From 20c7edc176c82aa614636428fa7e94cec8364bbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksandar=20Nikoli=C4=87?= Date: Fri, 16 Sep 2016 09:57:08 +0200 Subject: [PATCH 01/12] Update contribute-to-a-topic.md Fix casing of "Markdown". --- windows/whats-new/contribute-to-a-topic.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/contribute-to-a-topic.md b/windows/whats-new/contribute-to-a-topic.md index 9b385aa076..df040f8573 100644 --- a/windows/whats-new/contribute-to-a-topic.md +++ b/windows/whats-new/contribute-to-a-topic.md @@ -31,7 +31,7 @@ You've already completed this step. ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png) -5. Using markdown language, make your changes to the topic. For info about how to edit content using markdown, see: +5. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see: - **If you're linked to the Microsoft organization in GitHub:** [Windows Open Publishing Guide Home](http://aka.ms/windows-op-guide) - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) @@ -68,4 +68,4 @@ You've already completed this step. - [Surface](https://technet.microsoft.com/itpro/surface) - [Surface Hub](https://technet.microsoft.com/itpro/surface-hub) - [Windows 10 for Education](https://technet.microsoft.com/edu/windows) - - [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop) \ No newline at end of file + - [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop) From 1510333eb4c4e6fd28456891ca350ab5b25a8b4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleksandar=20Nikoli=C4=87?= Date: Fri, 16 Sep 2016 10:02:59 +0200 Subject: [PATCH 02/12] Update CONTRIBUTING.md Fix casing of "Markdown". --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7a759f8ecb..fb6c3024d1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -30,7 +30,7 @@ We've tried to make editing an existing, public file as simple as possible. ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png) -4. Using markdown language, make your changes to the topic. For info about how to edit content using markdown, see: +4. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see: - **If you're linked to the Microsoft organization in GitHub:** [Windows Open Publishing Guide Home](http://aka.ms/windows-op-guide) - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) From 802e8486e4f81ac5470a04ce36ce76f74ed84ffb Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Mon, 19 Sep 2016 12:07:04 -0700 Subject: [PATCH 03/12] Update TOC.md --- education/windows/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/TOC.md b/education/windows/TOC.md index 64da3956f1..2e31b14786 100644 --- a/education/windows/TOC.md +++ b/education/windows/TOC.md @@ -1,5 +1,4 @@ # [Windows 10 for Education](index.md) -## [Change history for Windows 10 for Education](change-history-edu.md) ## [Windows 10 editions for education customers](windows-editions-for-education-customers.md) ## [Setup options for Windows 10](set-up-windows-10.md) ### [Use the Set up School PCs app ](use-set-up-school-pcs-app.md) @@ -18,3 +17,4 @@ ## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) ## [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) ## [Chromebook migration guide](chromebook-migration-guide.md) +## [Change history for Windows 10 for Education](change-history-edu.md) From a7dc4b2b99c3a372dcc6d8ecfa3a7c08851d5879 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Mon, 19 Sep 2016 12:38:51 -0700 Subject: [PATCH 04/12] fix numbering; figures --- ...ence-with-configuration-manager-and-mdt.md | 84 +++++++++---------- 1 file changed, 40 insertions(+), 44 deletions(-) diff --git a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md index c00676a646..566ae74fbb 100644 --- a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -25,7 +25,7 @@ For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is ## Create a task sequence using the MDT Integration Wizard -This section will walk you through the process of creating a System Center 2012 R2 Configuration Manager task sequence for production use. +This section walks you through the process of creating a System Center 2012 R2 Configuration Manager task sequence for production use. 1. On CM01, using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**. @@ -33,9 +33,9 @@ This section will walk you through the process of creating a System Center 2012 3. On the **General** page, assign the following settings and then click **Next**: - 1. Task sequence name: Windows 10 Enterprise x64 RTM + * Task sequence name: Windows 10 Enterprise x64 RTM - 2. Task sequence comments: Production image with Office 2013 + * Task sequence comments: Production image with Office 2013 4. On the **Details** page, assign the following settings and then click **Next**: @@ -43,17 +43,17 @@ This section will walk you through the process of creating a System Center 2012 2. Domain: contoso.com - 1. Account: CONTOSO\\CM\_JD + * Account: CONTOSO\\CM\_JD - 2. Password: Passw0rd! + * Password: Passw0rd! 3. Windows Settings - 1. User name: Contoso + * User name: Contoso - 2. Organization name: Contoso + * Organization name: Contoso - 3. Product key: <blank> + * Product key: <blank> 5. On the **Capture Settings** page, accept the default settings, and click **Next**. @@ -88,12 +88,10 @@ After you create the task sequence, we recommend that you configure the task seq 2. In the **Install** group, select the **Set Variable for Drive Letter** action and configure the following: - - OSDPreserveDriveLetter: True - - **Note**   - If you don't change this value, your Windows installation will end up in E:\\Windows. - -   + * OSDPreserveDriveLetter: True + + >[!NOTE]   + >If you don't change this value, your Windows installation will end up in E:\\Windows. 3. In the **Post Install** group, select **Apply Network Settings**, and configure the Domain OU value to use the **Contoso / Workstations** OU (browse for values). @@ -103,57 +101,55 @@ After you create the task sequence, we recommend that you configure the task seq 6. After the **Post Install / Drivers** group, add an **Apply Driver Package** action with the following settings: - 1. Name: HP EliteBook 8560w + * Name: HP EliteBook 8560w - 2. Driver Package: Windows 10 x64 - HP EliteBook 8560w + * Driver Package: Windows 10 x64 - HP EliteBook 8560w - 3. Options: Task Sequence Variable: Model equals HP EliteBook 8560w - - **Note**   - You also can add a Query WMI condition with the following query: SELECT \* FROM Win32\_ComputerSystem WHERE Model LIKE '%HP EliteBook 8560w%' - -   - - ![figure 24](images/fig27-driverpackage.png) - - Figure 24. The driver package options. + * Options: Task Sequence Variable: Model equals HP EliteBook 8560w + + >[!NOTE]   + >You also can add a Query WMI condition with the following query: SELECT \* FROM Win32\_ComputerSystem WHERE Model LIKE '%HP EliteBook 8560w%' + + ![Driver package options](images/fig27-driverpackage.png "Driver package options) + + *Figure 24. The driver package options* 7. In the **State Restore / Install Applications** group, select the **Install Application** action. 8. Select the **Install the following applications** option, and add the OSD / Adobe Reader XI - OSD Install application to the list. - ![figure 25](images/fig28-addapp.png) + ![Add an application to the task sequence](images/fig28-addapp.png "Add an application to the task sequence") - Figure 25. Add an application to the Configuration Manager task sequence. + *Figure 25. Add an application to the Configuration Manager task sequence* 9. In the **State Restore** group, after the **Set Status 5** action, add a **Request State Store** action with the following settings: - 1. Restore state from another computer + * Restore state from another computer - 2. If computer account fails to connect to state store, use the Network Access account + * If computer account fails to connect to state store, use the Network Access account - 3. Options: Continue on error + * Options: Continue on error - 4. Options / Condition: - - 1. Task Sequence Variable - - 2. USMTLOCAL not equals True + * Options / Condition: + + * Task Sequence Variable + + * USMTLOCAL not equals True 10. In the **State Restore** group, after the **Restore User State** action, add a **Release State Store** action with the following settings: - 1. Options: Continue on error + * Options: Continue on error - 2. Options / Condition: - - 1. Task Sequence Variable - - 2. USMTLOCAL not equals True + * Options / Condition: + + * Task Sequence Variable + + * USMTLOCAL not equals True 11. Click **OK**. -**Note**   -The Request State Store and Release State Store actions need to be added for common computer replace scenarios. +>[!NOTE]   +>The Request State Store and Release State Store actions need to be added for common computer replace scenarios.   From 0355aade2927515a896ad946c79847e659904b36 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Mon, 19 Sep 2016 13:02:55 -0700 Subject: [PATCH 05/12] fix numbering --- ...-a-task-sequence-with-configuration-manager-and-mdt.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md index 566ae74fbb..f259ac4131 100644 --- a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -39,15 +39,15 @@ This section walks you through the process of creating a System Center 2012 R2 C 4. On the **Details** page, assign the following settings and then click **Next**: - 1. Join a Domain + * Join a Domain - 2. Domain: contoso.com + * Domain: contoso.com * Account: CONTOSO\\CM\_JD * Password: Passw0rd! - 3. Windows Settings + * Windows Settings * User name: Contoso @@ -110,7 +110,7 @@ After you create the task sequence, we recommend that you configure the task seq >[!NOTE]   >You also can add a Query WMI condition with the following query: SELECT \* FROM Win32\_ComputerSystem WHERE Model LIKE '%HP EliteBook 8560w%' - ![Driver package options](images/fig27-driverpackage.png "Driver package options) + ![Driver package options](images/fig27-driverpackage.png "Driver package options") *Figure 24. The driver package options* From a58be96a9ec94e2d07c29d6d0e3318b710535430 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Mon, 19 Sep 2016 13:33:04 -0700 Subject: [PATCH 06/12] fix spacing; figures --- ...-windows-pe-using-configuration-manager.md | 13 ++++--- ...-windows-10-using-configuration-manager.md | 34 ++++++++----------- 2 files changed, 21 insertions(+), 26 deletions(-) diff --git a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md index 425d7331d5..5cad45cd88 100644 --- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md +++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md @@ -36,13 +36,12 @@ This section will show you how to import some network and storage drivers for Wi 5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice. -![figure 21](images/fig21-add-drivers.png) +![Add drivers to Windows PE](images/fig21-add-drivers.png "Add drivers to Windows PE") -Figure 21. Add drivers to Windows PE. - -**Note**   -The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two. +*Figure 21. Add drivers to Windows PE* +>[NOTE]   +>The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two.   ## Add drivers for Windows 10 @@ -56,9 +55,9 @@ This section illustrates how to add drivers for Windows 10 through an example in 3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**. - ![figure 22](images/fig22-createcategories.png) + ![Create driver categories](images/fig22-createcategories.png "Create driver categories") - Figure 22. Create driver categories. + *Figure 22. Create driver categories* 4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**: diff --git a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md index 4ee378dc32..caedb91233 100644 --- a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md +++ b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md @@ -22,15 +22,13 @@ Microsoft System Center 2012 R2 Configuration Manager supports deploying applica For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md). -**Note**   -Even though the new application model is fully supported to deploy via the task sequence, the most reliable way to deploy software via the task sequence is still the legacy packages, especially if you deploy many applications. - -  +>[NOTE]   +>Even though the new application model is fully supported to deploy via the task sequence, the most reliable way to deploy software via the task sequence is still the legacy packages, especially if you deploy many applications. ## Example: Create the Adobe Reader XI application -The steps below show you how to create the Adobe Reader XI application. This section assumes that you have downloaded the MSI version of Adobe Reader XI to the C:\\Setup\\Adobe Reader XI folder on CM01. +The following steps show you how to create the Adobe Reader XI application. This section assumes that you have downloaded the MSI version of Adobe Reader XI to the C:\\Setup\\Adobe Reader XI folder on CM01. 1. On CM01, using File Explorer, copy the **C:\\Setup\\Adobe Reader XI** folder to the **E:\\Sources\\Software\\Adobe** folder. @@ -42,17 +40,17 @@ The steps below show you how to create the Adobe Reader XI application. This sec 5. In the Create Application Wizard, on the **General** page, use the following settings: - 1. Automatically detect information about this application from installation files + * Automatically detect information about this application from installation files - 2. Type: Windows Installer (\*.msi file) + * Type: Windows Installer (\*.msi file) - 3. Location: \\\\CM01\\Sources$\\Software\\Adobe\\Adobe Reader XI + * Location: \\\\CM01\\Sources$\\Software\\Adobe\\Adobe Reader XI - 4. \\AdbeRdr11000\_en\_US.msi + * \\AdbeRdr11000\_en\_US.msi - ![figure 19](images/mdt-06-fig20.png) + ![The Create Application Wizard](images/mdt-06-fig20.png "The Create Application Wizard") - Figure 19. The Create Application Wizard. + *Figure 19. The Create Application Wizard* 6. Click **Next**, and wait while Configuration Manager parses the MSI file. @@ -60,14 +58,12 @@ The steps below show you how to create the Adobe Reader XI application. This sec 8. On the **General Information** page, name the application Adobe Reader XI - OSD Install, click **Next** twice, and then click **Close**. - **Note**   - Since it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence. - -   - - ![figure 20](images/mdt-06-fig21.png) - - Figure 20. Add the "OSD Install" suffix to the application name. + >[NOTE] + >Because it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence. + + ![Add the OSD Install suffix to the application name](images/mdt-06-fig21.png "Add the OSD Install suffix to the application name") + + *Figure 20. Add the "OSD Install" suffix to the application name* 9. In the **Applications** node, select the Adobe Reader XI - OSD Install application, and click **Properties** on the ribbon bar. From 735b78d15bb6a5a7e638083b4252aeee4b238ac9 Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Mon, 19 Sep 2016 13:47:52 -0700 Subject: [PATCH 07/12] fix note format --- ...-windows-pe-using-configuration-manager.md | 25 ++++++++----------- ...-windows-10-using-configuration-manager.md | 10 ++++---- 2 files changed, 16 insertions(+), 19 deletions(-) diff --git a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md index 5cad45cd88..878c230d72 100644 --- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md +++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md @@ -40,7 +40,7 @@ This section will show you how to import some network and storage drivers for Wi *Figure 21. Add drivers to Windows PE* ->[NOTE]   +>[!NOTE]   >The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two.   @@ -61,25 +61,22 @@ This section illustrates how to add drivers for Windows 10 through an example in 4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**: - 1. Name: Windows 10 x64 - HP EliteBook 8560w + * Name: Windows 10 x64 - HP EliteBook 8560w - 2. Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w - - **Note**   - The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder. + * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w + >[!NOTE]   + >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder.   5. On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**. -**Note**   -If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import. - -  - -![figure 23](images/mdt-06-fig26.png) - -Figure 23. Drivers imported and a new driver package created. + >[!NOTE]   + >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import. + + ![Drivers imported and a new driver package created](images/mdt-06-fig26.png "Drivers imported and a new driver package created") + + *Figure 23. Drivers imported and a new driver package created* ## Related topics diff --git a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md index caedb91233..4e7b504b13 100644 --- a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md +++ b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md @@ -22,7 +22,7 @@ Microsoft System Center 2012 R2 Configuration Manager supports deploying applica For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md). ->[NOTE]   +>[!NOTE]   >Even though the new application model is fully supported to deploy via the task sequence, the most reliable way to deploy software via the task sequence is still the legacy packages, especially if you deploy many applications. ## Example: Create the Adobe Reader XI application @@ -58,12 +58,12 @@ The following steps show you how to create the Adobe Reader XI application. This 8. On the **General Information** page, name the application Adobe Reader XI - OSD Install, click **Next** twice, and then click **Close**. - >[NOTE] - >Because it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence. + >[!NOTE] + >Because it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence. - ![Add the OSD Install suffix to the application name](images/mdt-06-fig21.png "Add the OSD Install suffix to the application name") + ![Add the OSD Install suffix to the application name](images/mdt-06-fig21.png "Add the OSD Install suffix to the application name") - *Figure 20. Add the "OSD Install" suffix to the application name* + *Figure 20. Add the "OSD Install" suffix to the application name* 9. In the **Applications** node, select the Adobe Reader XI - OSD Install application, and click **Properties** on the ribbon bar. From f81dee115f9ec126c622bb03441dfdc3e8b34e82 Mon Sep 17 00:00:00 2001 From: Justinha Date: Mon, 19 Sep 2016 14:01:05 -0700 Subject: [PATCH 08/12] changed to certlm for self-signed cert procedure --- .../bitlocker-how-to-enable-network-unlock.md | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md index 3f2fc5e488..6036e80580 100644 --- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md +++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md @@ -151,7 +151,7 @@ New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN= Certreq example: -1. Create a text file with an .inf extension. For example, notepad.exe BitLocker-NetworkUnlock.inf +1. Create a text file with an .inf extension. For example, notepad.exe BitLocker-NetworkUnlock.inf. 2. Add the following contents to the previously created file: ``` syntax @@ -179,9 +179,9 @@ Certreq example: certreq -new BitLocker-NetworkUnlock.inf BitLocker-NetworkUnlock.cer ``` -4. Verify the previous command properly created the certificate by confirming the .cer file exists -5. Launch the Certificate Manager by running **certmgr.msc** -6. Create a .pfx file by opening the **Certificates – Current User\\Personal\\Certificates** path in the navigation pane, right-clicking the previously imported certificate, selecting **All Tasks**, then **Export**. Follow through the wizard to create the .pfx file. +4. Verify the previous command properly created the certificate by confirming the .cer file exists. +5. Launch Certificates - Local Machine by running **certlm.msc**. +6. Create a .pfx file by opening the **Certificates – Local Computer\\Personal\\Certificates** path in the navigation pane, right-clicking the previously imported certificate, selecting **All Tasks**, then **Export**. Follow through the wizard to create the .pfx file. ### Step Five: Deploy the private key and certificate to the WDS server @@ -198,21 +198,21 @@ With certificate and key deployed to the WDS server for Network Unlock, the fina The following steps describe how to enable the Group Policy setting that is a requirement for configuring Network Unlock. -1. Open Group Policy Management Console (gpmc.msc) -2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option -3. Turn on BitLocker with TPM+PIN protectors on all domain-joined computers +1. Open Group Policy Management Console (gpmc.msc). +2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option. +3. Turn on BitLocker with TPM+PIN protectors on all domain-joined computers. The following steps describe how to deploy the required Group Policy setting: >**Note:**  The Group Policy settings **Allow network unlock at startup** and **Add Network Unlock Certificate** were introduced in Windows Server 2012.   -1. Copy the .cer file created for Network Unlock to the domain controller -2. On the domain controller, launch Group Policy Management Console (gpmc.msc) +1. Copy the .cer file created for Network Unlock to the domain controller. +2. On the domain controller, launch Group Policy Management Console (gpmc.msc). 3. Create a new Group Policy Object or modify an existing object to enable the **Allow network unlock at startup** setting. -4. Deploy the public certificate to clients +4. Deploy the public certificate to clients: - 1. Within Group Policy Management Console, navigate to the following location: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate** - 2. Right-click the folder and choose **Add Network Unlock Certificate** + 1. Within Group Policy Management Console, navigate to the following location: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate**. + 2. Right-click the folder and choose **Add Network Unlock Certificate**. 3. Follow the wizard steps and import the .cer file that was copied earlier. >**Note:**  Only one network unlock certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer. @@ -221,16 +221,16 @@ The following steps describe how to deploy the required Group Policy setting: An additional step is for enterprises to use TPM+PIN protectors for an extra level of security. To require TPM+PIN protectors in an environment, do the following: -1. Open Group Policy Management Console (gpmc.msc) -2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option -3. Turn on BitLocker with TPM+PIN protectors on all domain-joined computers +1. Open Group Policy Management Console (gpmc.msc). +2. Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option. +3. Turn on BitLocker with TPM+PIN protectors on all domain-joined computers. ### Create the certificate template for Network Unlock The following steps detail how to create a certificate template for use with BitLocker Network Unlock. A properly configured Active Directory Services Certification Authority can use this certificate to create and issue Network Unlock certificates. 1. Open the Certificates Template snap-in (certtmpl.msc). -2. Locate the User template. Right-click the template name and select **Duplicate Template** +2. Locate the User template. Right-click the template name and select **Duplicate Template**. 3. On the **Compatibility** tab, change the **Certification Authority** and **Certificate recipient** fields to Windows Server 2012 and Windows 8respectively. Ensure the **Show resulting changes** dialog box is selected. 4. Select the **General** tab of the template. The **Template display name** and **Template name** should clearly identify that the template will be used for Network Unlock. Clear the checkbox for the **Publish certificate in Active Directory** option. 5. Select the **Request Handling** tab. Select **Encryption** from the **Purpose** drop down menu. Ensure the **Allow private key to be exported** option is selected. @@ -246,9 +246,9 @@ The following steps detail how to create a certificate template for use with Bit - **Name:** **BitLocker Network Unlock** - **Object Identifier:** **1.3.6.1.4.1.311.67.1.1** -14. Select the newly created **BitLocker Network Unlock** application policy and select **OK** +14. Select the newly created **BitLocker Network Unlock** application policy and select **OK**. 15. With the **Extensions** tab still open, select the **Edit Key Usage Extension** dialog, select the **Allow key exchange only with key encryption (key encipherment)** option. Select the **Make this extension critical** option. -16. Select the **Security** tab. Confirm that the **Domain Admins** group has been granted **Enroll** permission +16. Select the **Security** tab. Confirm that the **Domain Admins** group has been granted **Enroll** permission. 17. Select **OK** to complete configuration of the template. To add the Network Unlock template to the Certification Authority, open the Certification Authority snap-in (certsrv.msc). Right-click the **Certificate Templates** item and choose **New, Certificate Template to issue**. Select the previously created BitLocker Network Unlock certificate. @@ -328,8 +328,8 @@ Files to gather when troubleshooting BitLocker Network Unlock include: In the right pane, click **Enable Log**. 2. The DHCP subnet configuration file (if one exists). -3. The output of the BitLocker status on the volume, this can be gathered into a text file using **manage-bde -status** or **Get-BitLockerVolume** in Windows PowerShell -4. Network Monitor capture on the server hosting the WDS role, filtered by client IP address +3. The output of the BitLocker status on the volume, this can be gathered into a text file using **manage-bde -status** or **Get-BitLockerVolume** in Windows PowerShell. +4. Network Monitor capture on the server hosting the WDS role, filtered by client IP address. ## Configure Network Unlock Group Policy settings on earlier versions From acdb1056f747573fdbbd0873eaac62e1b0cad14e Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Mon, 19 Sep 2016 14:32:57 -0700 Subject: [PATCH 09/12] update UI for bug fix --- ...reate-a-device-account-using-office-365.md | 5 ++--- .../images/setupdeviceaccto365-07.png | Bin 23297 -> 28109 bytes 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index de3aee64d1..5ae141f274 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -54,7 +54,7 @@ If you prefer to use a graphical user interface, you can create a device account ![assign license for Skype for Business online.](images/setupdeviceaccto365-07.png) - From the list, uncheck **Skype for Business Online (plan 2)** (this license may vary depending on your organization), and click **SAVE**. + From the list, select **Skype for Business Online (plan 2)**, and then click **SAVE**. The license may vary depending on your organization), ### Create a mobile device mailbox (ActiveSync) policy from the Exchange Admin Center @@ -133,8 +133,7 @@ In order to run cmdlets used by these PowerShell scripts, the following must be 5. Finally, to connect to Exchange Online Services, run: ``` syntax - $exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri - "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" –AllowRedirection + $exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri"https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" –AllowRedirection ``` ![Image showing PowerShell cmdlet.](images/setupdeviceaccto365-21.png) diff --git a/devices/surface-hub/images/setupdeviceaccto365-07.png b/devices/surface-hub/images/setupdeviceaccto365-07.png index 4b4bebff94caa34da6caaf860de5a9c301b224cd..ce0eb99af2483a1a3b0fb94bb461068a5a625e4c 100644 GIT binary patch literal 28109 zcmcGVWmr_<*X~ht0BKQ>PC>ecZfPk2rMnwx1{gw+5P_kkyBq0LnnAjx5g0m$a>%p! zzwf!Ob3VQ2%lRjV1j_i z;Q`ST;O&u{hWuN!$`OhkVB?9kl!_D@T1^c0jpu8C_cZrV$e1i4xiKerayO*h} zC7R)<`-kD!|Jk{%o4JE2Fw_;T@n>BO5XO86Yn!?{**aOH{UqNE17iO?R~AsNvtcNdM8ffDxRHFE7RAhHzr z&Hx=Wl_f(LyZ!7#pU>rzL6#a24*pR8JferEKbJ*K(I7&`EX8cT&K7ZWe|Iz_cDcxV z^o}`3;?5hD)`?2vG3^S0XfMYwRLaoRDA%lgWldsl_>-IN3TH(thOYcce~x&2&A=zL0ZXnQ01RRj^!2==-E2AMWp ztWM!~F<(!}#hmpJW1548mX7Hch_({sYNu$ZSUnF8qm|w?OoV}!EE-`0@Ex@1%rk~lo*~XkwHscAo|BQ zr=!UND}FyHpl9QV{CHKLm6Kjh|C;jF!5d4lf4dymTlPI-@4P{94ygz%eQ;_&pYdUjRbZn$L+Q&-vTaO}!}N=) zoactGQKJDJhugA7TNz$P({*hxA-CtVLrfB=LD%h^uo3JG1%@OL$R9Oie0N_iH0Rj~ zHhq-IXhwJk{1h|3=&@wIiXHWZD<&|97d{dNE^}Frq?axkxDE52S9FJxJL%L5HmFRH zj0(>;xvVeiAM@TOtSE7|f2ahmfSnf2NUD9M5a;xluzEpf37c?bq75Za&A-58{o!}J zXUs`2ADvF(bH{~fyV@-)ORwsc&@g9}m|*Ldbv0E~IwQ~M0aG}WKSO;WgpgKqvwsT) zO`WQkJ7-6{s`gs)(4H2BP1#qqYaPvbD5d3!P0Vxsc;sBOvdNzsSq(18#NLa1*6I^m z0H)-J8+y)JVkaIFsfnsv%5c?nR5Z+&+9`k)_0o9a)LX)nHWgYmBxWAjrmj)Dk4f=~ zSJ(klq^u{j-1gJ1w%F_Ew}ent0}y}32L9bDKD@ExyaGAw?Eiym!Ku}e(wiD&ueAJ@ zF8{}faG4#;z}G@6n8d{&^N-l`mdS?jAq*BTZTyNknezM7WxDOiwk!zYU$W(uQ*jKW5ZgS@9(ZzNg=!oZW#oFSa}Yo3y$du zXC!ArE-8;`E2Z&-^7k88{5{|Z6BFBKXQtKEzZ2jIn7X?C5st(iS{70Jz*@pqR@LD% zE!-DPsb9|tyQA{mS0@>*z+%U<0pFvt?sfSDi1(SY{9J|htGjnUx4YhM3Urp(t6+D{ z=sO!)777J1^WdsBm-h-a7IdA({8l%f>E38XBRaI}d%Z$?@M~1f552LiWgGpniUz&r zzoF!%7mRolxgK=Il%9WbjNEKUurJ~7;-!DL9yI7@(3Ps47)syNfjzukzIYz=zY!1B=Vv6r850*?YljJxV~!Oz`Hod+!$YD*>Nbmvs+! zW{^PBS<-K9sJ}*#YdAsPSw`|y|4)m|#6+B`GqNS-(^gpKNk$pTy*bOSfBI;Z>hlPv z&m<72okbLvG89KH%xzB)@17DgdvgJK{XF8y+U_JD#}mul;O{p@Pya>vj>OjiDJm>y zlw^x2LS`+GE`l{y!JRU$>3M|AEbagIjU+4=)cgp3z`yR^yM`P!cU0xyFlgr|br(dU z_6+Bf^PZ<92Ja7>)}tZTK>pM(2!Wr$(t7+Fs6@lT_7Mo*sX=+Fmz9SoRoy78Zs53Fgh`=kNh@J_l zEGPm0Cm>zU;FnSb+?;&e%N_2y#IhB!&VqV21BrMyId$puw#&Y%{T!EXP{RRa= zpP(ThTRI-?m^X;Wp8=D5TJ8QiGsnKe0y=Bxl^9DeKcjY^HUnSKE?FX(#c)|dr*;rK z{mpByH~$mE30iotTUJ&1*SQ0=`K}lapY2@ zZi({zryyavtNGauEs0iV0(wI9OiwT%F#tJHG*u-Tuui^G+_{zM>vYQ|Hnz*rel~G6 zK35fRyO-EQu$lXlBnQZ@=U4Y_rz2&?p>l0?a>mtiRz(?}dMQ8-PCU&H#w(Rk;$Mjs zUH`_*Vw&kbp?GfIIB|@yvykJrMLln<`qX&(Zz8$lL$vtS_Pc?Oj)&vTRf`ysEc|#- z(@%Boce&(M_2k7T{G4&`h86#7pJBA3j};wPyOu-jjpbQ;@}Leg6?-xfPlq|%q6`-9 zh_GWkk^Sm-j5LQu61O|Gb5>~|*)a%3fv4qsx$ChmJm%sINbcIMwVSfUJYs-EK|~2G z7t6?jdX(|7uLeATX~3R^`fbg^9qSRV!e5d#bcwKKV8eUNK;I=>8F14dU{IwL(0O}N zHg822`#nK6vSA+2@EiPj2 z|HYhB^%QNiC(3w+=ioAs^dLH!jU@FVPnmrdKpg#0 zMOTSZ75p25Osw)N_(mmmCFa-#J`q_#sZNWk+7}uXYJ(|5Jb!cde^_&U^-nSltD*om zpFq+Cla}UYjUd^5U}Aw7C%=u_4g=WC zdcoKG))M-Yt~ZzWcPm2zov2|l@mPg3T9*{FaWdr{8!|lX@vNH-roD@B-5*wofT)}b z@*SWJoBCqc!{<0(Cp@N-;t<5e&U-5@*QGaE>+S49vEc$d4sAs*X-mgCeg@3?1p7*T zb;OJbWb2y5b8bc?LA*9Mt#`xPLLyva)8w{&MsL+kQ}d>wprJtjZ(1>Sz0$unySr(nN0YFKbOZ;JxbYDHWoAD8oK zTl*iYG{;gL)~YtwVQgkyHYWVXKWLnn;64em9(n~koI)W?*l*`OW(~Ix8gTO%v5V!j z-us);`*K9%jJ3Kkg{6R)d&bRx9;ueDWg>(bP|=*;qVI>F?wbD4RXjsI2>HAKHgwMTbK9Um6mf)8r0#4|B!#CHyt z*4`B{4M;VE2K}}cgB0UqIzqmx+MKe^$)Xoopi4|6A_@c6MySm>-z&k> zo1fb)@t^K*FSXTPwrN+7I|RE3b3T7`=<1#Hom%G)=eB=fD-DWUd<*sYkuWDkn>iQw z5*nC!H%3h2pgK5pQPl8ebu8AoF=oPR`TLz}^Zs7}`0u&)R`Fein~On#A@eHEd8RA> zqg7iDDyXAR^Z8tfz-ap?n#QfAMW1NiJ02l zpu8aK+1BWOhp@|#-bY>nQr{x6jcETZBNr4`OWsntcul%}qNnrUMOW~WTKR0@n4Kws z(`I2q6w+&s@z{4GR=%_d&sD+NWlvFJRf#>YY2f!ze=b^%>zAGw(o2QN1+Uffk{|Gt z%Ws^#%R53nBKVyU8#727ZKmum3ByZ`=A(j@%M4$mbS)0wji}nC7S=?SneW%*slC5^ zSn)Ypp$RPx}kH-Nw7{i8ZoqcWl7iPBG1&a%7K{dSB!8e-=;pb$~7J>t}Le zkJuBcqYVyIV_kWBCWS*uLU_eD_OFGfIKSJTIi0+46J@c#2$Gbn#^g1|(kTwuMRTAVTMi^U$}>Hoc6*GPy{+*k7#24^LGz zRX`{<_Udn?f`~1)2irHFsg8}cO$Ew0#r87kCsl_7OvdLba!?tGw=KI2TssGIQJdTq z6b;j*mIFT@A$}#Vu-to|vLce?Sm!LKj$NnC@)9ZSSf45EaPQ z2wwOXd}TJ0#dDuYV)UWHQ-#$T>!O4#zQ3Gp0cMawtkcK^V^*S~cFhLc@W)bjyM@~D zCdSTj^628NBCzQ!rBJ?|6v^V1T?)6!m)a9M)}%)&Pzj;C17y5QRl*Q;#s|3yp8U3( z&2rZRBIhJ-+!Gv9(QLnRtjlh4;}WEp5X5TE`~2k)V zLUe4P)jod3t{XHBE*eSK)S>`q|IR#hIt}nd?UiM5u4krbc&^x3pe%{*kc?4@snu#~ z-mN$N!&OOLt0U{Z!XUmW92BXnOt zFLC~bVhvk45KI6c5jiqgfUnLH!&wZM1qSjc>KG4#K1h0>$4C;!U(L*gs7ovw(DPe_ zqfK}67rK;q)s}TW6qiX@w04})^tSu+>VhF0nLb+nA^Bp{VLN5~@&gJwb9KR2?#6<* z6-A*|rQUA5Kcg3YDu?%|jsGd9%owzGj%!#6y!%6JkIOC~##eB2ks>fu{85{&)Blqh zDiVE$Q(H{9S=kFH~xU3Rr|wINdExxlWqL z!(lHm5>leH1aq4&nhj?h6rA5eT)WPYy9v68PN?gxTx9Bp%#^V=kE@h9!vq-oRHYeM z1$HXH7Lr2cu?V6(xdf>wzrwHa~&#SHF$l%av!quW5~_<_Z#B{=z*)8bkBNGhoO5CP~fy zReqN+Yw|G+-h8kJqt9^+faN9I)pq%GvUq{gc zZllF#sD@VuS$-h$x|XB&`9T}wL8h_?W7lGL=G&+~giFJdFLjD;HbSC?c3Foj?v26o zqpMb!2OWcO4;GO!LeDG}xukKGd3rLs_`WL@QCp{Zo8U=uQbAub(NA9(Z_?ix3^;d( ze$u7@&*Dy{7k1d{NvCohfkT9#Gp)GIIGlR|WR!FZ1+gf5-wOS^(V#qdwOpBq$z*xGC(sE7z=z|8uOhU4d&lW-kVwRveE@4HK{5!tVRzVq+MmIIgT&%j@Q96JPER#WDSa8-); zPA>W8Xr=UICD#MWeyF%#Vp~#YYvYTHUWSG&@y?oYDt@cn(i9u-G-X~%a-2|DfNVj2 z)!jo04}G0JLe-9OEjWYWlTes#DZGMX8UyLF)EoxVh_Nm9Ats5X!QFU-jKGLBUdfw^ z21;b@1AGH>-zJ!Bv+cKVwX`yA(}KvebH0;l`zcu%#oQS?RJz^AyIASfI8Mh_+Rlg< zr+3Tq-q@%M7sEV7g9#ftaEu&~V)9fvqCg>R2I#>pf6EGumf6d|PyR|Y#SAP<;SC2c z{Jr@(tXzc`r`f{i={<;-^-{zx1-2O7SzvG#+&Zpsq;Aj z>!goq*O*b?jKywGYR#qnjY-=*Ga7DV+_G4zlv8v&mTko7L-F3+AKVlTK~>s3|t%@fV(v7p_Olt96O^bzWL3UmuhcDRZ`VwsK&pI zLo5^So8)+*Yp9ZXRV_Ps3@ncdw#tI5SSq2nlXZXPg{YBh)vrnM=fpZok>H@r_*zLn zndvT0IhZ}JXin2q<<{)P-rv4`48l?9U%i;}Pzm!=P-{6<8Zz-zDS9z7*=XG|LLb$j zC5>l0DDUTj>o7^}vT-oT;ouw9Gr9CabABQ*AfHu5RPGK8Ck5DZD64k}TC!1XiLlaWs$3O@`39`&rI*0yqTo)e+uudn4mkd zVsT;V>f)$ol7n)*Ud=25Tex;=Wh4eBMFQvihn5NYGB;PD+~43qPeX;|8{|huy%gWI zI1;uowOlDMx^uAHX*EBe{Y84IZc1OfX!Ce}+8#)(qCXqjI&M=g{Uu56T2c^98S_*x zrX(XMDqRk2!Tm#V&ue{!W3Qa2iMCbh+=pN(K`za=nRX18qu5eX867ngU9>Nm&eXDmZFZKMP{wTFc=qWwtgBwr3 zPkur$8>h$|tH9tBRFb!|7Drbh`7mZ%n85|;i&aYZ6D2P-n`fmP6b|n%dG04N|A6DF zb?R=mzXCe`Lyv@`n?~Av{h$Tp$Gey4NjbQc{tg;T>(9w|mKXK`Ds&}w^?Rd#8RmAF z^8T`DHRtrmuU**&6K+H(mzgYfCYN$NBZ6@5YtxAsTK>MmpE^UdzEXLu^Bs$(l=slP zUG%)~n`@updRbvTO0OGE#)`{fAN9&W@n{!=F)4=?kIf#3+TZ}r5pWiTT-(sKO!Ej$ z9HLJ7z!C7tOxNRIcCD401kksmzM9$yqa<2jV#K)LLT;6Pxmt;VmfY0R=29=6y_++= z{fk()$E)beTc~W+cwO-0kknYqSz%|z8B%Y6+RnE#X*qA{hFjszRWu@Db}XiD3stFL z7;*4SMVkHnObGd;jYWXh0rvEhwTZBmH$}@AdZ@oqoYPT0{42mkJe18+eR*$l zgJJuA{mFnFI=Kekyjh}Lyk1E)T~h&V1?PUPm5|x>bXmsqWK<~AqP3Sno=v71?dYQ-h2@d?-&PC;B0 z6(!{0x*Yr=_A=j>g=%`{rZn^{Jdnw4#SIOzr1Z_oc9i|+qv*jP~yVy|0G;`YopOXLXqUusPiGbe}N`JdVR^&cpp zDLa=p8orn5d&n$tJvRzB^ji7|^fp9}c8~r}ZZ|HvD!op99T9N16>!MciI09+eYp}4 zaQoq=^ZvRs8E9v@EoVHC$#HA(tx<{ln^KhD^}-5=zEiU$DVK>PWTzk*{(xvecoaGh z&Dn?kWdf~qXu>f6Lb;JI&?SbGJGZHa;*x7cSo}NwivTDGE6{_{X+OGpz&w1p(^~o! zh4OiMlobG^<6Gf2?@Ne*?wcdlsqeiZ$G94gVK!uv64{6rzQ&4j^tCT(4U zm!zs92X(I32aU-Ow5GiMV%`$y95U0(eS7oJ$ct*+Otnuc(JV@`&V&@U9d}{ZJ6HfT zSc#+w&=mFsiCQdPi!Sob=QH|459IBETHft--jzMaa@B>NPY<1rN*EtG*7Oo5euq)A zJDd&+a7tW_$H23tg5jjr>FN>I!MOZyNR0hlAge(ba9n}K_YuKXvP$znLyD#5=L6*c zBy77Y(7R3wqxNrlfO32|aSwc!m2^-a1)$Kw)I#5Z2x39Isbbf`*U2B~+I9-l>fPGLRhrIt?4ojgmp!;;5rMJoP;H^4`C&xm&Re~gMJ7Q>S7>+;ctqpd8y`us5s zO9bvlt>{S)QKC&gbibxw%PfDeUF2x}TNgbWL(4(K!pt6~mVZBWfS=F?OuBUQHJ;;s zAUfU~=`g&C)Q7eFYMW?{=VjiWBscX=J{F{4}b9OE%hZ{GRuRK8gz(cE0r z_u3Sm)a8TLqYe){L8rwg;ipf?h}U?B_nO0_LtvRZTaJxOTJ?-%n?O7H{p=(`vF+|? zz}+d2dEYlOtvj&H6YHyR0z!_ccVrv1yj3+oyWJ{99O@&MzzbX$=-J?h*iA6d+eEHK za?bp^D^Y`%s$#?j*$WwXZaDA(#Q#O!06lW(P&|#DOAldMx+ezSdXvxt)GIWpgOKgFT9_pkBx+{Q8@2kPgxt1PeZFS<-3z(g$T{)y&H*!i!Q6K;Id zYn%}9FD#&V3#X%|OOw0KGYPO6uhyQN3>aO%=sPjhYHfv9Rh~z50N%XbQ z`TF!D_jl2^Y?Y7Ks#mbReO4tRFT(<^iULZb(a3(?%x`#TJ&%?=Fv&7b_MJ~G|89>0I*(%nh}IGx=8;jSxA2Xu6cjze^0zwrwoO`Un!yBtN>l-b1o)ct-*cy9xk z1k_4fo$wjNr|`ti#>n~-)O`yu=I>&}&jaT}Rf=l}6Tcow49jhapf=)%9vJfOaZIzVc5lk$K!}O#H!3QfADD&wlW*fQ_`K z=`4?J^?b<}TsWQM+Rt+>A$Ce4i_*p}y)O{}fGfQ_v~{2Odj5Q#^zyf8=EMw)^f8|e%plh} z$545_J_SR=3?&Opz>%;g#VGN&rWJ!D(0rNTx55M6A8>Sa?cailr#PEdKfiOD5ouB- zjv*z)&oBH`m{{nSITEy2*;>hQN6!@Uh8kmyS0#VWW&N8n!d9%;ors$fK=jiEbxVH= z8T^*$RV{2YIL0r>8f<6cw@>*vjw2Ingl1CMs`ajUqOf&gny>`>ne--Iep&PRAa{Zc z)!zrTkSbN^l)C)1S}ZNor{S&NusGjERwZmgq;4mG9;P{;rtlvE2A*^A&-7UyFRT6* zI1a0HbiKQdG`?B$)zdedqn~X`qCQL6vtn>LpVm%R3%Hs*tpsup@eIxSq-Vrkl>1UT zAO`+h1&lHESl+TM(=h_x6{FoVzqIu2&h2?G zR7_W#SHELv#+vryzlv!9OG5~TSqH*U91sIQL;tzbW0V#*AU9wC|G>mKqY;ssQY)+* z|0RJyf=Qcd0tzU@%-Yqo9;k$ z-B=bpZhJ+CG5SeA;DYM(-DaI~1YitGqRigfIKzm*rTrmE;>v7YM`BQXlDu8c;Z(h* zxCcO=5k~eA$5mgZulT=~>SL(*h8;~A$%_6Nq#p23v?-_XJixXVe-h-P+i1mnj@nuL ztQQG@RIw20ZX+e^ zK$2_o_XR$H{%feZdP`R$_;9$mAM(fgc8ao$Fj`|euk6lmOujxisFDvFS2}KfQQt_- z0ak&bUJ_#iMzu_XLm(5AX_Ix-gi%0Or;AYNT__&@S7!rxMQj6`Jw$435A}Zq&1F^d zX6hB;Tov@dK5+oH@!)t#23$z4J%sWf9%Bxmmpq``|JcMV&=$4m#R>XI+F~te)`CO} zVz_RPnC%y{faEvlHY)aD-P-lokw^W+aI*&3*^vW>0X;TK{4{0sLmbj{vC99vj4unA zypBc#GP!Q!OvbfN-Lu8eW$`+C7ejyX7c89*&{On5u!PvWFDw@?Q`09E_5L($-V;vv zQG92-9A_W!edRsR<#dj;KL$k0fk*ar>G|>BZhM2{UWdPrVjq+n0yu5U;ePA;FY+3* z#sN@V`lScUl3n=5Npk@8s7IEZ7Xaa>M{g&?VW*x8j@o>x`CqqflrXOW2TOTsE@!B{ znrSQ`5XC-p5>y&UGD1q2&gsj;BC0WmyJ`3;Wth5?%aaH7WznNIH<<5>fb3)WAm{?l z*|>Z%AeIa4f-F3u zZ3Y6rAx@6F@n?-a)>4}WkQ?!8m8p~(vVJp<0l~V$LO;A$kZe?%O4QsVWmYHWlF%ps z8xHDGt|F`{*~p~>_sZl}JuJ}a<=6iV<{or+Ulh4^$7TD`M_epIHq1g9a1K9?hJ~C6 z_wi2?@OK=!Cn2B8Jsw4c;n1*aO31v(Zr52rmaxv_q}ZrnP`bZ=P4TkTJZ<6<%eY>ece|=UYVK`Y( zLTiagVmx5pKtshnWuB<)F?OtIFoD?lOgIM&0e7Gy_1!Y?IDGV_BkB5t zS(RQnh|LUN;becO8xm3bCb)#QS;egpa3_>P=$MaLzu8uUVQ4Kx(?AuP4ts>#o1l7y$pwCm{{EH4b1pQM znl|QBgxZ!(WNQ{at5aOgu$w~FB zdnTB0_el@zyDmsx~toqw|kK@@RG|9`rVa>^pg+C94TYrh0FIxK@e zlRP8}Mtx{2T?3n(OnoP+e;kDQ@sR%?W$?T(_~U1=^%1 z4mj=mwL`n)3K$DA*RZyUtQD4bs-x%{h}rCmF+v@wy6S_dCF)b985{!8 zc+M>^)^auQ3@BSXb*vaAlpg1x{tT)TnSp=vN-tP^k;{dF-z;!B=*hmncpKFI9w%y! zr`8$VgzMi5Ur2i=&1&9iGfFbt%czM8x;3dm#j%BR{tn!*mq>&fOLqLRb#_j=b#TEa zurP=(a(hpFz1&kD^r3}+G>*~~o7ET+`wRNlk*gkSMvJI(dAEf#=F8lHIHXU+a*BmD zDd29=3K4PQoUC0q!bY@`s(DCDo>D&&J^qP) z)cmD}Jd-)zO)o>xg_D0}B4Mi08}q%91*jp+b7=t<`E4LH`@u*!DDQ3iMvb8G-r_uK zzmi^uKXrh0S9acia6mjRgJDe{2I6n0O*CFU@o8R<5Ez=-tNP$+;OvdMtLIEobF8;R zHM&$K`5L8aarl{-p{8calBk#dz0-9WduEw8t;OagE>YpPzE}h&s_Hc4@TrDmD?^LY zp`#(S0PKJ>H@53l1~_OmAEq!{{>grXDBZm8T)DB6hDpN#Z@`;IQIu8l&50s{h&=iY zD}F|2BdiA*Q909O^8&;_!FOv)ES-nhsWb4%g~E5g#zR{GH+1XiU7hk}AmbMT1A#z7 zT5?$R194U}=qcmwiafl4=^5kq`co7|q9$uS}o+Wjq^J52nOi zd@K6agIZC@i!zoqMwpA8(F^uEO}_8&!1W^3E0uXg#BG^<4?I7H9d8XLn-1hDpiL#u zOf_(VdfJhS1B}wMbsFAjaPNxxm&!VGZBi;|rjWe4YU z1YXGGWg{^A#m6ND3cmJw*h}N-VLJ8-$Jx>xg!gTb4PZCZvV-Q41S8Of(8Ansdg3#L z6gGWYJ;#&&UYuHjnKKPRmyMX8Ff1BY$bM3%$m2VTVdY_kL)IT)AMjLqlKnJB5XcRt;$@H@Fdb44Vjea+ufI zx1w#5V21jj-3j`yoY(c!oKHp~eC!uG{AHBZ#neU$U%79D4Ec*l@y3tJXPjf@cc`mm z_?Q&>P}YIKtjBwxfl;IE@RH~jd(vuzqZ@?JW<2NkOLIiVOc5}lp2Sw`@$%hFLTA~_ zHWoT%sQ*V}s&HJB!;7eleSXCYQSsl(uK}l;v-`#fM5LASx6A%+1GX66mS@lCDA#vp zJoN=ft^}p;6TzkkPUzN<-V0MjFv}}9JGk6Co)>b{;{4W zgojV$iQ;7Y&RvsdflB~s>VvgHD>VP+$n-U&S8_96zPDR&^nay8RgE*&G0(lL-rnM* zS>IsUo^7Z@%C;|nd&Uh7EI@Bn*Lr4gA!!-)i;V6!{MC@X?chat!gOzs(VqU5U^6}_`K_GwYS3P~Py;Eyrd$9+pD=rj7^@6= zn)s-W`uV(R80D_XR3E1N(zR+qLlTvM?8*2t*TORzt&3bFaeqLe&V0JTJhFQu@C#Pn z4XD{avgt83abx3kBoW3`yUVO6`?P+5O`f&hftw37tR-m8n> zU5oNb^SGqwfxGBMgfQ$K;!w6IE~cnZ%4GF8dvynX{3l)u1D5Ij8P-FueLeVfaVn=S zgfIJ*ro9aM$D+$8XJ@m6x0eagwpB$$xKf!G1s**@DpGn)YsuQ{-g-5pdTk}sG;>}aZ;1JwlIm7WMgKxzx2}qd7 zKPPHJTMHL=-(_L*yuV+w5iuPo%$QCdVRiPP;oNycR7)T)T*rQ1X0$;{1sTF4`{bvyLS&}gI*h11||9ySf*<126 z0=L7QvT}=9lDP!=%s!bjsUN`&DVZ24;GXHs-Dt52xA$IGx&D8}Qy~1YooBrtwQk?0 zOr>zC3m`QbCt#hmN*GfypRQzW^e5IQ6a&W8>bz`%;Do3ibZrV$I6V|a9=R(`Jv%~} z)pqOTVuaXb10_Am&B6JU(VNZHFt( z%H?GE5)-+jbgI;iLO-8l{%I+1=pLA|HZD>WXGEHQl4`eBtXGZQvP^9J#hQMDo5~-ejgQp87~tClF)L^qYjWIn(>Ml;N?FbKLC%P7!^*F6+|NWT zld06GuD&DfdCyg}f(_>eR`jV8I)nwr5+}RmvL;9d$}$V0-Y3f5o4UsYo(0>`&%Oce z%6X$=*{|>*^Y~6sselhf^C1*nrJcZ^ZYtp8o3>Ij~p4!nw~hYCzRYA938H@*jC{P-<@-ODM>Od3dwfKQZ;-$tYq9!7#;T zb5)S{R>Q+(iJ{R9mi3>A0ecWf6-W!aGa%2>*TRc6_P{riuW@wm^HillqG;~FEA+r#36PCO>95j?5jAHHB*kC8N-=p)< z{WLXXDPFrr0CPIx;v1g=0t1PWpuH3#IzePK@1Gd-4axN?K}sUF!#zQJu7L2pRtP6M zx>Cm)nZx{qBoW3qSvIJw!T41%e*UVq&|smz4ck@tm23wxA0jWI_n!L6&Q9?BE39|= z8E=Ysgr^F8q~7f6i7Ai+o-2j|iCFpjxGa82n%&{1XOBUsahB=$D;U2JVm(!yM!Dxi ziP1w*+!XdkXn-EqHGEzByC<+@FmiNVc(P%#=x?1R$P%zfS=uYS%roD`1iy?b>B99? z!wnwc!zJ5T*WMb(Wcg@47U;-BD7WS1%|iDqL&G00Bi)!iN=^JPIMsWkAc}^d;11oL7EC)Is*Gz@>Q50Gj|cM zHpo6a=^J+9y{4FIkd@t5-teig zXOt4+-*kyDm2gPtAugG2&_~AH_v0r$(^wyhi^Aa(|AZso#Z`XgjT+xx3$HTz(9%Sv zY8{s(`nYR1yN(C9${Z%`2O)hToF2SLHb|RkAFd%zHdpniSlxqRM^5Lxr;9;+M^Oqm zF(@5WC~7$QH-Qr~L3zZ(Os2s9iwh0&tXVcas1_CkqH)|>8#1PZNu{o_NDq`dP2=m< z1y^?|b~j%glRFkWY-m!26j9+=X@Yj%r1`32thNYtm3ny;atzQ&KqBNprU*{Q1M|QV z?Z4;vwlHQ8cJY>t$lu)P0h%^@1+>^5l3hk{Qs6IQi&dZ25ejvTyD|wVn?)=YDUP1y z80P}Cnw?cJ=4^vj?V#i!U&Y@xHkqPJZV5Krd`I)`IQ*UP?pM(@%&>gJ7;(H^JzvGN zZ);`Rmx;z%+%pLnH=#J{oPr912n@%gmJUY4gCh!?2Fjfn*6-f_?~gq(6#c;73aS_vL2=itD^m&qy%D#A9$xH zrBN?>JyT-?DwK?nDf;gk`HIq|_wn5t&2l9hPRNfpZCnu9mgSi513zv#}pBr%X6E7OVkg+Js}RpY+on9KQR`)4OCzNR#WJ-Y*X#o{-IC!aULU z7!IOy*SDVt%lc+Vn4{7B7<-2!7c4q~-$b2}!T*wLpvP9?pw08*Vt7vv-9Y|D)l$hu z4n?JIalHfvog-@Rn~|Y!J-*bZ-ADP9=xU^c)YmroxRtR{H+Vbp6ekPkn?52OH1@M} zxac2K+V3vOGWIQA_Id0GG12F$j|_}f{oAD{IG5+Zo+iF`jB}jrycIFp@lC80C9a1~ z;JPSkQohr^mYiy~cf?f{hfh|zIm*u1fOm~kAG@bJ3Ta$5()Ah zYjM=5f7z9O)9M>V6+QHwe$%?J1kvfNPvG@Gd+SD15m4FP1tVHWtSqIy@lM=|*w(JV zE(Iz+kxi<2*T9#xb%jRfypZ#a<{5n&Lu`7>lfP3>C+RK6j?Q|kwZ_5-VxgY)`_KfS^+wP$sVjm^@Q8m=$O!6H_f;_Sv#+{P|RzssFn!qhg=}~_C zKX?2>&O)YgaPczKx_8(>p-c&Qd3oVQr}bGI{FE)$=;?TlG+g5*L$Kl=P(3K;`e1l$<^zAx9+;>cZ37vwpDvF48e| z1R@hjFJg;HlJN)XjEO6EzLj}QgA>Kbe^)Zp#PKco1{4M+$oYiil1z+oKqglDj?B@4 zV&O#U3i2W)()w%(O3R=eq@3>K2{+0fJ{!WgE9oalCNCQ!Bx9af_^zrh!8c)fe)TQK zkaCOnjJHATS;z3HBza>ZxzzA?S5mIXv9JWJh(2-lgGhs^FM{x()x-s;1tOK}%2xDA zqM}56p|r847fnY;sR{v&S>h-%I$D37r&y|JQc}1W@4!T$u*QRHD^o`}=F>_36qXNv z`N;FxT(>@F9Pe;$cBklPzHsskM9 zdvzGL&!`bm$bZgb@8qcl-oP3BMJkQ;@HFsGNzoT*^4JHIZk2d9p7;O6z$e{lI?|g; z5meTKHH+p^Eu0e|LGuSRh8A6Dy6y60cp{~?p&b8dYs3>6Li%coRqxb&)r{m`W1=@CqG&{ zJ}Z#wMSE5!qV8_fS@@Q_o;PZ$xq!V5468c(5-BKL{OB_moAQvRcMlN{=^JEn=%dv^ zCljfG=dQ276Ep$j7A}T*pju|kuIHmaxmM|%-*<8s0M>zp-KpOCfks0ohF4Z}Ig|s& zkUCsP*-Q)kwMUTgi8@;v5VwM~C{(g#o?srrTGinKzy<9tEn_%1j#7C`5!}z2t!aisxd^eSupZ!-|Aua;*acq+JfFuQ!X2zTV#Ge)B@Rj5JVF1K#6A>84^O z+ac+NuSyr58Q4eK-i{2S8Z_jPL|cG=1aL+lpL9K`<5r-*in)6MRq_pLD^ObYezTjV zu3Z_cZ+MlM6>KmO8{=+xYAoIradeE99aXx3c&Y3!JfX#XGH%k|Lx!b7J8+fP<=!7C zkZns_7ttFOfsR0Bv0JqRL2il7iFBA|2gpZCkm`_7t=WU+4U zN^Z_Nd!OI)?62^QH`G^k=FA(dZIcIPjl!+ruzb88W&R098o`(8Nmdi1RiZ!ADDYjh z-fya2Yc4h^s!WRB;HJTwKOh9DLlX2R0?G3~oUax+#*VJ-yh;QDAQ#2_v7=Q_&zs%x z-vb9iYyR_+*k47xj39-K%oK4~pIfr?YQmt!bq zhP0exXyQB;nhW!Oyu4n=UKfiipNfo(Ms-yTV*WdlIVhrhnQJ$A!G8Jdk zCoZi*t~IA|hwd8;#8VwRDGa9Ejwge;fkPH@jV4X&djnLTlsh?o@AEXAy-m;IyhXOJ z1wP-yxK4DtPZW+d?gt->an!N6>{V(rv;E;f1z!fJI^Q(Xe(#Ntiw;kyqtCpei8_e@ ztAOpDy;ShdHK}c$u1F4l9aJ5AdBRCss|PucH)wnlL{JrQKi*4rw7edJiEz$g6qMne z$oIiazp-O;*P))~ZfM%vH!z)4^;5G;f>Z?WW1A^VqT|QPJ#@5Rkb2`0r-D7c5%924 zA#7bs>pn*HudzRU_nYp2N)th1VmhOR<@IDQ%D)UT0d>!ai`SvEYb#MQaVVctp*#d2n#&L|9HL|H|L*FZXGN zagg{w`8;@!%^qm{R*P%b=`AY1y{%#DcapzUAAwUZVaDEF`&|sfNNBAF>oJw`-qgHlOc4Y%lybT(z8mSGjx&a`rZQ zNqF+;<@jv24=<-QCp3kM;^`eIdBw_1&k0NZ=kZOEdpmEbkfq(TB^YZHWe-hHXcNz0 zt}5?J^MqQ$qnuY9?jFa1p@m41(zt^NvTrx7lXUu#ARE^$oW`}mkQ>EP8>3w@lqWAI zluoOm@Box1|5IzOC0XxvSFQRgCFL;F4FFr%U@rAwow!=TPjpIq%PVgCT6Cz zAxQS~`Wow1_Ju-->r8s$O`D=Yx!s1P!4&PvH0e6&>DN z@lr(0qN%BU{`L=u`XN@>XrD{v>Fy9RFisEL@I7dQ3U0TFGs2eVIn9y&f3HTPY+m^U1X zdGX*LzEue5*j~2<@m`mVS+Cq)i6-rEbGlKDlkA|3>#YUpPK2bF61ZwRyq@j82A8Tk zR=Oh)=3H8X?|$oydWF3nM@kL|@NBVvc#m0X_?=!mUR9KC#XiCi(;m}X(KtYIY{$>R z3BJcT#TIGuT%K*r*M66Frcs`}4Jo%1w9COMf0IRh_p0vBYn;|If@W=(>Wd#$Mmtr$ zNCxN3Xnzx)5eDzl1oD}LaHB-D_6it5FT5YsNqSmF0mT2C-YOtp3xKBn$~X*gHn4RX zZ{c{U-WI?VJ2A=MX^$lgP}U(kAOZ`|jz$MoVl95llJ}3U3Tp%Uy|{vKRS@Cf#1Ao4 zC&nt*X_>_ouS$#8xR>dwAil-GoXqE(b0bNxwymOi%5$w13<UL`GPqJvgwm5Q-SJ&U*Cuo(5_m4oT@DS9$N$9xA});w5QQOYiD*wGxNG~ zMRm$YwokXEb7gO*(F@e*^9EzVfAyw|IGw1@{6f!izp;J7sjO|#ddy#{lyV)5(n1Lu z6*RnTh$wP5^uo-QI|>&^rb_*S-t;WZ#foeD87lQ7MEJ=(Izsf)Qwn zz*J+4(&*K}o9ai&+tcJy85C(fLh^r@E=1KqyM@NR-ZhsS+Z5MkjnQwkesO>-HszCo zz`2xZ`ErTd@Li35@~z2j+`-kkSnSPOQhvj*;I*gJ31YQE9nWgD^Km%c;bI!UmF>L4 znbR-G9rzwEY=G%Z^!-67!i)elm^(uY?i*Tvg~X5+ap>dXprF9AieRVo#Qr06XRSzy z?{Q`7ut^uI{sylCR%~S5j4Q50AOFZ=26e(<#_FTBIGc%y)a1r|J~+Q|Mo~h&VSI0H z*I~8F)qB{$a8oiXErEK(2t|%ITXBjB)llBS7U-ATtWgQQY=|M-y}d>$R_nXTk9zSS z^bkXXR#ompPpE6*je*Vy>cyQwLg8d6CeY^^pI3;ElCZ?$z+LqTaZz70qN<_tHPLLs6b~Jw*{*#{ddFV%ihUIGI zbqV&2>oX;W$))MrGTXTrL$`rn>K_@+)=mriOv(Tu6lr;Fh9UjJ#eZ?+HU`$;`sPA2 zu2!F!leC1fd%=k6kK(G>(Oim+CV?=L{g(un5kp5W2_PctTD%@J`b{S2LFYU0d#A3y ze#^>qL8_mV%(@Td7hoho+821owSzzS{FD<X4MlKYDjN7W&M zPY>SnrGPeOf{g|L>oQ~R^^1}i!JxZ_P5?^Ovq4;9bz{X7&Q`Cu5 zs;zrICMXl;+@CiVdLpHZx~uChdKK~QkyP@wwcmB`sY3mwJ#k7xLuUUE$DGXNeVwRg z&HlJcYb=(u939TfCm^5{;bawV^8vOzRO?V@%FLdLVLlRt0Xb$Xzq}#Ml42Uj&3}v8 zQ*Yt6b8qxn)R`P@c{!Qr@Yk2##eBC#)1{IMxG)JhNGD+GjPyVSkM2Y|jgXWld{X<* z2feNzT77Q{jVA9?eOMkBLkY1+Qq#dSWQ{{azB|%txVB@tMSnm(@JjFK(IrRHWXWu9 zv8R+Cd)qUz6C=Z%N4XLfL2ldoMT3ExPexw7WhTRjM`V{v62Gi3!NYh=A}REvZ}l)s zCgwxCS&Av&)FPlHaNdPm&QD)z0#_)&ngLRn|H~^dnLHrtHr}y0tSddr&*U1s8W7O; z8hW_@c{X3?*2K2X8v7~EYSZgyK$rF3j>^qA?vEBp2DktDokj#gf}%Yb0GmmW4Ek`Wk(KjOTs=-Ue@ED>xf>u!Los zIpLQp>%T{r=SBO$;sG5fn*$cx0Q<}BZz)kpPS7`2#fIz zymcjtn`tI1u6rSaH_X!FZ@0r&EL_(KqZ03PqnTpM!V@n>CQ?&fGg?*xTijcQKGS71 zOCg5xd`FY`+YojJgsk1gO@*r z|F&g6x1gR_)K z8wH^Ea}VWyvff$tGr9DMqYM4xP}dpZNYJ=FO6eR~09)h)V&>=2{#s{T2Z@7sQ- zDY7ku#c5Bk=YEoK1AR^JWpT;-@~oex$rF3K`@Azy_|6@5!trX%k$k1s&32w4%^s_~ zJ4%>T?s~}#7#yJi00v&N$EpJ0v~UU?DhoEOjEw13aN)>e(9bTha0({LX9n|d{g@{o zxt>>-@>5&s_H+l2`9EBN^`{JjExx3x=fz;nUUSJXt%$LvMiA+E`lv((a-RaTR&iq{$Y+f+j?AC7omOO~}dO zvD?^4zu_Zu=LdKGO8aNR){zk}_nYRsPlqLt{net$=D6+W1CbHbmeZmr+^S3fs~!Iv zBJLfv&QA8ZWVTgXLE1c-wLwZUSt9^V9)sdsPNl6GRk?Ez68f2>Io>V@!>F-Yc#V(G zlENdNssKc%SjR}pF?^DEIeA1Mb}W-~!+?ry5w0g_nG`@hlspX>VIKa9{dv7z%PmD& z!EmFWlaiEAPT*~Kz>vxYIh0d|&oYN|UWI(-&Yy+AcUA-MJ>l+alM4(2xQf7cbk1o; zo|J~SX#BXm#o@?N73hN`AU^2>AQ>6&gEz&HPx!B+zI=d6GTc~`T1Bv82O-LntZ4Aq z1~E*Cf`!RZV~N@r!{NR$X+DOeX*I1S49w|UdoK;Rsb6+LjTv+fSOMSRsZ(gsnzk{M zY4k;W*CV1X=%vL|4(~pEIx4}P(zg1FYK33l`9_A8jtGDip>V1^qp2kXgheqg z)aFVAf2B${XDEPD@-+NDCfU~g1B8%Ov}?VU{tUf_`udA3)tvRp*0MEz5pU_fFkO5( zLpI+^Ek_GF1(K7N-0YF6n!nWeuyI3A&^UJe+^|MfJe@&!vy&w5A)5VF5i;Uin7e*F zwXMdhw+r|ANGxB=%{6RrpscMCyiAt#HDuvB9B0{hiun^A`&BW};=rB#;$_`_%)>wB z#eI54?HDHpTTj}X%J5gP4Wo+p7Vaeu6c?+J@`d2U2H1{F3wh`68-WTe%c2wc)nsz~ulX*?n!FQiX~RCd`n@`?wS*{4r`yGft=j}qe3>EUw`Vn|SCIX1 z1%atuhn*Md!wUbd)*f#D`_VktDaI4APfiq9E;sEr^^9dd`IjP21=GY=@75u3T2q>f zVWZ;{b60YexJWsqH$5u4XtMkhm!_RjPtO$+V7_ri$}Y0?JASHl|3&)di9 z&R}x&ouuB!3P0)ni+|~V_{}O+U)k7^%e6|(M*oz4`j;5A9(B)b{S_(RW02>56$o|w z;IHM{%(V8=U6!5LyJkVaJp-(YW@~DB9$OOf`1oVqf#F^O~#D+yqKA;3na+UlZ?gO)ypcCj8wg^k5Z9? zMeAE$`Q$~b{Cm~s;_#!Hhfque^B{~+*H2req1m|f^510@wbFB7Nv|BE5XyTn9Dha! zf}fy5lex^KVezMcqT2lHSrgZ(RS(59LH*m<#BkWFgD=(i@oYr3P2iI2h~|0G^1zxrBebjZQU^swj?cyPw{f?~ zcfQIAz5nGdBQ=_C*m8hOV1wO&?rhj3__l9r2}EdLpB+NhCzG)GW2il=vS{ZfR5Nt$ zBeqx>|91dz|7m}0ZwgP^RWQM=>g{uND;qc-3Y7@?fk9&|d_yqmgG zDWgB2_1&8aA%h%xJMCWepD*)~Vn%1fENYF6bZ2U}-jNw6+XVQ8L$T5${GFZj#l9Ot zw*nbs|3)0q0vvTa?G6{;{{sRcHYquzy^cG@-FRS*@}2vDf^}3#{-mZjL|^}jyDRyE z+7k}Ym32t($47vJj}Vy{S_MztRwd(lG-kC{=awg8$a-Uf?nHC(6e9ykl5DduC+`u? zDL#;yC?iEIDKtwyF!edN;ao6d?xD)vdPRS}0%*15eYO-AxJDmE2kNaJO&k3Orrb3Q z$jMsXSF*p;_GaI|>)b0*&9*uSNH4YUJ*iXA_Oyne>m(G#7y&%Z5^dV$=2?^)9C zzfk3&@y-oA7(`135_j2J}2SaG~TvyGni{JVUoB;|Ita@uY7cW>fv zb?`Uog1`yo_cTUpM9S@0nqYU1pMMvalsN7}hls2+g5Q@3tFuUpUOw?Kpy@q2s$JEc zh{1dQd1mJL!16f=I&k|>^J|^3@Ro_WFF-JTwp1(%@SWs|H&Rta=bA2 zVJ7vvhfZoVHBWw%?atT#sB-6S*tz(hrdo8brLt@=%opDxJv{-47{cuP(5CYKPZWnf zUsKIPC+pc+4Ej|r7bikZE20%|v8oWExLp#dCp7IaxFq=cyu|AoBwT~u$R#IBmF*<9 z55izcQt=Yp3-B(sWUR%d9(6V{0e!WTB!0`X&5_ty-n2xdTF$6QMc%{pX-Y&eeZjXo ztiywD{cT(MR>SF^$TPLng9?**=|R~v{Nh_IJ-;;*-1d`hfh9l25E$|iNxpwuvBI|v zOqBRok4Z6kQzhD&z|OgIF0Bn?22Gyi>Xq}n} z{rIBt#jK%@(Hm)jc^8cRKBU_>@a;WIE+(M}zaci)8N1E0H&MfnTaO?L36E?<D`835>nm&L5?z#Q#7na^jh=HBo z1@)Qa;`5fW8CiZf(Hr>)x&Z9Z-BvJU&kF1tE4uw?K1qb^=xqXoPc@3V4V{$wfww~? z;61qkZ6$kHk#{nMy)H)^ul9VI5a$`SpMZ)RR0olXee6g%$}c*>L@0EIUeU&p=1_ao z)9l0mnYGeeSb;q*2A(llj5q=}w^2#UmN`w07~bXOHPlxf?%U>sNL`diA{?E~P5}|2 z-c14L#(Y7=G4@^&I}WGW{Fu;q@#eSlGe%yP0mUzi9b?77(u@uHe!G6cRF6oJ%pQE=5&wWEv-t)3 zG3+$C3}Fk;j$tsKJ}Io=#Ktc1d0@wqIyb+tGlS+JM_hdKDoY^GXY`nxcBwV4of(QlJi*yT1UK(%i zpbNCnb&axZv>y_Z{X06xLFFa3&#+cq*`lddpPR{&H2!IQ{IQO+a9ll(AT3Pgdy_9o zuGmF$b-=+U($oR(@|54^yB-nU{O&g%CR?NN0NfQ+J3P+|0YTNANT(H{tfe~P8T_}e zNFKm>=4{ohu6%bbe~c^RqLA?TE~CS6#{2!*)~(m!;!2iW;#A>$_vf*~w=CegbDP!D zYzO5whnS1Ved(?Bi6ShSv>Zs8$*1=JVRl@{cn2HHvCC#i*giw#V1)WFF4P zOv$p>$TP8QK<=GYsXI@RZ5DB(-v<$9qms*y74~)fp;V5P?>zChJD4t6uIFry*CeQF zxk;lPK;Ma;Fx|xRbn^xk8S?b<78#Xa4H-MvRJ`aKH2(Gb=vtTGV4e{lA%iQI7fU4o z2+A9(f!TUDYdxxRhzIVx({`%5QP?12KJO%g|7W|pEvu32^GL&&2qJ)Df@;Ln?t6MQb&KXxfeRg=2u_j zr43*5Z}_%O3(QDA$HE0R&}1Y1crTXNi1>VrKWg|1<`LlV_t1$ig0cu6p{6e+}`%Ve%qC?Fp?T=$3;1RX2Y3tU;gwN7uKoYvy$$`z47Q<$^V( z&eiZeK-G!dh5yl7ci{g>9b+UC(W{9O;S!JAA~#Xcnz5Hgybu{{o{}Z_ChK9jKEHa-=$}4>oc){~k(@BuI20cdzGcm1i)hgEK;4<_O#E zQ*{ftVy90|twpIed6*2EwkFzt;8@?9X*`Ds3QfSke~y)k$N|OWi5bdW# z+d&H5S~21*39WCzP~5tk>BgMH>_Fg&&2jOG=J&#L1!4g}_yyT!G0*_k&y}t4)Yzxt zkERv|Z6ScXn!}lzc2G2{a)62jaxlD$Th|iU{3V1Q6KUdGJUYY~12)mbfdo^?|Kks! zZ+HJCae{*CHkRfsEa&ge)g?;Bf#(56MqF6e}Vl` z((bO|K|52=7+V$#Wajhp6dT*$?~K)qm9qJcEdTO$V?s@5=7of%X_Gg{kfY`_s2nA0 zsz1-yNdv$QJ(|o+dXJpV{#>z(6zd}ODRhD1{={7-2+EEfBk7{N)}T_jcpx9H($9?h zP;PN1DifsL3Jfu*`c!ba=UP?W-R!YC$|QnTpni|A#3qR_HuC1M8AP9KPM?2@!;UGZ z?ooeia)W1M#?OED^t`A=3!WSJXYEE@=%h_+3PdcxT{cv;`rdNzJWqECD<8Uu-NU)O z8;FQi>RjVc({Qd^r zRE3rYVK};5=#wO4$O8|GoS*Rvffiq0?OU)c;{!*nl>6c`dHNg*7V@=HD)t#}RPu=+ z4zEQC(^Hbgbn5X=JnMCAf8KkIWu^ggZ@zTP%+|@#jZHF=ibLn?vXF$j*N-4{CV}sk zAst&zn|{qSX`q1coFLUK*xFFg(f%`+hYXETKyXe!)9qVmgC z+=>I)0>DaqQd#J$HId(*;9)P0w%Y}7a>{mHS#ipEw*yy~x`1q{6QH2fafsoDesj0%mdw+jhl9A5y zzdSr!+^Qu*=uU?ZAaa-78x3xLMvIN8@yEAcvCMt(NL$f8Op-x4+1wKNaa&ryv;Y*vE;~ z`MY8BAjbJ{0W?pHSjcJeyW;{9k1^zmX_@-8!nZ8Pl~ks?xL5j@a0?t|4LRF+g5(I? zCU!{IvwIM&6V@F4gdyK=V=Btc$@C79&7EDCvFW%)fcG40xMN_`glVIDT_Z+fk1GIG zyoPprQ`>%e%ZLbFw=v8z5KAUgJq&0QXQOFF|G6Fg>`FPgN;42r;-xuc|p$0x`E1Kxq2MEfL@Od2Wz1~$AFN< z)s*HFAMuM@y=MAn-7=AW+7$m8M{-44wxa7MqaM{xlG|O7ffpi~c~T$n_lJaso)TBk zqnH2p7NzWY3=j(9{cqcm1=>R`b;}jmP_OqF`oJ407CU|s4ZZ%8{^Wk(=0xe>&*Vnkx zlbo8O@S$!`)w<~wPk$Gf9tU-2VA<+yxErU7tVhZBuyg<8Mz2m_*Ye%-Byy1&4`#XR z-!vMX3_DjBypMC5E9v~TWWK~Pvqh|>6KdH~q$M6s`0qY{_(k{VHQyF!LJ|)gb zVHcLBq^0R!1u68i=}K<_X_!uB$ym~ytG{mC(D+`&1yS9yFCee2pJ$qQSqSmgo;F!> z)atk3Z8MbLDSb)@UtN-wxP1pkP6e07snYI=?1yG@`?A|(uZ}=of~P#>p1&z-!IVuY z7QUN{EJZkc$|%*Hlg#sf(^ag9XJ?nRa!3?-bFdVNSqKqi3`roa##u6rpYoPFhBTQv z+(_A3`ieB!Hulc*e%*9#M-oRnSakr-_3Eem+uuwjW7&Vaz4(<*%XC8{ z1VWFf1XXYv?tO>MU-O{{8AYCqvE3>F#mfUzq`$ttN<{X5td%1n*YIP2t=~$P0d*u@ zaHcPt24iIt^R0`9)1!9EP~P>vPHN{2Q76S~XcU4)T!Z@wI{=Ovq8M+h)aIK=Pv2wD zw96MNoj~x2OU9@uva{Y@B;ocRU`P)@la+Y*;K-M{Ti^~J9opb^VrLB5*#9q+fY#)K zXr5KEobkbsCA7eQsB{w@SV-S>QWYkF0{-M}Jz)1OUi+L}GC@rx@3KjWjkOvq>`^Qf z9&t+U^tHQ5cv^f*M%0qU2PE)HxReDSBVtBRT@y_m9Fz#aXWWQ5}N+Bgn#}y%rxJLa{^4D zPHOSRceCW#v814>Rpi)p%4FVf7{kE(Ubn7ooSsAtp5@gugJ3t?HE{h0Kx1J>3>bah zEei(^=z)ARBXIi(b!(q5u~v8)p&yRbnvijrE`PuId$-Y*D8-W3G1;F9YTc_nt)wP) zo<#-{=@x%Jf|ZEiL<7jkoR z0oGnE#(8a$vFLAVdPR4eWUGK>?Pzl9Z>v04%m{nxaU-!(^8$`8h<(ZbpVIDs64B3Y lxUT#o&hNUCM)(KPy{ zYo9*dy?b|8M<~dNBf{arfq;M@N=k?*fq;P0e_awVU|)z~Y_Rgz4c0+I(-{N=sqfzf znnZ(y_XR?`NXm*rZ^GfBB5-(u${ha(64h`Kbak5mRSlCrbwx zOM5#IG+1KNFC6Y4E^P1M>11hc;Q~^DJjV5fBK-$-GBy0iO5|c`YYM{lhz$Ehf&E8O zwl{NeH*_)u(RKLz#}5CW%`KgcZ4AFyoj@A9>SDiOn18Ukp_84ZojFJs-a*(G2L0dl zu1?0LAorg^r~j8t*xuIG)XoLuVJx}x3xoQ{ref)0V+vAoF+&LgqB$lhBB|1g$+ZhB{ zfWX0_b+aoag9*;yqtdpws^t1&b)%QQpO4(*x%0%PFAM~j4~XCGLT5|1VDdAU3OM^e)1^nE|A?)1HAK6JZSYxev6ILz_uC@VWTnJ*XY7sy4>XmL4? zgv>PslmrMYE2yipTTJB^XaBT1U8wvI{f~LA*W(42o<{&rMO766mkZ#B+tLs$H58a1 zr_E~H%?J&P`GgE17QIe*bd4<(Ao+-HP3TXwn!;xl9hvn?1kv9&tjSJ>3y$hW0wQ^A)G#)Balj zQer53(pHo9r-lo{cNv`JV43^U$ss%v)99!lIBj4 zYzBo)s>9ROHa2vCuS7o@rJRSekt)#ld&kSoC1yrBI%E(v%%wx2#Make!O1hc;5^|6MDyakRi)r zKCZiOeoYj3Od-JDgMkd4Z_Fqrc}v}L&-aV^es|O2?dnwYuDb(>ly{j>T7L`z5VIe8 zINQmklbbkPPv%CFXl9u&r}Bi8(>vd8A~VC=%_p<ivxF#G0bQpo$C6!~5ZhBTurC$>|)5Ot`VMWU)Dqq;SLH zUsA4KU8IEjqA_R4-9(wnWE^_DRWnF1J6yF-EJ$4&W=wzOyP!?v94y?P+pG{%<&EkrlX@9jQL(`jq#gK0g5^we>f-_c|9=E zJlhjWl)ErLK5Na(13rOTP?S);LSuXPOZwvNtVjHxZ_Yn2+dOYE>9j<+aQ53zGDwjc z90>j19M^LzP&J=*Gm!-NofvX%X65QinfASLVmu|Qj0W9OWwf%aOljw_Qwq`$+9{=vP~E<2KAf#ilE#F zF4p>RX|l5AU^^LW)d;u#1VqilS;0Dsgp(54%~+ApO!McNX{BW>sFvO;`p_ zmnH1EbgH$fSbK&~T^(TnP%tX@5n91PHJ%pG8!H4FeGf{4WjSi|HTjAJaeDKc;`Q|1kaU z4SXd;?ItK>(-R*%m)M?`Fs)A9^d!9kO-GZj_j2U7Wsp3`#q%qh(IrYzcm8eVat z$RJSJeR4jif)8%@%PB;bmcTHqm(n$s5}SG+r}Utab#7g@-6GL(McCmoFZQ-wNN*=) zhRY>2NkFpOEKTWMkw~H)Q0Yu^9>y}EAI+-NouHkOPY0o0Bo4*$4))2)%1TDh(I+YK zAk-{3{T* zoH}gJ?7o}c#d;ee7E8cOJrQ*Nh`oX9UR-{D2vuX9Ihm=iI?KA0fLK2T;U}iA4#!_d)1RRPV91 zkR(saf&Ap4op^D6zLf42kPR(puF7fD7e030=;rr+ubv^#k=9H%XmTssklTN|m(Tz0 zC{m?B43)tnBzP~B$jU^*i&){<>#|+kvCyyR-ULqS7lb-6kOJlRO)G;3iI}L7797$q zRt+g*`4RwFmqRlz3^l{fP~2*HckS(Np(%hz8a|Sf6o2jpTSOMV}a1AEGozK6B*=Dj+xls4^mh zhki+i)}X5#Uq%Hb7bYM#RQgLq=Y*JCb5N;io;G&MaqifqvQbN1u6DS|aTi_E-TdW= zu%{C0%MwTuqHx)$`30tfRG1b*oJX3hP%M-w`<eg4AK9IQGR7(tk@v%9s|e7FM&(y4uv6+cT|Ef+Bbt8s)g^Hl$%23 z!c>>~k`OCOo+MWu4NCfnind-LdC8zr>_7>TW*GsmV1FG4*?8T4IXXiU!W<1@QjZ2T ztIz?4im5D|$$cLfBR|u(cNucNblkYjf^T0E#VVD!!w8E^kQnidh(!&Smm+hB^2KA6 zJR>rvpqvdC=LxfKbCR(B(O-*&P37!JbJCct@=aI?zg~uqw7Hs*k>;qXzKY)xj{?mf zRw8v|_8X|w zZgfz~;8ih;Qw3vua^lLQ)A(>{a;_Z)h2~IN?Z(grqp6geMZ*_Ur&N{aVOA!(DqIBV)YA0|;)9N*ogg^b%S(XvX>Eh~cun z>NvX_~2hhwp#R}*RVNUzThT>Wgvzf_GV4bD*h{x|l)LHn!PgFXKTq_zH zeoT+;k#t&lf*4r#`zA;eWTnWOx!a-|!bWf^sq|kdrG#6X#dXLMxU7Zzyi?=-nUuy% zIm;;TpFykJ4~L_{e@eiOv2HAQpy@fW$4J-PJ7=5ZMR5<=#CU2ck-ezrMOU*}d&7gW zD(}B!HAQX}+3}2_;}Kfs#DKI@i#1=hDMxU8Q?Bo<z5axA~%M zJ?Q9CcFtgHZo^%fgwv1NmoE_BmI%C8v{dYdR;UDnBMvqfKtYWQ1ISBCY*921x9=Tz z-ulL2!M?B6W^vy^bH~(!2YJaJOf++QRkuIzowhFU9agoc9Qg6Ce9SdaAhd>3vgM>_ zZ`UR!toiwvnJovDlj-;pWgO#m(&b8s>jr1F zqW7y`!JO>GDCuZ>P^D$a7TW@gAy_Aqjkw))yP(GZ5d8L|2EdAkDx(yOPV27N-`Z^n z3_IlZl}*DUHk&RA9+!TP28A`ZmyT?-B%FLiynIU zJ5UtT2ZG9CrgH}G8XOH`S#Ct?>Jj!b7AB{On8a4lDz?`q7865eh=py8!is0$FhzZL zRPJ{S13gpL1tEZvftrkwyQAO4WbRgziZ*s`9A+07wDTNOHruYZ`L2tA%Bm%IVrThdVj zil>gsbrLUStY<=9yhbT-f`zAsG@!L(OYj= z^uGSXT4zl*aB?HNs^r+Gj&^;8z2oGUTJFnwa_Hlvi}O$S%1WQMiet*t6Oamn-_?^m zegOB!a<=O4_I}q6NI&Gv!#*`O+FmU1mMkVzJCxRcn2Xn@)9~B*T)H&ge8=({C^iE_ zS0}X9zqRB(8{eEqFt7zjv(G+jd%a)b)W$QnwGNhf;z>Li40~o2c=z=#{7j3jvU*y2 zxJx^`GTuLS=ewj{&L};{Zht&)*&P>d><44>5S3T3ORfI;UI~`Zxr&dl%iYqZi6SLV(wrrm^H^`BUD`(zI5j%oT>NPA;Z_jswTFyhH8cp8db$|v3dm{w{m0x#(iHQ-`<>)<{ueQm zM?brq%TrMKn*`{_B!P`?Q#s@S4;r6eiR)p1_QbZN@F`x_ip!7Bz6s3Hm6S3k`^>W? zmm)8Rx0f~GopP&ogP*3yPZN=+No{1&i;!Q2v77=c2#goJAybjsa_gEF?kR=tmsI%m zxsq|m4scT7j3a5DWy9FJ0{6Y~-Q6hHP?$iDDV9vZcqa(nt??3r?TPb^%FN`rfMoD& zcv%aC106WJws?GakYuuL$?!^y;6LasAO|2&E7kZ$0sOxdIO-@EFE< zsb1c4O-j{3gKR8P*A`$#hI@z4gu#)CJs9ZEOfyeNB^(I<&GL=0cb1XU7Ap#JQ|^cE zw`}Ya=Y|&2PEN%zCgx9CbQxxn4^?KLS3FkyT;*7Ek8~p@_v?t}hwmrJ5N^-;Ca2wa86n zr60{#p(s=RpZ6_yvTSeyaqcs`;L9t0Tz#zNUF_c4A_vW=2wwi6C`{JHpwmB?R^-%F zmK-zH&G_IXsh?S;b+(4MYIwD+Ge%5vbJZ98Rrs|DHPpJG%jN94w;&w+Iu8cEH;o2ul&8C^+WEYJCfNZACSr2o`X?KvTHD$Bdy&4>vTz|*i zW}~94-L9;;v;NkCk>ijn7avP-Y;;Xm=sQnE@PLxqIxx~gk1%cyP!IGo5Vgq)?RUWD z$mYO`mClg@urkCnK2ZbOyx}q<-y#_--`OSf@YzNKn??VQ;9{CCScA0+HAsAUY_MCS2}hD3m61~stWaI-Vi=I6md#;w!xyJ zN@>AiWlfKq(sUttoy7#W?EvL0mBadgno z&+I91LMSk+#Brhh?l+Rww)!f=j0z++<&AtW&n!Kk-l1qVp3wXXBpRav!w7R;k~>Sq z0AfHFZH3@3HWXkyiD=9BT#g@{y7L_0^mx~0^g?{n2{O|n+$oiUcRr)v-1gp`uB}yj z{RF0CYj+}o(Xn!|?d1w!`aeV7Xm1yWCr$tKMd|gJD=f_ zmb@EQx%Ind`wmZfIj2K~3g4a~)ff%C&QF3Wjga2Ub`RA9BDv`?eNkz3)Ei+-Vjmg4 z4qco%sC{nTtUz;qIvq!hwYPSngL&$>zYkLe@4BsxPNAWH07m*57`KD04JL4C<;lM? z+zaI@XbH-f3WR1UC|0G;qAPasJx3(6Q7+YB(o4M?`clEOV$vNrqNg@jP zUqnT4tb6Y_!}PmKacNa-V$;P3x&$vT0~8G@W;o( z==3=|=ku01JXDv3L46P?}>!&xS3${__wiT$D2S{(6`jY`eFXVF=N)F zU$`{DO*aq*8kl(U%QDMJgovXMPx3~0E0Ie`C~3LYd~^ym!9*gK zSUEZoVWw@UDL1`DEY(y;( z$rVQIUv&soPc?yESdI+cBnxmH~1ytKgT!P z-_%@n4M9H9Qi(%gQ6(4!Pr?PEMP;zjsZ~pqXhcSStNIH#iWD+OsDvbod)BG;3d7{j zgeIf|DZ+Q^1cYFt;WYdM0o?|J*!bYvhEcEvVPUVkRSquJ#=8M|&Ft2Q70wUK=9fNI zkBy!6gw}LePJ!h-OY$F(@R;FfB{FyA8gOOISae!sPPt8ytlB7GkaBl0q0^;UA<$z4 zaZ2?SFkvm+SuAP_-=MvJxtgii%2~7obI3ulB4bMIOm!>2uxS^66@O&2xRM^D{d0O$8(ofPV9_YfR_Y@+3XN+5Oge_Jf%^EK8f1r^Z7JB< zZ)LlKvF59sZf6=Msm}dYK_u|&R~pkxOE9o9h~{Idpcppr%hSrhu7vaaP8F$%+=Gd% zNCKRdTY1PIL}3?GmP=frOJ_Ss#$N@jA+&_j>O7FJLnK^=+x{dPbt#j-ZFcKijcZ_x zC+3o4&*O32dF4pg+zdKR4s#`nP^~%*r9S{Kmpd&AUSO0(PN((pFz-TB6|bvAd(_vs0>H0)ZV*1>Iq}`Q$`E z#jgahKi%?;d^)S-1mIg7?dP9CaYv5iQ7UPUCD*TW;tp1{9r&ylXrq8yoEZu9#VFl4 zM7J`0d^h@h5|RKlWOP^vCsAYiL)`lSoQ6H-ppBtRG+9+H6D2mo89G$wXlm1gu#veK zH)``lv!6J$gIF=zwqj8&kyzwC-X5DE27LB99=hlFZmAktKlkk@C)p{{JB$9QcF~vJ zpaNn06N8OLKCyrl#_d9;1u7+}+gQHK%GAifg}!sZ(xw-8VM6~&BgWr5H0^GMGb-B) zWo7$fm8Lr`mP{qjezrM?X4%X{ag{?|(X|15=YxkI6;pPS{T zGkT~O&TUoIo<|0+!3ekPHasWCke37xV3=cS}Om)#;508{~6@^;U z4X4@W!Q{UFE~qFH{gwZ_@foSN493}&%>*|hX5x^-Xfm73=0%}1Hc+IBCD6(KSyR0C z0CY#*ze)m@JoBmbU#zz_Yel~;R_SVY`nH#G-d?_vhVL;6B$iVG-*hM&>*^3P&%Y{& z-i>7`G(^^ zXI*RXtCVqZ1zl7&1NVn&j0Xz@7|09=u)>hO3q|lez!&Fzi&8O323UlN#Df{Yvdu3n z1lDMaP*3@5E9*ewV#Tp6g?m!`frj1-Ph@b;Ii_ZN^q;_!vy0~yOb=CM8JC}Q%&J2|0D=Azjxp4@NocCbOAAF zrmDAlQ)l3T9TM$RRfxEyZ{2Tg-7QqG{en~_P#(NWTOHfIVdBVWvpW$AbBid_j*%mG zD!OPC>pghPoKAZ%E`q-kNHaPv;!rMBoJ5Jp^Ejsd%8p^YBRZW@_2)!{H~0*CL@VV3O ziMjNW5OGj8QhO{B2ktOzj>;_-XcR3GaOULb0<`Oj-cgcNp@d_TbET{r5~6Xn3PJnl z6foC* zMle^R4&_XM#p3P;WU9Hd4-si2jq7qDUpZPdU{Lzl(en8xjgm`I+4DI7*q_NlzE1+UqnA;Tl05DX*3TK_G8T6!^A1JX6>G$1bikccb7DkIfC`tKYiqV6n_9wjo z#D}{q{|H@i9h1RH3O)JbIgc}X5*hfs04s8E=QG4I_K8TV&|dcVC1oxLtj2-Jr52SY zMFBIsJgK-%(rKY?`C&Mfkk|yU%#{N=?hg&!mV77DO`t&pREAl6pFt5D*{`I3}Py)mlpGBN0(edbTc9g)x;xaE)_jutkJ zd=U>d2_7eG5cGFQ{>&5LB<|Af3ZWzsh_Hdf za;xXk_kw~A1~*)0HP>5LJNV683=-nKLJ;l`#XIv@J?6VG1Xc-44B%4kz8DWJ;OTB| z++B~Z;x4|`BDPpy)3N!;;*v(>A1SA ze_`u$EgzlZ=JNR>pgsOjL^%KBoYQBwkx=Jt0?Xtw7k*0g3@80kQxOw5a9yIKlp=5_})p*#y5O zC|BqUhXBiO71o7JDD60au~nKb1;U?JFJ5D)4%%W+I>td?9x^c{kbajhnO!!d?3o$i z+#@FXPBnSB(&~G4koIygq2IpQaK1FJ?#36m1AOFvUoCZ`TIFwfIBCWDliBw;;kGsT zu=-eJXPHa$_I8P-$M11n*vZ3u$>sVyA@82;Wh;NGFRx?Wy8Ir^Mo7213YT+_WoLRR z4|t%FKt54G^qut~W?3+Hzy*WtMS91}=?kzS5q%YeB#5J=n^xY6D6aYr5#70kWj;HV zyXy*)>(HOCe=Au=s{#(IOz{Vl4z~gUH2^v@U*Iwj4H4~Uz17!e9kx8MC=dYl<}PWV zglDp#1^E)`QIGihg`OzIsO2-G=(X4G=0_%Ob3UjJIlkms7_wJQ>_2+5+^1;_)i{{PG z-L&5EEV^^u<$E+BIIL7bGpN5^r875;`UgzFTS~jv@_bCk0 z*iLu^xGZ*jE)4c}e8#@LK8R@8K5ep9!gu7zon7ws$7O(*a2ZrqM}^j-s;X{%nRZ7L z-!FD~f>K7tjor1sN{Gy&@pjG!(*3Ev7;WJEn<{B$`OE3sx?3#;UI%}35Qn2wzj8oC(eM^vcE1(`lnb(rX+f{w*P6Mv z!+l)UBl}*>KKkAq6#LxJbUt6T@_T)TEb@8WY!?UIWu^Fjewd?>Gb8dr=E2;xJe{oi zF$wq_9&dI&-k|Ny$9~=ut{>ouvp?Osf4;n{XCGTx@>_wx0bRMe5geTmE9EZ#`33Gfny5;L|6STHR>W^HHR! zpRB_dN#7bE#cCP0&7WeF(KC+-WLBpbl#QpNc)m62Bn)og8&m&jn2bicQdq!CGm9&y znd_u)vYL5GkXT94eXf>ga&qsu-JJOP;_p{5y-_)*D^;J7gOrIrEM|{y`q$giKi@(L z4#kzT$`8Lu>nK39K#WO*%MdBW!{B>{aV9C~txEU#Wemw-ge8y9CE)Qvre_6$RQAMs z_f(zsrq1T^IcMp}P^gB`Kqq*|o79CaYLPy=f}B|H=21j9p@iPl1;VKX_c-JryZ8(9d=KUHF((1uz8Pcqd$&@Dg86BA14ko=K}_SyQB7F> z4~+@R(RF;h#Nhncc(;!iMb?die0RaoE7v?+^>@@+prIaQl<~OlPR1@vr6|?>72{iz zi?Y|52$%IbRf|hB1Y@Rv(51#a3;4oi^n@4G4hHxyN78uzmyXAL2D;b#{ASP{q3S^@}CJUXUtB6RPKnBBt3KP?V2s*hy zA?Biac&g>Aw3QA2;hpgddBk5X?>U?v0dQg%%Q0nqRH>`32p2DL8WKcKYB0$F2vAMv z5W}ll$hsXln=QC9EyNWw<=B_#z^6Xj;P6mS1V*Mh)9vcjdcowQP2`ZBxVci@JYgOV zL2@7%II7i|qAJlg0+lUu4pS+L`!6Fr4bC$7RhOQ0fA(0R;Gc3ohcKwpq5+tnEDm00 zc@jcBQ(!T$lao3Rj)pHvk(qTAB9_e;@j{ltB{KUZ^o?d_+f3T{r3QS4a8a2E>sk=46pow#bsk#BJ1f;ZN!6+^BBaLVo93>kkn-ZEWkJgFqE~vN*GxF zmh)k&R#>u&w-*2-JQNJxP+kdiP$tyhnt?#12uXE`s|?Gae#T@EJW)=tULM4y2(St$ za?>gwn0a!u?YS%BkX=pqd^jkD0==@5qzVJQHwz9Bj+$0c1mQyZQp?`wmue=MNE5Mw z0DN5V_vqLj$RD1XnsinHX>uyv;4O6`#ECyB)D~yo^!`{XgyLkoi6tx!@NQE+cs8EQ_TNKTo{pjGsj4IK}UNY_}>+JXu8_YHxnPMKVi z_t5xq3@!6^FydI-xqlSCjf%{Aj7<=`fsH@Y#?)iyCNCV+T18q|TXttgU|M9;Z~9CN z&KYbThn-{^14*3#%U-Pb!yqU*#@YwPE8(7z-|Pg*8w-~po?NJoM80broybT;pkkt9 z2-zQ@{?NDs^ZkG-cj=0S`B{*NpCY$UIZP+>3KdLrRUVx6x1hmwv>HNkr@0s`x%~p? z>tChBxYMvUA2)>YQV4B7=RAj~=}K`GamDSZWGx6yFP{2zL5Dk-20n0PkXtrez~2hz zfM}dOGr(y_SJB(N7&0c%$HNHDvO1Im5@mkY4UZXQk|=`|{5GP+Bj)sPXtSA;SMM)u zRH&6X{HkAwA_w>eB|)f6;K;_{qin0Yqd(fhc&%icsZhHNFj-F3gdb0pY?5}q$ps_I zF;b*z%3;_SbCQe(Sazj_b<2>v<(~TTCp*>J8hL|Z+q{97PpA%pfOG%V%~I7H?Zn|& z#22Tm;6C{&Ww}#!0ru+@UYi%WC5xjc3NSkt&6-WgVRI%_=TStS$BhfM6@!U}v7}SB z%K!E4N4l*j%tGoNYXynB!EU2mz6dvFfG5K(2Mdeq1 ztjTt7vqUg6SXmUmWsLAhoR0DW%btBO$KZy(p%-MsK|(M109o{^RWblUgal~y1R}`` zz43?FcCa^?#0iTAht6InD{rK?WOq~iI9e!4tDD1|I8TB~*9m1~SHo}AQp4!I#8>-F zHAgPjkPN|-KOe=ZlN};%7W0NO?u=a*uBH1?Ok|q=`+QlegMM%@oD=aJNA!MKIPZ6f z+b~f`)cd`y*J&$;f!>60D-+YDAcbDawtEt|=eDq`0>1fQsZ&OOksgdj;3^wqP$R-o z(R$1jR2(CseFb5W5!o@nBPx3d8+EbV%X&$!6pMjW+~T8;zHY~sVBI23a}z}#2u zi>L>s{iNeKd`x=wr+x;>yj!zKbNZ9z-&RFUg4QFm_9yML3wF#W?mpkTmOLNCLJv=G zTS1rITxY5{VW>onfq5wun(}>4Ml@3f`3@v6wWU)h`%!&$v#3Ywy-NJh`*Qf&-o?9OEhRowT~j`b9L^@Xxh#PN#2c&$F#p24>qr&+3Xk@E@zs zOTyE2H)BYf_$<1VuyI9O6Z}Jy+~bZ}9{wS;WLlg}2F9xK5!JW+AL)#&i;Gcf?+}Y7 z2D`q>nuP!jV+|Iqp^KPdfnPVtL$tnYifN$J~xx3*L2($lRX7klKol)&c;(h_b8w<||co~%=a z^$7W33EL@&H_FnA3A2V|*%*S;88k-K3nE8#)}2dN;_hFh?%9RGbeihzK`ZBlZ$Ij7 z>Fb)kDup9U*av~j5-TH11w>91DNiCHuSTnqZS^EOF)b6)i(R%H-xp&`DeTVzEEPM% zS!dbJ=-iUTwO&xD8LwVBf=Bl6O8z8SLVy%#VN1AnZ?Vi9+S_ul>QyF8em9W0w1{6< zUNQ^eoMD_LJBgV}5GoI_>janLlGm;UouprqE_9c1+su3N=>m7k9v{y)! z?5!nE^*T!L20~QM@NwW*z4$Ug_v@XS4b@j!981z&^lTfTAy* z*9@(%WiiMES|SX`c7GL&?Ij557Qu#umP1$h5ws%ic=@uZ&w^Uw57Tks7DplEI_YFC9n%a!syKj-t@q<)K)g$nYs z;5blm)=xbL8+nX4Rdu6!k!#5PwsZmVDi+sLpE~JrD}v^zWhJ(#WD~tP7)AWZ+ygg7 z@BMRd)R;|Rzb`#T80`kwph9=9a6+;EOl@m}rk}Y=;03f?L$y~|YqNdQ>RwqiKTk!y zP_XCZ)L`yLBo72cD^j9ME79@FQsS#43{QJqcg22l)!Z}dT3j-cVXW{L(R3> zz^?q6$oVqJHGtG zhI7NS^Cj%{Qwz)_ZUHF`A?p?#@tJQ(W_8iv&YX~4ac;HZ21 z7$Q7Tc&+>h`fPDlo>}Bz+m&y>S~#kZBTkmkB+fZAAK7gdG3UZ2;XQxz`EC*=rwYYu ziNK@81$}m&txHx>^rLiLOW!3s*YyR0J3x^wbRiLg8VNGQrIPjW{J7?i(`b5ge!o{bzC?84$0b;{>3)*u){ z5QD3YK^I3;r@9_j|69aN%UCnBH8Sl4OEsS~)aJGt3+ozKjFxpf>ciATU}zF&AOXO<%jd)KmQp78+m zfj_P#P&@j#iV4|pAS!EPrttj$g6DiA7|2Ig42}22J7DC_R;+X=@HbK3YOLeDCzwW< zB?!2CST5RLETvBjQ&P!q-BP|0qviI?pL5a|9LR+dv=ZD+vv%`USd7EhuOt~Ik~2jQ zB_Nhxv=u-2xOM-_msB5(|7+=83p+AVk^xPz6?@OMcv5sVp4XvWWaCPGY-&ORqE5uI z`;*ALhZAEGF<@M%L&fOPs;pCp@OefslH)IY$iWn(>^6O689jTKfuXZsi4uRj+^@y7D zwhGSiF`}mhL`CZR8$HA z4+Dp2SYKLy_Q-Qu_BIvlNq}cF8=J=sA0Kn~j~y4qYzD6h>Z#qmyy98;*t~bMyA=^* zFw*LvfIc6)<3B3zTt3A>vF8zO3G&408@so$8)S`c8V<1u8%xa!npOAKH<|NvLmC;Y z%OVU(S~gF@k%gL|Hv^W21c-Ytf^)If?fk~!TM#zkQ(zYzY}GbJmhDqEP(9 zkm=T@J#@E5gfPiwM^Poi%Hrw#%aAfujU)2v9MEOg{o}X92lr~cR~TndsAi1}rffUo z-dm7{ffg>Yj(d8~w`Yga9XY|UTFp_oL@C-Ovw+Q7M}`4QP?$#2)w|?9p>g+4#v8^y zNxCk>3B53SrT$rmaCGDDDin)9-^X)mHD2IUYQ8#-!Y4x`q=%c2Lb)>fAgST(+qZhQENtCQe%C3{ z&efV*VEc=H$lh&MFycFZwnwJQdQGhLoMjMOk+nr={73D(lPbu3IR3usAa=O1);J%R zKx=CM=Stpu8g8%{I^$BH1!hx?^{gTs2s`Qb5j+OG0S~3LWx5Ze4GegN*cS-0Gkg`Y_#MQMX2E5=5PdSU=z0~9U2=l9~ET-(*(xDup&CZ%3Pc0d{N@5qL zrS)KJBaGekf|I$Iup)QP|0WZ2 z?=*pUAy@Hq#T>wbFUxTL6|=<|Y4qb!mA&#=;2XhR0En7Eu)_r1ti84o2Ri=pQC-}n z1x0;*4$F80-r(t?E9R2(n)N&LL8#%v2IF8PAT#b%bhH*JSi={C4yRe%l5P{JGp=zc zS&-~O^f^x^cO|eeN(>1svv*3L9g$^l0*t8<7S|dS0)ZGgH91O&vP7dSi3byi8T*qn z_hj+xP-mxwIU+fuhyXsG*Hr5URn$h)3`rh-*1KD4I(R#y2+fi?f=?Dbo<&gcz-TWyh*Jv0NKrIq+~Y1A;D!U3GS|qcb|+O=*Q=tR6Ernq{X4 z#mnzY)~!ld8qFb`qEZGoq)dC;jlTJSWKHsWIbYf_tK%wKF41E3u5g#>a3m3?`X4$F zvhc%x@9a+!~A4)@H6EmY2wi>(^8o3lwF4 z4x^Zv$J@FyjUSfJQ6wu4S#@0<_F%LINGfan4PSSa|4Z|dswyY^1_pv99|1A?m4(!qUNVY_nB(D-i zXVcIF&a{zlbKW%DEfzc0s***z7?7v~e6fYPHt&L(1yA!4u=4qllzl|bCX8vs2rcYe zS;)HOF83!x#BU`4c~Z|-H_=XhZq`GNlJK_ZXmf65xUin5Toe}9ay{z|7_ox$6tYLY zySVu={n9tazjjuRrqt+uV@FsZ1gl_cEo(&~;q+pDVgz?$1&lnNXdq=iaA)tpMIy-n zk7J&oR4YDoUc(rF*8;Twt18$?W)!ZNDJVzH_{6xGEUI@C`PCk!Je;uFI$X!?6 zI_b{wEN^}<>p=`87f;f~iyF44FcsN;N|=C{$8P<~jagKm1G*?c2PGs1aBt|&^E4a!eRh6B4#ExdUprT`llD##D>l5 z{CnXNf+Yj!HU5ZPCuZF}M=4r*SNH36r-(lXk^|X6ZGKN;6&FCGFfPIR>B&v}FN`fzT=-Ki#mb#ZvtGAL$%`zjsd zL{_KezcuJM^5~PlYEsvWY$@3^{#XTylrVFUd6-bu61C7Po=LDq?#Z;k9cLJKH>|Er zrQI_ZFKhe@IEdqte-zsA)lwqaP(|QJkmUHS2N=dDkV#4Qq_xjCK%YFaeiF$iJ!YrT zAWG0MlXG)FZwEqJ2el+!66)7#t9-K8O*aa-wrg~Aw?k~xIg+Tuk4T(lV!e7uT zx@=taW9jQ;Yz=;O{C@Svi#w!1!hc1Q1Y4~7Ab&dv1F(s0IKAsOLlNl0r@Ntju zyRiN1{r&kx(WoDm1#yzWNp)tHyMhg3aEgtX<}hiSl0;C@CP5dwl;wHvr-YFss$7jc z)$C*WUM$3H524~6s`c7OvM&l#^hoT351VXi5ud(V#Rv5%TmjBT);9Wt-dEk*WB1+A zggnoCzpywWZT9_Uhu+}rv=zs!Sc#0?*IgIk8QKI)votmyl7wEr`nI#~(PF>49uK}c z@ZDoMlv$U)b)6p&N!CI;C4casX)MUL0THl{Lh!O)_LEr`_sLjweNdf&)(PX+Kq)7<21L(Hm!R9kiD9EajcNs zw@|kjI2h**e?fL9V{=iacr+JFb@=nWA&t=#2UGBcULglo$%jlT*c)Y968}n1C7(T) zdB|1c4>={$K}P>AvV}j

fD0^qsrw&E(I1NW4DlbAJ@jE`QR4*?Od0qvrb`e|)$s zce6z?RE}jc;6szTW&PU^I4nBpf4g7iZvqXz!aJaU+bQgoXuXHx-PhDcg|LunnlB1afY3C@S+Qne5KXo^Xy&U<%xA8vTG~Q-qmZvF+U5(viMd{D&Kcxmz(NOh;alvk_Ht2NfRNUdx%gSpM#eJiB zwEo^c9#7j#@}<7yM%bWta(UPWHhq z31$*U3z9jYr_7DYsYS7w{+8*|wt5OsR_%ifcpwo`rSfte)}RP9(e2%SsK~_hkKd`y zHYoA`2WzM#%m4NWwY%^Mwr^>lc>KJON)>b`5pc(7ZB6ZmUxxaHU? z%fuf)R7N+(k-C>^#ys!{bL%P7k%Xo{|EY#1BuuF)$&!_lE_|h4aVPy{dT}5v9K^;8 zBd|n$;r_hsNi8@T;*}0Vaqc1cNk{dh+nO1*+Gn5tK*GCrp1s?@xy{Eu-KoZ>GZLM|Kx| zpGA7km-w%8l^0Kmw+P&5)xjj+EzbRcI01L$k;EsU_!X?Ntp5d}fjlBeuY$$Ykg53z!J8=O8 z1L1rWHZ}#(L_;kguAw+Chr=mVrqaFpCnpCx4vNW%wpjSx@j>N*@h9nT?Nc=(IRKfq zjnM{nISEY#s>+KSYQZ*3vvTtA^OBof+eT_By9Sc(j(8H;)bBlw3Kcl$EJj9Aw$V0* zi#svAzIi5TCPtCE#GPUxTU>#ZP?cscb*A2h;Hl(^W;UF`>W|gVeaR9;>`OFm!9E+I zZ+bRe@jZ|YJr1E0tjtTGbb|K#2qRu#a``egu^#Ke$}X0qP@$rOoOm+ur9KXFjC>;x>a9^J#@0UAbW8rs@hme=c49<*{=Hs;?hi= zN|{Yg!J0o?rfb#a75%}LgF}U;gr;dLLmY2X{@99B?Gg0@@9vdaM+6c`0ic-a^k5eqTpMDvp|0Psmu;S<6##sHN?&9coo z?hMz-RK$2#i!t|KCSU`gy~lF*$7gw;!yHP1QnTDHVwI?Wn@e6igb}m2Bxpm=R20{D zf#)Y^o+g0pz6?hB5I5z6ch^zYDW`?H&8<`O1MA(w7O~V0`nfb2ocE{p7FP@J!r?o(KWKFO93*c&}b8_2uo36WbV0MZvb`j2OIL! zY@zil=*d#d#6+O%h_DgcEmKyD&##MnRanW_F#0z|wfg8RC%-YBCGCQG|Gn%RYIx((OpO~KBy(i+ z2S;Vju4!j6W^Cr~0+IQ;V{0BaF*BUCX!1~#vQs^`rc|=Z-OSy7v+~PuBCdmX9>`h? znVG%*^ZKBu6__`x>p-8W9(Oa9LC8>!ht?6L*?=@nEHVz%gPB&L+V6kq($5Z7!4H$4 zW9FOMlU? zKYz~->s6I(E)2}xQiiXF1y!@@jJ(X-&G===sU(|T(3n?`-%4P0Bm0e{sg?bFZnBG< zD=R*pvK>1$fIGm1IW^KxfJUwGOg$x=z9`u7=SYgrumQ=3M3jXQwo>7tZfBLREy7#| z=h&k#W_8@3hn}>}8uD>g8Gf*a0OIKF_5FbHPrZ6ex~xgMj&*}}!FMAA&t$~u+98QJ zZh3Y8G!`oHToRPD%7PQh$@c(U<^3GOOis$)#ji4t7QN$bS3193r zAw1V9<(6)Sa~osPyu&$w7n$+$;246WWG*W+fG1!eQ9)|ZLG0N+ijC6NC zvJ56+~fW{_gx#;5IF;aN}Z;!vg@lxeF=aVld3t(&~|>w9&9 z8xX@`?5fHTuSGJsNnTlH@XaD&Q`tI<+hLs1c^!VE<6WFNRJrE*F~B!pnrNoNNV;)7d^wGIw!*ZaM$>Na;>(+_@Y8 zsZGmu*7CQOX#Z9Vb0ZAz4efgt^V!NK(Iz1oUD#!@U)n`b-u5~SDNy4h^#~X|Fxy@L4IqV@O-p`>Y0P#0h)(!#T4a%? z5&o-nJDhd8FHN)1TvnED+Wb2jm!oZg-Iu9~QC-JziVg2$oXS~)t>#u);%NNjHg16#KYtPwV}4W1@WKpW>Gg7^t8E0Uvoa<{nL`W zde!{2xb{F_E}_r~c^Yk-b7)v)s`HgdRMX+o*1NVqiDKuk_(bGkuQbpNNSNdX%KI1; zrRl-p=?E5jYx@mQa|G@655`UTd?L?Y_*Ynfjkskm0y-?MkxnAxiaD8g8r^u2;L{SbA_kQT16S(Y<@(lFk{!WZ=05F@-0z%fbemVz6hnOuKKlt$bFQJ;ZZZ!52P1oGJndE z)^|>cq%Eu@#A0ntpx4^i*YA5FqQD?!kfnt3Z05=YMx^!pJZ7#eTfd5^CGXW$^ibR6 z;UpzFu0L|F@kxQjnhI^8u(YW{*}zkzNSM_fl&oQeEf_1p`AjnzLb!Tl zDIXrbN~-h`ho3(_+~F}8LSQt;AfzNW7XNAvw`x$iRSFI80m+jQUy`%qM~pKTZ8ywH z-~Lni=p?8mF5eeL-k^froUUd;rf7J7;#9yi3vfQA7l7>-L{4!g$Otdx#_!mqUVPzz z_H`=d@Yy8LG8qM5ZUZ+b;U}aKa$i|S`+TbRXOY}Ddi}F-id^wYVFLsSX*$*d~Y&RL7GWc+63VihbT>UQ2{pNAPrNbDb{rr()%EIg9LwND*}E-}UP zgQ^xJ7~|tU@cu?t56oKg)kBAs-iT11o&))^e?=~t5E%c%@BPN9W5o`B%l*!Sa= zl~ENd4&YCYo_a1XE>|}rq7f1*=)I&5VeR$}=i4HWFHD9qs>k+b)MB&75vV#GMZe@y zPU1g%How;n3d&<6R96p`qi3IPl{GNSt1f5|SmOC~FlMx-NCkX-lX_rX(3dmKBTX-+ z<6kDnyWjZkxuoLAYZ$I(YN!5a8ay3zLogxoo9ckKRP&6-@Fjd{6cqvK8jWl;E4MC4 zODmM|Kiiqir`rywn%CkOasHRWGWCm8edSdq$*9wp@)UAm1|Sry^VXP`IE|sTc>l!+ z|4fHs>VWYSHlbW&L;?PXCjMbl<5x99J5>4+ViMj)Q|^k|OFN@Utqj_!r29@$zRKdn zQt{{Gi%*y#G8ve?)2|1`-cCWExi^@j?N?stl=$+5yv8VZo zBU*p=Io(-1z_q;5NZyD~PH+|3{YL=-f!f+y$yEK`_t0fdSM#$5?jMengB)oowdcgi zs=OH*xX~SH0BqXjptFDf4AbyBAWoh{L)^stN*P%<)pUf(#!J?cUk`A-5|ezdgME@^jh4<5 zg>WJyd!octitc4sy9n7xl2m}(g_B6cpXy4gw+L(;u)fWks9+Nf)EtowX6 z_JrNOA*zqcF*$Oo|4Piz`_=sNBD)bTO(yt*q2h7RoMPDYPuJI(-@10*qpCx_DDD=@65h_`YI8P<3y+BOdmoxd_=?rIP0~#Ij~ECL|Tm>O~C_#??HbZsrn-+g)+t zVq0$Pcx852fUemBMpfTUtmOS{N`gU>E=7AAy}FeZ3r^ZMrOjHyNok0P`t3b#Nfrge zNGWH26;&XLqS5BCtw@7Y(`ZHna+ZfBZ?7_%3mYt`y= z8zcDYo3f+6|H|9h69DpNYQRk^fbp3cC6H=E{6US9GxpHT=LUwpXKBaO_!7LGOZ_YYH%iCIkV3c)2|qZ_w9&Jh+ZMiHv(o zWQHS#KYo%_c$d%ez$t_juuTEkH%-(G;{>GBAv^?QK`bEOIi$d_MQr*cL6v?9Bq-92 z{e2_i^QTX1tE(PN7StbpY!nbtLdlnAR};+h0GILr|C3283a#+ z2+vJNL2Yl5puMcINuv3ir`{Z+$hQm$=1_zW=%Vzd$%}L_W_7ixP9T&z8L4Y)xV*b2 zLHBO*Xl2B|YA`j4w}61S$=uj75?#j5>+kH`Pjs}M&AtAzRb|P6Bj2@(AS-TGVLssk znd85Ib#!$r*nWR|4@LQDKHmg^si`m)m=#}Pd?8&8>jfyqnS;f@6j&2-QWpJf%F;;? zJyR=4J#rFJ+7Nra&?#Gkk@pj8MG}573kqy_*V_*cFkGYY^E)@zJ}}ZAB#`MfLkeAI z+|hb6++v8jDw_)>w#M-|AX7#MGw9n7diazRelwkTk8Kk7$hb?m6>*1X zJ<~Qz9s9XcR8-X8-+y;^xA@)yj$1Vjk%bgbs&k4WKPU)8Rbw?blyBQ22WSHEt`#K9 z@pxduBdB-2^5#>tm3qBQvhNwLfSi62k7rS?L~Jah^)|4arX*5~8@iYv$lUs(U7u-0 zJ(`$ZGQ9G8W0Sm%qRInjWB$pUbM+ zOz$4veL-2H=emW4`8`@8k1Aw}oEseLx-!mgqBUfLdm5V+$qMoJ?0Zd#ZOhTZ8H^Wcb6hA6ot7`A`I6 z_fG_=;#=+Y_&2%bt2uRFt}QWr#<(I~B*G2l?I(b3`_I?RFme*wO+(D5CGT55x2HIm z>^qo`&oH{TGYV4)oOShvEqy~1MSP?a?b%dsCS-eVq^r`*$6LBH!_=sCUY3zMG86VG zyC~5i-Og*%BS`~(%|dIn^_aKqEnRXYDY`Q9gHZ5m`YJ(4*yqbTXL*xt3x!infG Date: Mon, 19 Sep 2016 15:03:43 -0700 Subject: [PATCH 10/12] added signing flag to KeyUsageProperty --- windows/keep-secure/bitlocker-how-to-enable-network-unlock.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md index 6036e80580..3ce58f23ac 100644 --- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md +++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md @@ -162,7 +162,7 @@ Certreq example: Exportable=true RequestType=Cert KeyUsage="CERT_KEY_ENCIPHERMENT_KEY_USAGE" - KeyUsageProperty="NCRYPT_ALLOW_DECRYPT_FLAG" + KeyUsageProperty="NCRYPT_ALLOW_DECRYPT_FLAG | NCRYPT_ALLOW_SIGNING_FLAG" KeyLength=2048 SMIME=FALSE HashAlgorithm=sha512 From dc0d4365bda817809e793fb4458465bb8676e054 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Mon, 19 Sep 2016 16:05:09 -0700 Subject: [PATCH 11/12] correcting a step --- devices/surface-hub/create-a-device-account-using-office-365.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index 5ae141f274..a24d50ff5c 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -54,7 +54,7 @@ If you prefer to use a graphical user interface, you can create a device account ![assign license for Skype for Business online.](images/setupdeviceaccto365-07.png) - From the list, select **Skype for Business Online (plan 2)**, and then click **SAVE**. The license may vary depending on your organization), + From the list, select **Skype for Business Online (Plan 2)**, and then click **SAVE**. The license may vary depending on your organization (for example, you might have Plan 2, or Plan 3). ### Create a mobile device mailbox (ActiveSync) policy from the Exchange Admin Center From ada6191845f092227c909fb1cff7b0e8bde3c16d Mon Sep 17 00:00:00 2001 From: Justinha Date: Mon, 19 Sep 2016 16:29:32 -0700 Subject: [PATCH 12/12] added Sign to PS example --- .../keep-secure/bitlocker-how-to-enable-network-unlock.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md index 3ce58f23ac..0155f5ed15 100644 --- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md +++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md @@ -146,7 +146,7 @@ To create a self-signed certificate, you can either use the New-SelfSignedCertif Windows PowerShell example: ```syntax -New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN=BitLocker Network Unlock certificate" -Provider "Microsoft Software Key Storage Provider" -KeyUsage KeyEncipherment -KeyUsageProperty Decrypt -KeyLength 2048 -HashAlgorithm sha512 -TextExtension @("1.3.6.1.4.1.311.21.10={text}OID=1.3.6.1.4.1.311.67.1.1","2.5.29.37={text}1.3.6.1.4.1.311.67.1.1") +New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN=BitLocker Network Unlock certificate" -Provider "Microsoft Software Key Storage Provider" -KeyUsage KeyEncipherment -KeyUsageProperty Decrypt,Sign -KeyLength 2048 -HashAlgorithm sha512 -TextExtension @("1.3.6.1.4.1.311.21.10={text}OID=1.3.6.1.4.1.311.67.1.1","2.5.29.37={text}1.3.6.1.4.1.311.67.1.1") ``` Certreq example: @@ -192,7 +192,7 @@ With the certificate and key created, deploy them to the infrastructure to prope 3. In the **File to Import** dialog, choose the .pfx file created previously. 4. Enter the password used to create the .pfx and complete the wizard. -### Step Six: Configure Group Policy settings for Network Unlock +### Step Six: Configure Group Policy settings for Network Unlock With certificate and key deployed to the WDS server for Network Unlock, the final step is to use Group Policy settings to deploy the public key certificate to computers that you want to be able to unlock using the Network Unlock key. Group Policy settings for BitLocker can be found under **\\Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** using the Local Group Policy Editor or the Microsoft Management Console. @@ -346,7 +346,7 @@ The following steps can be used to configure Network Unlock on these older syste 3. [Step Three: Install the Network Unlock feature](#bkmk-stepthree) 4. [Step Four: Create the Network Unlock certificate](#bkmk-stepfour) 5. [Step Five: Deploy the private key and certificate to the WDS server](#bkmk-stepfive) -6. **Step Six: Configure registry settings for Network Unlock** +6. [Step Six: Configure registry settings for Network Unlock](#bkmk-stepsix) Apply the registry settings by running the following certutil script on each computer running any of the client operating systems designated in the **Applies To** list at the beginning of this topic. certutil -f -grouppolicy -addstore FVE_NKP BitLocker-NetworkUnlock.cer