rule, you typically configure only the local port number.
-
-    If you select another protocol, then only packets whose protocol field in the IP header match this rule are permitted through the firewall.
-
-    To select a protocol by its number, select **Custom** from the list, and then type the number in the **Protocol number** box.
-
-    When you have configured the protocols and ports, click **Next**.
-
-7.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
-
-8.  On the **Action** page, select **Allow the connection**, and then click **Next**.
-
-9.  On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
-
-    **Note**  
-    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
-
-     
-
-10. On the **Name** page, type a name and description for your rule, and then click **Finish**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-an-inbound-port-rule.md b/windows/keep-secure/create-an-inbound-port-rule.md
new file mode 100644
index 0000000000..e2a911293f
--- /dev/null
+++ b/windows/keep-secure/create-an-inbound-port-rule.md
@@ -0,0 +1,62 @@
+---
+title: Create an Inbound Port Rule (Windows 10)
+description: Create an Inbound Port Rule
+ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Create an Inbound Port Rule
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+To allow inbound network traffic on only a specified TCP or UDP port number, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+This topic describes how to create a standard port rule for a specified protocol or TCP or UDP port number. For other inbound port rule types, see:
+
+-   [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
+
+-   [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
+
+**To create an inbound port rule**
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Inbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**.
+
+    >**Note:**  Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
+
+5.  On the **Program** page, click **All programs**, and then click **Next**.
+
+    >**Note:**  This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The specified program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. If you choose to do this, follow the steps in the [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md) procedure in addition to the steps in this procedure to create a single rule that filters network traffic using both program and port criteria.
+
+6.  On the **Protocol and Ports** page, select the protocol type that you want to allow. To restrict the rule to a specified port number, you must select either **TCP** or **UDP**. Because this is an incoming rule, you typically configure only the local port number.
+
+    If you select another protocol, then only packets whose protocol field in the IP header match this rule are permitted through the firewall.
+
+    To select a protocol by its number, select **Custom** from the list, and then type the number in the **Protocol number** box.
+
+    When you have configured the protocols and ports, click **Next**.
+
+7.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
+
+8.  On the **Action** page, select **Allow the connection**, and then click **Next**.
+
+9.  On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
+
+    >**Note:**  If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
+   
+10. On the **Name** page, type a name and description for your rule, and then click **Finish**.
diff --git a/windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-inbound-program-or-service-rule.md
similarity index 57%
rename from windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
rename to windows/keep-secure/create-an-inbound-program-or-service-rule.md
index 83fa805eef..51524c047d 100644
--- a/windows/keep-secure/create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-inbound-program-or-service-rule.md
@@ -1,25 +1,29 @@
 ---
-title: Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
-description: Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+title: Create an Inbound Program or Service Rule (Windows 10)
+description: Create an Inbound Program or Service Rule
 ms.assetid: 00b7fa60-7c64-4ba5-ba95-c542052834cf
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+# Create an Inbound Program or Service Rule
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 To allow inbound network traffic to a specified program or service, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows the program to listen and receive inbound network traffic on any port.
 
-**Note**  
-This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. To combine the program and port rule types into a single rule, follow the steps in the [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md) procedure in addition to the steps in this procedure.
-
- 
+>**Note:**  This type of rule is often combined with a program or service rule. If you combine the rule types, you get a firewall rule that limits traffic to a specified port and allows the traffic only when the specified program is running. The program cannot receive network traffic on other ports, and other programs cannot receive network traffic on the specified port. To combine the program and port rule types into a single rule, follow the steps in the [Create an Inbound Port Rule](create-an-inbound-port-rule.md) procedure in addition to the steps in this procedure.
 
 **Administrative credentials**
 
 To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
 
-**To create an inbound firewall rule for a program or service**
+To create an inbound firewall rule for a program or service
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -29,10 +33,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Custom**, and then click **Next**.
 
-    **Note**  
-    Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
-
-     
+    >**Note:**  Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
 
 5.  On the **Program** page, click **This program path**.
 
@@ -57,11 +58,9 @@ To complete these procedures, you must be a member of the Domain Administrators
 
     **sc** **sidtype** *&lt;Type&gt; &lt;ServiceName&gt;*
 
-    In the preceding command, the value of *&lt;Type&gt;* can be **UNRESTRICTED** or **RESTRICTED**. Although the command also permits the value of **NONE**, that setting means the service cannot be used in a firewall rule as described here. By default, most services in Windows are configured as **UNRESTRICTED**. If you change the SID type to **RESTRICTED**, the service might fail to start. We recommend that you change the SID type only on services that you want to use in firewall rules, and that you change the SID type to **UNRESTRICTED**. For more information, see [Vista Services](http://go.microsoft.com/fwlink/?linkid=141454) (http://go.microsoft.com/fwlink/?linkid=141454) and the “Service Security Improvements” section of [Inside the Windows Vista Kernel](http://go.microsoft.com/fwlink/?linkid=141455) (http://go.microsoft.com/fwlink/?linkid=141455).
+    In the preceding command, the value of *&lt;Type&gt;* can be **UNRESTRICTED** or **RESTRICTED**. Although the command also permits the value of **NONE**, that setting means the service cannot be used in a firewall rule as described here. By default, most services in Windows are configured as **UNRESTRICTED**. If you change the SID type to **RESTRICTED**, the service might fail to start. We recommend that you change the SID type only on services that you want to use in firewall rules, and that you change the SID type to **UNRESTRICTED**.
 
-     
-
-8.  It is a best practice to restrict the firewall rule for the program to only the ports it needs to operate. On the **Protocols and Ports** page, you can specify the port numbers for the allowed traffic. If the program tries to listen on a port different from the one specified here, it is blocked. For more information about protocol and port options, see [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md). After you have configured the protocol and port options, click **Next**.
+8.  It is a best practice to restrict the firewall rule for the program to only the ports it needs to operate. On the **Protocols and Ports** page, you can specify the port numbers for the allowed traffic. If the program tries to listen on a port different from the one specified here, it is blocked. For more information about protocol and port options, see [Create an Inbound Port Rule](create-an-inbound-port-rule.md). After you have configured the protocol and port options, click **Next**.
 
 9.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
 
@@ -69,20 +68,4 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 11. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
 
-    **Note**  
-    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider applying the rule to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
-
-     
-
 12. On the **Name** page, type a name and description for your rule, and then click **Finish**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-outbound-port-rule.md
similarity index 58%
rename from windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
rename to windows/keep-secure/create-an-outbound-port-rule.md
index d91a6e972b..98c85d581c 100644
--- a/windows/keep-secure/create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-outbound-port-rule.md
@@ -1,20 +1,27 @@
 ---
-title: Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2 (Windows 10)
-description: Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+title: Create an Outbound Port Rule (Windows 10)
+description: Create an Outbound Port Rule
 ms.assetid: 59062b91-756b-42ea-8f2a-832f05d77ddf
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+# Create an Outbound Port Rule
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic on a specified TCP or UDP port number, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers.
+By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic on a specified TCP or UDP port number, use the Windows Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers.
 
 **Administrative credentials**
 
 To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
 
-**To create an outbound port rule**
+To create an outbound port rule
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -24,10 +31,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 4.  On the **Rule Type** page of the New Outbound Rule wizard, click **Custom**, and then click **Next**.
 
-    **Note**  
-    Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
-
-     
+    >**Note:**  Although you can create rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
 
 5.  On the **Program** page, click **All programs**, and then click **Next**.
 
@@ -45,20 +49,4 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 9.  On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
 
-    **Note**  
-    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider applying the rules to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
-
-     
-
 10. On the **Name** page, type a name and description for your rule, and then click **Finish**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-an-outbound-program-or-service-rule.md
similarity index 60%
rename from windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
rename to windows/keep-secure/create-an-outbound-program-or-service-rule.md
index 8552952fbd..342e863ffd 100644
--- a/windows/keep-secure/create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-an-outbound-program-or-service-rule.md
@@ -1,20 +1,27 @@
 ---
-title: Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2 (Windows 10)
-description: Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+title: Create an Outbound Program or Service Rule (Windows 10)
+description: Create an Outbound Program or Service Rule
 ms.assetid: f71db4fb-0228-4df2-a95d-b9c056aa9311
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2
+# Create an Outbound Program or Service Rule
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic for a specified program or service, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule prevents the program from sending any outbound network traffic on any port.
+By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic for a specified program or service, use the Windows Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule prevents the program from sending any outbound network traffic on any port.
 
 **Administrative credentials**
 
 To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
 
-**To create an outbound firewall rule for a program or service**
+To create an outbound firewall rule for a program or service
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -24,10 +31,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 4.  On the **Rule Type** page of the New Outbound Rule Wizard, click **Custom**, and then click **Next**.
 
-    **Note**  
-    Although you can create many rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
-
-     
+    >**Note:**  Although you can create many rules by selecting **Program** or **Port**, those choices limit the number of pages presented by the wizard. If you select **Custom**, you see all of the pages, and have the most flexibility in creating your rules.
 
 5.  On the **Program** page, click **This program path**.
 
@@ -41,7 +45,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
     -   If the executable file is a container for a single service or contains multiple services but the rule only applies to one of them, click **Customize**, select **Apply to this service**, and then select the service from the list. If the service does not appear in the list, then click **Apply to service with this service short name**, and type the short name for the service in the text box. Click **OK**, and then click **Next**.
 
-8.  If you want the program to be allowed to send on some ports, but blocked from sending on others, then you can restrict the firewall rule to block only the specified ports or protocols. On the **Protocols and Ports** page, you can specify the port numbers or protocol numbers for the blocked traffic. If the program tries to send to or from a port number different from the one specified here, or by using a protocol number different from the one specified here, then the default outbound firewall behavior allows the traffic. For more information about the protocol and port options, see [Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md). When you have configured the protocol and port options, click **Next**.
+8.  If you want the program to be allowed to send on some ports, but blocked from sending on others, then you can restrict the firewall rule to block only the specified ports or protocols. On the **Protocols and Ports** page, you can specify the port numbers or protocol numbers for the blocked traffic. If the program tries to send to or from a port number different from the one specified here, or by using a protocol number different from the one specified here, then the default outbound firewall behavior allows the traffic. For more information about the protocol and port options, see [Create an Outbound Port Rule](create-an-outbound-port-rule.md). When you have configured the protocol and port options, click **Next**.
 
 9.  On the **Scope** page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click **Next**.
 
@@ -49,20 +53,4 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 11. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
 
-    **Note**  
-    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
-
-     
-
 12. On the **Name** page, type a name and description for your rule, and then click **Finish**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/create-inbound-rules-to-support-rpc.md
similarity index 51%
rename from windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
rename to windows/keep-secure/create-inbound-rules-to-support-rpc.md
index 1c41bd67ec..0ba04d529e 100644
--- a/windows/keep-secure/create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/create-inbound-rules-to-support-rpc.md
@@ -1,14 +1,21 @@
 ---
-title: Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
-description: Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+title: Create Inbound Rules to Support RPC (Windows 10)
+description: Create Inbound Rules to Support RPC
 ms.assetid: 0b001c2c-12c1-4a30-bb99-0c034d7e6150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+# Create Inbound Rules to Support RPC
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-To allow inbound remote procedure call (RPC) network traffic, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create two firewall rules. The first rule allows incoming network packets on TCP port 135 to the RPC Endpoint Mapper service. The incoming traffic consists of requests to communicate with a specified network service. The RPC Endpoint Mapper replies with a dynamically-assigned port number that the client must use to communicate with the service. The second rule allows the network traffic that is sent to the dynamically-assigned port number. Using the two rules configured as described in this topic helps to protect your computer by allowing network traffic only from computers that have received RPC dynamic port redirection and to only those TCP port numbers assigned by the RPC Endpoint Mapper.
+To allow inbound remote procedure call (RPC) network traffic, use the Windows Firewall with Advanced Security node in the Group Policy Management console to create two firewall rules. The first rule allows incoming network packets on TCP port 135 to the RPC Endpoint Mapper service. The incoming traffic consists of requests to communicate with a specified network service. The RPC Endpoint Mapper replies with a dynamically-assigned port number that the client must use to communicate with the service. The second rule allows the network traffic that is sent to the dynamically-assigned port number. Using the two rules configured as described in this topic helps to protect your device by allowing network traffic only from devices that have received RPC dynamic port redirection and to only those TCP port numbers assigned by the RPC Endpoint Mapper.
 
 **Administrative credentials**
 
@@ -16,20 +23,17 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 This topic describes how to create rules that allow inbound RPC network traffic. For other inbound port rule types, see:
 
--   [Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
 
--   [Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+-   [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
 
 In this topic:
 
--   [To create a rule to allow inbound network traffic to the RPC Endpoint Mapper service](#bkmk-proc1)
+-   [To create a rule to allow inbound network traffic to the RPC Endpoint Mapper service](#to-create-a-rule-to-allow-inbound-network-traffic-to-the-rpc-endpoint-mapper-service)
 
--   [To create a rule to allow inbound network traffic to RPC-enabled network services](#bkmk-proc2)
+-   [To create a rule to allow inbound network traffic to RPC-enabled network services](#to-create-a-rule-to-allow-inbound-network-traffic-to-rpc-enabled-network-services)
 
-## <a href="" id="bkmk-proc1"></a>
-
-
-**To create a rule to allow inbound network traffic to the RPC Endpoint Mapper service**
+## To create a rule to allow inbound network traffic to the RPC Endpoint Mapper service
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -55,19 +59,12 @@ In this topic:
 
 12. On the **Action** page, select **Allow the connection**, and then click **Next**.
 
-13. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
-
-    **Note**  
-    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider applying the rules to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
-
-     
+13. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.   
 
 14. On the **Name** page, type a name and description for your rule, and then click **Finish**.
 
-## <a href="" id="bkmk-proc2"></a>
 
-
-**To create a rule to allow inbound network traffic to RPC-enabled network services**
+## To create a rule to allow inbound network traffic to RPC-enabled network services
 
 1.  On the same GPO you edited in the preceding procedure, click **Action**, and then click **New rule**.
 
@@ -89,20 +86,4 @@ In this topic:
 
 10. On the **Profile** page, select the network location types to which this rule applies, and then click **Next**.
 
-    **Note**  
-    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider applying the rules to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
-
-     
-
 11. On the **Name** page, type a name and description for your rule, and then click **Finish**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/create-wmi-filters-for-the-gpo.md b/windows/keep-secure/create-wmi-filters-for-the-gpo.md
index adf0d2f7be..f4b066d3e1 100644
--- a/windows/keep-secure/create-wmi-filters-for-the-gpo.md
+++ b/windows/keep-secure/create-wmi-filters-for-the-gpo.md
@@ -2,17 +2,24 @@
 title: Create WMI Filters for the GPO (Windows 10)
 description: Create WMI Filters for the GPO
 ms.assetid: b1a6d93d-a3c8-4e61-a388-4a3323f0e74e
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Create WMI Filters for the GPO
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-To make sure that each GPO associated with a group can only be applied to computers running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each computer.
+To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each device.
 
--   [To create a WMI filter that queries for a specified version of Windows](#bkmk-1)
+-   [To create a WMI filter that queries for a specified version of Windows](#to-create-a-wmi-filter-that-queries-for-a-specified-version-of-windows)
 
--   [To link a WMI filter to a GPO](#bkmk-2)
+-   [To link a WMI filter to a GPO](#to-link-a-wmi-filter-to-a-gpo)
 
 **Administrative credentials**
 
@@ -20,12 +27,9 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 First, create the WMI filter and configure it to look for a specified version (or versions) of the Windows operating system.
 
-## <a href="" id="bkmk-1"></a>
+## To create a WMI filter that queries for a specified version of Windows
 
-
-**To create a WMI filter that queries for a specified version of Windows**
-
-1.  On a computer that has the Group Policy Management feature installed, click **Start**, click **Administrative Tools**, and then click **Group Policy Management**.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, and then click **WMI Filters**.
 
@@ -33,10 +37,7 @@ First, create the WMI filter and configure it to look for a specified version (o
 
 4.  In the **Name** text box, type the name of the WMI filter.
 
-    **Note**  
-    Be sure to use a name that clearly indicates the purpose of the filter. Check to see if your organization has a naming convention.
-
-     
+    >**Note:**  Be sure to use a name that clearly indicates the purpose of the filter. Check to see if your organization has a naming convention.
 
 5.  In the **Description** text box, type a description for the WMI filter. For example, if the filter excludes domain controllers, you might consider stating that in the description.
 
@@ -50,27 +51,27 @@ First, create the WMI filter and configure it to look for a specified version (o
     select * from Win32_OperatingSystem where Version like "6.%"
     ```
 
-    This query will return **true** for computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. To set a filter for just Windows 8 and Windows Server 2012, use `"6.2%"`. To specify multiple versions, combine them with `or`, as shown in the following:
+    This query will return **true** for devices running at least Windows Vista and Windows Server 2008. To set a filter for just Windows 8 and Windows Server 2012, use "6.2%". To specify multiple versions, combine them with or, as shown in the following:
 
     ``` syntax
     ... where Version like "6.1%" or Version like "6.2%"
     ```
 
-    To restrict the query to only clients or only servers, add a clause that includes the `ProductType` parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only `ProductType="1"`. For server operating systems that are not domain controllers, use `ProductType="3"`. For domain controllers only, use `ProductType="2"`. This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network.
+    To restrict the query to only clients or only servers, add a clause that includes the ProductType parameter. To filter for client operating systems only, such as Windows 8 or Windows 7, use only ProductType="1". For server operating systems that are not domain controllers, use ProductType="3". For domain controllers only, use ProductType="2". This is a useful distinction, because you often want to prevent your GPOs from being applied to the domain controllers on your network.
 
-    The following clause returns **true** for all computers that are not domain controllers:
+    The following clause returns **true** for all devices that are not domain controllers:
 
     ``` syntax
     ... where ProductType="1" or ProductType="3"
     ```
 
-    The following complete query returns **true** for all computers running Windows 8, and returns **false** for any server operating system or any other client operating system.
+    The following complete query returns **true** for all devices running Windows 8, and returns **false** for any server operating system or any other client operating system.
 
     ``` syntax
     select * from Win32_OperatingSystem where Version like "6.2%" and ProductType="1"
     ```
 
-    The following query returns **true** for any computer running Windows Server 2012, except domain controllers:
+    The following query returns **true** for any device running Windows Server 2012, except domain controllers:
 
     ``` syntax
     select * from Win32_OperatingSystem where Version like "6.2%" and ProductType="3"
@@ -80,26 +81,14 @@ First, create the WMI filter and configure it to look for a specified version (o
 
 10. Click **Save** to save your completed filter.
 
-## <a href="" id="bkmk-2"></a>
-
+## To link a WMI filter to a GPO
 
 After you have created a filter with the correct query, link the filter to the GPO. Filters can be reused with many GPOs simultaneously; you do not have to create a new one for each GPO if an existing one meets your needs.
 
-**To link a WMI filter to a GPO**
-
-1.  On a computer that has the Group Policy Management feature installed, click **Start**, click **Administrative Tools**, and then click **Group Policy Management**.
+1.  Open theGroup Policy Management console.
 
 2.  In the navigation pane, find and then click the GPO that you want to modify.
 
 3.  Under **WMI Filtering**, select the correct WMI filter from the list.
 
 4.  Click **Yes** to accept the filter.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
deleted file mode 100644
index 7f8e8b4d05..0000000000
--- a/windows/keep-secure/enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
-description: Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
-ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7
-author: brianlic-msft
----
-
-# Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
-
-
-Windows Firewall with Advanced Security includes many predefined rules for common networking roles and functions. When you install a new server role on a computer or enable a network feature on a client computer, the installer typically enables the rules required for that role instead of creating new ones. When deploying firewall rules to the computers on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
-
-**Administrative credentials**
-
-To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
-
-**To deploy predefined firewall rules that allow inbound network traffic for common network functions**
-
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
-
-2.  In the navigation pane, click **Inbound Rules**.
-
-3.  Click **Action**, and then click **New rule**.
-
-4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Predefined**, select the rule category from the list, and then click **Next**.
-
-5.  On the **Predefined Rules** page, the list of rules defined in the group is displayed. By default, they are all selected. For rules that you do not want to deploy, clear the check boxes next to the rules, and then click **Next**.
-
-6.  On the **Action** page, select **Allow the connection**, and then click **Finish**.
-
-    The selected rules are added to the GPO and applied to the computers to which the GPO is assigned the next time Group Policy is refreshed.
-
-    **Note**  
-    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
-
-     
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/enable-predefined-inbound-rules.md b/windows/keep-secure/enable-predefined-inbound-rules.md
new file mode 100644
index 0000000000..fe16701837
--- /dev/null
+++ b/windows/keep-secure/enable-predefined-inbound-rules.md
@@ -0,0 +1,36 @@
+---
+title: Enable Predefined Inbound Rules (Windows 10)
+description: Enable Predefined Inbound Rules
+ms.assetid: a4fff086-ae81-4c09-b828-18c6c9a937a7
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Enable Predefined Inbound Rules
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+Windows Firewall with Advanced Security includes many predefined rules for common networking roles and functions. When you install a new server role on a device or enable a network feature on a client device, the installer typically enables the rules required for that role instead of creating new ones. When deploying firewall rules to the devices on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
+
+**Administrative credentials**
+
+To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+To deploy predefined firewall rules that allow inbound network traffic for common network functions
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  In the navigation pane, click **Inbound Rules**.
+
+3.  Click **Action**, and then click **New rule**.
+
+4.  On the **Rule Type** page of the New Inbound Rule Wizard, click **Predefined**, select the rule category from the list, and then click **Next**.
+
+5.  On the **Predefined Rules** page, the list of rules defined in the group is displayed. By default, they are all selected. For rules that you do not want to deploy, clear the check boxes next to the rules, and then click **Next**.
+
+6.  On the **Action** page, select **Allow the connection**, and then click **Finish**.
diff --git a/windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md b/windows/keep-secure/enable-predefined-outbound-rules.md
similarity index 60%
rename from windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
rename to windows/keep-secure/enable-predefined-outbound-rules.md
index b37bf8b4c4..1691399b8a 100644
--- a/windows/keep-secure/enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md
+++ b/windows/keep-secure/enable-predefined-outbound-rules.md
@@ -1,12 +1,19 @@
 ---
-title: Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2 (Windows 10)
-description: Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+title: Enable Predefined Outbound Rules (Windows 10)
+description: Enable Predefined Outbound Rules
 ms.assetid: 71cc4157-a1ed-41d9-91e4-b3140c67c1be
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+# Enable Predefined Outbound Rules
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. Windows Firewall with Advanced Security includes many predefined outbound rules that can be used to block network traffic for common networking roles and functions. When you install a new server role on a computer or enable a network feature on a client computer, the installer can install, but typically does not enable, outbound block rules for that role. When deploying firewall rules to the computers on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
 
@@ -14,7 +21,7 @@ By default, Windows Firewall with Advanced Security allows all outbound network
 
 To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
 
-**To deploy predefined firewall rules that block outbound network traffic for common network functions**
+To deploy predefined firewall rules that block outbound network traffic for common network functions
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -29,19 +36,3 @@ To complete these procedures, you must be a member of the Domain Administrators
 6.  On the **Action** page, select **Block the connection**, and then click **Finish**.
 
     The selected rules are added to the GPO.
-
-    **Note**  
-    If this GPO is targeted at server computers running Windows Server 2008 that never move, consider modifying the rules to apply to all network location type profiles. This prevents an unexpected change in the applied rules if the network location type changes due to the installation of a new network card or the disconnection of an existing network card’s cable. A disconnected network card is automatically assigned to the Public network location type.
-
-     
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md b/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
deleted file mode 100644
index a431459419..0000000000
--- a/windows/keep-secure/exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-title: Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 (Windows 10)
-description: Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
-ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548
-author: brianlic-msft
----
-
-# Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2
-
-
-This procedure shows you how to add exemptions for any network traffic that uses the ICMP protocol.
-
-**Important**  
-Because of its usefulness in troubleshooting network connectivity problems, we recommend that you exempt all ICMP network traffic from authentication requirements unless your network risk analysis indicates a need to protect this traffic.
-
- 
-
-**Administrative credentials**
-
-To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
-
-**To exempt ICMP network traffic from authentication**
-
-1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
-
-2.  On the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
-
-3.  On the **IPsec settings** tab, change **Exempt ICMP from IPsec** to **Yes**, and then click **OK**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/exempt-icmp-from-authentication.md b/windows/keep-secure/exempt-icmp-from-authentication.md
new file mode 100644
index 0000000000..a60e483753
--- /dev/null
+++ b/windows/keep-secure/exempt-icmp-from-authentication.md
@@ -0,0 +1,30 @@
+---
+title: Exempt ICMP from Authentication (Windows 10)
+description: Exempt ICMP from Authentication
+ms.assetid: c086c715-8d0c-4eb5-9ea7-2f7635a55548
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+
+# Exempt ICMP from Authentication
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
+
+This procedure shows you how to add exemptions for any network traffic that uses the ICMP protocol.
+
+**Administrative credentials**
+
+To complete this procedure, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
+
+To exempt ICMP network traffic from authentication
+
+1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
+
+2.  On the main Windows Firewall with Advanced Security page, click **Windows Firewall Properties**.
+
+3.  On the **IPsec settings** tab, change **Exempt ICMP from IPsec** to **Yes**, and then click **OK**.
diff --git a/windows/keep-secure/install-active-directory-certificate-services.md b/windows/keep-secure/install-active-directory-certificate-services.md
deleted file mode 100644
index 5fc8bd6b1c..0000000000
--- a/windows/keep-secure/install-active-directory-certificate-services.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-title: Install Active Directory Certificate Services (Windows 10)
-description: Install Active Directory Certificate Services
-ms.assetid: 6f2ed8ac-b8a6-4819-9c21-be91dedfd619
-author: brianlic-msft
----
-
-# Install Active Directory Certificate Services
-
-
-To use certificates in a server isolation or domain isolation design, you must first set up the infrastructure to deploy the certificates. This is called a public key infrastructure (PKI). The services required for a PKI are available in Windows Server 2012 in the form of the Active Directory Certificate Services (AD CS) role.
-
-**Caution**  
-Creation of a full PKI for an enterprise environment with all of the appropriate security considerations included in the design is beyond the scope of this guide. The following procedure shows you only the basics of installing an issuing certificate server; it is appropriate for a test lab environment only. For more information about deploying AD CS in a production environment, see [Active Directory Certificate Services Overview](http://technet.microsoft.com/library/hh831740.aspx).
-
- 
-
-To perform this procedure, the computer on which you are installing AD CS must be joined to an Active Directory domain.
-
-**Administrative credentials**
-
-To complete this procedure, you must be a member of both the Domain Admins group in the root domain of your forest, and a member of the Enterprise Admins group.
-
-**To install AD CS**
-
-1.  Log on as a member of both the Enterprise Admins group and the root domain's Domain Admins group.
-
-2.  Click **Server Manager** in the taskbar. The Server Manager console opens. Click **Add roles and features**.
-
-3.  On the **Before you begin** page, click **Next**.
-
-4.  On the **Select installation type** page, ensure **Role-based or feature-based installation** is selected and click **Next**.
-
-5.  On the **Select destination server** page, ensure your server is selected and click **Next**.
-
-6.  On the **Select Server Roles** page, select **Active Directory Certificate Services**, and then click **Add Features** and then click **Next**.
-
-7.  On the **Select features** page, click **Next**.
-
-8.  On the **Active Directory Certificate Services** page, click **Next**.
-
-9.  On the **Select role services** page, ensure **Certification Authority** is selected and click **Next**.
-
-10. On the **Confirm installation selections** page, click **Install**.
-
-    After installation completes, click close.
-
-11. On the Server Manager Dashboard, click the Notifications flag icon and then click **Configure Active Directory Certificate Services on the destination server**.
-
-12. On the **Credentials** page, ensure the default user account is a member of both the local Administrators group and the Enterprise Admins group and then click **Next**.
-
-13. On the **Role Services** page, click **Certification Authority**, and click **Next**.
-
-14. On the **Setup Type** page, ensure **Enterprise CA** is selected, and click **Next**.
-
-15. On the **CA Type** page, ensure **Root CA** is selected, and then click **Next**.
-
-16. On the **Private Key** page, ensure **Create a new private key** is selected, and then click **Next**.
-
-17. On the **Cryptography for CA** page, keep the default settings for CSP (**RSA\#Microsoft Software Key Storage Provider**) and hash algorithm (**sha1**), and determine the best key character length for your deployment. Large key character lengths provide optimal security, but they can affect server performance. It is recommended that you keep the default setting of 2048 or, if appropriate for your deployment, reduce key character length to 1024. Click **Next**.
-
-18. On the **CA Name** page, keep the suggested common name for the CA or change the name according to your requirements, and then click **Next**.
-
-19. On the **Validity Period** page, in **Specify the validity period**, type the number and select a time value (Years, Months, Weeks, or Days). The default setting of five years is recommended. Click **Next**.
-
-20. On the **CA Database** page, in **Certificate database location** and **Certificate database log location**, specify the folder location for these items. If you specify locations other than the default locations, make sure that the folders are secured with access control lists (ACLs) that prevent unauthorized users or computers from accessing the CA database and log files.
-
-21. Click **Next**, click **Configure**, and then click **Close**.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/link-the-gpo-to-the-domain.md b/windows/keep-secure/link-the-gpo-to-the-domain.md
index d912164e47..ab224211e6 100644
--- a/windows/keep-secure/link-the-gpo-to-the-domain.md
+++ b/windows/keep-secure/link-the-gpo-to-the-domain.md
@@ -2,23 +2,30 @@
 title: Link the GPO to the Domain (Windows 10)
 description: Link the GPO to the Domain
 ms.assetid: 746d4553-b1a6-4954-9770-a948926b1165
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Link the GPO to the Domain
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-After you create the GPO and configure it with security group filters and WMI filters, you must link the GPO to the container in Active Directory that contains all of the target computers.
+After you create the GPO and configure it with security group filters and WMI filters, you must link the GPO to the container in Active Directory that contains all of the target devices.
 
-If the filters comprehensively control the application of the GPO to only the correct computers, then you can link the GPO to the domain container. Alternatively, you can link the GPO to a site container or organizational unit if you want to limit application of the GPO to that subset of computers.
+If the filters comprehensively control the application of the GPO to only the correct devices, then you can link the GPO to the domain container. Alternatively, you can link the GPO to a site container or organizational unit if you want to limit application of the GPO to that subset of devices.
 
 **Administrative credentials**
 
 To complete this procedure, you must be a member of the Domain Admins group, or otherwise be delegated permissions to modify the GPOs.
 
-**To link the GPO to the domain container in Active Directory**
+To link the GPO to the domain container in Active Directory
 
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, and then expand *YourDomainName*.
 
@@ -28,13 +35,4 @@ To complete this procedure, you must be a member of the Domain Admins group, or
 
 5.  The GPO appears in the **Linked Group Policy Objects** tab in the details pane and as a linked item under the domain container in the navigation pane.
 
-6.  You can adjust the order of the linked GPOs to ensure that the higher priority GPOs are processed last. Select a GPO and click the up or down arrows to move it. The GPOs are processed by the client computer from the highest link order number to the lowest.
-
- 
-
- 
-
-
-
-
-
+6.  You can adjust the order of the linked GPOs to ensure that the higher priority GPOs are processed last. Select a GPO and click the up or down arrows to move it. The GPOs are processed by the client device from the highest link order number to the lowest.
diff --git a/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
index f003cb6ee2..95ab7cda01 100644
--- a/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+++ b/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -2,13 +2,20 @@
 title: Modify GPO Filters to Apply to a Different Zone or Version of Windows (Windows 10)
 description: Modify GPO Filters to Apply to a Different Zone or Version of Windows
 ms.assetid: 24ede9ca-a501-4025-9020-1129e2cdde80
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Modify GPO Filters to Apply to a Different Zone or Version of Windows
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-You must reconfigure your copied GPO so that it contains the correct security group and WMI filters for its new role. If you are creating the GPO for the isolated domain, use the [Block members of a group from applying a GPO](#bkmk-topreventmembersofgroupfromapplyingagpo) procedure to prevent members of the boundary and encryption zones from incorrectly applying the GPOs for the main isolated domain.
+You must reconfigure your copied GPO so that it contains the correct security group and WMI filters for its new role. If you are creating the GPO for the isolated domain, use the [Block members of a group from applying a GPO](#to-block-members-of-a-group-from-applying-a-gpo) procedure to prevent members of the boundary and encryption zones from incorrectly applying the GPOs for the main isolated domain.
 
 **Administrative credentials**
 
@@ -16,20 +23,15 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 In this topic:
 
--   [Change the security group filter for a GPO](#bkmk-toallowmembersofagrouptoapplyagpo)
+-   [Change the security group filter for a GPO](#to-change-the-security-group-filter-for-a-gpo)
 
--   [Block members of a group from applying a GPO](#bkmk-topreventmembersofgroupfromapplyingagpo)
+-   [Block members of a group from applying a GPO](#to-block-members-of-a-group-from-applying-a-gpo)
 
--   [Remove a block for members of a group from applying a GPO](#bkmk-toremoveablockformembersofgroupfromapplyingagpo)
+-   [Remove a block for members of a group from applying a GPO](#to-remove-a-block-for-members-of-group-from-applying-a-gpo)
 
-## <a href="" id="bkmk-toallowmembersofagrouptoapplyagpo"></a>
+## To change the security group filter for a GPO
 
-
-Use the following procedure to change a group to the security filter on the GPO that allows group members to apply the GPO. You must remove the reference to the original group, and add the group appropriate for this GPO.
-
-**To change the security group filter for a GPO**
-
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, find and then click the GPO that you want to modify.
 
@@ -39,14 +41,9 @@ Use the following procedure to change a group to the security filter on the GPO
 
 5.  In the **Select User, Computer, or Group** dialog box, type the name of the group whose members are to apply the GPO, and then click **OK**. If you do not know the name, you can click **Advanced** to browse the list of groups available in the domain.
 
-## <a href="" id="bkmk-topreventmembersofgroupfromapplyingagpo"></a>
+## To block members of a group from applying a GPO
 
-
-Use the following procedure if you need to add a group to the security filter on the GPO that blocks group members from applying the GPO. This can be used on the GPOs for the main isolated domain to prevent members of the boundary and encryption zones from incorrectly applying the GPOs for the main isolated domain.
-
-**To block members of group from applying a GPO**
-
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, find and then click the GPO that you want to modify.
 
@@ -64,12 +61,9 @@ Use the following procedure if you need to add a group to the security filter on
 
 9.  The group appears in the list with custom permissions.
 
-## <a href="" id="bkmk-toremoveablockformembersofgroupfromapplyingagpo"></a>
+## To remove a block for members of group from applying a GPO
 
-
-**To remove a block for members of group from applying a GPO**
-
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, find and then click the GPO that you want to modify.
 
@@ -78,14 +72,3 @@ Use the following procedure if you need to add a group to the security filter on
 4.  In the **Groups and users** list, select the group that should no longer be blocked, and then click **Remove**.
 
 5.  In the message box, click **OK**.
-
-If you arrived at this page by clicking a link in a checklist, use your browser’s **Back** button to return to the checklist.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md
index 729e906fcc..f29f5afbb7 100644
--- a/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md
+++ b/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -2,27 +2,25 @@
 title: Open the Group Policy Management Console to IP Security Policies (Windows 10)
 description: Open the Group Policy Management Console to IP Security Policies
 ms.assetid: 235f73e4-37b7-40f4-a35e-3e7238bbef43
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Open the Group Policy Management Console to IP Security Policies
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 Procedures in this guide that refer to GPOs for earlier versions of the Windows operating system instruct you to work with the IP Security Policy section in the Group Policy Management Console (GPMC).
 
 **To open a GPO to the IP Security Policies section**
 
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**.
 
-3.  In the navigation pane of the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Windows Settings**, expand **Security Settings**, and then click **IP Security Policies on Active Directory (***YourDomainName***)**.
-
- 
-
- 
-
-
-
-
-
+3.  In the navigation pane of the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Windows Settings**, expand **Security Settings**, and then click **IP Security Policies on Active Directory (***YourDomainName***)**.
\ No newline at end of file
diff --git a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index 5d720ae16f..e179647bac 100644
--- a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -2,27 +2,25 @@
 title: Open the Group Policy Management Console to Windows Firewall with Advanced Security (Windows 10)
 description: Open the Group Policy Management Console to Windows Firewall with Advanced Security
 ms.assetid: 28afab36-8768-4938-9ff2-9d6dab702e98
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Open the Group Policy Management Console to Windows Firewall with Advanced Security
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 Most of the procedures in this guide instruct you to use Group Policy settings for Windows Firewall with Advanced Security.
 
-**To open a GPO to Windows Firewall with Advanced Security**
+To open a GPO to Windows Firewall with Advanced Security
 
-1.  On a computer that has the Group Policy Management feature installed, click the **Start** charm, and then click the **Group Policy Management** tile.
+1.  Open the Group Policy Management console.
 
 2.  In the navigation pane, expand **Forest:** *YourForestName*, expand **Domains**, expand *YourDomainName*, expand **Group Policy Objects**, right-click the GPO you want to modify, and then click **Edit**.
 
-3.  In the navigation pane of the Group Policy Management Editor, expand **Computer Configuration**, expand **Policies**, expand **Windows Settings**, expand **Security Settings**, expand **Windows Firewall with Advanced Security**, and then expand **Windows Firewall with Advanced Security - LDAP://cn={***GUID***},cn=…**.
-
- 
-
- 
-
-
-
-
-
+3.  In the navigation pane of the Group Policy Management Editor, navigate to **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Windows Firewall with Advanced Security** > **Windows Firewall with Advanced Security - LDAP://cn={***GUID***},cn=…**.
diff --git a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md
index 02b493283f..2d848ec539 100644
--- a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md
@@ -2,27 +2,25 @@
 title: Open the Group Policy Management Console to Windows Firewall (Windows 10)
 description: Open the Group Policy Management Console to Windows Firewall
 ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Open the Group Policy Management Console to Windows Firewall
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-**To open a GPO to Windows Firewall**
+To open a GPO to Windows Firewall
 
-1.  Open **Active Directory Users and Computers**.
+1.  Open the Active Directory Users and Computers console.
 
 2.  In the navigation pane, expand *YourDomainName*, right-click the container that your GPO is linked to, and then click **Properties**.
 
 3.  Click the **Group Policy** tab, select your GPO, and then click **Edit**.
 
-4.  In the navigation pane of the Group Policy Object Editor, expand **Computer Configuration**, expand **Administrative Templates**, expand **Network**, expand **Network Connections**, and then expand **Windows Firewall**.
-
- 
-
- 
-
-
-
-
-
+4.  In the navigation pane of the Group Policy Object Editor, navigate to **Computer Configuration** > **Administrative Templates** > **Network** > **Network Connections** > **Windows Firewall**.
diff --git a/windows/keep-secure/open-windows-firewall-with-advanced-security.md b/windows/keep-secure/open-windows-firewall-with-advanced-security.md
index 5387c113a1..cda993d4ad 100644
--- a/windows/keep-secure/open-windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/open-windows-firewall-with-advanced-security.md
@@ -2,13 +2,20 @@
 title: Open Windows Firewall with Advanced Security (Windows 10)
 description: Open Windows Firewall with Advanced Security
 ms.assetid: 788faff2-0f50-4e43-91f2-3e2595c0b6a1
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Open Windows Firewall with Advanced Security
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-This procedure shows you how to open the Windows Firewall with Advanced Security MMC snap-in.
+This procedure shows you how to open the Windows Firewall with Advanced Security console.
 
 **Administrative credentials**
 
@@ -16,22 +23,15 @@ To complete this procedure, you must be a member of the Administrators group. Fo
 
 ## Opening Windows Firewall with Advanced Security
 
+-   [Using the Windows interface](#to-open-windows-firewall-with-advanced-security-using-the-ui)
 
--   [Using the Windows interface](#bkmk-proc1)
+-   [Using a command line](#to-open-windows-firewall-with-advanced-security-from-a-command-prompt)
 
--   [Using a command line](#bkmk-proc2)
+## To open Windows Firewall with Advanced Security using the UI
 
-## <a href="" id="bkmk-proc1"></a>
+Click Start, type **Windows Firewall with Advanced Security**, and the press ENTER.
 
-
-**To open Windows Firewall with Advanced Security by using the Windows interface**
-
--   Click the **Start** charm, right-click the Start page, click **All Apps**, and then click the **Windows Firewall with Advanced Security** tile.
-
-## <a href="" id="bkmk-proc2"></a>
-
-
-**To open Windows Firewall with Advanced Security from a command prompt**
+## To open Windows Firewall with Advanced Security from a command prompt
 
 1.  Open a command prompt window.
 
@@ -44,12 +44,3 @@ To complete this procedure, you must be a member of the Administrators group. Fo
 **Additional considerations**
 
 Although standard users can start the Windows Firewall with Advanced Security MMC snap-in, to change most settings the user must be a member of a group with the permissions to modify those settings, such as Administrators.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/procedures-used-in-this-guide.md b/windows/keep-secure/procedures-used-in-this-guide.md
index 9793debf2a..5cf2b0eea3 100644
--- a/windows/keep-secure/procedures-used-in-this-guide.md
+++ b/windows/keep-secure/procedures-used-in-this-guide.md
@@ -2,97 +2,95 @@
 title: Procedures Used in This Guide (Windows 10)
 description: Procedures Used in This Guide
 ms.assetid: 45c0f549-e4d8-45a3-a600-63e2a449e178
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Procedures Used in This Guide
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
 The procedures in this section appear in the checklists found earlier in this document. They should be used only in the context of the checklists in which they appear. They are presented here in alphabetical order.
 
-[Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)
+- [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
 
-[Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)
+- [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
 
-[Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
+- [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
 
-[Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
+- [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
 
-[Configure Authentication Methods on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-authentication-methods-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+- [Configure Authentication Methods](configure-authentication-methods.md)
 
-[Configure Data Protection (Quick Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-data-protection--quick-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+- [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings)
 
-[Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
+- [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
 
-[Configure Key Exchange (Main Mode) Settings on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-key-exchange--main-mode--settings-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+- [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings)
 
-[Configure the Rules to Require Encryption on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](configure-the-rules-to-require-encryption-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+- [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption)
 
-[Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
+- [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
 
-[Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)
+- [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)
 
-[Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
+- [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
 
-[Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
+- [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
 
-[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
+- [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
 
-[Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
+- [Create a Group Account in Active Directory](create-a-group-account-in-active-directory.md)
 
-[Create a Group Policy Object](create-a-group-policy-object.md)
+- [Create a Group Policy Object](create-a-group-policy-object.md)
 
-[Create an Authentication Exemption List Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-exemption-list-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+- [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)
 
-[Create an Authentication Request Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](create-an-authentication-request-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+- [Create an Authentication Request Rule](create-an-authentication-request-rule.md)
 
-[Create an Inbound ICMP Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-icmp-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Create an Inbound ICMP Rule](create-an-inbound-icmp-rule.md)
 
-[Create an Inbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Create an Inbound Port Rule](create-an-inbound-port-rule.md)
 
-[Create an Inbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-an-inbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Create an Inbound Program or Service Rule](create-an-inbound-program-or-service-rule.md)
 
-[Create an Outbound Port Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-port-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Create an Outbound Port Rule](create-an-outbound-port-rule.md)
 
-[Create an Outbound Program or Service Rule on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 or Windows Server 2008 R2](create-an-outbound-program-or-service-rule-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
 
-[Create Inbound Rules to Support RPC on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
 
-[Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
+- [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
 
-[Enable Predefined Inbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-inbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
 
-[Enable Predefined Outbound Rules on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2](enable-predefined-outbound-rules-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
 
-[Exempt ICMP from Authentication on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2](exempt-icmp-from-authentication-on-windows-8-windows-7-windows-vista-windows-server-2012-windows-server-2008-and-windows-server-2008-r2.md)
+- [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
 
-[Install Active Directory Certificate Services](install-active-directory-certificate-services.md)
+- [Install Active Directory Certificate Services](install-active-directory-certificate-services.md)
 
-[Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
+- [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
 
-[Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
+- [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
 
-[Open the Group Policy Management Console to IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
+- [Open the Group Policy Management Console to IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
 
-[Open the Group Policy Management Console to Windows Firewall](open-the-group-policy-management-console-to-windows-firewall.md)
+- [Open the Group Policy Management Console to Windows Firewall](open-the-group-policy-management-console-to-windows-firewall.md)
 
-[Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
-
-[Open Windows Firewall with Advanced Security](open-windows-firewall-with-advanced-security.md)
-
-[Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)
-
-[Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md)
-
-[Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)
-
-[Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
-
- 
-
- 
+- [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
 
+- [Open Windows Firewall with Advanced Security](open-windows-firewall-with-advanced-security.md)
 
+- [Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)
 
+- [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md)
 
+- [Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)
 
+- [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
diff --git a/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md b/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
index 17df17ac12..85d7267abb 100644
--- a/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
+++ b/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
@@ -2,30 +2,30 @@
 title: Restrict Server Access to Members of a Group Only (Windows 10)
 description: Restrict Server Access to Members of a Group Only
 ms.assetid: ea51c55b-e1ed-44b4-82e3-3c4287a8628b
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Restrict Server Access to Members of a Group Only
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-After you have configured the IPsec connection security rules that force client computers to authenticate their connections to the isolated server, you must configure the rules that restrict access to only those computers or users who have been identified through the authentication process as members of the isolated server’s access group.
-
-The way in which you restrict access to the isolated server depends on which version of the Windows operating system the server is running.
-
--   If the server is running Windows Server 2008, Windows Server 2008 R2 or Windows Server 2012, then you create a firewall rule that specifies the user and computer accounts that are allowed. The authentication method used in the connection must support the account type specified. Remember that only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2 support user-based authentication.
+After you have configured the IPsec connection security rules that force client devices to authenticate their connections to the isolated server, you must configure the rules that restrict access to only those devices or users who have been identified through the authentication process as members of the isolated server’s access group.
 
 In this topic:
 
--   [Create a firewall rule to access isolated servers running Windows Server 2008 or later](#bkmk-section1)
+-   [Create a firewall rule to access isolated servers running Windows Server 2008 or later](#to-create-a-firewall-rule-that-grants-access-to-an-isolated-server)
 
 **Administrative credentials**
 
 To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
 
-## <a href="" id="bkmk-section1"></a>
-
-
-**To create a firewall rule that grants access to an isolated server running Windows Server 2008 or later**
+## To create a firewall rule that grants access to an isolated server
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md). You must edit the GPO that applies settings to servers in the isolated server zone.
 
@@ -41,18 +41,4 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 7.  On the **Action** page, click **Allow the connection if it is secure**. If required by your design, you can also click **Customize** and select **Require the connections to be encrypted**. Click **Next**.
 
-8.  On the **Users and Computers** page, select the check box for the type of accounts (computer or user) you want to allow, click **Add**, and then enter the group account that contains the computer and user accounts permitted to access the server.
-
-    **Caution**  
-    Remember that if you specify a user group on the Users page, your authentication scheme must include a method that uses user-based credentials. User-based credentials are only supported on versions of Windows that support AuthIP, such as Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2. Earlier versions of Windows and other operating systems that support IKE v1 only do not support user-based authentication; computers running those versions or other operating systems will not be able to connect to the isolated server through this firewall rule.
-
-     
-
- 
-
- 
-
-
-
-
-
+8.  On the **Users and Computers** page, select the check box for the type of accounts (computer or user) you want to allow, click **Add**, and then enter the group account that contains the device and user accounts permitted to access the server.
diff --git a/windows/keep-secure/start-a-command-prompt-as-an-administrator.md b/windows/keep-secure/start-a-command-prompt-as-an-administrator.md
deleted file mode 100644
index 55bd05b936..0000000000
--- a/windows/keep-secure/start-a-command-prompt-as-an-administrator.md
+++ /dev/null
@@ -1,34 +0,0 @@
----
-title: Start a Command Prompt as an Administrator (Windows 10)
-description: Start a Command Prompt as an Administrator
-ms.assetid: 82615224-39df-458f-b165-48af77721527
-author: brianlic-msft
----
-
-# Start a Command Prompt as an Administrator
-
-
-This topic describes how to open a command prompt with full administrator permissions. If your user account is a member of the Administrators group, but is not the Administrator account itself, then, by default, the programs that you run only have standard user permissions. You must explicitly specify that you require the use of your administrative permissions by using one of the procedures in this topic.
-
-**Administrative credentials**
-
-To complete these procedures, you must be a member of the Administrators group.
-
-**To start a command prompt as an administrator**
-
--   Right-click the **Start** charm, and then click **Command Prompt (Admin)**.
-
-**To start a command prompt as an administrator (alternative method)**
-
-1.  Click the **Start** charm.
-
-2.  Type **cmd**, right-click the **Command Prompt** tile, and then click **Run as administrator**.
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
index f796faa837..758bffcd66 100644
--- a/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
+++ b/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -2,22 +2,26 @@
 title: Turn on Windows Firewall and Configure Default Behavior (Windows 10)
 description: Turn on Windows Firewall and Configure Default Behavior
 ms.assetid: 3c3fe832-ea81-4227-98d7-857a3129db74
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Turn on Windows Firewall and Configure Default Behavior
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-To enable Windows Firewall and configure its default behavior, use the Windows Firewall with Advanced Security node (for Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2) in the Group Policy Management MMC snap-in.
+To enable Windows Firewall and configure its default behavior, use the Windows Firewall with Advanced Security node in the Group Policy Management console.
 
 **Administrative credentials**
 
 To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
 
-## <a href="" id="bkmk-1"></a>
-
-
-**To enable Windows Firewall and configure the default behavior on Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2**
+## To enable Windows Firewall and configure the default behavior
 
 1.  [Open the Group Policy Management Console to Windows Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
 
@@ -25,10 +29,7 @@ To complete these procedures, you must be a member of the Domain Administrators
 
 3.  For each network location type (Domain, Private, Public), perform the following steps.
 
-    **Note**  
-    The steps shown here indicate the recommended values for a typical deployment. Use the settings that are appropriate for your firewall design.
-
-     
+    >**Note:**  The steps shown here indicate the recommended values for a typical deployment. Use the settings that are appropriate for your firewall design.
 
     1.  Click the tab that corresponds to the network location type.
 
diff --git a/windows/keep-secure/verify-that-network-traffic-is-authenticated.md b/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
index 40056df757..44e4ba7803 100644
--- a/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
+++ b/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
@@ -2,24 +2,30 @@
 title: Verify That Network Traffic Is Authenticated (Windows 10)
 description: Verify That Network Traffic Is Authenticated
 ms.assetid: cc1fb973-aedf-4074-ad4a-7376b24f03d2
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
 
 # Verify That Network Traffic Is Authenticated
 
+**Applies to**
+-   Windows 10
+-   Windows Server 2016 Technical Preview
 
-After you have configured your domain isolation rule to request, rather than require, authentication, you must confirm that the network traffic sent by the computers on the network is being protected by IPsec authentication as expected. If you switch your rules to require authentication before all of the computers have received and applied the correct GPOs, or if there are any errors in your rules, then communications on the network can fail. By first setting the rules to request authentication, any network connections that fail authentication can continue in clear text while you diagnose and troubleshoot.
+After you have configured your domain isolation rule to request, rather than require, authentication, you must confirm that the network traffic sent by the devices on the network is being protected by IPsec authentication as expected. If you switch your rules to require authentication before all of the devices have received and applied the correct GPOs, or if there are any errors in your rules, then communications on the network can fail. By first setting the rules to request authentication, any network connections that fail authentication can continue in clear text while you diagnose and troubleshoot.
 
 In these procedures, you confirm that the rules you deployed are working correctly. Your next steps depend on which zone you are working on:
 
--   **Main domain isolation zone.** Before you convert your main domain isolation IPsec rule from request mode to require mode, you must make sure that the network traffic is protected according to your design. By configuring your rules to request and not require authentication at the beginning of operations, computers on the network can continue to communicate even when the main mode authentication or quick mode integrity and encryption rules are not working correctly. For example, if your encryption zone contains rules that require a certain encryption algorithm, but that algorithm is not included in a security method combination on the clients, then those clients cannot successfully negotiate a quick mode security association, and the server refuses to accept network traffic from the client. By first using request mode only, you have the opportunity to deploy your rules and then examine the network traffic to see if they are working as expected without risking a loss of communications.
+-   **Main domain isolation zone.** Before you convert your main domain isolation IPsec rule from request mode to require mode, you must make sure that the network traffic is protected according to your design. By configuring your rules to request and not require authentication at the beginning of operations, devices on the network can continue to communicate even when the main mode authentication or quick mode integrity and encryption rules are not working correctly. For example, if your encryption zone contains rules that require a certain encryption algorithm, but that algorithm is not included in a security method combination on the clients, then those clients cannot successfully negotiate a quick mode security association, and the server refuses to accept network traffic from the client. By first using request mode only, you have the opportunity to deploy your rules and then examine the network traffic to see if they are working as expected without risking a loss of communications.
 
 -   **Boundary zone.** Confirming correct operation of IPsec is the last step if you are working on the boundary zone GPO. You do not convert the GPO to require mode at any time.
 
 -   **Encryption zone.** Similar to the main isolation zone, after you confirm that the network traffic to zone members is properly authenticated and encrypted, you must convert your zone rules from request mode to require mode.
 
-**Note**  
-In addition to the steps shown in this procedure, you can also use network traffic capture tools such as Microsoft Network Monitor, which can be downloaded from <http://go.microsoft.com/fwlink/?linkid=94770>. Network Monitor and similar tools allow you to capture, parse, and display the network packets received by the network adapter on your computer. Current versions of these tools include full support for IPsec. They can identify encrypted network packets, but they cannot decrypt them.
+>**Note:**  In addition to the steps shown in this procedure, you can also use network traffic capture tools such as Microsoft Network Monitor, which can be downloaded from <http://go.microsoft.com/fwlink/?linkid=94770>. Network Monitor and similar tools allow you to capture, parse, and display the network packets received by the network adapter on your device. Current versions of these tools include full support for IPsec. They can identify encrypted network packets, but they cannot decrypt them.
 
  
 
@@ -27,18 +33,13 @@ In addition to the steps shown in this procedure, you can also use network traff
 
 To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
 
-## <a href="" id="bkmk-proceduresforcomputersthatarerunningwindowsvistaorwindowsserver2008"></a>For computers running Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, or Windows Server 2008 R2
+## To verify that network connections are authenticated by using the Windows Firewall with Advanced Security console
 
-
-**To verify that network connections are authenticated by using the Windows Firewall with Advanced Security MMC snap-in**
-
-1.  Click the **Start** charm, type **wf.msc**, and then press ENTER.
-
-    Windows Firewall with Advanced Security opens.
+1.  Open the Windows Firewall with Advanced Security console.
 
 2.  In the navigation pane, expand **Monitoring**, and then click **Connection Security Rules**.
 
-    The details pane displays the rules currently in effect on the computer.
+    The details pane displays the rules currently in effect on the device.
 
 3.  **To display the Rule Source column**
 
@@ -50,28 +51,15 @@ To complete these procedures, you must be a member of the Domain Administrators
 
         It can take a few moments for the list to be refreshed with the newly added column.
 
-4.  Examine the list for the rules from GPOs that you expect to be applied to this computer.
-
-    **Note**  
-    If the rules do not appear in the list, then troubleshoot the GPO security group and the WMI filters that are applied to the GPO. Make sure that the local computer is a member of the appropriate groups and meets the requirements of the WMI filters.
-
-     
+4.  Examine the list for the rules from GPOs that you expect to be applied to this device.
 
+    >**Note:**  If the rules do not appear in the list, then troubleshoot the GPO security group and the WMI filters that are applied to the GPO. Make sure that the local device is a member of the appropriate groups and meets the requirements of the WMI filters.
 5.  In the navigation pane, expand **Security Associations**, and then click **Main Mode**.
 
-    The current list of main mode associations that have been negotiated with other computers appears in the details column.
+    The current list of main mode associations that have been negotiated with other devices appears in the details column.
 
-6.  Examine the list of main mode security associations for sessions between the local computer and the remote computer. Make sure that the **1st Authentication Method** and **2nd Authentication Method** columns contain expected values. If your rules specify only a first authentication method, then the **2nd Authentication Method** column displays **No authentication**. If you double-click the row, then the **Properties** dialog box appears with additional details about the security association.
+6.  Examine the list of main mode security associations for sessions between the local device and the remote device. Make sure that the **1st Authentication Method** and **2nd Authentication Method** columns contain expected values. If your rules specify only a first authentication method, then the **2nd Authentication Method** column displays **No authentication**. If you double-click the row, then the **Properties** dialog box appears with additional details about the security association.
 
 7.  In the navigation pane, click **Quick mode**.
 
-8.  Examine the list of quick mode security associations for sessions between the local computer and the remote computer. Make sure that the **AH Integrity**, **ESP integrity**, and **ESP Confidentiality** columns contain expected values.
-
- 
-
- 
-
-
-
-
-
+8.  Examine the list of quick mode security associations for sessions between the local device and the remote device. Make sure that the **AH Integrity**, **ESP integrity**, and **ESP Confidentiality** columns contain expected values.

From 50cb9eaf584d06acac36a09c1fbdd558c97fdb30 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 2 Jun 2016 15:05:16 -0700
Subject: [PATCH 75/92] fixing broken links

---
 windows/keep-secure/TOC.md                         |  4 ++--
 windows/keep-secure/boundary-zone-gpos.md          |  2 +-
 ...list-configuring-rules-for-the-boundary-zone.md |  2 +-
 ...st-configuring-rules-for-the-encryption-zone.md |  2 +-
 ...st-configuring-rules-for-the-isolated-domain.md |  4 ++--
 ...clients-of-a-standalone-isolated-server-zone.md |  4 ++--
 ...-a-certificate-based-isolation-policy-design.md |  4 ++--
 ...mplementing-a-domain-isolation-policy-design.md |  2 +-
 ...-a-standalone-server-isolation-policy-design.md |  6 +++---
 .../keep-secure/procedures-used-in-this-guide.md   | 14 +++++---------
 ...rotect-devices-from-unwanted-network-traffic.md |  2 +-
 ...n-when-accessing-sensitive-network-resources.md |  2 +-
 12 files changed, 22 insertions(+), 26 deletions(-)

diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index ac7b4a1617..5f9b509e1c 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -501,8 +501,8 @@
 ###### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
 ##### [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md)
 ##### [Procedures Used in This Guide](procedures-used-in-this-guide.md)
-###### [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)
-###### [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)
+###### [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)
+###### [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)
 ###### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
 ###### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
 ###### [Configure Authentication Methods](configure-authentication-methods.md)
diff --git a/windows/keep-secure/boundary-zone-gpos.md b/windows/keep-secure/boundary-zone-gpos.md
index a9a8a4d8a0..66865b93a6 100644
--- a/windows/keep-secure/boundary-zone-gpos.md
+++ b/windows/keep-secure/boundary-zone-gpos.md
@@ -25,4 +25,4 @@ The boundary zone GPOs discussed in this guide are only for server versions of W
 
 In the Woodgrove Bank example, only the GPO settings for a Web service on at least Windows Server 2008 are discussed.
 
--   [GPO\_DOMISO\_Boundary\_WS2008](gpo-domiso-boundary-ws2008.md)
+-   [GPO\_DOMISO\_Boundary\_WS2008](gpo-domiso-boundary.md)
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
index 899be3e221..898aff61c0 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
@@ -28,5 +28,5 @@ This checklist assumes that you have already created the GPO for the isolated do
 | Make a copy of the domain isolation GPO for this version of Windows to serve as a starting point for the GPO for the boundary zone. Unlike the GPO for the main isolated domain zone, this copy is not changed after deployment to require authentication.| [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md) |
 | If you are working on a copy of a GPO, modify the group memberships and WMI filters so that they are correct for the boundary zone and version of Windows for which this GPO is intended.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
 | Link the GPO to the domain level of the Active Directory organizational unit hierarchy.| [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
-| Add your test computers to the membership group for the boundary zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)| 
+| Add your test computers to the membership group for the boundary zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| 
 | Verify that the connection security configuration is protecting network traffic with authentication when it can, and that unauthenticated traffic is accepted. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
index f0d1aab7e7..8bf35ebe8e 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
@@ -29,5 +29,5 @@ This checklist assumes that you have already created the GPO for the isolated do
 | Modify the group memberships and WMI filters so that they are correct for the encryption zone and the version of Windows for which this GPO is intended. | [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
 | Add the encryption requirements for the zone. | [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)| 
 | Link the GPO to the domain level of the Active Directory organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
-| Add your test computers to the membership group for the encryption zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)| 
+| Add your test computers to the membership group for the encryption zone. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| 
 | Verify that the connection security rules are protecting network traffic.| [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
index bec1da29f6..41375ddbad 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
@@ -26,11 +26,11 @@ The following checklists include tasks for configuring connection security rules
 | Configure IPsec to exempt all ICMP network traffic from IPsec protection. | [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)| 
 | Create a rule that exempts all network traffic to and from computers on the exemption list from IPsec. | [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)| 
 | Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)| 
-| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings)| 
+| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)| 
 | Configure the authentication methods to be used. | [Configure Authentication Methods](configure-authentication-methods.md)| 
 | Create the rule that requests authentication for all inbound network traffic. | [Create an Authentication Request Rule](create-an-authentication-request-rule.md)| 
 | Link the GPO to the domain level of the AD DS organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
-| Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Computers to the Membership Group for a Zone](add-test-computers-to-the-membership-group-for-a-zone.md)| 
+| Add your test computers to the membership group for the isolated domain. Be sure to add at least one for each operating system supported by a different GPO in the group.| [Add Test Devices to the Membership Group for a Zone](add-test-devices-to-the-membership-group-for-a-zone.md)| 
 | Verify that the connection security rules are protecting network traffic to and from the test computers. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
  
 
diff --git a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index c7701cd4f8..bd5a21cdb8 100644
--- a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -25,8 +25,8 @@ This checklist includes tasks for configuring connection security rules and IPse
 | To determine which devices receive the GPO, assign the NAG for the isolated servers to the security group filter for the GPO. Make sure that each GPO has the WMI filter for the correct version of Windows.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md) |
 | Configure IPsec to exempt all ICMP network traffic from IPsec protection. | [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)| 
 | Create a rule that exempts all network traffic to and from devices on the exemption list from IPsec. | [Create an Authentication Exemption List Rule](create-an-authentication-exemption-list-rule.md)| 
-| Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange--main-mode--settings.md)| 
-| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection--quick-mode--settings.md)| 
+| Configure the key exchange (main mode) security methods and algorithms to be used. | [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)| 
+| Configure the data protection (quick mode) algorithm combinations to be used. | [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)| 
 | Configure the authentication methods to be used. | [Configure Authentication Methods](configure-authentication-methods.md)| 
 | Create a rule that requests authentication for network traffic. Because fallback-to-clear behavior in Windows Vista and Windows Server 2008 has no delay when communicating with devices that cannot use IPsec, you can use the same any-to-any rule used in an isolated domain.| [Create an Authentication Request Rule](create-an-authentication-request-rule.md)| 
 | Link the GPO to the domain level of the Active Directory organizational unit hierarchy. | [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)| 
diff --git a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 23e5c64172..1cab0a3744 100644
--- a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -24,7 +24,7 @@ This parent checklist includes cross-reference links to important concepts about
 | Task | Reference |
 | - | - |
 | Review important concepts and examples for certificate-based authentication to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md)<br/>[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md)<br/>[Planning Certificate-based Authentication](planning-certificate-based-authentication.md) |
-| Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.| [Install Active Directory Certificate Services](install-active-directory-certificate-services.md) |
-| Configure the certificate template for workstation authentication certificates.| [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)| 
+| Install the Active Directory Certificate Services (AD CS) role as an enterprise root issuing certification authority (CA). This step is required only if you have not already deployed a CA on your network.| |
+| Configure the certificate template for workstation authentication certificates.| [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)| 
 | Configure Group Policy to automatically deploy certificates based on your template to workstation devices. | [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)| 
 | On a test device, refresh Group Policy and confirm that the certificate is installed. | [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)| 
diff --git a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
index f89ac11201..a57af52e9a 100644
--- a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
@@ -30,5 +30,5 @@ The procedures in this section use the Group Policy MMC snap-ins to configure th
 | Create the GPOs and connection security rules for the boundary zone.| [Checklist: Configuring Rules for the Boundary Zone](checklist-configuring-rules-for-the-boundary-zone.md)| 
 | Create the GPOs and connection security rules for the encryption zone.| [Checklist: Configuring Rules for the Encryption Zone](checklist-configuring-rules-for-the-encryption-zone.md)| 
 | Create the GPOs and connection security rules for the isolated server zone.| [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md)| 
-| According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy rules and settings to your computers.| [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md)| 
+| According to the testing and roll-out schedule in your design plan, add computer accounts to the membership group to deploy rules and settings to your computers.| [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md)| 
 | After you confirm that network traffic is authenticated by IPsec, you can change authentication rules for the isolated domain and encryption zone from request to require mode.| [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)| 
diff --git a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
index ba750e4d59..e4ed2e3d00 100644
--- a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -27,7 +27,7 @@ This parent checklist includes cross-reference links to important concepts about
 | - | - |
 | Review important concepts and examples for the server isolation policy design to determine if this design meets your deployment goals and the needs of your organization.| [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Server Isolation Policy Design](server-isolation-policy-design.md)<br/>[Server Isolation Policy Design Example](server-isolation-policy-design-example.md)<br/>[Planning Server Isolation Zones](planning-server-isolation-zones.md) |
 | Create the GPOs and connection security rules for isolated servers.| [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)| 
-| Create the GPOs and connection security rules for the client computers that must connect to the isolated servers. | [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)| 
-| Verify that the connection security rules are protecting network traffic on your test computers. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
+| Create the GPOs and connection security rules for the client devices that must connect to the isolated servers. | [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)| 
+| Verify that the connection security rules are protecting network traffic on your test devices. | [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)| 
 | After you confirm that network traffic is authenticated by IPsec as expected, you can change authentication rules for the isolated server zone to require authentication instead of requesting it. | [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)| 
-| According to the testing and roll-out schedule in your design plan, add computer accounts for the client computers to the membership group so that you can deploy the settings. | [Add Production Computers to the Membership Group for a Zone](add-production-computers-to-the-membership-group-for-a-zone.md) |
+| According to the testing and roll-out schedule in your design plan, add device accounts for the client devices to the membership group so that you can deploy the settings. | [Add Production Devices to the Membership Group for a Zone](add-production-devices-to-the-membership-group-for-a-zone.md) |
diff --git a/windows/keep-secure/procedures-used-in-this-guide.md b/windows/keep-secure/procedures-used-in-this-guide.md
index 5cf2b0eea3..d19699b94b 100644
--- a/windows/keep-secure/procedures-used-in-this-guide.md
+++ b/windows/keep-secure/procedures-used-in-this-guide.md
@@ -27,17 +27,17 @@ The procedures in this section appear in the checklists found earlier in this do
 
 - [Configure Authentication Methods](configure-authentication-methods.md)
 
-- [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings)
+- [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)
 
 - [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
 
-- [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings)
+- [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)
 
-- [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption)
+- [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
 
 - [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
 
-- [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-templatewfas-dep.md)
+- [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)
 
 - [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
 
@@ -63,7 +63,7 @@ The procedures in this section appear in the checklists found earlier in this do
 
 - [Create an Outbound Program or Service Rule](create-an-outbound-program-or-service-rule.md)
 
-- [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc-on-windows-8-windows-7--windows-vista-windows-server-2012-windows-server-2008-or-windows-server-2008-r2.md)
+- [Create Inbound Rules to Support RPC](create-inbound-rules-to-support-rpc.md)
 
 - [Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md)
 
@@ -73,8 +73,6 @@ The procedures in this section appear in the checklists found earlier in this do
 
 - [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
 
-- [Install Active Directory Certificate Services](install-active-directory-certificate-services.md)
-
 - [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
 
 - [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
@@ -89,8 +87,6 @@ The procedures in this section appear in the checklists found earlier in this do
 
 - [Restrict Server Access to Members of a Group Only](restrict-server-access-to-members-of-a-group-only.md)
 
-- [Start a Command Prompt as an Administrator](start-a-command-prompt-as-an-administrator.md)
-
 - [Turn on Windows Firewall and Configure Default Behavior](turn-on-windows-firewall-and-configure-default-behavior.md)
 
 - [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
diff --git a/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md b/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
index 5191757d81..a24379dacf 100644
--- a/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
@@ -35,7 +35,7 @@ A host-based firewall helps secure a device by dropping all network traffic that
 
 The following component is recommended for this deployment goal:
 
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more Group Policy objects (GPOs) that can be automatically applied to all relevant computers in the domain. For more information about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more Group Policy objects (GPOs) that can be automatically applied to all relevant computers in the domain.
 
 Other means of deploying a firewall policy are available, such as creating scripts that use the netsh command-line tool, and then running those scripts on each computer in the organization. This guide uses Active Directory as a recommended means of deployment because of its ability to scale to very large organizations.
 
diff --git a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
index 0a0d740794..890eaf1d99 100644
--- a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
@@ -35,6 +35,6 @@ This goal provides the following benefits:
 
 The following components are required for this deployment goal:
 
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. For more info about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain.
 
 **Next: **[Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md)

From 3ae47e92b4e4297e8aa7bf63ffdcc8d6b3832e30 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 2 Jun 2016 15:16:02 -0700
Subject: [PATCH 76/92] enabled back navigation on menu

---
 windows/deploy/TOC.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index cc0388e935..6abf80bb3f 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -1,3 +1,5 @@
+# [What's new in Windows 10](../whats-new/index.md)
+# [Plan for Windows 10 deployment](../plan/index.md)
 # [Deploy Windows 10](index.md)
 ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 ## [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
@@ -135,3 +137,5 @@
 ###### [XML Elements Library](usmt-xml-elements-library.md)
 ##### [Offline Migration Reference](offline-migration-reference.md)
 ## [Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md)
+# [Keep Windows 10 secure](.../keep-secure/index.md)
+# [Manage and update Windows 10](.../manage/index.md)
\ No newline at end of file

From c76939967b6786123718a6c6f3cc9fffcc1e0675 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 2 Jun 2016 15:22:30 -0700
Subject: [PATCH 77/92] fixing broken links

---
 windows/keep-secure/TOC.md                                 | 7 +++----
 .../restrict-access-to-only-specified-users-or-devices.md  | 2 +-
 .../keep-secure/restrict-access-to-only-trusted-devices.md | 2 +-
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index 5f9b509e1c..2ca5758f52 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -506,12 +506,12 @@
 ###### [Assign Security Group Filters to the GPO](assign-security-group-filters-to-the-gpo.md)
 ###### [Change Rules from Request to Require Mode](change-rules-from-request-to-require-mode.md)
 ###### [Configure Authentication Methods](configure-authentication-methods.md)
-###### [Configure Data Protection (Quick Mode) Settings](configure-data-protection--quick-mode--settings.md)
+###### [Configure Data Protection (Quick Mode) Settings](configure-data-protection-quick-mode-settings.md)
 ###### [Configure Group Policy to Autoenroll and Deploy Certificates](configure-group-policy-to-autoenroll-and-deploy-certificates.md)
-###### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange--main-mode--settings.md)
+###### [Configure Key Exchange (Main Mode) Settings](configure-key-exchange-main-mode-settings.md)
 ###### [Configure the Rules to Require Encryption](configure-the-rules-to-require-encryption.md)
 ###### [Configure the Windows Firewall Log](configure-the-windows-firewall-log.md)
-###### [Configure the Workstation Authentication Certificate Template[wfas_dep]](configure-the-workstation-authentication-certificate-templatewfas-dep.md)
+###### [Configure the Workstation Authentication Certificate Template](configure-the-workstation-authentication-certificate-template.md)
 ###### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
 ###### [Confirm That Certificates Are Deployed Correctly](confirm-that-certificates-are-deployed-correctly.md)
 ###### [Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)
@@ -529,7 +529,6 @@
 ###### [Enable Predefined Inbound Rules](enable-predefined-inbound-rules.md)
 ###### [Enable Predefined Outbound Rules](enable-predefined-outbound-rules.md)
 ###### [Exempt ICMP from Authentication](exempt-icmp-from-authentication.md)
-###### [Install Active Directory Certificate Services](install-active-directory-certificate-services.md)
 ###### [Link the GPO to the Domain](link-the-gpo-to-the-domain.md)
 ###### [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
 ###### [Open the Group Policy Management Console to IP Security Policies](open-the-group-policy-management-console-to-ip-security-policies.md)
diff --git a/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md b/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md
index 0197fbcba0..049625343b 100644
--- a/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md
+++ b/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md
@@ -39,6 +39,6 @@ This goal, which corresponds to [Server Isolation Policy Design](server-isolatio
 
 The following components are required for this deployment goal:
 
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. For more info about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain.
 
 **Next: **[Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
diff --git a/windows/keep-secure/restrict-access-to-only-trusted-devices.md b/windows/keep-secure/restrict-access-to-only-trusted-devices.md
index be3854af23..d2b47a2dbe 100644
--- a/windows/keep-secure/restrict-access-to-only-trusted-devices.md
+++ b/windows/keep-secure/restrict-access-to-only-trusted-devices.md
@@ -49,6 +49,6 @@ These goals also support optional zones that can be created to add customized pr
 
 The following components are required for this deployment goal:
 
--   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. For more info about Active Directory, see [Additional Resources](additional-resources-wfasdesign.md).
+-   **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain.
 
 **Next: **[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md)

From 782f0f8f16e3392e351e156cd1ee3145017ce60c Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 2 Jun 2016 15:39:11 -0700
Subject: [PATCH 78/92] fixing merge conflicts

---
 windows/keep-secure/audit-account-lockout.md                  | 4 ----
 windows/keep-secure/audit-application-generated.md            | 4 ----
 windows/keep-secure/audit-application-group-management.md     | 4 ----
 windows/keep-secure/audit-audit-policy-change.md              | 4 ----
 windows/keep-secure/audit-authentication-policy-change.md     | 4 ----
 windows/keep-secure/audit-authorization-policy-change.md      | 4 ----
 windows/keep-secure/audit-central-access-policy-staging.md    | 4 ----
 windows/keep-secure/audit-certification-services.md           | 4 ----
 windows/keep-secure/audit-computer-account-management.md      | 4 ----
 windows/keep-secure/audit-credential-validation.md            | 4 ----
 windows/keep-secure/audit-detailed-file-share.md              | 4 ----
 windows/keep-secure/audit-directory-service-access.md         | 4 ----
 windows/keep-secure/audit-directory-service-changes.md        | 4 ----
 windows/keep-secure/audit-directory-service-replication.md    | 4 ----
 windows/keep-secure/audit-distribution-group-management.md    | 4 ----
 windows/keep-secure/audit-dpapi-activity.md                   | 4 ----
 windows/keep-secure/audit-file-share.md                       | 4 ----
 windows/keep-secure/audit-file-system.md                      | 4 ----
 windows/keep-secure/audit-filtering-platform-connection.md    | 4 ----
 windows/keep-secure/audit-filtering-platform-packet-drop.md   | 4 ----
 windows/keep-secure/audit-filtering-platform-policy-change.md | 4 ----
 windows/keep-secure/audit-group-membership.md                 | 4 ----
 windows/keep-secure/audit-handle-manipulation.md              | 4 ----
 windows/keep-secure/audit-ipsec-driver.md                     | 4 ----
 windows/keep-secure/audit-ipsec-extended-mode.md              | 4 ----
 windows/keep-secure/audit-ipsec-main-mode.md                  | 4 ----
 windows/keep-secure/audit-ipsec-quick-mode.md                 | 4 ----
 windows/keep-secure/audit-kerberos-authentication-service.md  | 4 ----
 .../keep-secure/audit-kerberos-service-ticket-operations.md   | 4 ----
 windows/keep-secure/audit-kernel-object.md                    | 4 ----
 windows/keep-secure/audit-logoff.md                           | 4 ----
 windows/keep-secure/audit-logon.md                            | 4 ----
 windows/keep-secure/audit-mpssvc-rule-level-policy-change.md  | 4 ----
 windows/keep-secure/audit-network-policy-server.md            | 4 ----
 windows/keep-secure/audit-non-sensitive-privilege-use.md      | 4 ----
 windows/keep-secure/audit-other-account-logon-events.md       | 4 ----
 windows/keep-secure/audit-other-account-management-events.md  | 4 ----
 windows/keep-secure/audit-other-logonlogoff-events.md         | 4 ----
 38 files changed, 152 deletions(-)

diff --git a/windows/keep-secure/audit-account-lockout.md b/windows/keep-secure/audit-account-lockout.md
index 4085b5a63b..edda775a9d 100644
--- a/windows/keep-secure/audit-account-lockout.md
+++ b/windows/keep-secure/audit-account-lockout.md
@@ -2,12 +2,8 @@
 title: Audit Account Lockout (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Account Lockout, which enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out.
 ms.assetid: da68624b-a174-482c-9bc5-ddddab38e589
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-application-generated.md b/windows/keep-secure/audit-application-generated.md
index 5ba97a5c15..a031b2592f 100644
--- a/windows/keep-secure/audit-application-generated.md
+++ b/windows/keep-secure/audit-application-generated.md
@@ -2,12 +2,8 @@
 title: Audit Application Generated (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).
 ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-application-group-management.md b/windows/keep-secure/audit-application-group-management.md
index 0deb3d5319..c4ee29610f 100644
--- a/windows/keep-secure/audit-application-group-management.md
+++ b/windows/keep-secure/audit-application-group-management.md
@@ -2,12 +2,8 @@
 title: Audit Application Group Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Application Group Management, which determines whether the operating system generates audit events when application group management tasks are performed.
 ms.assetid: 1bcaa41e-5027-4a86-96b7-f04eaf1c0606
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-audit-policy-change.md b/windows/keep-secure/audit-audit-policy-change.md
index c29f789d2c..dca7c1278d 100644
--- a/windows/keep-secure/audit-audit-policy-change.md
+++ b/windows/keep-secure/audit-audit-policy-change.md
@@ -2,12 +2,8 @@
 title: Audit Audit Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy.
 ms.assetid: 7153bf75-6978-4d7e-a821-59a699efb8a9
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-authentication-policy-change.md b/windows/keep-secure/audit-authentication-policy-change.md
index 2c23a6ded7..60d6e969e5 100644
--- a/windows/keep-secure/audit-authentication-policy-change.md
+++ b/windows/keep-secure/audit-authentication-policy-change.md
@@ -2,12 +2,8 @@
 title: Audit Authentication Policy Change (Windows 10)
 description: This topic for the IT professional describes this Advanced Security Audit policy setting, Audit Authentication Policy Change, which determines whether the operating system generates audit events when changes are made to authentication policy.
 ms.assetid: aa9cea7a-aadf-47b7-b704-ac253b8e79be
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-authorization-policy-change.md b/windows/keep-secure/audit-authorization-policy-change.md
index 6b5711357a..e12e71d60c 100644
--- a/windows/keep-secure/audit-authorization-policy-change.md
+++ b/windows/keep-secure/audit-authorization-policy-change.md
@@ -2,12 +2,8 @@
 title: Audit Authorization Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Authorization Policy Change, which determines whether the operating system generates audit events when specific changes are made to the authorization policy.
 ms.assetid: ca0587a2-a2b3-4300-aa5d-48b4553c3b36
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-central-access-policy-staging.md b/windows/keep-secure/audit-central-access-policy-staging.md
index 207c079556..dba31f0402 100644
--- a/windows/keep-secure/audit-central-access-policy-staging.md
+++ b/windows/keep-secure/audit-central-access-policy-staging.md
@@ -2,12 +2,8 @@
 title: Audit Central Access Policy Staging (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Central Access Policy Staging, which determines permissions on a Central Access Policy.
 ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-certification-services.md b/windows/keep-secure/audit-certification-services.md
index 33ee066f97..8faf626674 100644
--- a/windows/keep-secure/audit-certification-services.md
+++ b/windows/keep-secure/audit-certification-services.md
@@ -2,12 +2,8 @@
 title: Audit Certification Services (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Certification Services, which determines whether the operating system generates events when Active Directory Certificate Services (ADÂ CS) operations are performed.
 ms.assetid: cdefc34e-fb1f-4eff-b766-17713c5a1b03
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-computer-account-management.md b/windows/keep-secure/audit-computer-account-management.md
index c9daef323f..5f7450d6f6 100644
--- a/windows/keep-secure/audit-computer-account-management.md
+++ b/windows/keep-secure/audit-computer-account-management.md
@@ -2,12 +2,8 @@
 title: Audit Computer Account Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Computer Account Management, which determines whether the operating system generates audit events when a computer account is created, changed, or deleted.
 ms.assetid: 6c406693-57bf-4411-bb6c-ff83ce548991
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-credential-validation.md b/windows/keep-secure/audit-credential-validation.md
index ea6a2314ca..6b101b70a6 100644
--- a/windows/keep-secure/audit-credential-validation.md
+++ b/windows/keep-secure/audit-credential-validation.md
@@ -2,12 +2,8 @@
 title: Audit Credential Validation (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Credential Validation, which determines whether the operating system generates audit events on credentials that are submitted for a user account logon request.
 ms.assetid: 6654b33a-922e-4a43-8223-ec5086dfc926
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-detailed-file-share.md b/windows/keep-secure/audit-detailed-file-share.md
index bbdf44acb2..e3bcefa79b 100644
--- a/windows/keep-secure/audit-detailed-file-share.md
+++ b/windows/keep-secure/audit-detailed-file-share.md
@@ -2,12 +2,8 @@
 title: Audit Detailed File Share (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Detailed File Share, which allows you to audit attempts to access files and folders on a shared folder.
 ms.assetid: 60310104-b820-4033-a1cb-022a34f064ae
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-directory-service-access.md b/windows/keep-secure/audit-directory-service-access.md
index e61d72c1ed..90f32dc571 100644
--- a/windows/keep-secure/audit-directory-service-access.md
+++ b/windows/keep-secure/audit-directory-service-access.md
@@ -2,12 +2,8 @@
 title: Audit Directory Service Access (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Access, which determines whether the operating system generates audit events when an Active Directory Domain Services (ADÂ DS) object is accessed.
 ms.assetid: ba2562ba-4282-4588-b87c-a3fcb771c7d0
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-directory-service-changes.md b/windows/keep-secure/audit-directory-service-changes.md
index a0257170d5..681d62c3bd 100644
--- a/windows/keep-secure/audit-directory-service-changes.md
+++ b/windows/keep-secure/audit-directory-service-changes.md
@@ -2,12 +2,8 @@
 title: Audit Directory Service Changes (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Changes, which determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (ADÂ DS).
 ms.assetid: 9f7c0dd4-3977-47dd-a0fb-ec2f17cad05e
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-directory-service-replication.md b/windows/keep-secure/audit-directory-service-replication.md
index d84bf022c9..9852d81d51 100644
--- a/windows/keep-secure/audit-directory-service-replication.md
+++ b/windows/keep-secure/audit-directory-service-replication.md
@@ -2,12 +2,8 @@
 title: Audit Directory Service Replication (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Replication, which determines whether the operating system generates audit events when replication between two domain controllers begins and ends.
 ms.assetid: b95d296c-7993-4e8d-8064-a8bbe284bd56
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-distribution-group-management.md b/windows/keep-secure/audit-distribution-group-management.md
index 13404964d7..a8818d7fbe 100644
--- a/windows/keep-secure/audit-distribution-group-management.md
+++ b/windows/keep-secure/audit-distribution-group-management.md
@@ -2,12 +2,8 @@
 title: Audit Distribution Group Management (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Distribution Group Management, which determines whether the operating system generates audit events for specific distribution-group management tasks.
 ms.assetid: d46693a4-5887-4a58-85db-2f6cba224a66
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-dpapi-activity.md b/windows/keep-secure/audit-dpapi-activity.md
index 4c66459ce0..c7c323e5a3 100644
--- a/windows/keep-secure/audit-dpapi-activity.md
+++ b/windows/keep-secure/audit-dpapi-activity.md
@@ -2,12 +2,8 @@
 title: Audit DPAPI Activity (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit DPAPI Activity, which determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface (DPAPI).
 ms.assetid: be4d4c83-c857-4e3d-a84e-8bcc3f2c99cd
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-file-share.md b/windows/keep-secure/audit-file-share.md
index 6005f92a3e..2e3b971917 100644
--- a/windows/keep-secure/audit-file-share.md
+++ b/windows/keep-secure/audit-file-share.md
@@ -2,12 +2,8 @@
 title: Audit File Share (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File Share, which determines whether the operating system generates audit events when a file share is accessed.
 ms.assetid: 9ea985f8-8936-4b79-abdb-35cbb7138f78
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-file-system.md b/windows/keep-secure/audit-file-system.md
index 55cac2e347..c2067f4580 100644
--- a/windows/keep-secure/audit-file-system.md
+++ b/windows/keep-secure/audit-file-system.md
@@ -2,12 +2,8 @@
 title: Audit File System (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File System, which determines whether the operating system generates audit events when users attempt to access file system objects.
 ms.assetid: 6a71f283-b8e5-41ac-b348-0b7ec6ea0b1f
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-filtering-platform-connection.md b/windows/keep-secure/audit-filtering-platform-connection.md
index d284284a07..e07ed53034 100644
--- a/windows/keep-secure/audit-filtering-platform-connection.md
+++ b/windows/keep-secure/audit-filtering-platform-connection.md
@@ -2,12 +2,8 @@
 title: Audit Filtering Platform Connection (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Connection, which determines whether the operating system generates audit events when connections are allowed or blocked by the Windows Filtering Platform.
 ms.assetid: d72936e9-ff01-4d18-b864-a4958815df59
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-filtering-platform-packet-drop.md b/windows/keep-secure/audit-filtering-platform-packet-drop.md
index 033b1048e4..2f1d92d144 100644
--- a/windows/keep-secure/audit-filtering-platform-packet-drop.md
+++ b/windows/keep-secure/audit-filtering-platform-packet-drop.md
@@ -2,12 +2,8 @@
 title: Audit Filtering Platform Packet Drop (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Packet Drop, which determines whether the operating system generates audit events when packets are dropped by the Windows Filtering Platform.
 ms.assetid: 95457601-68d1-4385-af20-87916ddab906
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-filtering-platform-policy-change.md b/windows/keep-secure/audit-filtering-platform-policy-change.md
index 8035115b4a..c6b29136a8 100644
--- a/windows/keep-secure/audit-filtering-platform-policy-change.md
+++ b/windows/keep-secure/audit-filtering-platform-policy-change.md
@@ -2,12 +2,8 @@
 title: Audit Filtering Platform Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions.
 ms.assetid: 0eaf1c56-672b-4ea9-825a-22dc03eb4041
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-group-membership.md b/windows/keep-secure/audit-group-membership.md
index 9a770e3e95..2fbda5d3b5 100644
--- a/windows/keep-secure/audit-group-membership.md
+++ b/windows/keep-secure/audit-group-membership.md
@@ -2,12 +2,8 @@
 title: Audit Group Membership (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Group Membership, which enables you to audit group memberships when they are enumerated on the client PC.
 ms.assetid: 1CD7B014-FBD9-44B9-9274-CC5715DE58B9
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-handle-manipulation.md b/windows/keep-secure/audit-handle-manipulation.md
index 54bcdc2d64..5cff0de163 100644
--- a/windows/keep-secure/audit-handle-manipulation.md
+++ b/windows/keep-secure/audit-handle-manipulation.md
@@ -2,12 +2,8 @@
 title: Audit Handle Manipulation (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Handle Manipulation, which determines whether the operating system generates audit events when a handle to an object is opened or closed.
 ms.assetid: 1fbb004a-ccdc-4c80-b3da-a4aa7a9f4091
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-ipsec-driver.md b/windows/keep-secure/audit-ipsec-driver.md
index 8125b82896..8816a8e2ba 100644
--- a/windows/keep-secure/audit-ipsec-driver.md
+++ b/windows/keep-secure/audit-ipsec-driver.md
@@ -2,12 +2,8 @@
 title: Audit IPsec Driver (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit IPsec Driver, which determines whether the operating system generates audit events for the activities of the IPsec driver.
 ms.assetid: c8b8c02f-5ad0-4ee5-9123-ea8cdae356a5
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-ipsec-extended-mode.md b/windows/keep-secure/audit-ipsec-extended-mode.md
index cf9bd5a83c..7220d5ead8 100644
--- a/windows/keep-secure/audit-ipsec-extended-mode.md
+++ b/windows/keep-secure/audit-ipsec-extended-mode.md
@@ -2,12 +2,8 @@
 title: Audit IPsec Extended Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Extended Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
 ms.assetid: 2b4fee9e-482a-4181-88a8-6a79d8fc8049
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-ipsec-main-mode.md b/windows/keep-secure/audit-ipsec-main-mode.md
index 1af0eed70b..4d9716ac60 100644
--- a/windows/keep-secure/audit-ipsec-main-mode.md
+++ b/windows/keep-secure/audit-ipsec-main-mode.md
@@ -2,12 +2,8 @@
 title: Audit IPsec Main Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Main Mode, which determines whether the operating system generates events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
 ms.assetid: 06ed26ec-3620-4ef4-a47a-c70df9c8827b
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-ipsec-quick-mode.md b/windows/keep-secure/audit-ipsec-quick-mode.md
index 71f1afee93..a6ce77cdf4 100644
--- a/windows/keep-secure/audit-ipsec-quick-mode.md
+++ b/windows/keep-secure/audit-ipsec-quick-mode.md
@@ -2,12 +2,8 @@
 title: Audit IPsec Quick Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Quick Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
 ms.assetid: 7be67a15-c2ce-496a-9719-e25ac7699114
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-kerberos-authentication-service.md b/windows/keep-secure/audit-kerberos-authentication-service.md
index 7d2af0f81d..b0e5ccc886 100644
--- a/windows/keep-secure/audit-kerberos-authentication-service.md
+++ b/windows/keep-secure/audit-kerberos-authentication-service.md
@@ -2,12 +2,8 @@
 title: Audit Kerberos Authentication Service (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Authentication Service, which determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.
 ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-kerberos-service-ticket-operations.md b/windows/keep-secure/audit-kerberos-service-ticket-operations.md
index 5fbdfa66fe..0a45922c00 100644
--- a/windows/keep-secure/audit-kerberos-service-ticket-operations.md
+++ b/windows/keep-secure/audit-kerberos-service-ticket-operations.md
@@ -2,12 +2,8 @@
 title: Audit Kerberos Service Ticket Operations (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Service Ticket Operations, which determines whether the operating system generates security audit events for Kerberos service ticket requests.
 ms.assetid: ddc0abef-ac7f-4849-b90d-66700470ccd6
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-kernel-object.md b/windows/keep-secure/audit-kernel-object.md
index e8928abb49..80a0b5e30f 100644
--- a/windows/keep-secure/audit-kernel-object.md
+++ b/windows/keep-secure/audit-kernel-object.md
@@ -2,12 +2,8 @@
 title: Audit Kernel Object (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kernel Object, which determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores.
 ms.assetid: 75619d8b-b1eb-445b-afc9-0f9053be97fb
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-logoff.md b/windows/keep-secure/audit-logoff.md
index 81be31807c..66730b6282 100644
--- a/windows/keep-secure/audit-logoff.md
+++ b/windows/keep-secure/audit-logoff.md
@@ -2,12 +2,8 @@
 title: Audit Logoff (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logoff, which determines whether the operating system generates audit events when logon sessions are terminated.
 ms.assetid: 681e51f2-ba06-46f5-af8c-d9c48d515432
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-logon.md b/windows/keep-secure/audit-logon.md
index f7ff28f320..194c1f3d0b 100644
--- a/windows/keep-secure/audit-logon.md
+++ b/windows/keep-secure/audit-logon.md
@@ -2,12 +2,8 @@
 title: Audit Logon (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logon, which determines whether the operating system generates audit events when a user attempts to log on to a computer.
 ms.assetid: ca968d03-7d52-48c4-ba0e-2bcd2937231b
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md b/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
index 83a72a4045..e7eb1410f4 100644
--- a/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
@@ -2,12 +2,8 @@
 title: Audit MPSSVC Rule-Level Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit MPSSVC Rule-Level Policy Change, which determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe).
 ms.assetid: 263461b3-c61c-4ec3-9dee-851164845019
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-network-policy-server.md b/windows/keep-secure/audit-network-policy-server.md
index 859c030a3a..c053aab03a 100644
--- a/windows/keep-secure/audit-network-policy-server.md
+++ b/windows/keep-secure/audit-network-policy-server.md
@@ -2,12 +2,8 @@
 title: Audit Network Policy Server (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock).
 ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-non-sensitive-privilege-use.md b/windows/keep-secure/audit-non-sensitive-privilege-use.md
index b787a4a0a1..a6052e4d5d 100644
--- a/windows/keep-secure/audit-non-sensitive-privilege-use.md
+++ b/windows/keep-secure/audit-non-sensitive-privilege-use.md
@@ -2,12 +2,8 @@
 title: Audit Non Sensitive Privilege Use (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
 ms.assetid: 8fd74783-1059-443e-aa86-566d78606627
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-account-logon-events.md b/windows/keep-secure/audit-other-account-logon-events.md
index 68e947de07..ee92107d00 100644
--- a/windows/keep-secure/audit-other-account-logon-events.md
+++ b/windows/keep-secure/audit-other-account-logon-events.md
@@ -2,12 +2,8 @@
 title: Audit Other Account Logon Events (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Other Account Logon Events, which allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
 ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-account-management-events.md b/windows/keep-secure/audit-other-account-management-events.md
index fd359417f7..bce48fe3a4 100644
--- a/windows/keep-secure/audit-other-account-management-events.md
+++ b/windows/keep-secure/audit-other-account-management-events.md
@@ -2,12 +2,8 @@
 title: Audit Other Account Management Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Account Management Events, which determines whether the operating system generates user account management audit events.
 ms.assetid: 4ce22eeb-a96f-4cf9-a46d-6642961a31d5
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-logonlogoff-events.md b/windows/keep-secure/audit-other-logonlogoff-events.md
index b8119d7835..da62c1ddac 100644
--- a/windows/keep-secure/audit-other-logonlogoff-events.md
+++ b/windows/keep-secure/audit-other-logonlogoff-events.md
@@ -2,12 +2,8 @@
 title: Audit Other Logon/Logoff Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Logon/Logoff Events, which determines whether Windows generates audit events for other logon or logoff events.
 ms.assetid: 76d987cd-1917-4907-a739-dd642609a458
-<<<<<<< HEAD
-ms.prod: w10
-=======
 ms.pagetype: security
 ms.prod: W10
->>>>>>> secaudit
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh

From fa5ddfcf9d394c41415d2ed3e305b8068e8be0b8 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 2 Jun 2016 15:42:37 -0700
Subject: [PATCH 79/92] changing from ms.prod: W10 to ms.prod: w10

---
 windows/index.md                                                | 2 +-
 ...security-monitoring-recommendations-for-many-audit-events.md | 2 +-
 windows/keep-secure/audit-account-lockout.md                    | 2 +-
 windows/keep-secure/audit-application-generated.md              | 2 +-
 windows/keep-secure/audit-application-group-management.md       | 2 +-
 windows/keep-secure/audit-audit-policy-change.md                | 2 +-
 windows/keep-secure/audit-authentication-policy-change.md       | 2 +-
 windows/keep-secure/audit-authorization-policy-change.md        | 2 +-
 windows/keep-secure/audit-central-access-policy-staging.md      | 2 +-
 windows/keep-secure/audit-certification-services.md             | 2 +-
 windows/keep-secure/audit-computer-account-management.md        | 2 +-
 windows/keep-secure/audit-credential-validation.md              | 2 +-
 windows/keep-secure/audit-detailed-file-share.md                | 2 +-
 windows/keep-secure/audit-directory-service-access.md           | 2 +-
 windows/keep-secure/audit-directory-service-changes.md          | 2 +-
 windows/keep-secure/audit-directory-service-replication.md      | 2 +-
 windows/keep-secure/audit-distribution-group-management.md      | 2 +-
 windows/keep-secure/audit-dpapi-activity.md                     | 2 +-
 windows/keep-secure/audit-file-share.md                         | 2 +-
 windows/keep-secure/audit-file-system.md                        | 2 +-
 windows/keep-secure/audit-filtering-platform-connection.md      | 2 +-
 windows/keep-secure/audit-filtering-platform-packet-drop.md     | 2 +-
 windows/keep-secure/audit-filtering-platform-policy-change.md   | 2 +-
 windows/keep-secure/audit-group-membership.md                   | 2 +-
 windows/keep-secure/audit-handle-manipulation.md                | 2 +-
 windows/keep-secure/audit-ipsec-driver.md                       | 2 +-
 windows/keep-secure/audit-ipsec-extended-mode.md                | 2 +-
 windows/keep-secure/audit-ipsec-main-mode.md                    | 2 +-
 windows/keep-secure/audit-ipsec-quick-mode.md                   | 2 +-
 windows/keep-secure/audit-kerberos-authentication-service.md    | 2 +-
 windows/keep-secure/audit-kerberos-service-ticket-operations.md | 2 +-
 windows/keep-secure/audit-kernel-object.md                      | 2 +-
 windows/keep-secure/audit-logoff.md                             | 2 +-
 windows/keep-secure/audit-logon.md                              | 2 +-
 windows/keep-secure/audit-mpssvc-rule-level-policy-change.md    | 2 +-
 windows/keep-secure/audit-network-policy-server.md              | 2 +-
 windows/keep-secure/audit-non-sensitive-privilege-use.md        | 2 +-
 windows/keep-secure/audit-other-account-logon-events.md         | 2 +-
 windows/keep-secure/audit-other-account-management-events.md    | 2 +-
 windows/keep-secure/audit-other-logonlogoff-events.md           | 2 +-
 windows/keep-secure/audit-other-object-access-events.md         | 2 +-
 windows/keep-secure/audit-other-policy-change-events.md         | 2 +-
 windows/keep-secure/audit-other-privilege-use-events.md         | 2 +-
 windows/keep-secure/audit-other-system-events.md                | 2 +-
 windows/keep-secure/audit-pnp-activity.md                       | 2 +-
 windows/keep-secure/audit-process-creation.md                   | 2 +-
 windows/keep-secure/audit-process-termination.md                | 2 +-
 windows/keep-secure/audit-registry.md                           | 2 +-
 windows/keep-secure/audit-removable-storage.md                  | 2 +-
 windows/keep-secure/audit-rpc-events.md                         | 2 +-
 windows/keep-secure/audit-sam.md                                | 2 +-
 windows/keep-secure/audit-security-group-management.md          | 2 +-
 windows/keep-secure/audit-security-state-change.md              | 2 +-
 windows/keep-secure/audit-security-system-extension.md          | 2 +-
 windows/keep-secure/audit-sensitive-privilege-use.md            | 2 +-
 windows/keep-secure/audit-special-logon.md                      | 2 +-
 windows/keep-secure/audit-system-integrity.md                   | 2 +-
 windows/keep-secure/audit-user-account-management.md            | 2 +-
 windows/keep-secure/audit-user-device-claims.md                 | 2 +-
 windows/keep-secure/event-1100.md                               | 2 +-
 windows/keep-secure/event-1102.md                               | 2 +-
 windows/keep-secure/event-1104.md                               | 2 +-
 windows/keep-secure/event-1105.md                               | 2 +-
 windows/keep-secure/event-1108.md                               | 2 +-
 windows/keep-secure/event-4608.md                               | 2 +-
 windows/keep-secure/event-4610.md                               | 2 +-
 windows/keep-secure/event-4611.md                               | 2 +-
 windows/keep-secure/event-4612.md                               | 2 +-
 windows/keep-secure/event-4614.md                               | 2 +-
 windows/keep-secure/event-4615.md                               | 2 +-
 windows/keep-secure/event-4616.md                               | 2 +-
 windows/keep-secure/event-4618.md                               | 2 +-
 windows/keep-secure/event-4621.md                               | 2 +-
 windows/keep-secure/event-4622.md                               | 2 +-
 windows/keep-secure/event-4624.md                               | 2 +-
 windows/keep-secure/event-4625.md                               | 2 +-
 windows/keep-secure/event-4626.md                               | 2 +-
 windows/keep-secure/event-4627.md                               | 2 +-
 windows/keep-secure/event-4634.md                               | 2 +-
 windows/keep-secure/event-4647.md                               | 2 +-
 windows/keep-secure/event-4648.md                               | 2 +-
 windows/keep-secure/event-4649.md                               | 2 +-
 windows/keep-secure/event-4656.md                               | 2 +-
 windows/keep-secure/event-4657.md                               | 2 +-
 windows/keep-secure/event-4658.md                               | 2 +-
 windows/keep-secure/event-4660.md                               | 2 +-
 windows/keep-secure/event-4661.md                               | 2 +-
 windows/keep-secure/event-4662.md                               | 2 +-
 windows/keep-secure/event-4663.md                               | 2 +-
 windows/keep-secure/event-4664.md                               | 2 +-
 windows/keep-secure/event-4670.md                               | 2 +-
 windows/keep-secure/event-4671.md                               | 2 +-
 windows/keep-secure/event-4672.md                               | 2 +-
 windows/keep-secure/event-4673.md                               | 2 +-
 windows/keep-secure/event-4674.md                               | 2 +-
 windows/keep-secure/event-4675.md                               | 2 +-
 windows/keep-secure/event-4688.md                               | 2 +-
 windows/keep-secure/event-4689.md                               | 2 +-
 windows/keep-secure/event-4690.md                               | 2 +-
 windows/keep-secure/event-4691.md                               | 2 +-
 windows/keep-secure/event-4692.md                               | 2 +-
 windows/keep-secure/event-4693.md                               | 2 +-
 windows/keep-secure/event-4694.md                               | 2 +-
 windows/keep-secure/event-4695.md                               | 2 +-
 windows/keep-secure/event-4696.md                               | 2 +-
 windows/keep-secure/event-4697.md                               | 2 +-
 windows/keep-secure/event-4698.md                               | 2 +-
 windows/keep-secure/event-4699.md                               | 2 +-
 windows/keep-secure/event-4700.md                               | 2 +-
 windows/keep-secure/event-4701.md                               | 2 +-
 windows/keep-secure/event-4702.md                               | 2 +-
 windows/keep-secure/event-4703.md                               | 2 +-
 windows/keep-secure/event-4704.md                               | 2 +-
 windows/keep-secure/event-4705.md                               | 2 +-
 windows/keep-secure/event-4706.md                               | 2 +-
 windows/keep-secure/event-4707.md                               | 2 +-
 windows/keep-secure/event-4713.md                               | 2 +-
 windows/keep-secure/event-4714.md                               | 2 +-
 windows/keep-secure/event-4715.md                               | 2 +-
 windows/keep-secure/event-4716.md                               | 2 +-
 windows/keep-secure/event-4717.md                               | 2 +-
 windows/keep-secure/event-4718.md                               | 2 +-
 windows/keep-secure/event-4719.md                               | 2 +-
 windows/keep-secure/event-4720.md                               | 2 +-
 windows/keep-secure/event-4722.md                               | 2 +-
 windows/keep-secure/event-4723.md                               | 2 +-
 windows/keep-secure/event-4724.md                               | 2 +-
 windows/keep-secure/event-4725.md                               | 2 +-
 windows/keep-secure/event-4726.md                               | 2 +-
 windows/keep-secure/event-4731.md                               | 2 +-
 windows/keep-secure/event-4732.md                               | 2 +-
 windows/keep-secure/event-4733.md                               | 2 +-
 windows/keep-secure/event-4734.md                               | 2 +-
 windows/keep-secure/event-4735.md                               | 2 +-
 windows/keep-secure/event-4738.md                               | 2 +-
 windows/keep-secure/event-4739.md                               | 2 +-
 windows/keep-secure/event-4740.md                               | 2 +-
 windows/keep-secure/event-4741.md                               | 2 +-
 windows/keep-secure/event-4742.md                               | 2 +-
 windows/keep-secure/event-4743.md                               | 2 +-
 windows/keep-secure/event-4749.md                               | 2 +-
 windows/keep-secure/event-4750.md                               | 2 +-
 windows/keep-secure/event-4751.md                               | 2 +-
 windows/keep-secure/event-4752.md                               | 2 +-
 windows/keep-secure/event-4753.md                               | 2 +-
 windows/keep-secure/event-4764.md                               | 2 +-
 windows/keep-secure/event-4765.md                               | 2 +-
 windows/keep-secure/event-4766.md                               | 2 +-
 windows/keep-secure/event-4767.md                               | 2 +-
 windows/keep-secure/event-4768.md                               | 2 +-
 windows/keep-secure/event-4769.md                               | 2 +-
 windows/keep-secure/event-4770.md                               | 2 +-
 windows/keep-secure/event-4771.md                               | 2 +-
 windows/keep-secure/event-4772.md                               | 2 +-
 windows/keep-secure/event-4773.md                               | 2 +-
 windows/keep-secure/event-4774.md                               | 2 +-
 windows/keep-secure/event-4775.md                               | 2 +-
 windows/keep-secure/event-4776.md                               | 2 +-
 windows/keep-secure/event-4777.md                               | 2 +-
 windows/keep-secure/event-4778.md                               | 2 +-
 windows/keep-secure/event-4779.md                               | 2 +-
 windows/keep-secure/event-4780.md                               | 2 +-
 windows/keep-secure/event-4781.md                               | 2 +-
 windows/keep-secure/event-4782.md                               | 2 +-
 windows/keep-secure/event-4793.md                               | 2 +-
 windows/keep-secure/event-4794.md                               | 2 +-
 windows/keep-secure/event-4798.md                               | 2 +-
 windows/keep-secure/event-4799.md                               | 2 +-
 windows/keep-secure/event-4800.md                               | 2 +-
 windows/keep-secure/event-4801.md                               | 2 +-
 windows/keep-secure/event-4802.md                               | 2 +-
 windows/keep-secure/event-4803.md                               | 2 +-
 windows/keep-secure/event-4816.md                               | 2 +-
 windows/keep-secure/event-4817.md                               | 2 +-
 windows/keep-secure/event-4818.md                               | 2 +-
 windows/keep-secure/event-4819.md                               | 2 +-
 windows/keep-secure/event-4826.md                               | 2 +-
 windows/keep-secure/event-4864.md                               | 2 +-
 windows/keep-secure/event-4865.md                               | 2 +-
 windows/keep-secure/event-4866.md                               | 2 +-
 windows/keep-secure/event-4867.md                               | 2 +-
 windows/keep-secure/event-4902.md                               | 2 +-
 windows/keep-secure/event-4904.md                               | 2 +-
 windows/keep-secure/event-4905.md                               | 2 +-
 windows/keep-secure/event-4906.md                               | 2 +-
 windows/keep-secure/event-4907.md                               | 2 +-
 windows/keep-secure/event-4908.md                               | 2 +-
 windows/keep-secure/event-4909.md                               | 2 +-
 windows/keep-secure/event-4910.md                               | 2 +-
 windows/keep-secure/event-4911.md                               | 2 +-
 windows/keep-secure/event-4912.md                               | 2 +-
 windows/keep-secure/event-4913.md                               | 2 +-
 windows/keep-secure/event-4928.md                               | 2 +-
 windows/keep-secure/event-4929.md                               | 2 +-
 windows/keep-secure/event-4930.md                               | 2 +-
 windows/keep-secure/event-4931.md                               | 2 +-
 windows/keep-secure/event-4932.md                               | 2 +-
 windows/keep-secure/event-4933.md                               | 2 +-
 windows/keep-secure/event-4934.md                               | 2 +-
 windows/keep-secure/event-4935.md                               | 2 +-
 windows/keep-secure/event-4936.md                               | 2 +-
 windows/keep-secure/event-4937.md                               | 2 +-
 windows/keep-secure/event-4944.md                               | 2 +-
 windows/keep-secure/event-4945.md                               | 2 +-
 windows/keep-secure/event-4946.md                               | 2 +-
 windows/keep-secure/event-4947.md                               | 2 +-
 windows/keep-secure/event-4948.md                               | 2 +-
 windows/keep-secure/event-4949.md                               | 2 +-
 windows/keep-secure/event-4950.md                               | 2 +-
 windows/keep-secure/event-4951.md                               | 2 +-
 windows/keep-secure/event-4952.md                               | 2 +-
 windows/keep-secure/event-4953.md                               | 2 +-
 windows/keep-secure/event-4954.md                               | 2 +-
 windows/keep-secure/event-4956.md                               | 2 +-
 windows/keep-secure/event-4957.md                               | 2 +-
 windows/keep-secure/event-4958.md                               | 2 +-
 windows/keep-secure/event-4964.md                               | 2 +-
 windows/keep-secure/event-4985.md                               | 2 +-
 windows/keep-secure/event-5024.md                               | 2 +-
 windows/keep-secure/event-5025.md                               | 2 +-
 windows/keep-secure/event-5027.md                               | 2 +-
 windows/keep-secure/event-5028.md                               | 2 +-
 windows/keep-secure/event-5029.md                               | 2 +-
 windows/keep-secure/event-5030.md                               | 2 +-
 windows/keep-secure/event-5031.md                               | 2 +-
 windows/keep-secure/event-5032.md                               | 2 +-
 windows/keep-secure/event-5033.md                               | 2 +-
 windows/keep-secure/event-5034.md                               | 2 +-
 windows/keep-secure/event-5035.md                               | 2 +-
 windows/keep-secure/event-5037.md                               | 2 +-
 windows/keep-secure/event-5038.md                               | 2 +-
 windows/keep-secure/event-5039.md                               | 2 +-
 windows/keep-secure/event-5051.md                               | 2 +-
 windows/keep-secure/event-5056.md                               | 2 +-
 windows/keep-secure/event-5057.md                               | 2 +-
 windows/keep-secure/event-5058.md                               | 2 +-
 windows/keep-secure/event-5059.md                               | 2 +-
 windows/keep-secure/event-5060.md                               | 2 +-
 windows/keep-secure/event-5061.md                               | 2 +-
 windows/keep-secure/event-5062.md                               | 2 +-
 windows/keep-secure/event-5063.md                               | 2 +-
 windows/keep-secure/event-5064.md                               | 2 +-
 windows/keep-secure/event-5065.md                               | 2 +-
 windows/keep-secure/event-5066.md                               | 2 +-
 windows/keep-secure/event-5067.md                               | 2 +-
 windows/keep-secure/event-5068.md                               | 2 +-
 windows/keep-secure/event-5069.md                               | 2 +-
 windows/keep-secure/event-5070.md                               | 2 +-
 windows/keep-secure/event-5136.md                               | 2 +-
 windows/keep-secure/event-5137.md                               | 2 +-
 windows/keep-secure/event-5138.md                               | 2 +-
 windows/keep-secure/event-5139.md                               | 2 +-
 windows/keep-secure/event-5140.md                               | 2 +-
 windows/keep-secure/event-5141.md                               | 2 +-
 windows/keep-secure/event-5142.md                               | 2 +-
 windows/keep-secure/event-5143.md                               | 2 +-
 windows/keep-secure/event-5144.md                               | 2 +-
 windows/keep-secure/event-5145.md                               | 2 +-
 windows/keep-secure/event-5148.md                               | 2 +-
 windows/keep-secure/event-5149.md                               | 2 +-
 windows/keep-secure/event-5150.md                               | 2 +-
 windows/keep-secure/event-5151.md                               | 2 +-
 windows/keep-secure/event-5152.md                               | 2 +-
 windows/keep-secure/event-5153.md                               | 2 +-
 windows/keep-secure/event-5154.md                               | 2 +-
 windows/keep-secure/event-5155.md                               | 2 +-
 windows/keep-secure/event-5156.md                               | 2 +-
 windows/keep-secure/event-5157.md                               | 2 +-
 windows/keep-secure/event-5158.md                               | 2 +-
 windows/keep-secure/event-5159.md                               | 2 +-
 windows/keep-secure/event-5168.md                               | 2 +-
 windows/keep-secure/event-5376.md                               | 2 +-
 windows/keep-secure/event-5377.md                               | 2 +-
 windows/keep-secure/event-5378.md                               | 2 +-
 windows/keep-secure/event-5447.md                               | 2 +-
 windows/keep-secure/event-5632.md                               | 2 +-
 windows/keep-secure/event-5633.md                               | 2 +-
 windows/keep-secure/event-5712.md                               | 2 +-
 windows/keep-secure/event-5888.md                               | 2 +-
 windows/keep-secure/event-5889.md                               | 2 +-
 windows/keep-secure/event-5890.md                               | 2 +-
 windows/keep-secure/event-6144.md                               | 2 +-
 windows/keep-secure/event-6145.md                               | 2 +-
 windows/keep-secure/event-6281.md                               | 2 +-
 windows/keep-secure/event-6400.md                               | 2 +-
 windows/keep-secure/event-6401.md                               | 2 +-
 windows/keep-secure/event-6402.md                               | 2 +-
 windows/keep-secure/event-6403.md                               | 2 +-
 windows/keep-secure/event-6404.md                               | 2 +-
 windows/keep-secure/event-6405.md                               | 2 +-
 windows/keep-secure/event-6406.md                               | 2 +-
 windows/keep-secure/event-6407.md                               | 2 +-
 windows/keep-secure/event-6408.md                               | 2 +-
 windows/keep-secure/event-6409.md                               | 2 +-
 windows/keep-secure/event-6410.md                               | 2 +-
 windows/keep-secure/event-6416.md                               | 2 +-
 windows/keep-secure/event-6419.md                               | 2 +-
 windows/keep-secure/event-6420.md                               | 2 +-
 windows/keep-secure/event-6421.md                               | 2 +-
 windows/keep-secure/event-6422.md                               | 2 +-
 windows/keep-secure/event-6423.md                               | 2 +-
 windows/keep-secure/event-6424.md                               | 2 +-
 windows/keep-secure/other-events.md                             | 2 +-
 windows/manage/acquire-apps-windows-store-for-business.md       | 2 +-
 windows/manage/add-unsigned-app-to-code-integrity-policy.md     | 2 +-
 windows/manage/administrative-tools-in-windows-10.md            | 2 +-
 .../app-inventory-managemement-windows-store-for-business.md    | 2 +-
 .../manage/application-development-for-windows-as-a-service.md  | 2 +-
 windows/manage/apps-in-windows-store-for-business.md            | 2 +-
 windows/manage/assign-apps-to-employees.md                      | 2 +-
 .../manage/change-history-for-manage-and-update-windows-10.md   | 2 +-
 windows/manage/changes-to-start-policies-in-windows-10.md       | 2 +-
 windows/manage/configure-devices-without-mdm.md                 | 2 +-
 .../manage/configure-mdm-provider-windows-store-for-business.md | 2 +-
 windows/manage/customize-and-export-start-layout.md             | 2 +-
 .../customize-windows-10-start-screens-by-using-group-policy.md | 2 +-
 ...indows-10-start-screens-by-using-mobile-device-management.md | 2 +-
 ...s-10-start-screens-by-using-provisioning-packages-and-icd.md | 2 +-
 windows/manage/device-guard-signing-portal.md                   | 2 +-
 windows/manage/distribute-apps-from-your-private-store.md       | 2 +-
 ...tribute-apps-to-your-employees-windows-store-for-business.md | 2 +-
 windows/manage/distribute-apps-with-management-tool.md          | 2 +-
 windows/manage/distribute-offline-apps.md                       | 2 +-
 windows/manage/find-and-acquire-apps-overview.md                | 2 +-
 .../group-policies-for-enterprise-and-education-editions.md     | 2 +-
 .../how-it-pros-can-use-configuration-service-providers.md      | 2 +-
 windows/manage/index.md                                         | 2 +-
 windows/manage/introduction-to-windows-10-servicing.md          | 2 +-
 .../manage/join-windows-10-mobile-to-azure-active-directory.md  | 2 +-
 windows/manage/lock-down-windows-10-to-specific-apps.md         | 2 +-
 windows/manage/lock-down-windows-10.md                          | 2 +-
 windows/manage/lockdown-xml.md                                  | 2 +-
 .../manage/manage-apps-windows-store-for-business-overview.md   | 2 +-
 ...windows-operating-system-components-to-microsoft-services.md | 2 +-
 windows/manage/manage-corporate-devices.md                      | 2 +-
 windows/manage/manage-inventory-windows-store-for-business.md   | 2 +-
 windows/manage/manage-orders-windows-store-for-business.md      | 2 +-
 windows/manage/manage-private-store-settings.md                 | 2 +-
 windows/manage/manage-settings-windows-store-for-business.md    | 2 +-
 .../manage-users-and-groups-windows-store-for-business.md       | 2 +-
 windows/manage/manage-wifi-sense-in-enterprise.md               | 2 +-
 windows/manage/new-policies-for-windows-10.md                   | 2 +-
 windows/manage/prerequisites-windows-store-for-business.md      | 2 +-
 windows/manage/product-ids-in-windows-10-mobile.md              | 2 +-
 windows/manage/reset-a-windows-10-mobile-device.md              | 2 +-
 .../manage/roles-and-permissions-windows-store-for-business.md  | 2 +-
 windows/manage/set-up-a-device-for-anyone-to-use.md             | 2 +-
 .../set-up-a-kiosk-for-windows-10-for-desktop-editions.md       | 2 +-
 .../manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md  | 2 +-
 windows/manage/settings-reference-windows-store-for-business.md | 2 +-
 windows/manage/settings-that-can-be-locked-down.md              | 2 +-
 .../sign-code-integrity-policy-with-device-guard-signing.md     | 2 +-
 windows/manage/sign-up-windows-store-for-business-overview.md   | 2 +-
 windows/manage/sign-up-windows-store-for-business.md            | 2 +-
 windows/manage/stop-employees-from-using-the-windows-store.md   | 2 +-
 windows/manage/troubleshoot-windows-store-for-business.md       | 2 +-
 .../update-windows-store-for-business-account-settings.md       | 2 +-
 windows/manage/windows-10-mobile-and-mdm.md                     | 2 +-
 windows/manage/windows-10-start-layout-options-and-policies.md  | 2 +-
 windows/manage/windows-store-for-business.md                    | 2 +-
 windows/manage/working-with-line-of-business-apps.md            | 2 +-
 windows/plan/deployment-considerations-for-windows-to-go.md     | 2 +-
 362 files changed, 362 insertions(+), 362 deletions(-)

diff --git a/windows/index.md b/windows/index.md
index 08ec4adaa7..ec5ecb7a39 100644
--- a/windows/index.md
+++ b/windows/index.md
@@ -2,7 +2,7 @@
 title: Windows 10 and Windows 10 Mobile (Windows 10)
 description: This library provides the core content that IT pros need to evaluate, plan, deploy, and manage devices running Windows 10 or Windows 10 Mobile.
 ms.assetid: 345A4B4E-BC1B-4F5C-9E90-58E647D11C60
-ms.prod: W10
+ms.prod: w10
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/keep-secure/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
index 626a7162a6..736833b790 100644
--- a/windows/keep-secure/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
+++ b/windows/keep-secure/appendix-a-security-monitoring-recommendations-for-many-audit-events.md
@@ -2,7 +2,7 @@
 title: Appendix A, Security monitoring recommendations for many audit events (Windows 10)
 description: Appendix A, Security monitoring recommendations for many audit events
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-account-lockout.md b/windows/keep-secure/audit-account-lockout.md
index edda775a9d..5aa153c7ac 100644
--- a/windows/keep-secure/audit-account-lockout.md
+++ b/windows/keep-secure/audit-account-lockout.md
@@ -3,7 +3,7 @@ title: Audit Account Lockout (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Account Lockout, which enables you to audit security events that are generated by a failed attempt to log on to an account that is locked out.
 ms.assetid: da68624b-a174-482c-9bc5-ddddab38e589
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-application-generated.md b/windows/keep-secure/audit-application-generated.md
index a031b2592f..fa461c2535 100644
--- a/windows/keep-secure/audit-application-generated.md
+++ b/windows/keep-secure/audit-application-generated.md
@@ -3,7 +3,7 @@ title: Audit Application Generated (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs).
 ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-application-group-management.md b/windows/keep-secure/audit-application-group-management.md
index c4ee29610f..7991c5a92d 100644
--- a/windows/keep-secure/audit-application-group-management.md
+++ b/windows/keep-secure/audit-application-group-management.md
@@ -3,7 +3,7 @@ title: Audit Application Group Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Application Group Management, which determines whether the operating system generates audit events when application group management tasks are performed.
 ms.assetid: 1bcaa41e-5027-4a86-96b7-f04eaf1c0606
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-audit-policy-change.md b/windows/keep-secure/audit-audit-policy-change.md
index dca7c1278d..3baaef2ff0 100644
--- a/windows/keep-secure/audit-audit-policy-change.md
+++ b/windows/keep-secure/audit-audit-policy-change.md
@@ -3,7 +3,7 @@ title: Audit Audit Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy.
 ms.assetid: 7153bf75-6978-4d7e-a821-59a699efb8a9
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-authentication-policy-change.md b/windows/keep-secure/audit-authentication-policy-change.md
index 60d6e969e5..3096a5187c 100644
--- a/windows/keep-secure/audit-authentication-policy-change.md
+++ b/windows/keep-secure/audit-authentication-policy-change.md
@@ -3,7 +3,7 @@ title: Audit Authentication Policy Change (Windows 10)
 description: This topic for the IT professional describes this Advanced Security Audit policy setting, Audit Authentication Policy Change, which determines whether the operating system generates audit events when changes are made to authentication policy.
 ms.assetid: aa9cea7a-aadf-47b7-b704-ac253b8e79be
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-authorization-policy-change.md b/windows/keep-secure/audit-authorization-policy-change.md
index e12e71d60c..bb16d06124 100644
--- a/windows/keep-secure/audit-authorization-policy-change.md
+++ b/windows/keep-secure/audit-authorization-policy-change.md
@@ -3,7 +3,7 @@ title: Audit Authorization Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Authorization Policy Change, which determines whether the operating system generates audit events when specific changes are made to the authorization policy.
 ms.assetid: ca0587a2-a2b3-4300-aa5d-48b4553c3b36
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-central-access-policy-staging.md b/windows/keep-secure/audit-central-access-policy-staging.md
index dba31f0402..d2c7077220 100644
--- a/windows/keep-secure/audit-central-access-policy-staging.md
+++ b/windows/keep-secure/audit-central-access-policy-staging.md
@@ -3,7 +3,7 @@ title: Audit Central Access Policy Staging (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Central Access Policy Staging, which determines permissions on a Central Access Policy.
 ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-certification-services.md b/windows/keep-secure/audit-certification-services.md
index 8faf626674..c41330e98c 100644
--- a/windows/keep-secure/audit-certification-services.md
+++ b/windows/keep-secure/audit-certification-services.md
@@ -3,7 +3,7 @@ title: Audit Certification Services (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Certification Services, which determines whether the operating system generates events when Active Directory Certificate Services (ADÂ CS) operations are performed.
 ms.assetid: cdefc34e-fb1f-4eff-b766-17713c5a1b03
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-computer-account-management.md b/windows/keep-secure/audit-computer-account-management.md
index 5f7450d6f6..c127ebd500 100644
--- a/windows/keep-secure/audit-computer-account-management.md
+++ b/windows/keep-secure/audit-computer-account-management.md
@@ -3,7 +3,7 @@ title: Audit Computer Account Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Computer Account Management, which determines whether the operating system generates audit events when a computer account is created, changed, or deleted.
 ms.assetid: 6c406693-57bf-4411-bb6c-ff83ce548991
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-credential-validation.md b/windows/keep-secure/audit-credential-validation.md
index 6b101b70a6..5e54e23875 100644
--- a/windows/keep-secure/audit-credential-validation.md
+++ b/windows/keep-secure/audit-credential-validation.md
@@ -3,7 +3,7 @@ title: Audit Credential Validation (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Credential Validation, which determines whether the operating system generates audit events on credentials that are submitted for a user account logon request.
 ms.assetid: 6654b33a-922e-4a43-8223-ec5086dfc926
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-detailed-file-share.md b/windows/keep-secure/audit-detailed-file-share.md
index e3bcefa79b..436399addb 100644
--- a/windows/keep-secure/audit-detailed-file-share.md
+++ b/windows/keep-secure/audit-detailed-file-share.md
@@ -3,7 +3,7 @@ title: Audit Detailed File Share (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Detailed File Share, which allows you to audit attempts to access files and folders on a shared folder.
 ms.assetid: 60310104-b820-4033-a1cb-022a34f064ae
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-directory-service-access.md b/windows/keep-secure/audit-directory-service-access.md
index 90f32dc571..039b10f684 100644
--- a/windows/keep-secure/audit-directory-service-access.md
+++ b/windows/keep-secure/audit-directory-service-access.md
@@ -3,7 +3,7 @@ title: Audit Directory Service Access (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Access, which determines whether the operating system generates audit events when an Active Directory Domain Services (ADÂ DS) object is accessed.
 ms.assetid: ba2562ba-4282-4588-b87c-a3fcb771c7d0
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-directory-service-changes.md b/windows/keep-secure/audit-directory-service-changes.md
index 681d62c3bd..67d519f452 100644
--- a/windows/keep-secure/audit-directory-service-changes.md
+++ b/windows/keep-secure/audit-directory-service-changes.md
@@ -3,7 +3,7 @@ title: Audit Directory Service Changes (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Changes, which determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (ADÂ DS).
 ms.assetid: 9f7c0dd4-3977-47dd-a0fb-ec2f17cad05e
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-directory-service-replication.md b/windows/keep-secure/audit-directory-service-replication.md
index 9852d81d51..de877d1d2d 100644
--- a/windows/keep-secure/audit-directory-service-replication.md
+++ b/windows/keep-secure/audit-directory-service-replication.md
@@ -3,7 +3,7 @@ title: Audit Directory Service Replication (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Replication, which determines whether the operating system generates audit events when replication between two domain controllers begins and ends.
 ms.assetid: b95d296c-7993-4e8d-8064-a8bbe284bd56
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-distribution-group-management.md b/windows/keep-secure/audit-distribution-group-management.md
index a8818d7fbe..b140fd81cc 100644
--- a/windows/keep-secure/audit-distribution-group-management.md
+++ b/windows/keep-secure/audit-distribution-group-management.md
@@ -3,7 +3,7 @@ title: Audit Distribution Group Management (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Distribution Group Management, which determines whether the operating system generates audit events for specific distribution-group management tasks.
 ms.assetid: d46693a4-5887-4a58-85db-2f6cba224a66
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-dpapi-activity.md b/windows/keep-secure/audit-dpapi-activity.md
index c7c323e5a3..a17a929770 100644
--- a/windows/keep-secure/audit-dpapi-activity.md
+++ b/windows/keep-secure/audit-dpapi-activity.md
@@ -3,7 +3,7 @@ title: Audit DPAPI Activity (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit DPAPI Activity, which determines whether the operating system generates audit events when encryption or decryption calls are made into the data protection application interface (DPAPI).
 ms.assetid: be4d4c83-c857-4e3d-a84e-8bcc3f2c99cd
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-file-share.md b/windows/keep-secure/audit-file-share.md
index 2e3b971917..05c490cf67 100644
--- a/windows/keep-secure/audit-file-share.md
+++ b/windows/keep-secure/audit-file-share.md
@@ -3,7 +3,7 @@ title: Audit File Share (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File Share, which determines whether the operating system generates audit events when a file share is accessed.
 ms.assetid: 9ea985f8-8936-4b79-abdb-35cbb7138f78
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-file-system.md b/windows/keep-secure/audit-file-system.md
index c2067f4580..ea941fc892 100644
--- a/windows/keep-secure/audit-file-system.md
+++ b/windows/keep-secure/audit-file-system.md
@@ -3,7 +3,7 @@ title: Audit File System (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit File System, which determines whether the operating system generates audit events when users attempt to access file system objects.
 ms.assetid: 6a71f283-b8e5-41ac-b348-0b7ec6ea0b1f
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-filtering-platform-connection.md b/windows/keep-secure/audit-filtering-platform-connection.md
index e07ed53034..96d8bbd8c3 100644
--- a/windows/keep-secure/audit-filtering-platform-connection.md
+++ b/windows/keep-secure/audit-filtering-platform-connection.md
@@ -3,7 +3,7 @@ title: Audit Filtering Platform Connection (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Connection, which determines whether the operating system generates audit events when connections are allowed or blocked by the Windows Filtering Platform.
 ms.assetid: d72936e9-ff01-4d18-b864-a4958815df59
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-filtering-platform-packet-drop.md b/windows/keep-secure/audit-filtering-platform-packet-drop.md
index 2f1d92d144..093fd674de 100644
--- a/windows/keep-secure/audit-filtering-platform-packet-drop.md
+++ b/windows/keep-secure/audit-filtering-platform-packet-drop.md
@@ -3,7 +3,7 @@ title: Audit Filtering Platform Packet Drop (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Packet Drop, which determines whether the operating system generates audit events when packets are dropped by the Windows Filtering Platform.
 ms.assetid: 95457601-68d1-4385-af20-87916ddab906
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-filtering-platform-policy-change.md b/windows/keep-secure/audit-filtering-platform-policy-change.md
index c6b29136a8..ec8d3374dd 100644
--- a/windows/keep-secure/audit-filtering-platform-policy-change.md
+++ b/windows/keep-secure/audit-filtering-platform-policy-change.md
@@ -3,7 +3,7 @@ title: Audit Filtering Platform Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions.
 ms.assetid: 0eaf1c56-672b-4ea9-825a-22dc03eb4041
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-group-membership.md b/windows/keep-secure/audit-group-membership.md
index 2fbda5d3b5..f3424483bb 100644
--- a/windows/keep-secure/audit-group-membership.md
+++ b/windows/keep-secure/audit-group-membership.md
@@ -3,7 +3,7 @@ title: Audit Group Membership (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Group Membership, which enables you to audit group memberships when they are enumerated on the client PC.
 ms.assetid: 1CD7B014-FBD9-44B9-9274-CC5715DE58B9
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-handle-manipulation.md b/windows/keep-secure/audit-handle-manipulation.md
index 5cff0de163..c1a20800e5 100644
--- a/windows/keep-secure/audit-handle-manipulation.md
+++ b/windows/keep-secure/audit-handle-manipulation.md
@@ -3,7 +3,7 @@ title: Audit Handle Manipulation (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Handle Manipulation, which determines whether the operating system generates audit events when a handle to an object is opened or closed.
 ms.assetid: 1fbb004a-ccdc-4c80-b3da-a4aa7a9f4091
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-ipsec-driver.md b/windows/keep-secure/audit-ipsec-driver.md
index 8816a8e2ba..628d86b063 100644
--- a/windows/keep-secure/audit-ipsec-driver.md
+++ b/windows/keep-secure/audit-ipsec-driver.md
@@ -3,7 +3,7 @@ title: Audit IPsec Driver (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit IPsec Driver, which determines whether the operating system generates audit events for the activities of the IPsec driver.
 ms.assetid: c8b8c02f-5ad0-4ee5-9123-ea8cdae356a5
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-ipsec-extended-mode.md b/windows/keep-secure/audit-ipsec-extended-mode.md
index 7220d5ead8..83cc51ddc1 100644
--- a/windows/keep-secure/audit-ipsec-extended-mode.md
+++ b/windows/keep-secure/audit-ipsec-extended-mode.md
@@ -3,7 +3,7 @@ title: Audit IPsec Extended Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Extended Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
 ms.assetid: 2b4fee9e-482a-4181-88a8-6a79d8fc8049
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-ipsec-main-mode.md b/windows/keep-secure/audit-ipsec-main-mode.md
index 4d9716ac60..d06d0749d0 100644
--- a/windows/keep-secure/audit-ipsec-main-mode.md
+++ b/windows/keep-secure/audit-ipsec-main-mode.md
@@ -3,7 +3,7 @@ title: Audit IPsec Main Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Main Mode, which determines whether the operating system generates events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
 ms.assetid: 06ed26ec-3620-4ef4-a47a-c70df9c8827b
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-ipsec-quick-mode.md b/windows/keep-secure/audit-ipsec-quick-mode.md
index a6ce77cdf4..6259aa5962 100644
--- a/windows/keep-secure/audit-ipsec-quick-mode.md
+++ b/windows/keep-secure/audit-ipsec-quick-mode.md
@@ -3,7 +3,7 @@ title: Audit IPsec Quick Mode (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Quick Mode, which determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
 ms.assetid: 7be67a15-c2ce-496a-9719-e25ac7699114
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-kerberos-authentication-service.md b/windows/keep-secure/audit-kerberos-authentication-service.md
index b0e5ccc886..0565b58eef 100644
--- a/windows/keep-secure/audit-kerberos-authentication-service.md
+++ b/windows/keep-secure/audit-kerberos-authentication-service.md
@@ -3,7 +3,7 @@ title: Audit Kerberos Authentication Service (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Authentication Service, which determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests.
 ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-kerberos-service-ticket-operations.md b/windows/keep-secure/audit-kerberos-service-ticket-operations.md
index 0a45922c00..5b9d7f1874 100644
--- a/windows/keep-secure/audit-kerberos-service-ticket-operations.md
+++ b/windows/keep-secure/audit-kerberos-service-ticket-operations.md
@@ -3,7 +3,7 @@ title: Audit Kerberos Service Ticket Operations (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Service Ticket Operations, which determines whether the operating system generates security audit events for Kerberos service ticket requests.
 ms.assetid: ddc0abef-ac7f-4849-b90d-66700470ccd6
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-kernel-object.md b/windows/keep-secure/audit-kernel-object.md
index 80a0b5e30f..9815bc9a13 100644
--- a/windows/keep-secure/audit-kernel-object.md
+++ b/windows/keep-secure/audit-kernel-object.md
@@ -3,7 +3,7 @@ title: Audit Kernel Object (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kernel Object, which determines whether the operating system generates audit events when users attempt to access the system kernel, which includes mutexes and semaphores.
 ms.assetid: 75619d8b-b1eb-445b-afc9-0f9053be97fb
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-logoff.md b/windows/keep-secure/audit-logoff.md
index 66730b6282..152a1a0770 100644
--- a/windows/keep-secure/audit-logoff.md
+++ b/windows/keep-secure/audit-logoff.md
@@ -3,7 +3,7 @@ title: Audit Logoff (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logoff, which determines whether the operating system generates audit events when logon sessions are terminated.
 ms.assetid: 681e51f2-ba06-46f5-af8c-d9c48d515432
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-logon.md b/windows/keep-secure/audit-logon.md
index 194c1f3d0b..99a4cb6528 100644
--- a/windows/keep-secure/audit-logon.md
+++ b/windows/keep-secure/audit-logon.md
@@ -3,7 +3,7 @@ title: Audit Logon (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Logon, which determines whether the operating system generates audit events when a user attempts to log on to a computer.
 ms.assetid: ca968d03-7d52-48c4-ba0e-2bcd2937231b
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md b/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
index e7eb1410f4..7ac4228370 100644
--- a/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
+++ b/windows/keep-secure/audit-mpssvc-rule-level-policy-change.md
@@ -3,7 +3,7 @@ title: Audit MPSSVC Rule-Level Policy Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit MPSSVC Rule-Level Policy Change, which determines whether the operating system generates audit events when changes are made to policy rules for the Microsoft Protection Service (MPSSVC.exe).
 ms.assetid: 263461b3-c61c-4ec3-9dee-851164845019
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-network-policy-server.md b/windows/keep-secure/audit-network-policy-server.md
index c053aab03a..f1cdad1e90 100644
--- a/windows/keep-secure/audit-network-policy-server.md
+++ b/windows/keep-secure/audit-network-policy-server.md
@@ -3,7 +3,7 @@ title: Audit Network Policy Server (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock).
 ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-non-sensitive-privilege-use.md b/windows/keep-secure/audit-non-sensitive-privilege-use.md
index a6052e4d5d..ebc770c912 100644
--- a/windows/keep-secure/audit-non-sensitive-privilege-use.md
+++ b/windows/keep-secure/audit-non-sensitive-privilege-use.md
@@ -3,7 +3,7 @@ title: Audit Non Sensitive Privilege Use (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used.
 ms.assetid: 8fd74783-1059-443e-aa86-566d78606627
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-account-logon-events.md b/windows/keep-secure/audit-other-account-logon-events.md
index ee92107d00..194e56d11b 100644
--- a/windows/keep-secure/audit-other-account-logon-events.md
+++ b/windows/keep-secure/audit-other-account-logon-events.md
@@ -3,7 +3,7 @@ title: Audit Other Account Logon Events (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Other Account Logon Events, which allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
 ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-account-management-events.md b/windows/keep-secure/audit-other-account-management-events.md
index bce48fe3a4..20b82aa409 100644
--- a/windows/keep-secure/audit-other-account-management-events.md
+++ b/windows/keep-secure/audit-other-account-management-events.md
@@ -3,7 +3,7 @@ title: Audit Other Account Management Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Account Management Events, which determines whether the operating system generates user account management audit events.
 ms.assetid: 4ce22eeb-a96f-4cf9-a46d-6642961a31d5
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-logonlogoff-events.md b/windows/keep-secure/audit-other-logonlogoff-events.md
index da62c1ddac..cceda79c69 100644
--- a/windows/keep-secure/audit-other-logonlogoff-events.md
+++ b/windows/keep-secure/audit-other-logonlogoff-events.md
@@ -3,7 +3,7 @@ title: Audit Other Logon/Logoff Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Logon/Logoff Events, which determines whether Windows generates audit events for other logon or logoff events.
 ms.assetid: 76d987cd-1917-4907-a739-dd642609a458
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-object-access-events.md b/windows/keep-secure/audit-other-object-access-events.md
index 66d034006d..4501674589 100644
--- a/windows/keep-secure/audit-other-object-access-events.md
+++ b/windows/keep-secure/audit-other-object-access-events.md
@@ -3,7 +3,7 @@ title: Audit Other Object Access Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Object Access Events, which determines whether the operating system generates audit events for the management of Task Scheduler jobs or COM+ objects.
 ms.assetid: b9774595-595d-4199-b0c5-8dbc12b6c8b2
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-policy-change-events.md b/windows/keep-secure/audit-other-policy-change-events.md
index 0af19e0be4..81cb8c52aa 100644
--- a/windows/keep-secure/audit-other-policy-change-events.md
+++ b/windows/keep-secure/audit-other-policy-change-events.md
@@ -3,7 +3,7 @@ title: Audit Other Policy Change Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other Policy Change Events, which determines whether the operating system generates audit events for security policy changes that are not otherwise audited in the Policy Change category.
 ms.assetid: 8618502e-c21c-41cc-8a49-3dc1eb359e60
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-privilege-use-events.md b/windows/keep-secure/audit-other-privilege-use-events.md
index b5ebe7d056..a411c1b6b4 100644
--- a/windows/keep-secure/audit-other-privilege-use-events.md
+++ b/windows/keep-secure/audit-other-privilege-use-events.md
@@ -3,7 +3,7 @@ title: Audit Other Privilege Use Events (Windows 10)
 description: This security policy setting is not used.
 ms.assetid: 5f7f5b25-42a6-499f-8aa2-01ac79a2a63c
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-other-system-events.md b/windows/keep-secure/audit-other-system-events.md
index bb1cfd06c3..91f62b06de 100644
--- a/windows/keep-secure/audit-other-system-events.md
+++ b/windows/keep-secure/audit-other-system-events.md
@@ -3,7 +3,7 @@ title: Audit Other System Events (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Other System Events, which determines whether the operating system audits various system events.
 ms.assetid: 2401e4cc-d94e-41ec-82a7-e10914295f8b
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-pnp-activity.md b/windows/keep-secure/audit-pnp-activity.md
index 8558ff0a08..bef34f8715 100644
--- a/windows/keep-secure/audit-pnp-activity.md
+++ b/windows/keep-secure/audit-pnp-activity.md
@@ -3,7 +3,7 @@ title: Audit PNP Activity (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit PNP Activity, which determines when plug and play detects an external device.
 ms.assetid: A3D87B3B-EBBE-442A-953B-9EB75A5F600E
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-process-creation.md b/windows/keep-secure/audit-process-creation.md
index 739cc9cf47..9616b172bf 100644
--- a/windows/keep-secure/audit-process-creation.md
+++ b/windows/keep-secure/audit-process-creation.md
@@ -3,7 +3,7 @@ title: Audit Process Creation (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Creation, which determines whether the operating system generates audit events when a process is created (starts).
 ms.assetid: 67e39fcd-ded6-45e8-b1b6-d411e4e93019
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-process-termination.md b/windows/keep-secure/audit-process-termination.md
index 9c526efce5..493f39cc30 100644
--- a/windows/keep-secure/audit-process-termination.md
+++ b/windows/keep-secure/audit-process-termination.md
@@ -3,7 +3,7 @@ title: Audit Process Termination (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Termination, which determines whether the operating system generates audit events when an attempt is made to end a process.
 ms.assetid: 65d88e53-14aa-48a4-812b-557cebbf9e50
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-registry.md b/windows/keep-secure/audit-registry.md
index f994e3be1b..ad25025bc9 100644
--- a/windows/keep-secure/audit-registry.md
+++ b/windows/keep-secure/audit-registry.md
@@ -3,7 +3,7 @@ title: Audit Registry (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Registry, which determines whether the operating system generates audit events when users attempt to access registry objects.
 ms.assetid: 02bcc23b-4823-46ac-b822-67beedf56b32
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-removable-storage.md b/windows/keep-secure/audit-removable-storage.md
index 0cd8e17a01..de2555c64a 100644
--- a/windows/keep-secure/audit-removable-storage.md
+++ b/windows/keep-secure/audit-removable-storage.md
@@ -3,7 +3,7 @@ title: Audit Removable Storage (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive.
 ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-rpc-events.md b/windows/keep-secure/audit-rpc-events.md
index 99e1f92cff..69b62bbff7 100644
--- a/windows/keep-secure/audit-rpc-events.md
+++ b/windows/keep-secure/audit-rpc-events.md
@@ -3,7 +3,7 @@ title: Audit RPC Events (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit RPC Events, which determines whether the operating system generates audit events when inbound remote procedure call (RPC) connections are made.
 ms.assetid: 868aec2d-93b4-4bc8-a150-941f88838ba6
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-sam.md b/windows/keep-secure/audit-sam.md
index 7b097dc097..49b763f835 100644
--- a/windows/keep-secure/audit-sam.md
+++ b/windows/keep-secure/audit-sam.md
@@ -3,7 +3,7 @@ title: Audit SAM (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager (SAM) objects.
 ms.assetid: 1d00f955-383d-4c95-bbd1-fab4a991a46e
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-security-group-management.md b/windows/keep-secure/audit-security-group-management.md
index 4c6f72b3c3..17c4f1861e 100644
--- a/windows/keep-secure/audit-security-group-management.md
+++ b/windows/keep-secure/audit-security-group-management.md
@@ -3,7 +3,7 @@ title: Audit Security Group Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed.
 ms.assetid: ac2ee101-557b-4c84-b9fa-4fb23331f1aa
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-security-state-change.md b/windows/keep-secure/audit-security-state-change.md
index 2bf37ca4a0..54492ea27c 100644
--- a/windows/keep-secure/audit-security-state-change.md
+++ b/windows/keep-secure/audit-security-state-change.md
@@ -3,7 +3,7 @@ title: Audit Security State Change (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security State Change, which determines whether Windows generates audit events for changes in the security state of a system.
 ms.assetid: decb3218-a67d-4efa-afc0-337c79a89a2d
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-security-system-extension.md b/windows/keep-secure/audit-security-system-extension.md
index 7d83ba191c..b340e3efe0 100644
--- a/windows/keep-secure/audit-security-system-extension.md
+++ b/windows/keep-secure/audit-security-system-extension.md
@@ -3,7 +3,7 @@ title: Audit Security System Extension (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security System Extension, which determines whether the operating system generates audit events related to security system extensions.
 ms.assetid: 9f3c6bde-42b2-4a0a-b353-ed3106ebc005
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-sensitive-privilege-use.md b/windows/keep-secure/audit-sensitive-privilege-use.md
index 051c87dd73..220187fc5b 100644
--- a/windows/keep-secure/audit-sensitive-privilege-use.md
+++ b/windows/keep-secure/audit-sensitive-privilege-use.md
@@ -3,7 +3,7 @@ title: Audit Sensitive Privilege Use (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Sensitive Privilege Use, which determines whether the operating system generates audit events when sensitive privileges (user rights) are used.
 ms.assetid: 915abf50-42d2-45f6-9fd1-e7bd201b193d
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-special-logon.md b/windows/keep-secure/audit-special-logon.md
index e03317f158..2838689d0f 100644
--- a/windows/keep-secure/audit-special-logon.md
+++ b/windows/keep-secure/audit-special-logon.md
@@ -3,7 +3,7 @@ title: Audit Special Logon (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Special Logon, which determines whether the operating system generates audit events under special sign on (or log on) circumstances.
 ms.assetid: e1501bac-1d09-4593-8ebb-f311231567d3
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-system-integrity.md b/windows/keep-secure/audit-system-integrity.md
index fbb0f1b2f7..90bbb22cde 100644
--- a/windows/keep-secure/audit-system-integrity.md
+++ b/windows/keep-secure/audit-system-integrity.md
@@ -3,7 +3,7 @@ title: Audit System Integrity (Windows 10)
 description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit System Integrity, which determines whether the operating system audits events that violate the integrity of the security subsystem.
 ms.assetid: 942a9a7f-fa31-4067-88c7-f73978bf2034
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-user-account-management.md b/windows/keep-secure/audit-user-account-management.md
index eda9df358a..e641522e84 100644
--- a/windows/keep-secure/audit-user-account-management.md
+++ b/windows/keep-secure/audit-user-account-management.md
@@ -3,7 +3,7 @@ title: Audit User Account Management (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit User Account Management, which determines whether the operating system generates audit events when specific user account management tasks are performed.
 ms.assetid: f7e72998-3858-4197-a443-19586ecc4bfb
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/audit-user-device-claims.md b/windows/keep-secure/audit-user-device-claims.md
index 3624a64b1e..69c9dc94c2 100644
--- a/windows/keep-secure/audit-user-device-claims.md
+++ b/windows/keep-secure/audit-user-device-claims.md
@@ -3,7 +3,7 @@ title: Audit User/Device Claims (Windows 10)
 description: This topic for the IT professional describes the advanced security audit policy setting, Audit User/Device Claims, which enables you to audit security events that are generated by user and device claims.
 ms.assetid: D3D2BFAF-F2C0-462A-9377-673DB49D5486
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-1100.md b/windows/keep-secure/event-1100.md
index b6646f9867..3a1a897cf0 100644
--- a/windows/keep-secure/event-1100.md
+++ b/windows/keep-secure/event-1100.md
@@ -2,7 +2,7 @@
 title: 1100(S) The event logging service has shut down. (Windows 10)
 description: Describes security event 1100(S) The event logging service has shut down.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-1102.md b/windows/keep-secure/event-1102.md
index eb7b13ca41..ed03fdf472 100644
--- a/windows/keep-secure/event-1102.md
+++ b/windows/keep-secure/event-1102.md
@@ -2,7 +2,7 @@
 title: 1102(S) The audit log was cleared. (Windows 10)
 description: Describes security event 1102(S) The audit log was cleared.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-1104.md b/windows/keep-secure/event-1104.md
index 4448c4a509..89e9980503 100644
--- a/windows/keep-secure/event-1104.md
+++ b/windows/keep-secure/event-1104.md
@@ -2,7 +2,7 @@
 title: 1104(S) The security log is now full. (Windows 10)
 description: Describes security event 1104(S) The security log is now full.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-1105.md b/windows/keep-secure/event-1105.md
index 3b06cbd87a..75a97f1a66 100644
--- a/windows/keep-secure/event-1105.md
+++ b/windows/keep-secure/event-1105.md
@@ -2,7 +2,7 @@
 title: 1105(S) Event log automatic backup. (Windows 10)
 description: Describes security event 1105(S) Event log automatic backup.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-1108.md b/windows/keep-secure/event-1108.md
index b10c79fa3a..a20422a550 100644
--- a/windows/keep-secure/event-1108.md
+++ b/windows/keep-secure/event-1108.md
@@ -2,7 +2,7 @@
 title: 1108(S) The event logging service encountered an error while processing an incoming event published from %1. (Windows 10)
 description: Describes security event 1108(S) The event logging service encountered an error while processing an incoming event published from %1.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4608.md b/windows/keep-secure/event-4608.md
index 8e846de721..92e9691726 100644
--- a/windows/keep-secure/event-4608.md
+++ b/windows/keep-secure/event-4608.md
@@ -2,7 +2,7 @@
 title: 4608(S) Windows is starting up. (Windows 10)
 description: Describes security event 4608(S) Windows is starting up.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4610.md b/windows/keep-secure/event-4610.md
index 91f93ccf61..66df4467cd 100644
--- a/windows/keep-secure/event-4610.md
+++ b/windows/keep-secure/event-4610.md
@@ -2,7 +2,7 @@
 title: 4610(S) An authentication package has been loaded by the Local Security Authority. (Windows 10)
 description: Describes security event 4610(S) An authentication package has been loaded by the Local Security Authority.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4611.md b/windows/keep-secure/event-4611.md
index ccb63e2c97..4cd9e414e5 100644
--- a/windows/keep-secure/event-4611.md
+++ b/windows/keep-secure/event-4611.md
@@ -2,7 +2,7 @@
 title: 4611(S) A trusted logon process has been registered with the Local Security Authority. (Windows 10)
 description: Describes security event 4611(S) A trusted logon process has been registered with the Local Security Authority.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4612.md b/windows/keep-secure/event-4612.md
index ec67b2cc5c..ffdc67f828 100644
--- a/windows/keep-secure/event-4612.md
+++ b/windows/keep-secure/event-4612.md
@@ -2,7 +2,7 @@
 title: 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. (Windows 10)
 description: Describes security event 4612(S) Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4614.md b/windows/keep-secure/event-4614.md
index 223da4ca4c..5afea7b670 100644
--- a/windows/keep-secure/event-4614.md
+++ b/windows/keep-secure/event-4614.md
@@ -2,7 +2,7 @@
 title: 4614(S) A notification package has been loaded by the Security Account Manager. (Windows 10)
 description: Describes security event 4614(S) A notification package has been loaded by the Security Account Manager.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4615.md b/windows/keep-secure/event-4615.md
index 9b0a3151ad..7089ff1ad7 100644
--- a/windows/keep-secure/event-4615.md
+++ b/windows/keep-secure/event-4615.md
@@ -2,7 +2,7 @@
 title: 4615(S) Invalid use of LPC port. (Windows 10)
 description: Describes security event 4615(S) Invalid use of LPC port.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4616.md b/windows/keep-secure/event-4616.md
index b2ba578b7c..3be067d588 100644
--- a/windows/keep-secure/event-4616.md
+++ b/windows/keep-secure/event-4616.md
@@ -2,7 +2,7 @@
 title: 4616(S) The system time was changed. (Windows 10)
 description: Describes security event 4616(S) The system time was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4618.md b/windows/keep-secure/event-4618.md
index 755dbc817f..e9b106a0b3 100644
--- a/windows/keep-secure/event-4618.md
+++ b/windows/keep-secure/event-4618.md
@@ -2,7 +2,7 @@
 title: 4618(S) A monitored security event pattern has occurred. (Windows 10)
 description: Describes security event 4618(S) A monitored security event pattern has occurred.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4621.md b/windows/keep-secure/event-4621.md
index e8cef166bc..82eeb320a4 100644
--- a/windows/keep-secure/event-4621.md
+++ b/windows/keep-secure/event-4621.md
@@ -2,7 +2,7 @@
 title: 4621(S) Administrator recovered system from CrashOnAuditFail. (Windows 10)
 description: Describes security event 4621(S) Administrator recovered system from CrashOnAuditFail.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4622.md b/windows/keep-secure/event-4622.md
index 2e1e226db8..09fae3de05 100644
--- a/windows/keep-secure/event-4622.md
+++ b/windows/keep-secure/event-4622.md
@@ -2,7 +2,7 @@
 title: 4622(S) A security package has been loaded by the Local Security Authority. (Windows 10)
 description: Describes security event 4622(S) A security package has been loaded by the Local Security Authority.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4624.md b/windows/keep-secure/event-4624.md
index 292033d608..3cb4f0c190 100644
--- a/windows/keep-secure/event-4624.md
+++ b/windows/keep-secure/event-4624.md
@@ -2,7 +2,7 @@
 title: 4624(S) An account was successfully logged on. (Windows 10)
 description: Describes security event 4624(S) An account was successfully logged on.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4625.md b/windows/keep-secure/event-4625.md
index 882c481177..9a040ff053 100644
--- a/windows/keep-secure/event-4625.md
+++ b/windows/keep-secure/event-4625.md
@@ -2,7 +2,7 @@
 title: 4625(F) An account failed to log on. (Windows 10)
 description: Describes security event 4625(F) An account failed to log on.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4626.md b/windows/keep-secure/event-4626.md
index 7ed1c4a5e0..83fa8fe837 100644
--- a/windows/keep-secure/event-4626.md
+++ b/windows/keep-secure/event-4626.md
@@ -2,7 +2,7 @@
 title: 4626(S) User/Device claims information. (Windows 10)
 description: Describes security event 4626(S) User/Device claims information.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4627.md b/windows/keep-secure/event-4627.md
index 33f1daae58..811fd6f830 100644
--- a/windows/keep-secure/event-4627.md
+++ b/windows/keep-secure/event-4627.md
@@ -2,7 +2,7 @@
 title: 4627(S) Group membership information. (Windows 10)
 description: Describes security event 4627(S) Group membership information.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4634.md b/windows/keep-secure/event-4634.md
index 46ecf743dc..10b678d329 100644
--- a/windows/keep-secure/event-4634.md
+++ b/windows/keep-secure/event-4634.md
@@ -2,7 +2,7 @@
 title: 4634(S) An account was logged off. (Windows 10)
 description: Describes security event 4634(S) An account was logged off.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4647.md b/windows/keep-secure/event-4647.md
index 73b26c7c01..16537024f3 100644
--- a/windows/keep-secure/event-4647.md
+++ b/windows/keep-secure/event-4647.md
@@ -2,7 +2,7 @@
 title: 4647(S) User initiated logoff. (Windows 10)
 description: Describes security event 4647(S) User initiated logoff.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4648.md b/windows/keep-secure/event-4648.md
index 9cb907dcb0..0f371abb75 100644
--- a/windows/keep-secure/event-4648.md
+++ b/windows/keep-secure/event-4648.md
@@ -2,7 +2,7 @@
 title: 4648(S) A logon was attempted using explicit credentials. (Windows 10)
 description: Describes security event 4648(S) A logon was attempted using explicit credentials.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4649.md b/windows/keep-secure/event-4649.md
index d360401748..50ea622c1b 100644
--- a/windows/keep-secure/event-4649.md
+++ b/windows/keep-secure/event-4649.md
@@ -2,7 +2,7 @@
 title: 4649(S) A replay attack was detected. (Windows 10)
 description: Describes security event 4649(S) A replay attack was detected.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4656.md b/windows/keep-secure/event-4656.md
index fbe4f6276e..b7e3893812 100644
--- a/windows/keep-secure/event-4656.md
+++ b/windows/keep-secure/event-4656.md
@@ -2,7 +2,7 @@
 title: 4656(S, F) A handle to an object was requested. (Windows 10)
 description: Describes security event 4656(S, F) A handle to an object was requested.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4657.md b/windows/keep-secure/event-4657.md
index f4795e4e3e..5b669ccb0d 100644
--- a/windows/keep-secure/event-4657.md
+++ b/windows/keep-secure/event-4657.md
@@ -2,7 +2,7 @@
 title: 4657(S) A registry value was modified. (Windows 10)
 description: Describes security event 4657(S) A registry value was modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4658.md b/windows/keep-secure/event-4658.md
index 41f3978e7d..3de6b3da02 100644
--- a/windows/keep-secure/event-4658.md
+++ b/windows/keep-secure/event-4658.md
@@ -2,7 +2,7 @@
 title: 4658(S) The handle to an object was closed. (Windows 10)
 description: Describes security event 4658(S) The handle to an object was closed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4660.md b/windows/keep-secure/event-4660.md
index 8621c75ec2..901bc15ae8 100644
--- a/windows/keep-secure/event-4660.md
+++ b/windows/keep-secure/event-4660.md
@@ -2,7 +2,7 @@
 title: 4660(S) An object was deleted. (Windows 10)
 description: Describes security event 4660(S) An object was deleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4661.md b/windows/keep-secure/event-4661.md
index d57a37f333..278c77f651 100644
--- a/windows/keep-secure/event-4661.md
+++ b/windows/keep-secure/event-4661.md
@@ -2,7 +2,7 @@
 title: 4661(S, F) A handle to an object was requested. (Windows 10)
 description: Describes security event 4661(S, F) A handle to an object was requested.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4662.md b/windows/keep-secure/event-4662.md
index 2137b547fe..83640072e0 100644
--- a/windows/keep-secure/event-4662.md
+++ b/windows/keep-secure/event-4662.md
@@ -2,7 +2,7 @@
 title: 4662(S, F) An operation was performed on an object. (Windows 10)
 description: Describes security event 4662(S, F) An operation was performed on an object.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4663.md b/windows/keep-secure/event-4663.md
index 18fa7b3352..46cdac8cb0 100644
--- a/windows/keep-secure/event-4663.md
+++ b/windows/keep-secure/event-4663.md
@@ -2,7 +2,7 @@
 title: 4663(S) An attempt was made to access an object. (Windows 10)
 description: Describes security event 4663(S) An attempt was made to access an object.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4664.md b/windows/keep-secure/event-4664.md
index 4a4c04f599..a62808d16d 100644
--- a/windows/keep-secure/event-4664.md
+++ b/windows/keep-secure/event-4664.md
@@ -2,7 +2,7 @@
 title: 4664(S) An attempt was made to create a hard link. (Windows 10)
 description: Describes security event 4664(S) An attempt was made to create a hard link.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4670.md b/windows/keep-secure/event-4670.md
index 5702cf1f4d..a7de5be046 100644
--- a/windows/keep-secure/event-4670.md
+++ b/windows/keep-secure/event-4670.md
@@ -2,7 +2,7 @@
 title: 4670(S) Permissions on an object were changed. (Windows 10)
 description: Describes security event 4670(S) Permissions on an object were changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4671.md b/windows/keep-secure/event-4671.md
index 9e39d86e0a..c1962e0f68 100644
--- a/windows/keep-secure/event-4671.md
+++ b/windows/keep-secure/event-4671.md
@@ -2,7 +2,7 @@
 title: 4671(-) An application attempted to access a blocked ordinal through the TBS. (Windows 10)
 description: Describes security event 4671(-) An application attempted to access a blocked ordinal through the TBS.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4672.md b/windows/keep-secure/event-4672.md
index 2d0ec716c2..bf0fff94de 100644
--- a/windows/keep-secure/event-4672.md
+++ b/windows/keep-secure/event-4672.md
@@ -2,7 +2,7 @@
 title: 4672(S) Special privileges assigned to new logon. (Windows 10)
 description: Describes security event 4672(S) Special privileges assigned to new logon.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4673.md b/windows/keep-secure/event-4673.md
index 2816879567..5282a6658e 100644
--- a/windows/keep-secure/event-4673.md
+++ b/windows/keep-secure/event-4673.md
@@ -2,7 +2,7 @@
 title: 4673(S, F) A privileged service was called. (Windows 10)
 description: Describes security event 4673(S, F) A privileged service was called.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4674.md b/windows/keep-secure/event-4674.md
index 3693ca894f..41518d4e2b 100644
--- a/windows/keep-secure/event-4674.md
+++ b/windows/keep-secure/event-4674.md
@@ -2,7 +2,7 @@
 title: 4674(S, F) An operation was attempted on a privileged object. (Windows 10)
 description: Describes security event 4674(S, F) An operation was attempted on a privileged object.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4675.md b/windows/keep-secure/event-4675.md
index de11244f51..dc8a19e120 100644
--- a/windows/keep-secure/event-4675.md
+++ b/windows/keep-secure/event-4675.md
@@ -2,7 +2,7 @@
 title: 4675(S) SIDs were filtered. (Windows 10)
 description: Describes security event 4675(S) SIDs were filtered.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4688.md b/windows/keep-secure/event-4688.md
index 9c62824cd3..fa4b2d568d 100644
--- a/windows/keep-secure/event-4688.md
+++ b/windows/keep-secure/event-4688.md
@@ -2,7 +2,7 @@
 title: 4688(S) A new process has been created. (Windows 10)
 description: Describes security event 4688(S) A new process has been created.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4689.md b/windows/keep-secure/event-4689.md
index 9acfebcd83..e5f97fe698 100644
--- a/windows/keep-secure/event-4689.md
+++ b/windows/keep-secure/event-4689.md
@@ -2,7 +2,7 @@
 title: 4689(S) A process has exited. (Windows 10)
 description: Describes security event 4689(S) A process has exited.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4690.md b/windows/keep-secure/event-4690.md
index c96c508880..d7ac11d773 100644
--- a/windows/keep-secure/event-4690.md
+++ b/windows/keep-secure/event-4690.md
@@ -2,7 +2,7 @@
 title: 4690(S) An attempt was made to duplicate a handle to an object. (Windows 10)
 description: Describes security event 4690(S) An attempt was made to duplicate a handle to an object.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4691.md b/windows/keep-secure/event-4691.md
index ed50802c98..ba22553755 100644
--- a/windows/keep-secure/event-4691.md
+++ b/windows/keep-secure/event-4691.md
@@ -2,7 +2,7 @@
 title: 4691(S) Indirect access to an object was requested. (Windows 10)
 description: Describes security event 4691(S) Indirect access to an object was requested.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4692.md b/windows/keep-secure/event-4692.md
index a298a2a73e..aba10585e3 100644
--- a/windows/keep-secure/event-4692.md
+++ b/windows/keep-secure/event-4692.md
@@ -2,7 +2,7 @@
 title: 4692(S, F) Backup of data protection master key was attempted. (Windows 10)
 description: Describes security event 4692(S, F) Backup of data protection master key was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4693.md b/windows/keep-secure/event-4693.md
index 21b507d0f4..3134110a5c 100644
--- a/windows/keep-secure/event-4693.md
+++ b/windows/keep-secure/event-4693.md
@@ -2,7 +2,7 @@
 title: 4693(S, F) Recovery of data protection master key was attempted. (Windows 10)
 description: Describes security event 4693(S, F) Recovery of data protection master key was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4694.md b/windows/keep-secure/event-4694.md
index 930eef2a3b..ebd12e3f78 100644
--- a/windows/keep-secure/event-4694.md
+++ b/windows/keep-secure/event-4694.md
@@ -2,7 +2,7 @@
 title: 4694(S, F) Protection of auditable protected data was attempted. (Windows 10)
 description: Describes security event 4694(S, F) Protection of auditable protected data was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4695.md b/windows/keep-secure/event-4695.md
index ce3643a78f..48d9dd1dc6 100644
--- a/windows/keep-secure/event-4695.md
+++ b/windows/keep-secure/event-4695.md
@@ -2,7 +2,7 @@
 title: 4695(S, F) Unprotection of auditable protected data was attempted. (Windows 10)
 description: Describes security event 4695(S, F) Unprotection of auditable protected data was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4696.md b/windows/keep-secure/event-4696.md
index 5ef396c31e..e4746f74c9 100644
--- a/windows/keep-secure/event-4696.md
+++ b/windows/keep-secure/event-4696.md
@@ -2,7 +2,7 @@
 title: 4696(S) A primary token was assigned to process. (Windows 10)
 description: Describes security event 4696(S) A primary token was assigned to process.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4697.md b/windows/keep-secure/event-4697.md
index b5bd6dc109..0213aa9f0a 100644
--- a/windows/keep-secure/event-4697.md
+++ b/windows/keep-secure/event-4697.md
@@ -2,7 +2,7 @@
 title: 4697(S) A service was installed in the system. (Windows 10)
 description: Describes security event 4697(S) A service was installed in the system.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4698.md b/windows/keep-secure/event-4698.md
index 4829ecd989..5d522281cb 100644
--- a/windows/keep-secure/event-4698.md
+++ b/windows/keep-secure/event-4698.md
@@ -2,7 +2,7 @@
 title: 4698(S) A scheduled task was created. (Windows 10)
 description: Describes security event 4698(S) A scheduled task was created.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4699.md b/windows/keep-secure/event-4699.md
index f5e298828f..a1c58890d6 100644
--- a/windows/keep-secure/event-4699.md
+++ b/windows/keep-secure/event-4699.md
@@ -2,7 +2,7 @@
 title: 4699(S) A scheduled task was deleted. (Windows 10)
 description: Describes security event 4699(S) A scheduled task was deleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4700.md b/windows/keep-secure/event-4700.md
index f0af1f518a..fa5a54c164 100644
--- a/windows/keep-secure/event-4700.md
+++ b/windows/keep-secure/event-4700.md
@@ -2,7 +2,7 @@
 title: 4700(S) A scheduled task was enabled. (Windows 10)
 description: Describes security event 4700(S) A scheduled task was enabled.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4701.md b/windows/keep-secure/event-4701.md
index fcecfb76bd..5c1cafe14f 100644
--- a/windows/keep-secure/event-4701.md
+++ b/windows/keep-secure/event-4701.md
@@ -2,7 +2,7 @@
 title: 4701(S) A scheduled task was disabled. (Windows 10)
 description: Describes security event 4701(S) A scheduled task was disabled.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4702.md b/windows/keep-secure/event-4702.md
index 3c3e7535dc..3d0071fd39 100644
--- a/windows/keep-secure/event-4702.md
+++ b/windows/keep-secure/event-4702.md
@@ -2,7 +2,7 @@
 title: 4702(S) A scheduled task was updated. (Windows 10)
 description: Describes security event 4702(S) A scheduled task was updated.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4703.md b/windows/keep-secure/event-4703.md
index e6ab98abc4..4b6ac99faa 100644
--- a/windows/keep-secure/event-4703.md
+++ b/windows/keep-secure/event-4703.md
@@ -2,7 +2,7 @@
 title: 4703(S) A user right was adjusted. (Windows 10)
 description: Describes security event 4703(S) A user right was adjusted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4704.md b/windows/keep-secure/event-4704.md
index 06708cb228..ee98fd4712 100644
--- a/windows/keep-secure/event-4704.md
+++ b/windows/keep-secure/event-4704.md
@@ -2,7 +2,7 @@
 title: 4704(S) A user right was assigned. (Windows 10)
 description: Describes security event 4704(S) A user right was assigned.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4705.md b/windows/keep-secure/event-4705.md
index 475c72b108..7a5f1008fc 100644
--- a/windows/keep-secure/event-4705.md
+++ b/windows/keep-secure/event-4705.md
@@ -2,7 +2,7 @@
 title: 4705(S) A user right was removed. (Windows 10)
 description: Describes security event 4705(S) A user right was removed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4706.md b/windows/keep-secure/event-4706.md
index 92a9152b46..c6eba5f6a8 100644
--- a/windows/keep-secure/event-4706.md
+++ b/windows/keep-secure/event-4706.md
@@ -2,7 +2,7 @@
 title: 4706(S) A new trust was created to a domain. (Windows 10)
 description: Describes security event 4706(S) A new trust was created to a domain.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4707.md b/windows/keep-secure/event-4707.md
index 7698e07d9f..9a77188b80 100644
--- a/windows/keep-secure/event-4707.md
+++ b/windows/keep-secure/event-4707.md
@@ -2,7 +2,7 @@
 title: 4707(S) A trust to a domain was removed. (Windows 10)
 description: Describes security event 4707(S) A trust to a domain was removed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4713.md b/windows/keep-secure/event-4713.md
index 46884472bc..47ebf3fbb5 100644
--- a/windows/keep-secure/event-4713.md
+++ b/windows/keep-secure/event-4713.md
@@ -2,7 +2,7 @@
 title: 4713(S) Kerberos policy was changed. (Windows 10)
 description: Describes security event 4713(S) Kerberos policy was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4714.md b/windows/keep-secure/event-4714.md
index c113a6acf4..0531957676 100644
--- a/windows/keep-secure/event-4714.md
+++ b/windows/keep-secure/event-4714.md
@@ -2,7 +2,7 @@
 title: 4714(S) Encrypted data recovery policy was changed. (Windows 10)
 description: Describes security event 4714(S) Encrypted data recovery policy was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4715.md b/windows/keep-secure/event-4715.md
index 5bee7b5421..d0e5dd0ef3 100644
--- a/windows/keep-secure/event-4715.md
+++ b/windows/keep-secure/event-4715.md
@@ -2,7 +2,7 @@
 title: 4715(S) The audit policy (SACL) on an object was changed. (Windows 10)
 description: Describes security event 4715(S) The audit policy (SACL) on an object was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4716.md b/windows/keep-secure/event-4716.md
index bef6704947..373d14519b 100644
--- a/windows/keep-secure/event-4716.md
+++ b/windows/keep-secure/event-4716.md
@@ -2,7 +2,7 @@
 title: 4716(S) Trusted domain information was modified. (Windows 10)
 description: Describes security event 4716(S) Trusted domain information was modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4717.md b/windows/keep-secure/event-4717.md
index a6fc571002..dbe74fada2 100644
--- a/windows/keep-secure/event-4717.md
+++ b/windows/keep-secure/event-4717.md
@@ -2,7 +2,7 @@
 title: 4717(S) System security access was granted to an account. (Windows 10)
 description: Describes security event 4717(S) System security access was granted to an account.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4718.md b/windows/keep-secure/event-4718.md
index a3dce890af..44f5fc4624 100644
--- a/windows/keep-secure/event-4718.md
+++ b/windows/keep-secure/event-4718.md
@@ -2,7 +2,7 @@
 title: 4718(S) System security access was removed from an account. (Windows 10)
 description: Describes security event 4718(S) System security access was removed from an account.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4719.md b/windows/keep-secure/event-4719.md
index 58d6ee111c..7a274992c8 100644
--- a/windows/keep-secure/event-4719.md
+++ b/windows/keep-secure/event-4719.md
@@ -2,7 +2,7 @@
 title: 4719(S) System audit policy was changed. (Windows 10)
 description: Describes security event 4719(S) System audit policy was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4720.md b/windows/keep-secure/event-4720.md
index 7ef1a7b270..157b9b01a3 100644
--- a/windows/keep-secure/event-4720.md
+++ b/windows/keep-secure/event-4720.md
@@ -2,7 +2,7 @@
 title: 4720(S) A user account was created. (Windows 10)
 description: Describes security event 4720(S) A user account was created.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4722.md b/windows/keep-secure/event-4722.md
index aaf7fa9ca4..6c96fd0b4a 100644
--- a/windows/keep-secure/event-4722.md
+++ b/windows/keep-secure/event-4722.md
@@ -2,7 +2,7 @@
 title: 4722(S) A user account was enabled. (Windows 10)
 description: Describes security event 4722(S) A user account was enabled.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4723.md b/windows/keep-secure/event-4723.md
index f59314b77b..8c23919260 100644
--- a/windows/keep-secure/event-4723.md
+++ b/windows/keep-secure/event-4723.md
@@ -2,7 +2,7 @@
 title: 4723(S, F) An attempt was made to change an account's password. (Windows 10)
 description: Describes security event 4723(S, F) An attempt was made to change an account's password.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4724.md b/windows/keep-secure/event-4724.md
index b71a0364cc..977955100e 100644
--- a/windows/keep-secure/event-4724.md
+++ b/windows/keep-secure/event-4724.md
@@ -2,7 +2,7 @@
 title: 4724(S, F) An attempt was made to reset an account's password. (Windows 10)
 description: Describes security event 4724(S, F) An attempt was made to reset an account's password.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4725.md b/windows/keep-secure/event-4725.md
index e9e4393343..7dacfe0813 100644
--- a/windows/keep-secure/event-4725.md
+++ b/windows/keep-secure/event-4725.md
@@ -2,7 +2,7 @@
 title: 4725(S) A user account was disabled. (Windows 10)
 description: Describes security event 4725(S) A user account was disabled.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4726.md b/windows/keep-secure/event-4726.md
index 605e5be4b1..ab110e118d 100644
--- a/windows/keep-secure/event-4726.md
+++ b/windows/keep-secure/event-4726.md
@@ -2,7 +2,7 @@
 title: 4726(S) A user account was deleted. (Windows 10)
 description: Describes security event 4726(S) A user account was deleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4731.md b/windows/keep-secure/event-4731.md
index 3edf72933e..0f6116aca5 100644
--- a/windows/keep-secure/event-4731.md
+++ b/windows/keep-secure/event-4731.md
@@ -2,7 +2,7 @@
 title: 4731(S) A security-enabled local group was created. (Windows 10)
 description: Describes security event 4731(S) A security-enabled local group was created.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4732.md b/windows/keep-secure/event-4732.md
index be676a7515..f688280574 100644
--- a/windows/keep-secure/event-4732.md
+++ b/windows/keep-secure/event-4732.md
@@ -2,7 +2,7 @@
 title: 4732(S) A member was added to a security-enabled local group. (Windows 10)
 description: Describes security event 4732(S) A member was added to a security-enabled local group.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4733.md b/windows/keep-secure/event-4733.md
index 5b4c8ee111..b2de4567ac 100644
--- a/windows/keep-secure/event-4733.md
+++ b/windows/keep-secure/event-4733.md
@@ -2,7 +2,7 @@
 title: 4733(S) A member was removed from a security-enabled local group. (Windows 10)
 description: Describes security event 4733(S) A member was removed from a security-enabled local group.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4734.md b/windows/keep-secure/event-4734.md
index 5ee0ad8db7..023be2969c 100644
--- a/windows/keep-secure/event-4734.md
+++ b/windows/keep-secure/event-4734.md
@@ -2,7 +2,7 @@
 title: 4734(S) A security-enabled local group was deleted. (Windows 10)
 description: Describes security event 4734(S) A security-enabled local group was deleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4735.md b/windows/keep-secure/event-4735.md
index 56b28b5e54..b6dac600b9 100644
--- a/windows/keep-secure/event-4735.md
+++ b/windows/keep-secure/event-4735.md
@@ -2,7 +2,7 @@
 title: 4735(S) A security-enabled local group was changed. (Windows 10)
 description: Describes security event 4735(S) A security-enabled local group was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4738.md b/windows/keep-secure/event-4738.md
index 4eeb20f066..98f22cb17c 100644
--- a/windows/keep-secure/event-4738.md
+++ b/windows/keep-secure/event-4738.md
@@ -2,7 +2,7 @@
 title: 4738(S) A user account was changed. (Windows 10)
 description: Describes security event 4738(S) A user account was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4739.md b/windows/keep-secure/event-4739.md
index 03f4def1f9..b5873a99e3 100644
--- a/windows/keep-secure/event-4739.md
+++ b/windows/keep-secure/event-4739.md
@@ -2,7 +2,7 @@
 title: 4739(S) Domain Policy was changed. (Windows 10)
 description: Describes security event 4739(S) Domain Policy was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4740.md b/windows/keep-secure/event-4740.md
index 813f534ba7..7ab01449c8 100644
--- a/windows/keep-secure/event-4740.md
+++ b/windows/keep-secure/event-4740.md
@@ -2,7 +2,7 @@
 title: 4740(S) A user account was locked out. (Windows 10)
 description: Describes security event 4740(S) A user account was locked out.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4741.md b/windows/keep-secure/event-4741.md
index 46734b980b..52d8a70a84 100644
--- a/windows/keep-secure/event-4741.md
+++ b/windows/keep-secure/event-4741.md
@@ -2,7 +2,7 @@
 title: 4741(S) A computer account was created. (Windows 10)
 description: Describes security event 4741(S) A computer account was created.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4742.md b/windows/keep-secure/event-4742.md
index 43b86b8649..b09dba8333 100644
--- a/windows/keep-secure/event-4742.md
+++ b/windows/keep-secure/event-4742.md
@@ -2,7 +2,7 @@
 title: 4742(S) A computer account was changed. (Windows 10)
 description: Describes security event 4742(S) A computer account was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4743.md b/windows/keep-secure/event-4743.md
index 69365e69e6..42f7e90f14 100644
--- a/windows/keep-secure/event-4743.md
+++ b/windows/keep-secure/event-4743.md
@@ -2,7 +2,7 @@
 title: 4743(S) A computer account was deleted. (Windows 10)
 description: Describes security event 4743(S) A computer account was deleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4749.md b/windows/keep-secure/event-4749.md
index ebf569aae3..321a4a3e52 100644
--- a/windows/keep-secure/event-4749.md
+++ b/windows/keep-secure/event-4749.md
@@ -2,7 +2,7 @@
 title: 4749(S) A security-disabled global group was created. (Windows 10)
 description: Describes security event 4749(S) A security-disabled global group was created.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4750.md b/windows/keep-secure/event-4750.md
index 5feebeb1f2..17f5d8eb84 100644
--- a/windows/keep-secure/event-4750.md
+++ b/windows/keep-secure/event-4750.md
@@ -2,7 +2,7 @@
 title: 4750(S) A security-disabled global group was changed. (Windows 10)
 description: Describes security event 4750(S) A security-disabled global group was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4751.md b/windows/keep-secure/event-4751.md
index 600f534e40..ea37165fce 100644
--- a/windows/keep-secure/event-4751.md
+++ b/windows/keep-secure/event-4751.md
@@ -2,7 +2,7 @@
 title: 4751(S) A member was added to a security-disabled global group. (Windows 10)
 description: Describes security event 4751(S) A member was added to a security-disabled global group.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4752.md b/windows/keep-secure/event-4752.md
index d4d9463173..28d38b44a5 100644
--- a/windows/keep-secure/event-4752.md
+++ b/windows/keep-secure/event-4752.md
@@ -2,7 +2,7 @@
 title: 4752(S) A member was removed from a security-disabled global group. (Windows 10)
 description: Describes security event 4752(S) A member was removed from a security-disabled global group.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4753.md b/windows/keep-secure/event-4753.md
index 4aeb373191..5cc018f286 100644
--- a/windows/keep-secure/event-4753.md
+++ b/windows/keep-secure/event-4753.md
@@ -2,7 +2,7 @@
 title: 4753(S) A security-disabled global group was deleted. (Windows 10)
 description: Describes security event 4753(S) A security-disabled global group was deleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4764.md b/windows/keep-secure/event-4764.md
index 0fc3fa9b1c..e5bcc13c9a 100644
--- a/windows/keep-secure/event-4764.md
+++ b/windows/keep-secure/event-4764.md
@@ -2,7 +2,7 @@
 title: 4764(S) A group's type was changed. (Windows 10)
 description: Describes security event 4764(S) A group’s type was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4765.md b/windows/keep-secure/event-4765.md
index 261ed56dd4..f1bc1a4995 100644
--- a/windows/keep-secure/event-4765.md
+++ b/windows/keep-secure/event-4765.md
@@ -2,7 +2,7 @@
 title: 4765(S) SID History was added to an account. (Windows 10)
 description: Describes security event 4765(S) SID History was added to an account.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4766.md b/windows/keep-secure/event-4766.md
index 61ed78f50d..b3d0a00060 100644
--- a/windows/keep-secure/event-4766.md
+++ b/windows/keep-secure/event-4766.md
@@ -2,7 +2,7 @@
 title: 4766(F) An attempt to add SID History to an account failed. (Windows 10)
 description: Describes security event 4766(F) An attempt to add SID History to an account failed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4767.md b/windows/keep-secure/event-4767.md
index bad7f26588..a189b84db0 100644
--- a/windows/keep-secure/event-4767.md
+++ b/windows/keep-secure/event-4767.md
@@ -2,7 +2,7 @@
 title: 4767(S) A user account was unlocked. (Windows 10)
 description: Describes security event 4767(S) A user account was unlocked.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4768.md b/windows/keep-secure/event-4768.md
index f8b4558198..edcc1952bc 100644
--- a/windows/keep-secure/event-4768.md
+++ b/windows/keep-secure/event-4768.md
@@ -2,7 +2,7 @@
 title: 4768(S, F) A Kerberos authentication ticket (TGT) was requested. (Windows 10)
 description: Describes security event 4768(S, F) A Kerberos authentication ticket (TGT) was requested.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4769.md b/windows/keep-secure/event-4769.md
index 20c430fa33..ecb3b28900 100644
--- a/windows/keep-secure/event-4769.md
+++ b/windows/keep-secure/event-4769.md
@@ -2,7 +2,7 @@
 title: 4769(S, F) A Kerberos service ticket was requested. (Windows 10)
 description: Describes security event 4769(S, F) A Kerberos service ticket was requested.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4770.md b/windows/keep-secure/event-4770.md
index 5983d931d7..1c353eb67f 100644
--- a/windows/keep-secure/event-4770.md
+++ b/windows/keep-secure/event-4770.md
@@ -2,7 +2,7 @@
 title: 4770(S) A Kerberos service ticket was renewed. (Windows 10)
 description: Describes security event 4770(S) A Kerberos service ticket was renewed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4771.md b/windows/keep-secure/event-4771.md
index ec327a9f1f..ae81985175 100644
--- a/windows/keep-secure/event-4771.md
+++ b/windows/keep-secure/event-4771.md
@@ -2,7 +2,7 @@
 title: 4771(F) Kerberos pre-authentication failed. (Windows 10)
 description: Describes security event 4771(F) Kerberos pre-authentication failed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4772.md b/windows/keep-secure/event-4772.md
index 0bf72a2f75..cc22ebd0d0 100644
--- a/windows/keep-secure/event-4772.md
+++ b/windows/keep-secure/event-4772.md
@@ -2,7 +2,7 @@
 title: 4772(F) A Kerberos authentication ticket request failed. (Windows 10)
 description: Describes security event 4772(F) A Kerberos authentication ticket request failed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4773.md b/windows/keep-secure/event-4773.md
index 1f4a877348..d1edccab49 100644
--- a/windows/keep-secure/event-4773.md
+++ b/windows/keep-secure/event-4773.md
@@ -2,7 +2,7 @@
 title: 4773(F) A Kerberos service ticket request failed. (Windows 10)
 description: Describes security event 4773(F) A Kerberos service ticket request failed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4774.md b/windows/keep-secure/event-4774.md
index 2cb4f23bd1..2b626f9576 100644
--- a/windows/keep-secure/event-4774.md
+++ b/windows/keep-secure/event-4774.md
@@ -2,7 +2,7 @@
 title: 4774(S) An account was mapped for logon. (Windows 10)
 description: Describes security event 4774(S) An account was mapped for logon.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4775.md b/windows/keep-secure/event-4775.md
index 56d51f81fa..f02523531c 100644
--- a/windows/keep-secure/event-4775.md
+++ b/windows/keep-secure/event-4775.md
@@ -2,7 +2,7 @@
 title: 4775(F) An account could not be mapped for logon. (Windows 10)
 description: Describes security event 4775(F) An account could not be mapped for logon.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4776.md b/windows/keep-secure/event-4776.md
index 4b1bd35fc0..c244914722 100644
--- a/windows/keep-secure/event-4776.md
+++ b/windows/keep-secure/event-4776.md
@@ -2,7 +2,7 @@
 title: 4776(S, F) The computer attempted to validate the credentials for an account. (Windows 10)
 description: Describes security event 4776(S, F) The computer attempted to validate the credentials for an account.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4777.md b/windows/keep-secure/event-4777.md
index db755e968c..7a985dae86 100644
--- a/windows/keep-secure/event-4777.md
+++ b/windows/keep-secure/event-4777.md
@@ -2,7 +2,7 @@
 title: 4777(F) The domain controller failed to validate the credentials for an account. (Windows 10)
 description: Describes security event 4777(F) The domain controller failed to validate the credentials for an account.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4778.md b/windows/keep-secure/event-4778.md
index 2c47b9958b..ff3e197630 100644
--- a/windows/keep-secure/event-4778.md
+++ b/windows/keep-secure/event-4778.md
@@ -2,7 +2,7 @@
 title: 4778(S) A session was reconnected to a Window Station. (Windows 10)
 description: Describes security event 4778(S) A session was reconnected to a Window Station.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4779.md b/windows/keep-secure/event-4779.md
index f3b2dc262b..2dfd8ef4ab 100644
--- a/windows/keep-secure/event-4779.md
+++ b/windows/keep-secure/event-4779.md
@@ -2,7 +2,7 @@
 title: 4779(S) A session was disconnected from a Window Station. (Windows 10)
 description: Describes security event 4779(S) A session was disconnected from a Window Station.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4780.md b/windows/keep-secure/event-4780.md
index 3aef6e6a3a..f90b4a900a 100644
--- a/windows/keep-secure/event-4780.md
+++ b/windows/keep-secure/event-4780.md
@@ -2,7 +2,7 @@
 title: 4780(S) The ACL was set on accounts which are members of administrators groups. (Windows 10)
 description: Describes security event 4780(S) The ACL was set on accounts which are members of administrators groups.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4781.md b/windows/keep-secure/event-4781.md
index ae172e368c..34064992de 100644
--- a/windows/keep-secure/event-4781.md
+++ b/windows/keep-secure/event-4781.md
@@ -2,7 +2,7 @@
 title: 4781(S) The name of an account was changed. (Windows 10)
 description: Describes security event 4781(S) The name of an account was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4782.md b/windows/keep-secure/event-4782.md
index 100e19c4fe..6d0804b3b3 100644
--- a/windows/keep-secure/event-4782.md
+++ b/windows/keep-secure/event-4782.md
@@ -2,7 +2,7 @@
 title: 4782(S) The password hash an account was accessed. (Windows 10)
 description: Describes security event 4782(S) The password hash an account was accessed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4793.md b/windows/keep-secure/event-4793.md
index 8776180dca..079c4317df 100644
--- a/windows/keep-secure/event-4793.md
+++ b/windows/keep-secure/event-4793.md
@@ -2,7 +2,7 @@
 title: 4793(S) The Password Policy Checking API was called. (Windows 10)
 description: Describes security event 4793(S) The Password Policy Checking API was called.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4794.md b/windows/keep-secure/event-4794.md
index a703f77ede..c3ce16e165 100644
--- a/windows/keep-secure/event-4794.md
+++ b/windows/keep-secure/event-4794.md
@@ -2,7 +2,7 @@
 title: 4794(S, F) An attempt was made to set the Directory Services Restore Mode administrator password. (Windows 10)
 description: Describes security event 4794(S, F) An attempt was made to set the Directory Services Restore Mode administrator password.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4798.md b/windows/keep-secure/event-4798.md
index 8468f10240..3423f5319b 100644
--- a/windows/keep-secure/event-4798.md
+++ b/windows/keep-secure/event-4798.md
@@ -2,7 +2,7 @@
 title: 4798(S) A user's local group membership was enumerated. (Windows 10)
 description: Describes security event 4798(S) A user's local group membership was enumerated.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4799.md b/windows/keep-secure/event-4799.md
index 7673abf0a6..2084212f59 100644
--- a/windows/keep-secure/event-4799.md
+++ b/windows/keep-secure/event-4799.md
@@ -2,7 +2,7 @@
 title: 4799(S) A security-enabled local group membership was enumerated. (Windows 10)
 description: Describes security event 4799(S) A security-enabled local group membership was enumerated.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4800.md b/windows/keep-secure/event-4800.md
index bba6681e18..3eb3482649 100644
--- a/windows/keep-secure/event-4800.md
+++ b/windows/keep-secure/event-4800.md
@@ -2,7 +2,7 @@
 title: 4800(S) The workstation was locked. (Windows 10)
 description: Describes security event 4800(S) The workstation was locked.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4801.md b/windows/keep-secure/event-4801.md
index 28e2f207b6..b0b69a6e24 100644
--- a/windows/keep-secure/event-4801.md
+++ b/windows/keep-secure/event-4801.md
@@ -2,7 +2,7 @@
 title: 4801(S) The workstation was unlocked. (Windows 10)
 description: Describes security event 4801(S) The workstation was unlocked.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4802.md b/windows/keep-secure/event-4802.md
index c4b49527e7..691f558b08 100644
--- a/windows/keep-secure/event-4802.md
+++ b/windows/keep-secure/event-4802.md
@@ -2,7 +2,7 @@
 title: 4802(S) The screen saver was invoked. (Windows 10)
 description: Describes security event 4802(S) The screen saver was invoked.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4803.md b/windows/keep-secure/event-4803.md
index 118d94f09a..8cfb6407c8 100644
--- a/windows/keep-secure/event-4803.md
+++ b/windows/keep-secure/event-4803.md
@@ -2,7 +2,7 @@
 title: 4803(S) The screen saver was dismissed. (Windows 10)
 description: Describes security event 4803(S) The screen saver was dismissed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4816.md b/windows/keep-secure/event-4816.md
index 9d90f07c17..846e37ddf7 100644
--- a/windows/keep-secure/event-4816.md
+++ b/windows/keep-secure/event-4816.md
@@ -2,7 +2,7 @@
 title: 4816(S) RPC detected an integrity violation while decrypting an incoming message. (Windows 10)
 description: Describes security event 4816(S) RPC detected an integrity violation while decrypting an incoming message.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4817.md b/windows/keep-secure/event-4817.md
index 614adbf442..c1bc5e42d5 100644
--- a/windows/keep-secure/event-4817.md
+++ b/windows/keep-secure/event-4817.md
@@ -2,7 +2,7 @@
 title: 4817(S) Auditing settings on object were changed. (Windows 10)
 description: Describes security event 4817(S) Auditing settings on object were changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4818.md b/windows/keep-secure/event-4818.md
index b8c3c13ecd..f219c35d82 100644
--- a/windows/keep-secure/event-4818.md
+++ b/windows/keep-secure/event-4818.md
@@ -2,7 +2,7 @@
 title: 4818(S) Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy. (Windows 10)
 description: Describes security event 4818(S) Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4819.md b/windows/keep-secure/event-4819.md
index 14613c4b7a..b9311464ea 100644
--- a/windows/keep-secure/event-4819.md
+++ b/windows/keep-secure/event-4819.md
@@ -2,7 +2,7 @@
 title: 4819(S) Central Access Policies on the machine have been changed. (Windows 10)
 description: Describes security event 4819(S) Central Access Policies on the machine have been changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4826.md b/windows/keep-secure/event-4826.md
index 655602c5d7..fd9ab17f16 100644
--- a/windows/keep-secure/event-4826.md
+++ b/windows/keep-secure/event-4826.md
@@ -2,7 +2,7 @@
 title: 4826(S) Boot Configuration Data loaded. (Windows 10)
 description: Describes security event 4826(S) Boot Configuration Data loaded.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4864.md b/windows/keep-secure/event-4864.md
index 52abc31dfe..c889c54cdf 100644
--- a/windows/keep-secure/event-4864.md
+++ b/windows/keep-secure/event-4864.md
@@ -2,7 +2,7 @@
 title: 4864(S) A namespace collision was detected. (Windows 10)
 description: Describes security event 4864(S) A namespace collision was detected.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4865.md b/windows/keep-secure/event-4865.md
index 50cf514dd4..90f686c80b 100644
--- a/windows/keep-secure/event-4865.md
+++ b/windows/keep-secure/event-4865.md
@@ -2,7 +2,7 @@
 title: 4865(S) A trusted forest information entry was added. (Windows 10)
 description: Describes security event 4865(S) A trusted forest information entry was added.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4866.md b/windows/keep-secure/event-4866.md
index bc7752fc7b..1fc701f4d1 100644
--- a/windows/keep-secure/event-4866.md
+++ b/windows/keep-secure/event-4866.md
@@ -2,7 +2,7 @@
 title: 4866(S) A trusted forest information entry was removed. (Windows 10)
 description: Describes security event 4866(S) A trusted forest information entry was removed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4867.md b/windows/keep-secure/event-4867.md
index 73c7e92586..57fc10f7da 100644
--- a/windows/keep-secure/event-4867.md
+++ b/windows/keep-secure/event-4867.md
@@ -2,7 +2,7 @@
 title: 4867(S) A trusted forest information entry was modified. (Windows 10)
 description: Describes security event 4867(S) A trusted forest information entry was modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4902.md b/windows/keep-secure/event-4902.md
index b6cf1ebb77..f8979e200f 100644
--- a/windows/keep-secure/event-4902.md
+++ b/windows/keep-secure/event-4902.md
@@ -2,7 +2,7 @@
 title: 4902(S) The Per-user audit policy table was created. (Windows 10)
 description: Describes security event 4902(S) The Per-user audit policy table was created.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4904.md b/windows/keep-secure/event-4904.md
index 5f46d6c131..85d903d952 100644
--- a/windows/keep-secure/event-4904.md
+++ b/windows/keep-secure/event-4904.md
@@ -2,7 +2,7 @@
 title: 4904(S) An attempt was made to register a security event source. (Windows 10)
 description: Describes security event 4904(S) An attempt was made to register a security event source.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4905.md b/windows/keep-secure/event-4905.md
index 222fd0f263..1bc58fabcc 100644
--- a/windows/keep-secure/event-4905.md
+++ b/windows/keep-secure/event-4905.md
@@ -2,7 +2,7 @@
 title: 4905(S) An attempt was made to unregister a security event source. (Windows 10)
 description: Describes security event 4905(S) An attempt was made to unregister a security event source.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4906.md b/windows/keep-secure/event-4906.md
index 9232c75a41..b7e82beaac 100644
--- a/windows/keep-secure/event-4906.md
+++ b/windows/keep-secure/event-4906.md
@@ -2,7 +2,7 @@
 title: 4906(S) The CrashOnAuditFail value has changed. (Windows 10)
 description: Describes security event 4906(S) The CrashOnAuditFail value has changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4907.md b/windows/keep-secure/event-4907.md
index b3339c3ace..0867cad21e 100644
--- a/windows/keep-secure/event-4907.md
+++ b/windows/keep-secure/event-4907.md
@@ -2,7 +2,7 @@
 title: 4907(S) Auditing settings on object were changed. (Windows 10)
 description: Describes security event 4907(S) Auditing settings on object were changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4908.md b/windows/keep-secure/event-4908.md
index fbb9957571..c76f86b814 100644
--- a/windows/keep-secure/event-4908.md
+++ b/windows/keep-secure/event-4908.md
@@ -2,7 +2,7 @@
 title: 4908(S) Special Groups Logon table modified. (Windows 10)
 description: Describes security event 4908(S) Special Groups Logon table modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4909.md b/windows/keep-secure/event-4909.md
index 650d9bbf8c..f3f6b7d90e 100644
--- a/windows/keep-secure/event-4909.md
+++ b/windows/keep-secure/event-4909.md
@@ -2,7 +2,7 @@
 title: 4909(-) The local policy settings for the TBS were changed. (Windows 10)
 description: Describes security event 4909(-) The local policy settings for the TBS were changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4910.md b/windows/keep-secure/event-4910.md
index f167349c1b..bf7110033f 100644
--- a/windows/keep-secure/event-4910.md
+++ b/windows/keep-secure/event-4910.md
@@ -2,7 +2,7 @@
 title: 4910(-) The group policy settings for the TBS were changed. (Windows 10)
 description: Describes security event 4910(-) The group policy settings for the TBS were changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4911.md b/windows/keep-secure/event-4911.md
index 39d00ba5ee..20a174c857 100644
--- a/windows/keep-secure/event-4911.md
+++ b/windows/keep-secure/event-4911.md
@@ -2,7 +2,7 @@
 title: 4911(S) Resource attributes of the object were changed. (Windows 10)
 description: Describes security event 4911(S) Resource attributes of the object were changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4912.md b/windows/keep-secure/event-4912.md
index 6373e7532b..bc9856672a 100644
--- a/windows/keep-secure/event-4912.md
+++ b/windows/keep-secure/event-4912.md
@@ -2,7 +2,7 @@
 title: 4912(S) Per User Audit Policy was changed. (Windows 10)
 description: Describes security event 4912(S) Per User Audit Policy was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4913.md b/windows/keep-secure/event-4913.md
index b34355d236..96a27d5f9f 100644
--- a/windows/keep-secure/event-4913.md
+++ b/windows/keep-secure/event-4913.md
@@ -2,7 +2,7 @@
 title: 4913(S) Central Access Policy on the object was changed. (Windows 10)
 description: Describes security event 4913(S) Central Access Policy on the object was changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4928.md b/windows/keep-secure/event-4928.md
index b1e99309ef..04ad5cd8c9 100644
--- a/windows/keep-secure/event-4928.md
+++ b/windows/keep-secure/event-4928.md
@@ -2,7 +2,7 @@
 title: 4928(S, F) An Active Directory replica source naming context was established. (Windows 10)
 description: Describes security event 4928(S, F) An Active Directory replica source naming context was established.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4929.md b/windows/keep-secure/event-4929.md
index cb3b05a636..1ce345a023 100644
--- a/windows/keep-secure/event-4929.md
+++ b/windows/keep-secure/event-4929.md
@@ -2,7 +2,7 @@
 title: 4929(S, F) An Active Directory replica source naming context was removed. (Windows 10)
 description: Describes security event 4929(S, F) An Active Directory replica source naming context was removed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4930.md b/windows/keep-secure/event-4930.md
index bcf9d221ed..83c58cab73 100644
--- a/windows/keep-secure/event-4930.md
+++ b/windows/keep-secure/event-4930.md
@@ -2,7 +2,7 @@
 title: 4930(S, F) An Active Directory replica source naming context was modified. (Windows 10)
 description: Describes security event 4930(S, F) An Active Directory replica source naming context was modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4931.md b/windows/keep-secure/event-4931.md
index bf823bacef..90d993cd8f 100644
--- a/windows/keep-secure/event-4931.md
+++ b/windows/keep-secure/event-4931.md
@@ -2,7 +2,7 @@
 title: 4931(S, F) An Active Directory replica destination naming context was modified. (Windows 10)
 description: Describes security event 4931(S, F) An Active Directory replica destination naming context was modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4932.md b/windows/keep-secure/event-4932.md
index c7555dbed9..4a285d53f7 100644
--- a/windows/keep-secure/event-4932.md
+++ b/windows/keep-secure/event-4932.md
@@ -2,7 +2,7 @@
 title: 4932(S) Synchronization of a replica of an Active Directory naming context has begun. (Windows 10)
 description: Describes security event 4932(S) Synchronization of a replica of an Active Directory naming context has begun.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4933.md b/windows/keep-secure/event-4933.md
index 22c828fb87..ecfdab4b9f 100644
--- a/windows/keep-secure/event-4933.md
+++ b/windows/keep-secure/event-4933.md
@@ -2,7 +2,7 @@
 title: 4933(S, F) Synchronization of a replica of an Active Directory naming context has ended. (Windows 10)
 description: Describes security event 4933(S, F) Synchronization of a replica of an Active Directory naming context has ended.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4934.md b/windows/keep-secure/event-4934.md
index 4f0eae2cee..370261af0f 100644
--- a/windows/keep-secure/event-4934.md
+++ b/windows/keep-secure/event-4934.md
@@ -2,7 +2,7 @@
 title: 4934(S) Attributes of an Active Directory object were replicated. (Windows 10)
 description: Describes security event 4934(S) Attributes of an Active Directory object were replicated.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4935.md b/windows/keep-secure/event-4935.md
index ccf6d31bd6..95089ddc63 100644
--- a/windows/keep-secure/event-4935.md
+++ b/windows/keep-secure/event-4935.md
@@ -2,7 +2,7 @@
 title: 4935(F) Replication failure begins. (Windows 10)
 description: Describes security event 4935(F) Replication failure begins.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4936.md b/windows/keep-secure/event-4936.md
index 65cc7c79e9..0d3f01212d 100644
--- a/windows/keep-secure/event-4936.md
+++ b/windows/keep-secure/event-4936.md
@@ -2,7 +2,7 @@
 title: 4936(S) Replication failure ends. (Windows 10)
 description: Describes security event 4936(S) Replication failure ends.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4937.md b/windows/keep-secure/event-4937.md
index 09e0abe080..e828453e4c 100644
--- a/windows/keep-secure/event-4937.md
+++ b/windows/keep-secure/event-4937.md
@@ -2,7 +2,7 @@
 title: 4937(S) A lingering object was removed from a replica. (Windows 10)
 description: Describes security event 4937(S) A lingering object was removed from a replica.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4944.md b/windows/keep-secure/event-4944.md
index f322bb8458..13323d44aa 100644
--- a/windows/keep-secure/event-4944.md
+++ b/windows/keep-secure/event-4944.md
@@ -2,7 +2,7 @@
 title: 4944(S) The following policy was active when the Windows Firewall started. (Windows 10)
 description: Describes security event 4944(S) The following policy was active when the Windows Firewall started.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4945.md b/windows/keep-secure/event-4945.md
index 1b94b91fbc..fb0731ead7 100644
--- a/windows/keep-secure/event-4945.md
+++ b/windows/keep-secure/event-4945.md
@@ -2,7 +2,7 @@
 title: 4945(S) A rule was listed when the Windows Firewall started. (Windows 10)
 description: Describes security event 4945(S) A rule was listed when the Windows Firewall started.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4946.md b/windows/keep-secure/event-4946.md
index f73ca913a6..0fea17268d 100644
--- a/windows/keep-secure/event-4946.md
+++ b/windows/keep-secure/event-4946.md
@@ -2,7 +2,7 @@
 title: 4946(S) A change has been made to Windows Firewall exception list. A rule was added. (Windows 10)
 description: Describes security event 4946(S) A change has been made to Windows Firewall exception list. A rule was added.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4947.md b/windows/keep-secure/event-4947.md
index f3381e95ba..3103502558 100644
--- a/windows/keep-secure/event-4947.md
+++ b/windows/keep-secure/event-4947.md
@@ -2,7 +2,7 @@
 title: 4947(S) A change has been made to Windows Firewall exception list. A rule was modified. (Windows 10)
 description: Describes security event 4947(S) A change has been made to Windows Firewall exception list. A rule was modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4948.md b/windows/keep-secure/event-4948.md
index 034b9e1149..8193b2ec9f 100644
--- a/windows/keep-secure/event-4948.md
+++ b/windows/keep-secure/event-4948.md
@@ -2,7 +2,7 @@
 title: 4948(S) A change has been made to Windows Firewall exception list. A rule was deleted. (Windows 10)
 description: Describes security event 4948(S) A change has been made to Windows Firewall exception list. A rule was deleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4949.md b/windows/keep-secure/event-4949.md
index 2441529ec2..0b8194ac9e 100644
--- a/windows/keep-secure/event-4949.md
+++ b/windows/keep-secure/event-4949.md
@@ -2,7 +2,7 @@
 title: 4949(S) Windows Firewall settings were restored to the default values. (Windows 10)
 description: Describes security event 4949(S) Windows Firewall settings were restored to the default values.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4950.md b/windows/keep-secure/event-4950.md
index 69a46b6925..0c8dadbb62 100644
--- a/windows/keep-secure/event-4950.md
+++ b/windows/keep-secure/event-4950.md
@@ -2,7 +2,7 @@
 title: 4950(S) A Windows Firewall setting has changed. (Windows 10)
 description: Describes security event 4950(S) A Windows Firewall setting has changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4951.md b/windows/keep-secure/event-4951.md
index 1878549111..82cf1bbeb8 100644
--- a/windows/keep-secure/event-4951.md
+++ b/windows/keep-secure/event-4951.md
@@ -2,7 +2,7 @@
 title: 4951(F) A rule has been ignored because its major version number was not recognized by Windows Firewall. (Windows 10)
 description: Describes security event 4951(F) A rule has been ignored because its major version number was not recognized by Windows Firewall.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4952.md b/windows/keep-secure/event-4952.md
index 496d4e324e..06e7cc5bc5 100644
--- a/windows/keep-secure/event-4952.md
+++ b/windows/keep-secure/event-4952.md
@@ -2,7 +2,7 @@
 title: 4952(F) Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. (Windows 10)
 description: Describes security event 4952(F) Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4953.md b/windows/keep-secure/event-4953.md
index ba5cea430d..5f4046b134 100644
--- a/windows/keep-secure/event-4953.md
+++ b/windows/keep-secure/event-4953.md
@@ -2,7 +2,7 @@
 title: 4953(F) Windows Firewall ignored a rule because it could not be parsed. (Windows 10)
 description: Describes security event 4953(F) Windows Firewall ignored a rule because it could not be parsed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4954.md b/windows/keep-secure/event-4954.md
index fcf80a82d3..313eef1046 100644
--- a/windows/keep-secure/event-4954.md
+++ b/windows/keep-secure/event-4954.md
@@ -2,7 +2,7 @@
 title: 4954(S) Windows Firewall Group Policy settings have changed. The new settings have been applied. (Windows 10)
 description: Describes security event 4954(S) Windows Firewall Group Policy settings have changed. The new settings have been applied.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4956.md b/windows/keep-secure/event-4956.md
index 4d3c688ed7..598387895b 100644
--- a/windows/keep-secure/event-4956.md
+++ b/windows/keep-secure/event-4956.md
@@ -2,7 +2,7 @@
 title: 4956(S) Windows Firewall has changed the active profile. (Windows 10)
 description: Describes security event 4956(S) Windows Firewall has changed the active profile.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4957.md b/windows/keep-secure/event-4957.md
index dcd32e2689..1d651773dd 100644
--- a/windows/keep-secure/event-4957.md
+++ b/windows/keep-secure/event-4957.md
@@ -2,7 +2,7 @@
 title: 4957(F) Windows Firewall did not apply the following rule. (Windows 10)
 description: Describes security event 4957(F) Windows Firewall did not apply the following rule.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4958.md b/windows/keep-secure/event-4958.md
index 7ef6e67cbe..aec78e8144 100644
--- a/windows/keep-secure/event-4958.md
+++ b/windows/keep-secure/event-4958.md
@@ -2,7 +2,7 @@
 title: 4958(F) Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. (Windows 10)
 description: Describes security event 4958(F) Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4964.md b/windows/keep-secure/event-4964.md
index 8584a902c5..96d32ccc21 100644
--- a/windows/keep-secure/event-4964.md
+++ b/windows/keep-secure/event-4964.md
@@ -2,7 +2,7 @@
 title: 4964(S) Special groups have been assigned to a new logon. (Windows 10)
 description: Describes security event 4964(S) Special groups have been assigned to a new logon.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-4985.md b/windows/keep-secure/event-4985.md
index 2044f942d0..f9737372fc 100644
--- a/windows/keep-secure/event-4985.md
+++ b/windows/keep-secure/event-4985.md
@@ -2,7 +2,7 @@
 title: 4985(S) The state of a transaction has changed. (Windows 10)
 description: Describes security event 4985(S) The state of a transaction has changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5024.md b/windows/keep-secure/event-5024.md
index 372ee3b767..c06e33a285 100644
--- a/windows/keep-secure/event-5024.md
+++ b/windows/keep-secure/event-5024.md
@@ -2,7 +2,7 @@
 title: 5024(S) The Windows Firewall Service has started successfully. (Windows 10)
 description: Describes security event 5024(S) The Windows Firewall Service has started successfully.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5025.md b/windows/keep-secure/event-5025.md
index 1a83b5eefc..2e871f2ce0 100644
--- a/windows/keep-secure/event-5025.md
+++ b/windows/keep-secure/event-5025.md
@@ -2,7 +2,7 @@
 title: 5025(S) The Windows Firewall Service has been stopped. (Windows 10)
 description: Describes security event 5025(S) The Windows Firewall Service has been stopped.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5027.md b/windows/keep-secure/event-5027.md
index f13f6495e7..d8f0c10631 100644
--- a/windows/keep-secure/event-5027.md
+++ b/windows/keep-secure/event-5027.md
@@ -2,7 +2,7 @@
 title: 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. (Windows 10)
 description: Describes security event 5027(F) The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5028.md b/windows/keep-secure/event-5028.md
index 928ccdc1ce..c5dd276e84 100644
--- a/windows/keep-secure/event-5028.md
+++ b/windows/keep-secure/event-5028.md
@@ -2,7 +2,7 @@
 title: 5028(F) The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. (Windows 10)
 description: Describes security event 5028(F) The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5029.md b/windows/keep-secure/event-5029.md
index 152bc5dff1..8bd1677e18 100644
--- a/windows/keep-secure/event-5029.md
+++ b/windows/keep-secure/event-5029.md
@@ -2,7 +2,7 @@
 title: 5029(F) The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. (Windows 10)
 description: Describes security event 5029(F) The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5030.md b/windows/keep-secure/event-5030.md
index 3278d73871..2ae7dc1fd3 100644
--- a/windows/keep-secure/event-5030.md
+++ b/windows/keep-secure/event-5030.md
@@ -2,7 +2,7 @@
 title: 5030(F) The Windows Firewall Service failed to start. (Windows 10)
 description: Describes security event 5030(F) The Windows Firewall Service failed to start.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5031.md b/windows/keep-secure/event-5031.md
index 436e60fe7b..6a4e5a375b 100644
--- a/windows/keep-secure/event-5031.md
+++ b/windows/keep-secure/event-5031.md
@@ -2,7 +2,7 @@
 title: 5031(F) The Windows Firewall Service blocked an application from accepting incoming connections on the network. (Windows 10)
 description: Describes security event 5031(F) The Windows Firewall Service blocked an application from accepting incoming connections on the network.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5032.md b/windows/keep-secure/event-5032.md
index 2ba6a05fa2..ae74c91364 100644
--- a/windows/keep-secure/event-5032.md
+++ b/windows/keep-secure/event-5032.md
@@ -2,7 +2,7 @@
 title: 5032(F) Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. (Windows 10)
 description: Describes security event 5032(F) Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5033.md b/windows/keep-secure/event-5033.md
index 5efe78bfdf..850dd18213 100644
--- a/windows/keep-secure/event-5033.md
+++ b/windows/keep-secure/event-5033.md
@@ -2,7 +2,7 @@
 title: 5033(S) The Windows Firewall Driver has started successfully. (Windows 10)
 description: Describes security event 5033(S) The Windows Firewall Driver has started successfully.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5034.md b/windows/keep-secure/event-5034.md
index 30dafbfd3c..ff3fb85462 100644
--- a/windows/keep-secure/event-5034.md
+++ b/windows/keep-secure/event-5034.md
@@ -2,7 +2,7 @@
 title: 5034(S) The Windows Firewall Driver was stopped. (Windows 10)
 description: Describes security event 5034(S) The Windows Firewall Driver was stopped.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5035.md b/windows/keep-secure/event-5035.md
index a5add18971..1bfd2005f7 100644
--- a/windows/keep-secure/event-5035.md
+++ b/windows/keep-secure/event-5035.md
@@ -2,7 +2,7 @@
 title: 5035(F) The Windows Firewall Driver failed to start. (Windows 10)
 description: Describes security event 5035(F) The Windows Firewall Driver failed to start.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5037.md b/windows/keep-secure/event-5037.md
index 56d93b8dc5..74d89cfcb2 100644
--- a/windows/keep-secure/event-5037.md
+++ b/windows/keep-secure/event-5037.md
@@ -2,7 +2,7 @@
 title: 5037(F) The Windows Firewall Driver detected critical runtime error. Terminating. (Windows 10)
 description: Describes security event 5037(F) The Windows Firewall Driver detected critical runtime error. Terminating.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5038.md b/windows/keep-secure/event-5038.md
index 800c1a5ffe..03e3a001cb 100644
--- a/windows/keep-secure/event-5038.md
+++ b/windows/keep-secure/event-5038.md
@@ -2,7 +2,7 @@
 title: 5038(F) Code integrity determined that the image hash of a file is not valid. (Windows 10)
 description: Describes security event 5038(F) Code integrity determined that the image hash of a file is not valid.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5039.md b/windows/keep-secure/event-5039.md
index 64a191a4b1..7efc527d45 100644
--- a/windows/keep-secure/event-5039.md
+++ b/windows/keep-secure/event-5039.md
@@ -2,7 +2,7 @@
 title: 5039(-) A registry key was virtualized. (Windows 10)
 description: Describes security event 5039(-) A registry key was virtualized.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5051.md b/windows/keep-secure/event-5051.md
index 80d018b51a..925586c371 100644
--- a/windows/keep-secure/event-5051.md
+++ b/windows/keep-secure/event-5051.md
@@ -2,7 +2,7 @@
 title: 5051(-) A file was virtualized. (Windows 10)
 description: Describes security event 5051(-) A file was virtualized.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5056.md b/windows/keep-secure/event-5056.md
index da2580539a..112eec47ed 100644
--- a/windows/keep-secure/event-5056.md
+++ b/windows/keep-secure/event-5056.md
@@ -2,7 +2,7 @@
 title: 5056(S) A cryptographic self-test was performed. (Windows 10)
 description: Describes security event 5056(S) A cryptographic self-test was performed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5057.md b/windows/keep-secure/event-5057.md
index d3f29539c1..1c1207d464 100644
--- a/windows/keep-secure/event-5057.md
+++ b/windows/keep-secure/event-5057.md
@@ -2,7 +2,7 @@
 title: 5057(F) A cryptographic primitive operation failed. (Windows 10)
 description: Describes security event 5057(F) A cryptographic primitive operation failed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5058.md b/windows/keep-secure/event-5058.md
index b7fb73f686..b8b0f16ef4 100644
--- a/windows/keep-secure/event-5058.md
+++ b/windows/keep-secure/event-5058.md
@@ -2,7 +2,7 @@
 title: 5058(S, F) Key file operation. (Windows 10)
 description: Describes security event 5058(S, F) Key file operation.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5059.md b/windows/keep-secure/event-5059.md
index 1e5424b033..3a1b397f62 100644
--- a/windows/keep-secure/event-5059.md
+++ b/windows/keep-secure/event-5059.md
@@ -2,7 +2,7 @@
 title: 5059(S, F) Key migration operation. (Windows 10)
 description: Describes security event 5059(S, F) Key migration operation.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5060.md b/windows/keep-secure/event-5060.md
index 5a3b66e7da..b568ea571b 100644
--- a/windows/keep-secure/event-5060.md
+++ b/windows/keep-secure/event-5060.md
@@ -2,7 +2,7 @@
 title: 5060(F) Verification operation failed. (Windows 10)
 description: Describes security event 5060(F) Verification operation failed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5061.md b/windows/keep-secure/event-5061.md
index ecba2fb27f..886a4d7aba 100644
--- a/windows/keep-secure/event-5061.md
+++ b/windows/keep-secure/event-5061.md
@@ -2,7 +2,7 @@
 title: 5061(S, F) Cryptographic operation. (Windows 10)
 description: Describes security event 5061(S, F) Cryptographic operation.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5062.md b/windows/keep-secure/event-5062.md
index 3b07e9e43c..4f1aa57c3f 100644
--- a/windows/keep-secure/event-5062.md
+++ b/windows/keep-secure/event-5062.md
@@ -2,7 +2,7 @@
 title: 5062(S) A kernel-mode cryptographic self-test was performed. (Windows 10)
 description: Describes security event 5062(S) A kernel-mode cryptographic self-test was performed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5063.md b/windows/keep-secure/event-5063.md
index 113f459251..9a0a83c802 100644
--- a/windows/keep-secure/event-5063.md
+++ b/windows/keep-secure/event-5063.md
@@ -2,7 +2,7 @@
 title: 5063(S, F) A cryptographic provider operation was attempted. (Windows 10)
 description: Describes security event 5063(S, F) A cryptographic provider operation was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5064.md b/windows/keep-secure/event-5064.md
index ce3e19d79e..e77dfa511d 100644
--- a/windows/keep-secure/event-5064.md
+++ b/windows/keep-secure/event-5064.md
@@ -2,7 +2,7 @@
 title: 5064(S, F) A cryptographic context operation was attempted. (Windows 10)
 description: Describes security event 5064(S, F) A cryptographic context operation was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5065.md b/windows/keep-secure/event-5065.md
index f3cdb958d2..23b817ac6c 100644
--- a/windows/keep-secure/event-5065.md
+++ b/windows/keep-secure/event-5065.md
@@ -2,7 +2,7 @@
 title: 5065(S, F) A cryptographic context modification was attempted. (Windows 10)
 description: Describes security event 5065(S, F) A cryptographic context modification was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5066.md b/windows/keep-secure/event-5066.md
index b3bc8f6afb..ae0b53e526 100644
--- a/windows/keep-secure/event-5066.md
+++ b/windows/keep-secure/event-5066.md
@@ -2,7 +2,7 @@
 title: 5066(S, F) A cryptographic function operation was attempted. (Windows 10)
 description: Describes security event 5066(S, F) A cryptographic function operation was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5067.md b/windows/keep-secure/event-5067.md
index a5a5618324..64c0a626eb 100644
--- a/windows/keep-secure/event-5067.md
+++ b/windows/keep-secure/event-5067.md
@@ -2,7 +2,7 @@
 title: 5067(S, F) A cryptographic function modification was attempted. (Windows 10)
 description: Describes security event 5067(S, F) A cryptographic function modification was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5068.md b/windows/keep-secure/event-5068.md
index 751ecc249b..2200cc9eed 100644
--- a/windows/keep-secure/event-5068.md
+++ b/windows/keep-secure/event-5068.md
@@ -2,7 +2,7 @@
 title: 5068(S, F) A cryptographic function provider operation was attempted. (Windows 10)
 description: Describes security event 5068(S, F) A cryptographic function provider operation was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5069.md b/windows/keep-secure/event-5069.md
index 40159c9c39..b58724b2d2 100644
--- a/windows/keep-secure/event-5069.md
+++ b/windows/keep-secure/event-5069.md
@@ -2,7 +2,7 @@
 title: 5069(S, F) A cryptographic function property operation was attempted. (Windows 10)
 description: Describes security event 5069(S, F) A cryptographic function property operation was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5070.md b/windows/keep-secure/event-5070.md
index 388d1f39c6..668edaba15 100644
--- a/windows/keep-secure/event-5070.md
+++ b/windows/keep-secure/event-5070.md
@@ -2,7 +2,7 @@
 title: 5070(S, F) A cryptographic function property modification was attempted. (Windows 10)
 description: Describes security event 5070(S, F) A cryptographic function property modification was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5136.md b/windows/keep-secure/event-5136.md
index 1bc1202256..3350dca361 100644
--- a/windows/keep-secure/event-5136.md
+++ b/windows/keep-secure/event-5136.md
@@ -2,7 +2,7 @@
 title: 5136(S) A directory service object was modified. (Windows 10)
 description: Describes security event 5136(S) A directory service object was modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5137.md b/windows/keep-secure/event-5137.md
index d164e1fa1a..892245d530 100644
--- a/windows/keep-secure/event-5137.md
+++ b/windows/keep-secure/event-5137.md
@@ -2,7 +2,7 @@
 title: 5137(S) A directory service object was created. (Windows 10)
 description: Describes security event 5137(S) A directory service object was created.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5138.md b/windows/keep-secure/event-5138.md
index 846ee2eef9..84e80ff027 100644
--- a/windows/keep-secure/event-5138.md
+++ b/windows/keep-secure/event-5138.md
@@ -2,7 +2,7 @@
 title: 5138(S) A directory service object was undeleted. (Windows 10)
 description: Describes security event 5138(S) A directory service object was undeleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5139.md b/windows/keep-secure/event-5139.md
index 192a1c890f..7399a33b15 100644
--- a/windows/keep-secure/event-5139.md
+++ b/windows/keep-secure/event-5139.md
@@ -2,7 +2,7 @@
 title: 5139(S) A directory service object was moved. (Windows 10)
 description: Describes security event 5139(S) A directory service object was moved.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5140.md b/windows/keep-secure/event-5140.md
index bb6cf5f7aa..be40b7a2d5 100644
--- a/windows/keep-secure/event-5140.md
+++ b/windows/keep-secure/event-5140.md
@@ -2,7 +2,7 @@
 title: 5140(S, F) A network share object was accessed. (Windows 10)
 description: Describes security event 5140(S, F) A network share object was accessed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5141.md b/windows/keep-secure/event-5141.md
index 994302f871..238b70281d 100644
--- a/windows/keep-secure/event-5141.md
+++ b/windows/keep-secure/event-5141.md
@@ -2,7 +2,7 @@
 title: 5141(S) A directory service object was deleted. (Windows 10)
 description: Describes security event 5141(S) A directory service object was deleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5142.md b/windows/keep-secure/event-5142.md
index 291378d2ee..418a6387f7 100644
--- a/windows/keep-secure/event-5142.md
+++ b/windows/keep-secure/event-5142.md
@@ -2,7 +2,7 @@
 title: 5142(S) A network share object was added. (Windows 10)
 description: Describes security event 5142(S) A network share object was added.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5143.md b/windows/keep-secure/event-5143.md
index 3a1fbd38b1..30c4977b0c 100644
--- a/windows/keep-secure/event-5143.md
+++ b/windows/keep-secure/event-5143.md
@@ -2,7 +2,7 @@
 title: 5143(S) A network share object was modified. (Windows 10)
 description: Describes security event 5143(S) A network share object was modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5144.md b/windows/keep-secure/event-5144.md
index 18df4dd0df..d74e6e0c0e 100644
--- a/windows/keep-secure/event-5144.md
+++ b/windows/keep-secure/event-5144.md
@@ -2,7 +2,7 @@
 title: 5144(S) A network share object was deleted. (Windows 10)
 description: Describes security event 5144(S) A network share object was deleted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5145.md b/windows/keep-secure/event-5145.md
index defe7dd401..1370cc6fe1 100644
--- a/windows/keep-secure/event-5145.md
+++ b/windows/keep-secure/event-5145.md
@@ -2,7 +2,7 @@
 title: 5145(S, F) A network share object was checked to see whether client can be granted desired access. (Windows 10)
 description: Describes security event 5145(S, F) A network share object was checked to see whether client can be granted desired access.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5148.md b/windows/keep-secure/event-5148.md
index 7f25c44c05..7751cd9686 100644
--- a/windows/keep-secure/event-5148.md
+++ b/windows/keep-secure/event-5148.md
@@ -2,7 +2,7 @@
 title: 5148(F) The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. (Windows 10)
 description: Describes security event 5148(F) The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5149.md b/windows/keep-secure/event-5149.md
index d50b0bb76b..24b3f6ab89 100644
--- a/windows/keep-secure/event-5149.md
+++ b/windows/keep-secure/event-5149.md
@@ -2,7 +2,7 @@
 title: 5149(F) The DoS attack has subsided and normal processing is being resumed. (Windows 10)
 description: Describes security event 5149(F) The DoS attack has subsided and normal processing is being resumed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5150.md b/windows/keep-secure/event-5150.md
index 4d63a3d41e..10ae5b7bcb 100644
--- a/windows/keep-secure/event-5150.md
+++ b/windows/keep-secure/event-5150.md
@@ -2,7 +2,7 @@
 title: 5150(-) The Windows Filtering Platform blocked a packet. (Windows 10)
 description: Describes security event 5150(-) The Windows Filtering Platform blocked a packet.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5151.md b/windows/keep-secure/event-5151.md
index b37ebfdcff..d1221cb8df 100644
--- a/windows/keep-secure/event-5151.md
+++ b/windows/keep-secure/event-5151.md
@@ -2,7 +2,7 @@
 title: 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10)
 description: Describes security event 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5152.md b/windows/keep-secure/event-5152.md
index d106c21fad..af74957188 100644
--- a/windows/keep-secure/event-5152.md
+++ b/windows/keep-secure/event-5152.md
@@ -2,7 +2,7 @@
 title: 5152(F) The Windows Filtering Platform blocked a packet. (Windows 10)
 description: Describes security event 5152(F) The Windows Filtering Platform blocked a packet.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5153.md b/windows/keep-secure/event-5153.md
index 9f5a9081bd..e02ea78a1e 100644
--- a/windows/keep-secure/event-5153.md
+++ b/windows/keep-secure/event-5153.md
@@ -2,7 +2,7 @@
 title: 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10)
 description: Describes security event 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5154.md b/windows/keep-secure/event-5154.md
index b5362105d2..12255300cf 100644
--- a/windows/keep-secure/event-5154.md
+++ b/windows/keep-secure/event-5154.md
@@ -2,7 +2,7 @@
 title: 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. (Windows 10)
 description: Describes security event 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5155.md b/windows/keep-secure/event-5155.md
index 1ab050cf24..369db60297 100644
--- a/windows/keep-secure/event-5155.md
+++ b/windows/keep-secure/event-5155.md
@@ -2,7 +2,7 @@
 title: 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. (Windows 10)
 description: Describes security event 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5156.md b/windows/keep-secure/event-5156.md
index d9f761b96c..faa073a9c3 100644
--- a/windows/keep-secure/event-5156.md
+++ b/windows/keep-secure/event-5156.md
@@ -2,7 +2,7 @@
 title: 5156(S) The Windows Filtering Platform has permitted a connection. (Windows 10)
 description: Describes security event 5156(S) The Windows Filtering Platform has permitted a connection.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5157.md b/windows/keep-secure/event-5157.md
index fe9fb634f0..b66541d467 100644
--- a/windows/keep-secure/event-5157.md
+++ b/windows/keep-secure/event-5157.md
@@ -2,7 +2,7 @@
 title: 5157(F) The Windows Filtering Platform has blocked a connection. (Windows 10)
 description: Describes security event 5157(F) The Windows Filtering Platform has blocked a connection.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5158.md b/windows/keep-secure/event-5158.md
index 3f28870be7..2e9b42e9b0 100644
--- a/windows/keep-secure/event-5158.md
+++ b/windows/keep-secure/event-5158.md
@@ -2,7 +2,7 @@
 title: 5158(S) The Windows Filtering Platform has permitted a bind to a local port. (Windows 10)
 description: Describes security event 5158(S) The Windows Filtering Platform has permitted a bind to a local port.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5159.md b/windows/keep-secure/event-5159.md
index 0904b2d8d5..02939e687e 100644
--- a/windows/keep-secure/event-5159.md
+++ b/windows/keep-secure/event-5159.md
@@ -2,7 +2,7 @@
 title: 5159(F) The Windows Filtering Platform has blocked a bind to a local port. (Windows 10)
 description: Describes security event 5159(F) The Windows Filtering Platform has blocked a bind to a local port.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5168.md b/windows/keep-secure/event-5168.md
index f9f2941bb6..44c9fe20cc 100644
--- a/windows/keep-secure/event-5168.md
+++ b/windows/keep-secure/event-5168.md
@@ -2,7 +2,7 @@
 title: 5168(F) SPN check for SMB/SMB2 failed. (Windows 10)
 description: Describes security event 5168(F) SPN check for SMB/SMB2 failed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5376.md b/windows/keep-secure/event-5376.md
index abf37d856d..16034db84c 100644
--- a/windows/keep-secure/event-5376.md
+++ b/windows/keep-secure/event-5376.md
@@ -2,7 +2,7 @@
 title: 5376(S) Credential Manager credentials were backed up. (Windows 10)
 description: Describes security event 5376(S) Credential Manager credentials were backed up.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5377.md b/windows/keep-secure/event-5377.md
index 7984897329..c50b35c2f4 100644
--- a/windows/keep-secure/event-5377.md
+++ b/windows/keep-secure/event-5377.md
@@ -2,7 +2,7 @@
 title: 5377(S) Credential Manager credentials were restored from a backup. (Windows 10)
 description: Describes security event 5377(S) Credential Manager credentials were restored from a backup.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5378.md b/windows/keep-secure/event-5378.md
index 2de862ac9c..066229425a 100644
--- a/windows/keep-secure/event-5378.md
+++ b/windows/keep-secure/event-5378.md
@@ -2,7 +2,7 @@
 title: 5378(F) The requested credentials delegation was disallowed by policy. (Windows 10)
 description: Describes security event 5378(F) The requested credentials delegation was disallowed by policy.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5447.md b/windows/keep-secure/event-5447.md
index a17127df05..f262a70474 100644
--- a/windows/keep-secure/event-5447.md
+++ b/windows/keep-secure/event-5447.md
@@ -2,7 +2,7 @@
 title: 5447(S) A Windows Filtering Platform filter has been changed. (Windows 10)
 description: Describes security event 5447(S) A Windows Filtering Platform filter has been changed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5632.md b/windows/keep-secure/event-5632.md
index b247130082..0116808357 100644
--- a/windows/keep-secure/event-5632.md
+++ b/windows/keep-secure/event-5632.md
@@ -2,7 +2,7 @@
 title: 5632(S, F) A request was made to authenticate to a wireless network. (Windows 10)
 description: Describes security event 5632(S, F) A request was made to authenticate to a wireless network.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5633.md b/windows/keep-secure/event-5633.md
index f1e46ce4cf..bd4d485c9c 100644
--- a/windows/keep-secure/event-5633.md
+++ b/windows/keep-secure/event-5633.md
@@ -2,7 +2,7 @@
 title: 5633(S, F) A request was made to authenticate to a wired network. (Windows 10)
 description: Describes security event 5633(S, F) A request was made to authenticate to a wired network.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5712.md b/windows/keep-secure/event-5712.md
index 4a935e0272..0b590700ce 100644
--- a/windows/keep-secure/event-5712.md
+++ b/windows/keep-secure/event-5712.md
@@ -2,7 +2,7 @@
 title: 5712(S) A Remote Procedure Call (RPC) was attempted. (Windows 10)
 description: Describes security event 5712(S) A Remote Procedure Call (RPC) was attempted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5888.md b/windows/keep-secure/event-5888.md
index edf33acd92..4e35780a9c 100644
--- a/windows/keep-secure/event-5888.md
+++ b/windows/keep-secure/event-5888.md
@@ -2,7 +2,7 @@
 title: 5888(S) An object in the COM+ Catalog was modified. (Windows 10)
 description: Describes security event 5888(S) An object in the COM+ Catalog was modified.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5889.md b/windows/keep-secure/event-5889.md
index 88eacdbca6..7e24a156f3 100644
--- a/windows/keep-secure/event-5889.md
+++ b/windows/keep-secure/event-5889.md
@@ -2,7 +2,7 @@
 title: 5889(S) An object was deleted from the COM+ Catalog. (Windows 10)
 description: Describes security event 5889(S) An object was deleted from the COM+ Catalog.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-5890.md b/windows/keep-secure/event-5890.md
index 2e41087f62..896689a521 100644
--- a/windows/keep-secure/event-5890.md
+++ b/windows/keep-secure/event-5890.md
@@ -2,7 +2,7 @@
 title: 5890(S) An object was added to the COM+ Catalog. (Windows 10)
 description: Describes security event 5890(S) An object was added to the COM+ Catalog.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6144.md b/windows/keep-secure/event-6144.md
index 89777613cc..1bcff85f12 100644
--- a/windows/keep-secure/event-6144.md
+++ b/windows/keep-secure/event-6144.md
@@ -2,7 +2,7 @@
 title: 6144(S) Security policy in the group policy objects has been applied successfully. (Windows 10)
 description: Describes security event 6144(S) Security policy in the group policy objects has been applied successfully.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6145.md b/windows/keep-secure/event-6145.md
index 440684ab1d..5566da1217 100644
--- a/windows/keep-secure/event-6145.md
+++ b/windows/keep-secure/event-6145.md
@@ -2,7 +2,7 @@
 title: 6145(F) One or more errors occurred while processing security policy in the group policy objects. (Windows 10)
 description: Describes security event 6145(F) One or more errors occurred while processing security policy in the group policy objects.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6281.md b/windows/keep-secure/event-6281.md
index 3e5e8b369e..5f76bd8681 100644
--- a/windows/keep-secure/event-6281.md
+++ b/windows/keep-secure/event-6281.md
@@ -2,7 +2,7 @@
 title: 6281(F) Code Integrity determined that the page hashes of an image file are not valid. (Windows 10)
 description: Describes security event 6281(F) Code Integrity determined that the page hashes of an image file are not valid.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6400.md b/windows/keep-secure/event-6400.md
index 3dfd20b90a..814cd9ffca 100644
--- a/windows/keep-secure/event-6400.md
+++ b/windows/keep-secure/event-6400.md
@@ -2,7 +2,7 @@
 title: 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content. (Windows 10)
 description: Describes security event 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6401.md b/windows/keep-secure/event-6401.md
index d9f9af15e8..f7d1d86945 100644
--- a/windows/keep-secure/event-6401.md
+++ b/windows/keep-secure/event-6401.md
@@ -2,7 +2,7 @@
 title: 6401(-) BranchCache Received invalid data from a peer. Data discarded. (Windows 10)
 description: Describes security event 6401(-) BranchCache Received invalid data from a peer. Data discarded.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6402.md b/windows/keep-secure/event-6402.md
index 1aacc012a3..95d011d2ac 100644
--- a/windows/keep-secure/event-6402.md
+++ b/windows/keep-secure/event-6402.md
@@ -2,7 +2,7 @@
 title: 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted. (Windows 10)
 description: Describes security event 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6403.md b/windows/keep-secure/event-6403.md
index 60b2123425..bead5c33d0 100644
--- a/windows/keep-secure/event-6403.md
+++ b/windows/keep-secure/event-6403.md
@@ -2,7 +2,7 @@
 title: 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client. (Windows 10)
 description: Describes security event 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6404.md b/windows/keep-secure/event-6404.md
index 2cdc4ef54c..b01dff56dd 100644
--- a/windows/keep-secure/event-6404.md
+++ b/windows/keep-secure/event-6404.md
@@ -2,7 +2,7 @@
 title: 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate. (Windows 10)
 description: Describes security event 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6405.md b/windows/keep-secure/event-6405.md
index 696f837a08..e17b4ca9f4 100644
--- a/windows/keep-secure/event-6405.md
+++ b/windows/keep-secure/event-6405.md
@@ -2,7 +2,7 @@
 title: 6405(-) BranchCache %2 instance(s) of event id %1 occurred. (Windows 10)
 description: Describes security event 6405(-) BranchCache %2 instance(s) of event id %1 occurred.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6406.md b/windows/keep-secure/event-6406.md
index ca1f2b9601..0d964b060b 100644
--- a/windows/keep-secure/event-6406.md
+++ b/windows/keep-secure/event-6406.md
@@ -2,7 +2,7 @@
 title: 6406(-) %1 registered to Windows Firewall to control filtering for the following %2. (Windows 10)
 description: Describes security event 6406(-) %1 registered to Windows Firewall to control filtering for the following %2.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6407.md b/windows/keep-secure/event-6407.md
index 30149be4fd..98a71f5c1c 100644
--- a/windows/keep-secure/event-6407.md
+++ b/windows/keep-secure/event-6407.md
@@ -2,7 +2,7 @@
 title: 6407(-) 1%. (Windows 10)
 description: Describes security event 6407(-) 1%.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6408.md b/windows/keep-secure/event-6408.md
index f968473bbd..29b4a1f469 100644
--- a/windows/keep-secure/event-6408.md
+++ b/windows/keep-secure/event-6408.md
@@ -2,7 +2,7 @@
 title: 6408(-) Registered product %1 failed and Windows Firewall is now controlling the filtering for %2. (Windows 10)
 description: Describes security event 6408(-) Registered product %1 failed and Windows Firewall is now controlling the filtering for %2.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6409.md b/windows/keep-secure/event-6409.md
index bc69be15aa..7716be0032 100644
--- a/windows/keep-secure/event-6409.md
+++ b/windows/keep-secure/event-6409.md
@@ -2,7 +2,7 @@
 title: 6409(-) BranchCache A service connection point object could not be parsed. (Windows 10)
 description: Describes security event 6409(-) BranchCache A service connection point object could not be parsed.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6410.md b/windows/keep-secure/event-6410.md
index 95a4a6daed..b0a4c89708 100644
--- a/windows/keep-secure/event-6410.md
+++ b/windows/keep-secure/event-6410.md
@@ -2,7 +2,7 @@
 title: 6410(F) Code integrity determined that a file does not meet the security requirements to load into a process. (Windows 10)
 description: Describes security event 6410(F) Code integrity determined that a file does not meet the security requirements to load into a process.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6416.md b/windows/keep-secure/event-6416.md
index 18237f7cc4..9f93d86eb0 100644
--- a/windows/keep-secure/event-6416.md
+++ b/windows/keep-secure/event-6416.md
@@ -2,7 +2,7 @@
 title: 6416(S) A new external device was recognized by the System. (Windows 10)
 description: Describes security event 6416(S) A new external device was recognized by the System.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6419.md b/windows/keep-secure/event-6419.md
index c34be4a0ec..b874b2ea54 100644
--- a/windows/keep-secure/event-6419.md
+++ b/windows/keep-secure/event-6419.md
@@ -2,7 +2,7 @@
 title: 6419(S) A request was made to disable a device. (Windows 10)
 description: Describes security event 6419(S) A request was made to disable a device.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6420.md b/windows/keep-secure/event-6420.md
index cc5ae0a245..ec339814ea 100644
--- a/windows/keep-secure/event-6420.md
+++ b/windows/keep-secure/event-6420.md
@@ -2,7 +2,7 @@
 title: 6420(S) A device was disabled. (Windows 10)
 description: Describes security event 6420(S) A device was disabled.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6421.md b/windows/keep-secure/event-6421.md
index ec9290968a..ea9ce9c6a5 100644
--- a/windows/keep-secure/event-6421.md
+++ b/windows/keep-secure/event-6421.md
@@ -2,7 +2,7 @@
 title: 6421(S) A request was made to enable a device. (Windows 10)
 description: Describes security event 6421(S) A request was made to enable a device.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6422.md b/windows/keep-secure/event-6422.md
index c001a3c903..fb59fad3bf 100644
--- a/windows/keep-secure/event-6422.md
+++ b/windows/keep-secure/event-6422.md
@@ -2,7 +2,7 @@
 title: 6422(S) A device was enabled. (Windows 10)
 description: Describes security event 6422(S) A device was enabled.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6423.md b/windows/keep-secure/event-6423.md
index 1145307d13..09e75dc4cd 100644
--- a/windows/keep-secure/event-6423.md
+++ b/windows/keep-secure/event-6423.md
@@ -2,7 +2,7 @@
 title: 6423(S) The installation of this device is forbidden by system policy. (Windows 10)
 description: Describes security event 6423(S) The installation of this device is forbidden by system policy.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/event-6424.md b/windows/keep-secure/event-6424.md
index 10c2a2eb9e..a91d282a95 100644
--- a/windows/keep-secure/event-6424.md
+++ b/windows/keep-secure/event-6424.md
@@ -2,7 +2,7 @@
 title: 6424(S) The installation of this device was allowed, after having previously been forbidden by policy. (Windows 10)
 description: Describes security event 6424(S) The installation of this device was allowed, after having previously been forbidden by policy.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/keep-secure/other-events.md b/windows/keep-secure/other-events.md
index 020addb187..6a5cf852d1 100644
--- a/windows/keep-secure/other-events.md
+++ b/windows/keep-secure/other-events.md
@@ -2,7 +2,7 @@
 title: Other Events (Windows 10)
 description: Describes the Other Events auditing subcategory.
 ms.pagetype: security
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: Mir0sh
diff --git a/windows/manage/acquire-apps-windows-store-for-business.md b/windows/manage/acquire-apps-windows-store-for-business.md
index 8e22322f1c..47dc081e5c 100644
--- a/windows/manage/acquire-apps-windows-store-for-business.md
+++ b/windows/manage/acquire-apps-windows-store-for-business.md
@@ -1,7 +1,7 @@
 ---
 title: Acquire apps in Windows Store for Business (Windows 10)
 description: As an admin, you can acquire apps from the Windows Store for Business for your employees. Some apps are free, and some have a price. For info on app types that are supported, see Apps in the Windows Store for Business.
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ---
diff --git a/windows/manage/add-unsigned-app-to-code-integrity-policy.md b/windows/manage/add-unsigned-app-to-code-integrity-policy.md
index 538034d0f2..8ccdfd7c62 100644
--- a/windows/manage/add-unsigned-app-to-code-integrity-policy.md
+++ b/windows/manage/add-unsigned-app-to-code-integrity-policy.md
@@ -2,7 +2,7 @@
 title: Add unsigned app to code integrity policy (Windows 10)
 description: When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device.
 ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/administrative-tools-in-windows-10.md b/windows/manage/administrative-tools-in-windows-10.md
index 5019f298d8..cc42197767 100644
--- a/windows/manage/administrative-tools-in-windows-10.md
+++ b/windows/manage/administrative-tools-in-windows-10.md
@@ -2,7 +2,7 @@
 title: Administrative Tools in Windows 10 (Windows 10)
 description: Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users.
 ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/app-inventory-managemement-windows-store-for-business.md b/windows/manage/app-inventory-managemement-windows-store-for-business.md
index 245d15cac1..16923a2b15 100644
--- a/windows/manage/app-inventory-managemement-windows-store-for-business.md
+++ b/windows/manage/app-inventory-managemement-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: App inventory management for Windows Store for Business (Windows 10)
 description: You can manage all apps that you've acquired on your Inventory page.
 ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/application-development-for-windows-as-a-service.md b/windows/manage/application-development-for-windows-as-a-service.md
index cffbdd7092..5b8fc04a92 100644
--- a/windows/manage/application-development-for-windows-as-a-service.md
+++ b/windows/manage/application-development-for-windows-as-a-service.md
@@ -2,7 +2,7 @@
 title: Application development for Windows as a service (Windows 10)
 description: In today’s environment, where user expectations frequently are set by device-centric experiences, complete product cycles need to be measured in months, not years.
 ms.assetid: 28E0D103-B0EE-4B14-8680-6F30BD373ACF
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/manage/apps-in-windows-store-for-business.md b/windows/manage/apps-in-windows-store-for-business.md
index 30d0677d94..bd94b6ad6f 100644
--- a/windows/manage/apps-in-windows-store-for-business.md
+++ b/windows/manage/apps-in-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Apps in Windows Store for Business (Windows 10)
 description: Windows Store for Business has thousands of apps from many different categories.
 ms.assetid: CC5641DA-3CEA-4950-AD81-1AF1AE876926
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/assign-apps-to-employees.md b/windows/manage/assign-apps-to-employees.md
index c6e8393f30..e3be271bfd 100644
--- a/windows/manage/assign-apps-to-employees.md
+++ b/windows/manage/assign-apps-to-employees.md
@@ -2,7 +2,7 @@
 title: Assign apps to employees (Windows 10)
 description: Administrators can assign online-licensed apps to employees in their organization.
 ms.assetid: A0DF4EC2-BE33-41E1-8832-DBB0EBECA31A
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md
index 3035b4bb6c..5bdd320fd8 100644
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@@ -2,7 +2,7 @@
 title: Change history for Manage and update Windows 10 (Windows 10)
 description: This topic lists new and updated topics in the Manage and update Windows 10 documentation for Windows 10 and Windows 10 Mobile.
 ms.assetid: 29144AFA-1DA9-4532-B07D-1EBE34B7E1E0
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/changes-to-start-policies-in-windows-10.md b/windows/manage/changes-to-start-policies-in-windows-10.md
index 30a8c0a870..8697ff8945 100644
--- a/windows/manage/changes-to-start-policies-in-windows-10.md
+++ b/windows/manage/changes-to-start-policies-in-windows-10.md
@@ -3,7 +3,7 @@ title: Changes to Group Policy settings for Windows 10 Start (Windows 10)
 description: Windows 10 has a brand new Start experience.
 ms.assetid: 612FB68A-3832-451F-AA97-E73791FEAA9F
 keywords: ["group policy", "start menu", "start screen"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/configure-devices-without-mdm.md b/windows/manage/configure-devices-without-mdm.md
index 82e3420ae6..11dd816f58 100644
--- a/windows/manage/configure-devices-without-mdm.md
+++ b/windows/manage/configure-devices-without-mdm.md
@@ -3,7 +3,7 @@ title: Configure devices without MDM (Windows 10)
 description: Create a runtime provisioning package to apply settings, profiles, and file assets to a device running Windows 10. 
 ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E
 keywords: ["runtime provisioning", "provisioning package"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/configure-mdm-provider-windows-store-for-business.md b/windows/manage/configure-mdm-provider-windows-store-for-business.md
index 2b94aba619..d187a3674a 100644
--- a/windows/manage/configure-mdm-provider-windows-store-for-business.md
+++ b/windows/manage/configure-mdm-provider-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Configure an MDM provider (Windows 10)
 description: For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Windows Store for Business inventory to manage apps with offline licenses.
 ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/customize-and-export-start-layout.md b/windows/manage/customize-and-export-start-layout.md
index 4d1f382a15..bd7b75c0fd 100644
--- a/windows/manage/customize-and-export-start-layout.md
+++ b/windows/manage/customize-and-export-start-layout.md
@@ -3,7 +3,7 @@ title: Customize and export Start layout (Windows 10)
 description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
 ms.assetid: CA8DF327-5DD4-452F-9FE5-F17C514B6236
 keywords: ["start screen"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md b/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
index 614edb4d66..bf5aed9ec4 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
@@ -3,7 +3,7 @@ title: Customize Windows 10 Start with Group Policy (Windows 10)
 description: In Windows 10 Enterprise and Windows 10 Education, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
 ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545
 keywords: ["Start layout", "start menu", "layout", "group policy"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
index d3c9160101..a0ad00415a 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -3,7 +3,7 @@ title: Customize Windows 10 Start with mobile device management (MDM) (Windows 1
 description: In Windows 10 Enterprise and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users.
 ms.assetid: F487850D-8950-41FB-9B06-64240127C1E4
 keywords: ["start screen", "start menu"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index 3af066fdac..cc0c54d783 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -3,7 +3,7 @@ title: Customize Windows 10 Start with ICD and provisioning packages (Windows 10
 description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
 ms.assetid: AC952899-86A0-42FC-9E3C-C25F45B1ACAC
 keywords: ["Start layout", "start menu"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/device-guard-signing-portal.md b/windows/manage/device-guard-signing-portal.md
index 4604411897..c511f4b081 100644
--- a/windows/manage/device-guard-signing-portal.md
+++ b/windows/manage/device-guard-signing-portal.md
@@ -2,7 +2,7 @@
 title: Device Guard signing (Windows 10)
 description: Device Guard signing is a Device Guard feature that is available in the Windows Store for Business.
 ms.assetid: 8D9CD2B9-5FC6-4C3D-AA96-F135AFEEBB78
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/distribute-apps-from-your-private-store.md b/windows/manage/distribute-apps-from-your-private-store.md
index d751c6d2f2..07e519edc4 100644
--- a/windows/manage/distribute-apps-from-your-private-store.md
+++ b/windows/manage/distribute-apps-from-your-private-store.md
@@ -2,7 +2,7 @@
 title: Distribute apps using your private store (Windows 10)
 description: The private store is a feature in Windows Store for Business that organizations receive during the sign up process.
 ms.assetid: C4644035-845C-4C84-87F0-D87EA8F5BA19
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md b/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md
index 28f762ec11..1c58d0489a 100644
--- a/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md
+++ b/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Distribute apps to your employees from the Windows Store for Business (Windows 10)
 description: Distribute apps to your employees from Windows Store for Business. You can assign apps to employees, or let employees install them from your private store.
 ms.assetid: E591497C-6DFA-49C1-8329-4670F2164E9E
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/distribute-apps-with-management-tool.md b/windows/manage/distribute-apps-with-management-tool.md
index 37824f30c5..65abfa89d6 100644
--- a/windows/manage/distribute-apps-with-management-tool.md
+++ b/windows/manage/distribute-apps-with-management-tool.md
@@ -2,7 +2,7 @@
 title: Distribute apps with a management tool (Windows 10)
 description: You can configure a mobile device management (MDM) tool to synchronize your Store for Business inventory. Store for Business management tool services work with MDM tools to manage content.
 ms.assetid: 006F5FB1-E688-4769-BD9A-CFA6F5829016
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/distribute-offline-apps.md b/windows/manage/distribute-offline-apps.md
index 8cb184da6b..82c3720714 100644
--- a/windows/manage/distribute-offline-apps.md
+++ b/windows/manage/distribute-offline-apps.md
@@ -2,7 +2,7 @@
 title: Distribute offline apps (Windows 10)
 description: Offline licensing is a new licensing option for Windows 10.
 ms.assetid: 6B9F6876-AA66-4EE4-A448-1371511AC95E
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/find-and-acquire-apps-overview.md b/windows/manage/find-and-acquire-apps-overview.md
index dbb7882835..28a4e36fef 100644
--- a/windows/manage/find-and-acquire-apps-overview.md
+++ b/windows/manage/find-and-acquire-apps-overview.md
@@ -2,7 +2,7 @@
 title: Find and acquire apps (Windows 10)
 description: Use the Windows Store for Business to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
 ms.assetid: 274A5003-5F15-4635-BB8B-953953FD209A
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/group-policies-for-enterprise-and-education-editions.md b/windows/manage/group-policies-for-enterprise-and-education-editions.md
index 5d5f71e9f1..8a39c49e60 100644
--- a/windows/manage/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md
@@ -1,7 +1,7 @@
 ---
 title: Group Policies that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
 description: Use this topic to learn about Group Policy objects that apply only to Windows 10 Enterprise and Windows 10 Education.
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ---
diff --git a/windows/manage/how-it-pros-can-use-configuration-service-providers.md b/windows/manage/how-it-pros-can-use-configuration-service-providers.md
index 463a578534..bab2563813 100644
--- a/windows/manage/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/manage/how-it-pros-can-use-configuration-service-providers.md
@@ -2,7 +2,7 @@
 title: Introduction to configuration service providers (CSPs) for IT pros (Windows 10)
 description: Configuration service providers (CSPs) expose device configuration settings in Windows 10. 
 ms.assetid: 25C1FDCA-0E10-42A1-A368-984FFDB2B7B6
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/index.md b/windows/manage/index.md
index 412bfc3d9b..fa16723bc3 100644
--- a/windows/manage/index.md
+++ b/windows/manage/index.md
@@ -3,7 +3,7 @@ title: Manage and update Windows 10 (Windows 10)
 description: Learn about managing and updating Windows 10.
 ms.assetid: E5716355-02AB-4B75-A962-14B1A7F7BDA0
 keywords: Windows 10, MDM, WSUS, Windows update
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/manage/introduction-to-windows-10-servicing.md b/windows/manage/introduction-to-windows-10-servicing.md
index 0c6c2ab9a6..4a7499aac7 100644
--- a/windows/manage/introduction-to-windows-10-servicing.md
+++ b/windows/manage/introduction-to-windows-10-servicing.md
@@ -3,7 +3,7 @@ title: Windows 10 servicing options for updates and upgrades (Windows 10)
 description: This article describes the new servicing options available in Windows 10.
 ms.assetid: D1DEB7C0-283F-4D7F-9A11-EE16CB242B42
 keywords: update, LTSB, lifecycle, Windows update, upgrade
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
diff --git a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
index cd798c3163..876c02620c 100644
--- a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
+++ b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
@@ -2,7 +2,7 @@
 title: Join Windows 10 Mobile to Azure Active Directory (Windows 10)
 description: Devices running Windows 10 Mobile can join Azure Active Directory (Azure AD) when the device is configured during the out-of-box experience (OOBE).
 ms.assetid: 955DD9EC-3519-4752-827E-79CEB1EC8D6B
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/lock-down-windows-10-to-specific-apps.md b/windows/manage/lock-down-windows-10-to-specific-apps.md
index 095f7b1bbf..800fe35493 100644
--- a/windows/manage/lock-down-windows-10-to-specific-apps.md
+++ b/windows/manage/lock-down-windows-10-to-specific-apps.md
@@ -3,7 +3,7 @@ title: Lock down Windows 10 to specific apps (Windows 10)
 description: Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
 ms.assetid: 14DDDC96-88C7-4181-8415-B371F25726C8
 keywords: ["lockdown", "app restrictions", "applocker"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/lock-down-windows-10.md b/windows/manage/lock-down-windows-10.md
index 61004d8822..4c11f7b7ce 100644
--- a/windows/manage/lock-down-windows-10.md
+++ b/windows/manage/lock-down-windows-10.md
@@ -3,7 +3,7 @@ title: Lock down Windows 10 (Windows 10)
 description: Windows 10 provides a number of features and methods to help you lock down specific parts of a Windows 10 device.
 ms.assetid: 955BCD92-0A1A-4C48-98A8-30D7FAF2067D
 keywords: lockdown
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/lockdown-xml.md b/windows/manage/lockdown-xml.md
index 616e800b95..3baacaad11 100644
--- a/windows/manage/lockdown-xml.md
+++ b/windows/manage/lockdown-xml.md
@@ -2,7 +2,7 @@
 title: Configure Windows 10 Mobile using Lockdown XML (Windows 10)
 description: Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device.
 ms.assetid: 22C8F654-2EC3-4E6D-8666-1EA9FCF90F5F
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/manage-apps-windows-store-for-business-overview.md b/windows/manage/manage-apps-windows-store-for-business-overview.md
index f763f788bf..faaed20b58 100644
--- a/windows/manage/manage-apps-windows-store-for-business-overview.md
+++ b/windows/manage/manage-apps-windows-store-for-business-overview.md
@@ -2,7 +2,7 @@
 title: Manage apps in Windows Store for Business (Windows 10)
 description: Manage settings and access to apps in Windows Store for Business.
 ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 616f93dc73..b1a2217df3 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -3,7 +3,7 @@ title: Manage connections from Windows operating system components to Microsoft
 description: If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider.
 ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
 keywords: privacy, manage connections to Microsoft
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ---
diff --git a/windows/manage/manage-corporate-devices.md b/windows/manage/manage-corporate-devices.md
index bbfa571b02..87b3a7684b 100644
--- a/windows/manage/manage-corporate-devices.md
+++ b/windows/manage/manage-corporate-devices.md
@@ -3,7 +3,7 @@ title: Manage corporate devices (Windows 10)
 description: You can use the same management tools to manage all device types running Windows 10 desktops, laptops, tablets, and phones.
 ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D
 keywords: ["MDM", "device management"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/manage-inventory-windows-store-for-business.md b/windows/manage/manage-inventory-windows-store-for-business.md
index 0a364336aa..8535d16d65 100644
--- a/windows/manage/manage-inventory-windows-store-for-business.md
+++ b/windows/manage/manage-inventory-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Manage inventory in Windows Store for Business (Windows 10)
 description: When you acquire apps from the Windows Store for Business, we add them to the Inventory for your organization. Once an app is part of your inventory, you can distribute the app, and manage licenses.
 redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/app-inventory-management-windows-store-for-business
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ---
diff --git a/windows/manage/manage-orders-windows-store-for-business.md b/windows/manage/manage-orders-windows-store-for-business.md
index d698699806..bfebed0a7e 100644
--- a/windows/manage/manage-orders-windows-store-for-business.md
+++ b/windows/manage/manage-orders-windows-store-for-business.md
@@ -1,7 +1,7 @@
 ---
 title: Manage app orders in Windows Store for Business (Windows 10)
 description: You can view your order history with Windows Store for Business. 
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ---
diff --git a/windows/manage/manage-private-store-settings.md b/windows/manage/manage-private-store-settings.md
index 835535ff36..dd0d959555 100644
--- a/windows/manage/manage-private-store-settings.md
+++ b/windows/manage/manage-private-store-settings.md
@@ -2,7 +2,7 @@
 title: Manage private store settings (Windows 10)
 description: The private store is a feature in the Windows Store for Business that organizations receive during the sign up process.
 ms.assetid: 2D501538-0C6E-4408-948A-2BF5B05F7A0C
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/manage-settings-windows-store-for-business.md b/windows/manage/manage-settings-windows-store-for-business.md
index 488b0f26ab..5736a2df33 100644
--- a/windows/manage/manage-settings-windows-store-for-business.md
+++ b/windows/manage/manage-settings-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Manage settings for the Windows Store for Business (Windows 10)
 description: You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.
 ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/manage-users-and-groups-windows-store-for-business.md b/windows/manage/manage-users-and-groups-windows-store-for-business.md
index 8621faf1e6..a057ed9e67 100644
--- a/windows/manage/manage-users-and-groups-windows-store-for-business.md
+++ b/windows/manage/manage-users-and-groups-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Manage user accounts in Windows Store for Business (Windows 10)
 description: Windows Store for Business manages permissions with a set of roles. Currently, you can assign these roles to individuals in your organization, but not to groups.
 ms.assetid: 5E7FA071-CABD-4ACA-8AAE-F549EFCE922F
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/manage-wifi-sense-in-enterprise.md b/windows/manage/manage-wifi-sense-in-enterprise.md
index 58d0eadae7..2728a8dd5d 100644
--- a/windows/manage/manage-wifi-sense-in-enterprise.md
+++ b/windows/manage/manage-wifi-sense-in-enterprise.md
@@ -3,7 +3,7 @@ title: Manage Wi-Fi Sense in your company (Windows 10)
 description: Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places.
 ms.assetid: 1845e00d-c4ee-4a8f-a5e5-d00f2735a271
 keywords: ["WiFi Sense", "automatically connect to wi-fi", "wi-fi hotspot connection"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: eross-msft
diff --git a/windows/manage/new-policies-for-windows-10.md b/windows/manage/new-policies-for-windows-10.md
index 7bc7dd8224..2da6a7e615 100644
--- a/windows/manage/new-policies-for-windows-10.md
+++ b/windows/manage/new-policies-for-windows-10.md
@@ -3,7 +3,7 @@ title: New policies for Windows 10 (Windows 10)
 description: Windows 10 includes the following new policies for management, in addition to policies that were available for Windows 8.1 and Windows Phone 8.1.
 ms.assetid: 1F24ABD8-A57A-45EA-BA54-2DA2238C573D
 keywords: ["MDM", "Group Policy"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/prerequisites-windows-store-for-business.md b/windows/manage/prerequisites-windows-store-for-business.md
index b3d9b02599..706b1a93a1 100644
--- a/windows/manage/prerequisites-windows-store-for-business.md
+++ b/windows/manage/prerequisites-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Prerequisites for Windows Store for Business (Windows 10)
 description: There are a few prerequisites for using Windows Store for Business.
 ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/product-ids-in-windows-10-mobile.md b/windows/manage/product-ids-in-windows-10-mobile.md
index 0dcbc397eb..0e9a15a716 100644
--- a/windows/manage/product-ids-in-windows-10-mobile.md
+++ b/windows/manage/product-ids-in-windows-10-mobile.md
@@ -3,7 +3,7 @@ title: Product IDs in Windows 10 Mobile (Windows 10)
 description: You can use the product ID and Application User Model (AUMID) in Lockdown.xml to specify apps that will be available to the user.
 ms.assetid: 31116BED-C16A-495A-BD44-93218A087A1C
 keywords: ["lockdown"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/reset-a-windows-10-mobile-device.md b/windows/manage/reset-a-windows-10-mobile-device.md
index 40b79a96a5..15d8ead349 100644
--- a/windows/manage/reset-a-windows-10-mobile-device.md
+++ b/windows/manage/reset-a-windows-10-mobile-device.md
@@ -2,7 +2,7 @@
 title: Reset a Windows 10 Mobile device (Windows 10)
 description: There are two methods for resetting a Windows 10 Mobile device factory reset and \ 0034;wipe and persist \ 0034; reset.
 ms.assetid: B42A71F4-DFEE-4D6E-A904-7942D1AAB73F
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/roles-and-permissions-windows-store-for-business.md b/windows/manage/roles-and-permissions-windows-store-for-business.md
index fae343dfca..6906e95ed6 100644
--- a/windows/manage/roles-and-permissions-windows-store-for-business.md
+++ b/windows/manage/roles-and-permissions-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Roles and permissions in Windows Store for Business (Windows 10)
 description: The first person to sign in to Windows Store for Business must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees.
 ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/set-up-a-device-for-anyone-to-use.md b/windows/manage/set-up-a-device-for-anyone-to-use.md
index cc81d0801d..156c44901a 100644
--- a/windows/manage/set-up-a-device-for-anyone-to-use.md
+++ b/windows/manage/set-up-a-device-for-anyone-to-use.md
@@ -3,7 +3,7 @@ title: Set up a device for anyone to use (kiosk mode) (Windows 10)
 description: You can configure Windows 10 as a kiosk device, so that users can only interact with a single app.
 ms.assetid: F1F4FF19-188C-4CDC-AABA-977639C53CA8
 keywords: ["kiosk", "lockdown", "assigned access"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
index 55945ea84b..2c481fd829 100644
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
@@ -3,7 +3,7 @@ title: Set up a kiosk on Windows 10 Pro, Enterprise, or Education (Windows 10)
 description: A single-use device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education).
 ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC
 keywords: ["assigned access", "kiosk", "lockdown"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
index bc918aae23..6b5f7c60df 100644
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
@@ -3,7 +3,7 @@ title: Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise (Wind
 description: A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings.
 ms.assetid: 35EC82D8-D9E8-45C3-84E9-B0C8C167BFF7
 keywords: ["kiosk", "lockdown", "assigned access"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/settings-reference-windows-store-for-business.md b/windows/manage/settings-reference-windows-store-for-business.md
index b3b1cf9083..7cf2f724c9 100644
--- a/windows/manage/settings-reference-windows-store-for-business.md
+++ b/windows/manage/settings-reference-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Settings reference Windows Store for Business (Windows 10)
 description: The Windows Store for Business has a group of settings that admins use to manage the store.
 ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/settings-that-can-be-locked-down.md b/windows/manage/settings-that-can-be-locked-down.md
index 09b88d9160..325b33fcb7 100644
--- a/windows/manage/settings-that-can-be-locked-down.md
+++ b/windows/manage/settings-that-can-be-locked-down.md
@@ -3,7 +3,7 @@ title: Settings and quick actions that can be locked down in Windows 10 Mobile (
 description: This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile.
 ms.assetid: 69E2F202-D32B-4FAC-A83D-C3051DF02185
 keywords: ["lockdown"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md b/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md
index 45cf03f80d..4fc6b81da0 100644
--- a/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md
+++ b/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md
@@ -2,7 +2,7 @@
 title: Sign code integrity policy with Device Guard signing (Windows 10)
 description: Signing code integrity policies prevents policies from being tampered with after they're deployed. You can sign code integrity policies with the Device Guard signing portal.
 ms.assetid: 63B56B8B-2A40-44B5-B100-DC50C43D20A9
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/sign-up-windows-store-for-business-overview.md b/windows/manage/sign-up-windows-store-for-business-overview.md
index 382b317a88..5aeff64c06 100644
--- a/windows/manage/sign-up-windows-store-for-business-overview.md
+++ b/windows/manage/sign-up-windows-store-for-business-overview.md
@@ -2,7 +2,7 @@
 title: Sign up and get started (Windows 10)
 description: IT admins can sign up for the Windows Store for Business, and get started working with apps.
 ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/sign-up-windows-store-for-business.md b/windows/manage/sign-up-windows-store-for-business.md
index bbbb7df639..cd31dc1d15 100644
--- a/windows/manage/sign-up-windows-store-for-business.md
+++ b/windows/manage/sign-up-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Sign up for Windows Store for Business (Windows 10)
 description: Before you sign up for Windows Store for Business, at a minimum, you'll need an Azure Active Directory (AD) account for your organization, and you'll need to be the global administrator for your organization.
 ms.assetid: 296AAC02-5C79-4999-B221-4F5F8CEA1F12
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/stop-employees-from-using-the-windows-store.md b/windows/manage/stop-employees-from-using-the-windows-store.md
index a8e3f58f0b..7b3cb2aa7b 100644
--- a/windows/manage/stop-employees-from-using-the-windows-store.md
+++ b/windows/manage/stop-employees-from-using-the-windows-store.md
@@ -2,7 +2,7 @@
 title: Configure access to Windows Store (Windows 10)
 description: IT Pros can configure access to Windows Store for client computers in their organization. For some organizations, business policies require blocking access to Windows Store.
 ms.assetid: 7AA60D3D-2A69-45E7-AAB0-B8AFC29C2E97
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/troubleshoot-windows-store-for-business.md b/windows/manage/troubleshoot-windows-store-for-business.md
index 0c9404bb5a..f39d0bcdbf 100644
--- a/windows/manage/troubleshoot-windows-store-for-business.md
+++ b/windows/manage/troubleshoot-windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Troubleshoot Windows Store for Business (Windows 10)
 description: Troubleshooting topics for Windows Store for Business.
 ms.assetid: 243755A3-9B20-4032-9A77-2207320A242A
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/update-windows-store-for-business-account-settings.md b/windows/manage/update-windows-store-for-business-account-settings.md
index 0150a4f7e4..613556110e 100644
--- a/windows/manage/update-windows-store-for-business-account-settings.md
+++ b/windows/manage/update-windows-store-for-business-account-settings.md
@@ -1,7 +1,7 @@
 ---
 title: Update Windows Store for Business account settings (Windows 10)
 description: The Account information page in Windows Store for Business shows information about your organization that you can update, including country or region, organization name, default domain, and language preference.
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/windows-10-mobile-and-mdm.md b/windows/manage/windows-10-mobile-and-mdm.md
index a818238913..6e48f9f183 100644
--- a/windows/manage/windows-10-mobile-and-mdm.md
+++ b/windows/manage/windows-10-mobile-and-mdm.md
@@ -3,7 +3,7 @@ title: Windows 10 Mobile and mobile device management (Windows 10)
 description: This guide provides an overview of the mobile device and app management technologies in the Windows 10 Mobile operating system.
 ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E
 keywords: telemetry, BYOD, MDM
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile; devices
diff --git a/windows/manage/windows-10-start-layout-options-and-policies.md b/windows/manage/windows-10-start-layout-options-and-policies.md
index 5a0c3eadfe..34e40d5095 100644
--- a/windows/manage/windows-10-start-layout-options-and-policies.md
+++ b/windows/manage/windows-10-start-layout-options-and-policies.md
@@ -3,7 +3,7 @@ title: Manage Windows 10 Start layout options (Windows 10)
 description: Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Enterprise or Windows 10 Education.
 ms.assetid: 2E94743B-6A49-463C-9448-B7DD19D9CD6A
 keywords: ["start screen", "start menu"]
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
diff --git a/windows/manage/windows-store-for-business.md b/windows/manage/windows-store-for-business.md
index b718c7ace7..b30c16566a 100644
--- a/windows/manage/windows-store-for-business.md
+++ b/windows/manage/windows-store-for-business.md
@@ -2,7 +2,7 @@
 title: Windows Store for Business (Windows 10)
 description: Welcome to the Windows Store for Business You can use the Store for Business, to find, acquire, distribute, and manage apps for your organization.
 ms.assetid: 527E611E-4D47-44F0-9422-DCC2D1ACBAB8
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/manage/working-with-line-of-business-apps.md b/windows/manage/working-with-line-of-business-apps.md
index 2700a1f83a..e3bfdb63b7 100644
--- a/windows/manage/working-with-line-of-business-apps.md
+++ b/windows/manage/working-with-line-of-business-apps.md
@@ -2,7 +2,7 @@
 title: Working with line-of-business apps (Windows 10)
 description: Your company can make line-of-business (LOB) applications available through Windows Store for Business. These apps are custom to your company – they might be internal business apps, or apps specific to your business or industry.
 ms.assetid: 95EB7085-335A-447B-84BA-39C26AEB5AC7
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: TrudyHa
diff --git a/windows/plan/deployment-considerations-for-windows-to-go.md b/windows/plan/deployment-considerations-for-windows-to-go.md
index da2f4412e7..5ef6884c18 100644
--- a/windows/plan/deployment-considerations-for-windows-to-go.md
+++ b/windows/plan/deployment-considerations-for-windows-to-go.md
@@ -3,7 +3,7 @@ title: Deployment considerations for Windows To Go (Windows 10)
 description: Deployment considerations for Windows To Go
 ms.assetid: dcfc5d96-b96b-44cd-ab65-416b5611c65e
 keywords: deploy, mobile, device, USB, boot, image, workspace, driver
-ms.prod: W10
+ms.prod: w10
 ms.mktglfcycl: plan
 ms.pagetype: mobility
 ms.sitesec: library

From 526658c523cad7d9758766e788db3bc4acc1011c Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 2 Jun 2016 15:45:20 -0700
Subject: [PATCH 80/92] fix TOC

---
 windows/deploy/TOC.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index 6abf80bb3f..f31672bb81 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -137,5 +137,5 @@
 ###### [XML Elements Library](usmt-xml-elements-library.md)
 ##### [Offline Migration Reference](offline-migration-reference.md)
 ## [Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md)
-# [Keep Windows 10 secure](.../keep-secure/index.md)
-# [Manage and update Windows 10](.../manage/index.md)
\ No newline at end of file
+# [Keep Windows 10 secure](../keep-secure/index.md)
+# [Manage and update Windows 10](../manage/index.md)
\ No newline at end of file

From f431cb982656bf9712abd9e85de4bab5c81908a0 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 2 Jun 2016 15:46:46 -0700
Subject: [PATCH 81/92] adding to change history

---
 .../change-history-for-keep-windows-10-secure.md            | 6 ++++++
 .../keep-secure/windows-firewall-with-advanced-security.md  | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 53fc6a0ef7..98ab141f25 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -12,6 +12,12 @@ author: brianlic-msft
 # Change history for Keep Windows 10 secure
 This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## June 2016
+
+|New or changed topic | Description |
+|----------------------|-------------|
+| [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) (multiple topics) | New |
+
 ## May 2016
 
 |New or changed topic | Description |
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security.md b/windows/keep-secure/windows-firewall-with-advanced-security.md
index 3adc42213a..51c6967315 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security.md
@@ -1,6 +1,6 @@
 ---
-title: Windows Firewall with Advanced Security Overview (Windows 10)
-description: Windows Firewall with Advanced Security Overview
+title: Windows Firewall with Advanced Security (Windows 10)
+description: Windows Firewall with Advanced Security
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -8,7 +8,7 @@ ms.pagetype: security
 author: brianlic-msft
 ---
 
-# Windows Firewall with Advanced Security Overview
+# Windows Firewall with Advanced Security
 
 **Applies to**
 -   Windows 10

From 7d0722228fc029ba23ff78245bbeafeb04bc0327 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 2 Jun 2016 15:58:04 -0700
Subject: [PATCH 82/92] added security monitoring reference topics to change
 history

---
 windows/keep-secure/change-history-for-keep-windows-10-secure.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 98ab141f25..ccdef718f0 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -17,6 +17,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |New or changed topic | Description |
 |----------------------|-------------|
 | [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) (multiple topics) | New |
+| [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) (mutiple topics) | New security monitoring reference topics |
 
 ## May 2016
 

From 930370b5644f4b652172f2312e99b32ae5cf7903 Mon Sep 17 00:00:00 2001
From: Brian Lich <brianlic@microsoft.com>
Date: Thu, 2 Jun 2016 16:07:04 -0700
Subject: [PATCH 83/92] adding WFAS to links table in security technologies
 topic

---
 windows/keep-secure/security-technologies.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/keep-secure/security-technologies.md b/windows/keep-secure/security-technologies.md
index 39c9eedbb3..19a6af38ba 100644
--- a/windows/keep-secure/security-technologies.md
+++ b/windows/keep-secure/security-technologies.md
@@ -24,6 +24,7 @@ Learn more about the different security technologies that are available in Windo
 | [User Account Control](user-account-control-overview.md)| User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.|
 | [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md)| Windows Defender Advanced Threat Protection (Windows Defender ATP) is an out-of-the-box Windows enterprise security service that enables enterprise cybersecurity teams to detect and respond to advanced threats on their networks.|
 | [Windows Defender in Windows 10](windows-defender-in-windows-10.md)| This topic provides an overview of Windows Defender, including a list of system requirements and new features.|
+| [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) | Windows Firewall with Advanced Security is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local device. |
 
  
  

From 893d4bde5caa58c336c4991aab49756b8de3e028 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 2 Jun 2016 16:44:26 -0700
Subject: [PATCH 84/92] moving change history again

---
 windows/deploy/index.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/deploy/index.md b/windows/deploy/index.md
index 4e09532aaf..c6b8e27ed1 100644
--- a/windows/deploy/index.md
+++ b/windows/deploy/index.md
@@ -15,6 +15,7 @@ Learn about deploying Windows 10 for IT professionals.
 
 |Topic |Description |
 |------|------------|
+|[Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md) |This topic lists new and updated topics in the Deploy Windows 10 documentation for [Windows 10 and Windows 10 Mobile](../index.md). |
 |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
 |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically. |
 |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. |
@@ -28,7 +29,7 @@ Learn about deploying Windows 10 for IT professionals.
 |[Sideload apps in Windows 10](sideload-apps-in-windows-10.md) |Sideload line-of-business apps in Windows 10. |
 |[Volume Activation [client]](volume-activation-windows-10.md) |This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. |
 |[Windows 10 deployment tools reference](windows-10-deployment-tools-reference.md) |Learn about the tools available to deploy Windows 10. |
-|[Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md) |This topic lists new and updated topics in the Deploy Windows 10 documentation for [Windows 10 and Windows 10 Mobile](../index.md). |
+
 ## Related topics
 - [Windows 10 and Windows 10 Mobile](../index.md)
 

From 1329435b6ffacf5b118b479f3092f0a5aa865b9f Mon Sep 17 00:00:00 2001
From: saldana <saldana@microsoft.com>
Date: Thu, 2 Jun 2016 17:17:56 -0700
Subject: [PATCH 85/92] Delete index.md

---
 education/index.md | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 education/index.md

diff --git a/education/index.md b/education/index.md
deleted file mode 100644
index 0bd9ced4cc..0000000000
--- a/education/index.md
+++ /dev/null
@@ -1 +0,0 @@
-#OP Testing file

From e7aff2f5a5aa15ae0e6e6eb113d0ded70c215bea Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 2 Jun 2016 17:54:32 -0700
Subject: [PATCH 86/92] added office support statement

---
 windows/deploy/usmt-technical-reference.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/deploy/usmt-technical-reference.md b/windows/deploy/usmt-technical-reference.md
index 5bdf666976..17380ccbb3 100644
--- a/windows/deploy/usmt-technical-reference.md
+++ b/windows/deploy/usmt-technical-reference.md
@@ -13,6 +13,8 @@ The User State Migration Tool (USMT) 10.0 is included with the Windows Assessme
 
 Download the Windows ADK [from this website](http://go.microsoft.com/fwlink/p/?LinkID=526803).
 
+**Note**: USMT version 10.1.10586 supports migration of user settings for installations of Microsoft Office 2003, 2007, 2010, and 2013.
+
 USMT 10.0 includes three command-line tools:
 
 -   ScanState.exe

From c52e38303fa7d09e4ba8557ac97f912ddd7a421f Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Thu, 2 Jun 2016 18:07:59 -0700
Subject: [PATCH 87/92] updated changelog

---
 windows/deploy/change-history-for-deploy-windows-10.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index ef6b329f37..ce380b474a 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -15,6 +15,7 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc
 | New or changed topic | Description |
 |----------------------|-------------|
 | [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) | New |
+| [User State Migration Tool Technical Reference](usmt-technical-reference.md) | Updated |
 
 ## May 2016
 | New or changed topic | Description |

From 9295197ecd3c42cf32fbfbbf65b00d000b9ba9bb Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Fri, 3 Jun 2016 04:14:38 -0700
Subject: [PATCH 88/92] changed link from 8.1 ADK to 10

---
 windows/deploy/configure-a-pxe-server-to-load-windows-pe.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index a304a10c23..b1c649a58a 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -21,7 +21,7 @@ This walkthrough describes how to configure a PXE server to load Windows PE by
 
 ## Prerequisites
 
-- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](https://www.microsoft.com/en-us/download/details.aspx?id=39982) (Windows ADK) installed.
+- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](http://go.microsoft.com/fwlink/p/?LinkId=526740) (Windows ADK) installed.
 - A DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests is required.
 - A PXE server: A server running the TFTP service that can host Windows PE boot files that the client will download.
 - A file server: A server hosting a network file share.

From b2eaf641df05cde3f9ca69bfe6c2dab57cefcc33 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Fri, 3 Jun 2016 04:49:03 -0700
Subject: [PATCH 89/92] fix slash literal

---
 windows/deploy/configure-a-pxe-server-to-load-windows-pe.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index b1c649a58a..0fbc6b75e9 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -59,7 +59,7 @@ All four of the roles specified above can be hosted on the same computer or each
     ```
     Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
     ```
-5. Map a network share to the root TFTP directory on the PXE/TFTP server and create a \Boot folder. Consult your TFTP server documentation to determine the root TFTP server directory, then enable sharing for this directory, and verify it can be accessed on the network. In the following example, the PXE server name is PXE-1 and the TFTP root directory is shared using a network path of \\PXE-1\TFTPRoot:
+5. Map a network share to the root TFTP directory on the PXE/TFTP server and create a \Boot folder. Consult your TFTP server documentation to determine the root TFTP server directory, then enable sharing for this directory, and verify it can be accessed on the network. In the following example, the PXE server name is PXE-1 and the TFTP root directory is shared using a network path of \\\PXE-1\TFTPRoot:
 
     ```
     net use y: \\PXE-1\TFTPRoot

From b876c362c2a133b1361278e5e23250ec556ad637 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <greglin@microsoft.com>
Date: Fri, 3 Jun 2016 10:19:06 -0700
Subject: [PATCH 90/92] fixed typo in directory structure

---
 .../configure-a-pxe-server-to-load-windows-pe.md       | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index 0fbc6b75e9..463da5964f 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -49,17 +49,17 @@ All four of the roles specified above can be hosted on the same computer or each
     The script creates the destination directory structure and copies all the necessary files for that architecture. In the previous example, the following directories are created:
     
     ```
-    C:\winpe\_amd64
-    C:\winpe\_amd64\fwfiles
-    C:\winpe\_amd64\media
-    C:\winpe\_amd64\mount
+    C:\winpe_amd64
+    C:\winpe_amd64\fwfiles
+    C:\winpe_amd64\media
+    C:\winpe_amd64\mount
     ```
 4. Mount the base Windows PE image (winpe.wim) to the \mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. See the following example.
 
     ```
     Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
     ```
-5. Map a network share to the root TFTP directory on the PXE/TFTP server and create a \Boot folder. Consult your TFTP server documentation to determine the root TFTP server directory, then enable sharing for this directory, and verify it can be accessed on the network. In the following example, the PXE server name is PXE-1 and the TFTP root directory is shared using a network path of \\\PXE-1\TFTPRoot:
+5. Map a network share to the root TFTP directory on the PXE/TFTP server and create a \Boot folder. Consult your TFTP server documentation to determine the root TFTP server directory, then enable sharing for this directory, and verify it can be accessed on the network. In the following example, the PXE server name is PXE-1 and the TFTP root directory is shared using a network path of **\\\PXE-1\TFTPRoot**:
 
     ```
     net use y: \\PXE-1\TFTPRoot

From 8875ae34c5d74bb2924bae1f20d87bb3adb743f1 Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Fri, 3 Jun 2016 13:06:19 -0700
Subject: [PATCH 91/92] update tagging

added some w10 tags, ms.pagetype
---
 windows/manage/acquire-apps-windows-store-for-business.md    | 2 ++
 windows/manage/add-unsigned-app-to-code-integrity-policy.md  | 1 +
 .../app-inventory-managemement-windows-store-for-business.md | 1 +
 .../application-development-for-windows-as-a-service.md      | 2 +-
 windows/manage/apps-in-windows-store-for-business.md         | 1 +
 windows/manage/assign-apps-to-employees.md                   | 1 +
 .../configure-mdm-provider-windows-store-for-business.md     | 1 +
 .../configure-windows-telemetry-in-your-organization.md      | 5 +++++
 windows/manage/device-guard-signing-portal.md                | 1 +
 windows/manage/distribute-apps-from-your-private-store.md    | 1 +
 ...bute-apps-to-your-employees-windows-store-for-business.md | 1 +
 windows/manage/distribute-apps-with-management-tool.md       | 1 +
 windows/manage/distribute-offline-apps.md                    | 1 +
 windows/manage/find-and-acquire-apps-overview.md             | 1 +
 .../group-policies-for-enterprise-and-education-editions.md  | 1 +
 windows/manage/introduction-to-windows-10-servicing.md       | 2 +-
 .../join-windows-10-mobile-to-azure-active-directory.md      | 3 ++-
 windows/manage/lock-down-windows-10-to-specific-apps.md      | 1 +
 windows/manage/lock-down-windows-10.md                       | 1 +
 windows/manage/lockdown-xml.md                               | 1 +
 windows/manage/manage-access-to-private-store.md             | 4 ++++
 .../manage-apps-windows-store-for-business-overview.md       | 1 +
 ...dows-operating-system-components-to-microsoft-services.md | 1 +
 windows/manage/manage-corporate-devices.md                   | 1 +
 windows/manage/manage-cortana-in-enterprise.md               | 3 +++
 windows/manage/manage-orders-windows-store-for-business.md   | 2 ++
 windows/manage/manage-private-store-settings.md              | 1 +
 windows/manage/manage-settings-windows-store-for-business.md | 1 +
 .../manage-users-and-groups-windows-store-for-business.md    | 1 +
 windows/manage/prerequisites-windows-store-for-business.md   | 1 +
 windows/manage/product-ids-in-windows-10-mobile.md           | 1 +
 windows/manage/reset-a-windows-10-mobile-device.md           | 1 +
 .../roles-and-permissions-windows-store-for-business.md      | 1 +
 .../set-up-a-kiosk-for-windows-10-for-mobile-edition.md      | 1 +
 .../manage/settings-reference-windows-store-for-business.md  | 1 +
 windows/manage/settings-that-can-be-locked-down.md           | 1 +
 .../sign-code-integrity-policy-with-device-guard-signing.md  | 1 +
 .../manage/sign-up-windows-store-for-business-overview.md    | 1 +
 windows/manage/sign-up-windows-store-for-business.md         | 1 +
 windows/manage/troubleshoot-windows-store-for-business.md    | 1 +
 .../update-windows-store-for-business-account-settings.md    | 1 +
 windows/manage/windows-10-mobile-and-mdm.md                  | 2 +-
 windows/manage/windows-store-for-business.md                 | 1 +
 windows/manage/working-with-line-of-business-apps.md         | 1 +
 44 files changed, 56 insertions(+), 4 deletions(-)

diff --git a/windows/manage/acquire-apps-windows-store-for-business.md b/windows/manage/acquire-apps-windows-store-for-business.md
index 47dc081e5c..5f68e8e296 100644
--- a/windows/manage/acquire-apps-windows-store-for-business.md
+++ b/windows/manage/acquire-apps-windows-store-for-business.md
@@ -4,6 +4,8 @@ description: As an admin, you can acquire apps from the Windows Store for Busine
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
+author: TrudyHa
 ---
 
 # Acquire apps in Windows Store for Business
diff --git a/windows/manage/add-unsigned-app-to-code-integrity-policy.md b/windows/manage/add-unsigned-app-to-code-integrity-policy.md
index 8ccdfd7c62..d453da171a 100644
--- a/windows/manage/add-unsigned-app-to-code-integrity-policy.md
+++ b/windows/manage/add-unsigned-app-to-code-integrity-policy.md
@@ -5,6 +5,7 @@ ms.assetid: 580E18B1-2FFD-4EE4-8CC5-6F375BE224EA
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store, security
 author: TrudyHa
 ---
 
diff --git a/windows/manage/app-inventory-managemement-windows-store-for-business.md b/windows/manage/app-inventory-managemement-windows-store-for-business.md
index 16923a2b15..d58572c900 100644
--- a/windows/manage/app-inventory-managemement-windows-store-for-business.md
+++ b/windows/manage/app-inventory-managemement-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/application-development-for-windows-as-a-service.md b/windows/manage/application-development-for-windows-as-a-service.md
index 5b8fc04a92..dedc91d3cd 100644
--- a/windows/manage/application-development-for-windows-as-a-service.md
+++ b/windows/manage/application-development-for-windows-as-a-service.md
@@ -5,7 +5,7 @@ ms.assetid: 28E0D103-B0EE-4B14-8680-6F30BD373ACF
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: security
+ms.pagetype: security, servicing
 author: greg-lindsay
 ---
 
diff --git a/windows/manage/apps-in-windows-store-for-business.md b/windows/manage/apps-in-windows-store-for-business.md
index bd94b6ad6f..dec7d4ca5f 100644
--- a/windows/manage/apps-in-windows-store-for-business.md
+++ b/windows/manage/apps-in-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: CC5641DA-3CEA-4950-AD81-1AF1AE876926
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/assign-apps-to-employees.md b/windows/manage/assign-apps-to-employees.md
index e3be271bfd..adf354a31f 100644
--- a/windows/manage/assign-apps-to-employees.md
+++ b/windows/manage/assign-apps-to-employees.md
@@ -5,6 +5,7 @@ ms.assetid: A0DF4EC2-BE33-41E1-8832-DBB0EBECA31A
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/configure-mdm-provider-windows-store-for-business.md b/windows/manage/configure-mdm-provider-windows-store-for-business.md
index d187a3674a..e621a59e02 100644
--- a/windows/manage/configure-mdm-provider-windows-store-for-business.md
+++ b/windows/manage/configure-mdm-provider-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/configure-windows-telemetry-in-your-organization.md b/windows/manage/configure-windows-telemetry-in-your-organization.md
index 0c28495bbb..1d4f6b116f 100644
--- a/windows/manage/configure-windows-telemetry-in-your-organization.md
+++ b/windows/manage/configure-windows-telemetry-in-your-organization.md
@@ -2,6 +2,11 @@
 description: Use this article to make informed decisions about how you can configure telemetry in your organization.
 title: Configure Windows telemetry in your organization (Windows 10)
 keywords: privacy
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
 ---
 
 # Configure Windows telemetry in your organization
diff --git a/windows/manage/device-guard-signing-portal.md b/windows/manage/device-guard-signing-portal.md
index c511f4b081..cff094be8b 100644
--- a/windows/manage/device-guard-signing-portal.md
+++ b/windows/manage/device-guard-signing-portal.md
@@ -5,6 +5,7 @@ ms.assetid: 8D9CD2B9-5FC6-4C3D-AA96-F135AFEEBB78
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store, security
 author: TrudyHa
 ---
 
diff --git a/windows/manage/distribute-apps-from-your-private-store.md b/windows/manage/distribute-apps-from-your-private-store.md
index 07e519edc4..c81973c29f 100644
--- a/windows/manage/distribute-apps-from-your-private-store.md
+++ b/windows/manage/distribute-apps-from-your-private-store.md
@@ -5,6 +5,7 @@ ms.assetid: C4644035-845C-4C84-87F0-D87EA8F5BA19
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md b/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md
index 1c58d0489a..ffdae6061d 100644
--- a/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md
+++ b/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: E591497C-6DFA-49C1-8329-4670F2164E9E
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/distribute-apps-with-management-tool.md b/windows/manage/distribute-apps-with-management-tool.md
index 65abfa89d6..5677c4fd85 100644
--- a/windows/manage/distribute-apps-with-management-tool.md
+++ b/windows/manage/distribute-apps-with-management-tool.md
@@ -5,6 +5,7 @@ ms.assetid: 006F5FB1-E688-4769-BD9A-CFA6F5829016
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/distribute-offline-apps.md b/windows/manage/distribute-offline-apps.md
index 82c3720714..f6493b53b4 100644
--- a/windows/manage/distribute-offline-apps.md
+++ b/windows/manage/distribute-offline-apps.md
@@ -5,6 +5,7 @@ ms.assetid: 6B9F6876-AA66-4EE4-A448-1371511AC95E
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/find-and-acquire-apps-overview.md b/windows/manage/find-and-acquire-apps-overview.md
index 28a4e36fef..4b4aab57ea 100644
--- a/windows/manage/find-and-acquire-apps-overview.md
+++ b/windows/manage/find-and-acquire-apps-overview.md
@@ -5,6 +5,7 @@ ms.assetid: 274A5003-5F15-4635-BB8B-953953FD209A
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/group-policies-for-enterprise-and-education-editions.md b/windows/manage/group-policies-for-enterprise-and-education-editions.md
index 8a39c49e60..6f0d5c95ad 100644
--- a/windows/manage/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md
@@ -4,6 +4,7 @@ description: Use this topic to learn about Group Policy objects that apply only
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: edu
 ---
 
 # Group Policies that apply only to Windows 10 Enterprise and Education Editions
diff --git a/windows/manage/introduction-to-windows-10-servicing.md b/windows/manage/introduction-to-windows-10-servicing.md
index 4a7499aac7..964324f9e5 100644
--- a/windows/manage/introduction-to-windows-10-servicing.md
+++ b/windows/manage/introduction-to-windows-10-servicing.md
@@ -6,7 +6,7 @@ keywords: update, LTSB, lifecycle, Windows update, upgrade
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: security
+ms.pagetype: security, servicing
 author: greg-lindsay
 ---
 
diff --git a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
index 876c02620c..3a8047bf80 100644
--- a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
+++ b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
@@ -3,8 +3,9 @@ title: Join Windows 10 Mobile to Azure Active Directory (Windows 10)
 description: Devices running Windows 10 Mobile can join Azure Active Directory (Azure AD) when the device is configured during the out-of-box experience (OOBE).
 ms.assetid: 955DD9EC-3519-4752-827E-79CEB1EC8D6B
 ms.prod: w10
-ms.mktglfcycl: deploy
+ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: mobile
 author: jdeckerMS
 ---
 
diff --git a/windows/manage/lock-down-windows-10-to-specific-apps.md b/windows/manage/lock-down-windows-10-to-specific-apps.md
index 800fe35493..232ab26d13 100644
--- a/windows/manage/lock-down-windows-10-to-specific-apps.md
+++ b/windows/manage/lock-down-windows-10-to-specific-apps.md
@@ -6,6 +6,7 @@ keywords: ["lockdown", "app restrictions", "applocker"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: edu, security
 author: jdeckerMS
 ---
 
diff --git a/windows/manage/lock-down-windows-10.md b/windows/manage/lock-down-windows-10.md
index 4c11f7b7ce..320d69d80d 100644
--- a/windows/manage/lock-down-windows-10.md
+++ b/windows/manage/lock-down-windows-10.md
@@ -6,6 +6,7 @@ keywords: lockdown
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: security, mobile
 author: jdeckerMS
 ---
 
diff --git a/windows/manage/lockdown-xml.md b/windows/manage/lockdown-xml.md
index 3baacaad11..7655d1f5e4 100644
--- a/windows/manage/lockdown-xml.md
+++ b/windows/manage/lockdown-xml.md
@@ -5,6 +5,7 @@ ms.assetid: 22C8F654-2EC3-4E6D-8666-1EA9FCF90F5F
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: security, mobile
 author: jdeckerMS
 ---
 
diff --git a/windows/manage/manage-access-to-private-store.md b/windows/manage/manage-access-to-private-store.md
index c6bca23dc2..47ddaea3ef 100644
--- a/windows/manage/manage-access-to-private-store.md
+++ b/windows/manage/manage-access-to-private-store.md
@@ -2,6 +2,10 @@
 title: Manage access to private store (Windows 10)
 description: You can manage access to your private store in Windows Store for Business.
 ms.assetid: 4E00109C-2782-474D-98C0-02A05BE613A5
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/manage-apps-windows-store-for-business-overview.md b/windows/manage/manage-apps-windows-store-for-business-overview.md
index faaed20b58..6856a7683d 100644
--- a/windows/manage/manage-apps-windows-store-for-business-overview.md
+++ b/windows/manage/manage-apps-windows-store-for-business-overview.md
@@ -5,6 +5,7 @@ ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index b1a2217df3..f3194a4699 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -6,6 +6,7 @@ keywords: privacy, manage connections to Microsoft
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+author: brianlic-msft
 ---
 
 # Manage connections from Windows operating system components to Microsoft services
diff --git a/windows/manage/manage-corporate-devices.md b/windows/manage/manage-corporate-devices.md
index 87b3a7684b..901a3beb11 100644
--- a/windows/manage/manage-corporate-devices.md
+++ b/windows/manage/manage-corporate-devices.md
@@ -6,6 +6,7 @@ keywords: ["MDM", "device management"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: devices
 author: jdeckerMS
 ---
 
diff --git a/windows/manage/manage-cortana-in-enterprise.md b/windows/manage/manage-cortana-in-enterprise.md
index f011f4fcae..b44e4c4920 100644
--- a/windows/manage/manage-cortana-in-enterprise.md
+++ b/windows/manage/manage-cortana-in-enterprise.md
@@ -2,6 +2,9 @@
 title: Cortana integration in your business or enterprise (Windows 10)
 description: The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
 ms.assetid: db7b05da-186f-4628-806a-f8b134e2af2c
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
 author: eross-msft
 ---
 
diff --git a/windows/manage/manage-orders-windows-store-for-business.md b/windows/manage/manage-orders-windows-store-for-business.md
index bfebed0a7e..03d95f9433 100644
--- a/windows/manage/manage-orders-windows-store-for-business.md
+++ b/windows/manage/manage-orders-windows-store-for-business.md
@@ -4,6 +4,8 @@ description: You can view your order history with Windows Store for Business.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
+author: TrudyHa
 ---
 
 # Manage app orders in Windows Store for Business
diff --git a/windows/manage/manage-private-store-settings.md b/windows/manage/manage-private-store-settings.md
index dd0d959555..1eb1190a30 100644
--- a/windows/manage/manage-private-store-settings.md
+++ b/windows/manage/manage-private-store-settings.md
@@ -5,6 +5,7 @@ ms.assetid: 2D501538-0C6E-4408-948A-2BF5B05F7A0C
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/manage-settings-windows-store-for-business.md b/windows/manage/manage-settings-windows-store-for-business.md
index 5736a2df33..04bd40016e 100644
--- a/windows/manage/manage-settings-windows-store-for-business.md
+++ b/windows/manage/manage-settings-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/manage-users-and-groups-windows-store-for-business.md b/windows/manage/manage-users-and-groups-windows-store-for-business.md
index a057ed9e67..42fb25bfa2 100644
--- a/windows/manage/manage-users-and-groups-windows-store-for-business.md
+++ b/windows/manage/manage-users-and-groups-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: 5E7FA071-CABD-4ACA-8AAE-F549EFCE922F
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/prerequisites-windows-store-for-business.md b/windows/manage/prerequisites-windows-store-for-business.md
index 706b1a93a1..85f411ba17 100644
--- a/windows/manage/prerequisites-windows-store-for-business.md
+++ b/windows/manage/prerequisites-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: CEBC6870-FFDD-48AD-8650-8B0DC6B2651D
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/product-ids-in-windows-10-mobile.md b/windows/manage/product-ids-in-windows-10-mobile.md
index 0e9a15a716..f1e1f9a3e3 100644
--- a/windows/manage/product-ids-in-windows-10-mobile.md
+++ b/windows/manage/product-ids-in-windows-10-mobile.md
@@ -6,6 +6,7 @@ keywords: ["lockdown"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: mobile
 author: jdeckerMS
 ---
 
diff --git a/windows/manage/reset-a-windows-10-mobile-device.md b/windows/manage/reset-a-windows-10-mobile-device.md
index 15d8ead349..f9b0a026b4 100644
--- a/windows/manage/reset-a-windows-10-mobile-device.md
+++ b/windows/manage/reset-a-windows-10-mobile-device.md
@@ -5,6 +5,7 @@ ms.assetid: B42A71F4-DFEE-4D6E-A904-7942D1AAB73F
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: mobile
 author: jdeckerMS
 ---
 
diff --git a/windows/manage/roles-and-permissions-windows-store-for-business.md b/windows/manage/roles-and-permissions-windows-store-for-business.md
index 6906e95ed6..4fbfcc521e 100644
--- a/windows/manage/roles-and-permissions-windows-store-for-business.md
+++ b/windows/manage/roles-and-permissions-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: CB6281E1-37B1-4B8B-991D-BC5ED361F1EE
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
index 6b5f7c60df..ad17d4f627 100644
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
@@ -6,6 +6,7 @@ keywords: ["kiosk", "lockdown", "assigned access"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: mobile
 author: jdeckerMS
 ---
 
diff --git a/windows/manage/settings-reference-windows-store-for-business.md b/windows/manage/settings-reference-windows-store-for-business.md
index 7cf2f724c9..283e512bd4 100644
--- a/windows/manage/settings-reference-windows-store-for-business.md
+++ b/windows/manage/settings-reference-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/settings-that-can-be-locked-down.md b/windows/manage/settings-that-can-be-locked-down.md
index 325b33fcb7..a58bf463c0 100644
--- a/windows/manage/settings-that-can-be-locked-down.md
+++ b/windows/manage/settings-that-can-be-locked-down.md
@@ -6,6 +6,7 @@ keywords: ["lockdown"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: mobile
 author: jdeckerMS
 ---
 
diff --git a/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md b/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md
index 4fc6b81da0..71deb2dedb 100644
--- a/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md
+++ b/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md
@@ -5,6 +5,7 @@ ms.assetid: 63B56B8B-2A40-44B5-B100-DC50C43D20A9
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store, security
 author: TrudyHa
 ---
 
diff --git a/windows/manage/sign-up-windows-store-for-business-overview.md b/windows/manage/sign-up-windows-store-for-business-overview.md
index 5aeff64c06..93c2e85ad1 100644
--- a/windows/manage/sign-up-windows-store-for-business-overview.md
+++ b/windows/manage/sign-up-windows-store-for-business-overview.md
@@ -5,6 +5,7 @@ ms.assetid: 87C6FA60-3AB9-4152-A85C-6A1588A20C7B
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/sign-up-windows-store-for-business.md b/windows/manage/sign-up-windows-store-for-business.md
index cd31dc1d15..89ca4e135b 100644
--- a/windows/manage/sign-up-windows-store-for-business.md
+++ b/windows/manage/sign-up-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: 296AAC02-5C79-4999-B221-4F5F8CEA1F12
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/troubleshoot-windows-store-for-business.md b/windows/manage/troubleshoot-windows-store-for-business.md
index f39d0bcdbf..d663d2188d 100644
--- a/windows/manage/troubleshoot-windows-store-for-business.md
+++ b/windows/manage/troubleshoot-windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: 243755A3-9B20-4032-9A77-2207320A242A
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/update-windows-store-for-business-account-settings.md b/windows/manage/update-windows-store-for-business-account-settings.md
index 613556110e..2870bbda8a 100644
--- a/windows/manage/update-windows-store-for-business-account-settings.md
+++ b/windows/manage/update-windows-store-for-business-account-settings.md
@@ -4,6 +4,7 @@ description: The Account information page in Windows Store for Business shows in
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/windows-10-mobile-and-mdm.md b/windows/manage/windows-10-mobile-and-mdm.md
index 6e48f9f183..3d3c8ab0f1 100644
--- a/windows/manage/windows-10-mobile-and-mdm.md
+++ b/windows/manage/windows-10-mobile-and-mdm.md
@@ -6,7 +6,7 @@ keywords: telemetry, BYOD, MDM
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: mobile; devices
+ms.pagetype: mobile, devices, security
 author: AMeeus
 ---
 
diff --git a/windows/manage/windows-store-for-business.md b/windows/manage/windows-store-for-business.md
index b30c16566a..d3a4044273 100644
--- a/windows/manage/windows-store-for-business.md
+++ b/windows/manage/windows-store-for-business.md
@@ -5,6 +5,7 @@ ms.assetid: 527E611E-4D47-44F0-9422-DCC2D1ACBAB8
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 
diff --git a/windows/manage/working-with-line-of-business-apps.md b/windows/manage/working-with-line-of-business-apps.md
index e3bfdb63b7..f780a06748 100644
--- a/windows/manage/working-with-line-of-business-apps.md
+++ b/windows/manage/working-with-line-of-business-apps.md
@@ -5,6 +5,7 @@ ms.assetid: 95EB7085-335A-447B-84BA-39C26AEB5AC7
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
+ms.pagetype: store
 author: TrudyHa
 ---
 

From 3877c918cf8311748f3648f7144f0226a150b15e Mon Sep 17 00:00:00 2001
From: Jan Backstrom <v-jaback@microsoft.com>
Date: Fri, 3 Jun 2016 13:08:25 -0700
Subject: [PATCH 92/92] add author

---
 .../group-policies-for-enterprise-and-education-editions.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/manage/group-policies-for-enterprise-and-education-editions.md b/windows/manage/group-policies-for-enterprise-and-education-editions.md
index 6f0d5c95ad..9904809076 100644
--- a/windows/manage/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md
@@ -4,7 +4,7 @@ description: Use this topic to learn about Group Policy objects that apply only
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-ms.pagetype: edu
+author: brianlic-msft
 ---
 
 # Group Policies that apply only to Windows 10 Enterprise and Education Editions